Centos 7 快速安装DOCKER并部署SHIPYARD中文版

安装／升级你的Docker客户端

推荐安装1.10.0以上版本的Docker客户端。

您可以通过阿里云的镜像仓库下载：docker-engine、docker-ce

或执行以下命令：

curl -sSL http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/internet | sh -

如何使用Docker加速器

针对Docker客户端版本大于1.10的用户

您可以通过修改daemon配置文件/etc/docker/daemon.json来使用加速器：

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://xxx.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

TypeScript

这个网站:  https://cr.console.aliyun.com/#/accelerator  通过注册  获取自己的加速站点

那么安装好Docker之后就可以安装SHIPYARD管理平台,我自己做的汉化,之前sf的大兄弟的shipyard中文版已经很久没更新了

这里我已经写好了安装脚本,并且可以直接安装阿里云docker(也就是上面的东西可以不做)但是需要你提供加速网站地址

当然你也可以使用官方脚本安装shipyard,然后参考 https://github.com/StarWars-Team/shipyard_zh 把汉化文件覆盖到控制端也是不错的选择

#!/bin/bash
cat << EOF
=========================================================================
 _____         _       
|   __|_ _ ___| |_ _ _ 
|   __| | |   | '_| | |
|__|  |___|_|_|_,_|_  |
                  |___|
=========================================================================
Mr.Funky Auto Install GeekCloud-Docker-Manager for CENTOS\REHL 7 
=========================================================================
Author: Mr Funky 
=========================================================================
USER: $USER   HOST: $HOSTNAME  KERNEL: `uname -r`  
DISK :`ls  /dev/sd?`
Are you sure to auto install GeekCloud-Docker-Manager?
EOF
green='\e[1;32m' # green
red='\e[1;31m' # red
blue='\e[1;34m' # blue  
nc='\e[0m' # normal
ACTION=${ACTION:-deploy}
IMAGE=${IMAGE:-shipyard/shipyard:latest}
PREFIX=${PREFIX:-shipyard}
SHIPYARD_ARGS=${SHIPYARD_ARGS:-""}
TLS_CERT_PATH=${TLS_CERT_PATH:-}
CERT_PATH="/etc/shipyard"
PROXY_PORT=${PROXY_PORT:-2375}
SWARM_PORT=3375
SHIPYARD_PROTOCOL=http
SHIPYARD_PORT=${PORT:-8080}
SHIPYARD_IP=${IP}
DISCOVERY_BACKEND=etcd
DISCOVERY_PORT=4001
DISCOVERY_PEER_PORT=7001
ENABLE_TLS=0
CERT_FINGERPRINT=""
LOCAL_CA_CERT=""
LOCAL_SSL_CERT=""
LOCAL_SSL_KEY=""
LOCAL_SSL_CLIENT_CERT=""
LOCAL_SSL_CLIENT_KEY=""
SSL_CA_CERT=""
SSL_CERT=""
SSL_KEY=""
SSL_CLIENT_CERT=""
SSL_CLIENT_KEY=""

setselinux(){
	echo -n "Closing Selinx ..."
	sleep 0.3
	sed -i  's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
	echo -n "."
	sleep 0.3
	echo -n "."
	i=`setenforce 0`  
	echo -n $i
	echo -n "Config Selinux ....."
	if [ $? == 0 -o $? == 1  ];then
		echo -e " [${green}Success${nc}]"
	else
		echo -e "[${red}Failed${nc}]"
		echo "Please check your config.."
		exit 2
	fi
}
check_certs() {
    if [ -z "$TLS_CERT_PATH" ]; then
        return
    fi

    if [ ! -e $TLS_CERT_PATH ]; then
        echo "Error: unable to find certificates in $TLS_CERT_PATH"
        show_cert_help
        exit 1
    fi

    if [ "$PROXY_PORT" = "2375" ]; then
        PROXY_PORT=2376
    fi
    SWARM_PORT=3376
    SHIPYARD_PROTOCOL=https
    LOCAL_SSL_CA_CERT="$TLS_CERT_PATH/ca.pem"
    LOCAL_SSL_CERT="$TLS_CERT_PATH/server.pem"
    LOCAL_SSL_KEY="$TLS_CERT_PATH/server-key.pem"
    LOCAL_SSL_CLIENT_CERT="$TLS_CERT_PATH/cert.pem"
    LOCAL_SSL_CLIENT_KEY="$TLS_CERT_PATH/key.pem"
    SSL_CA_CERT="$CERT_PATH/ca.pem"
    SSL_CERT="$CERT_PATH/server.pem"
    SSL_KEY="$CERT_PATH/server-key.pem"
    SSL_CLIENT_CERT="$CERT_PATH/cert.pem"
    SSL_CLIENT_KEY="$CERT_PATH/key.pem"
    CERT_FINGERPRINT=$(openssl x509 -noout -in $LOCAL_SSL_CERT -fingerprint -sha256 | awk -F= '{print $2;}')

    if [ ! -e $LOCAL_SSL_CA_CERT ] || [ ! -e $LOCAL_SSL_CERT ] || [ ! -e $LOCAL_SSL_KEY ] || [ ! -e $LOCAL_SSL_CLIENT_CERT ] || [ ! -e $LOCAL_SSL_CLIENT_KEY ]; then
        echo "Error: unable to find certificates"
        show_cert_help
        exit 1
    fi

    ENABLE_TLS=1
}

start_certs() {
    ID=$(docker run \
        -ti \
        -d \
        --restart=always \
        --name $PREFIX-certs \
        -v $CERT_PATH \
        alpine \
        sh)
    if [ $ENABLE_TLS = 1 ]; then
        docker cp $LOCAL_SSL_CA_CERT $PREFIX-certs:$SSL_CA_CERT
        docker cp $LOCAL_SSL_CERT $PREFIX-certs:$SSL_CERT
        docker cp $LOCAL_SSL_KEY $PREFIX-certs:$SSL_KEY
        docker cp $LOCAL_SSL_CLIENT_CERT $PREFIX-certs:$SSL_CLIENT_CERT
        docker cp $LOCAL_SSL_CLIENT_KEY $PREFIX-certs:$SSL_CLIENT_KEY
    fi
}



get_ip() {
    if [ -z "$SHIPYARD_IP" ]; then
        SHIPYARD_IP=`docker run --rm --net=host alpine ip route get 8.8.8.8 | awk '{ print $7;  }'`
    fi
}

start_discovery() {
    get_ip

    ID=$(docker run \
        -ti \
        -d \
        -p 4001:4001 \
        -p 7001:7001 \
        --restart=always \
        --name $PREFIX-discovery \
        microbox/etcd:latest -addr $SHIPYARD_IP:$DISCOVERY_PORT -peer-addr $SHIPYARD_IP:$DISCOVERY_PEER_PORT)
}
start_rethinkdb() {
    ID=$(docker run \
        -ti \
        -d \
        --restart=always \
        --name $PREFIX-rethinkdb \
        rethinkdb)
}
start_proxy() {
    TLS_OPTS=""
    if [ $ENABLE_TLS = 1 ]; then
        TLS_OPTS="-e SSL_CA=$SSL_CA_CERT -e SSL_CERT=$SSL_CERT -e SSL_KEY=$SSL_KEY -e SSL_SKIP_VERIFY=1"
    fi
    # Note: we add SSL_SKIP_VERIFY=1 to skip verification of the client
    # certificate in the proxy image.  this will pass it to swarm that
    # does verify.  this helps with performance and avoids certificate issues
    # when running through the proxy.  ultimately if the cert is invalid
    # swarm will fail to return.
    ID=$(docker run \
        -ti \
        -d \
        -p $PROXY_PORT:$PROXY_PORT \
        --hostname=$HOSTNAME \
        --restart=always \
        --name $PREFIX-proxy \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -e PORT=$PROXY_PORT \
        --volumes-from=$PREFIX-certs $TLS_OPTS\
        shipyard/docker-proxy:latest)
}
start_swarm_manager() {
    get_ip

    TLS_OPTS=""
    if [ $ENABLE_TLS = 1 ]; then
        TLS_OPTS="--tlsverify --tlscacert=$SSL_CA_CERT --tlscert=$SSL_CERT --tlskey=$SSL_KEY"
    fi

    EXTRA_RUN_OPTS=""

    if [ -z "$DISCOVERY" ]; then
        DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
        EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
    fi
    ID=$(docker run \
        -ti \
        -d \
        --restart=always \
        --name $PREFIX-swarm-manager \
        --volumes-from=$PREFIX-certs $EXTRA_RUN_OPTS \
        swarm:latest \
        m --replication --addr $SHIPYARD_IP:$SWARM_PORT --host tcp://0.0.0.0:$SWARM_PORT $TLS_OPTS $DISCOVERY)
}
start_swarm_agent() {
    get_ip

    if [ -z "$DISCOVERY" ]; then
        DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
        EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
    fi
    ID=$(docker run \
        -ti \
        -d \
        --restart=always \
        --name $PREFIX-swarm-agent $EXTRA_RUN_OPTS \
        swarm:latest \
        j --addr $SHIPYARD_IP:$PROXY_PORT $DISCOVERY)
}
start_controller() {
    #-v $CERT_PATH:/etc/docker:ro \
    TLS_OPTS=""
    if [ $ENABLE_TLS = 1 ]; then
        TLS_OPTS="--tls-ca-cert $SSL_CA_CERT --tls-cert=$SSL_CERT --tls-key=$SSL_KEY --shipyard-tls-ca-cert=$SSL_CA_CERT --shipyard-tls-cert=$SSL_CERT --shipyard-tls-key=$SSL_KEY"
    fi

    ID=$(docker run \
        -ti \
        -d \
        --restart=always \
        --name $PREFIX-controller \
        --link $PREFIX-rethinkdb:rethinkdb \
        --link $PREFIX-swarm-manager:swarm \
        -p $SHIPYARD_PORT:$SHIPYARD_PORT \
        --volumes-from=$PREFIX-certs \
        $IMAGE \
        --debug \
        server \
        --listen :$SHIPYARD_PORT \
        -d tcp://swarm:$SWARM_PORT $TLS_OPTS $SHIPYARD_ARGS)
}
wait_for_available() {
    set +e 
    IP=$1
    PORT=$2
    echo Waiting for Shipyard on $IP:$PORT

    docker pull ehazlett/curl > /dev/null 2>&1

    TLS_OPTS=""
    if [ $ENABLE_TLS = 1 ]; then
        TLS_OPTS="-k"
    fi

    until $(docker run --rm ehazlett/curl --output /dev/null --connect-timeout 1 --silent --head --fail $TLS_OPTS $SHIPYARD_PROTOCOL://$IP:$PORT/ > /dev/null 2>&1); do
        printf '.'
        sleep 1 
    done
    printf '\n'
}
read -p "Please input Y to continue" key
if [ $key == 'Y' -o $key == 'y' ];then
    echo "Do you want to install Docker accelerated by AliYun ?"
    read -p "Please input Y to continue" key2
    if [ $key2 == 'Y' -o $key2 == 'y' ];then
	echo "Please Wait ..."
        wget -O /etc/yum.repos.d/geekfan.repo http://mirrors.geekfan.top/YUM/centos7-source.repo
	touch /etc/yum.repos.d/docker.repo
     	cat > /etc/yum.repos.d/docker.repo < /etc/docker/daemon.json < Starting Database"
    start_rethinkdb && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]" 
    echo " -> Starting Discovery"
    start_discovery && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]"
    echo " -> Starting Cert Volume"
    start_certs && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]"
    echo " -> Starting Proxy"
    start_proxy && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]"
    echo " -> Starting Swarm Manager"
    start_swarm_manager && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]"
    echo " -> Starting Swarm Agent"
    start_swarm_agent && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]"
    echo " -> Starting Controller"
    start_controller && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]"

    wait_for_available $SHIPYARD_IP $SHIPYARD_PORT
    echo " -> Setting Chinese "
    docker exec -it shipyard-controller  rm -rf static/app/*

    docker exec -it shipyard-controller  rm -f static/index.html
    
    git clone https://github.com/StarWars-Team/shipyard_zh.git
    
    docker cp  shipyard_zh/static/app  shipyard-controller:/static/

    docker cp  shipyard_zh/static/index.html  shipyard-controller:/static/
     
    rm -rf shipyard_zh/ && echo  -e   "[${green}Success${nc}]" || echo -e "[${red}Failed${nc}]"
    echo " -> Setting Firewalld "
    firewall-cmd --permanent --add-port=8080/tcp
    firewall-cmd --permanent --add-port=2375/tcp
    firewall-cmd --permanent --add-service=http
    firewall-cmd --reload
    echo "GeekCloud-Docker-Manager available at $SHIPYARD_PROTOCOL://$SHIPYARD_IP:$SHIPYARD_PORT"
    if [ $ENABLE_TLS = 1 ] && [ ! -z "$CERT_FINGERPRINT" ]; then
        echo "SSL SHA-256 Fingerprint: $CERT_FINGERPRINT"
    fi
    echo "Username: admin Password: shipyard"
fi

这里要提醒一点2375不建议在有公网的服务器开放,容易被人利用,建议修改防火墙规则只允许内网IP访问:

例子:

	firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/24" port protocol="tcp" port="2375" accept"