标签:systemd 方式 memory share tfs 软件包 查看 coding sso
容器:
Docker思想:
docker 与 虚拟机比较:
举例:
Docker就是手机中的各种APP,只需要一个系统就可以下载自己所需的应用
虚拟化技术相当于苹果手机安装一个庞大软件,这个软件上安装安卓系统、魅族系统等,每个系统上还要安装各类应用。
docker版本
Docker 安装参考官方文档:
安装:
# 1.安装依赖包 yum install -y yum-utils device-mapper-persistent-data lvm2 # 2.添加Docker软件包源(否则doker安装的不是新版本) yum-config-manager \--add-repo \https://download.docker.com/linux/centos/docker-ce.repo # 3.安装Docker CE yum install -y docker-ce # 4.启动Docker服务并设置开机启动 systemctl start docker systemctl enable docker # 5.测试docker是否安装成功(hello-world是官方提供的一个测试镜像) docker run hello-world # 6.查看docker基本信息 docker info docker version
Docker 创建一个ngixn容器:
# 1.创建一个nginx容器 docker run -it nginx # 2.查看docker运行的容器(可以获取到这个容器的id) docker ps # 3.访问这个容器 # 进入这个nginx容器(进入的文件系统和宿主机是完全隔离的,有自己独立的文件系统) docker exec -it 73877e65c07d bash # 4.查看当前容器的 IP docker inspect 73877e65c07d # 73877e65c07d是通过docekr ps查看到的容器ID curl 172.17.0.2 # 测试这个nginx容器是否可以访问
什么是Docker镜像:
1. docker镜像不包含Linux内核而又精简的Linux操作系统
2. docker镜像是一个分层存储的文件,一个镜像可以创建N个容器
3. 可以这么理解,docker 镜像是 docker 容器的静态视角,docker 容器是 docker 镜像的运行状态。
4. 容器只是对docker镜像的引用,如果docker镜像删除,此镜像创建的容器也都失效
Docker 镜像与容器的区别:
1. 当由 ubuntu:14.04 镜像启动容器时,ubuntu:14.04 镜像的镜像层内容将作为容器的 rootfs;
2. 而 ubuntu:14.04 镜像的 json 文件,会由 docker daemon 解析,并提取出其中的容器执行入口 CMD 信息,
以及容器进程的环境变量 ENV 信息,最终初始化容器进程。
3. 当然,容器进程的执行入口来源于镜像提供的 rootfs。
rootfs
为了更好的理解 docker 镜像的结构,下面介绍一下 docker 镜像设计上的关键技术。
分层
docker 镜像是采用分层的方式构建的,每个镜像都由一系列的 "镜像层" 组成。分层结构是 docker 镜像如此轻量的重要原因。当需要修改容器镜像内的某个文件时,只对处于最上方的读写层进行变动,不覆写下层已有文件系统的内容,已有文件在只读层中的原始版本仍然存在,但会被读写层中的新版本所隐藏。当使用 docker commit 提交这个修改过的容器文件系统为一个新的镜像时,保存的内容仅为最上层读写文件系统中被更新过的文件。分层达到了在不的容器同镜像之间共享镜像层的效果。
写时复制
docker 镜像使用了写时复制(copy-on-write)的策略,在多个容器之间共享镜像,每个容器在启动的时候并不需要单独复制一份镜像文件,而是将所有镜像层以只读的方式挂载到一个挂载点,再在上面覆盖一个可读写的容器层。在未更改文件内容时,所有容器共享同一份数据,只有在 docker 容器运行过程中文件系统发生变化时,才会把变化的文件内容写到可读写层,并隐藏只读层中的老版本文件。写时复制配合分层机制减少了镜像对磁盘空间的占用和容器启动时间。
内容寻址
在 docker 1.10 版本后,docker 镜像改动较大,其中最重要的特性便是引入了内容寻址存储(content-addressable storage) 的机制,根据文件的内容来索引镜像和镜像层。与之前版本对每个镜像层随机生成一个 UUID 不同,新模型对镜像层的内容计算校验和,生成一个内容哈希值,并以此哈希值代替之前的 UUID 作为镜像层的唯一标识。该机制主要提高了镜像的安全性,并在 pull、push、load 和 save 操作后检测数据的完整性。另外,基于内容哈希来索引镜像层,在一定程度上减少了 ID 的冲突并且增强了镜像层的共享。对于来自不同构建的镜像层,主要拥有相同的内容哈希,也能被不同的镜像共享。
联合挂载
通俗地讲,联合挂载技术可以在一个挂载点同时挂载多个文件系统,将挂载点的原目录与被挂载内容进行整合,使得最终可见的文件系统将会包含整合之后的各层的文件和目录。实现这种联合挂载技术的文件系统通常被称为联合文件系统(union filesystem)。以下图所示的运行 Ubuntu:14.04 镜像后的容器中的 aufs 文件系统为例:
由于初始挂载时读写层为空,所以从用户的角度看,该容器的文件系统与底层的 rootfs 没有差别;然而从内核的角度看,则是显式区分开来的两个层次。当需要修改镜像内的某个文件时,只对处于最上方的读写层进行了变动,不复写下层已有文件系统的内容,已有文件在只读层中的原始版本仍然存在,但会被读写层中的新版本文件所隐藏,当 docker commit 这个修改过的容器文件系统为一个新的镜像时,保存的内容仅为最上层读写文件系统中被更新过的文件。
联合挂载是用于将多个镜像层的文件系统挂载到一个挂载点来实现一个统一文件系统视图的途径,是下层存储驱动(aufs、overlay等) 实现分层合并的方式。所以严格来说,联合挂载并不是 docker 镜像的必需技术,比如在使用 device mapper 存储驱动时,其实是使用了快照技术来达到分层的效果。
容器读写层
docker镜像从哪里来
[root@linux-node2 ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io [root@linux-node2 ~]# cat /etc/docker/daemon.json # 执行上面命令后就会将镜像源修改成国内的地址 {"registry-mirrors": ["http://f1361db2.m.daocloud.io"]} [root@linux-node2 ~]# systemctl restart docker # 重启docker生效
看下图详细介绍:
节省项目环境部署时间(一)
单项目打包:
整套项目打包
新开源技术试用
环境一致性(二)
持续集成(三)
微服务(四)
Docker镜像管理常用命令
docker help # 查看docker帮助 docker image --help # 查看 docker中 镜像相关帮助 docker image ls # 查看当前所有镜像
docker image inspect nginx # 查看指定镜像(nginx镜像)详细信息 docker pull nginx:1.14 # 下载指定版本镜像 nginx docker image rm nginx:1.14 # 删除nginx 1.14版本 docker image save nginx > nginx.tar # 导出niginx镜像
Docker创建容器常用命令
-d: 后台运行容器,并返回容器ID; -i: 以交互模式运行容器,通常与 -t 同时使用; -t: 为容器重新分配一个伪输入终端,通常与 -i 同时使用; -P: 随机端口映射,容器内部端口随机映射到主机的高端口 -p: 指定端口映射,格式为:主机(宿主)端口:容器端口 --name="nginx-lb": 为容器指定一个名称; --dns 8.8.8.8: 指定容器使用的DNS服务器,默认和宿主一致;
--dns-search example.com: 指定容器DNS搜索域名,默认和宿主一致; -h "mars": 指定容器的hostname; -e username="ritchie": 设置环境变量; --env-file=[]: 从指定文件读入环境变量; --cpuset="0-2" or --cpuset="0,1,2": 绑定容器到指定CPU运行; -m :设置容器使用内存最大值; --net="bridge": 指定容器的网络连接类型,支持 bridge/host/none/container: 四种类型; --link=[]: 添加链接到另一个容器; --expose=[]: 开放一个端口或一组端口; --volume , -v: 绑定一个卷 -a stdin: 指定标准输入输出内容类型,可选 STDIN/STDOUT/STDERR 三项;
docker run --help # 查看创建容器帮助 docker run -it centos # 创建centos镜像并进入终端 docker run -d nginx # 后台启动nginx容器 docker stop 6bb09dce461f # 关闭一个容器 docker ps -l # 查看最近运行的容器 docker run -itd centos # 启用一个伪终端守护centos容器
docker container run -d --name web3 -e test=123456 -p 8800:80 -h webhostname --restart always nginx -d # 后台启动nginx容器 --name web3 # 自定义容器名字(默认会是一段随机字符串) -e test=123456 # 启动容器添加变量 test=123456 (echo $test) -p 8800:80 # 宿主机的8800端口映射到docker容器的80端口中 -h webhostname # docker容器主机名 (a300f394af88) --restart always # 宿主机重启自动拉起这个docker容器 nginx # 使用这个nginx镜像启动容器 注:http://192.168.56.12:8800/ 访问这个docker nginx docker logs web # 查看上面启动的web容器的日志 docker exec -it web bash # 进入容器web
容器资源限制
内存限额: 允许容器最多使用500M内存和100M的Swap,并禁用 OOM Killer
docker run -d --name nginx03 --memory="500m" --memory-swap="600m" --oom-kill-disable nginx
CPU限额:
docker run -d --name nginx04 --cpus="1.5" nginx # 允许容器最多使用一个半的CPU
docker run -d --name nginx05 --cpus=".5" nginx # 允许容器最多使用50%的CPU
Docker管理容器常用命令
docker ps # 仅列出当前运行的容器 docker ps -l # 列出最新创建得容器 docker ps -a # 列出素有容器(包括 未运行的) docker inspect web4 # 列出指定容器的详细信息
持久化容器
docker exec -it web4 bash # 进入容器web4中 touch 1.txt 2.txt # 对容器进行修改 docker commit web4 nginx:web4 # 将修改后的web4容器提交为一个新镜像 nginx:web4 docker images # 可以看到 多了一个 TAG标记为 web4 的镜像 docker run -d --name web4-1 nginx:web4 # 使用刚刚提交的镜像web4创建一个容器web4-1 docker exec -it web4-1 bash # 进入web4-1的bash环境
从宿主机复制文件到docker容器
docker cp nginx.tar web4-1:/home # 将宿主机nginx.tar文件拷贝到容器web4-1的/home目录中 docker exec -it web4-1 ls /home # 在容器web4-1中执行 "ls /home" 命令
容器常用查询命令
docker logs web4-1 # 查看web4-1中控制台日志 docker port 55f870061ed9 # 查看指定容器端口映射 docker top 00f7ddc96622 # 查看容器中有哪些进程 docker stats 00f7ddc96622 # 查看容器资源使用情况
启动、停止、删除 容器
docker ps -a # 列出素有容器(包括 未运行的) docker start web # 启动容器web docker stop web # 停止容器web docker rm web
Docker提供三种方式将数据从宿主机挂载到容器中
volumes:Docker管理宿主机文件系统的一部分(/var/lib/docker/volumes) 保存数据的最佳方式。
bind mounts:将宿主机上的任意位置的文件或者目录挂载到容器中, 就像软连接一样。
tmpfs:挂载存储在主机系统的内存中,而不会写入主机的文件系统(不常用)。
区别: volume : 是docker的宿主机文件系统一部分,只有docker可以进行更改,其他进程不能修改 bind mounts : 是挂载在宿主机文件系统的任意位置,除了docker所有进程都可以进行修改、
管理卷:
docker volume create nginx-vol # 创建一个数据卷 nginx-vol
docker volume ls # 查看宿主机数据卷信息 docker volume inspect nginx-vol # 查看 nginx-vol 这个数据卷详细信息 ls /var/lib/docker/volumes/nginx-vol/_data # 详细信息中会显示 nginx-vol 这个卷实际在宿主机位置 docker rm -f $(docker ps -a |awk ‘{print $1}‘) # 删除所有容器
volumes:将容器中的数据持久化到宿主机中
用卷创建一个容器:
docker run -d --name=nginx-test -p 88:80 --mount src=nginx-vol,dst=/usr/share/nginx/html nginx run -d # 后台启动一个nginx容器 --name=nginx-test # 自定义容器名字(默认会是一段随机字符串) -p 88:80 # 将宿主机的88端口映射到容器的80端口 --mount src=nginx-vol, # 挂载数据卷名称nginx-vol dst=/usr/share/nginx/html # 将/usr/share/nginx/html文件挂载到nginx-vol数据卷中 nginx # 使用这个nginx镜像启动容器 vim /var/lib/docker/volumes/nginx-vol/_data/index.html # 修改nginx的 index.html文件可以发现页面发生改变 http://192.168.56.12:88/
清理卷:
docker stop nginx-test # 关闭正在使用卷nginx-vol的容器nginx-test docker rm nginx-test # 删除容器 nginx-test docker volume rm nginx-vol # 删除卷 nginx-vol
bind mounts:将宿主机中的数据挂载到容器中
用卷创建一个容器:
docker run -d --name=nginx-test -p 88:80 --mount type=bind,src=/mnt/,dst=/usr/share/nginx/html nginx run -d # 后台启动一个nginx容器 --name=nginx-test # 自定义容器名字(默认会是一段随机字符串) -p 88:80 # 将宿主机的88端口映射到容器的80端口 --mount type=bind # 将/usr/share/nginx/html文件夹挂载到宿主机/mnt/文件夹中 src=/mnt/, # 宿主机中挂载目录 /mnt/ dst=/usr/share/nginx/html # 容器中/usr/share/nginx/html文件夹 nginx # 使用这个nginx镜像启动容器 docker exec -it nginx-test bash # 进入容器 cd /usr/share/nginx/html # 进入容器的挂载目录 echo "hello I come here" > index.html # 在目录中创建一个 index.html文件 http://192.168.56.12:88/ # 可以在页面访问到 index.html首页 vim /mnt/index.html # 修改 /mnt/index.html 就等同修改容器中的index.html页面
清理:
docker stop nginx-test # 关闭正在使用卷nginx-vol的容器nginx-test docker rm nginx-test # 删除容器 nginx-test
注意:
Volume特点:
Bind Mounts特点:
网络模式:
–net=bridge
默认网络,Docker启动后创建一个docker0网桥,默认创建的容器也是添加到这个网桥中。
–net=host
容器不会获得一个独立的network namespace,而是与宿主机共用一个。这就意味着容器不会有自己的网卡信息,而是使用宿主
机的。容器除了网络,其他都是隔离的。
–net=none
获取独立的network namespace,但不为容器进行任何网络配置,需要我们手动配置。
–net=container:Name/ID
与指定的容器使用同一个network namespace,具有同样的网络配置信息,两个容器除了网络,其他都还是隔离的。
与默认的bridge原理一样,但自定义网络具备内部DNS发现,可以通过容器名或者主机名容器之间网络通信。
‘‘‘开启Linux系统的IP转发功能 ‘‘‘ # 1. 出于安全考虑,Linux系统默认是禁止数据包转发的。 # 2. 所谓转发即当主机拥有多于一块的网卡时,将收到的数据包转发给其他网卡 [root@linux-node4 ~]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 [root@linux-node4 ~]# systemctl restart network [root@linux-node4 ~]# sysctl net.ipv4.ip_forward # 输出为1时则证明是成功的
测试 自定义网络 和 container
下载busybox镜像用于测试
docker pull busybox # 下载一个测试镜像,一些工具都有了 docker run -it busybox # 进入busybox 默认 bash docker run -it --net=host busybox # 以 host 网络模式进入bash
自定义网络模式
docker network create bs-test # 创建一个网络 bs-test docker run -it --name bs3 --net bs-test busybox # 创建容器bst加入网络bs-test docker run -it --name bs4 --net bs-test busybox # 创建容器bst加入网络bs-test ping bs3 # 在bs3和bs4容器中可以通过主机名ping通 ping bs4 docker start bs3 # 启动容器bs3 docker exec -it bs3 sh # 进入bs3 bash环境
container网络模式
docker run -itd --name bs -p 99:80 busybox # 创建一个名字为bs的容器,并将宿主机99端口映射到80端口 docker run -d --name nginx01 --net container:bs nginx # 使用nginx镜像创建一个容器名nginx01,加入到bs容器中 http://192.168.56.12:99/ docker exec -it bs sh # 注:bs容器中虽然没有nginx服务,但是可以访问nginx服务,因为nginx01容器加入了
‘‘‘1.DOckerfile常用命令 ‘‘‘ FROM python:3.6 # 指定拉取镜像版本 ENV PYTHONUNBUFFERED 1 # 不缓冲stdin、stdout和stderr,直接把输出重定向到文件 MAINITAINER zhangsan # 指定作者 RUN mkdri /code # 运行的linux命令 WORKDIR /code # 指定项目工作根路径 ADD . /code/ # 将宿主机文件复制到镜像中 COPY dj.conf /etc/nginx/conf.d # docker内部文件拷贝 VOLUME ["/data1","/data2"] # 将宿主机文件夹挂载到容器中 EXPOSE 8080 # 暴露端口 CMD ["sh","/code/start.sh"] # 容器启动时要运行的命令 CMD ["python", "manage.py", "runserver", "0:8000"] ‘‘‘2.生成镜像并运行容器‘‘‘ docker build -t nginx:v1 -f Dockerfile-nginx . # 使用Dockerfile-nginx文件生成镜像 nginx:v1 docker push linux-node4.example.com/test/nginx:v1 # 推送镜像到harbor中 docker run -d -p 192.168.56.14:8000:8080 nginx:v1 # 运行docker容器
使用 Dockerfile-nginx 文件构建一个基础镜像 nginx:v1
FROM centos:7 MAINTAINER www.ctnrs.com RUN yum install -y gcc gcc-c++ make openssl-devel pcre-devel gd-devel iproute net-tools telnet wget curl && yum clean all && rm -rf /var/cache/yum/* RUN wget http://nginx.org/download/nginx-1.15.5.tar.gz && tar zxf nginx-1.15.5.tar.gz && cd nginx-1.15.5 && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module && make -j 4 && make install && rm -rf /usr/local/nginx/html/* && echo "ok" >> /usr/local/nginx/html/status.html && cd / && rm -rf nginx-1.12.2* && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ENV PATH $PATH:/usr/local/nginx/sbin #COPY nginx.conf /usr/local/nginx/conf/nginx.conf WORKDIR /usr/local/nginx EXPOSE 80 CMD ["nginx", "-g", "daemon off;"]
docker build -t nginx:v1 -f Dockerfile-nginx . # 使用 Dockerfile-nginx 文件构建一个基础镜像 nginx:v1 -t nginx:v1 # 指定版本tag=v1 -f Dockerfile-nginx # 指定dockerfile的名称 . # 指定上下文(比如配置文件在那个位置等) docker images # 查看 nginx:v1 镜像是否创建成功 docker run -d --name nginx01 -p 88:80 nginx:v1 # 使用 nginx:v1 镜像创建一个容器 nginx01 http://192.168.56.12:88/status.html # 测试是否可以访问容器nginx01的web服务
使用nginx:v1 基础镜像构建一个项目镜像
vim Dockerfile
FROM nginx:v1 COPY index.html /usr/local/nginx/html # 需要在当前目录中创建index.html文件
docker build -t nginx:v2 -f Dockerfile . # 使用Dockerfile创建一个项目镜像 nginx:v2
docker run -d --name nginx02 -p 89:80 nginx:v2 # 使用 nginx:v2 创建一个容器 nginx02
http://192.168.56.12:89/ # 测试访问 容器 nginx:v2中的nginx服务
使用 Dockerfile-nginx 文件构建一个基础镜像 nginx:v1
FROM centos:7 MAINTAINER www.ctnrs.com RUN yum install epel-release -y && yum install -y gcc gcc-c++ make gd-devel libxml2-devel libcurl-devel libjpeg-devel libpng-devel openssl-devel libmcrypt-devel libxslt-devel libtidy-devel autoconf iproute net-tools telnet wget curl && yum clean all && rm -rf /var/cache/yum/* RUN wget http://docs.php.net/distributions/php-5.6.36.tar.gz && tar zxf php-5.6.36.tar.gz && cd php-5.6.36 && ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --enable-opcache --with-mysql --with-mysqli --with-pdo-mysql --with-openssl --with-zlib --with-curl --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --enable-mbstring --with-mcrypt --enable-hash && make -j 4 && make install && cp php.ini-production /usr/local/php/etc/php.ini && cp sapi/fpm/php-fpm.conf /usr/local/php/etc/php-fpm.conf && sed -i "90a \daemonize = no" /usr/local/php/etc/php-fpm.conf && mkdir /usr/local/php/log && cd / && rm -rf php* && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ENV PATH $PATH:/usr/local/php/sbin COPY php.ini /usr/local/php/etc/ COPY php-fpm.conf /usr/local/php/etc/ WORKDIR /usr/local/php EXPOSE 9000 CMD ["php-fpm"]
php.ini
;;;;;;;;;;;;;;;;;;;;; ; FPM Configuration ; ;;;;;;;;;;;;;;;;;;;;; ; All relative paths in this configuration file are relative to PHP‘s install ; prefix (/usr/local/php). This prefix can be dynamically changed by using the ; ‘-p‘ argument from the command line. ; Include one or more files. If glob(3) exists, it is used to include a bunch of ; files from a glob(3) pattern. This directive can be used everywhere in the ; file. ; Relative path can also be used. They will be prefixed by: ; - the global prefix if it‘s been set (-p argument) ; - /usr/local/php otherwise ;include=etc/fpm.d/*.conf ;;;;;;;;;;;;;;;;;; ; Global Options ; ;;;;;;;;;;;;;;;;;; [global] ; Pid file ; Note: the default prefix is /usr/local/php/var ; Default Value: none pid = /var/run/php-fpm.pid ; Error log file ; If it‘s set to "syslog", log is sent to syslogd instead of being written ; in a local file. ; Note: the default prefix is /usr/local/php/var ; Default Value: log/php-fpm.log error_log = /usr/local/php/log/php-fpm.log ; syslog_facility is used to specify what type of program is logging the ; message. This lets syslogd specify that messages from different facilities ; will be handled differently. ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) ; Default Value: daemon ;syslog.facility = daemon ; syslog_ident is prepended to every message. If you have multiple FPM ; instances running on the same server, you can change the default value ; which must suit common needs. ; Default Value: php-fpm ;syslog.ident = php-fpm ; Log level ; Possible Values: alert, error, warning, notice, debug ; Default Value: notice log_level = warning ; If this number of child processes exit with SIGSEGV or SIGBUS within the time ; interval set by emergency_restart_interval then FPM will restart. A value ; of ‘0‘ means ‘Off‘. ; Default Value: 0 ;emergency_restart_threshold = 0 ; Interval of time used by emergency_restart_interval to determine when ; a graceful restart will be initiated. This can be useful to work around ; accidental corruptions in an accelerator‘s shared memory. ; Available Units: s(econds), m(inutes), h(ours), or d(ays) ; Default Unit: seconds ; Default Value: 0 emergency_restart_interval = 24h ; Time limit for child processes to wait for a reaction on signals from master. ; Available units: s(econds), m(inutes), h(ours), or d(ays) ; Default Unit: seconds ; Default Value: 0 process_control_timeout = 5s ; The maximum number of processes FPM will fork. This has been design to control ; the global number of processes when using dynamic PM within a lot of pools. ; Use it with caution. ; Note: A value of 0 indicates no limit ; Default Value: 0 ; process.max = 128 ; Specify the nice(2) priority to apply to the master process (only if set) ; The value can vary from -19 (highest priority) to 20 (lower priority) ; Note: - It will only work if the FPM master process is launched as root ; - The pool process will inherit the master process priority ; unless it specified otherwise ; Default Value: no set ; process.priority = -19 ; Send FPM to background. Set to ‘no‘ to keep FPM in foreground for debugging. ; Default Value: yes daemonize = no ; Set open file descriptor rlimit for the master process. ; Default Value: system defined value rlimit_files = 10240 ; Set max core size rlimit for the master process. ; Possible Values: ‘unlimited‘ or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 ; Specify the event mechanism FPM will use. The following is available: ; - select (any POSIX os) ; - poll (any POSIX os) ; - epoll (linux >= 2.5.44) ; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) ; - /dev/poll (Solaris >= 7) ; - port (Solaris >= 10) ; Default Value: not set (auto detection) ;events.mechanism = epoll ; When FPM is build with systemd integration, specify the interval, ; in second, between health report notification to systemd. ; Set to 0 to disable. ; Available Units: s(econds), m(inutes), h(ours) ; Default Unit: seconds ; Default value: 10 ;systemd_interval = 10 ;;;;;;;;;;;;;;;;;;;; ; Pool Definitions ; ;;;;;;;;;;;;;;;;;;;; ; Multiple pools of child processes may be started with different listening ; ports and different management options. The name of the pool will be ; used in logs and stats. There is no limitation on the number of pools which ; FPM can handle. Your system will tell you anyway :) ; Start a new pool named ‘www‘. ; the variable $pool can we used in any directive and will be replaced by the ; pool name (‘www‘ here) [www] ; Per pool prefix ; It only applies on the following directives: ; - ‘access.log‘ ; - ‘slowlog‘ ; - ‘listen‘ (unixsocket) ; - ‘chroot‘ ; - ‘chdir‘ ; - ‘php_values‘ ; - ‘php_admin_values‘ ; When not set, the global prefix (or /usr/local/php) applies instead. ; Note: This directive can also be relative to the global prefix. ; Default Value: none ;prefix = /path/to/pools/$pool ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user‘s group ; will be used. user = nobody group = nobody ; The address on which to accept FastCGI requests. ; Valid syntaxes are: ; ‘ip.add.re.ss:port‘ - to listen on a TCP socket to a specific IPv4 address on ; a specific port; ; ‘[ip:6:addr:ess]:port‘ - to listen on a TCP socket to a specific IPv6 address on ; a specific port; ; ‘port‘ - to listen on a TCP socket to all IPv4 addresses on a ; specific port; ; ‘[::]:port‘ - to listen on a TCP socket to all addresses ; (IPv6 and IPv4-mapped) on a specific port; ; ‘/path/to/unix/socket‘ - to listen on a unix socket. ; Note: This value is mandatory. ;listen = 127.0.0.1:9000 listen = 0.0.0.0:9000 ; Set listen(2) backlog. ; Default Value: 65535 (-1 on FreeBSD and OpenBSD) ;listen.backlog = 65535 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = nobody listen.group = nobody ;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. ; When set, listen.owner and listen.group are ignored ;listen.acl_users = ;listen.acl_groups = ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be ; accepted from any ip address. ; Default Value: any ; listen.allowed_clients = 127.0.0.1 ; Specify the nice(2) priority to apply to the pool processes (only if set) ; The value can vary from -19 (highest priority) to 20 (lower priority) ; Note: - It will only work if the FPM master process is launched as root ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set ; process.priority = -19 ; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user ; or group is differrent than the master process user. It allows to create process ; core dump and ptrace the process for the pool user. ; Default Value: no ; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: ; static - a fixed number (pm.max_children) of child processes; ; dynamic - the number of child processes are set dynamically based on the ; following directives. With this process management, there will be ; always at least 1 children. ; pm.max_children - the maximum number of children that can ; be alive at the same time. ; pm.start_servers - the number of children created on startup. ; pm.min_spare_servers - the minimum number of children in ‘idle‘ ; state (waiting to process). If the number ; of ‘idle‘ processes is less than this ; number then some children will be created. ; pm.max_spare_servers - the maximum number of children in ‘idle‘ ; state (waiting to process). If the number ; of ‘idle‘ processes is greater than this ; number then some children will be killed. ; ondemand - no children are created at startup. Children will be forked when ; new requests will connect. The following parameter are used: ; pm.max_children - the maximum number of children that ; can be alive at the same time. ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to ‘static‘ and the ; maximum number of child processes when pm is set to ‘dynamic‘ or ‘ondemand‘. ; This value sets the limit on the number of simultaneous requests that will be ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP ; CGI. The below defaults are based on a server without much resources. Don‘t ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to ‘static‘, ‘dynamic‘ or ‘ondemand‘ ; Note: This value is mandatory. pm.max_children = 200 ; The number of child processes created on startup. ; Note: Used only when pm is set to ‘dynamic‘ ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 pm.start_servers = 50 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to ‘dynamic‘ ; Note: Mandatory when pm is set to ‘dynamic‘ pm.min_spare_servers = 50 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to ‘dynamic‘ ; Note: Mandatory when pm is set to ‘dynamic‘ pm.max_spare_servers = 100 ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to ‘ondemand‘ ; Default Value: 10s ;pm.process_idle_timeout = 10s; ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify ‘0‘. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 pm.max_requests = 51200 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: ; pool - the name of the pool; ; process manager - static, dynamic or ondemand; ; start time - the date and time FPM has started; ; start since - number of seconds since FPM has started; ; accepted conn - the number of request accepted by the pool; ; listen queue - the number of request in the queue of pending ; connections (see backlog in listen(2)); ; max listen queue - the maximum number of requests in the queue ; of pending connections since FPM has started; ; listen queue len - the size of the socket queue of pending connections; ; idle processes - the number of idle processes; ; active processes - the number of active processes; ; total processes - the number of idle + active processes; ; max active processes - the maximum number of active processes since FPM ; has started; ; max children reached - number of times, the process limit has been reached, ; when pm tries to start more children (works only for ; pm ‘dynamic‘ and ‘ondemand‘); ; Value are updated in real time. ; Example output: ; pool: www ; process manager: static ; start time: 01/Jul/2011:17:53:49 +0200 ; start since: 62636 ; accepted conn: 190460 ; listen queue: 0 ; max listen queue: 1 ; listen queue len: 42 ; idle processes: 4 ; active processes: 11 ; total processes: 15 ; max active processes: 12 ; max children reached: 0 ; ; By default the status page output is formatted as text/plain. Passing either ; ‘html‘, ‘xml‘ or ‘json‘ in the query string will return the corresponding ; output syntax. Example: ; http://www.foo.bar/status ; http://www.foo.bar/status?json ; http://www.foo.bar/status?html ; http://www.foo.bar/status?xml ; ; By default the status page only outputs short status. Passing ‘full‘ in the ; query string will also return status for each pool process. ; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full ; http://www.foo.bar/status?xml&full ; The Full status returns for each process: ; pid - the PID of the process; ; state - the state of the process (Idle, Running, ...); ; start time - the date and time the process has started; ; start since - the number of seconds since the process has started; ; requests - the number of requests the process has served; ; request duration - the duration in µs of the requests; ; request method - the request method (GET, POST, ...); ; request URI - the request URI with the query string; ; content length - the content length of the request (only with POST); ; user - the user (PHP_AUTH_USER) (or ‘-‘ if not set); ; script - the main script called (or ‘-‘ if not set); ; last request cpu - the %cpu the last request consumed ; it‘s always 0 if the process is not in Idle state ; because CPU calculation is done when the request ; processing has terminated; ; last request memory - the max amount of memory the last request consumed ; it‘s always 0 if the process is not in Idle state ; because memory calculation is done when the request ; processing has terminated; ; If the process is in Idle state, then informations are related to the ; last request the process has served. Otherwise informations are related to ; the current request being served. ; Example output: ; ************************ ; pid: 31330 ; state: Running ; start time: 01/Jul/2011:17:53:49 +0200 ; start since: 63087 ; requests: 12808 ; request duration: 1250261 ; request method: GET ; request URI: /test_mem.php?N=10000 ; content length: 0 ; user: - ; script: /home/fat/web/docs/php/test_mem.php ; last request cpu: 0.00 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available ; It‘s available in: /usr/local/php/share/php/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside ; that FPM is alive and responding, or to ; - create a graph of FPM availability (rrd or such); ; - remove a server from a group if it is not responding (load balancing); ; - trigger alerts for the operating team (24/7). ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set ;ping.path = /ping ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. ; Default Value: pong ;ping.response = pong ; The access log file ; Default: not set ;access.log = log/$pool.access.log ; The access log format. ; The following syntax is allowed ; %%: the ‘%‘ character ; %C: %CPU used by the request ; it can accept the following format: ; - %{user}C for user CPU only ; - %{system}C for system CPU only ; - %{total}C for user + system CPU (default) ; %d: time taken to serve the request ; it can accept the following format: ; - %{seconds}d (default) ; - %{miliseconds}d ; - %{mili}d ; - %{microseconds}d ; - %{micro}d ; %e: an environment variable (same as $_ENV or $_SERVER) ; it must be associated with embraces to specify the name of the env ; variable. Some exemples: ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e ; %f: script filename ; %l: content-length of the request (for POST request only) ; %m: request method ; %M: peak of memory allocated by PHP ; it can accept the following format: ; - %{bytes}M (default) ; - %{kilobytes}M ; - %{kilo}M ; - %{megabytes}M ; - %{mega}M ; %n: pool name ; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o ; - %{Transfert-Encoding}o ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request ; %q: the query string ; %Q: the ‘?‘ character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address ; %s: status (response code) ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set slowlog = log/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the ‘slowlog‘ file. A value of ‘0s‘ means ‘off‘. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_slowlog_timeout = 10 ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the ‘max_execution_time‘ ini option ; does not stop script execution for some reason. A value of ‘0‘ means ‘off‘. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 600 ; Set open file descriptor rlimit. ; Default Value: system defined value rlimit_files = 10240 ; Set max core size rlimit. ; Possible Values: ‘unlimited‘ or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with ‘$prefix‘ to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. ; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set ;chroot = ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot ;chdir = /var/www ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no ;catch_workers_output = yes ; Clear environment in FPM workers ; Prevents arbitrary environment variables from reaching FPM worker processes ; by clearing the environment in workers before env vars specified in this ; pool configuration are added. ; Setting to "no" will make all environment variables available to PHP code ; via getenv(), $_ENV and $_SERVER. ; Default Value: yes ;clear_env = no ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to ; exectute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php ;security.limit_extensions = .php .php3 .php4 .php5 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env ;env[HOSTNAME] = $HOSTNAME ;env[PATH] = /usr/local/bin:/usr/bin:/bin ;env[TMP] = /tmp ;env[TMPDIR] = /tmp ;env[TEMP] = /tmp ; Additional php.ini defines, specific to this pool of workers. These settings ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can ; be overwritten from PHP call ‘ini_set‘. ; php_admin_value/php_admin_flag - these directives won‘t be overwritten by ; PHP call ‘ini_set‘ ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. ; Defining ‘extension‘ will load the corresponding shared extension from ; extension_dir. Defining ‘disable_functions‘ or ‘disable_classes‘ will not ; overwrite previously defined php.ini values, but will append the new value ; instead. ; Note: path INI options can be relative and will be expanded with the prefix ; (pool, global or /usr/local/php) ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com ;php_flag[display_errors] = off ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M
docker build -t php:v1 -f Dockerfile-php . # 使用 Dockerfile-nginx 文件构建一个基础镜像 php:v1 docker images # 确认 php:v1镜像是否构建成功 docker run -d --name php01 php:v1 # 使用php:v1镜像启动一个容器 php01 docker ps -l # 确认 容器php01是否可以成功启动 docker exec -it php01 bash # 进入容器php01 bash环境,确定一下php是否安装成功
dockerfile的作用
FROM # build是基于哪个镜像来构建新的镜像
ENV PATH $PATH:/usr/local/nginx/sbin # 配置环境变量,注意此配置会在container中生效
COPY src dest # docker内部文件系统中拷贝
ADD src dest # 将宿主机本地文件拷贝到docker中
RUN command # 执行linux命令
CMD ["sh","/code/start.sh"] # 启动服务
EXPOSE 8080 # 暴露端口
WORKDIR /path # 在此指令之后的操作,以及container的默认进入路径都将时 /path目录
VOLUME [‘/path1‘, ‘/path2‘] # 基于此镜像创建的container都将拥有VOLUME中指定的挂在目录
Dockerfile编写优化
希望大家没有被文中众多的名称和概念搞糊涂,让我们以下图来结束本文,展示了从 2013 年到 2017 年从 docker hub 拉取镜像次数的趋势:
标签:systemd 方式 memory share tfs 软件包 查看 coding sso
原文地址:https://www.cnblogs.com/yangmaosen/p/Mr_Y5.html
