搜索到
211
篇与
cby
的结果
-
Docker Swarm 核心概念及详细使用 Docker Swarm 核心概念及详细使用Docker Swarm 介绍Docker Swarm 是 Docker 的原生集群管理工具。它的主要作用是将多个 Docker 主机集成到一个虚拟的 Docker 主机中,为 Docker 容器提供集群和调度功能。通过 Docker Swarm,您可以轻松地管理多个 Docker 主机,并能在这些主机上调度容器的部署。下面是 Docker Swarm 的一些核心功能和特点:集群管理:Docker Swarm 允许您将多个 Docker 主机作为一个单一的虚拟主机来管理。这意味着您可以在多个不同的服务器上运行 Docker 容器,而这些服务器被统一管理。容错和高可用性:Swarm 提供高可用性服务,即使集群中的一部分节点失败,服务仍然可以继续运行。负载均衡:Swarm 自动分配容器到集群中的不同节点,从而实现负载均衡。它还可以根据需要自动扩展或缩减服务实例的数量。声明式服务模型:Swarm 使用 Docker Compose 文件格式,使您可以以声明式方式定义应用的多个服务。服务发现:Swarm 集群中的每个服务都可以通过服务名自动进行服务发现,这简化了不同服务之间的通信。安全性:Swarm 集群内的通信是加密的,提供了安全的节点间通信机制。易用性:作为 Docker 的一部分,Swarm 的使用和 Docker 非常类似,对于熟悉 Docker 的用户来说非常容易上手。总体来说,Docker Swarm 是一种轻量级且易于使用的容器编排工具,适合那些希望利用 Docker 的强大功能,同时需要简单集群管理和服务编排功能的场景。虽然它不像 Kubernetes 那样功能强大和复杂,但对于中小型项目或者对 Kubernetes 的复杂性有所顾虑的用户来说,它是一个很好的选择。NodeSwarm 集群由 Manager 节点(管理者角色,管理成员和委托任务)和 Worker 节点(工作者角色,运行 Swarm 服务)组成。一个节点就是 Swarm 集群中的一个实例,也就是一个 Docker 主机。你可以运行一个或多个节点在单台物理机或云服务器上,但是生产环境上,典型的部署方式是:Docker 节点交叉分布式部署在多台物理机或云主机上。节点名称默认为机器的 hostname。Manager:负责整个集群的管理工作包括集群配置、服务管理、容器编排等所有跟集群有关的工作,它会选举出一个 leader 来指挥编排任务;Worker:工作节点接收和执行从管理节点分派的任务(Tasks)运行在相应的服务(Services)上。Service服务(Service)是一个抽象的概念,是对要在管理节点或工作节点上执行的任务的定义。它是集群系统的中心结构,是用户与集群交互的主要根源。Task任务(Task)包括一个 Docker 容器和在容器中运行的命令。任务是一个集群的最小单元,任务与容器是一对一的关系。管理节点根据服务规模中设置的副本数量将任务分配给工作节点。一旦任务被分配到一个节点,便无法移动到另一个节点。它只能在分配的节点上运行或失败。工作流程Swarm Manager:API:接受命令并创建 service 对象(创建对象) $\Downarrow$orchestrator:为 service 对象创建的 task 进行编排工作(服务编排) $\Downarrow$allocater:为各个 task 分配 IP 地址(分配 IP) $\Downarrow$dispatcher:将 task 分发到 nodes(分发任务) $\Downarrow$scheduler:安排一个 worker 节点运行 task(运行任务) $\Downarrow$Worker Node:worker:连接到调度器,检查分配的 task(检查任务) $\Uparrow$executor:执行分配给 worker 节点的 task(执行任务)Dcoker Swarm 集群部署机器环境IP:192.168.1.51 主机名: Manager 担任角色: Manager IP:192.168.1.52 主机名: Node1 担任角色: Node IP:192.168.1.53 主机名: Node2 担任角色: Node 安装基础环境# 修改主机名 [root@localhost ~]# hostnamectl set-hostname Manager [root@localhost ~]# hostnamectl set-hostname Node1 [root@localhost ~]# hostnamectl set-hostname Node2 # 设置防火墙 # 关闭三台机器上的防火墙。如果开启防火墙,则需要在所有节点的防火墙上依次放行2377/tcp(管理端口)、7946/udp(节点间通信端口)、4789/udp(overlay 网络端口)端口。 [root@localhost ~]# systemctl disable firewalld.service [root@localhost ~]# systemctl stop firewalld.service # 安装docker curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun # 启动docker systemctl enable docker systemctl start docker配置加速器# 用你自己的阿里云加速器 [root@chenby ~]# cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries": ["z.oiox.cn:18082"], "registry-mirrors": [ "https://xxxxx.mirror.aliyuncs.com" ], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/var/lib/docker" } EOF # 重新启动docker [root@chenby ~]# systemctl restart docker && systemctl status docker -l创建Swarm并添加节点# 创建Swarm集群 [root@Manager ~]# docker swarm init --advertise-addr 192.168.1.51 Swarm initialized: current node (nuy82gjzc2c0wip9agbava3z9) is now a manager. To add a worker to this swarm, run the following command: docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377 To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. [root@Manager ~]# # 其余的Node节点执行加入操作 [root@Node1 ~]# docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377 This node joined a swarm as a worker. [root@Node1 ~]# [root@Node2 ~]# docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377 This node joined a swarm as a worker. [root@Node2 ~]#查看集群的相关信息[root@Manager ~]# docker info Client: Docker Engine - Community Version: 27.3.1 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.17.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.29.7 Path: /usr/libexec/docker/cli-plugins/docker-compose Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 27.3.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: active NodeID: nuy82gjzc2c0wip9agbava3z9 Is Manager: true ClusterID: hiki507c9yp8p4lrb8icp0rcs Managers: 1 Nodes: 3 Data Path Port: 4789 Orchestration: Task History Retention Limit: 5 Raft: Snapshot Interval: 10000 Number of Old Snapshots to Retain: 0 Heartbeat Tick: 1 Election Tick: 10 Dispatcher: Heartbeat Period: 5 seconds CA Configuration: Expiry Duration: 3 months Force Rotate: 0 Autolock Managers: false Root Rotation In Progress: false Node Address: 192.168.1.51 Manager Addresses: 192.168.1.51:2377 Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: 57f17b0a6295a39009d861b89e3b3b87b005ca27 runc version: v1.1.14-0-g2c9f560 init version: de40ad0 Security Options: seccomp Profile: builtin cgroupns Kernel Version: 5.14.0-503.el9.x86_64 Operating System: CentOS Stream 9 OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 1.921GiB Name: Manager ID: fb7ffc06-ccc6-4faf-bf8a-4e05f13c14d6 Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION nuy82gjzc2c0wip9agbava3z9 * Manager Ready Active Leader 27.3.1 6vdnp73unqh3qe096vv3iitwm Node1 Ready Active 27.3.1 9txw7h8w3wfkjj85rulu7jnen Node2 Ready Active 27.3.1 [root@Manager ~]# [root@Manager ~]#节点上下线更改节点的availablity状态swarm集群中node的availability状态可以为 active或者drainactive状态下,node可以接受来自manager节点的任务分派 drain状态下,node节点会结束task,且不再接受来自manager节点的任务分派(也就是下线节点)# 设置节点为Drain [root@Manager ~]# docker node update --availability drain Node1 Node1 [root@Manager ~]# [root@Manager ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION nuy82gjzc2c0wip9agbava3z9 * Manager Ready Active Leader 27.3.1 6vdnp73unqh3qe096vv3iitwm Node1 Ready Drain 27.3.1 9txw7h8w3wfkjj85rulu7jnen Node2 Ready Active 27.3.1 [root@Manager ~]# [root@Manager ~]# # 删除节点 [root@Manager ~]# docker node rm --force Node1 Node1 [root@Manager ~]# [root@Manager ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION nuy82gjzc2c0wip9agbava3z9 * Manager Ready Active Leader 27.3.1 9txw7h8w3wfkjj85rulu7jnen Node2 Ready Active 27.3.1 [root@Manager ~]# # 重新加入节点 [root@Node1 ~]# docker swarm leave -f Node left the swarm. [root@Node1 ~]# [root@Node1 ~]# [root@Node1 ~]# docker swarm join --token SWMTKN-1-0mbfykukl6fwl1mziipzqbakqmoo4iz1ti135uuyoj7zfgxgy2-4qbs0bm04iz0l52nm3bljvuoy 192.168.1.51:2377 This node joined a swarm as a worker. [root@Node1 ~]# # 查看现有状态 [root@Manager ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION nuy82gjzc2c0wip9agbava3z9 * Manager Ready Active Leader 27.3.1 uec5t9039ef02emg963fean4u Node1 Ready Active 27.3.1 9txw7h8w3wfkjj85rulu7jnen Node2 Ready Active 27.3.1 [root@Manager ~]#在Swarm中部署服务# 创建网络 [root@Manager ~]# docker network create -d overlay nginx_net resh5jevjdzfawrbc0tbxpns0 [root@Manager ~]# [root@Manager ~]# docker network ls | grep nginx_net resh5jevjdzf nginx_net overlay swarm [root@Manager ~]# # 部署服务 [root@Manager ~]# docker service create --replicas 1 --network nginx_net --name my_nginx -p 80:80 nginx ry7y3p039614jmvqytshxvnb3 overall progress: 1 out of 1 tasks 1/1: running [==================================================>] verify: Service ry7y3p039614jmvqytshxvnb3 converged [root@Manager ~]# # 使用 docker service ls 查看正在运行服务的列表 [root@Manager ~]# docker service ls ID NAME MODE REPLICAS IMAGE PORTS ry7y3p039614 my_nginx replicated 1/1 nginx:latest *:80->80/tcp [root@Manager ~]# # 查询Swarm中服务的信息 # -pretty 使命令输出格式化为可读的格式,不加 --pretty 可以输出更详细的信息: [root@Manager ~]# docker service inspect --pretty my_nginx ID: ry7y3p039614jmvqytshxvnb3 Name: my_nginx Service Mode: Replicated Replicas: 1 Placement: UpdateConfig: Parallelism: 1 On failure: pause Monitoring Period: 5s Max failure ratio: 0 Update order: stop-first RollbackConfig: Parallelism: 1 On failure: pause Monitoring Period: 5s Max failure ratio: 0 Rollback order: stop-first ContainerSpec: Image: nginx:latest@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470 Init: false Resources: Networks: nginx_net Endpoint Mode: vip Ports: PublishedPort = 80 Protocol = tcp TargetPort = 80 PublishMode = ingress [root@Manager ~]# # 查看运行状态 [root@Manager ~]# docker service ps my_nginx ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS x6rn5w1hv2ip my_nginx.1 nginx:latest Node2 Running Running 2 minutes ago [root@Manager ~]# # 访问测试 [root@Manager ~]# curl -I 192.168.1.53 HTTP/1.1 200 OK Server: nginx/1.27.2 Date: Tue, 19 Nov 2024 11:00:07 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Wed, 02 Oct 2024 15:13:19 GMT Connection: keep-alive ETag: "66fd630f-267" Accept-Ranges: bytes [root@Manager ~]#调整副本数# 增加副本数 [root@Manager ~]# docker service scale my_nginx=4 my_nginx scaled to 4 overall progress: 4 out of 4 tasks 1/4: running [==================================================>] 2/4: running [==================================================>] 3/4: running [==================================================>] 4/4: running [==================================================>] verify: Service my_nginx converged [root@Manager ~]# # 查看是否正常运行 [root@Manager ~]# docker service ps my_nginx ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS x6rn5w1hv2ip my_nginx.1 nginx:latest Node2 Running Running 12 minutes ago mi0wb3e0eixi my_nginx.2 nginx:latest Node1 Running Running 8 minutes ago grm4mtucb2io my_nginx.3 nginx:latest Manager Running Running 8 minutes ago u8gdmihpkqty my_nginx.4 nginx:latest Node1 Running Running 8 minutes ago [root@Manager ~]#模拟节点宕机# 模拟宕机node节点 [root@Node2 ~]# systemctl stop docker Warning: Stopping docker.service, but it can still be activated by: docker.socket [root@Node2 ~]# # 查看节点是否正常 [root@Manager ~]# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION nuy82gjzc2c0wip9agbava3z9 * Manager Ready Active Leader 27.3.1 uec5t9039ef02emg963fean4u Node1 Ready Active 27.3.1 9txw7h8w3wfkjj85rulu7jnen Node2 Down Active 27.3.1 [root@Manager ~]# # 查看容器是否正常 # 节点异常后,容器会在其他的节点上启动起来 [root@Manager ~]# docker service ps my_nginx ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS 6yf6qs3rv6gx my_nginx.1 nginx:latest Manager Running Running 18 seconds ago x6rn5w1hv2ip \_ my_nginx.1 nginx:latest Node2 Shutdown Running 14 minutes ago mi0wb3e0eixi my_nginx.2 nginx:latest Node1 Running Running 9 minutes ago grm4mtucb2io my_nginx.3 nginx:latest Manager Running Running 9 minutes ago u8gdmihpkqty my_nginx.4 nginx:latest Node1 Running Running 9 minutes ago [root@Manager ~]#缩小已加的副本# Swarm 动态缩容服务(scale) [root@Manager ~]# docker service scale my_nginx=1 my_nginx scaled to 1 overall progress: 1 out of 1 tasks 1/1: running [==================================================>] verify: Service my_nginx converged [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# docker service ls ID NAME MODE REPLICAS IMAGE PORTS ry7y3p039614 my_nginx replicated 1/1 nginx:latest *:80->80/tcp [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# docker service ps my_nginx ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS 6yf6qs3rv6gx my_nginx.1 nginx:latest Manager Running Running 4 minutes ago x6rn5w1hv2ip \_ my_nginx.1 nginx:latest Node2 Shutdown Shutdown about a minute ago [root@Manager ~]#更新参数镜像信息# 可以使用 update 更新参数 [root@Manager ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 64e2f72522a2 nginx:latest "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp my_nginx.1.6yf6qs3rv6gxbnrc032mhrwf1 [root@Manager ~]# docker service update --replicas 3 my_nginx my_nginx overall progress: 3 out of 3 tasks 1/3: running [==================================================>] 2/3: running [==================================================>] 3/3: running [==================================================>] verify: Service my_nginx converged [root@Manager ~]# [root@Manager ~]# docker service ls ID NAME MODE REPLICAS IMAGE PORTS ry7y3p039614 my_nginx replicated 3/3 nginx:latest *:80->80/tcp [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# docker service ps my_nginx ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS 6yf6qs3rv6gx my_nginx.1 nginx:latest Manager Running Running 7 minutes ago x6rn5w1hv2ip \_ my_nginx.1 nginx:latest Node2 Shutdown Shutdown 4 minutes ago pkc7bzqkpppz my_nginx.2 nginx:latest Node2 Running Running 22 seconds ago jfok9cwixbi6 my_nginx.3 nginx:latest Node1 Running Running 23 seconds ago [root@Manager ~]# # 通过update参数进行升级镜像 [root@Manager ~]# docker service update --image nginx:new my_nginx [root@Manager ~]# docker service ls ID NAME MODE REPLICAS IMAGE PORTS zs7fw4ereo5w my_nginx replicated 3/3 nginx:new *:80->80/tcp删除服务[root@Manager ~]# docker service rm my_nginx my_nginx [root@Manager ~]# [root@Manager ~]# docker service ps my_nginx no such service: my_nginx [root@Manager ~]#存储卷的挂载# Swarm中使用Volume(挂在目录,mount命令) # 创建一个volume [root@Manager ~]# docker volume create --name testvolume testvolume [root@Manager ~]# # 查看创建的volume [root@Manager ~]# docker volume ls DRIVER VOLUME NAME local testvolume [root@Manager ~]# # 查看volume详情 [root@Manager ~]# docker volume inspect testvolume [ { "CreatedAt": "2024-11-19T19:23:42+08:00", "Driver": "local", "Labels": null, "Mountpoint": "/var/lib/docker/volumes/testvolume/_data", "Name": "testvolume", "Options": null, "Scope": "local" } ] [root@Manager ~]#创建服务使用存储卷挂载# 创建新的服务并挂载testvolume [root@Manager ~]# docker service create --replicas 3 --mount type=volume,src=testvolume,dst=/usr/share/nginx/html --network nginx_net --name test_nginx -p 80:80 nginx 4ol5e2jxvs446q4mr9brs3cfk overall progress: 3 out of 3 tasks 1/3: running [==================================================>] 2/3: running [==================================================>] 3/3: running [==================================================>] verify: Service 4ol5e2jxvs446q4mr9brs3cfk converged [root@Manager ~]# [root@Manager ~]# # 查看创建服务 [root@Manager ~]# docker service ls ID NAME MODE REPLICAS IMAGE PORTS 4ol5e2jxvs44 test_nginx replicated 3/3 nginx:latest *:80->80/tcp [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# docker service ps test_nginx ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS jvaokj73sv0q test_nginx.1 nginx:latest Node2 Running Running 35 seconds ago 28kwulxo957w test_nginx.2 nginx:latest Manager Running Running 35 seconds ago odx5ejqph369 test_nginx.3 nginx:latest Node1 Running Running 35 seconds ago [root@Manager ~]#测试是否成功挂载# 查看有没有挂载成功 # 写入内容到网页内容中 [root@Manager ~]# echo "192.168.1.51" > /var/lib/docker/volumes/testvolume/_data/index.html [root@Manager ~]# [root@Node1 ~]# echo "192.168.1.52" > /var/lib/docker/volumes/testvolume/_data/index.html [root@Node1 ~]# [root@Node2 ~]# echo "192.168.1.53" > /var/lib/docker/volumes/testvolume/_data/index.html [root@Node2 ~]# # 测试是否生效 # 访问任意的节点IP即可,会轮询到这个节点上 [root@Manager ~]# curl 192.168.1.51 192.168.1.51 [root@Manager ~]# curl 192.168.1.51 192.168.1.53 [root@Manager ~]# curl 192.168.1.51 192.168.1.52 [root@Manager ~]#创建官方的可视化面板# 安装一个官方的可视化面板 [root@Manager ~]# docker run -it -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock dockersamples/visualizer Unable to find image 'dockersamples/visualizer:latest' locally latest: Pulling from dockersamples/visualizer ddad3d7c1e96: Pull complete 3a8370f05d5d: Pull complete 71a8563b7fea: Pull complete 119c7e14957d: Pull complete 28bdf67d9c0d: Pull complete 12571b9c0c9e: Pull complete e1bd03793962: Pull complete 3ab99c5ebb8e: Pull complete 94993ebc295c: Pull complete 021a328e5f7b: Pull complete Digest: sha256:530c863672e7830d7560483df66beb4cbbcd375a9f3ec174ff5376616686a619 Status: Downloaded newer image for dockersamples/visualizer:latest a6a71d4a6d59d8a1e321c70add627bb3c407ae2d4c1e5e9f5a1202bbaa4a24a9 [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# curl -I 192.168.1.51:8080 HTTP/1.1 200 OK X-Powered-By: Express Content-Type: text/html; charset=utf-8 Content-Length: 1920 ETag: W/"780-E5yvqIM13yhGsvY/rSKjKKqkVno" Date: Tue, 19 Nov 2024 11:43:05 GMT Connection: keep-alive Keep-Alive: timeout=5 [root@Manager ~]#Docker Swarm 容器网络swarm模式的覆盖网络包括以下功能:可以附加多个服务到同一个网络。可以给每个swarm服务分配一个虚拟IP地址(vip)和DNS名称使得在同一个网络中容器之间可以使用服务名称为互相连接可以配置使用DNS轮循而不使用VIP为了可以使用swarm的覆盖网络,在启用swarm模式之间你需要在swarm节点之间开放以下端口: TCP/UDP端口7946 – 用于容器网络发现UDP端口4789 – 用于容器覆盖网络# 创建网络 [root@Manager ~]# docker network create --driver overlay --opt encrypted --subnet 192.168.2.0/24 cby_net j26skr271gjkzpbx91wu1okt9 [root@Manager ~]# 参数解释: –opt encrypted 默认情况下swarm中的节点通信是加密的。在不同节点的容器之间,可选的–opt encrypted参数能在它们的vxlan流量启用附加的加密层。 --subnet 命令行参数指定overlay网络使用的子网网段。当不指定一个子网时,swarm管理器自动选择一个子网并分配给网络。 [root@Manager ~]# [root@Manager ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 239c159fade4 bridge bridge local j26skr271gjk cby_net overlay swarm ee7340b82a36 docker_gwbridge bridge local 82ce5e09d333 host host local dkhebie7aja7 ingress overlay swarm resh5jevjdzf nginx_net overlay swarm 60d6545d6b8e none null local [root@Manager ~]# # 创建的容器使用此网络 [root@Manager ~]# docker service create --replicas 5 --network cby_net --name my-cby -p 8088:80 nginx 58j0x31f072f12njv8oz2ibwf overall progress: 5 out of 5 tasks 1/5: running [==================================================>] 2/5: running [==================================================>] 3/5: running [==================================================>] 4/5: running [==================================================>] 5/5: running [==================================================>] verify: Service 58j0x31f072f12njv8oz2ibwf converged [root@Manager ~]# [root@Manager ~]# docker service ls | grep my-cby 58j0x31f072f my-cby replicated 5/5 nginx:latest *:8088->80/tcp [root@Manager ~]# 在manager-node节点上,通过下面的命令查看哪些节点有处于running状态的任务: [root@Manager ~]# docker service ps my-cby ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS hrppcl25yba0 my-cby.1 nginx:latest Node2 Running Running about a minute ago xw55qx98dgby my-cby.2 nginx:latest Manager Running Running about a minute ago izx4jb8aen5w my-cby.3 nginx:latest Node1 Running Running about a minute ago tdkm03dxjzv2 my-cby.4 nginx:latest Manager Running Running about a minute ago h6lcj91v01cm my-cby.5 nginx:latest Node1 Running Running about a minute ago [root@Manager ~]#查看网络详细信息可以查询某个节点上关于my-network的详细信息: [root@Manager ~]# docker network inspect cby_net [ { "Name": "cby_net", "Id": "j26skr271gjkzpbx91wu1okt9", "Created": "2024-11-19T20:10:07.207940854+08:00", "Scope": "swarm", "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "192.168.2.0/24", "Gateway": "192.168.2.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "2f101603351b388e2820dd576b2ab9490863b65ae04e8cb4f6a3bf2d0df2a590": { "Name": "my-cby.4.tdkm03dxjzv20acx6shajxhjg", "EndpointID": "b2a5885c2efe87370eb34b4da2103f979a8fa95fe9bff71f037eee569f1ffb0b", "MacAddress": "02:42:c0:a8:02:06", "IPv4Address": "192.168.2.6/24", "IPv6Address": "" }, "8cbd44885c579fa9bc267bcb3eea11b8edcd696b0c75180da5c9237330afcba6": { "Name": "my-cby.2.xw55qx98dgbyrdi6jxt9kguvc", "EndpointID": "e2f04749c1b55c25b75ec677fd95cc0bd1941a58c69a9b3eed8754d2cfb6de32", "MacAddress": "02:42:c0:a8:02:04", "IPv4Address": "192.168.2.4/24", "IPv6Address": "" }, "lb-cby_net": { "Name": "cby_net-endpoint", "EndpointID": "f93daf78ca41922a4be4c4b3dde01bb7a919d9008304a4a31950f09281ae30f9", "MacAddress": "02:42:c0:a8:02:0a", "IPv4Address": "192.168.2.10/24", "IPv6Address": "" } }, "Options": { "com.docker.network.driver.overlay.vxlanid_list": "4098", "encrypted": "" }, "Labels": {}, "Peers": [ { "Name": "33a2908a261b", "IP": "192.168.1.53" }, { "Name": "d7847005824e", "IP": "192.168.1.51" }, { "Name": "7640904bfcc4", "IP": "192.168.1.52" } ] } ] [root@Manager ~]# [root@Node1 ~]# docker network inspect cby_net ............................................ "Containers": { "01f42aaeb9667b8d07683f5e2d60f643cc61aa9ceda0d0adb8bc642d1093bfc9": { "Name": "my-cby.3.izx4jb8aen5wbwkvy5b7tz1lz", "EndpointID": "46892992ac400bc1cfc40f62610ff3321ae079929170912d861556f8d1f4645f", "MacAddress": "02:42:c0:a8:02:05", "IPv4Address": "192.168.2.5/24", "IPv6Address": "" }, "a214a33e86c95b3ea84aae6eee705b633ac5a31854425317d2a0d9693cee00ca": { "Name": "my-cby.5.h6lcj91v01cmhf03644nqarxq", "EndpointID": "a1ec3f28877fb82ba86c2b6312c592489bb59d354caa274a6b5d98aae3c4ee17", "MacAddress": "02:42:c0:a8:02:07", "IPv4Address": "192.168.2.7/24", "IPv6Address": "" }, "lb-cby_net": { "Name": "cby_net-endpoint", "EndpointID": "05f1e89be3036367a729c1a50430bcd6181ed4bc7ec4e37bd025ba5591b6b3bf", "MacAddress": "02:42:c0:a8:02:09", "IPv4Address": "192.168.2.9/24", "IPv6Address": "" } }, ............................................ [root@Node2 ~]# docker network inspect cby_net ............................................ "Containers": { "6ac3a65fa5a2501a5ad6d4183895e4e6b13beaf6b8642c360e19e9bc0849f74c": { "Name": "my-cby.1.hrppcl25yba05o26q1my5abmc", "EndpointID": "a0e8246bc74b8e9b9f964b1efb51ad59d9b7dff219b7f10fc027970145503f34", "MacAddress": "02:42:c0:a8:02:03", "IPv4Address": "192.168.2.3/24", "IPv6Address": "" }, "lb-cby_net": { "Name": "cby_net-endpoint", "EndpointID": "aa739df579790e8147877ce79220cf5387740f11a581344756502f9212314c24", "MacAddress": "02:42:c0:a8:02:08", "IPv4Address": "192.168.2.8/24", "IPv6Address": "" } }, ............................................. # 可以通过查询服务来获得服务的虚拟IP地址,如下: [root@Manager ~]# docker service inspect --format='{{json .Endpoint.VirtualIPs}}' my-cby [{"NetworkID":"dkhebie7aja768y8agz4xdpwt","Addr":"10.0.0.27/24"},{"NetworkID":"j26skr271gjkzpbx91wu1okt9","Addr":"192.168.2.2/24"}] [root@Manager ~]# 创建测试容器[root@Manager ~]# docker service create --name my-by_net --network cby_net busybox ping www.baidu.com u7eana0p9xp9auw9p02d8z1wx overall progress: 1 out of 1 tasks 1/1: running [==================================================>] verify: Service u7eana0p9xp9auw9p02d8z1wx converged [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# [root@Manager ~]# docker service ps my-by_net ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS 7l1fpecym4kc my-by_net.1 busybox:latest Node2 Running Running 31 seconds ago [root@Manager ~]# 进行网络测试# 测试其他的IP的是否在容器内正常 [root@Node2 ~]# docker exec -ti 1b1a6f6c5a7b /bin/sh / # / # ping 192.168.2.8 PING 192.168.2.8 (192.168.2.8): 56 data bytes 64 bytes from 192.168.2.8: seq=0 ttl=64 time=0.095 ms 64 bytes from 192.168.2.8: seq=1 ttl=64 time=0.073 ms 64 bytes from 192.168.2.8: seq=2 ttl=64 time=0.101 ms ^C --- 192.168.2.8 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.073/0.089/0.101 ms / # ping 192.168.2.7 PING 192.168.2.7 (192.168.2.7): 56 data bytes 64 bytes from 192.168.2.7: seq=0 ttl=64 time=0.434 ms 64 bytes from 192.168.2.7: seq=1 ttl=64 time=0.430 ms 64 bytes from 192.168.2.7: seq=2 ttl=64 time=0.401 ms 64 bytes from 192.168.2.7: seq=3 ttl=64 time=0.386 ms ^C --- 192.168.2.7 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.386/0.412/0.434 ms / # ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2): 56 data bytes 64 bytes from 192.168.2.2: seq=0 ttl=64 time=0.081 ms 64 bytes from 192.168.2.2: seq=1 ttl=64 time=0.075 ms 64 bytes from 192.168.2.2: seq=2 ttl=64 time=0.093 ms 64 bytes from 192.168.2.2: seq=3 ttl=64 time=0.073 ms ^C --- 192.168.2.2 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.073/0.080/0.093 ms / # # 服务发现功能 # 查询service的虚拟IP地址 / # nslookup my-cby Server: 127.0.0.11 Address: 127.0.0.11:53 Non-authoritative answer: Non-authoritative answer: Name: my-cby Address: 192.168.2.2 / # # 查询所有的容器IP / # nslookup tasks.my-cby Server: 127.0.0.11 Address: 127.0.0.11:53 Non-authoritative answer: Non-authoritative answer: Name: tasks.my-cby Address: 192.168.2.73 Name: tasks.my-cby Address: 192.168.2.74 Name: tasks.my-cby Address: 192.168.2.7 Name: tasks.my-cby Address: 192.168.2.5 Name: tasks.my-cby Address: 192.168.2.3 / #关于https://www.oiox.cn/https://www.oiox.cn/index.php/start-page.htmlCSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客全网可搜《小陈运维》文章主要发布于微信公众号 -
Linux防火墙firewall的使用 Linux防火墙firewall的使用CentOS 7新的防火墙服务firewalld的基本原理,它有个非常强大的过滤系统,称为 Netfilter,它内置于内核模块中,用于检查穿过系统的每个数据包。这意味着它可以在到达目的地之前以编程方式检查、修改、拒绝或丢弃任何网络数据包,如传入、传出或转发,从 Centos-7 开始,firewalld 成为管理基于主机的防火墙服务的默认工具,firewalld 的守护进程是从 firewalld 包安装的,它将在操作系统的所有基本安装上可用,但在最小安装上不可用。使用 FirewallD 优于“iptables”的优点1.在运行时所做的任何配置更改都不需要重新加载或重新启动 firewalld 服务 2.通过将整个网络流量安排到区域中来简化防火墙管理 3.每个系统可以设置多个防火墙配置以更改网络环境 4.使用 D-Bus 消息系统来交互/维护防火墙设置 在 CentOS 7 或更高版本中,我们仍然可以使用经典的 iptables,如果要使用 iptables,需要停止并禁用 firewalld 服务。同时使用firewalld 和 iptables会使系统混乱,因为它们彼此不兼容。每个区域都旨在根据指定的标准管理流量。如果没有进行任何修改,默认区域将设置为 public,并且关联的网络接口将附加到 public。所有预定义的区域规则都存储在两个位置:系统指定的区域规则在“/usr/lib/firewalld/zones/”下,用户指定的区域规则在/etc/firewalld/zones/ 下。如果在系统区域配置文件中进行了任何修改,它将自动到 /etc/firewalld/zones/。安装firewalld服务[root@chenby ~]# yum install firewalld -y [root@chenby ~]# systemctl start firewalld.service查看服务状态[root@chenby ~]# firewall-cmd --state [root@chenby ~]# systemctl status firewalld -l区域Firewalld 为不同的目的引入了几个预定义的区域和服务,主要目的之一是更轻松地处理 firewalld 管理。基于这些区域和服务,我们可以阻止任何形式的系统传入流量,除非它明确允许在区域中使用一些特殊规则。查看firewalld中的所有可用区域[root@chenby ~]# firewall-cmd --get-zones block dmz docker drop external home internal nm-shared public trusted work [root@chenby ~]# 查看默认区域[root@chenby ~]# firewall-cmd --get-default-zone public [root@chenby ~]# 活动区域和相关网络接口[root@chenby ~]# firewall-cmd --get-active-zones docker interfaces: br-31021b17396b br-53a24802cca1 docker0 public interfaces: ens18 [root@chenby ~]# 公共区域的规则[root@chenby ~]# firewall-cmd --list-all --zone="public" public (active) target: default icmp-block-inversion: no interfaces: ens18 sources: services: cockpit dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.250.0/24" accept [root@chenby ~]# 查看所有可用区域[root@chenby ~]# firewall-cmd --list-all-zones block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: docker (active) target: ACCEPT icmp-block-inversion: no interfaces: br-31021b17396b br-53a24802cca1 docker0 sources: services: ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: forward: yes masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client mdns samba-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: internal target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client mdns samba-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: nm-shared target: ACCEPT icmp-block-inversion: no interfaces: sources: services: dhcp dns ssh ports: protocols: icmp ipv6-icmp forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject public (active) target: default icmp-block-inversion: no interfaces: ens18 sources: services: cockpit dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.250.0/24" accept trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: work target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@chenby ~]# 修改默认的区域[root@chenby ~]# firewall-cmd --get-default-zone public [root@chenby ~]# [root@chenby ~]# [root@chenby ~]# firewall-cmd --set-default-zone=work success [root@chenby ~]# [root@chenby ~]# firewall-cmd --get-default-zone work [root@chenby ~]# [root@chenby ~]# firewall-cmd --set-default-zone=public success [root@chenby ~]# [root@chenby ~]# [root@chenby ~]# firewall-cmd --get-default-zone public [root@chenby ~]# [root@chenby ~]# 网口和区域的操作给指定网卡设置zone [root@chenby ~]# firewall-cmd --zone=internal --change-interface=enp1s1 查看系统所有网卡所在的zone [root@chenby ~]# firewall-cmd --get-active-zones 针对网卡删除zone [root@chenby ~]# firewall-cmd --zone=internal --remove-interface=enp1s1自定义 zone[root@chenby ~]# vi /etc/firewalld/zones/cby.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>linuxtecksecure</short> <description>用于企业领域。</description> <service name="ssh"/> <port protocol="tcp" port="80"/> <port protocol="tcp" port="22"/> </zone> [root@chenby ~]# [root@chenby ~]# firewall-cmd --reload success [root@chenby ~]# [root@chenby ~]# [root@chenby ~]# firewall-cmd --get-zones block cby dmz docker drop external home internal nm-shared public trusted work [root@chenby ~]# [root@chenby ~]# 服务查看所有可用的服务[root@chenby ~]# firewall-cmd --get-services RH-Satellite-6 RH-Satellite-6-capsule afp amanda-client amanda-k5-client amqp amqps apcupsd audit ausweisapp2 bacula bacula-client bareos-director bareos-filedaemon bareos-storage bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-exporter ceph-mon cfengine checkmk-agent cockpit collectd condor-collector cratedb ctdb dds dds-multicast dds-unicast dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git gpsd grafana gre high-availability http http3 https ident imap imaps ipfs ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver kube-control-plane kube-control-plane-secure kube-controller-manager kube-controller-manager-secure kube-nodeport-services kube-scheduler kube-scheduler-secure kube-worker kubelet kubelet-readonly kubelet-worker ldap ldaps libvirt libvirt-tls lightning-network llmnr llmnr-client llmnr-tcp llmnr-udp managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd nebula netbios-ns netdata-dashboard nfs nfs3 nmea-0183 nrpe ntp nut opentelemetry openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus prometheus-node-exporter proxy-dhcp ps2link ps3netsrv ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptls snmptls-trap snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui syncthing-relay synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server warpinator wbem-http wbem-https wireguard ws-discovery ws-discovery-client ws-discovery-tcp ws-discovery-udp wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server zerotier [root@chenby ~]# 查看特定区域内的所有可用服务[root@chenby ~]# firewall-cmd --zone=work --list-services cockpit dhcpv6-client ssh [root@chenby ~]# 将现有服务添加到默认区域[root@chenby ~]# firewall-cmd --add-service=samba success [root@chenby ~]# # 验证 [root@chenby ~]# firewall-cmd --zone=public --list-services cockpit dhcpv6-client samba ssh [root@chenby ~]# 永久添加服务[root@chenby ~]# firewall-cmd --permanent --add-service=ftp success [root@chenby ~]# [root@chenby ~]# firewall-cmd --reload success [root@chenby ~]# 将运行时设置迁移到永久设置[root@chenby ~]# firewall-cmd --runtime-to-permanent success [root@chenby ~]# 如何在公共区域为samba服务开放端口 [root@chenby ~]# firewall-cmd --permanent --zone=public --add-port=137/udp success [root@chenby ~]# [root@chenby ~]# firewall-cmd --permanent --zone=public --add-port=138/udp success [root@chenby ~]# [root@chenby ~]# firewall-cmd --permanent --zone=public --add-port=139/tcp success [root@chenby ~]# [root@chenby ~]# firewall-cmd --permanent --zone=public --add-port=445/tcp success [root@chenby ~]# [root@chenby ~]# firewall-cmd --list-ports 137/udp 138/udp 139/tcp 445/tcp [root@chenby ~]# 设置规则生效时间秒 (s)、分钟 (m) 或小时 (h) 为单位指定超时。[root@chenby ~]# firewall-cmd --zone=public --add-service=ftp --timeout=5m关于https://www.oiox.cn/https://www.oiox.cn/index.php/start-page.htmlCSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客全网可搜《小陈运维》文章主要发布于微信公众号
-
安装MySQL8数据库 安装MySQL8MySQL Community Server 社区版本,开源免费,自由下载,但不提供官方技术支持,适用于大多数普通用户。MySQL Enterprise Edition 企业版本,需付费,不能在线下载,可以试用30天。提供了更多的功能和更完备的技术支持,更适合于对数据库的功能和可靠性要求较高的企业客户。MySQL Cluster 集群版,开源免费。用于架设集群服务器,可将几个MySQL Server封装成一个Server。需要在社区版或企业版的基础上使用。MySQL Cluster CGE 高级集群版,需付费。安装 mysql yum源[root@web ~]# wget https://repo.mysql.com//mysql84-community-release-el9-1.noarch.rpm [root@web ~]# yum install ./mysql84-community-release-el9-1.noarch.rpm [root@web ~]# 安装成功后,查看MySQL版本:[root@web ~]# yum repolist all | grep mysql mysql-8.4-lts-community MySQL 8.4 LTS Community Server 启用 mysql-8.4-lts-community-debuginfo MySQL 8.4 LTS Community Server 禁用 mysql-8.4-lts-community-source MySQL 8.4 LTS Community Server 禁用 mysql-cluster-8.0-community MySQL Cluster 8.0 Community 禁用 mysql-cluster-8.0-community-debuginfo MySQL Cluster 8.0 Community - 禁用 mysql-cluster-8.0-community-source MySQL Cluster 8.0 Community - 禁用 mysql-cluster-8.4-lts-community MySQL Cluster 8.4 LTS Communit 禁用 mysql-cluster-8.4-lts-community-debuginfo MySQL Cluster 8.4 LTS Communit 禁用 mysql-cluster-8.4-lts-community-source MySQL Cluster 8.4 LTS Communit 禁用 mysql-cluster-innovation-community MySQL Cluster Innovation Relea 禁用 mysql-cluster-innovation-community-debuginfo MySQL Cluster Innovation Relea 禁用 mysql-cluster-innovation-community-source MySQL Cluster Innovation Relea 禁用 mysql-connectors-community MySQL Connectors Community 启用 mysql-connectors-community-debuginfo MySQL Connectors Community - D 禁用 mysql-connectors-community-source MySQL Connectors Community - S 禁用 mysql-innovation-community MySQL Innovation Release Commu 禁用 mysql-innovation-community-debuginfo MySQL Innovation Release Commu 禁用 mysql-innovation-community-source MySQL Innovation Release Commu 禁用 mysql-tools-8.4-lts-community MySQL Tools 8.4 LTS Community 启用 mysql-tools-8.4-lts-community-debuginfo MySQL Tools 8.4 LTS Community 禁用 mysql-tools-8.4-lts-community-source MySQL Tools 8.4 LTS Community 禁用 mysql-tools-community MySQL Tools Community 禁用 mysql-tools-community-debuginfo MySQL Tools Community - Debugi 禁用 mysql-tools-community-source MySQL Tools Community - Source 禁用 mysql-tools-innovation-community MySQL Tools Innovation Communi 禁用 mysql-tools-innovation-community-debuginfo MySQL Tools Innovation Communi 禁用 mysql-tools-innovation-community-source MySQL Tools Innovation Communi 禁用 mysql80-community MySQL 8.0 Community Server 禁用 mysql80-community-debuginfo MySQL 8.0 Community Server - D 禁用 mysql80-community-source MySQL 8.0 Community Server - S 禁用 [root@web ~]# 安装MySQL[root@web ~]# yum install mysql-community-server 启动MySQL服务 [root@web ~]# systemctl start mysqld 确认MySQL正常启动 [root@web ~]# systemctl status mysqld 设置MySQL开机自启动 [root@web ~]# systemctl enable mysqld 查看生成 MySQL root用户临时密码: [root@web ~]# grep 'temporary password' /var/log/mysqld.log修改root用户密码# 登录数据库 [root@web ~]# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 8.4.3 Copyright (c) 2000, 2024, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> mysql> mysql> # 修改root密码 mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Password@2024'; Query OK, 0 rows affected (0.01 sec) mysql> 设置远程登录# 查看默认库 mysql> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.00 sec) mysql> # 选择使用mysql库 mysql> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> # 查询用户表 mysql> select host, user, authentication_string, plugin from user; +-----------+------------------+------------------------------------------------------------------------+-----------------------+ | host | user | authentication_string | plugin | +-----------+------------------+------------------------------------------------------------------------+-----------------------+ | localhost | mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | | localhost | mysql.session | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | | localhost | mysql.sys | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | | localhost | root | $A$005$@c%qYYPJ~F-qAGZDHB6e7/1eEIz5VmK2O87RS12HBQpiPrZ7nVNqHX/D3 | caching_sha2_password | +-----------+------------------+------------------------------------------------------------------------+-----------------------+ 4 rows in set (0.00 sec) mysql> # 修改root的授权 mysql> update user set host='%' where user='root'; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> # 需要执行俩次 mysql> Grant all privileges on *.* to 'root'@'%'; ERROR 1410 (42000): You are not allowed to create a user with GRANT mysql> mysql> Grant all privileges on *.* to 'root'@'%'; Query OK, 0 rows affected (0.01 sec) mysql> # 刷新权限 mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) mysql> mysql> # 再次查看用户表 mysql> select host, user, authentication_string, plugin from user; +-----------+------------------+------------------------------------------------------------------------+-----------------------+ | host | user | authentication_string | plugin | +-----------+------------------+------------------------------------------------------------------------+-----------------------+ | % | root | $A$005$@c%qYYPJ~F-qAGZDHB6e7/1eEIz5VmK2O87RS12HBQpiPrZ7nVNqHX/D3 | caching_sha2_password | | localhost | mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | | localhost | mysql.session | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | | localhost | mysql.sys | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | +-----------+------------------+------------------------------------------------------------------------+-----------------------+ 4 rows in set (0.00 sec) mysql>测试连接# 使用其他主机进行登录数据库 [root@k8s-master01 ~]# mysql -u root -p -h 192.168.1.130 Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 8.4.3 MySQL Community Server - GPL Copyright (c) 2000, 2024, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> mysql> mysql> 关于https://www.oiox.cn/https://www.oiox.cn/index.php/start-page.htmlCSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客全网可搜《小陈运维》文章主要发布于微信公众号
-
k8s的无头服务 k8s的无头服务Headless Services是一种特殊的service,其spec:clusterIP表示为None,这样在实际运行时就不会被分配ClusterIP,也被称为无头服务,通过DNS解析提供服务发现。与普通服务不同的是Headless Services不提供负载均衡功能,每个Pod都有唯一的DNS记录,直接映射到其IP地址,适用于有状态应用的场景,如与StatefulSet一起部署数据库。这种服务使得直接访问单个Pod成为可能,而不经过负载均衡器。因为 Headless Service 属于 Service ClusterIp 类型,所以在讲解Headless Service前,先简单说下 Service 和服务发现。构建镜像[root@chenby ~]# cat > Dockerfile <<EOF FROM nginx RUN echo '这是一个本地构建的nginx镜像,第一版' > /usr/share/nginx/html/index.html EOF docker build -t z.oiox.cn:18082/library/cby:v1 . docker push z.oiox.cn:18082/library/cby:v1编写yaml文件我这里只是创建了一个最简单的容器,由StatefulSet控制器来管理,同时创建了无头服务的svccat > cby.yaml <<EOF apiVersion: v1 kind: Service metadata: name: nginx labels: app: nginx spec: ports: - port: 80 name: web clusterIP: None #这使得服务成为无头服务 selector: app: nginx --- apiVersion: apps/v1 kind: StatefulSet metadata: name: web spec: serviceName: "nginx" replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: z.oiox.cn:18082/library/cby:v1 ports: - containerPort: 80 name: web EOF查看已经创建的资源[root@k8s-master01 ~]# kubectl get statefulsets NAME READY AGE web 2/2 12m [root@k8s-master01 ~]# [root@k8s-master01 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE web-0 1/1 Running 0 12m web-1 1/1 Running 0 12m [root@k8s-master01 ~]# [root@k8s-master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx ClusterIP None <none> 80/TCP 12m [root@k8s-master01 ~]# 修改web-1的html内容statefulsets控制器是可以将存储持久化的,我这里没做存储持久化,这里就进入容器内进行修改页面信息kubectl exec web-1 -- sh -c 'echo 这是一个本地构建的nginx镜像,第二版 > /usr/share/nginx/html/index.html'测试修改是否成功[root@k8s-master01 ~]# kubectl get pod -o wide |grep web web-0 1/1 Running 0 40m 10.0.0.28 k8s-node02 <none> <none> web-1 1/1 Running 0 40m 10.0.3.243 k8s-node01 <none> <none> [root@k8s-master01 ~]# [root@k8s-master01 ~]# [root@k8s-master01 ~]# curl 10.0.0.28 这是一个本地构建的nginx镜像,第一版 [root@k8s-master01 ~]# [root@k8s-master01 ~]# curl 10.0.3.243 这是一个本地构建的nginx镜像,第二版 [root@k8s-master01 ~]# [root@k8s-master01 ~]# 查看svc的详细这里可以看到Endpoints已经关联到了后端的pod容器[root@k8s-master01 ~]# kubectl describe svc nginx Name: nginx Namespace: default Labels: app=nginx Annotations: <none> Selector: app=nginx Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: None IPs: None Port: web 80/TCP TargetPort: 80/TCP Endpoints: 10.0.0.28:80,10.0.3.243:80 Session Affinity: None Internal Traffic Policy: Cluster Events: <none> [root@k8s-master01 ~]#创建busybox测试容器cat<<EOF | kubectl apply -f - apiVersion: v1 kind: Pod metadata: name: busybox namespace: default spec: containers: - name: busybox image: docker-ce.chenby.cn/library/busybox:1.28 command: - sleep - "3600" imagePullPolicy: IfNotPresent restartPolicy: Always EOF进入测试容器[root@k8s-master01 ~]# kubectl exec -ti busybox -- sh / # / # / # ping nginx.default.svc.cluster.local PING nginx.default.svc.cluster.local (10.0.0.28): 56 data bytes 64 bytes from 10.0.0.28: seq=0 ttl=63 time=0.066 ms 64 bytes from 10.0.0.28: seq=1 ttl=63 time=0.077 ms 64 bytes from 10.0.0.28: seq=2 ttl=63 time=0.070 ms ^C --- nginx.default.svc.cluster.local ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.066/0.071/0.077 ms / # / # / # / # ping web-0.nginx.default.svc.cluster.local PING web-0.nginx.default.svc.cluster.local (10.0.0.28): 56 data bytes 64 bytes from 10.0.0.28: seq=0 ttl=63 time=0.046 ms 64 bytes from 10.0.0.28: seq=1 ttl=63 time=0.079 ms 64 bytes from 10.0.0.28: seq=2 ttl=63 time=0.064 ms ^C --- web-0.nginx.default.svc.cluster.local ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.046/0.063/0.079 ms / # / # / # / # ping web-1.nginx.default.svc.cluster.local PING web-1.nginx.default.svc.cluster.local (10.0.3.243): 56 data bytes 64 bytes from 10.0.3.243: seq=0 ttl=63 time=0.369 ms 64 bytes from 10.0.3.243: seq=1 ttl=63 time=0.373 ms 64 bytes from 10.0.3.243: seq=2 ttl=63 time=0.328 ms ^C --- web-1.nginx.default.svc.cluster.local ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.328/0.356/0.373 ms / # / # / # / # / # cat /etc/hosts # Kubernetes-managed hosts file. 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet fe00::0 ip6-mcastprefix fe00::1 ip6-allnodes fe00::2 ip6-allrouters 10.0.0.238 busybox / # / # / # / # 进行访问性测试[root@k8s-master01 ~]# kubectl exec -ti nginx-demo-cccbdc67f-6nkgd -- sh / # / # / # curl nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第二版 / # curl nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第一版 / # / # / # / # curl web-0.nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第一版 / # curl web-0.nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第一版 / # curl web-0.nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第一版 / # / # / # / # curl web-1.nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第二版 / # curl web-1.nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第二版 / # curl web-1.nginx.default.svc.cluster.local 这是一个本地构建的nginx镜像,第二版 总结在某些场景中,无需对外提供访问能力,只需要在内部找到自己想找到的Pod资源时,可以通过Headless Service来实现。这种不具有ClusterIP的Service资源就是Headless Service,该 Service 的请求流量不需要 kube-proxy 处理,也不会有负载均衡和路由规则,而是由ClusterDNS的域名解析机制直接去访问固定的Pod资源。既然是Headless Service,那首先它是Service,一般的Service能被内部和外部访问。之所以叫Headless Service,是因为只对内提供访问,既然只对内访问,那肯定就需要提供稳定的访问能力了,否则就没什么作用了。比如说拥有固定的Pod名称和存储,所以一般会结合StatefulSet一起使用,用来部署有状态的应用。如果想让部署的有状态应用暴露给集群外部客户端访问的话,可以新建个普通(有ClusterIP)的服务,通过标签选择关联有状态服务实例。关于https://www.oiox.cn/https://www.oiox.cn/index.php/start-page.htmlCSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客全网可搜《小陈运维》文章主要发布于微信公众号
-
安装Harbor镜像仓库 安装Harbor镜像仓库安装dockercurl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun下载harbor安装包# 下载Docker Harbor安装包 wget https://github.com/goharbor/harbor/releases/download/v2.12.0/harbor-offline-installer-v2.12.0.tgz # 解压安装包 [root@chenby ~]# tar xvf harbor-offline-installer-v2.12.0.tgz -C /usr/local/ harbor/harbor.v2.12.0.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl [root@chenby ~]# cd /usr/local/harbor/创建证书# 我用的是免费证书 Let's Encrypt 泛域名证书申请 https://www.oiox.cn/index.php/archives/139/配置harbor服务# 配置harbor文件 [root@chenby harbor]# cp harbor.yml.tmpl harbor.yml [root@chenby harbor]# vim harbor.yml [root@chenby harbor]# cat harbor.yml | grep -v '^#' | grep -v '^$' | grep -v ' #' hostname: z.oiox.cn http: port: 18081 https: port: 18082 certificate: /ssl/cert.pem private_key: /ssl/cert.key harbor_admin_password: Cby123.. database: password: root123 max_idle_conns: 100 max_open_conns: 900 conn_max_lifetime: 5m conn_max_idle_time: 0 data_volume: /data trivy: ignore_unfixed: false skip_update: false skip_java_db_update: false offline_scan: false security_check: vuln insecure: false timeout: 5m0s jobservice: max_job_workers: 10 job_loggers: - STD_OUTPUT - FILE logger_sweeper_duration: 1 #days notification: webhook_job_max_retry: 3 webhook_job_http_client_timeout: 3 #seconds log: level: info local: rotate_count: 50 rotate_size: 200M location: /var/log/harbor _version: 2.12.0 proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - trivy upload_purging: enabled: true age: 168h interval: 24h dryrun: false cache: enabled: false expire_hours: 24 [root@chenby harbor]# 安装harbor# 进行安装 [root@chenby harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 27.3.1 [Step 1]: checking docker-compose is installed ... Note: Docker Compose version v2.29.7 [Step 2]: loading Harbor images ... 910db7c25623: Loading layer [==================================================>] 40.51MB/40.51MB c8cd0a1f5b0b: Loading layer [==================================================>] 107.6MB/107.6MB 15d8ff051c07: Loading layer [==================================================>] 46.48MB/46.48MB d197fd97c185: Loading layer [==================================================>] 13.77MB/13.77MB d88ec2163d81: Loading layer [==================================================>] 66.05kB/66.05kB e63d6d00357d: Loading layer [==================================================>] 2.56kB/2.56kB b802bc40d720: Loading layer [==================================================>] 1.536kB/1.536kB 8225980335b5: Loading layer [==================================================>] 12.29kB/12.29kB 3175598f5b32: Loading layer [==================================================>] 2.746MB/2.746MB ef05ddf12dfe: Loading layer [==================================================>] 525.3kB/525.3kB Loaded image: goharbor/prepare:v2.12.0 32cd15a4ebdd: Loading layer [==================================================>] 16.27MB/16.27MB 0dd22cb0da1b: Loading layer [==================================================>] 190.2MB/190.2MB ac30f78bb9c1: Loading layer [==================================================>] 26.08MB/26.08MB 527459edc5ee: Loading layer [==================================================>] 18.6MB/18.6MB 0fe3e34fe571: Loading layer [==================================================>] 5.12kB/5.12kB eb0883932a36: Loading layer [==================================================>] 6.144kB/6.144kB 49b31970580b: Loading layer [==================================================>] 3.072kB/3.072kB 478aa400459f: Loading layer [==================================================>] 2.048kB/2.048kB c39207896960: Loading layer [==================================================>] 2.56kB/2.56kB e3a89007fad0: Loading layer [==================================================>] 7.68kB/7.68kB Loaded image: goharbor/harbor-db:v2.12.0 eb105901976e: Loading layer [==================================================>] 11.57MB/11.57MB 4c386227a4e4: Loading layer [==================================================>] 3.584kB/3.584kB 4f442ab7cc4c: Loading layer [==================================================>] 2.56kB/2.56kB 2fa6704b1ae6: Loading layer [==================================================>] 59.63MB/59.63MB 65c014dfa82d: Loading layer [==================================================>] 60.42MB/60.42MB Loaded image: goharbor/harbor-jobservice:v2.12.0 4cab912836a2: Loading layer [==================================================>] 8.614MB/8.614MB 247df5f5c893: Loading layer [==================================================>] 4.096kB/4.096kB 9ee7df405168: Loading layer [==================================================>] 18.13MB/18.13MB d628a65e4634: Loading layer [==================================================>] 3.072kB/3.072kB 1759c807e026: Loading layer [==================================================>] 36.96MB/36.96MB bee402e81ccd: Loading layer [==================================================>] 55.88MB/55.88MB Loaded image: goharbor/harbor-registryctl:v2.12.0 afc604caf53d: Loading layer [==================================================>] 11.57MB/11.57MB f9eb13f95461: Loading layer [==================================================>] 37.01MB/37.01MB e98d25e4c661: Loading layer [==================================================>] 4.608kB/4.608kB 8dd3c4f177e1: Loading layer [==================================================>] 37.8MB/37.8MB Loaded image: goharbor/harbor-exporter:v2.12.0 31e9c30e4a21: Loading layer [==================================================>] 16.27MB/16.27MB bfcf2dfddce8: Loading layer [==================================================>] 125.1MB/125.1MB 1660b90f9dc7: Loading layer [==================================================>] 3.072kB/3.072kB 93c9be43608f: Loading layer [==================================================>] 59.9kB/59.9kB d69d92256927: Loading layer [==================================================>] 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v2.12.0 769c4aa8c0a4: Loading layer [==================================================>] 8.614MB/8.614MB 9cd556727275: Loading layer [==================================================>] 4.096kB/4.096kB 0edc0bc0fa32: Loading layer [==================================================>] 3.072kB/3.072kB 30823cd3e953: Loading layer [==================================================>] 18.13MB/18.13MB 31ffd46d4827: Loading layer [==================================================>] 18.92MB/18.92MB Loaded image: goharbor/registry-photon:v2.12.0 8f8c2600e204: Loading layer [==================================================>] 130.1MB/130.1MB 676f1d057a8c: Loading layer [==================================================>] 6.731MB/6.731MB 71425f9960bc: Loading layer [==================================================>] 252.9kB/252.9kB 8ce274b4eb81: Loading layer [==================================================>] 1.497MB/1.497MB Loaded image: goharbor/harbor-portal:v2.12.0 4ed6c9567d72: Loading layer [==================================================>] 11.57MB/11.57MB 68c5cae40c58: Loading layer [==================================================>] 3.584kB/3.584kB a29956692eb6: Loading layer [==================================================>] 2.56kB/2.56kB d4eac84f665a: Loading layer [==================================================>] 70.77MB/70.77MB c2d39ec31cb3: Loading layer [==================================================>] 5.632kB/5.632kB 81df0033286e: Loading layer [==================================================>] 126.5kB/126.5kB 847040daf450: Loading layer [==================================================>] 201.7kB/201.7kB cba56604cbfc: Loading layer [==================================================>] 71.89MB/71.89MB 6d8fda582e88: Loading layer [==================================================>] 2.56kB/2.56kB Loaded image: goharbor/harbor-core:v2.12.0 8dd98fe70bfa: Loading layer [==================================================>] 139.8MB/139.8MB c0691b0983da: Loading layer [==================================================>] 3.584kB/3.584kB a205646db971: Loading layer [==================================================>] 3.072kB/3.072kB 36bea9385de7: Loading layer [==================================================>] 2.56kB/2.56kB 624bbccc716a: Loading layer [==================================================>] 3.072kB/3.072kB cee989d2b0b0: Loading layer [==================================================>] 3.584kB/3.584kB 73035228c2e1: Loading layer [==================================================>] 20.48kB/20.48kB Loaded image: goharbor/harbor-log:v2.12.0 d397faf073f1: Loading layer [==================================================>] 130.1MB/130.1MB Loaded image: goharbor/nginx-photon:v2.12.0 3e1f1096c4bf: Loading layer [==================================================>] 9.106MB/9.106MB 9cc192b1539e: Loading layer [==================================================>] 4.096kB/4.096kB a4448f8ca935: Loading layer [==================================================>] 3.072kB/3.072kB 38c665e4daa5: Loading layer [==================================================>] 133.8MB/133.8MB 867c3a3ec63e: Loading layer [==================================================>] 15.55MB/15.55MB e04b98ae7085: Loading layer [==================================================>] 150.1MB/150.1MB Loaded image: goharbor/trivy-adapter-photon:v2.12.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Note: stopping existing Harbor instance ... [Step 5]: starting Harbor ... [+] Running 10/10 ✔ Network harbor_harbor Created 0.2s ✔ Container harbor-log Started 0.4s ✔ Container harbor-db Started 0.6s ✔ Container redis Started 0.7s ✔ Container registryctl Started 0.7s ✔ Container harbor-portal Started 0.7s ✔ Container registry Started 0.6s ✔ Container harbor-core Started 0.8s ✔ Container nginx Started 1.1s ✔ Container harbor-jobservice Started 1.0s ✔ ----Harbor has been installed and started successfully.---- [root@chenby harbor]# 配置解析和docker# FQDN解析 cat >> /etc/hosts <<EOF 192.168.1.120 z.oiox.cn EOF # 例如docker的配置 # 如果没有正式的域名以及ssl证书就需要配置 insecure-registries 参数 [root@chenby ~]# cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries": ["z.oiox.cn:18082"], "registry-mirrors": [ "https://xxxxx.mirror.aliyuncs.com" ], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/var/lib/docker" } EOF # 重新启动docker [root@chenby ~]# systemctl restart docker && systemctl status docker -l测试使用# 登陆 [root@chenby ~]# docker login z.oiox.cn:18082 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credential-stores Login Succeeded [root@chenby ~]# # 构建镜像 [root@chenby ~]# cat > Dockerfile <<EOF FROM nginx RUN echo '这是一个本地构建的nginx镜像,第一版' > /usr/share/nginx/html/index.html EOF docker build -t z.oiox.cn:18082/library/cby:v1 . [root@chenby ~]# cat > Dockerfile <<EOF FROM nginx RUN echo '这是一个本地构建的nginx镜像,第二版' > /usr/share/nginx/html/index.html EOF docker build -t z.oiox.cn:18082/library/cby:v2 . docker push z.oiox.cn:18082/library/cby:v1 docker push z.oiox.cn:18082/library/cby:v2 docker rmi z.oiox.cn:18082/library/cby:v1 docker rmi z.oiox.cn:18082/library/cby:v2 docker pull z.oiox.cn:18082/library/cby:v1 docker pull z.oiox.cn:18082/library/cby:v2关于https://www.oiox.cn/https://www.oiox.cn/index.php/start-page.htmlCSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客全网可搜《小陈运维》文章主要发布于微信公众号
