Linux配置docker
Linux配置docker
-
- 前提
- 安装docker
- docker常用命令 | <>内的为说明
- 常用命令
- docker配置生产环境
- 安装生产环境包
- 解压生产环境包
- 编译并安装生产环境包
- 安装cnpm、pm2
- 安装ssh
- docker安装与环境配置(nginx+node+mongodb+GraphicsMagick+redis)脚本
- 随机生成mongodb账号密码脚本
前提
- 默认阅读者对
docker有一定的了解 - 笔者的 Linux 系统为 centos7
- 文章后半段是讲述
docker中一些应用的安装与自制脚本
安装docker
- 检查是否有docker
sudo yum remove docker docker-common docker-selinux docker-engine
- 下载docker安装环境
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum makecache fast
- 下载docker
sudo yum install docker-ce
由于下载容器的速度慢,用网上的加速器
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://123c18fe.m.daocloud.io
docker常用命令 | <>内的为说明
- 开机自启动 : systemctl enable docker
- 启动 : systemctl start docker
- 重启 : systemctl restart docker
- 安装容器 : docker run -it -d centos
- 查看正在运行容器 : docker ps
- 查看所有容器 : docker ps -a
- 删除容器 : docker rm -f nuby
- 进入容器内部 : docker exec -it nuby /bin/bash
- 修改容器内部的主机名 : docker run --hostname=AtomNuby -it -d centos <–hostname=想起的名称>
- 打包或更新容器镜像 : docker commit nuby Gener
- 镜像打包 : docker save Gener > soft.tar
- 镜像包解压 : docker load -i Gener
常用命令
- 查看映射端口 : iptables -nL
- 授予权限 : chmod +x test.sh
docker配置生产环境
- 更新yum : yum update
- 下载vim : yum install vim -y
- 安装生产环境工具 :
yum -y install gcc gcc-c++ openssl-devel zlib-devel pcre-devel bzip2* make libjpeg* libpng* pcre libxml2 libxml2-devel curl curl-devel openssl openssl-devel wget
- 更新容器内的时间 :
yum -y install ntp
systemctl startntpd
systemctl enable ntpd
ntpdate -u cn.pool.ntp.org
rm -rf /etc/localtime
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
安装生产环境包
- wget -N --no-check-certificate https://nodejs.org/dist/v8.4.0/node-v8.4.0.tar.gz
- wget -N --no-check-certificate http://nginx.org/download/nginx-1.10.1.tar.gz
- wget -N --no-check-certificate https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.2.3.tgz
- wget -N --no-check-certificate http://jaist.dl.sourceforge.net/project/graphicsmagick/graphicsmagick/1.3.20/GraphicsMagick-1.3.20.tar.gz
- wget -N --no-check-certificate http://download.redis.io/releases/redis-4.0.0.tar.gz
解压生产环境包
- tar -vxf GraphicsMagick-*.tar.gz
- tar -vxf mongodb-linux-x86_64-3.2.3.tgz
- tar -vxf node-*.tar.gz
- tar -vxf redis-*.tar.gz
- tar -vxf nginx-*.tar.gz
- tar -vxf redis-*.tar.gz
编译并安装生产环境包
- cd /soft/nginx* && ./configure --with-http_ssl_module && make && make install
- cd /soft/node* && ./configure && make && make install
- cd /soft/GraphicsMagick* && ./configure && make && make install
- /usr/local/nginx/sbin/nginx
- cd /soft/redis* && make PREFIX=/usr/local/redis/ install && make install
- cd /usr/local/redis/ && cp /soft/redis*/redis.conf etc
安装cnpm、pm2
- npm install cnpm -g
- cnpm install -g pm2
安装ssh
yum install passwd openssl openssh-server -y
ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' -y
ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' -y
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' -y
/etc/ssh/sshd_config
UseDNS 改为 no UsePrivilegeSeparation 改为 no
"s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
"s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config
passwd
docker安装与环境配置(nginx+node+mongodb+GraphicsMagick+redis)脚本
set ff=unix
#!/bin/bash
sudo yum remove docker docker-common docker-selinux docker-engine -y
sudo yum install yum-utils device-mapper-persistent-data lvm2 -y
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum makecache fast
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://123c18fe.m.daocloud.io
sudo yum install docker-ce -y
systemctl start docker
docker run -it -d centos
a=$(docker ps | awk '{print $1}' |sed -n '2p')
docker exec -it $a -v /bin/bash
yum -y install gcc gcc-c++ openssl-devel zlib-devel pcre-devel bzip2* make libjpeg* libpng* pcre libxml2 libxml2-devel curl curl-devel openssl openssl-devel wget
yum -y install ntp
systemctl start ntpd
systemctl enable ntpd
ntpdate -u cn.pool.ntp.org
rm -rf /etc/localtime
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
if [ ! -d "/website" ];
then mkdir website
fi
if [ ! -d "/soft" ];
then mkdir soft
fi
cd /soft
#wget -N --no-check-certificate https://nodejs.org/dist/v8.4.0/node-v8.4.0.tar.gz
wget -N --no-check-certificate http://nginx.org/download/nginx-1.10.1.tar.gz
wget -N --no-check-certificate https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.2.3.tgz
wget -N --no-check-certificate http://jaist.dl.sourceforge.net/project/graphicsmagick/graphicsmagick/1.3.20/GraphicsMagick-1.3.20.tar.gz
wget -N --no-check-certificate http://download.redis.io/releases/redis-4.0.0.tar.gz
tar -vxf GraphicsMagick-*.tar.gz
tar -vxf mongodb-linux-x86_64-3.2.3.tgz
#tar -vxf node-*.tar.gz
tar -vxf redis-*.tar.gz
tar -vxf nginx-*.tar.gz
###install1 nginx
cd /soft/nginx*
./configure --with-http_ssl_module && make && make install
#install node
cd /soft/node*
./configure && make && make install
##install1 GraphicsMagick
cd /soft/GraphicsMagick*
./configure && make && make install
####start nginx
/usr/local/nginx/sbin/nginx
#####radis install
cd /soft/redis*
make PREFIX=/usr/local/redis/ install && make install
cd /usr/local/redis/
mkdir etc logs var db
cp /soft/redis*/redis.conf etc
npm install cnpm -g
cnpm install -g pm2
yum install passwd openssl openssh-server -y
ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' -y
ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' -y
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' -y
cat >> /etc/ssh/sshd_config << EOF
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
UsePAM no
X11Forwarding yes
UsePrivilegeSeparation no
UseDNS no
Banner /etc/sshbanner
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
EOF
"s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
"s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config
ArrPasswd=( a b c d e A B C D E F @ $ % ^ 0 1 2 3 4 5 6 7 8 9 )
for ((i=0;i<15;i++));
do
pas=${pas[@]}$(echo -n ${ArrPasswd[$RANDOM % ${#ArrPasswd[@]}]})
done
echo $pas | passwd --stdin root
exit
if [ hostname -eq $a ]
then exit
done
## docker image < not capital >
ArrImage=( a b c d e d f g )
for ((i=0;i<6;i++));
do
image=${image[@]}$(echo -n ${ArrImage[$RANDOM % ${#ArrImage[@]}]})
done
echo $image
docker commit $a $image
cd /
if [ ! -d "/soft" ];
then mkdir soft
fi
docker save $image > $image.tar
docker run -it -d --privileged=true --hostname=AtomNuby --name=nuby -v /website:/website -v /date/db:/data/db -p 443:443 -p 80:80 -p 4022:22 -p 8782:8782 -p 8792:8792 -p 8783:8783 -p 8784:8784 -p 8682:8682 -p 8692:8692 -p 8683:8683 -p 8684:8684 -p 50014:50014 -p 4009:3009 -p 7017:27017 -p 9736:6379 $image /usr/sbin/sshd -D
docker exec -it nuby bin/bash
echo "docker password : " $pas
随机生成mongodb账号密码脚本
#!/bin/bash
ps axu |grep -v 'grep' |egrep "mongo"|awk '{system("kill -9 "$2)}'
/usr/local/mongodb/bin/mongod --dbpath=/data/db --fork --logpath=/data/db/mongodb.log --storageEngine wiredTiger --journal > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo "mongodb无认证启动成功"
else
echo "mongodb无认证启动失败"
fi
sleep 5
ArrUsername=( a b c d e A B C D E F G H J K L Z X C V B N M @ 0 1 2 3 4 5 6 7 8 9 )
for ((i=0;i<5;i++));do
username=${username[*]}$(echo -n ${ArrUsername[$RANDOM % ${#ArrUsername[@]}]})
done
ArrPasswd=( a b c d e A B C D E F @ $ % ^ 0 1 2 3 4 5 6 7 8 9 )
for ((i=0;i<15;i++));do
passwd=${passwd[@]}$(echo -n ${ArrPasswd[$RANDOM % ${#ArrPasswd[@]}]})
done
/usr/local/mongodb/bin/mongo << EOF > /dev/null
use admin
db.createRole({role:'sysadmin',roles:[],privileges:[{resource:{anyResource:true},actions:['anyAction']}]})
db.createUser({user:'$username',pwd:'$passwd',roles:[{role:'sysadmin',db:'admin'}]})
db.shutdownServer();
db.shutdownServer();
exit;
EOF
echo "please login admin to create new B2B/B2C/XXWZ table BY 3T "
ps axu |grep -v 'grep' |egrep "mongo"|awk '{system("kill -9 "$2)}'
#echo "please input username"
/usr/local/mongodb/bin/mongod --auth --dbpath=/data/db --fork --logpath=/data/db/mongodb.log --storageEngine wiredTiger --journal > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo "mongodb认证启动成功"
else
echo "mongodb认证启动失败"
fi
sleep 5
ArrUsername=( a b c d e A B C D E F G H J K L Z X C V B N M @ 0 1 2 3 4 5 6 7 8 9 )
for ((i=0;i<5;i++));do
username2=${username2[*]}$(echo -n ${ArrUsername[$RANDOM % ${#ArrUsername[@]}]})
done
ArrPasswd=( a b c d e A B C D E F @ $ % ^ 0 1 2 3 4 5 6 7 8 9 )
for ((i=0;i<15;i++));do
passwd2=${passwd2[@]}$(echo -n ${ArrPasswd[$RANDOM % ${#ArrPasswd[@]}]})
done
echo "please input dbs name"
read dbs
/usr/local/mongodb/bin/mongo << EOF > /dev/null
use admin
db.auth("$username","$passwd")
use $dbs
db.createUser({user:'$username2',pwd:'$passwd2',roles:[{role:'sysadmin',db:'admin'}]})
exit;
EOF
echo "mongodb超级管理员 : " $username
echo "mongodb超级管密码 : " $passwd
echo "数据库名 " $dbs
echo "用户名 : " $username2
echo "密码 : " $passwd2