Created
July 17, 2020 03:14
-
-
Save huynhbaoan/e743272f298a8c917328b513828c69e2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create user-defined overlay network | |
| Prerequisites: | |
| Firewall rules for Docker daemons using overlay networks | |
| You need the following ports open to traffic to and from each Docker host participating on an overlay network: | |
| "TCP port 2377 for cluster management communications | |
| TCP and UDP port 7946 for communication among nodes | |
| UDP port 4789 for overlay network traffic" | |
| Before you can create an overlay network, you need to either initialize your Docker daemon as a swarm manager using: docker swarm init | |
| or join it to an existing swarm using: docker swarm join | |
| Either of these creates the default ingress overlay network which is used by swarm services by default. You need to do this even if you never plan to use swarm services. Afterward, you can create additional user-defined overlay networks. | |
| docker network create -d overlay --attachable myoverlay | |
| # Docker run/create options consider for production: docker run | |
| + Name your container (most common option): --name | |
| + Detach, run in background (very common option) -dit | |
| + Restart policy: --restart=on-failure:10 / --restart=unless-stopped / --restart=always | |
| + Specify an init process (researching) | |
| + Set custom DNS: --dns=8.8.8.8 | |
| + Use "overlay" network for high performance: --network="myoverlay" | |
| + Set custom IP address: --ip="" | |
| + Add line to /etc/hosts: --add-host="<host>:<ip>" | |
| + User memory constrain (in example, --memory is RAM, --memory-swap is RAM + swap): --memory 500M --memory-swap 1G | |
| + Disable OOM kill (must set memory limit) / --oom-kill-disable | |
| + Swappiness constraint percentage: --memory-swappiness=15 | |
| + CPU share percentage (read below note): --cpu-shares=1024 | |
| (--cpu-shares is "relative-weight", default is 1024. Example: 2 containers with 1024 chp-shares has 50% cpu time if CPU is busy, but can use as much CPU as need if CPU is idle) | |
| + CPU limit (read below note): --cpus=2 | |
| (Specify how much of the available CPU resources a container can use. If the host machine has two CPUs, set --cpus="1.5" guarantee the container at most one and a half of the CPUs. This is the equivalent of setting --cpu-period="100000" and --cpu-quota="150000". Available in Docker 1.13 and higher.) | |
| + Block IO share percentage (read note below): --blkio-weight=500 | |
| (By default, all containers get the same proportion of block IO bandwidth (blkio). This proportion is 500.) | |
| + Block IO share percentage per device (read note below): --blkio-weight-device "/dev/sda:750" | |
| (If you specify both the --blkio-weight and --blkio-weight-device, Docker uses the --blkio-weight as the default weight and uses --blkio-weight-device to override this default with a new value on a specific device.) | |
| + Limit read rate per device (bytes per second, can use kb/mb/gb): --device-read-bps /dev/sda:5mb | |
| + Limit write rate per device (bytes per second, can use kb/mb/gb): --device-write-bps /dev/sda:5mb | |
| + Limit read IOPS per device: --device-read-iops /dev/sda:1000 | |
| + Limit write IOPS per device: --device-write-iops /dev/sda:1000 | |
| + Set working directory: -w="/path/to/init-directory" | |
| + Overweite Entrypoint, for quick test: --entrypoint="start.sh" | |
| # Create docker bridge network, specify subnet range | |
| docker network create -d bridge --attachable --gateway 172.18.0.1 --subnet 172.18.0.0/16 --ip-range 172.18.1.1/24 mynet-bridge | |
| # import image: | |
| cat archive.tar | docker import - name:tag | |
| # Save/load image | |
| docker save -o <save image to path> <image name> | |
| docker load -i <path to image tar file> | |
| # Clean up unused resources | |
| docker image prune | |
| docker container prune | |
| docker volume prune | |
| docker network prune | |
| # Run container | |
| docker run -dit -v /var/spool/asterisk/outgoing:/var/spool/asterisk/outgoing -p 8000:8000 --name webrtc_api webrtc_api:5 /opt/support/run.sh | |
| # Go inside container | |
| docker exec -it container_name bash | |
| # Print all container name and ip | |
| sudo docker ps -q | xargs -n 1 sudo docker inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}} {{ .Name }}' | sed 's/ \// /' | |
| ############ Some alias for easier docker ##################### | |
| alias 'dockerip'="sudo docker ps -q | xargs -n 1 sudo docker inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}} {{ .Name }}' | sed 's/ \// /'" | |
| function dockeripu { | |
| for container in `sudo docker ps -q`; do | |
| sudo docker exec -d $container mv /etc/localtime /etc/localtime.bak | |
| sudo docker exec -d $container ln -s /usr/share/zoneinfo/Asia/Ho_Chi_Minh /etc/localtime | |
| sudo docker exec -d $container sh -c 'echo "search gnt-global.com" > /etc/resolv.conf' | |
| sudo docker exec -d $container sh -c 'echo "nameserver 192.168.30.29" >> /etc/resolv.conf' | |
| done | |
| } | |
| ################################################################### | |
| #################### Dockerfile for CentOS 6.9 with ssh key added for Ansible, Jenkins###################### | |
| # Dockerfile for basic CentOS 6.9, used by Ansible and Jenkins | |
| FROM centos:6.9 | |
| RUN echo 'search mydomain.com' | tee /etc/resolv.conf && \ | |
| echo 'nameserver 192.168.x.x' | tee -a '/etc/resolv.conf' && \ | |
| yum update -y && \ | |
| # yum groupinstall "Development Tools" -y && \ | |
| yum install epel-release openssh-server wget -y && \ | |
| wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u161-b12/2f38c3b165be4555a1fa6e98c45e0808/jdk-8u161-linux-x64.rpm" && \ | |
| rpm -Uvh jdk-8u161-linux-x64.rpm && \ | |
| rm -f jdk-8u161-linux-x64.rpm && \ | |
| yum clean all -y && \ | |
| mkdir -p /root/.ssh && chmod 700 /root/.ssh && \ | |
| echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwDMrCR+XhEztqVz1WJSTo6a+z9nTRuhtZMYL7hFFde40DQ3jquyiW10o7PSrKis31118OS/tqZZ1Zk7+5/yTUjQ6z0+rNrQmUVIIiwCQR4F8u6GF7tyPIhMnA9aB9k15oYycwRxNaUCAUgu7mO/ZJS1/bK1YJcqsxg56DxDyaZ7W+utJ84+sm7GhrFMefPpsmo4SCIKZJmxfwmiX+OP3ram8irC1pvrh9t7kLRe0TuMMalCulRg0MXrL90+tgpadhRrO3s1DonJrLAXkqwY1tH/mPqL9OfNpzFpyRtro9J1rRR+/K4DUXuJfMNMBqVwwiXCce68c9VP8R91vcDbcew== root@8c8138f698e7' | tee /root/.ssh/authorized_keys && \ | |
| echo 'service sshd start' | tee -a /etc/bashrc | |
| #ENTRYPOINT ["/bin/bash"] | |
| CMD ["/bin/bash"] | |
| ############################################################################################### | |
| # Build docker image from dockerfile | |
| mkdir -p /tmp/dockerbuild && cd /tmp/dockerbuild | |
| touch dockerfile_centos_basic | |
| docker build -t centos:6.9df -f dockerfile_centos_basic . --rm --no-cache |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment