Welcome to Tencent cloud technology community, get more Tencent mass technology practice dry goods oh ~
Author: Zhang Ge
Introduction: Application scenario Describes the detailed process from creation, upload to deployment, and briefly introduces how to use Tencent cloud container service. The rapid launching of a customized service through Docker greatly simplifies deployment, speeds up the pace of business deployment, and reduces operation and maintenance costs. — Life is short, use Docker.
I. Practical background
In order to learn Docker, we first design a scenario based on actual requirements: suppose there is a personal website that wants to use Nginx reverse proxy scheme to quickly build multiple nodes similar to CDN at home and abroad and provide clustered WEB access services.
The solutions I have in mind are as follows: 1. General deployment scheme: purchase cloud host -> environment initialization -> Deploy Nginx-> Configure reverse proxy ->DNS resolution 2.Docker deployment scheme: purchase cloud host ->yum install Docker -> pull the image from the definition and perform DNS resolution 3. Tencent Cloud Container solution: Tencent Cloud Container Service -> Create service ->DNS resolution
Obviously, with Docker deployment, the whole process will be simpler, faster, and easier to automate. Of course, if not for IDC special requirements, Tencent cloud container services elected as the best solution.
The following is a brief record of my practice process from Docker image creation, upload to deployment.
Experimental environment:
CentOS Linux Release 7.2.1511 (Core) CentOS Linux Release 7.2.1511 (Core) •Docker version 1.12.6, Build 88a4867/1.12.6 Tengine 2.2.0 • Other omitted..
Two, make a mirror
1. Install and configure Docker
# installation docker
yum install -y docker
# Configure Tencent cloud image acceleration (official turtle speed)
vim /etc/sysconfig/docker
# Add the following parameters:
OPTIONS='--registry-mirror=https://mirror.ccs.tencentyun.com'
# Restart docker service
systemctl restart docker
Copy the code2. Make the basic image
Docker pull centos
View the current image docker images
[root@MyServer docker]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE Docker. IO /centos Latest 328edCD84f1b 4 weeks ago 192.5 MBCopy the codeRun and enter the image:
docker run -ti docker.io/centos:latest /bin/bash
Copy the codeAt this point, the terminal has entered the mirror. Now we can install additional components according to our own requirements. For example, I need to use crontab task planning service and process supervisor this time.
[root@0d7f7b8769d9 /]# yum install -y epel-release crontabs
[root@0d7f7b8769d9 /]# yum install -y python-pip
[root@0d7f7b8769d9 /]# pip install --upgrade pip
[root@0d7f7b8769d9 /]# pip install supervisor
Copy the codePs: 0d7f7b8769d9 in the Ps prompt is the CONTAINER ID of this startup, which will be used in the commit step. After the necessary components are installed, press Ctrl +D to exit the system. Then use the docker commit command to create a new image, for example, name it nginx-proxy-base and version latest:
docker commit 0d7f7b8769d9 centos/nginx-proxy-base:latest
Copy the codeOnce done, you can use Docker Images to view the image you just created:
[root@MyServer ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos/nginx-proxy-base latest 676fcfff6d3c About an hour ago 366 MB
Copy the codeAt this point, we have created a custom Docker base image (Ps: the base image is similar to a VM snapshot, so subsequent steps can be recreated from this basis).
Ps: What is shown here is the way to enter Docker through manual deployment. In fact, we can also complete all the above operations through DockerFile, which can greatly reduce the volume of Docker image.
3. Create a service image
Now that we have the base image above, we can add applications or custom configurations on top of it and package them as service images. Taking the background requirements of this article as an example, in order to facilitate subsequent maintenance, I use pure static compilation of Nginx and make it into a green portable version.
So let’s start with a statically compiled Nginx that meets our requirements on the host (only the key steps are shown, depending on the components themselves) :
Compile all dependencies statically
./configure --prefix=/usr/local/nginx \ --with-http_v2_module \ --with-http_ssl_module \ --with-http_gzip_static_module \ --with-http_realip_module \ --with-pcre=.. / pcre - 8.39 \ - with - zlib =. /zlib-1.2.11 \ --with-http_sub_module \ --with-openssl=.. / openssl - 1.0.2 j \ - add - the module =. / ngx_cache_purge - 2.3 \ - add - the module =. /ngx_http_substitutions_filter_module# installation
make && make install
Copy the codeAfter installing the /usr/local/nginx directory, we can modify the nginx configuration as required, such as the reverse proxy:
server {
listen 80;
server_name demo.domain.com;
access_log /data/wwwlogs/demo.domain.com.log;
index index.html index.htm index.php;
location / {
proxy_pass http://xxx.xxx.xxx.xxx;
proxy_set_header X-Forwarded-For $remote_addr; proxy_redirect off; proxy_set_header Host demo.domain.com; }}Copy the codeOnce everything is configured, run nginx to make sure it works.
4, write Dockerfile
Create a directory.
mkdir -p /data/docker-nginx-proxy
cd /data/docker-nginx-proxy
Copy the codeThe supervisor configuration file must be created in non-Daemon mode, so the supervisor configuration file must be configured with -n:
[supervisord]
nodaemon=true
[program:crond]
command=crond -n
[program:nginx]
command=/usr/local/nginx/sbin/nginx
Copy the codeSelect * from crontab.list; select * from crontab.list;
*/20 * * * * /usr/local/nginx/sbin/nginx -s reload > /dev/null 2>&1
Copy the codeCopy the nginx directory from the previous directory:
cp -rf /usr/local/nginx .
5, write Dockerfile:
vim Dockerfile
FROM centos/nginx-proxy-base:latest
MAINTAINER <[email protected]>
Copy the required files to the path specified by the image
ADD nginx /usr/local/nginx
ADD supervisord.conf /etc/supervisord.conf
# Define some commands (since Docker is hierarchical, it is recommended to write multiple commands into a RUN via && to reduce the number of Docker layers)
# Specify time zone to resolve Dcoker time and host time differences
RUN ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo Asia/Shanghai > /etc/timezone && \
ln -sf /usr/local/nginx/sbin/nginx /bin/ && \
echo 'daemon off; ' >> /usr/local/nginx/conf/nginx.conf && \
crontab /etc/crontab.list
Run Supervisor. Note that CMD can only be used once
CMD ["/usr/bin/supervisord"]
Copy the codeDockerfile common instructions, can be added according to actual needs:
ADD: copies files FROM SRC to the dest path of the container. RUN: RUN the CMD command in the container. EXPOSE: Specifies the port that the container needs to map to the host. You can also specify ENV when you run the container again. Specify a mount point that enables a directory in the container to persistently store dataCopy the code5. Build an image
Docker build -t=”[name]:[tag]”./
docker build -t=”centos/nginx-proxy:v1″ ./
After build, execute Docker images to see the image you just created:
[root@MyServer docker-nginx-proxy]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos/nginx-proxy v1 f2ed91429b31 31 seconds ago 370.8 MB
centos/nginx-proxy-base latest 676fcfff6d3c About an hour ago 366 MB
Copy the codeThen, you can run the following command to test whether the mirror works properly:
Docker run -v [host directory]:[Image directory] -ti -p [Host port]:[Image port] The image name: versionCopy the codeIf the -d parameter is added, docker will run after the session. Here, we want to check whether the image just created is normal, so we use the foreground mode, and the command is as follows:
docker run -v /data/docker:/data/wwwlogs -ti -p 80:80 centos/nginx-proxy:v1
Copy the codeExecution process:
[root@MyServer docker-nginx-proxy ~]# docker run -v /data/docker:/data/wwwlogs -ti -p 443:443 -p 80:80 ccr.ccs.tencentyun.com/myspace/nginx-proxy:latest / usr/lib/python2.7 / site - packages/supervisor/options. The py: 298: UserWarning: Supervisord is running as root and it is searchingfor its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
'Supervisord is running as root and it is searching '
2017-09-03 06:34:59,613 CRIT Supervisor running as root (no user inConfig file) 2017-09-03 06:34:59,615 INFO supervisord started with PID 1 2017-09-03 06:35:00,617 INFO spawned:'nginx'Spawned with PID 7 2017-09-03 06:35:00,622 INFO:'crond'With PID 8 2017-09-03 06:35:01,689 INFO Success: Nginx entered the RUNNING state, process has stayed upfor > than 1 seconds (startsecs)
2017-09-03 06:35:01,689 INFO success: crond entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Copy the codeAs you can see, the image works, and we can continue to test whether the Nginx started is working properly, which we won’t go into here.
Private warehouse
Docker registry can be used to create a private repository with the Nginx reverse proxy service. The steps are as follows:
1, pull private registry
docker pull registry
Copy the codeAt this point, executing Docker Images should see four images:
[root@MyServer docker-nginx-proxy]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE centos/nginx-proxy v1 f2ed91429b31 About an hour ago 370.8 MB Centos /nginx-proxy-base latest 676fcfff6D3c 2 hours ago 366 MB Docker. IO /centos latest 328edCD84f1b 4 weeks ago 3295MB Docker. IO/Registry latest 9d0c4eABAB4d 3 months ago 33.17 MBCopy the code2. Pull up the warehouse
docker run -d -p 5000:5000 -v /data/images:/tmp/registry docker.io/registry
Copy the code3. Push an image
The first step is to get the ID of the image you want to push, such as F2ED91429B31
Tag = tag = tag = tag = tag
Docker tag [image id] [repository address]/[namespace]/[image name]:[version]
② Then push, syntax is as follows:
Docker push [repository address]/[namespace]/[image name]
The execution process is as follows:
[root@MyServer docker-nginx-proxy]# docker tag f2ed91429b31 localhost:5000/centos/nginx-proxy:latest
[root@MyServer docker-nginx-proxy]# docker push localhost:5000/centos/nginx-proxy
The push refers to a repository [localhost:5000/centos/nginx-proxy]
158fae47d4e2: Pushed
4a5dcec3edb7: Pushed
ae9a40cbe568: Pushed
7abc8eb8fc0F: Pushed [=== =>] : Pushing [=== =>] : Pushing [======>] 26.78 MB/192.5 MBCopy the codeWhen done, execute Docker Images to see the image you just committed:
[root@MyServer docker-nginx-proxy]# docker imagesThe REPOSITORY TAG IMAGE ID CREATED the SIZE localhost: 5000 / centos/nginx - proxy latest f2ed91429b31 About an hour line 370.8 MB Centos /nginx-proxy v1 f2ed91429b31 About an hour ago 370.8 MB centos/nginx-proxy-base latest 676fcfff6d3c 2 hours ago IO/Registry latest 9d0c4eABAB4d 3 months ago 33.17 MBCopy the code③ test pull:
Docker pull tests can now be performed on the host (which can be removed from the pull first) or on another server.
For example, delete the image from the host first:
[root@MyServer docker-nginx-proxy]# docker rmi localhost:5000/centos/nginx-proxy
Untagged: localhost:5000/centos/nginx-proxy:latest
Untagged: localhost:5000/centos/nginx-proxy@sha256:20e7898413c368ee8dbfac0649fbfbb2d43510c3024d01e6ea3ec3f1a5d7c152
Copy the codeAt this point, the Docker images list is gone, and the Docker pull is back.
[root@MyServer docker-nginx-proxy]# docker pull localhost:5000/centos/nginx-proxy
Using default tag: latest
Trying to pull repository localhost:5000/centos/nginx-proxy ...
sha256:20e7898413c368ee8dbfac0649fbfbb2d43510c3024d01e6ea3ec3f1a5d7c152: Pulling from localhost:5000/centos/nginx-proxy
Digest: sha256:20e7898413c368ee8dbfac0649fbfbb2d43510c3024d01e6ea3ec3f1a5d7c152
Status: Downloaded newer image for localhost:5000/centos/nginx-proxy:latest
Copy the code4. Offline solution
When the private repository is unavailable (such as network limitations), we can also save the image as a tar for offline use, which is also very simple to use:
① Export/import schemes
Run the docker ps -a command to view the list of running Docker images and obtain the corresponding CONTAINER ID. Run the following statement to export the running image to the specified tar package:
docker export [CONTAINER ID] > centos-nginx-proxy-latest.tar
Copy the codeOnce you have the tar package, you can use import to import:
cat centos-nginx-proxy-latest.tar | docker import - centos/nginx-proxy:v1
Copy the code② Save/Load scheme
Use Docker images to view the list of existing local images and obtain the corresponding IMAGE ID. Then execute the following statement to save the existing local IMAGE to the specified tar package:
docker save [IMAGE ID] > centos-nginx-proxy-latest.tar
Copy the codeThe tar image can then be loaded using load:
docker load < centos-nginx-proxy-latest.tar
Copy the codeDifferences between the two schemes:• Export can export only running images, while save can directly export local images; • the image file exported by export is generally smaller than the image saved by save (the actual data in this document: 38MB difference); • Export export (import import) is the image obtained from the container. When importing the image again, all the history of the image will be lost, so it cannot be rolled back (docker tag)
Iv. Container services
In fact, the above private warehouse can meet the requirements of the whole experimental background, we can purchase other cloud hosts, we can quickly pull up a Nginx reverse proxy service through the private warehouse external network address.
However, we all know that domestic cloud hosts are small water pipes, and charging by flow mode is also more expensive. At this point, the protagonist of this article is late: Tencent cloud-container service.
To put it simply, Tencent cloud container service provides us with a Docker private warehouse in the cloud. We can push the image made to Tencent cloud private image warehouse, and then we can quickly pull up the customized Docker image service on Tencent cloud or other cloud hosts at home and abroad. It is very convenient! And, most importantly… The service is currently free.
The following is a simple way to share Tencent cloud container service.
1. Create a repository
① Open the mirror service
Open tencent cloud – container service: https://console.qcloud.com/ccs
Fill in the relevant information and set the warehouse password as prompted:
Create a mirror repository on my Create page:
Tencent cloud private warehouse address:
Namely: ccr.ccs.tencentyun.com/myspace/nginx-proxy
③ Reset the password
If you forget your password, you can use the reset password function to set a new password:
2. Upload the image
①, warehouse certification
Username Enter your Tencent cloud login account, usually QQ number
docker login --username=[username] ccr.ccs.tencentyun.com
Copy the code② Push the mirror
Select * from a local private repository where the image ID is displayed and the image ID is tagged as follows:
docker tag [ImageId] ccr.ccs.tencentyun.com/[namespace]/[ImageName]:[tag]
docker push ccr.ccs.tencentyun.com/[namespace]/[ImageName]:[tag]
Copy the codeSuch as:
docker tag f2ed91429b31 ccr.ccs.tencentyun.com/myspace/nginx-proxy:latest
docker push ccr.ccs.tencentyun.com/myspace/nginx-proxy:latest
Copy the codeAfter success, you can view the image version just submitted on the Tencent Cloud container page:
3. Pull the mirror
Finally, we can perform pull operations on cloud hosts where we need to deploy the Nginx anti-generation service.
For example, I pulled this image on Aliyun host:
解 决 docker: yum install docker
Start docker: systemctl restart docker
③ Log in to Tencent cloud warehouse
docker login --username=xxxxx http://ccr.ccs.tencentyun.com/myspace/nginx-proxy
Copy the code④ Pull the mirror image
docker pull ccr.ccs.tencentyun.com/myspace/nginx-proxy
[root@iZbp1ct9hsppxrazdvn54mZ ~]# docker pull ccr.ccs.tencentyun.com/myspace/nginx-proxyUsing default tag: latest Trying to pull repository ccr.ccs.tencentyun.com/myspace/nginx-proxy ... latest: Pulling from ccr.ccs.tencentyun.com/myspace/nginx-proxy 74f0853ba93b: Downloading [= = = = = = = = = = = = = = = = = = = = = = = = = = = >] 39.11 MB / 72.25 MB e7fa91cce4c4: Downloading [= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >] 37.65 MB / 57.14 MB c7319b8f7fbc: Download complete faf8180992b4: Download complete 79327b915b74: Download complete 702ede4e59c4: Download complete 77e09cc85e34: Download complete 8a265e81261a: Download completeCopy the code⑤ run the image
Here we are formally executing, so add the -d argument:
docker run -v /data/docker:/data/wwwlogs -dti -p 443:443 -p 80:80 ccr.ccs.tencentyun.com/myspace/nginx-proxy:latest
Copy the codeThe whole process takes less than 5 minutes, which is really convenient!
Five, the summary
In this paper, the record of an actual Dokcer scenarios from create, upload until deployment process in detail, Docker provides us a new way of the software release, as long as the dependence on application and related packaging into Docker mirror, mirror and uploaded to the warehouse, we can quickly pull up a custom service, is slow, This greatly simplifies deployment.
This paper also briefly introduces the container service of Tencent Cloud. Through container service, we can upload customized Docker images and quickly pull up application services on Tencent cloud host or other domestic network servers, which speeds up the pace of business deployment and reduces operation and maintenance costs.
Well, of course, the most important thing is that I got familiar with the basic knowledge and usage of Docker through this practice, so as to achieve my goal of Docker entry learning.
Docker best practices for remote Python API operation containers
Has been authorized by the author tencent cloud community released, reproduced please indicate the article source The original link: https://cloud.tencent.com/community/article/287910