Docker的可视化界面工具
- 1. Portainer
- 1.1 Introduction
- 1.1.1 Official
- 1.2 Download And Deploy
- 1.3 Dashboard
- 1.3.1 Dashboard
- 2. Shipyard
- 2.1 Introduction
- 2.1.1 Character
- 2.1.2 Official
- 2.2 Download And Deploy
- 2.2.1 脚本下载镜像
- 2.2.2 执行脚本
- 2.2.2 查看下载的镜像
- 2.3 Dashboard
- 2.3.1 访问服务
- 2.3.2 Dashboard
- 3.Awakening
1. Portainer
1.1 Introduction
Portainer是一个可视化的容器镜像的图形管理工具,利用Portainer可以轻松构建,管理和维护Docker环境。 而且完全免费,基于容器化的安装方式,方便高效部署。
1.1.1 Official
1.2 Download And Deploy
- 下载镜像
docker search portainer |head -n 3
docker pull portainer/portainer- 启动容器(我只有8889和8890)
先创建volumn的目录,run和portainer_data
docker run -d -p 8889:8000 -p 8890:9000 --name=myportainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/portainer_data:/data portainer/portainer
1.3 Dashboard
- 访问服务
http://10.136.xxx.xxxx:8890
admin/Tomcat@123- home page
1.3.1 Dashboard
- Dashboard
- App Template
- command
2. Shipyard
2.1 Introduction
Shipyard是docker的web可视化界面管理工具,是建立在docker集群管理工具Citadel之上,可以管理镜像、容器、主机等资源的web图形化工具,包括core和extension两个版本,core即shipyard主要是把多个 Docker host上的 containers 统一管理(支持跨越多个host),extension即shipyard-extensions添加了应用路由和负载均衡、集中化日志、部署等。Shipyard是在Docker Swarm实现对容器、镜像、docker集群、仓库、节点进行管理的web系统。
2.1.1 Character
其特性主要包括:
支持节点动态集群,可扩展节点的规模(swarm、etcd方案)支持镜像管理、容器管理、节点管理等功能可视化的容器管理和监控管理在线连接容器console终端
2.1.2 Official
Official Website: https://shipyard-project.com/deploy.
2.2 Download And Deploy
2.2.1 脚本下载镜像
[root@docker ~]$cat deploy
#!/bin/bash
if [ "$1" != "" ] && [ "$1" = "-h" ]; then
echo "Shipyard Deploy uses the following environment variables:"
echo " ACTION: this is the action to use (deploy, upgrade, node, remove)"
echo " DISCOVERY: discovery system used by Swarm (only if using 'node' action)"
echo " IMAGE: this overrides the default Shipyard image"
echo " PREFIX: prefix for container names"
echo " SHIPYARD_ARGS: these are passed to the Shipyard controller container as controller args"
echo " TLS_CERT_PATH: path to certs to enable TLS for Shipyard"
echo " PORT: specify the listen port for the controller (default: 8080)"
echo " IP: specify the address at which the controller or node will be available (default: eth0 ip)"
echo " PROXY_PORT: port to run docker proxy (default: 2375)"
exit 1
fi
if [ -z "`which docker`" ]; then
echo "You must have the Docker CLI installed on your \$PATH"
echo " See http://docs.docker.com for details"
exit 1
fi
ACTION=${ACTION:-deploy}
IMAGE=${IMAGE:-dockerclub/shipyard:latest}
PREFIX=${PREFIX:-shipyard}
SHIPYARD_ARGS=${SHIPYARD_ARGS:-""}
TLS_CERT_PATH=${TLS_CERT_PATH:-}
CERT_PATH="/etc/shipyard"
PROXY_PORT=${PROXY_PORT:-2376}
SWARM_PORT=3375
SHIPYARD_PROTOCOL=http
SHIPYARD_PORT=${PORT:-8080}
SHIPYARD_IP=${IP}
DISCOVERY_BACKEND=etcd
DISCOVERY_PORT=4001
DISCOVERY_PEER_PORT=7001
ENABLE_TLS=0
CERT_FINGERPRINT=""
LOCAL_CA_CERT=""
LOCAL_SSL_CERT=""
LOCAL_SSL_KEY=""
LOCAL_SSL_CLIENT_CERT=""
LOCAL_SSL_CLIENT_KEY=""
SSL_CA_CERT=""
SSL_CERT=""
SSL_KEY=""
SSL_CLIENT_CERT=""
SSL_CLIENT_KEY=""
show_cert_help() {
echo "To use TLS in Shipyard, you must have existing certificates."
echo "The certs must be named ca.pem, server.pem, server-key.pem, cert.pem and key.pem"
echo "If you need to generate certificates, see https://github.com/ehazlett/certm for examples."
}
check_certs() {
if [ -z "$TLS_CERT_PATH" ]; then
return
fi
if [ ! -e $TLS_CERT_PATH ]; then
echo "Error: unable to find certificates in $TLS_CERT_PATH"
show_cert_help
exit 1
fi
if [ "$PROXY_PORT" = "2375" ]; then
PROXY_PORT=2376
fi
SWARM_PORT=3376
SHIPYARD_PROTOCOL=https
LOCAL_SSL_CA_CERT="$TLS_CERT_PATH/ca.pem"
LOCAL_SSL_CERT="$TLS_CERT_PATH/server.pem"
LOCAL_SSL_KEY="$TLS_CERT_PATH/server-key.pem"
LOCAL_SSL_CLIENT_CERT="$TLS_CERT_PATH/cert.pem"
LOCAL_SSL_CLIENT_KEY="$TLS_CERT_PATH/key.pem"
SSL_CA_CERT="$CERT_PATH/ca.pem"
SSL_CERT="$CERT_PATH/server.pem"
SSL_KEY="$CERT_PATH/server-key.pem"
SSL_CLIENT_CERT="$CERT_PATH/cert.pem"
SSL_CLIENT_KEY="$CERT_PATH/key.pem"
CERT_FINGERPRINT=$(openssl x509 -noout -in $LOCAL_SSL_CERT -fingerprint -sha256 | awk -F= '{print $2;}')
if [ ! -e $LOCAL_SSL_CA_CERT ] || [ ! -e $LOCAL_SSL_CERT ] || [ ! -e $LOCAL_SSL_KEY ] || [ ! -e $LOCAL_SSL_CLIENT_CERT ] || [ ! -e $LOCAL_SSL_CLIENT_KEY ]; then
echo "Error: unable to find certificates"
show_cert_help
exit 1
fi
ENABLE_TLS=1
}
# container functions
start_certs() {
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-certs \
-v $CERT_PATH \
alpine \
sh)
if [ $ENABLE_TLS = 1 ]; then
docker cp $LOCAL_SSL_CA_CERT $PREFIX-certs:$SSL_CA_CERT
docker cp $LOCAL_SSL_CERT $PREFIX-certs:$SSL_CERT
docker cp $LOCAL_SSL_KEY $PREFIX-certs:$SSL_KEY
docker cp $LOCAL_SSL_CLIENT_CERT $PREFIX-certs:$SSL_CLIENT_CERT
docker cp $LOCAL_SSL_CLIENT_KEY $PREFIX-certs:$SSL_CLIENT_KEY
fi
}
remove_certs() {
docker rm -fv $PREFIX-certs > /dev/null 2>&1
}
get_ip() {
if [ -z "$SHIPYARD_IP" ]; then
SHIPYARD_IP=`docker run --rm --net=host alpine ip route get 8.8.8.8 | awk '{ print $7; }'`
fi
}
start_discovery() {
get_ip
ID=$(docker run \
-ti \
-d \
-p 4001:4001 \
-p 7001:7001 \
--restart=always \
--name $PREFIX-discovery \
microbox/etcd:latest -addr $SHIPYARD_IP:$DISCOVERY_PORT -peer-addr $SHIPYARD_IP:$DISCOVERY_PEER_PORT)
}
remove_discovery() {
docker rm -fv $PREFIX-discovery > /dev/null 2>&1
}
start_rethinkdb() {
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-rethinkdb \
rethinkdb)
}
remove_rethinkdb() {
docker rm -fv $PREFIX-rethinkdb > /dev/null 2>&1
}
start_proxy() {
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="-e SSL_CA=$SSL_CA_CERT -e SSL_CERT=$SSL_CERT -e SSL_KEY=$SSL_KEY -e SSL_SKIP_VERIFY=1"
fi
# Note: we add SSL_SKIP_VERIFY=1 to skip verification of the client
# certificate in the proxy image. this will pass it to swarm that
# does verify. this helps with performance and avoids certificate issues
# when running through the proxy. ultimately if the cert is invalid
# swarm will fail to return.
ID=$(docker run \
-ti \
-d \
-p $PROXY_PORT:$PROXY_PORT \
--hostname=$HOSTNAME \
--restart=always \
--name $PREFIX-proxy \
-v /var/run/docker.sock:/var/run/docker.sock \
-e PORT=$PROXY_PORT \
--volumes-from=$PREFIX-certs $TLS_OPTS\
shipyard/docker-proxy:latest)
}
remove_proxy() {
docker rm -fv $PREFIX-proxy > /dev/null 2>&1
}
start_swarm_manager() {
get_ip
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="--tlsverify --tlscacert=$SSL_CA_CERT --tlscert=$SSL_CERT --tlskey=$SSL_KEY"
fi
EXTRA_RUN_OPTS=""
if [ -z "$DISCOVERY" ]; then
DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-swarm-manager \
--volumes-from=$PREFIX-certs $EXTRA_RUN_OPTS \
swarm:latest \
m --replication --addr $SHIPYARD_IP:$SWARM_PORT --host tcp://0.0.0.0:$SWARM_PORT $TLS_OPTS $DISCOVERY)
}
remove_swarm_manager() {
docker rm -fv $PREFIX-swarm-manager > /dev/null 2>&1
}
start_swarm_agent() {
get_ip
if [ -z "$DISCOVERY" ]; then
DISCOVERY="$DISCOVERY_BACKEND://discovery:$DISCOVERY_PORT"
EXTRA_RUN_OPTS="--link $PREFIX-discovery:discovery"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-swarm-agent $EXTRA_RUN_OPTS \
swarm:latest \
j --addr $SHIPYARD_IP:$PROXY_PORT $DISCOVERY)
}
remove_swarm_agent() {
docker rm -fv $PREFIX-swarm-agent > /dev/null 2>&1
}
start_controller() {
#-v $CERT_PATH:/etc/docker:ro \
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="--tls-ca-cert $SSL_CA_CERT --tls-cert=$SSL_CERT --tls-key=$SSL_KEY --shipyard-tls-ca-cert=$SSL_CA_CERT --shipyard-tls-cert=$SSL_CERT --shipyard-tls-key=$SSL_KEY"
fi
ID=$(docker run \
-ti \
-d \
--restart=always \
--name $PREFIX-controller \
--link $PREFIX-rethinkdb:rethinkdb \
--link $PREFIX-swarm-manager:swarm \
-p $SHIPYARD_PORT:$SHIPYARD_PORT \
--volumes-from=$PREFIX-certs \
$IMAGE \
--debug \
server \
--listen :$SHIPYARD_PORT \
-d tcp://swarm:$SWARM_PORT $TLS_OPTS $SHIPYARD_ARGS)
}
wait_for_available() {
set +e
IP=$1
PORT=$2
echo Waiting for Shipyard on $IP:$PORT
docker pull ehazlett/curl > /dev/null 2>&1
TLS_OPTS=""
if [ $ENABLE_TLS = 1 ]; then
TLS_OPTS="-k"
fi
until $(docker run --rm ehazlett/curl --output /dev/null --connect-timeout 1 --silent --head --fail $TLS_OPTS $SHIPYARD_PROTOCOL://$IP:$PORT/ > /dev/null 2>&1); do
printf '.'
sleep 1
done
printf '\n'
}
remove_controller() {
docker rm -fv $PREFIX-controller > /dev/null 2>&1
}
if [ "$ACTION" = "deploy" ]; then
set -e
check_certs
get_ip
echo "Deploying Shipyard"
echo " -> Starting Database"
start_rethinkdb
echo " -> Starting Discovery"
start_discovery
echo " -> Starting Cert Volume"
start_certs
echo " -> Starting Proxy"
start_proxy
echo " -> Starting Swarm Manager"
start_swarm_manager
echo " -> Starting Swarm Agent"
start_swarm_agent
echo " -> Starting Controller"
start_controller
wait_for_available $SHIPYARD_IP $SHIPYARD_PORT
echo "Shipyard available at $SHIPYARD_PROTOCOL://$SHIPYARD_IP:$SHIPYARD_PORT"
if [ $ENABLE_TLS = 1 ] && [ ! -z "$CERT_FINGERPRINT" ]; then
echo "SSL SHA-256 Fingerprint: $CERT_FINGERPRINT"
fi
echo "Username: admin Password: shipyard"
elif [ "$ACTION" = "node" ]; then
set -e
if [ -z "$DISCOVERY" ]; then
echo "You must set the DISCOVERY environment variable"
echo "with the discovery system used with Swarm"
exit 1
fi
check_certs
echo "Adding Node"
echo " -> Starting Cert Volume"
start_certs
echo " -> Starting Proxy"
start_proxy
echo " -> Starting Swarm Manager"
start_swarm_manager $DISCOVERY
echo " -> Starting Swarm Agent"
start_swarm_agent
echo "Node added to Swarm: $SHIPYARD_IP"
elif [ "$ACTION" = "upgrade" ]; then
set -e
check_certs
get_ip
echo "Upgrading Shipyard"
echo " -> Pulling $IMAGE"
docker pull $IMAGE
echo " -> Upgrading Controller"
remove_controller
start_controller
wait_for_available $SHIPYARD_IP $SHIPYARD_PORT
echo "Shipyard controller updated"
elif [ "$ACTION" = "remove" ]; then
# ignore errors
set +e
echo "Removing Shipyard"
echo " -> Removing Database"
remove_rethinkdb
echo " -> Removing Discovery"
remove_discovery
echo " -> Removing Cert Volume"
remove_certs
echo " -> Removing Proxy"
remove_proxy
echo " -> Removing Swarm Agent"
remove_swarm_agent
echo " -> Removing Swarm Manager"
remove_swarm_manager
echo " -> Removing Controller"
remove_controller
echo "Done"
else
echo "Unknown action $ACTION"
exit 1
fi
2.2.2 执行脚本
[root@docker ~]$./deploy
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
213ec9aee27d: Pulling fs layer
213ec9aee27d: Verifying Checksum
213ec9aee27d: Download complete
213ec9aee27d: Pull complete
Digest: sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad
Status: Downloaded newer image for alpine:latest
Deploying Shipyard
-> Starting Database
Unable to find image 'rethinkdb:latest' locally
latest: Pulling from library/rethinkdb
7a6db449b51b: Pulling fs layer
20181367ea9b: Pulling fs layer
d4c59a6fbe9d: Pulling fs layer
54db2c71fcb0: Pulling fs layer
1e96e4039912: Pulling fs layer
54db2c71fcb0: Waiting
1e96e4039912: Waiting
d4c59a6fbe9d: Verifying Checksum
d4c59a6fbe9d: Download complete
20181367ea9b: Verifying Checksum
20181367ea9b: Download complete
1e96e4039912: Download complete
7a6db449b51b: Download complete
7a6db449b51b: Pull complete
20181367ea9b: Pull complete
d4c59a6fbe9d: Pull complete
54db2c71fcb0: Verifying Checksum
54db2c71fcb0: Download complete
54db2c71fcb0: Pull complete
1e96e4039912: Pull complete
Digest: sha256:bc30f504fc823240c64552a7983b6da55d83dd0966ab17cab12c5fb9e45576ce
Status: Downloaded newer image for rethinkdb:latest
-> Starting Discovery
Unable to find image 'microbox/etcd:latest' locally
latest: Pulling from microbox/etcd
Image docker.io/microbox/etcd:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
8ded6e8ab3fd: Pulling fs layer
bf8f85223d7a: Pulling fs layer
a3ed95caeb02: Pulling fs layer
a3ed95caeb02: Verifying Checksum
a3ed95caeb02: Download complete
bf8f85223d7a: Verifying Checksum
bf8f85223d7a: Download complete
8ded6e8ab3fd: Verifying Checksum
8ded6e8ab3fd: Download complete
8ded6e8ab3fd: Pull complete
bf8f85223d7a: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:941fd46b4eab265c65da9bfbf33397b853a7cef6c16df93a1e3fea7b4e47fc90
Status: Downloaded newer image for microbox/etcd:latest
-> Starting Cert Volume
-> Starting Proxy
Unable to find image 'shipyard/docker-proxy:latest' locally
latest: Pulling from shipyard/docker-proxy
Image docker.io/shipyard/docker-proxy:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
8f4ec95ceaee: Pulling fs layer
ac77a345f217: Pulling fs layer
43039e3ef672: Pulling fs layer
a3ed95caeb02: Pulling fs layer
a3ed95caeb02: Waiting
8f4ec95ceaee: Download complete
8f4ec95ceaee: Pull complete
ac77a345f217: Verifying Checksum
ac77a345f217: Download complete
ac77a345f217: Pull complete
a3ed95caeb02: Verifying Checksum
a3ed95caeb02: Download complete
43039e3ef672: Verifying Checksum
43039e3ef672: Download complete
43039e3ef672: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:da6bbd1a145581a940d44940cce0f43705d7f8ec552a4e97e77104ec1b6dc3d1
Status: Downloaded newer image for shipyard/docker-proxy:latest
-> Starting Swarm Manager
Unable to find image 'swarm:latest' locally
latest: Pulling from library/swarm
38e5683d7755: Pulling fs layer
083aff163606: Pulling fs layer
2064f1a73c6b: Pulling fs layer
083aff163606: Verifying Checksum
083aff163606: Download complete
2064f1a73c6b: Verifying Checksum
2064f1a73c6b: Download complete
38e5683d7755: Verifying Checksum
38e5683d7755: Download complete
38e5683d7755: Pull complete
083aff163606: Pull complete
2064f1a73c6b: Pull complete
Digest: sha256:2de8883e2933840ed7ee7360ea1eed314bf8aeac37c0692b9ca651630fde3b7f
Status: Downloaded newer image for swarm:latest
-> Starting Swarm Agent
-> Starting Controller
Unable to find image 'dockerclub/shipyard:latest' locally
latest: Pulling from dockerclub/shipyard
Image docker.io/dockerclub/shipyard:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
4d06f2521e4f: Pulling fs layer
64100628847a: Pulling fs layer
36a170440d6d: Pulling fs layer
a823ae228c2d: Pulling fs layer
a3ed95caeb02: Pulling fs layer
a823ae228c2d: Waiting
a3ed95caeb02: Waiting
4d06f2521e4f: Verifying Checksum
4d06f2521e4f: Download complete
4d06f2521e4f: Pull complete
36a170440d6d: Verifying Checksum
36a170440d6d: Download complete
a3ed95caeb02: Verifying Checksum
a3ed95caeb02: Download complete
64100628847a: Verifying Checksum
64100628847a: Download complete
64100628847a: Pull complete
36a170440d6d: Pull complete
a823ae228c2d: Verifying Checksum
a823ae228c2d: Download complete
a823ae228c2d: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:bd5ac58c556506012f7788db18fc6fed3bcefb294e469babbeb87ad7ef15e219
Status: Downloaded newer image for dockerclub/shipyard:latest
Waiting for Shipyard on 10.0.0.100:8080
........................................
Shipyard available at http://10.0.0.100:8080
Username: admin Password: shipyard
2.2.2 查看下载的镜像
[root@docker ~]$docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2308552f63a9 dockerclub/shipyard:latest "/bin/controller --d…" About an hour ago Up About an hour 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp shipyard-controller
1676327a4e5a swarm:latest "/swarm j --addr 10.…" About an hour ago Up About an hour 2375/tcp shipyard-swarm-agent
2f368d9f81df swarm:latest "/swarm m --replicat…" About an hour ago Up About an hour 2375/tcp shipyard-swarm-manager
c38108f757c5 shipyard/docker-proxy:latest "/usr/local/bin/run" About an hour ago Up About an hour 2375/tcp, 0.0.0.0:2376->2376/tcp, :::2376->2376/tcp shipyard-proxy
e610645dfe8e alpine "sh" About an hour ago Up About an hour shipyard-certs
c444c7df39f4 microbox/etcd:latest "/bin/etcd -addr 10.…" About an hour ago Up About an hour 0.0.0.0:4001->4001/tcp, :::4001->4001/tcp, 0.0.0.0:7001->7001/tcp, :::7001->7001/tcp shipyard-discovery
307b4cec4659 rethinkdb "rethinkdb --bind all" About an hour ago Up About an hour 8080/tcp, 28015/tcp, 29015/tcp shipyard-rethinkdb
2.3 Dashboard
2.3.1 访问服务
- 访问
http://10.136.xxx.xxx:8080
admin/shipyard
2.3.2 Dashboard
- user
- 下载镜像
- 管理容器
- log
3.Awakening
在一秒钟内看到本质的人和花半辈子也看不清一件事本质的人,自然是不一样的命运。
