spring2-cloud-Docker实用篇

Docker实用篇

Docker是一个快速交付应用、运行应用的技术，具备下列优势：

可以将程序及其依赖、运行环境包括系统函数库，一起打包为一个镜像，仅依赖系统的Linux内核，可以迁移到任意Linux操作系统
运行时利用沙箱机制形成隔离容器，各个应用互不干扰
启动、移除都可以通过一行命令完成，方便快捷

安装Docker

[root@test ~]# yum remove docker docker-client docker-client-latest docker-common 
docker-latest  docker-latest-logrotate  docker-logrotate  docker-selinux 
docker-engine-selinux  docker-engine   docker-ce
[root@test ~]# yum install -y yum-utils  device-mapper-persistent-data lvm2 --skip-broken
[root@test ~]# yum-config-manager     --add-repo     
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@test ~]# systemctl stop firewalld

[root@test ~]# yum install -y docker-ce
[root@test ~]# systemctl start docker
[root@test ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2022-03-30 12:58:46 CST; 4s ago
[root@test ~]# docker -v
Docker version 20.10.14, build a224086

docker官方镜像仓库网速较差，我们需要设置国内镜像服务：

参考阿里云的镜像加速文档：https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://n0dwemtq.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

Docker的基本操作

[root@docker ~]# docker --help
Options:
      --config string      Location of client config files (default "/root/.docker")
  -c, --context string     Name of the context to use to connect to the daemon (overrides
                           DOCKER_HOST env var and default context set with "docker 
  -D, --debug              Enable debug mode
  -H, --host list          Daemon socket(s) to connect to
  -v, --version            Print version information and quit
  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")
  ...
anagement Commands:
  app*        Docker App (Docker Inc., v0.9.1-beta3)
  builder     Manage builds
  buildx*     Docker Buildx (Docker Inc., v0.8.1-docker)
  config      Manage Docker configs
  container   Manage containers
  context     Manage contexts
  image       Manage images
   ...
Commands:
  attach      Attach local standard input, output, and error streams to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image

[root@docker ~]# docker cp --help
Usage:  docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
        docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
...

[root@docker ~]# docker save --help
Usage:  docker save [OPTIONS] IMAGE [IMAGE...]
Save one or more images to a tar archive (streamed to STDOUT by default)

Options:
  -o, --output string   Write to a file, instead of STDOUT
[root@docker ~]# docker save -o nginx.tar nginx:latest

[root@docker ~]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 20.10.14
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1160.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.777GiB
 Name: docker
 ID: XXUH:PGD5:VPGA:UGCJ:J5R4:NYWZ:GZUW:WGMM:NDUS:FJDT:D7DS:NEBJ
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://6gy*oqgq.mirror.aliyuncs.com/
 Live Restore Enabled: false

常用的命令

docker images						查看本机镜像
docker search 镜像名称			从官方仓库查找镜像
docker pull 镜像名称:标签			下载镜像
docker push 镜像名称:标签		上传镜像
docker save 镜像名称:标签 -o 备份镜像名称.tar			备份(导出)镜像为tar包
docker load -i 备份镜像名称					导入备份的镜像文件
docker rmi 镜像名称:标签				删除镜像（必须先删除该镜像启动的所有容器）
docker history 镜像名称:标签					查看镜像的制作历史
docker inspect 镜像名称:标签					查看镜像的详细信息

docker run --name containerName -p 80:80 -d nginx
docker ps  -aq	 				查看容器	-a 所有容器，包含未启动的，-q 只显示id
docker rm 容器ID 	-f 			删除容器，强制删除，支持命令重入
docker rm -f  ${docker ps -aq}		删除所有的容器
docker start|stop|restart 容器id				启动、停止、重启容器
docker cp 本机文件路径 容器id:容器内路径			把本机文件拷贝到容器内（上传）
docker cp 容器id:容器内路径 本机文件路径			把容器内文件拷贝到本机（下载）
docker inspect 容器ID			查看容器的详细信息
docker exec -it 容器id 启动命令			进入容器新的进程，退出后容器不会关闭
docker logs 容器ID

数据卷（容器数据管理）

数据卷操作的基本语法如下：

[root@docker ~]# docker volume --help
Usage:  docker volume COMMAND
Commands:
  create      Create a volume
  inspect     Display detailed information on one or more volumes
  ls          List volumes
  prune       Remove all unused local volumes
  rm          Remove one or more volumes

① 创建数据卷

[root@docker ~]# docker volume create test-vo
[root@docker ~]# docker volume ls
DRIVER    VOLUME NAME
local     test-vo

[root@docker ~]# docker volume inspect test-vo
[
    {
        "CreatedAt": "2022-03-31T12:00:25+08:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/test-vo/_data",
        "Name": "test-vo",
        "Options": {},
        "Scope": "local"
    }
]

挂载数据卷到容器内的HTML目录

docker run --name nginx -v test-vo:/usr/share/nginx/html -p 80:80 -d nginx
#如果volmue： test-vo不存在，则自动创建

去DockerHub查阅资料，创建并运行MySQL容器

docker run --name myslq-test -e MYSQL_PASSWOED=123 -p3306:3306    
-v /tmp/mysql/conf/my1.cnf:/etc/mysql/conf.d/my1.cnf       
-v /tmp/myslq/data:/var/lib/mysql  -d myslq:5.7.25

Dockerfile语法

镜像是将应用程序及其需要的系统函数库、环境、配置、依赖、启动脚本打包在一起形成的文件。

1）Dockerfile语法

FROM		基础镜像
RUN		制作镜像时执行的命令，可以有多个
ADD		复制文件到镜像，自动解压
COPY		复制文件到镜像，不解压
EXPOSE	声明开放的端口
ENV		设置容器启动后的环境变量
WORKDIR	定义容器默认工作目录（指定目录等于cd，会自动创建)
CMD		容器启动时执行的命令，仅可以有一条CMD
ENTERPOINT   器启动时执行的命令,会覆盖CMD

2）使用Dockerfile创建镜像制作镜像

docker build -t image:tag   Dockerfile所在目录

需求：基于Ubuntu镜像构建一个新镜像，运行一个java项目

# 指定基础镜像
FROM ubuntu:16.04
# 配置环境变量，JDK的安装目录
ENV JAVA_DIR=/usr/local

# 拷贝jdk和java项目的包
COPY ./jdk8.tar.gz $JAVA_DIR/
COPY ./docker-demo.jar /tmp/app.jar

# 安装JDK
RUN cd $JAVA_DIR 
 && tar -xf ./jdk8.tar.gz 
 && mv ./jdk1.8.0_144 ./java8

# 配置环境变量
ENV JAVA_HOME=$JAVA_DIR/java8
ENV PATH=$PATH:$JAVA_HOME/bin

# 暴露端口
EXPOSE 8090
# 入口，java项目的启动命令
ENTRYPOINT java -jar /tmp/app.jar

DockerCompose

Docker Compose可以基于Compose文件帮我们快速的部署分布式应用，实现容器编排。
Compose文件是一个文本文件，通过指令定义集群中的每个容器如何运行。
DockerCompose的详细语法参考官网：https://docs.docker.com/compose/compose-file/
格式如下：

version: "3.8"
services:
//运行mysql设置了环境变量，挂载了目录
  mysql:
    image: mysql:5.7.25
    environment:
     MYSQL_ROOT_PASSWORD: 123 
    volumes:
     - "/tmp/mysql/data:/var/lib/mysql"
     - "/tmp/mysql/conf/hmy.cnf:/etc/mysql/conf.d/hmy.cnf"
//等于构建镜像后docker run --name web -p 8090:8090 -d  build的镜像
  web:
    build: .
    ports:
     - "8090:8090"

安装DockerCompose

Linux下需要通过命令下载：

[root@docker ~]# curl -L https://github.com/docker/compose/releases/download/1.23.1/docker-compose-`uname -s`-`uname -m`  
> /usr/local/bin/docker-compose
[root@docker ~]# chmod +x /usr/local/bin/docker-compose
[root@docker ~]# echo "199.232.68.133 raw.githubusercontent.com" >> /etc/hosts
[root@docker ~]# curl -L https://raw.githubusercontent.com/docker/compose/1.29.1/contrib/completion/bash/docker-compose  
> /etc/bash_completion.d/docker-compose

[root@docker ~]# docker-compose -v
docker-compose version 1.29.1, build c34c88b2
[root@docker ~]# docker-compose --help
Define and run multi-container applications with Docker.

Usage:
  docker-compose [-f ...] [--profile ...] [options] [--] [COMMAND] [ARGS...]
  docker-compose -h|--help

Options:
  -f, --file FILE             Specify an alternate compose file
                              (default: docker-compose.yml)
  -p, --project-name NAME     Specify an alternate project name
                              (default: directory name)
  --profile NAME              Specify a profile to enable
  -c, --context NAME          Specify a context name
  --verbose                   Show more output
  --log-level LEVEL           Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
  --ansi (never|always|auto)  Control when to print ANSI control characters
  --no-ansi                   Do not print ANSI control characters (DEPRECATED)
  -v, --version               Print version and exit
  -H, --host HOST             Daemon socket to connect to

  --tls                       Use TLS; implied by --tlsverify
  --tlscacert CA_PATH         Trust certs signed only by this CA
  --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
  --tlskey TLS_KEY_PATH       Path to TLS key file
  --tlsverify                 Use TLS and verify the remote
  --skip-hostname-check       Don't check the daemon's hostname against the
                              name specified in the client certificate
  --project-directory PATH    Specify an alternate working directory
                              (default: the path of the Compose file)
  --compatibility             If set, Compose will attempt to convert keys
                              in v3 files to their non-Swarm equivalent (DEPRECATED)
  --env-file PATH             Specify an alternate environment file

Commands:
  build              Build or rebuild services
  config             Validate and view the Compose file
  create             Create services
  down               Stop and remove resources
  events             Receive real time events from containers
  exec               Execute a command in a running container
  help               Get help on a command
  images             List images
  kill               Kill containers
  logs               View output from containers
  pause              Pause services
  port               Print the public port for a port binding
  ps                 List containers
  pull               Pull service images
  push               Push service images
  restart            Restart services
  rm                 Remove stopped containers
  run                Run a one-off command
  scale              Set number of containers for a service
  start              Start services
  stop               Stop services
  top                Display the running processes
  unpause            Unpause services
  up                 Create and start containers
  version            Show version information and quit

部署微服务集群

需求：将cloud-demo微服务集群利用DockerCompose部署

[root@docker cloud-demo]# ls
docker-compose.yml  gateway  mysql  order-service  user-service
[root@docker cloud-demo]# tree gateway/
gateway/
├── app.jar
└── Dockerfile
order-service/
├── app.jar
└── Dockerfile
user-service/
├── app.jar
└── Dockerfile
[root@docker cloud-demo]# ls mysql/data/
cloud_user   cloud_order

[root@docker cloud-demo]# cat /user-service/Dockerfile
FROM java:8-alpine
COPY ./app.jar /tmp/app.jar
ENTRYPOINT java -jar /tmp/app.jar

[root@docker cloud-demo]# cat docker-compose.yml
version: "3.2"

services:
  nacos:
    image: nacos/nacos-server
    environment:
      MODE: standalone
    ports:
      - "8848:8848"
  mysql:
    image: mysql:5.7.25
    environment:
      MYSQL_ROOT_PASSWORD: 123
    volumes:
      - "$PWD/mysql/data:/var/lib/mysql"
      - "$PWD/mysql/conf:/etc/mysql/conf.d/"
  userservice:
    build: ./user-service
  orderservice:
    build: ./order-service
  gateway:
    build: ./gateway
    ports:
      - "10010:10010"

可以看到，其中包含5个service服务：

nacos：作为注册中心和配置中心
- image: nacos/nacos-server：基于nacos/nacos-server镜像构建
- environment：环境变量
  - MODE: standalone：单点模式启动
- ports：端口映射，这里暴露了8848端口
mysql：数据库
- image: mysql:5.7.25：镜像版本是mysql:5.7.25
- environment：环境变量
  - MYSQL_ROOT_PASSWORD: 123：设置数据库root账户的密码为123
- volumes：数据卷挂载，这里挂载了mysql的data、conf目录，其中有我提前准备好的数据
userservice、orderservice、gateway：都是基于Dockerfile临时构建的

修改微服务配置

因为微服务将来要部署为docker容器，而容器之间互联不是通过IP地址，而是通过容器名。这里我们将order-service、user-service、gateway服务的mysql、nacos地址都修改为基于容器名的访问。

spring:
  datasource:
    url: jdbc:mysql://mysql:3306/cloud_order?useSSL=false
    username: root
    password: 123
    driver-class-name: com.mysql.jdbc.Driver
  application:
    name: orderservice
  cloud:
    nacos:
      server-addr: nacos:8848 # nacos服务地址

微服务的打包

Dockerfile中的jar包名称都是app.jar，因此我们的每个微服务都需要用这个名称。

可以通过修改pom.xml中的打包名称来实现，每个微服务都需要修改：


  
  app
  
    
      org.springframework.boot
      spring-boot-maven-plugin

进入cloud-demo目录，然后运行下面的命令：

docker-compose up -d

搭建私有镜像仓库

搭建镜像仓库可以基于Docker官方提供的DockerRegistry来实现

简单版

docker run -d     --restart=always     --name registry	    -p 5000:5000 
    -v registry-data:/var/lib/registry     registry

带有图形化界面版本

使用DockerCompose部署带有图象界面的DockerRegistry

[root@docker ~]# mv registry.yaml compose.yml
version: '3.0'
services:
  registry:
    image: registry
    volumes:
      - ./registry-data:/var/lib/registry
  ui:
    image: joxit/docker-registry-ui:static
    ports:
      - 8080:80
    environment:
      - REGISTRY_TITLE=私有仓库
      - REGISTRY_URL=http://registry:5000
    depends_on:
      - registry

私服采用的是http协议，默认不被Docker信任，所以需要做一个配置：

[root@docker cloud-demo]# vi /etc/docker/daemon.json
   "insecure-registries":["http://192.168.1.17:8080"],
[root@docker cloud-demo]# systemctl daemon-reload
[root@docker cloud-demo]# systemctl restart docker

[root@docker ~]# docker-compose up -d
Creating root_registry_1 ... done
Creating root_ui_1       ... done

浏览器访问192.168.1.17:8080/，可以看到仓库信息

推送、拉取镜像

重新tag本地镜像，名称前缀为私有仓库的地址：192.168.150.101:8080/

[root@docker ~]# docker tag nginx:latest 192.168.1.17:8080/nginx:1.0 
[root@docker ~]# docker push 192.168.1.17:8080/nginx:1.0
[root@docker ~]# docker pull 192.168.1.17:8080/nginx:1.0

浏览器访问192.168.1.17:8080/ 可以看到镜像信息，大小，历史

部署企业私有镜像仓库Habor

1）开启路由转发

[root@harbor ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@harbor ~]# sysctl -p
[root@harbor ~]# yum -y install docker-ce
[root@harbor ~]# systemctl start docker
[root@harbor ~]# systemctl enable docker

2）部署harbor

[root@harbor ~]# mv /root/docker-compose /usr/local/bin/
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose 
[root@harbor ~]# tar -xf harbor-offline-installer-v1.2.0.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor
[rootharbor harbor]# ls
common docker-compose.notary.yml harbor_1_1_0_template harbor.v1.2.0.tar.gz 
LICENSE prepare  docker-compose.clair.yml docker-compose.yml harbor.cfg 
install.sh NOTICE upgrade

3）修改配置文件

#访问harbor管理界面的地址，改为本机的IP地址
[root@harbor harbor]# sed -i '/^hostname/s/reg.mydomain.com/192.168.1.17/' harbor.cfg 
[root@harbor harbor]# sed -i '121 s/80:80/8099:80/' docker-compose.yml
#默认是访问80端口，但因为80端口与Nginx集群冲突，故改变访问端口为8099
[root@harbor harbor]#sed -i '24 s/$ui_url/$ui_url:8099/' common/templates/registry/config.yml
[root@harbor harbor]# ./install.sh 
.......
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.1.17. 
For more details, please visit https://github.com/vmware/harbor .
[root@harbor harbor]# netstat -antpu | grep 8099
tcp6 0 0 :::8099 :::* LISTEN 3028/docker-proxy

浏览器访问92.168.1.17:8099 用户名：admin 密码：Harbor12345

[root@docker harbor]# egrep -v "^#|^$" harbor.cfg
hostname = 192.168.1.17
ui_url_protocol = http
db_password = root123
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
clair_db_password = password
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin 
email_ssl = false
harbor_admin_password = Harbor12345
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
verify_remote_cert = on

[root@docker harbor]# cat docker-compose.yml
version: '2'
services:
  log:
    image: vmware/harbor-log:v1.2.0
    container_name: harbor-log
    restart: always
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
    ports:
      - 127.0.0.1:1514:514
    networks:
      - harbor
  registry:
    image: vmware/registry:2.6.2-photon
    container_name: registry
    restart: always
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
    networks:
      - harbor
    environment:
      - GODEBUG=netdns=cgo
    command:
      ["serve", "/etc/registry/config.yml"]
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
  mysql:
    image: vmware/harbor-db:v1.2.0
    container_name: harbor-db
    restart: always
    volumes:
      - /data/database:/var/lib/mysql:z
    networks:
      - harbor
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "mysql"
  adminserver:
    image: vmware/harbor-adminserver:v1.2.0
    container_name: harbor-adminserver
    env_file:
      - ./common/config/adminserver/env
    restart: always
    volumes:
      - /data/config/:/etc/adminserver/config/:z
      - /data/secretkey:/etc/adminserver/key:z
      - /data/:/data/:z
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "adminserver"
  ui:
    image: vmware/harbor-ui:v1.2.0
    container_name: harbor-ui
    env_file:
      - ./common/config/ui/env
    restart: always
    volumes:
      - ./common/config/ui/app.conf:/etc/ui/app.conf:z
      - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
      - /data/secretkey:/etc/ui/key:z
      - /data/ca_download/:/etc/ui/ca/:z
      - /data/psc/:/etc/ui/token/:z
    networks:
      - harbor
    depends_on:
      - log
      - adminserver
      - registry
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "ui"
  jobservice:
    image: vmware/harbor-jobservice:v1.2.0
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    volumes:
      - /data/job_logs:/var/log/jobs:z
      - ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
      - /data/secretkey:/etc/jobservice/key:z
    networks:
      - harbor
    depends_on:
      - ui
      - adminserver
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "jobservice"
  proxy:
    image: vmware/nginx-photon:1.11.13
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    ports:
      - 8099:80
      - 443:443
      - 4443:4443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"
networks:
  harbor:
    external: false

[root@docker harbor]# cat common/templates/registry/config.yml
version: 0.1
log:
  level: debug
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /storage
    maintenance:
        uploadpurging:
            enabled: false
    delete:
        enabled: true
http:
    addr: :5000
    secret: placeholder
    debug:
        addr: localhost:5001
auth:
  token:
    issuer: harbor-token-issuer
    realm: $ui_url:8099/service/token
    rootcertbundle: /etc/registry/root.crt
    service: harbor-registry

notifications:
  endpoints:
      - name: harbor
        disabled: false
        url: http://ui/service/notifications
        timeout: 3000ms
        threshold: 5
        backoff: 1s

[root@docker harbor]# cat install.sh
#!/bin/bash

#docker version: 1.11.2
#docker-compose version: 1.7.1
#Harbor version: 0.4.0

set +e
set -o noglob

#
# Set Colors
#

bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)

red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)

#
# Headers and Logging
#

underline() { printf "${underline}${bold}%s${reset}n" "$@"
}
h1() { printf "n${underline}${bold}${blue}%s${reset}n" "$@"
}
h2() { printf "n${underline}${bold}${white}%s${reset}n" "$@"
}
debug() { printf "${white}%s${reset}n" "$@"
}
info() { printf "${white}➜ %s${reset}n" "$@"
}
success() { printf "${green}✔ %s${reset}n" "$@"
}
error() { printf "${red}✖ %s${reset}n" "$@"
}
warn() { printf "${tan}➜ %s${reset}n" "$@"
}
bold() { printf "${bold}%s${reset}n" "$@"
}
note() { printf "n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}n" "$@"
}

set -e
set +o noglob

usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor'
item=0

# notary is not enabled by default
with_notary=$false
# clair is not enabled by default
with_clair=$false

while [ $# -gt 0 ]; do
        case $1 in
            --help)
            note "$usage"
            exit 0;;
            --with-notary)
            with_notary=true;;
            --with-clair)
            with_clair=true;;
            *)
            note "$usage"
            exit 1;;
        esac
        shift || true
done

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir

# The hostname in harbor.cfg has not been modified
if grep 'hostname = reg.mydomain.com' &> /dev/null harbor.cfg
then
        warn "$usage"
        exit 1
fi

function check_docker {
        if ! docker --version &> /dev/null
        then
                error "Need to install docker(1.10.0+) first and run this script again."
                exit 1
        fi

        # docker has been installed and check its version
        if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
        then
                docker_version=${BASH_REMATCH[1]}
                docker_version_part1=${BASH_REMATCH[2]}
                docker_version_part2=${BASH_REMATCH[3]}

                # the version of docker does not meet the requirement
                if [ "$docker_version_part1" -lt 1 ] || ([ "$docker_version_part1" -eq 1 ] && [ "$docker_version_part2" -lt 10 ])
                then
                        error "Need to upgrade docker package to 1.10.0+."
                        exit 1
                else
                        note "docker version: $docker_version"
                fi
        else
                error "Failed to parse docker version."
                exit 1
        fi
}

function check_dockercompose {
        if ! docker-compose --version &> /dev/null
        then
                error "Need to install docker-compose(1.7.1+) by yourself first and run this script again."
                exit 1
        fi

        # docker-compose has been installed, check its version
        if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
        then
                docker_compose_version=${BASH_REMATCH[1]}
                docker_compose_version_part1=${BASH_REMATCH[2]}
                docker_compose_version_part2=${BASH_REMATCH[3]}

                # the version of docker-compose does not meet the requirement
                if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 6 ])
                then
                        error "Need to upgrade docker-compose package to 1.7.1+."
                        exit 1
                else
                        note "docker-compose version: $docker_compose_version"
                fi
        else
                error "Failed to parse docker-compose version."
                exit 1
        fi
}

h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose

if [ -f harbor*.tar.gz ]
then
        h2 "[Step $item]: loading Harbor images ..."; let item+=1
        docker load -i ./harbor*.tar.gz
fi
echo ""

h2 "[Step $item]: preparing environment ...";  let item+=1
if [ -n "$host" ]
then
        sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
fi
prepare_para=
if [ $with_notary ]
then
        prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
        prepare_para="${prepare_para} --with-clair"
fi
./prepare $prepare_para
echo ""

h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=1
docker_compose_list='-f docker-compose.yml'
if [ $with_notary ]
then
        docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
fi
if [ $with_clair ]
then
        docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
fi

if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]
then
        note "stopping existing Harbor instance ..."
        docker-compose $docker_compose_list down -v
fi
echo ""

h2 "[Step $item]: starting Harbor ..."
docker-compose $docker_compose_list up -d

protocol=http
hostname=reg.mydomain.com

if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]
then
protocol=${BASH_REMATCH[1]}
fi

if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}.
For more details, please visit https://github.com/vmware/harbor .
"

spring2-cloud-Docker实用篇

Linux相关栏目本月热门文章