Practice of deploying docker container with container

Time:2021-7-21

1、 Background

Recently, when using ranger2.5.5 to deploy redis master-slave replication, we found that Ranger would generate many iptables rules, which made it impossible for us to use the master-slave replication function of redis on the machine where ranger was deployed, because my understanding of Ranger and k8s was limited to understanding the network architecture and use, and I didn’t go deep into the underlying layer, The problem of network conflict cannot be solved in a short time;

Therefore, I changed the mode of docker management by Ranger to that of using the container. This container is relatively more lightweight, and it also used several hours of learning in the process of building. Now I will try to recover the whole process for your reference.

2、 Operation steps

  1. Installing portiner
  2. Management node
  3. Deployment container

3、 Installing portiner

There are many ways to install portiner, but I always like to use the simplest way to do what I need to do, so here I will use the docker method to build it.

3.1 docker deployment

The deployment of docker is very simple. You only need to execute a simple run container command. The command is as follows.

docker run -d \
-p 9000:9000 \
-p 8000:8000 \
--restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /opt/docker/portainer-ce/data:/data \
--name portainer-ce portainer/portainer-ce

The command maps the 8000 port and 9000 port of the physical machine to the 8000 port and 9000 port of the container. At the same time, the docker communication file of the host computer is saved/var/run/docker.sockAlso mapped to the container, in addition to the persistent deployment, also the directory /opt/docker/portainer-ce/dataMapped to the/dataAfter the command is executed, the returned result information is as shown in the figure below

Practice of deploying docker container with container

As you can see in the figure above, a docker container has been successfully run. Next, I need to verify whether the service is running normally and use the browser to access the URLhttp://127.0.0.1:9000/Address, the results are as follows

Practice of deploying docker container with container
In the figure above, you can see that the portal system has been accessed, indicating that the system has been successfully installed.

3.2 node initialization

Now I need to set the administrator’s account and password. Here I simply fill in the password and confirm the password, and then clickCreate userButton to create an administrator account.

After the administrator account is set, it needs to be initialized, as shown in the figure below

Practice of deploying docker container with container
In the figure above, there are three options. I choose to use the container to manage the local docker program. ClickConnectButton to complete the initialization operation.

3.3 function exploration

After completing the initialization operation, you can enter the working interface of the container, as shown in the figure below

Practice of deploying docker container with container

Look for the one in the picture above. You can see that there is already one in the container systemlocalWe can click it to enter the node management, as shown in the figure below

Practice of deploying docker container with container

As you can see in the figure above, the container system lists thelocalNode stack, container information, image information, disk information, network information and so on, here I click at willContainersBlock, you can see the list of containers, as shown in the figure below

Practice of deploying docker container with container

In the figure above, you can see that there are two containers in the container list, as well as the running status of the containers. You can also control these containers.

4、 Management node

Now I can control the local docker, but I am not satisfied with this. I need to control other machines as well.

4.1 start adding nodes

In the container system, there is aendpointsIn this menu, you can add multiple nodes, as shown in the figure below
Practice of deploying docker container with container
As you can see in the picture above, there is already onelocalAt the top of the listAdd endpointButton. Click the button to go to the details page of adding nodes, as shown in the figure below

Practice of deploying docker container with container

As you can see in the figure above, there are five options. Here I choose the simplest way to useDocker APIControl.

4.2 open API control

This method needs to add parameters to the docker startup program of the node, so I need to log in to the node server first. The command to log in to the server by SSH is as follows

ssh [email protected]

After the command is executed, return as shown in the figure below
Practice of deploying docker container with container

In the figure above, you can see that you have entered the server where the node is located, and then you need to edit the configuration file started by docker. The command is as follows

vim /usr/lib/systemd/system/docker.service

After the command is executed, you can modify the configuration in the VIM editing interface, as shown in the figure below
Practice of deploying docker container with container

Add the remote access startup code to the docker startup command line. The code is as follows

-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock

Copy code to/usr/bin/dockerd After the program, as shown in the figure below
Practice of deploying docker container with container

After saving the configuration file, you need to restart the docker service. The command to restart the docker is as follows

systemctl daemon-reload  && systemctl restart docker

After the docker is restarted, everything will be finished if it is normal

4.3 verify port status

To view the configuration information of docker, the command is as follows

docker info

After the command is executed, the returned information is shown in the figure below
Practice of deploying docker container with container
As you can see in the figure above, docker gives me a warning that there is a security risk when remote access is turned on. I will ignore it for the moment, but this prompt indicates that remote access is turned on

In addition, you can check whether the opening is successful by opening the port. The command is as follows

netstat -ntl

After the command is executed, the port opening of the current host will be returned, as shown in the figure below
Practice of deploying docker container with container
You can see it in the picture above2375The port has been successfully opened, which indicates that the node itself is OK to open the docker;

However, when the container accesses this node through IP, it should consider whether the firewall in the network will shield this port. Here, it can be usednmapTool to detect whether the port of the node can be accessed. Now I go back to the command terminal of the container system and use the nmap tool to detect. The command is as follows

nmap -p 2375 xxx.xxx.xxx.xxx

After the command is executed, whether 2375 is on will be returned. The execution result is shown in the figure below

Practice of deploying docker container with container

In the figure above, you can see the location of the node2375The port is open and can be connected.

4.4 add nodes

Next, return to the browser window, as shown in the figure below

Practice of deploying docker container with container

In the web page shown in the figure above, fill in the IP address and port of the node in the form of URL, and then clickAdd endpodintButton to add the node. If the node is added successfully, there will be a corresponding prompt, as shown in the figure below

Practice of deploying docker container with container

In the figure above, you can see that the container system prompts that the node has been successfully added, and you can see this node in the node list.

5、 Deployment container

After adding nodes, I am ready to deploy my container in remote nodes;

5.1 deploying a single container

Back to the home page of the container, you can see the node information just added on the home page, as shown in the figure below

Practice of deploying docker container with container

Select the node just added in the figure above, and then enter the container menu option to see the container list of this node, as shown in the figure below

Practice of deploying docker container with container

At the top of the list on the page shown above is aAdd containerButton, click this button to adjust to the add container details page

Practice of deploying docker container with container
In the page shown in the figure above, you need to fill in the docker image address. Here I select a nginx image at will, and map port 8888 of the host to port 80 of the container. After submitting this information, the container system will tell you whether the container runs successfully, as shown in the figure below

Practice of deploying docker container with container
In the figure above, we can see that the container has run successfully and jumps to the container list. Next, we can visit the 8888 port corresponding to this node to verify whether the service is available

Open the browser and fill in the URL in the address barhttp://xxx.xxx.xxx.xxx:8888/After accessing, the returned result is as shown in the figure below
Practice of deploying docker container with container

You can see it in the picture abovenginxThe service has run successfully;

5.2 deploying docker compose

In addition to deploying containers in the container list page, the container system also supports deployment in the form of docker compose, which is calledstacks, select this item in the menu bar to enter the list of docker compose services, as shown in the figure below
Practice of deploying docker container with container

At the top of the list is aAdd stackButton, click this button, you can adddocker-composeService, as shown in the figure below

Practice of deploying docker container with container

In the page shown in the figure above, I will be asked to fill in the docker composition information. Here I have prepared a redis servicedocker-composeThe configuration code is as follows

version: '3.5'
services:
  redis:
    image: "redis:latest"
    container_name: redis_test
    command: redis-server
    ports:
      - "16379:16379"

After the configuration is filled in the page and submitted, the container will deploy the configuration in the corresponding nodedocker-composeService, as shown in the figure below
Practice of deploying docker container with container
After successful deployment, you can see the deployed service in the stacks list. You can also click the service name in the list to enter the details page to view and modify it, as shown in the figure below

Practice of deploying docker container with container

In the figure above, you can see what container this service runs, and you can also terminate or delete the container.

In this paper, the container is also a preliminary study, more details also need to be tirelessly explored.


About the author

Author: Tang Qingsong

Wechat: songboy8888

Date: April 10, 2021

Recommended Today

Write OS kernel from scratch – run shell

Series catalog Preface preparation BIOS boot to real mode GDT and protection mode On virtual memory Load and enter the kernel Display and print Global descriptor table GDT Interrupt processing Virtual memory perfection Implement heap and malloc First kernel thread Multithreading operation and switching Lock and multithreading synchronization Enter user status Process implementation system call […]