docker_270-白红宇

docker_270

阅读量：7244 次

发布时间：2019-06-29

本文共 4650 字，大约阅读时间需要 15 分钟。

1.Managing Containers

-bash-4.2# docker search -s 1 fedora             ---above one-bash-4.2# docker pull rhel7-bash-4.2# docker load -i rhel-server-docker.tar.gz    ---load hard disk image-bash-4.2# docker images-bash-4.2# docker rmi fedora:rawhide-bash-4.2# docker inspect rhel7-bash-4.2# docker tag 10acc31def5d rhel7/latest:latest-kc4-bash-4.2# docker save rhel7/latest:latest-kc4 > /var/tmp/kc4.tar-bash-4.2# tar tvf /var/tmp/kcr.tar-bash-4.2# docker run -p 8080:80 -ti rhel7/latest:latest-kc4  /bin/bash-bash-4.2# exit-bash-4.2# docker ps -bash-4.2# docker kill c1b891b8f004

2.Building a Custom Image with Dockerfile

-bash-4.2# mkdir webserver-image-bash-4.2# cd webserver-image-bash-4.2# vi Dockerfile

# Specify the base image to use            FROM registry.access.redhat.com/rhel7            MAINTAINER  Your Name            #Get the necessary software to run a web server            RUN yum --disablerepo='*'  --enablerepo=rhel-7-server-rpms install -y httpd            RUN echo 'container.example.com' > /etc/hostname            #create custom content (a personal index.html.file)            RUN echo 'Custom web server for student 0' >> /var/www/html/index.html

-bash-4.2# docker build -t rhel_httpd1 . ---run dockerfile and create custom image

-bash-4.2# docker run -p 80:80 -ti rhel_httpd1:latest /usr/sbin/httpd -DFOREGROUND

-bash-4.2# curl

-bash-4.2# cd ..

-bash-4.2# cp -a webserver-image webhome-image

-bash-4.2# cd webhome-image

-bash-4.2# vi Dockerfile

-bash-4.2# grep HOME Dockerfile

RUN echo "$HOME is where the heart is" >> /var/www/html/index.html

-bash-4.2# docker build -t rhel_httpd2 .

-bash-4.2# docker run -p 80:80 -ti rhel_httpd2:latest /usr/sbin/httpd -DFOREGROUND

-bash-4.2# curl

3.Deploying a Private Container Image Registry

ssh root@workstation.pod0.example.com

[root@workstation~]# yum install -y docker-registry

Use openssl to generate a private key

[root@workstation~]# openssl genrsa -out /etc/pki/tls/private/self.key 1024

Use the newly created private key to generate a self-signed certificate.

[root@workstation~]# openssl req -new -key /etc/pki/tls/private/self.key -x509 -out /etc/pki/tls/certs/self.crt

Country Name[XX]: USState or Province Name (full name)[]: North CarolinaLocality Name [Default City]: RaleighOrganization Name[Default Company Ltd]: ExampleOrganizational Unit Name(eg,section)[]:TrainingCommon Name[]:workstation.pod0.example.comEmail  Address[]: root@workstation.pod0.example.com

Configure the docker-registry service to use the newly create self-signed certificate

[root@workstation~]# cp /usr/lib/systemd/system/docker-registry.service /etc/systemd/system/
[root@workstation~]# vi /etc/systemd/system/docker-registry.service
```
ExecStart=/usr/bin/gunicorn --certfile /etc/pki/tls/certs/self.crt --keyfile /etc/pki/tls/private/self.key --access-logfile - --debug ...........
```
[root@workstation~]# systemctl enable docker-registry.service
[root@workstation~]# systemctl start docker-registry.service
[root@workstation~]# systemctl status docker-registry.service
[root@workstation~]# firewall-cmd --zone=public --add-port=5000/tcp
[root@workstation~]# firewall-cmd --zone=public --add-port=5000/tcp --permanent
-bash-4.2# hostname
servera.pod0.example.com
-bash-4.2# docker tag rhel7/latest:latest-kc4 workstation.pod0.example.com:5000/rhel_httpd1
-bash-4.2# docker push workstation.pod0.example.com:5000/rhel_httpd1
-bash-4.2# mkdir /etc/docker/certs.d/workstation.pod0.example.com:5000
-bash-4.2# scp student@workstation.pod0.example.com:/etc/pki/tls/certs/self.crt /etc/docker/certs.d/workstation.pod0.example.com\:5000/ca.crt
-bash-4.2# docker push workstation.pod0.example.com:5000/rhel_httpd1