docker study notes
Generate base image
1.Dockerfile
FROM ubuntu:15.04
MAINTAINER Darebeat
# 设置时区
ENV TZ "Asia/Shanghai"
ENV TERM xterm
ADD patch.tar.gz /
RUN apt-get update && apt-get install -y vim curl git
2.patch.tar.gz
/etc/apt/source.list
/bin/
ping
bash
mysql 这是可执行的客户端二进制文件
/sbin/
ifconfig
route
3.built
#! /bin/bash
set -e
if [ $(docker images|grep ubuntu|grep base|awk '{print $3}') ]; then
docker rmi -f $(docker images|grep ubuntu|grep base|awk '{print $3}')
fi
docker build -t ubuntu:base .
Generate jre image
1.Dockerfile
FROM ubuntu:base
MAINTAINER Darebeat
# java8_jre.tar.gz 是java8的jre目录文件压缩包
ADD java8_jre.tar.gz /opt
ENV PATH=/opt/jre/bin:$PATH
2.built
#! /bin/bash
set -e
if [ $(docker images|grep java|grep jre8|awk '{print $3}') ]; then
docker rmi -f $(docker images|grep java|grep jre8|awk '{print $3}')
fi
docker build -t java:jre8 .
Generate gosu image
Some times we need run a app in a container with non-root privileges,such as elasticsearch.Then the gosu tools is a available choice.
1.Dockerfile
FROM java:jre8
MAINTAINER Darebeat
# grab gosu for easy step-down from root
RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
RUN arch="$(dpkg --print-architecture)" \\\\
&& set -x \\\\
&& curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$arch" \\\\
&& curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/1.7/gosu-$arch.asc" \\\\
&& gpg --verify /usr/local/bin/gosu.asc \\\\
&& rm /usr/local/bin/gosu.asc \\\\
&& chmod +x /usr/local/bin/gosu
2.built
#! /bin/bash
set -e
if [ $(docker images|grep gosu|grep 1.7|awk '{print $3}') ]; then
docker rmi -f $(docker images|grep gosu|grep 1.7|awk '{print $3}')
fi
docker build -t gosu:1.7 .
Generate elasticsearch image
1./etc/init.d/elasticsearch
cat << eof > elasticsearch
#!/bin/sh
#
# /etc/init.d/elasticsearch -- startup script for Elasticsearch
#
# Written by Miquel van Smoorenburg .
# Modified for Debian GNU/Linux by Ian Murdock .
# Modified for Tomcat by Stefan Gybas .
# Modified for Tomcat6 by Thierry Carrez .
# Additional improvements by Jason Brittain .
# Modified by Nicolas Huray for Elasticsearch .
#
### BEGIN INIT INFO
# Provides: elasticsearch
# Required-Start: $network $remote_fs $named
# Required-Stop: $network $remote_fs $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts elasticsearch
# Description: Starts elasticsearch using start-stop-daemon
### END INIT INFO
# Directory where the Elasticsearch binary distribution resides
ES_HOME=
NAME=elasticsearch
ES_BIN=$ES_HOME/bin
PATH=/bin:/usr/bin:/sbin:/usr/sbin:$ES_BIN
PID_DIR="/var/run"
DESC="Elasticsearch Server"
ES_USER=elasticsearch
ES_GROUP=elasticsearch
# Heap size defaults to 256m min, 1g max
# Set ES_HEAP_SIZE to 50% of available RAM, but no more than 31g
#ES_HEAP_SIZE=2g
# Heap new generation
#ES_HEAP_NEWSIZE=
# max direct memory
#ES_DIRECT_SIZE=
# Additional Java OPTS
#ES_JAVA_OPTS=
# Maximum number of open files
MAX_OPEN_FILES=65535
# Maximum amount of locked memory
#MAX_LOCKED_MEMORY=
# Elasticsearch log directory
LOG_DIR=/opt/$NAME/logs
# Elasticsearch data directory
DATA_DIR=/opt/$NAME/data
# Elasticsearch configuration directory
CONF_DIR=/opt/$NAME/config
# Maximum number of VMA (Virtual Memory Areas) a process can own
MAX_MAP_COUNT=262144
# Path to the GC log file
#ES_GC_LOG_FILE=/var/log/elasticsearch/gc.log
if [ `id -u` -ne 0 ]; then
echo "You need root privileges to run this script"
exit 1
fi
. /lib/lsb/init-functions
if [ -r /etc/default/rcS ]; then
. /etc/default/rcS
fi
# CONF_FILE setting was removed
if [ ! -z "$CONF_FILE" ]; then
echo "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed."
exit 1
fi
# Define other required variables
PID_FILE="$PID_DIR/$NAME.pid"
DAEMON=$ES_BIN/elasticsearch
DAEMON_OPTS="-d -p $PID_FILE --default.path.home=$ES_HOME --default.path.logs=$LOG_DIR --default.path.data=$DATA_DIR --default.path.conf=$CONF_DIR"
echo "daemon $DAEMON"
export ES_HEAP_SIZE
export ES_HEAP_NEWSIZE
export ES_DIRECT_SIZE
export ES_JAVA_OPTS
export ES_GC_LOG_FILE
export JAVA_HOME
# Check DAEMON exists
test -x $DAEMON || exit 0
checkJava() {
if [ -x "$JAVA_HOME/bin/java" ]; then
JAVA="$JAVA_HOME/bin/java"
else
JAVA=`which java`
fi
if [ ! -x "$JAVA" ]; then
echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME"
exit 1
fi
}
case "$1" in
start)
checkJava
if [ -n "$MAX_LOCKED_MEMORY" -a -z "$ES_HEAP_SIZE" ]; then
log_failure_msg "MAX_LOCKED_MEMORY is set - ES_HEAP_SIZE must also be set"
exit 1
fi
log_daemon_msg "Starting $DESC"
pid=`pidofproc -p $PID_FILE elasticsearch`
if [ -n "$pid" ] ; then
log_begin_msg "Already running."
log_end_msg 0
exit 0
fi
# Prepare environment
mkdir -p "$LOG_DIR" "$DATA_DIR" && chown "$ES_USER":"$ES_GROUP" "$LOG_DIR" "$DATA_DIR"
# Ensure that the PID_DIR exists (it is cleaned at OS startup time)
if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"
fi
if [ -n "$PID_FILE" ] && [ ! -e "$PID_FILE" ]; then
touch "$PID_FILE" && chown "$ES_USER":"$ES_GROUP" "$PID_FILE"
fi
if [ -n "$MAX_OPEN_FILES" ]; then
ulimit -n $MAX_OPEN_FILES
fi
if [ -n "$MAX_LOCKED_MEMORY" ]; then
ulimit -l $MAX_LOCKED_MEMORY
fi
# Start Daemon
start-stop-daemon -d $ES_HOME --start -b --user $ES_USER -c $ES_USER --pidfile $PID_FILE --exec $DAEMON -- $DAEMON_OPTS
return=$?
if [ $return -eq 0 ]; then
i=0
timeout=10
# Wait for the process to be properly started before exiting
until { cat "$PID_FILE" | xargs kill -0; } >/dev/null 2>&1
do
sleep 1
i=$(($i + 1))
if [ $i -gt $timeout ]; then
log_end_msg 1
exit 1
fi
done
fi
log_end_msg $return
exit $return
;;
stop)
log_daemon_msg "Stopping $DESC"
if [ -f "$PID_FILE" ]; then
start-stop-daemon --stop --pidfile "$PID_FILE" \\\\
--user "$ES_USER" \\\\
--quiet \\\\
--retry forever/TERM/20 > /dev/null
if [ $? -eq 1 ]; then
log_progress_msg "$DESC is not running but pid file exists, cleaning up"
elif [ $? -eq 3 ]; then
PID="`cat $PID_FILE`"
log_failure_msg "Failed to stop $DESC (pid $PID)"
exit 1
fi
rm -f "$PID_FILE"
else
log_progress_msg "(not running)"
fi
log_end_msg 0
;;
status)
status_of_proc -p $PID_FILE elasticsearch elasticsearch && exit 0 || exit $?
;;
restart|force-reload)
if [ -f "$PID_FILE" ]; then
$0 stop
sleep 1
fi
$0 start
;;
*)
log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
eof
chmod 755
2./usr/local/bin/start.sh
cat << eof > start.sh
#!/bin/bash
#
# /usr/local/bin/start.sh
_term() {
echo "Terminating elasticsearch"
service elasticsearch stop
exit 0
}
trap _term SIGTERM
rm -f /var/run/elasticsearch.pid
chown -R elasticsearch:elasticsearch /opt/elasticsearch/config
## start services
service elasticsearch start
counter=0
while [ ! "$(curl localhost:9200 2> /dev/null)" -a $counter -lt 30 ]; do
sleep 1
((counter++))
echo "waiting for Elasticsearch to be up ($counter/30)"
done
tail -f /opt/elasticsearch/logs/*.log &
wait
eof
chmod 755 /usr/local/bin/start.sh
3.Dockerfile
# Elasticsearch 2.1.1
# docker run -p 9200:9200 -it --name es /es
FROM java:jre8
MAINTAINER Darebeat
ENV ES_HOME /opt/elasticsearch
ADD elasticsearch-2.1.1.tar.gz /opt
ADD elasticsearch /etc/init.d/
ADD start.sh /usr/local/bin
RUN groupadd -r elasticsearch \\\\
&& useradd -r -s /usr/sbin/nologin -d ${ES_HOME} -c "Elasticsearch service user" -g elasticsearch elasticsearch \\\\
&& sed -i -e 's#^ES_HOME=$#ES_HOME='$ES_HOME'#' /etc/init.d/elasticsearch \\\\
&& chown -R elasticsearch:elasticsearch ${ES_HOME}
VOLUME /opt/elasticsearch/data
CMD [ "/usr/local/bin/start.sh" ]
4.elasticsearch.yml
cluster.name: es
network.host: 0.0.0.0
index:
analysis:
analyzer:
mmseg_maxword:
type: custom
filter:
- lowercase
tokenizer: mmseg_maxword
mmseg_maxword_with_cut_letter_digi:
type: custom
filter:
- lowercase
- cut_letter_digit
tokenizer: mmseg_maxword
5.built
#! /bin/bash
set -e
if [ $(docker images |grep es2.1.1|awk '{print $3}') ]; then
docker rmi -f $(docker images |grep es2.1.1|awk '{print $3}')
fi
docker build -t elastic:es2.1.1 .
6.running
docker run -d --name es --hostname es.server.com -p 9200:9200 elastic:es2.1.1
curl localhost:9200
Generate logstash image
1.Dockerfile
FROM gosu:1.7
MAINTAINER Darebeat
ENV LOGSTASH_HOME /opt/logstash
ADD logstash-2.1.1.tar.gz /opt
ENV PATH /opt/logstash/bin:$PATH
RUN groupadd -r logstash \\\\
&& useradd -r -s /usr/sbin/nologin -d ${LOGSTASH_HOME} -c "Logstash service user" -g logstash logstash \\\\
&& chown -R logstash:logstash ${LOGSTASH_HOME}
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["logstash", "agent"]
2.docker-entrypoint.sh
#!/bin/bash
set -e
# Add logstash as command if needed
if [ "${1:0:1}" = '-' ]; then
set -- logstash "$@"
fi
# Run as user "logstash" if the command is "logstash"
if [ "$1" = 'logstash' ]; then
set -- gosu logstash "$@"
fi
exec "$@"
3.built
#! /bin/bash
set -e
if [ $(docker images | grep logstash | grep 2.1.1 | awk '{print $3}') ]; then
docker rmi -f $(docker images | grep logstash | grep 2.1.1 | awk '{print $3}')
fi
docker build -t logstash:2.1.1 .
4.configuration
cat << eof > beats.conf
input {
beats {
port => 5044
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\\\\[%{POSINT:syslog_pid}\\\\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch { hosts => ["es"] }
stdout { codec => rubydebug }
}
eof
5.running
docker run -d --name logs --hostname logs.server.com --link es:es \\\\
-v $(pwd)/conf/logstash:/opt/logstash/config \\\\
-p 5044:5044 \\\\
logstash:2.1.1 \\\\
logstash -f /opt/logstash/config/*.conf
Generate kibana image
1.Dockerfile
FROM gosu:1.7
MAINTAINER Darebeat
ENV KIBANA_HOME /opt/kibana4
ADD kibanab-4.3.1.tar.gz /opt
RUN groupadd -r kibana \\\\
&& useradd -r -s /usr/sbin/nologin -d ${KIBANA_HOME} -c "Kibana service user" -g kibana kibana \\\\
&& chown -R kibana:kibana ${KIBANA_HOME}
ENV PATH /opt/kibana4/bin:$PATH
COPY ./docker-entrypoint.sh /
EXPOSE 5601
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["kibana"]
2.docker-entrypoint.sh
#!/bin/bash
set -e
# Add kibana as command if needed
if [[ "$1" == -* ]]; then
set -- kibana "$@"
fi
counter=0
while [ ! "$(curl $ELASTICSEARCH_URL 2> /dev/null)" -a $counter -lt 30 ]; do
sleep 1
((counter++))
echo "waiting for Elasticsearch to be up ($counter/30)"
done
# Run as user "kibana" if the command is "kibana"
if [ "$1" = 'kibana' ]; then
if [ "$ELASTICSEARCH_URL" -o "$ELASTICSEARCH_PORT_9200_TCP" ]; then
: ${ELASTICSEARCH_URL:='http://elasticsearch:9200'}
sed -i -e 's!^\\\\#*\\\\s*elasticsearch\\\\.url:.*!elasticsearch\\\\.url: "'$ELASTICSEARCH_URL'"!' /opt/kibana4/config/kibana.yml
else
echo >&2 'warning: missing ELASTICSEARCH_PORT_9200_TCP or ELASTICSEARCH_URL'
echo >&2 ' Did you forget to --link some-elasticsearch:elasticsearch'
echo >&2 ' or -e ELASTICSEARCH_URL=http://some-elasticsearch:9200 ?'
echo >&2
fi
set -- gosu kibana "$@"
fi
exec "$@"
3.built
#! /bin/bash
set -e
if [ $(docker ps -a | grep kibana | grep 4.3 | awk '{print $3}') ];then
docker stop $(docker ps -a | grep kibana | grep 4.3 | awk '{print $3}')
fi
if [ $(docker images | grep kibana | grep 4.3 | awk '{print $3}') ]; then
docker rmi -f $(docker images | grep kibana | grep 4.3 | awk '{print $3}')
fi
docker build -t kibana:4.3 .
4.running
docker run -d --name kib --hostname kib.server.com --link es:es -e "ELASTICSEARCH_URL=http://es:9200" -p 5601:5601 kibana:4.3