局域网内凝思上安装docker的mqtt容器
一:描述
外地出差,有两个局域网的凝思系统的服务器需要安装mqtt服务,要求支持匿名登录。因为是局域网无法联网。因此,需要实现在局域网实现凝思上安装docker的mqtt容器。
二:案例分析和解决
2.1 安装docker服务
考虑到凝思无法直接找到下载源,世界使用centos的docker的二进制包:
对应的是debian8
先离线下载 https://download.docker.com/linux/static/stable/x86_64/ , Index of linux/static/stable/x86_64/ ,
将docker-20.10.7.tgz文件或者最高版本上传到centos7-linux系统上,用ftp工具上传即可解压
[root@localhost java]# tar -zxvf docker-20.10.7.tgz
将解压出来的docker文件复制到 /usr/bin/ 目录下
[root@localhost java]# cp docker/* /usr/bin/
进入/etc/systemd/system/目录,并创建docker.service文件
[root@localhost java]# cd /etc/systemd/system/
[root@localhost system]# touch docker.service
打开docker.service文件,将以下内容复制
[root@localhost system]# vi docker.service
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --graph=/home/dockerbase/docker
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
给docker.service文件添加执行权限
[root@localhost system]# chmod 777 /etc/systemd/system/docker.service
重新加载配置文件(每次有修改docker.service文件时都要重新加载下)
[root@localhost system]# systemctl daemon-reload
启动
[root@localhost system]# systemctl start docker
设置开机启动
[root@localhost system]# systemctl enable docker.service
查看docker状态
[root@localhost system]# systemctl status docker
2.2 安装mosquitto容器
服务器属于局域网【异地出差办公】,无法链接公网,因此使用代理来实现。
类似结构:局域网服务器----(网线直连) ---笔记本----(wifi)----公网
笔记本和服务器接入同一个局域网或者直连,笔记本接公网wifi,然后启动此CCProxy
修改
root@linx:/home/cc# cat /etc/systemd/system/docker.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://192.168.1.7:808/"
Environment="HTTPS_PROXY=http://192.168.1.7:808/"
Environment="NO_PROXY=localhost,127.0.0.1,.example.com"
# 拉取镜像
docker pull eclipse-mosquitto:2.0.14
# 建立目录
mkdir -p /TeaR-APP/install/mosquitto/1/config
mkdir -p /TeaR-APP/install/mosquitto/1/data
mkdir -p /TeaR-APP/install/mosquitto/1/log
# 为目录授权
chmod -R 755 /TeaR-APP/install/mosquitto/1
chmod -R 777 /TeaR-APP/install/mosquitto/1/log #日志目录要最大权限
新建文件
touch /TeaR-APP/install/mosquitto/1/config/pwfile.conf
# 启动脚本
docker run -it --name=mosquitto --privileged -p 1883:1883 -p 9001:9001 -v /TeaR-APP/install/mosquitto/1/config:/mosquitto/config -v /TeaR-APP/install/mosquitto/1/data:/mosquitto/data -v /TeaR-APP/install/mosquitto/1/log:/mosquitto/log -d eclipse-mosquitto:2.0.14
配置账号密码
vim /TeaR-APP/install/mosquitto/1/config/mosquitto.conf
配置文件添加以下配置
# 关闭匿名模式
allow_anonymous true
# 指定密码文件
password_file /mosquitto/config/pwfile.conf
# 写入以下内容
persistence true
persistence_location /mosquitto/data
log_dest file /mosquitto/log/mosquitto.log
listener 1883
9、生成密码
docker exec -it 06e57924bf31 sh
# 使用mosquitto_passwd命令创建用户,第一个test是用户名,第二个test2020是密码
mosquitto_passwd -b /mosquitto/config/pwfile.conf tgy test123456
mosquitto_passwd -b /mosquitto/config/pwfile.conf admin aithu0508
2.4 利用镜像安装另外的服务器
安装镜像后导出,并安装到其他离线服务器【只能优盘,无法联网】。
到上一个服务器上,保存镜像出服务器指定目录,注意非容器id
#docker save 58900513926f > /home/cc/eclipse-mosquitto.tar
加载镜像到docker:
#docker load < /home/cc/eclipse-mosquitto.tar
注意: 加载成功后REPOSITORY和TAG显示none,需要我们修改标签。
3.修改镜像标签
可以使用命令:
docker tag [image id] [name]:[版本]
例如:
docker tag 999b74b01d97 eclipse-mosquitto:2.0.14
