打包專案映像檔分為兩步驟
1.基礎映像擋,包含python版本、專案所需要的Library、專案所需要的插件
2.專案映像擋,包含專案程式碼
會使用兩步驟有幾個好處:
一、專案在Docker化的時候可以比較快速,不用重複一直安裝相同插件
二、基礎映像擋越小越好,而且可以多專案共用
pellok
# 來源映像檔
FROM python:3.5-alpine
MAINTAINER Pellok "pellok2002@gmail.com"
# 安裝專案必要的軟體
RUN apk update && \
apk add --no-cache --virtual deps build-base postgresql-dev libffi-dev openssh libpq gcc python-dev linux-headers musl-dev git autoconf automake openssl-dev zlib zlib-dev jpeg-dev py-pip libmagic && \
mkdir -p /usr/src/app
# 複製 requirements.txt 到 /usr/src/app/ 目錄底下,並安裝 requirements.txt 內的 Library
COPY requirements.txt /usr/src/app/
RUN pip install --upgrade pip setuptools && \
pip install --no-cache-dir -r /usr/src/app/requirements.txt
# 設定工作目錄是 /usr/src/app
WORKDIR /usr/src/app
# 下次執行 複製目錄下的所有檔案 到 /usr/src/app
ONBUILD COPY . /usr/src/app
# 把專案需要的 library 儲存到 requirements.txt 檔案
pip freeze |grep -v git > deploy/docker/alpine/requirements.txt
# 建置 project_name alpine 映像檔
docker build --rm -t project_name:alpine deploy/docker/alpine
# 來源映像檔
FROM project_name:alpine
# 安裝 libmagic
RUN apk add --no-cache --virtual libmagic
# 執行專案初始化,並且最小化映像檔(刪除一些暫存的檔案或不必要的檔案)
RUN python setup.py develop && \
mkdir -p /usr/src/app/project_name/static/uploads && \
find /usr/local \( -type d -a -name test -o -name tests \) -o \( -type f -a -name '*.pyc' -o -name '*.pyo' \) -exec rm -rf '{}' + && \
runDeps="$( scanelf --needed --nobanner --recursive /usr/local | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' | sort -u | xargs -r apk info --installed | sort -u )" && \
apk add --virtual .rundeps $runDeps && \
apk del deps build-base openssh gcc linux-headers git autoconf automake && \
rm -f /usr/src/app/requirements.txt && rm -rf /var/cache/apk/*
# 輸出Port
EXPOSE 6543
# 啟動服務
CMD pserve production.ini http_port=6543
docker build --rm -t project_name .
docker save -o project_name.tar project_name
or
docker save -o project_name-$(git describe).tar project_name
scp project_name.tar xxx@192.168.0.1:~
curl -sSL https://get.docker.com | sh
systemctl enable docker
systemctl start docker
ps aux |grep docker
systemctl status docker
yum install epel-release yum-utils
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi
yum -y install redis
systemctl start redis
systemctl enable redis
systemctl status redis
netstat -tunpl
vim /etc/redis.conf
bind 0.0.0.0
systemctl restart redis
# 檢查服務
netstat -tunpl
# tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 100575/redis-server
firewall-cmd --new-zone=redis --permanent
firewall-cmd --zone=redis --add-port=6379/tcp --permanent
firewall-cmd --zone=redis --add-source=172.17.0.0/24 --permanent
firewall-cmd --reload
# 檢查防火牆
firewall-cmd --zone=redis --list-ports
# 6379/tcp
iptables-save
# -A INPUT_ZONES_SOURCE -s 172.17.0.0/24 -g IN_redis
# -A FORWARD_IN_ZONES_SOURCE -s 172.17.0.0/24 -g FWDI_redis
# -A FORWARD_OUT_ZONES_SOURCE -d 172.17.0.0/24 -g FWDO_redis
vim postgres.sh
#/bin/bash
rpm -Uvh http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-3.noarch.rpm
yum -y install postgresql95-server postgresql95 postgresql95-devel
/usr/pgsql-9.5/bin/postgresql95-setup initdb
systemctl start postgresql-9.5
systemctl enable postgresql-9.5
sed -i -e "s@#listen_addresses = 'localhost'@listen_addresses = '*'@" /var/lib/pgsql/9.5/data/postgresql.conf
echo "host all all 0.0.0.0/0 md5" >> /var/lib/pgsql/9.5/data/pg_hba.conf
systemctl restart postgresql-9.5
systemctl start firewalld
firewall-cmd --new-zone=postgresql --permanent
firewall-cmd --zone=postgresql --add-port=5432/tcp --permanent
firewall-cmd --zone=postgresql --add-source=172.17.0.0/24 --permanent
firewall-cmd --reload
firewall-cmd --zone=postgres --list-ports
# 執行腳本
sh postgres.sh
yum -y install epel-release
yum -y install nginx
systemctl start nginx
修正 vim /etc/nginx/nginx.conf ,關閉預設的網頁
...
gzip on;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain text/css text/js
text/xml text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
# location / {
# }
# error_page 404 /404.html;
# location = /40x.html {
# }
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
#}
...
vim /etc/nginx/conf.d/project.conf
upstream project {
server 127.0.0.1:6543;
}
server {
listen 80;
server_name _ gm.un05.com;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_connect_timeout 60s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
proxy_buffering off;
proxy_temp_file_write_size 64k;
proxy_pass http://project;
proxy_redirect off;
}
}
setenforce 0
vim /etc/selinux/config
SELINUX=enforcing
#改成
SELINUX=disabled
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
iptables-save
ssh xxx@192.168.0.1
sudos su - root
docker load -i project_name.tar
docker images
docker run -d -p 6543:6543 --name project_name \
-e REDIS_HOST=10.0.7.4 \
-e REDIS_PORT=6379 \
-e DB_HOST=10.0.7.4 \
-e DB_USER=postgres \
-e DB_PORT=5432 \
-e DB_PASS=password \
-e DB_NAME=project_name \
project_name
docker images
docker ps -a
docker logs -f conatiner_id
docker exec -ti conatiner_id /bin/sh
iThome鐵人賽
看影片追技術