docker-compose

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration. To learn more about all the features of Compose, see the list of features.

 

참고페이지: https://docs.docker.com/compose/https://docs.docker.com/compose/overview/

docker-compose 란?  간단히 설명하면 YAML 방식 설정파일을 이용하여 여러 컨테이너를 설치? 하고 운영 하는툴로 보시면 됩니다.

 

Github

test@docker-test:~$ git clone https://github.com/visualwork/Docker-test.git

/Docker-test/test02 에 있습니다. 🙂

 

docker-compose 설치

test@ubuntu1604:~$ sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
test@ubuntu1604:~$ sudo chmod +x /usr/local/bin/docker-compose
test@tomomo:~$ docker-compose --version
docker-compose version 1.11.2, build dfed245
test@tomomo:~$

 

 

docker-compose 를 이용하여 web-service 를 테스트 합니다.

(Nginx + php71 + mysql57)

Docker-compose 디렉토리 구조

sanjuk@ubuntu1604:~/web-service$ tree
.
├── docker-compose.yml
├── nginx
│   └── conf
│       └── default.conf
└── php
    ├── conf
    │   └── php.ini
    └── Dockerfile

4 directories, 4 files
sanjuk@ubuntu1604:~/web-service$

 

docker-compose.yml 파일 

위치: /home/sanjuk/web-service

version: '2'

services:
    mysql:
        image: mysql:5.7
        ports:
            - 3306:3306
        volumes:
            - ./mysql:/var/lib/mysql
        restart: always
        environment:
            MYSQL_ROOT_PASSWORD: root
            MYSQL_USER: docker
            MYSQL_PASSWORD: docker
            MYSQL_DATABASE: docker

    nginx:
        image: nginx:1.10.2
        ports:
            - 80:80
        restart: always
        volumes:
            - ./nginx/conf:/etc/nginx/conf.d
            - ~/Projects:/code
        links:
            - php
        depends_on:
            - php

    php:
        build: php
        expose:
            - 9000
        restart: always
        volumes:
            - ./php/conf/php.ini:/usr/local/etc/php/conf.d/custom.ini
            - ~/Projects:/code
        links:
            - mysql

 

version : compose file format 참고페이지 https://docs.docker.com/compose/compose-file/#reference-and-guidelines

services: 컨테이너 별로 만들어 주면 됩니다. ex) nginx , apache , mariadb , mysql 등

mysql 필드 설명

image: mysql:5.7 version 을 사용합니다.

ports: 3306:3306  / host의 3306 포트와 컨테이너의 3306 포트를 연결 합니다.

volumes: /mysql:/var/lib/mysql 내부 디렉토리 와 컨테이너 디렉토리를 연결 합니다.

restart: always  리부팅시에도 자동으로 실행을 합니다.

environment: 환경변수 설정?
MYSQL_ROOT_PASSWORD: root  /  mysql root 패스워드
MYSQL_USER: docker                   / mysql user 생성
MYSQL_PASSWORD: docker        / user password 생성
MYSQL_DATABASE: docker          / user database 생성

nginx 필드 설명

links: – php / php 컨테이너와 연결을 합니다.

depends_on: 서비스와 시작순서간의 종속성 설정?

The depends_on option can be used in place of links to indicate dependencies between services and startup order

참고페이지: https://docs.docker.com/compose/compose-file/compose-versioning/#version-2

 

php 필드 설명

build: php  / Dockerfile 을 통하여 build 시 build 라는 필드를 입력합니다.

expose: 9000 : 외부로 연결하지 않고 다른 컨테이너에서만 액세스 할수 있습니다.

Expose ports without publishing them to the host machine – they’ll only be accessible to linked services. Only the internal port can be specified.

참고페이지: https://docs.docker.com/compose/compose-file/compose-file-v2/

links: mysql 컨테이너와 연결

Link to containers in another service. Either specify both the service name and a link alias (“SERVICE:ALIAS”), or just the service name.

 

nginx default.conf 파일 생성

위치: /home/sanjuk/web-service/nginx/conf

server {
    listen       80 default_server;
    server_name  localhost _;
    index        index.php index.html index.htm;
    root         /code;

    location / {
        try_files   $uri $uri/ /index.php?$query_string;
        autoindex on;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

 

php/Dockerfile 생성

위치 : /home/sanjuk/web-service/php

FROM php:7.1-fpm

RUN apt-get update

# Some basic extensions
RUN docker-php-ext-install -j$(nproc) json mbstring opcache pdo pdo_mysql mysqli

# Curl
RUN apt-get install -y libcurl4-openssl-dev
RUN docker-php-ext-install -j$(nproc) curl

# GD
RUN apt-get install -y libpng-dev libjpeg-dev
RUN docker-php-ext-install -j$(nproc) gd

# Intl
RUN apt-get install -y libicu-dev
RUN docker-php-ext-install -j$(nproc) intl

 

php.ini 생성

위치 /home/sanjuk/web-service/php/conf

display_errors = On
display_startup_errors = On
default_charset = "UTF-8"
html_errors = On
date.timezone = Asia/Seoul

 

docker-compose 실행

실행위치

sanjuk@ubuntu1604:~/web-service$ pwd
/home/sanjuk/web-service
sanjuk@ubuntu1604:~/web-service$ ls
docker-compose.yml  nginx  php
sanjuk@ubuntu1604:~/web-service$

 

실행

sanjuk@ubuntu1604:~/web-service$ docker-compose up -d --build

(web-service 디렉토리에서 실행을 하며 docker-compose.yml 파일이 있어야 합니다.)

 

컨테이너 동작 확인

sanjuk@ubuntu1604:~/web-service$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                         NAMES
b94d040597dd        nginx:1.10.2        "nginx -g 'daemon of…"   About a minute ago   Up 38 seconds       0.0.0.0:80->80/tcp, 443/tcp   webservice_nginx_1
2738120d80de        webservice_php      "docker-php-entrypoi…"   About a minute ago   Up 39 seconds       9000/tcp                      webservice_php_1
efeb60c666f9        mysql:5.7           "docker-entrypoint.s…"   About a minute ago   Up 39 seconds       0.0.0.0:3306->3306/tcp        webservice_mysql_1
sanjuk@ubuntu1604:~/web-service$

 

info.php 파일생성

sanjuk@ubuntu1604:~$ sudo chown sanjuk:sanjuk Projects/
sanjuk@ubuntu1604:~$ sudo vi Projects/info.php
<?php phpinfo(); ?>

 

webbrowser확인

 

 

Dockerfile 작성

아래 내용은 테스트 예제 이며 실제 Web-server 운영시는 docker-compose 를 많이 사용합니다.

단독 서비스를 운영하지 않는다면 Service 를 apache + mariadb 로 컨테이너를 나눠서 관리하는게

좀더 편하게 관리 할수 있습니다.

 

Github

test@docker-test:~$ git clone https://github.com/visualwork/Docker-test.git

/Docker-test/test01 에 Dockerfile 이 있습니다. 🙂

 

 

Dockerfile 을 작성 nginx Dockerfile 예제

nginx 디렉토리 생성후 Dockerfile 을 작성 합니다.

test@ubuntu1604:~$ mkdir nginx
test@ubuntu1604:~$ cd nginx/
test@ubuntu1604:~$ mkdir data
test@ubuntu1604:~/nginx$ vi Dockerfile

FROM ubuntu:16.04
MAINTAINER sanjuk <test@anonymouse.com>

RUN apt-get update
RUN apt-get install -y nginx
RUN echo "\ndaemon off;" >> /etc/nginx/nginx.conf
RUN chown -R www-data:www-data /var/lib/nginx


VOLUME /data

WORKDIR /etc/nginx

CMD ["nginx"]

EXPOSE 80
EXPOSE 443

 

FROM: 배포판 이미지

MAINTAINER : 메인테이너 정보

RUN : 스크립트 실행 또는 명령어 실행

VOLUME : 호스트와 공유할 디렉토리 정보 (컨테이너의 볼륨과 호스트 디렉토리 연결로 보시면 됩니다.)

CMD : 컨테이너 시작시 실행할 스크립트 또는 명령어

EXPOSE 호스트와 연결할 포트

 

build 명령으로 이미지 생성

test@ubuntu1604:~/nginx$ docker build --tag nginx-web01 .
Sending build context to Docker daemon  2.048kB
Step 1/11 : FROM ubuntu:16.04
16.04: Pulling from library/ubuntu
3b37166ec614: Already exists
504facff238f: Already exists
ebbcacd28e10: Already exists
c7fb3351ecad: Already exists
2e3debadcbf7: Already exists
Digest: sha256:45ddfa61744947b0b8f7f20b8de70cbcdd441a6a0532f791fd4c09f5e491a8eb
Status: Downloaded newer image for ubuntu:16.04
 ---> b9e15a5d1e1a
Step 2/11 : MAINTAINER sanjuk <test@anonymouse.com>
 ---> Running in d1dc8cb42cec
Removing intermediate container d1dc8cb42cec
 ---> 31d7669ef650
Step 3/11 : RUN apt-get update
 ---> Running in 058f47b0073a
Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
Get:2 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
Get:3 http://security.ubuntu.com/ubuntu xenial-security/universe Sources [95.4 kB]
~중략

 

image 확인

test@ubuntu1604:~/nginx$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx-web01         latest              fae98fcdce37        2 minutes ago       212MB
ubuntu              16.04               b9e15a5d1e1a        3 weeks ago         115MB
test@ubuntu1604:~/nginx$

 

docker 실행

test@ubuntu1604:~/nginx$ docker run --name web-service -d -p 80:80 -v /root/nginx/data:/data nginx-web01
a56208a8b4e04b800ee523353f2a31b7c1be79ac19689410214070df9fbea6e8
test@ubuntu1604:~/nginx$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                         NAMES
a56208a8b4e0        nginx-web01         "nginx"             3 seconds ago       Up 2 seconds        0.0.0.0:80->80/tcp, 443/tcp   web-service
test@ubuntu1604:~/nginx$

 

webbrowser 확인

 

nginx 컨테이너 접속

test@ubuntu1604:~/nginx$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                         NAMES
f03a5bb4f756        nginx:latest        "nginx"             12 minutes ago      Up 12 minutes       0.0.0.0:80->80/tcp, 443/tcp   hello-nginx
test@ubuntu1604:~/nginx$
test@ubuntu1604:~/nginx$ docker exec -it f03a5bb4f756 /bin/bash
root@f03a5bb4f756:/etc/nginx#

 

Install Docker CE from binaries

링크: https://docs.docker.com/install/linux/docker-ce/binaries/

 

테스트 : ubuntu1604 vm

Docker 바이너리 압축파일 Down

https://download.docker.com/linux/static/stable/x86_64/

Index of /linux/static/stable/x86_64/
../
docker-17.03.0-ce.tgz  2017-03-01 11:11  27M
docker-17.03.1-ce.tgz  2017-03-28 04:46  27M
docker-17.03.2-ce.tgz  2017-06-28 03:35  27M
docker-17.06.0-ce.tgz  2017-06-28 05:17  29M
docker-17.06.1-ce.tgz  2017-08-18 02:35  29M
docker-17.06.2-ce.tgz  2017-09-05 10:39  29M
docker-17.09.0-ce.tgz  2017-09-27 01:47  29M
docker-17.09.1-ce.tgz  2017-12-08 12:22  29M
docker-17.12.0-ce.tgz  2017-12-27 09:52  33M

 

wget down

test@ubuntu1604:~$ wget https://download.docker.com/linux/static/stable/x86_64/docker-17.12.0-ce.tgz
--2018-02-05 18:21:58--  https://download.docker.com/linux/static/stable/x86_64/docker-17.12.0-ce.tgz
Resolving download.docker.com (download.docker.com)... 54.192.183.142, 54.192.183.217, 54.192.183.121, ...
Connecting to download.docker.com (download.docker.com)|54.192.183.142|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 34272897 (33M) [application/x-tar]
Saving to: ‘docker-17.12.0-ce.tgz’

docker-17.12.0-ce.t 100%[===================>]  32.68M  13.4MB/s    in 2.4s

2018-02-05 18:22:01 (13.4 MB/s) - ‘docker-17.12.0-ce.tgz’ saved [34272897/34272897]

test@ubuntu1604:~$

 

압축풀기

test@ubuntu1604:~$ tar xvf docker-17.12.0-ce.tgz
docker/
docker/docker-containerd-shim
docker/docker-containerd
docker/docker-runc
docker/docker
docker/docker-init
docker/docker-containerd-ctr
docker/docker-proxy
docker/dockerd
test@ubuntu1604:~$

 

docker 파일 copy 

test@ubuntu1604:~$ sudo cp docker/* /usr/bin/

 

Docker test

test@ubuntu1604:~$ sudo dockerd &
~중략
test@ubuntu1604:~$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED                                                                                                                                                                                                            STATUS              PORTS               NAMES
test@ubuntu1604:~$

 

docker 사용자 등록

test@ubuntu1604:~$ sudo usermod -aG docker test

 

 

systemd Scripts 생성

docker.service

sanjuk@docker-test:~$ cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd://
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

 

docker.socket

sanjuk@docker-test:~$ vi /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

 

systemctl docker enable 

test@ubuntu1604:~$ sudo -i
[sudo] password for test:
root@ubuntu1604:~# docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
root@ubuntu1604:~# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /lib/systemd/system/docker.service.
root@ubuntu1604:~# init 6

 

docker Test

ubuntu16.04 컨테이너 실행 및 컨테이너 접속

sanjuk@ubuntu1604:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
sanjuk@ubuntu1604:~$ docker run ubuntu:16.04
Unable to find image 'ubuntu:16.04' locally
16.04: Pulling from library/ubuntu
1be7f2b886e8: Pull complete
6fbc4a21b806: Pull complete
c71a6f8e1378: Pull complete
4be3072e5a37: Pull complete
06c6d2f59700: Pull complete
Digest: sha256:e27e9d7f7f28d67aa9e2d7540bdc2b33254b452ee8e60f388875e5b7d9b2b696
Status: Downloaded newer image for ubuntu:16.04
sanjuk@ubuntu1604:~$ docker run --rm -it ubuntu:16.04 /bin/bash
root@cd21ecd3c368:/# uname -a
Linux cd21ecd3c368 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
root@cd21ecd3c368:/# exit

 

 

 

rsyslog logserver

 

rsyslog server 구성

rsyslog(Log-Server) , server1(Log-Client) , server2(Log-Client)

 

rsyslog 설치 확인

[root@rsyslog ~]# rpm -aq |grep -i rsyslog
rsyslog-8.24.0-12.el7.x86_64

 

rsyslog 설정

(UDP / TCP 중 선택 하여 설정 할수 있으며 514 Port 를 사용합니다.)

[root@rsyslog ~]# vi /etc/rsyslog.conf
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

## TCP 를 사용하여 테스트 하기 위하여 아래 내용의 주석을 제거 합니다.
# Provides TCP syslog reception
$ModLoad imtcp                     
$InputTCPServerRun 514

 

rsyslog Rule 설정

[root@rsyslog ~]# vi /etc/rsyslog.conf
#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

## 아래 내용을 추가 합니다.
# Rsyslog Server Rules
$template TmplAuth, "/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.*   ?TmplAuth
*.info,mail.none,authpriv.none,cron.none   ?TmplMsg

 

rsyslog 재시작 

[root@rsyslog ~]# systemctl restart rsyslog

 

rsyslog 재시작후 /var/log/rsyslog 디렉토리가 생성 되며 hostname 별로 디렉토리가 생성 됩니다.

[root@rsyslog ~]# ls -al /var/log/rsyslog/
total 4
drwx------  3 root root   21 Feb  2 10:07 .
drwxr-xr-x. 7 root root 4096 Feb  2 10:07 ..
drwx------  2 root root   64 Feb  2 10:07 rsyslog
[root@rsyslog ~]#

 

rsyslog client 설정

[root@server1 ~]# vi /etc/rsyslog.conf
*.* @@192.168.192.100:514
[root@server2 ~]# vi /etc/rsyslog.conf
*.* @@192.168.192.100:514

( rsyslog server ip 설정 @=UDP @@=TCP 입니다.)

 

Client rsyslog 재시작

[root@server1 ~]# systemctl restart rsyslog

[root@server2 ~]# systemctl restart rsyslog

 

Test 를 위하여 server1, server2 에서 ssh login 을 진행 한후 rsyslog server 에서 /var/log/rsyslog 디렉토리를 확인 합니다.

[root@rsyslog rsyslog]# ls -al
total 4
drwx------  5 root root   51 Feb  2 10:24 .
drwxr-xr-x. 7 root root 4096 Feb  2 10:22 ..
drwx------  2 root root   80 Feb  2 10:09 rsyslog
drwx------  2 root root   87 Feb  2 10:24 server1
drwx------  2 root root   87 Feb  2 10:24 server2
[root@rsyslog rsyslog]# cd server1
[root@rsyslog server1]# ll
total 8
-rw------- 1 root root   0 Feb  2 10:24 rsyslogd.log
-rw------- 1 root root 198 Feb  2 10:24 sshd.log
-rw------- 1 root root 131 Feb  2 10:24 systemd.log
-rw------- 1 root root   0 Feb  2 10:24 systemd-logind.log
[root@rsyslog server1]#

(Client 에서 사용하는 서비스별로 log 가 취합 됩니다.)

 

log rotate 설정

(rsyslog 파일을 생성 합니다. )

[root@rsyslog ~]# vi /etc/logrotate.d/rsyslog
/var/log/rsyslog/*/*log {
    weekly
    size 100M
    create 0600 root root
    rotate 4
}

(일주일 로그 4주 보관 24일치를 보관 합니다. Size 의 경우 100k , 100M , 100G 단위로 설정할수 있습니다.)

 

firewalld 사용시 permanent 514 Port 추가

[root@rsyslog ~]# firewall-cmd --permanent --add-port=514/udp
[root@rsyslog ~]# firewall-cmd --permanent --add-port=514/tcp
[root@rsyslog ~]# firewall-cmd --reload

 

 

 

VMware vSphere Hypervisor 6.5 설치

 

무료 평가판의 경우 60일 사용이 가능하며 vmware 홈페이지에서 다운 받을수 있습니다.

https://www.vmware.com/kr/products/vsphere-hypervisor.html

https://docs.vmware.com/kr/VMware-vSphere/6.5/vsphere-esxi-vcenter-server-651-installation-setup-guide.pdf

 

Test 진행시 VMware 12 Workstation 을 이용했습니다.

File -> New Virtual Machine -> Custom -> next -> next 하여 설치를 진행 하면 되며

Select a Guest Operating System 의 경우 VMware ESX 를 선택 합니다.

 

Processor Configuration 

 

Memory for Virtual Machine 4G 이상 설정 

 

Specify Disk Capacity 

 

esxi01 vm 구성후 부팅하면 아래와 같은 화면을 볼수 있습니다.

ESXi-6.5.0-20170104001-standard Installer 를 선택 합니다.

 

설치진행 화면

(드라이버 로드)

 

 

Welcome to the VMware ESXi 6.5.0 Installation

(Enter) Continue 선택

 

End User License Agreement (EULA)

(F11) Accept and Continue 선택

 

Device Scanning…

 

Select a Disk to Install or Upgrade

(Enter) Continue 선택

 

Please select a keyboard layout

US Default (Enter) Continue 선택

 

Enter a root password

패스워드입력후 (Enter) Continue

 

Confirm Install

(F11) Install 선택

 

Installing ESXi 6.5.0

인스톨을 진행 합니다.

 

Installation Complete

설치가 완료 되었습니다. (Enter) Reboot

 

Rebooting 후 화면

 

Web GUI 접속

https://192.168.192.131