説æ
docker swarmã¢ãŒãã§ã¯ãããŒãã127.0.0.1ã«ãã€ã³ããããšã0.0.0.0ã§ãããŒããéããŸãã ããã¯é倧ãªã»ãã¥ãªãã£åé¡ã«ãªãå¯èœæ§ããããããããã¥ã¡ã³ãã§èª¬æããå¿ èŠããããŸãã
åé¡ãåçŸããæé ïŒ
mongodb:
image: mongo:3.2
volumes:
- ./persistent-data/mongodb:/data
- ./persistent-data/mongodb/db:/data/db
networks:
data:
aliases:
- mongo.docker
logging:
driver: syslog
options:
syslog-address: "udp://10.129.26.80:5514"
tag: "docker[mongodb]"
ports:
- "127.0.0.1:27017:27017"
deploy:
placement:
constraints: [node.labels.purpose == main-data]
åãåã£ãçµæã説æããŠãã ããã
nc -vz PUBLIC_NODE_IP 27017
found 0 associations
found 1 connections:
[...]
Connection to PUBLIC_NODE_IP port 27017 [tcp/*] succeeded!
æåŸ
ããçµæã説æããŠãã ããã
ããŒãã¯ãå°ãªããšããã®ãµãŒãã¹ãå®è¡ããŠããã¹ãŠã©ãŒã ããŒãã§ã¯ã127.0.0.1ã§ã®ã¿äœ¿çšã§ããŸãã
éèŠãšæãããè¿œå æ å ±ïŒããšãã°ãåé¡ã¯ããŸã«ããçºçããŸããïŒïŒ
docker version
åºåïŒ
Docker version 17.03.1-ce, build c6d412e
docker info
åºåïŒ
ã¹ãŠã©ãŒã ãããŒãžã£ãŒã®Dockeræ å ±ïŒ
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 17.03.1-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 3
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: active
NodeID: pk7ulemi0z0chgtsg0azfrjz5
Is Manager: true
ClusterID: 27etomlyjvtmygrm6rcdgr2ni
Managers: 1
Nodes: 6
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 3
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Node Address: 10.129.26.165
Manager Addresses:
10.129.26.165:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 4ab9917febca54791c5f071a9d1f404867857fcc
runc version: 54296cf40ad8143b62dbcaa1d90e520a2136ddfe
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-64-generic
Operating System: Ubuntu 16.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 992.4 MiB
Name: <HIDDEN>
ID: IMOK:QIR7:WU5Y:WTPP:EPRQ:F77G:ULGE:WOG4:O7S7:6AFE:V7QG:2XEK
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: <HIDDEN>
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
è¿œå ã®ç°å¢ã®è©³çŽ°ïŒAWSãVirtualBoxãç©çãªã©ïŒïŒ
DigitalOceanã®æ¶²æ»Žã§ãã¹ãæžã¿ã
ã¯ããããã¯ãšã©ãŒãåºåããã¯ãã§ãã ãµãŒãã¹ïŒããã©ã«ãïŒã¯ãingressããããã¯ãŒã¯ã䜿çšããŠãå ¬éãããæçµçã«ã©ã®_node_ã«å°éããããäºæž¬ã§ããªããããIPã¢ãã¬ã¹ã®æå®ããµããŒãããŸããïŒãããã£ãŠã䜿çšå¯èœãªIPã¢ãã¬ã¹ã¯äžæã§ã-127.0ã§ãã.0.1ãå¯èœãããããŸããïŒã ãã®åé¡ã¯ããã®æ©èœhttps://github.com/docker/docker/issues/26696ã远跡ããŠã
ããã§ã®ãã°ã¯ãdockerããªãã·ã§ã³ãé»ã£ãŠç¡èŠããã®ã§ã¯ãªãããšã©ãŒãçæããå¿ èŠãããããšã§ãã ãã®æå°éã®docker-composeãã¡ã€ã«ã䜿çšããŠåçŸå¯èœã
version: "3.2"
services:
mongodb:
image: nginx:alpine
ports:
- "127.0.0.1:27017:80"
ping @dnephin @vdemeester
@ fer2d2ã¹ãŠã©ãŒã ã¢ãŒãã§äœããå
¬éãããšïŒ ports
å Žåã¯stack deploy
ïŒã ingress
ãããã¯ãŒã¯ã§å
¬éããããããå
¬éãããŸãã ãããåé¿ããããã€ãã®æ¹æ³ããããããããã£ã³ã°kind/bug
ãã®äžã§ãæã
ã¯ãå°ãªããšã人ã
ã«èŠåããªããã°ãªããªãã®ã§ã«é¢ããããšãã£ãŠããšãã«stack deploy
ãã®è¡šèšæ³ãæã£ãŠããããŒããæã€ïŒã€ãŸãã host:port:port
ïŒã
ãããåé¿ããã«ã¯ãããã€ãã®æ¹æ³ããããŸãã
mongo
ããŒããå
¬éããå Žåã«ã®ã¿å
¬éããå¿
èŠããããŸããmongo
ããã¢ã¯ã»ã¹ã§ããŸãïŒã ingress
ã§ã¯ãªããã¹ãã§å
¬éããå ŽåïŒã€ãŸããã¹ãŠã©ãŒã ã¢ãŒãã䜿çšããªãå Žåãšåãããã«ãã¹ãŠã©ãŒã ãããªãã¯ã§ã¯ãªããå®è¡äžã®ãã¹ãäžã§ã®ã¿ïŒãããŒãæ¡åŒµæ§æã䜿çšããå¿
èŠããã ports:
- mode: host
target: 80
published: 9005
docker run -p 80:9005 âŠ
ãšåãããã«åäœããããã 0.0.0.0
ã«ãã€ã³ããããŸããããã¹ãã«éå®ãããŸãã
ãããã @ thaJeztahãèšã£ãããã«ããããã§ã®ãã°ã¯ãdockerããªãã·ã§ã³ãé»ã£ãŠç¡èŠããã®ã§ã¯ãªãããšã©ãŒãçæããã¯ãã ãšããããšã§ããðŒ
/ cc @mavenugo @abochã䜿çšããŠãå®éã«ç¹å®ã®IPã«ãã€ã³ãã§ããããã«ããæ¹æ³ããããã©ããã確èªããŸããïŒ ïŒããŒãã®IPãç°ãªããããéæããã®ã¯éåžžã«å°é£ã§ããïŒ
@vdemeesterãã®è¡šèšã䜿çšããŠããã¹ãã¿ãŒã²ãããšããŠlocalhostãæå®ã§ããŸããïŒ
ports:
- mode: host
target: 127.0.0.1:80
published: 9005
ããã¯ããŒãæ§æã®æ¡åŒµãã©ãŒãããã§ãããããæ£ããæ©èœããã¯ãã§ãã
åãã£ãŠæè¬ããŸã
é·ãæ§æã§ã¯ãã¿ãŒã²ãããšå ¬éã®äž¡æ¹ãæŽæ°åãšããŠé©çšãããŠããããã§ã
SSHãã³ãã«ãä»ããŠäžéšã®ãµãŒãã¹ã«æ¥ç¶ããŠããå Žåãããã¯æãŸããåäœã§ã¯ãªããšæããŸãã ããšãã°ãMySQLãŸãã¯MongoDBãµãŒããŒã127.0.0.1ã«é 眮ããSSHãã³ãã«çµç±ã§æ¥ç¶ããå ŽåãDocker Swarmã䜿çšããŠã0.0.0.0ã§ããŒã¿ããŒã¹ããŒããå ¬éããããSSHãå éšã§å®è¡ããã«ã¹ã¿ã ããŒã¿ããŒã¹ã³ã³ãããäœæããå¿ èŠã
SQL WorkbenchãRobomongoãªã©ããã®å¶éïŒç¹å®ã®ã€ã³ã¿ãŒãã§ã€ã¹ãã€ã³ãã£ã³ã°ïŒã®ããã«äœ¿çšã§ããªãSSHãã³ãã«ã䜿çšããããŒã¿ããŒã¹ã¯ã©ã€ã¢ã³ãã¯å€æ°ãããŸãã
ç§ãã¡ã®äŒç€Ÿã§ã¯@ fer2d2ãšåãåé¡ããããsshãã³ãã«ãä»ããŠMongoboosterãdockerswarmã«æ¥ç¶ããããšããŠããŸãã ç§ãã¡ãèŠã€ããå¯äžã®è§£æ±ºçã¯ã27017ããŒããéãããŠãŒã¶ãŒãšãã¹ã¯ãŒãã§ããŒã¿ããŒã¹ãä¿è·ããããšã§ããã
é£çµ¡ãã£ãïŒ
+1
+1
é·ã圢åŒã®ããŒããããã³ã°ã«ip_address ïŒportãã¢ãèš±å¯ããå¥ã®äœ¿çšäŸã¯ããšããŒãã£ã¹ãã¢ãã¬ã¹ãŸãã¯ã«ãŒãããã¯ã«é¢é£ä»ããããŠããå¯èœæ§ã®ãããã®ä»ã®ã¢ãã¬ã¹ã§ãã ãããã¯ãã«ãŒãããã¯ãããã¯ãŒã¯ã§ã®ã¿è¡šç€ºããããšããç¹ã§127.0.0.1ã¢ãã¬ã¹ã«äŒŒãŠããŸãã ãã®ããããã£ãæã€ããŒãã«å¶éããããµãŒãã¹ã¯ãããŒãå€æã®iptablesã«ãŒã«ãåé¿ããªãããããŒãã®è¡çªãåé¿ããããã«ããšããŒãã£ã¹ãã¢ãã¬ã¹ã§ã®ã¿ããŒããå ¬éãããå ŽåããããŸãã
次ã®ããã«æå®ãããšããªãã·ã§ã³ã«ãªãå¯èœæ§ããããŸããã
placement:
constraints:
- node.id ==
也æ¯
+1
+1
+1
ç§èªèº«ã®ããã«ç§ã¯ãã®åé¡ã解決ããŸããïŒ
iptables -I DOCKER-USER -i eth0 -j DROP
iptables -I DOCKER-USER -m state --state RELATED,ESTABLISHED -j ACCEPT
Dockerã¯ãããã®ã«ãŒã«ã«è§ŠããŸããã èªåã§è¿œå ããã ã-A DOCKER-USER -j RETURN
ãã®çµæãããŒãã¯0.0.0.0ã§ãªãã¹ã³ããŸãããå€éšã€ã³ã¿ãŒãã§ã€ã¹eth0ããã¯ã¢ã¯ã»ã¹ã§ããŸããã
ãã®åäœã¯ãããã©ã«ãã§å®å šãã«éåããŠãããããã¥ã¡ã³ãã«ã¡ã¢ãå ¥ããã ãã§ã¯äžååã§ãã ä»ã®ãšããããšã©ãŒãçºçããã¯ãã§ãã
ãŸããã¢ãŒãïŒingress / hostã«ãé¢é£ããŠããŸãïŒãããã®2ã€ã®åé¡ã¯è°è«ã§æ··ä¹±ããŠããããã§ãïŒã ãµãŒãã¹ããã¹ãŠã®ããŒãã®ããŒã«ã«ã¢ãã¬ã¹ã«ãã€ã³ããããã®ãåæ¢ããå¿ èŠãããããå€éšã¢ãã¬ã¹ã«ã¯ãã€ã³ããããªãå ¥åã¢ãŒãã«ã€ããŠã¯äœããããŸããã ãããã£ãŠã127.xxxãèš±å¯ããå¿ èŠããããŸãã ïŒéã¹ãŠã©ãŒã ã¢ãŒãïŒdocker runã䜿çšïŒã§ã¯ã127.0.0.2ïŒ80ã127.0.0.3:80ãªã©ã«ãã€ã³ãããŸããéçºäžã®è€æ°ã®ãµãŒããŒãããŒã«ã«ã§ãã¹ãããŸããïŒ
ãã1ã€ã®åé¡ã¯ãå ¥åã¢ãŒããããã©ã«ãã§ãããšããããšã§ãã ããã¯äºæããªãããšã§ãããã»ãã¥ãªãã£ã®åé¡ã«ãã€ãªãããŸãã 127.0.0.3:80ã«ãã€ã³ããããããŒãã䜿çšããŠããããã¯ãŒã¯ã®ãã©ã€ããŒãéšåã«ããããã«å¶çŽãããããŒãã§ãµãŒãã¹ãéå§ããããšããŸããã 次ã«ããããªãã¯ããŒãã®ãããªãã¯ã€ã³ã¿ãŒãã§ã€ã¹ã«ããã€ã³ããããŸããã ïŒããã¯ãIPã¢ãã¬ã¹ãé»ã£ãŠç¡èŠããå ¥åã¢ãŒããé»ã£ãŠäœ¿çšããŠãããããããŒã¿ãå ¬éãããŠããŸãïŒã
/etc/hosts
ã䜿çšããŠãåãã¡ã€ã³åãç°ãªãã³ã³ããã«éä¿¡ãããããã«ããŸãã ããã¯docker run
ã§æ©èœããŸãããcomposeã§ã¯æ©èœããŸãããããŒã«ã«ã¢ãã¬ã¹ãžã®ãã€ã³ããèš±å¯ãããšãå¶çŽã®ããããŒãã«åœ¹ç«ã¡ãŸãã ç¹å®ã®ã¢ãã¬ã¹ãžã®ãã€ã³ããèš±å¯ããããå¶çŽãããããŒãã§æ©èœããããã¹ãŠã©ãŒã ãä»ããŠããŒãã®1ã€ã«ããã¢ãã¬ã¹ã®1ã€ã«ã«ãŒãã£ã³ã°ãããŸãïŒå ¥åã¢ãŒãã®ã¿ã®å ŽåããããŸãïŒã ãã®ã«ãŒãã£ã³ã°ã¯ãã§ã«è¡ãããŠããŸã
@ richard-delorenzi Mobyã¯çŸåšããã¹ãIPãåãå ¥ããŠããŸããã ãããã£ãŠãæ©èœãªã¯ãšã¹ã以å€ã§ã¯ãããã¯ã¯ã©ã€ã¢ã³ãåŽã®åé¡ã®ããã«èãããŸã...å ·äœçã«ã¯ãcomposeyamlãDockerCLIã§ã©ã®ããã«å€æããããã§ãã
å ¥åãæ©èœããæ¹æ³ã¯ããªãããææžåãããŠããŸãããããã¯CLIã§ã®åäœãæªãããšã«åæããŸãã
+1
+1
+1
ç§ã䜿çšããçš®é¡ã®åé¿çããããŸãã ã¹ã¿ã³ãã¢ãã³ã³ã³ãããå®è¡ãããããããcoreããšããååã®ãããã¯ãŒã¯ã«æ¥ç¶ããŸãããã®ãããã¯ãŒã¯ã¯ã矀ãã®äžã§å®è¡ãããŠãããã¹ãŠã®ããã¯ãšã³ããµãŒãã¹ïŒmongoãelasticsearchãinfluxdbãªã©ïŒã§äœ¿çšãããŸãã
äœæãã¡ã€ã«ã§ãããè¡ãæ¹æ³ãããããªãããã次ã®ããã«ã¹ã¿ã³ãã¢ãã³ã³ã³ãããå®è¡ããŠããã ãã§ãã
docker run --name kibana --rm -d -v /var/lib/kibana:/usr/share/kibana/config -p 127.0.0.1:5601:5601 --network core docker.elastic.co/kibana/kibana:6.1.2
docker run --name chronograf --rm -d -v /var/lib/chronograf:/var/lib/chronograf -p 127.0.0.1:8888:8888 --network core chronograf:1.4 chronograf --influxdb-url=http://influxdb:8086
ããããéå§ããåŸãdockerpsã¯æ°ããã³ã³ãããŒã127.0.0.1ã«ãã€ã³ããããŠããããšã瀺ããŸãã ã¢ãŒã¡ã³ã 次ã«ãããŒã«ã«ã¯ãŒã¯ã¹ããŒã·ã§ã³ããDockerãã¹ãã«ãã³ããªã³ã°ããŠã次ã®ããã«å®å šã«ã¢ã¯ã»ã¹ã§ããŸãã
ssh -i my_ssh_key.pem [email protected] -L 8888:localhost:8888 -L 5601:localhost:5601 -N
ãã©ãŠã¶ããã httpïŒ// localhost ïŒ8888ãŸãã¯httpïŒ// localhost ïŒ5601ã«æ¥ç¶ã§ã
ç§ã®ããã«åããŸãã
UNIXãœã±ããã127.0.0.1TCP / IPãœã±ããã眮ãæããããšãã§ããå Žåãç§ãfluent-bitã«å¯ŸããŠå®è£ ããå¯èœãªåé¿çã¯ããã«ãã
mode
å¥ã®ãªãã·ã§ã³ãè¿œå ãããšåœ¹ç«ã€ãããããŸããã host
ãšingress
ã«å ããŠã local
ãããªãã®ã
ããŠãŒã¶ããªãã£ïŒMobyã¯ãŠãŒã¶ããªãã£ãæãªãããšãªãå®å šãªããã©ã«ããæäŸããŸãããšããæèšãåé€ããŠãã ããã mobyã®readmeãã¡ã€ã«ã ããã¯ééããªãèåœã®åºåã§ãã@ richard-delorenziã®ã³ã¡ã³ããåç §ããŠãã ããã
ãµãŒãã¹ã¯ããã©ã«ãã§ããŒããå ¬éããªããããããŒããå ¬éããããã«æå®ããªãéãããµãŒãã¹ã«ã¢ã¯ã»ã¹ã§ããŸããã çŸåšãç¹å®ã®IPã¢ãã¬ã¹ãžã®ãã€ã³ãã¯ãµããŒããããŠããŸããã ãµãŒãã¹ã«ã¢ã¯ã»ã¹ã§ããªãå Žåã¯ãããŒããå ¬éãããå éšïŒãªãŒããŒã¬ã€ïŒãããã¯ãŒã¯ã䜿çšããŠãµãŒãã¹ã«æ¥ç¶ããŸãã
IPã¢ãã¬ã¹ãžã®ãã€ã³ãã®ãµããŒãã®è¿œå ã«ã€ããŠã¯ã httpsïŒ//github.com/moby/moby/issues/26696ã§èª¬æãããŠã
ã¹ã¿ãã¯ããããã€ãããšãã«èŠåãè¿œå ãããŸããã
docker stack deploy -c- test <<'EOF'
version: '3'
services:
web:
image: nginx:alpine
ports:
- "127.0.0.1:8080:80"
EOF
WARN[0000] ignoring IP-address (127.0.0.1:8080:80/tcp) service will listen on '0.0.0.0'
Creating network test_default
Creating service test_web
ãŸããæå®ãããIPã¢ãã¬ã¹ã䜿çšããŠãµãŒãã¹ããããã€ããããšãããšããšã©ãŒãçºçããŠãããã€ã«å€±æããŸãã
docker service create -p 127.0.0.1:9090:80 nginx:alpine
invalid argument "127.0.0.1:9090:80" for "-p, --publish" flag: hostip is not supported
See 'docker service create --help'.
@daluã·ã¹ãã ãã€ã³ã¿ãŒãããã«å ¬éãããŠããŠãDockerã«ã¯ã©ã¹ã¿ãŒäžã®ãµãŒãã¹ãå ¬éããããã«æ瀺ããå ŽåãæåŸ ãä»ã®äœãã«ãªãçç±ã
確ãã«ãéçºãšå®éã®å±éãå¶éãããã®æ§æ圢åŒã«ã¯ãããã€ãã®é倧ãªåŠ¥åç¹ããããŸãã
@ cpuguy83
ã·ã¹ãã ãã€ã³ã¿ãŒãããã«å ¬éãããŠããŠãDockerã«ã¯ã©ã¹ã¿ãŒäžã®ãµãŒãã¹ãå ¬éããããã«æ瀺ããå ŽåãæåŸ ãä»ã®äœãã«ãªãçç±ãããããŸããã
ãããã 誰ãã127.0.0.1ã10.0.0.0ãªã©ã®éãããªãã¯IPã«ãã€ã³ãããå Žåããªããããªãã¯ã«ã¢ã¯ã»ã¹ã§ããå¿ èŠãããã®ã§ããïŒ å®éãããã¯æ£è§£ã§ãã
ç¹å®ã®IPã¢ãã¬ã¹ãžã®ãã€ã³ãã¯çŸåšãµããŒããããŠããŸãã
@dalu
ããããããã¯å ¬ã«ã§ã¯ãªããã¢ã¯ã»ã¹å¯èœã§ãªããã°ãªããŸããã ãããŠããããããã§ã®ãã¹ãŠã®ååŒã§ãã
ããã©ã«ãã§ã¯å®å šã§ã¯ãªããã»ãã³ãã£ã¯ã¹ã«ããä¿®æ£ãåé¿ããŠããŸãã
ãã®åé¡ã¯ãé©åãªè§£æ±ºçããªããŸãŸãã»ãŒ2幎ééããŠããŸãã
swarmã䜿çšã§ããªããããswarmããkubernetesã«ç§»è¡ããŠããŸãã ãã®ç§»è¡ã«ã¯éåžžã«ã³ã¹ããããããã®ã®ããã®æ±ºå®ã«ã¯å®å šã«æºè¶³ããŠããŸãã
@Bessonvããã¯
åé¡ã¯ãäœæãã©ãŒããããéçºç°å¢åãã«èšèšãããŠãããã¯ã©ã¹ã¿ãŒã®ãããã€ããµããŒãããããã«ããã·ã¥ãããŠããããšã§ãã ãdockerstackãã¯ãšã©ãŒã«ãªãã¯ãã§ããã1ã€ã®äœæãã¡ã€ã«ã䜿çšããŠãã¹ãŠãã«ãŒã«åã§ããããã«ãããã®ã§ããã®æ··ä¹±ãçºçããŸãã
@ cpuguy83
ãã®èª¬æã«æºè¶³ã§ãããã©ããã¯ããããŸããã æåŸã«ãäœæãã©ãŒãããã¯ãç®çã®ç¶æ
ã®åãªã説æã§ãã 1å°ã®ãã·ã³ïŒäœæïŒãšã¯ã©ã¹ã¿ãŒïŒçŸ€ãïŒã®éã«ããã€ãã®éããããããšã¯ãŸã£ããåé¡ãããŸããã ç§ã®èŠè§£ã§ã¯ãäœæ²ããµããŒãããæå³ã¯ãŸã£ãããããŸããã ç¹ã«ã¹ãŠã©ãŒã ã¢ãŒãã®ã¢ã¯ãã£ãåã¯ãšãŠãç°¡åã ããã§ãã ããããããã«ã¯çŸ€ããä¿®æ£ããå¿
èŠããããŸãã
åé¡ã¯ãŸã£ãã矀ãã£ãŠããããcompose圢åŒãšdockercliã§ã®å®è£
ã§100ïŒ
ã§ãã
çŸåšãã¹ã¿ãã¯ã¯100ïŒ
ã¯ã©ã€ã¢ã³ãåŽã®å®è£
ã§ããããšã«æ³šæããŠãã ããã
ã¹ã¿ãã¯å
ã§ã¯ãããŒã¿ããŒã¹ãredisãªã©ã®å
éšãµãŒãã¹ã®ããŒããæ瀺çã«å
¬éããå¿
èŠããªãããšãããããŸãããå
éšãµãŒãã¹ã®ports
æ§æãçç¥ããååã§åç
§ããã ãã§åé¡ãããŸããã
ã¹ã¿ãã¯å ã®dbãµãŒãã¹ã®äŸ
services:
db:
image: postgres:11-alpine
networks:
- backend
... Django app
ãµãŒãã¹ã¯ãããã©ã«ãã§æ¬¡ã®ããã«ããŒãã䜿çšã§ããŸãã
DATABASES = {
'default': env.db(default='postgres://user:pass<strong i="13">@db</strong>:5432/catalog'),
}
ãããã£ãŠããã®å Žåããããªãã¯ãµãŒãã¹ã®ã¿ãæ瀺çã«å ¬éãããšãããã©ã«ãã§ã»ãã¥ã¢ã®ããã«èŠã
åé¡ã¯ãŸã£ãã矀ãã£ãŠããããcompose圢åŒãšdockercliã§ã®å®è£ ã§100ïŒ ã§ãã
çŸåšãã¹ã¿ãã¯ã¯100ïŒ ã¯ã©ã€ã¢ã³ãåŽã®å®è£ ã§ããããšã«æ³šæããŠãã ããã
äœã§ã:(ãã®åé¡ã®ããã«ïŒã¹ã¿ãã¯ã®äœ¿çšããããããæ°ã«ããŸããã å³æžé€šã®ããã枯湟åŽåè ã®ãããç§ã®ç«ã®ããã
dockerãçŽæ¥äœ¿çšããå ŽåããŸãã¯composeã䜿çšããå Žåããã®åé¡ã¯çºçããŠããŸããã
ãã®ã¢ãããŒãã圹ç«ã€ããã«èŠããŸãïŒçŸ€ãã®ãã¹ãŠã®ããŒãã§å®è¡ããå¿ èŠããããŸãïŒïŒ
æããã解決çïŒ
$ mv /usr/bin/docker-proxy /usr/bin/docker-proxy-original
$ cat << 'EOF' > /usr/bin/docker-proxy
#!/bin/sh
exec /usr/bin/docker-proxy-original `echo $* | sed s/0.0.0.0/127.0.0.1/g`
EOF
$ chmod 755 /usr/bin/docker-proxy
$ service docker restart
@jsmouretææ°ã®dockerãªãªãŒã¹ã§docker -proxyãèŠã€ããããšããã§ããŸããã ããã¯ããã€ãã®éºç£ã§ããïŒ ãããšãååãéãã®ïŒ
ç¶æ³ã«ãããŸã...
$ apt-file search docker-proxy
docker-ce: /usr/bin/docker-proxy
docker.io: /usr/sbin/docker-proxy
ãã®åäœã¯ãããã¥ã¡ã³ãã«äœããã®åœ¢ã§ææžåããå¿
èŠããããŸãã
çŸåšãã·ã§ãŒãããŒããããã³ã°ãããã¹ããç¡èŠããã ãã§ãã ãããŠéãã«åäœããŸããã
ãã1ã€ã®å¥åŠãªããšã¯ãé·ãæ§æã¹ããŒãã§ãã¹ããèšå®ã§ããªãããšã§ãã
ãã®åäœã¯ãããã¥ã¡ã³ãã«äœããã®åœ¢ã§ææžåããå¿ èŠããããŸãã
åæãã; ãã®ããŒãžã®ã©ããã§èšåãããŠãããšæããŸããããèŠã€ãããŸããã ããã¥ã¡ã³ããªããžããªã§åé¡ãéããŠãã ããã https://github.com/docker/docker.github.io/issues
çŸåšãã·ã§ãŒãããŒããããã³ã°ãããã¹ããç¡èŠããã ãã§ãã ãããŠéãã«åäœããŸããã
ã©ã®ããŒãžã§ã³ã®Dockerã䜿çšããŠããŸããïŒ èŠåïŒ docker stack deploy
ã䜿çšããå ŽåïŒãŸãã¯_error _ïŒ docker service create
ã䜿çšããå ŽåïŒãåºåããå¿
èŠããããŸãã https://github.com/moby/moby/issues/32299#issuecomment-472793444ãåç
§ããŠ
ã©ã®ããŒãžã§ã³ã®Dockerã䜿çšããŠããŸããïŒ èŠåïŒdocker stack deployã䜿çšããŠããå ŽåïŒãŸãã¯ãšã©ãŒïŒdocker service createã䜿çšããŠããå ŽåïŒãåºåããå¿ èŠããããŸãã
ããŒããããã¯ç§ã®ããã®ããã§ãã ã³ã³ãœãŒã«ããã¹ã¿ãã¯ããããã€ããããšãããšãã«ãå®éã«ãããè¡ãããŸãã
以åã¯portainerUIãä»ããŠå®è¡ããŸãããããšã©ãŒãèŠåã¯è¡šç€ºãããŸããã§ããã
ã»ãŒ2幎éãDockeréçºè ã®äžã«ã¯ããã®æ©èœãå¿ èŠãªå Žåã«1ã€ã®æå¹ã§
å®è¡å¯èœãªã¯ãªãŒã³ãªãœãªã¥ãŒã·ã§ã³ã¯ãããŒã¿ããŒã¹ãšåãDockerãããã¯ãŒã¯ã«æ¥ç¶ãããŠãã2çªç®ã®ã³ã³ãããŒã§SSHãµãŒããŒãå®è¡ããããšã§ãã ãã®åŸãSSHããŒãããã¹ãäžã§ïŒãã¡ãã22ãšã¯ç°ãªãããŒãã«ïŒå ¬éã§ãããããSSHã³ã³ãããŒãä»ããŠããŒã¿ããŒã¹ã«è»¢éã§ããŸãã
@nartamonovãããã³ã«èªäœãå®å
šã§ãªãéãããããå
¥åããå®å
šã«è¡ãæ¹æ³ãããããŸããã
å®å
šã«ã¢ã¯ã»ã¹ããæ¹æ³ã¯ãæå·åãããããŒã¿ãã¬ãŒã³ïŒé床ã®ãããã¯ãŒã¯ã®å Žåã¯--opt encrypted
ïŒã䜿çšãããã®ãããã¯ãŒã¯ã«æ¥ç¶ããå¿
èŠã®ããããŒã«ã䜿çšããŠã³ã³ãããŒãèµ·åããããšã§ãã
ããã«ã¯ããããä»ã®ç¡é¢ä¿ãªå¯äœçšããããŸããã /etc/docker/daemon.json
"iptables": false
ãèšå®ãããšãåé¿çãšããŠãããŸããããŸãã ããã»ã©ææ¬çãªè§£æ±ºçã¯ã @ helldwellerãææ¡ãããããªã«ã¹ã¿ã ã«ãŒã«ã ããè¿œå ããããšã§ãã
ãããã«ãããç§ã¯3幎åŸã«ããã«å¯Ÿããããå°ãã®ãµããŒããèŠãããšæããŸãã
ãã®ã¢ãããŒãã圹ç«ã€ããã«èŠããŸãïŒçŸ€ãã®ãã¹ãŠã®ããŒãã§å®è¡ããå¿ èŠããããŸãïŒïŒ
1. leave swarm 2. remove network docker_gwbridge 3. recreate network docker_gwbridge with additional option com.docker.network.bridge.host_binding_ipv4=IP 4. join swarm back Works for ports published in mode "host". Without mode "host" ingress network is used with other driver and scope "swarm".
@ienovytskyi
ç§ãééã£ãŠããªãå Žåãããã«ãããå ¬éãããŠãããã¹ãŠã®ããŒããç¹å®ã®ããã©ã«ãã®IP
ã¢ãã¬ã¹ã«ãã€ã³ããããŸããïŒ ãããã£ãŠãæ確ã«ããããã«ãããã¯ãäžéšã®ãµãŒãã¹ã®äžéšã®ããŒãã®ãã€ã³ããããã€ã³ã¿ãŒãã§ã€ã¹ã®ã¿ãå¶çŽããå Žåã䜿çšå¯èœãªåé¿çã§ã¯ãããŸããã
åé¿çãå ±åããããšæããŸãã
䜿çšäºäŸïŒ
矀ãã®äžéšã®ãµãŒãã¹ã¯ããã¹ãŠã®ã€ã³ã¿ãŒãã§ã€ã¹ããŸãã¯å°ãªããšããããªãã¯ã€ã³ã¿ãŒãã§ã€ã¹ã§ãªãã¹ã³ããå¿
èŠããããŸã-ç§ã®äŸã®ãã®ã³ã³ããã¯ãªããŒã¹ãããã·ã§ã
ãããã®ã¹ãŠã©ãŒã ããŒãã«ã¯ããã¹ãŠã®ããŒãã«ããŒã¿ããŒã¹ã€ã³ã¹ã¿ã³ã¹ãããã次ã®ããã«å®çŸ©ãããã¹ãŠã©ãŒã ãããã¯ãŒã¯ã䜿çšããŸãã
docker network create --scope swarm NETWORK_NAME --attachable -d overlay
ãã¡ãããããŒã¿ããŒã¹æ¥ç¶ãå¿
èŠãªWebãµãŒãã¹ã¯ãã®NETWORK_NAME
ã«åå ããå¿
èŠããããŸã
管çç®çã§ãããŒã¿ããŒã¹ã«çŽæ¥æ¥ç¶ããå¿ èŠãããå ŽåããããŸã
解決ïŒ
ãã¹ãŠã®ãããã¯ãŒã¯ïŒç§ã®äŸã§ã¯ãªããŒã¹ãããã·ïŒã§å
¬éããå¿
èŠããããµãŒãã¹ã®ã¿ãããµãŒãã¹å®çŸ©ã«ports: ['SOMEPORT:ANOTHERPORT']
ãå«ããããšãã§ããŸãã
ä»ã®ãã¹ãŠã®ãµãŒãã¹ã§ã¯ããã¹ãäžã«ãã¢ã®Dockeréã¹ãŠã©ãŒã ã³ã³ãããŒãå¿
èŠã§ãã
ãã®éã¹ãŠã©ãŒã ã³ã³ããã¯ã NETWORK_NAME/nodeXYZ:port
ã«ååšããããŒããlocalhost
ããªããžããŸã
mongodbã®äŸïŒ
docker run --rm -it --net=NETWORK_NAME -d --name expose-mongo -p 127.0.0.1:27017:47017 alpine/socat tcp-listen:47017,fork,reuseaddr tcp-connect:mongo01:27017
æ¬ ç¹ïŒãã¹ãŠã®ã¹ãŠã©ãŒã ããŒãã«éã¹ãŠã©ãŒã ã³ã³ãããå¿ èŠã§ãããããansible / Heavyã¹ã¯ãªãããæ¡çšããªãéããå€ãã®ããŒãã§æ¬åœã«éå±ã§ãã
@ fer2d2ãèšåãããSSHãã³ãã«ãä»ããŠäžéšã®ãµãŒãã¹ã«æ¥ç¶ããŠããå Žåãã®åé¡ã«å¯Ÿããç§ã®åé¿çã¯ã次ã®ãããªDockerfileã䜿çšããŠsshãµãŒãã¹ãè¿œå ããããšã§ããã
FROM alpine
RUN apk add --no-cache openssh
RUN mkdir ~/.ssh
RUN ssh-keygen -A
RUN echo "root:root" | chpasswd
RUN echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config
RUN echo 'Port 22' >> /etc/ssh/sshd_config
RUN echo -e " \
Match User root \n\
AllowTcpForwarding yes\n\
X11Forwarding no\n\
AllowAgentForwarding no\n\
ForceCommand /bin/false\n\
" >> /etc/ssh/sshd_config
EXPOSE 22
CMD /usr/sbin/sshd -D -e "$@"
次ã«ãdocker-compose.ymlã§ïŒ
...
db:
image: mysql:5.6
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:?err}
MYSQL_ROOT_HOST: '%'
volumes:
- "./mysql:/var/lib/mysql"
deploy:
placement:
constraints: [node.role == manager]
sshd:
image: maxisme/sshd:latest
volumes:
- "~/.ssh:/root/.ssh"
ports:
- "2223:22"
deploy:
placement:
constraints: [node.role == manager]
ããã«ãããauthorized_keysã~/.ssh
ãã©ã«ããŒã«è¿œå ããsshãããã·ãããŒã2223
ãä»ããŠdb
ãã¹ãåã䜿çšããŠããŒã¿ããŒã¹ã«ãžã£ã³ãã§ããããã«ãªããŸãã
å®è¡å¯èœãªã¯ãªãŒã³ãªãœãªã¥ãŒã·ã§ã³ã¯ãããŒã¿ããŒã¹ãšåãDockerãããã¯ãŒã¯ã«æ¥ç¶ãããŠãã2çªç®ã®ã³ã³ãããŒã§SSHãµãŒããŒãå®è¡ããããšã§ãã ãã®åŸãSSHããŒãããã¹ãäžã§ïŒãã¡ãã22ãšã¯ç°ãªãããŒãã«ïŒå ¬éã§ãããããSSHã³ã³ãããŒãä»ããŠããŒã¿ããŒã¹ã«è»¢éã§ããŸãã
æå¹
ãã®æ©èœãéèŠã§ãããã1ã€ã®äŸã
pleskãã€ã³ã¹ããŒã«ããããµãŒããŒããããpleskã«ã¯ãã§ã«æ§æããããŸãããDockerSwarmãµãŒãã¹ãæãããã«å¥ã®æ§æãè¿œå ã§ããŸãã ãã®pleskãµãŒããŒã¯ã¹ãŠã©ãŒã ããŒãã§ãã
pleskã䜿çšããŠããŒãã«proxy_passããããšæããŸãã ã³ã³ããã¯ãªãŒããŒã¬ã€ãããã¯ãŒã¯å
ã«ããããããã®ããŒãã¯å
¬éããå¿
èŠããããŸãããã¯ãŒã«ããšéä¿¡ããã«ã¯å€éšããŒããå¿
èŠã§ãã
ãããã£ãŠãproxypassã¯127.0.0.1ã®ãããªããŒã«ã«ã€ã³ã¿ãŒãã§ã€ã¹ãæãå¿
èŠããããŸãïŒsomeport
矀ãã®ã³ã³ããã¯ãããŒã«ã«ãã¹ãã«ã®ã¿ããŒããå
¬éããå¿
èŠããããŸãã
ãã®ããã«ãã³ã³ããããŒãã¯ãããã·ãã¹ã«ãã£ãŠã®ã¿ã¢ã¯ã»ã¹å¯èœã§ãããäžçããçŽæ¥ã¢ã¯ã»ã¹ããããšã¯ã§ããŸããã
ç§ã¯ããªãã®åé¿ç@maxismeã奜ãã§ããã authorized_keys
æææš©ãã©ã®ããã«ç®¡çããŸããïŒ OS Xã§ã¯åäœããŸããïŒããŠã³ãã¯root
å±ããŸãïŒãæ¬çªLinuxãã·ã³ã§ã¯æ¬¡ã®ããã«ãªããŸãã
Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys
Connection closed by authenticating user root 85.145.195.174 port 60535 [preauth]
ããªã¥ãŒã ã¯ãã¹ããŠãŒã¶ãŒã®UIDã«å±ããŠãããããã¯root
ãSSHDã¯ããã䜿çšããããšãæåŠããŸãã åé¿çã«å ããŠåé¿çð¬ã¯ã次ã®ããã«configs
ã䜿çšããããšã§ãã
services:
sshd:
image: [...]/sshd:${version}
configs:
# FIXME: It would be much better to use a bind volume for this, as it
# would always be in sync with the host configuration. So revoking a key
# in the host machine would automatically revoke it in the container. But
# I can't figure out how to give the volume right ownership. It keeps UID
# from the host which doesn't align with the container user.
- source: authorized_keys
target: /root/.ssh/authorized_keys
mode: 0600
configs:
authorized_keys:
file: ~/.ssh/authorized_keys
ã³ã³ããããããã€ããããã¹ããããããªããããç¹å®ã®ãã¹ãIPã¢ãã¬ã¹ã«ãã€ã³ãããããã«ãµãŒãã¹ã«æ瀺ã§ããªãããšãç解ããŠããŸãã
ãã ããå€ãã®å Žåããã¹ãã«ã¯åãšåã®å¢çã€ã³ã¿ãŒãã§ã€ã¹ããããŸãã ã¹ãŠã©ãŒã ããŒãããã¹ãŠã®ã¹ãŠã©ãŒã ãã¹ãã®ããŒã¹ããŠã³ãã€ã³ã¿ãŒãã§ã€ã¹ã«ã®ã¿ãã€ã³ãããããšãã§ããŸãã
ãµãŒãã¹ããã€ã³ããããã¹ãŠã®ã€ã³ã¿ãŒãã§ã€ã¹ã®ã€ã³ã¿ãŒãã§ã€ã¹åãåãã§ããå ŽåïŒããšãã°ãeth0ïŒãã¹ãŠã©ãŒã ããŒãããã€ã³ãããã€ã³ã¿ãŒãã§ã€ã¹åãæå®ãããªãã·ã§ã³ãæäŸããããšããå§ãããŸãïŒãµãŒãã¹ããŒãã»ã¯ã·ã§ã³ïŒã
nginx:
image: nvbeta/swarm_nginx
networks:
- demonet1
ports:
- "eth0:8088:80"
eth0ãã¹ãŠã©ãŒã ããŒãã§äœ¿çšã§ããªãå Žåãæå®ãããããŒãã¯ã©ã®ã€ã³ã¿ãŒãã§ã€ã¹ã«ããã€ã³ããããŸããã
@ tad-lispyã³ã³ãããŠãŒã¶ãŒã®uidãšgidãããã¹ãã®ããªã¥ãŒã ææè
ãšåãã«ãªãããã«å€æŽã§ããã¯ãã§ãã
linuxserverã®ç»åã¯ïŒãhttps://hub.docker.com/r/linuxserver/openssh-serverãåç
§ããŠãã ããç°å¢å€æ°ãèšå®ããããšã§ãããããµããŒãããŠããŸãUser / Group Identifiers
ãïŒ
æãåèã«ãªãã³ã¡ã³ã
ã»ãŒ2幎éãDockeréçºè ã®äžã«ã¯ããã®æ©èœãå¿ èŠãªå Žåã«1ã€ã®æå¹ã§