选择基镜像
基镜像使用dokcer hub官方提供的tomcat8 alpine当前最新版本,https://hub.docker.com/_/tomcat/
docker pull tomcat:8.5.32-jre8-alpine docker tag tomcat:8.5.32-jre8-alpine 10.240.4.159/app/tomcat:8.5.32-alpine docker push 10.240.4.159/app/tomcat:8.5.32-alpine |
添加SSH支持
# 在宿主机上执行
mkdir -p /root/docker_build/tomcat-ssh
cd /root/docker_build/tomcat-ssh
cp /usr/share/zoneinfo/Asia/Shanghai .
vi repositories
#------------------------------------------------------------------------
http://mirrors.aliyun.com/alpine/v3.7/main
http://mirrors.aliyun.com/alpine/v3.7/community
#------------------------------------------------------------------------
vi run.sh
#------------------------------------------------------------------------
#!/bin/bash
/usr/sbin/sshd -D &
exec mysqld
#------------------------------------------------------------------------
vi Dockerfile
#------------------------------------------------------------------------
FROM 10.240.4.159/app/tomcat:8.5.32-alpine
ADD Shanghai /etc/localtime
ADD repositories /etc/apk/repositories
RUN apk --no-cache update
RUN apk --no-cache add openssh
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" \
&& ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" \
&& ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N "" \
&& ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" \
&& sed -i "s/#PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config \
&& echo 'root:ydgw.cn' | chpasswd
ADD run.sh /root/run.sh
RUN chmod +x /root/run.sh
VOLUME ["/usr/local/tomcat/webapps", "/usr/local/tomcat/conf", "/usr/local/tomcat/logs"]
CMD ["/root/run.sh"]
#------------------------------------------------------------------------
docker build -t 10.240.4.159/app/tomcat:8.5.32-alpine-ssh .
docker push 10.240.4.159/app/tomcat:8.5.32-alpine-ssh
# 下面是为了具体项目设置安全的root密码,单独build的一个镜像,方便以后使用(放到新文件夹下)
vi Dockerfile
#------------------------------------------------------------------------
FROM 10.240.4.159/app/tomcat:8.5.32-alpine-ssh
RUN echo 'root:xxxxxxxxxx' | chpasswd
#------------------------------------------------------------------------
docker build -t 10.240.4.159/erpjs/tomcat:8.5.32-alpine-ssh-erpjs .
docker push 10.240.4.159/erpjs/tomcat:8.5.32-alpine-ssh-erpjs
创建VOLUME卷
# 在宿主机上执行 mkdir /docker_mnt/erpjs-tomcat # 下载的apache-tomcat-8.5.32.tar.gz上传到当前/tmp目录 cd /tmp tar zxvpf apache-tomcat-8.5.32.tar.gz cd apache-tomcat-8.5.32 cp -rf webapps /docker_mnt/erpjs-tomcat/ cp -rf conf /docker_mnt/erpjs-tomcat/ cp -rf logs /docker_mnt/erpjs-tomcat/
部署TOMCAT服务
- 登陆Rancher(1.6.18),编排工具用的是默认的Cattle
- 应用 - 用户 - 添加应用 - 名称:[ERP-JS] - 创建
- 添加服务 - 在添加服务页面添写配置如下信息 - 创建
名称: tomcat 选择镜像: 10.240.4.159/erpjs/tomcat:8.5.32-alpine-ssh-erpjs 端口映射: 8080:8080/tcp 15922:22/tcp 卷 - 添加卷: /docker_mnt/erpjs-tomcat/webapps:/usr/local/tomcat/webapps /docker_mnt/erpjs-tomcat/conf:/usr/local/tomcat/conf /docker_mnt/erpjs-tomcat/logs:/usr/local/tomcat/logs 网络 - 主机名: erpjs 调度 - 在指定主机上运行全部容器: docker159
配置manager-gui
# SSH登陆tomcat容器
vi /usr/local/tomcat/conf/tomcat-users.xml
# 在</tomcat-users> 上面添加
#------------------------------------------------------------------------
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="admin" password="ydgw.cn18" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-script,admin-gui"/>
#------------------------------------------------------------------------
# 创建
vi /usr/local/tomcat/conf/Catalina/localhost/manager.xml
#------------------------------------------------------------------------
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>
#------------------------------------------------------------------------
# 注释掉原有内容,改成以下内容
vi /usr/local/tomcat/webapps/host-manager/META-INF/context.xml
#------------------------------------------------------------------------
<!--<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>-->
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="^.*$" />
</Context>
#------------------------------------------------------------------------
# 只修改前两项的话会出现可以访问Serve Status、Manager APP 但是不能访问HostManager