{"id":626,"date":"2014-11-28T03:18:38","date_gmt":"2014-11-28T03:18:38","guid":{"rendered":"http:\/\/www.selinuxplus.com\/?p=626"},"modified":"2014-11-28T03:18:38","modified_gmt":"2014-11-28T03:18:38","slug":"hidocker-in-el7","status":"publish","type":"post","link":"http:\/\/www.selinuxplus.com\/?p=626","title":{"rendered":"hi,docker (in el7)"},"content":{"rendered":"<h1>00\u642d\u5efadocker \u4ed3\u5e93-\u914d\u7f6edocker-registry<\/h1>\n<pre class=\"lang:default decode:true\">[root@selinuxplus02 os]# mkdir docker\r\n[root@selinuxplus02 os]# cd docker\/\r\n[root@selinuxplus02 docker]# ls\r\n[root@selinuxplus02 docker]# git clone https:\/\/github.com\/dotcloud\/docker-registry.git\r\nInitialized empty Git repository in \/var\/www\/html\/os\/docker\/docker-registry\/.git\/\r\nremote: Counting objects: 5196, done.\r\nremote: Compressing objects: 100% (23\/23), done.\r\nremote: Total 5196 (delta 6), reused 0 (delta 0)\r\nReceiving objects: 100% (5196\/5196), 1.13 MiB | 496 KiB\/s, done.\r\nResolving deltas: 100% (3175\/3175), done.\r\n[root@selinuxplus02 docker]# ls\r\ndocker-registry\r\n[root@selinuxplus02 docker]# cd docker-registry\/\r\n[root@selinuxplus02 docker-registry]# ls\r\nADVANCED.md   CONTRIBUTING.md  LICENSE       setup.cfg\r\nAUTHORS       depends          MANIFEST.in   setup.py\r\nCHANGELOG.md  Dockerfile       README.md     tests\r\nconfig        docker_registry  requirements  tox.ini\r\ncontrib       FAQ.md           scripts\r\n[root@selinuxplus02 docker-registry]# find .\/ -name *.yml\r\n.\/.travis.yml\r\n.\/depends\/docker-registry-core\/.travis.yml\r\n.\/config\/config_mirror.yml\r\n.\/config\/config_sample.yml\r\n[root@selinuxplus02 docker-registry]# cd config\/\r\n[root@selinuxplus02 config]# ls\r\nboto.cfg  config_mirror.yml  config_sample.yml\r\n[root@selinuxplus02 config]# cp config_sample.yml  config.yml\r\n\r\n[root@selinuxplus02 docker-registry]# pip install .\r\nUnpacking \/var\/www\/html\/os\/docker\/docker-registry\r\n  Running setup.py egg_info for package from file:\/\/\/var\/www\/html\/os\/docker\/docker-registry\r\nDownloading\/unpacking docker-registry-core&gt;=2,&lt;3 (from docker-registry==0.9.0)<\/pre>\n<h1>01 \u914d\u7f6eapache\uff0c\u542f\u52a8\u670d\u52a1<\/h1>\n<pre class=\"lang:default decode:true\">[root@selinuxplus02 conf.d]# cat docker.conf \r\n&lt;VirtualHost *:8080&gt;\r\n      ServerAdmin test@example.com\r\n        ServerName registry.selinuxplus.com\r\n        #SSLEngine on\r\n        #SSLCertificateFile \/etc\/apache2\/ssl\/registry.example.com.crt\r\n        #SSLCertificateKeyFile \/etc\/apache2\/ssl\/registry.example.com.key\r\n\r\n        #Header set Host \"registry.selinuxplus.com\"\r\n        #RequestHeader set X-Forwarded-Proto \"https\"\r\n\r\n        ProxyRequests     off\r\n        ProxyPreserveHost on\r\n        ProxyPass         \/ http:\/\/127.0.0.1:5000\/\r\n        ProxyPassReverse  \/ http:\/\/127.0.0.1:5000\/\r\n\r\n        ErrorLog \/etc\/httpd\/logs\/registry-error.log\r\n        LogLevel warn\r\n        CustomLog \/etc\/httpd\/logs\/registry-access.log combined\r\n        &lt;Proxy *&gt;\r\n                Order deny,allow\r\n                Allow from all\r\n        &lt;\/Proxy&gt;\r\n\r\n         &lt;Location \/&gt;\r\n                Order deny,allow\r\n                Allow from all\r\n        &lt;\/Location&gt;\r\n\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>\u542f\u52a8<\/p>\n<pre class=\"lang:default decode:true\">\/usr\/bin\/gunicorn --debug -k gevent -b 0.0.0.0:5000 -w 8 docker_registry.wsgi:application\r\n\r\nhttp:\/\/192.168.9.167:8080\/\r\n\"\\\"docker-registry server\\\"\"<\/pre>\n<h1>02 \u751f\u6210\u6bcd\u7248\u7cfb\u7edf<br \/>\n\u4f7f\u7528mkimage-yum\u6587\u4ef6<\/h1>\n<pre class=\"lang:default decode:true\">#!\/usr\/bin\/env bash\r\n#\r\n# Create a base CentOS Docker image.\r\n#\r\n# This script is useful on systems with yum installed (e.g., building\r\n# a CentOS image on CentOS).  See contrib\/mkimage-rinse.sh for a way\r\n# to build CentOS images on other systems.\r\n\r\nusage() {\r\n    cat &lt;&lt;EOOPTS\r\n$(basename $0) [OPTIONS] &lt;name&gt;\r\nOPTIONS:\r\n  -y &lt;yumconf&gt;  The path to the yum config to install packages from. The\r\n                default is \/etc\/yum.conf.\r\nEOOPTS\r\n    exit 1\r\n}\r\n\r\n# option defaults\r\nyum_config=\/etc\/yum.conf\r\nwhile getopts \":y:h\" opt; do\r\n    case $opt in\r\n        y)\r\n            yum_config=$OPTARG\r\n            ;;\r\n        h)\r\n            usage\r\n            ;;\r\n        \\?)\r\n            echo \"Invalid option: -$OPTARG\"\r\n            usage\r\n            ;;\r\n    esac\r\ndone\r\nshift $((OPTIND - 1))\r\nname=$1\r\n\r\nif [[ -z $name ]]; then\r\n    usage\r\nfi\r\n\r\n#--------------------\r\n\r\ntarget=$(mktemp -d --tmpdir $(basename $0).XXXXXX)\r\n\r\nset -x\r\n\r\nmkdir -m 755 \"$target\"\/dev\r\nmknod -m 600 \"$target\"\/dev\/console c 5 1\r\nmknod -m 600 \"$target\"\/dev\/initctl p\r\nmknod -m 666 \"$target\"\/dev\/full c 1 7\r\nmknod -m 666 \"$target\"\/dev\/null c 1 3\r\nmknod -m 666 \"$target\"\/dev\/ptmx c 5 2\r\nmknod -m 666 \"$target\"\/dev\/random c 1 8\r\nmknod -m 666 \"$target\"\/dev\/tty c 5 0\r\nmknod -m 666 \"$target\"\/dev\/tty0 c 4 0\r\nmknod -m 666 \"$target\"\/dev\/urandom c 1 9\r\nmknod -m 666 \"$target\"\/dev\/zero c 1 5\r\n\r\nyum -c \"$yum_config\" --installroot=\"$target\" --releasever=\/ --setopt=tsflags=nodocs \\\r\n    --setopt=group_package_types=mandatory -y groupinstall Core\r\nyum -c \"$yum_config\" --installroot=\"$target\" -y clean all\r\n\r\ncat &gt; \"$target\"\/etc\/sysconfig\/network &lt;&lt;EOF\r\nNETWORKING=yes\r\nHOSTNAME=localhost.localdomain\r\nEOF\r\n\r\n# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb\r\n# --keep-services \"$target\".  Stolen from mkimage-rinse.sh\r\n#  locales\r\nrm -rf \"$target\"\/usr\/{{lib,share}\/locale,{lib,lib64}\/gconv,bin\/localedef,sbin\/build-locale-archive}\r\n#  docs\r\nrm -rf \"$target\"\/usr\/share\/{man,doc,info,gnome\/help}\r\n#  cracklib\r\nrm -rf \"$target\"\/usr\/share\/cracklib\r\n#  i18n\r\nrm -rf \"$target\"\/usr\/share\/i18n\r\n#  sln\r\nrm -rf \"$target\"\/sbin\/sln\r\n#  ldconfig\r\nrm -rf \"$target\"\/etc\/ld.so.cache\r\nrm -rf \"$target\"\/var\/cache\/ldconfig\/*\r\n\r\nversion=\r\nif [ -r \"$target\"\/etc\/redhat-release ]; then\r\n    version=\"$(sed 's\/^[^0-9\\]*\\([0-9.]\\+\\).*$\/\\1\/' \"$target\"\/etc\/redhat-release)\"\r\nfi\r\n\r\nif [ -z \"$version\" ]; then\r\n    echo &gt;&amp;2 \"warning: cannot autodetect OS version, using '$name' as tag\"\r\n    version=$name\r\nfi\r\n\r\ntar --numeric-owner -c -C \"$target\" . | docker import - $name:$version\r\ndocker run -i -t $name:$version echo success\r\n\r\nrm -rf \"$target\"<\/pre>\n<h1>03 push\u5230\u670d\u52a1\u5668<\/h1>\n<pre class=\"lang:default decode:true\">[docker@localhost ~]$ docker images\r\nREPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE\r\nqfong                7                   ea62dfcc4278        8 minutes ago       277.6 MB\r\n[docker@localhost ~]$  docker tag ea62dfcc4278  192.168.9.167:8080\/plus\/qfong\r\n[docker@localhost ~]$  docker push 192.168.9.167:8080\/plus\/qfong\r\nThe push refers to a repository [192.168.9.167:8080\/plus\/qfong] (len: 1)\r\nSending image list\r\nPushing repository 192.168.9.167:8080\/plus\/qfong (1 tags)\r\nea62dfcc4278: Image successfully pushed \r\nPushing tag for rev [ea62dfcc4278] on {http:\/\/192.168.9.167:8080\/v1\/repositories\/plus\/qfong\/tags\/latest}\r\n\r\nhttp:\/\/192.168.9.167:8080\/v1\/search\r\n{\"num_results\": 1, \"query\": \"\", \"results\": [{\"description\": \"\", \"name\": \"plus\/qfong\"}]}<\/pre>\n<h1>04 docker for ssh server<\/h1>\n<pre class=\"lang:default decode:true\">RUN sed -i 's\/PermitRootLogin without-password\/PermitRootLogin yes\/' \/etc\/ssh\/sshd_config\r\nRUN sed 's@session\\s*required\\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i \/etc\/pam.d\/sshd\r\nRUN sed -i 's\/UsePrivilegeSeparation\\ssandbox\/UsePrivilegeSeparation no\/g' \/etc\/ssh\/sshd_config \r\nRUN sed  -i 's\/UsePAM\\syes\/UsePAM no\/g' \/etc\/ssh\/sshd_config \r\nRUN ssh-keygen -q -N \"\" -t dsa -f \/etc\/ssh\/ssh_host_dsa_key \uff08-N \u662f\u53d6\u6d88\u4ea4\u4e92\uff09\r\nRUN ssh-keygen -q -N \"\" -t rsa -f \/etc\/ssh\/ssh_host_rsa_key\r\nRUN ssh-keygen -q -N \"\" -t ecdsa -f \/etc\/ssh\/ssh_host_ecdsa_key<\/pre>\n<h1>05 \u53ef\u4ee5\u8ba9tomcat\u548cpostsql\u5728\u4e0d\u540c\u5bb9\u5668\u5185\uff0c\u7136\u540e\u8ba9\u5bb9\u5668\u8fdb\u884c\u5173\u8054<\/h1>\n<pre class=\"lang:default decode:true\">[root@localhost postgre]# docker run -d -t -p 80:8080 --name tomcatuvm --link focused_davinci3:topgsql qfong\/tomcat\r\n44c31f1390b66afcd08185537f063f80ca2982eb29042e00b1a5322fef841e40\r\n[root@localhost postgre]# docker ps -a\r\nCONTAINER ID        IMAGE                COMMAND                CREATED             STATUS                     PORTS                                            NAMES\r\n44c31f1390b6        qfong\/tomcat:latest   \/usr\/bin\/supervisord   5 seconds ago       Up 4 seconds               22\/tcp, 80\/tcp, 0.0.0.0:80-&gt;8080\/tcp             tomcatuvm                            \r\n63d9b7e1c293        qfong\/pgsql:latest    \/usr\/bin\/supervisord   9 minutes ago       Up 13 seconds              0.0.0.0:2202-&gt;2202\/tcp, 0.0.0.0:5432-&gt;5432\/tcp   focused_davinci3,tomcatuvm\/topgsql   \r\n1722a53a031e        qfong\/tomcat:latest   \/usr\/bin\/supervisord   3 days ago          Exited (0) 7 minutes ago                                                    distracted_hopper3  \r\n[root@ed9581f614ab ~]#psql -h 172.17.0.44 -p 5432 -U docker\r\nPassword for user docker: \r\npsql (9.2.7)\r\nType \"help\" for help.<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>00\u642d\u5efadocker \u4ed3\u5e93-\u914d\u7f6edocker-re&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[83,74],"tags":[140,124,141,142],"_links":{"self":[{"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=\/wp\/v2\/posts\/626"}],"collection":[{"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=626"}],"version-history":[{"count":1,"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=\/wp\/v2\/posts\/626\/revisions"}],"predecessor-version":[{"id":627,"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=\/wp\/v2\/posts\/626\/revisions\/627"}],"wp:attachment":[{"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=626"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.selinuxplus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}