edgexfoundry docker 容器化部署 ubuntu16.4 跑起来 go0.6.0 版
一、先看一下跑起来的效果1、docker stats一下,查看各服务资源消耗情况:上面的图很说明问题了,java与go内存的消耗不在一个数量级!(红色部分两个java微服务就吃掉了1个多G,go语言本的每个服务才几M ,差区大呀!)看一下各容器状态:上图有三个容器启动后就退出了,属于正常,因为他们的任务已完成了,只运行一次哦!它们的作用如下:edgex-proxy: 此模块(se...
一、先看一下跑起来的效果
1、docker stats 一下,查看各服务资源消耗情况:
上面的图很说明问题了,java与go内存的消耗不在一个数量级!(红色部分两个java微服务就吃掉了1个多G, go语言本的每个服务才几M ,差区大呀!)
看一下各容器状态:
上图有三个容器启动后就退出了,属于正常,因为他们的任务已完成了,只运行一次哦!
它们的作用如下:
- edgex-proxy: 此模块(security-api-gateway-master)用于创建jwt用户,返回jwt 。docker-compose 运行时只作了初始化 参数:init=true , 后继可以命令或容器方式运行:
docker run --network=edgex-network edgex/proxy -h # 显示帮助
docker run --network=edgex-network edgex/proxy --reset=true # 复位/重置,即会删除所有管理的用户与资源
docker run --network=edgex-network edgex/proxy --useradd=<account> #增加访问用户
docker run --network=edgex-network edgex/proxy --userdel=<account #删除访问用户
- kong-migration:kong 内部数据库移值处理,运行一次就可以
- edgex-config-seed:配置信息,运行一次就可以
2、验证一下,看看安全网关能否创建用户
第一步:先查看当前的所有的网络名
myEdgex@instance-nbpv5z80:~/docker-compose$ docker network ls
NETWORK ID NAME DRIVER SCOPE
94002be68584 bridge bridge local
ffd353831bf5 dockercompose_edgex-network bridge local
fd7d04b8b77e host host local
9e0802961a73 none null local
第二步:执行如下命令,创建用户并得到此用户的jwt字串
myEdgex@instance-nbpv5z80:~/docker-compose$ docker run --network=dockercompose_edgex-network --rm=true edgexfoundry/docker-edgex-proxy-go:security --useradd=testuser
INFO: 2018/10/15 12:29:05 Reverse proxy is up successfully.
INFO: 2018/10/15 12:29:05 Secret management service is up successfully.
INFO: 2018/10/15 12:29:05 Successful to create consumer testuser for edgex service.
INFO: 2018/10/15 12:29:05 successful on retrieving JWT credential for consumer testuser.
The JWT for user testuser is: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJMa3M4SFhOUTBNZlYzejFyOVZWYkVWM2M3d043RFZSZyIsImFjY291bnQiOiJ0ZXN0dXNlciJ9.Dzd4kVqRPUbK2GTii5XI6WtT-sI_j9s1OHs2TTh8yB0. Please keep the jwt for accessing edgex services.
3、通过安全网关,用上面返回的jwt,访问后端微服务
执行命令:
- myEdgex@instance-nbpv5z80:~/docker-compose$ curl -k -v -H "host: edgex" https://172.20.0.7:8443/command/api/v1/ping?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJMa3M4SFhOUTBNZlYzejFyOVZWYkVWM2M3d043RFZSZyIsImFjY291bnQiOiJ0ZXN0dXNlciJ9.Dzd4kVqRPUbK2GTii5XI6WtT-sI_j9s1OHs2TTh8yB0
复制代码
返回结果:
* Trying 172.19.0.7...
* Connected to 172.19.0.7 (172.19.0.7) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: localhost (does not match '172.19.0.7')
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #1
* subject: C=US,ST=California,L=San Francisco,O=Kong,OU=IT Department,CN=localhost
* start date: Mon, 15 Oct 2018 08:21:51 GMT
* expire date: Wed, 14 Nov 2018 08:21:51 GMT
* issuer: C=US,ST=California,L=San Francisco,O=Kong,OU=IT Department,CN=localhost
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /command/api/v1/ping?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJMa3M4SFhOUTBNZlYzejFyOVZWYkVWM2M3d043RFZSZyIsImFjY291bnQiOiJ0ZXN0dXNlciJ9.Dzd4kVqRPUbK2GTii5XI6WtT-sI_j9s1OHs2TTh8yB0 HTTP/1.1
> host: edgex
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/plain; charset=UTF-8
< Content-Length: 4
< Connection: keep-alive
< Date: Mon, 15 Oct 2018 12:42:15 GMT
< X-Kong-Upstream-Latency: 3
< X-Kong-Proxy-Latency: 118
< Via: kong/0.13.0
<
* Connection #0 to host 172.19.0.7 left intact
pong
上面返回了“pong”,说明后端微服务成功访问!
有没有注意到,是怎么知道上面要访问的IP是172.19.0.7呢?可以运行如下命令可以查到此IP,见下面红色字体:
myEdgex@instance-nbpv5z80:~/docker-compose$ service docker status
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2018-10-08 17:34:24 CST; 1 weeks 0 days ago
Docs: https://docs.docker.com
Main PID: 1345 (dockerd)
Tasks: 365
Memory: 232.2M
CPU: 48min 20.689s
CGroup: /system.slice/docker.service
├─ 1345 /usr/bin/dockerd -H fd:// --registry-mirror=https://registry.docker-cn.com
├─ 1676 docker-containerd --config /var/run/docker/containerd/containerd.toml
├─27186 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/6a0645
├─27364 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8600 -container-ip 172.19.0.3 -container-port 8600
├─27379 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8500 -container-ip 172.19.0.3 -container-port 8500
├─27391 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8400 -container-ip 172.19.0.3 -container-port 8400
├─27399 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/c27b61
├─27854 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8200 -container-ip 172.19.0.4 -container-port 8200
├─27870 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/efb7ff
├─28259 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/444ce7
├─28512 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5432 -container-ip 172.19.0.6 -container-port 5432
├─28524 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/8577de
├─29033 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5000 -container-ip 172.17.0.2 -container-port 5000
├─29053 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/69105c
├─29198 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8444 -container-ip 172.19.0.7 -container-port 8444
├─29217 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8443 -container-ip 172.19.0.7 -container-port 8443
├─29229 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8001 -container-ip 172.19.0.7 -container-port 8001
├─29242 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8000 -container-ip 172.19.0.7 -container-port 8000
├─29250 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/e5577f
├─29862 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 27017 -container-ip 172.19.0.8 -container-port 27017
├─29871 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ee4cfb
├─30067 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48061 -container-ip 172.19.0.9 -container-port 48061
├─30085 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/68bfd6
├─30275 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48060 -container-ip 172.19.0.10 -container-port 48060
├─30284 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/dea408
├─30468 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48081 -container-ip 172.19.0.11 -container-port 48081
├─30490 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/e4aee9
├─30686 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48080 -container-ip 172.19.0.12 -container-port 48080
├─30699 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5563 -container-ip 172.19.0.12 -container-port 5563
├─30707 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/1606be
├─30881 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48082 -container-ip 172.19.0.13 -container-port 48082
├─30909 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/e04532
├─31097 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48071 -container-ip 172.19.0.14 -container-port 48071
├─31107 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/6e8183
├─31293 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48070 -container-ip 172.19.0.15 -container-port 48070
├─31319 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/a5eaa6
├─31523 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 48075 -container-ip 172.19.0.16 -container-port 48075
├─31529 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/6bef30
├─31714 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49990 -container-ip 172.19.0.17 -container-port 49990port 499
二、怎么跑起来的?
官网下下来的代码,有些docker-compose.yml有一个配置写错了,vault-kong.sh有个地方写错了,修改好才跑起来。
环境准备:
- ubuntu16.4操作系统
- zeromq安装
参考:zeromq安装
- docker 与 docker-compose 安装
参考:安装文章
- golang安装
参考golang 1.9.2手工安装
2.1、代码下载
一共四个包
其中edgex-go包中有点大 ,主要是文档也包括在此项目中,几个大图片(一个10多M)
2.2 将源码包上传至ubuntu对下目录结构
2.2.1 先上传三个包,如下:
目录结构如下:
复制代码
- myEdgex@instance-nbpv5z80:~$ cd gopath/
- myEdgex@instance-nbpv5z80:~/gopath$ tree -L 4
- .
- ├── bin
- ├── pkg
- │ └── linux_amd64
- │ └── github.com
- │ └── Masterminds
- └── src
- ├── edgexsecurity #将security-api-gateway改为成这个目录名
- └── github.com
- ├── edgexfoundry
- ├── core-config-seed-go
- ├── edgex-go
为什么要求上述目录结构存放呢?为什么security-api-gateway要改名为edgexsecurity呢?
这是由go编译机制决定的,大家可以看各包对应的glide ,如 core-config-seed项目:
2.2.2 上传security-secret-store项目
由于此项目,我采用了shell版,没有用到go语言,所有可以上传至ubuntu任意目录下,我上传是如下目录:
- myEdgex@instance-nbpv5z80:~$ tree -L 2
- .
- ├── docker-compose
- │ ├── build_all.sh
- │ ├── build_image.sh
- │ ├── docker-compose-california-security.yml
- │ ├── docker-compose.yml.bak
- │ ├── images-dockerfile
- │ ├── run-all.sh
- │ └── run-it.sh
- ├── gopath
- │ ├── bin
- │ ├── pkg
- │ └── src
- ├── security-pkg
- │ └── security-secret-store-master #第四个包
- ├── soft
- │ ├── docker-compose-california-0.6.0.yml
- │ ├── go1.9.2.linux-amd64.tar.gz
- │ ├── libsodium-LATEST.tar.gz
- │ ├── zeromq-4.2.2
- │ └── zeromq-4.2.2.tar.gz
- └── zmq
- ├── bin
- ├── include
- ├── lib
- └── share
复制代码
2.3 制作各服务镜像文件
首先,我们来看看需要制作哪些镜像文件,我修改后的docker-compose-california-0.6.0.yml 内容如下(红色部分特别注意):
# /*******************************************************************************
# * Copyright 2018 Dell Inc.
# *
# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# * in compliance with the License. You may obtain a copy of the License at
# *
# * http://www.apache.org/licenses/LICENSE-2.0
# *
# * Unless required by applicable law or agreed to in writing, software distributed under the License
# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
# * or implied. See the License for the specific language governing permissions and limitations under
# * the License.
# *
# * @author: Jim White, Dell
# * EdgeX Foundry, California version, 0.6.0
# * added: Jul 2, 2018
# *******************************************************************************/
version: '3'
volumes:
db-data:
log-data:
consul-config:
consul-data:
vault-config:
vault-pki:
vault-file:
vault-logs:
#增加如下两项目的是重新运行时,文件不会丢,具有持久化的意思
rules-templates: #新增,存放规则引擎模板
rules-uploads: #新增,存放用户定义的规则引擎
services:
volume:
image: edgexfoundry/volume:security
container_name: edgex-files
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
consul:
image: consul:1.1.0
ports:
- "8400:8400"
- "8500:8500"
- "8600:8600"
container_name: edgex-core-consul
hostname: edgex-core-consul
networks:
edgex-network:
aliases:
- edgex-core-consul
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- volume
config-seed:
image: edgexfoundry/docker-core-config-seed-go:security
container_name: edgex-config-seed
hostname: edgex-core-config-seed
networks:
edgex-network:
aliases:
- edgex-core-config-seed
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- volume
- consul
vault:
image: edgexfoundry/docker-edgex-vault:security
container_name: edgex-vault
hostname: edgex-vault
networks:
- edgex-network
ports:
- "8200:8200"
cap_add:
- "IPC_LOCK"
command: "server"
environment:
- 'VAULT_ADDR=https://edgex-vault:8200'
- 'VAULT_CONFIG_DIR=/vault/config'
- 'VAULT_UI=true'
volumes:
- vault-config:/vault/config
- vault-pki:/vault/pki
- vault-file:/vault/file
- vault-logs:/vault/logs
depends_on:
- volume
- consul
vault-worker:
image: edgexfoundry/docker-edgex-vault-worker:security
container_name: edgex-vault-worker
hostname: edgex-vault-worker
networks:
- edgex-network
environment:
- 'WATCHDOG_DELAY=3m'
volumes:
- vault-pki:/vault/pki
- vault-file:/vault/file
depends_on:
- volume
- consul
- vault
# containers for reverse proxy
kong-db:
image: "postgres:9.5"
container_name: kong-db
hostname: kong-db
networks:
- edgex-network
ports:
- "5432:5432"
environment:
- 'POSTGRES_DB=kong'
- 'POSTGRES_USER=kong'
kong-migrations:
image: "kong:0.13.0"
container_name: kong-migration
hostname: kong-migration
networks:
- edgex-network
environment:
- 'KONG_DATABASE=postgres'
- 'KONG_PG_HOST=kong-db'
command: "kong migrations up"
kong:
image: "kong:0.13.0"
container_name: kong
hostname: kong
networks:
- edgex-network
ports:
- "8000:8000"
- "8001:8001"
- "8443:8443"
- "8444:8444"
environment:
- 'KONG_DATABASE=postgres'
- 'KONG_PG_HOST=kong-db'
- 'KONG_PROXY_ACCESS_LOG=/dev/stdout'
- 'KONG_ADMIN_ACCESS_LOG=/dev/stdout'
- 'KONG_PROXY_ERROR_LOG=/dev/stderr'
- 'KONG_ADMIN_ERROR_LOG=/dev/stderr'
- 'KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl'
depends_on:
- kong-db
edgex-proxy:
image: "edgexfoundry/docker-edgex-proxy-go:security"
container_name: edgex-proxy
hostname: edgex-proxy
networks:
- edgex-network
volumes:
- vault-file:/vault/file #这行比较坑,官网误写为vault-config,我改成正确的vault-file
depends_on:
- vault
- kong-db
- kong
# end of containers for reverse proxy
mongo:
image: zzh/mongo
ports:
- "27017:27017"
container_name: edgex-mongo
hostname: edgex-mongo
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- volume
logging:
image: edgexfoundry/docker-support-logging-go:security
ports:
- "48061:48061"
container_name: edgex-support-logging
hostname: edgex-support-logging
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- consul
- mongo
- volume
notifications:
image: edgexfoundry/docker-support-notifications-go:security
ports:
- "48060:48060"
container_name: edgex-support-notifications
hostname: edgex-support-notifications
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- logging
metadata:
image: edgexfoundry/docker-core-metadata-go:security
ports:
- "48081:48081"
container_name: edgex-core-metadata
hostname: edgex-core-metadata
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- logging
data:
image: edgexfoundry/docker-core-data-go:security
ports:
- "48080:48080"
- "5563:5563"
container_name: edgex-core-data
hostname: edgex-core-data
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- logging
command:
image: edgexfoundry/docker-core-command-go:security
ports:
- "48082:48082"
container_name: edgex-core-command
hostname: edgex-core-command
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- metadata
# scheduler container does not come up on Consul - bug fix in the works.
scheduler:
image: zzh/support-scheduler
ports:
- "48085:48085"
container_name: edgex-support-scheduler
hostname: edgex-support-scheduler
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- metadata
export-client:
image: edgexfoundry/docker-export-client-go:security
ports:
- "48071:48071"
container_name: edgex-export-client
hostname: edgex-export-client
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- data
environment:
- EXPORT_CLIENT_MONGO_URL=edgex-mongo
- EXPORT_CLIENT_DISTRO_HOST=export-distro
- EXPORT_CLIENT_CONSUL_HOST=edgex-config-seed
export-distro:
image: edgexfoundry/docker-export-distro-go:security
ports:
- "48070:48070"
container_name: edgex-export-distro
hostname: edgex-export-distro
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- export-client
environment:
- EXPORT_DISTRO_CLIENT_HOST=export-client
- EXPORT_DISTRO_DATA_HOST=edgex-core-data
- EXPORT_DISTRO_CONSUL_HOST=edgex-config-seed
- EXPORT_DISTRO_MQTTS_CERT_FILE=none
- EXPORT_DISTRO_MQTTS_KEY_FILE=none
rulesengine:
image: zzh/support-rulesengine
ports:
- "48075:48075"
container_name: edgex-support-rulesengine
hostname: edgex-support-rulesengine
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
- rules-templates:/edgex/edgex-support-rulesengine/templates
- rules-uploads:/edgex/edgex-support-rulesengine/rules
depends_on:
- export-distro
#################################################################
# Device Services
#################################################################
device-virtual:
image: myedgex/device-virtual
ports:
- "49990:49990"
container_name: edgex-device-virtual
hostname: edgex-device-virtual
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
depends_on:
- data
- command
device-modbus:
image: myedgex/device-modbus
ports:
- "49991:49991"
container_name: device-modbus
hostname: device-modbus
networks:
- edgex-network
volumes:
- db-data:/data/db
- log-data:/edgex/logs
- consul-config:/consul/config
- consul-data:/consul/data
privileged: true
depends_on:
- data
- command
networks:
edgex-network:
driver: "bridge"
...
2.3.1 edgexfoundry/volume:security 镜像制作
Dockerfile文件说明如下:
- FROM ubuntu:latest
- MAINTAINER Cloud Tsai <Cloud.Tsai@Dell.com>
- # Create a consul user and group first so the IDs get set the same way, even as
- # the rest of this may change over time.
- RUN addgroup consul && \
- adduser --system --ingroup consul consul
- # standard mongo db data dir directories
- RUN mkdir /data
- RUN mkdir /data/db
- RUN echo "this directory is reserved for EdgeX database files" > /data/db/README
- # EdgeX shared directories
- ENV EDGEX_BASE=/edgex
- RUN mkdir $EDGEX_BASE
- RUN mkdir $EDGEX_BASE/logs
- RUN echo "this directory is reserved for EdgeX log files" > $EDGEX_BASE/logs/README
- ENV EDGEX_RULES=/edgex/edgex-support-rulesengine
- RUN mkdir $EDGEX_RULES
- RUN mkdir $EDGEX_RULES/rules
- RUN mkdir $EDGEX_RULES/templates
- # Consul config and data directories
- # The /consul/data dir is used by Consul to store state. The agent will be started
- # with /consul/config as the configuration directory so you can add additional
- # config files in that location.
- RUN mkdir /consul
- RUN mkdir /consul/config
- RUN mkdir /consul/data
- RUN echo "this directory is reserved for EdgeX Consul config files" > /consul/config/README
- RUN echo "this directory is reserved for EdgeX data files" > /consul/data/README
- COPY static-services-config.json /consul/config
- RUN mkdir /vault
- RUN mkdir /vault/config
- RUN mkdir /vault/pki
- RUN mkdir /vault/file
- RUN mkdir /vault/logs
- ENTRYPOINT /usr/bin/tail -f /dev/null
复制代码
进入Dockerfile文件同目录,执行如下命令,生成镜像
- sudo docker build -t edgexfoundry/volume:security .
复制代码
下面是可选项,push到docker私服上(10.13.3.1:5000是私服地址)
- sudo docker build tag edgexfoundry/volume:security 10.13.3.1:5000/edgexfoundry/volume:security
- sudo docker build push 10.13.3.1:5000/edgexfoundry/volume:security
复制代码
特别说明
- 此镜像将consul探测mongodb配置文件放入卷中
static-services-config.json文件内容:
{
"service": {
"name": "edgex-mongo", #consul上显示的服务名
"tags": [
"database",
"nosql"
],
"address": "edgex-mongo", #mongdb访问地址,对应docker-compose.yml中的hostname
"port": 27017,
"check": {
"name": "status",
"tcp": "edgex-mongo:27017",
"interval": "20s", #每20秒钟探测一次
"timeout": "5s" #5s未连上算超时
}
}
}
2.3.2 edgexfoundry/docker-core-config-seed-go:security 镜像制作
2.3.2.1 Dockerfile文件说明
#第一阶段,编译生成core-config-seed-go可执行文件
# 带go语言环境基础镜像,并取别名为build-env,后续会用到此别名
#apline是个微型linux操作系统,空间很小的,只有几M呢,外国人真会玩
FROM golang:1.9-alpine AS build-env
ENV GOPATH=/go
ENV PATH=$GOPATH/bin : $PATH
#下载go 依赖
# 如果在core-config-seed-go 目录下已成功执行了glide install ,则下段可以不要,加快镜像生成速度。因为vendor目录下已包含了依赖,直接用就可以
RUN apk add --update git
RUN go get github.com/BurntSushi/toml
RUN go get github.com/fatih/structs
RUN go get github.com/hashicorp/consul/api
RUN go get github.com/magiconair/properties
RUN go get gopkg.in/yaml.v2
# 设置镜像当前工作目录
WORKDIR $GOPATH/src/github.com/edgexfoundry/core-config-seed-go
# 将Dockerfile所在目录及所有子目录文件拷至镜像当前工作目录下
COPY . .
# 安装make
RUN apk update && apk add make
#用make 执行Makefile中的build目标
RUN make build
#至此,第一阶段完成,成功编译core-config-seed-go可执行文件,路径为: /go/src/github.com/edgexfoundry/core-config-seed-go/core-config-seed-go
#下面进行第二阶段,将生core-config-seed-go可执行文件拷入到下面新的镜像,上面的镜像作为临时的将被删除抛弃
# Consul Docker image for EdgeX Foundry
#FROM consul:0.7.3 consul已单独为一个镜像,直接使用官方的,所以此行不需要
FROM golang:1.9-alpine
LABEL license='SPDX-License-Identifier: Apache-2.0' \
copyright='Copyright (c) 2017: Samsung'
#安装bash
RUN apk add --no-cache bash
# environment variables
ENV APP_DIR=/edgex/core-config-seed-go
ENV APP=core-config-seed-go
ENV WAIT_FOR_A_WHILE=5
ENV CONSUL_ARGS="-server -client=0.0.0.0 -bootstrap -ui"
# set the working directory
WORKDIR $APP_DIR
# 从第一阶段结果中拷文件,将core-config-seed-go拷入镜像
COPY --from=build-env /go/src/github.com/edgexfoundry/core-config-seed-go/$APP .
#将Dockerfile文件所在目录相对位置拷入相关资源到镜像
COPY ./launch-consul-config.sh .
COPY ./res ./res
COPY ./config ./config
# 执行launch-consul-config.sh脚本,将config配置文件内容灌入到consul中去
CMD ["sh", "launch-consul-config.sh"]
2.3.2.2 launch-consul-config.sh 文件说明
#!/bin/sh
set -e
mkdir -p /edgex/logs/
#清理之前consul已有的数据
rm -rf /consul/data/*
#每5秒钟循环一次,至所有APP 执行完毕退出
echo "Waiting for $WAIT_FOR_A_WHILE seconds until consul is configured"
sleep $WAIT_FOR_A_WHILE
./$APP --profile=docker
wait
2.3.2.3 Makefile文件说明
.PHONY: build test docker
DOCKERS=docker_core_config_seed_go
#镜像版本从文件VERSION中读取
VERSION=$(shell cat ./VERSION)
GOFLAGS=-ldflags "-X github.com/edgexfoundry/core-config-seed-go.Version=$(VERSION) -extldflags '-static'"
GIT_SHA=$(shell git rev-parse HEAD)
#在上段Dockerfile中RUN make build,执行的是这个目录,编译成可执行文件core-config-seed-go
build:
CGO_ENABLED=0 go build -o core-config-seed-go $(GOFLAGS) -a main.go
test:
go test -cover ./...
go vet ./...
#在编译之前,通过执行此目标,安装go 依赖包,注意:像 golang.org这样的包在国内封了,下不下来的,需要通过如下方式修改glide.yaml变通从github下载
#repo: https://github.com/golang/net.git
#vcs: git
#subpackages:
# - proxy
prepare:
glide install
#make docker 可执行此目标,生成镜像文件 edgexfoundry/docker-core-config-seed-go
(VERSION)
docker: $(DOCKERS)
docker_core_config_seed_go:
docker build \
-f Dockerfile \
-t edgexfoundry/docker-core-config-seed-go(VERSION) \
.
# Used by CI ARM builder
docker_core_config_seed_go_arm:
docker build \
-f Dockerfile.aarch64 \
--label "git_sha=$(GIT_SHA)" \
-t edgexfoundry/docker-core-config-seed-go(GIT_SHA) \
-t edgexfoundry/docker-core-config-seed-go(VERSION)-dev \
.
2.3.2.4 VERSION文件内容,只有一行,如下
security
2.3.2.5 生成镜像命令
进入Dockerfile文件同目录,执行如下命令,生成镜像
- sudo docker build -t edgexfoundry/volume:security .
复制代码
或者在Makefile目录下,执行
- make docker
复制代码
下面是可选项,push到docker私服上(10.13.3.1:5000是私服地址)
- sudo docker build tag edgexfoundry/docker-core-config-seed-go:security 10.13.3.1:5000/edgexfoundry/docker-core-config-seed-go:security
- sudo docker build push 10.13.3.1:5000/edgexfoundry/docker-core-config-seed-go:security
复制代码
2.3.3 edgexfoundry/docker-edgex-vault:security 与 edgexfoundry/docker-edgex-vault-worker:security 镜像制作 进入security-secret-store-master目录,执行如下命令即可:
- make build
复制代码
这两个镜像属于安全模块,用于密钥管理(存储),将状安全版块详细说明
此两镜像菜用shell脚本实现,现在已有go语言版本的,但个人觉得shell版本已够用了,效率也不错。特别注意, vault-kong.sh文件103行有个坑爹地方,官网写错了:
'{certcert,sksk}' > ${_PAYLOAD_KONG} 此行红色部分官网写成了“sk”,
应改为:
'{certcert,keysk}' > ${_PAYLOAD_KONG} 此行红色部分官网写成了“sk”,
与security-api-gateway-master中下面结构体不一致:
type CertPair struct {
Cert string `json:"cert,omitempty"`
Key string `json:"key,omitempty"`
}
2.3.4 edgexfoundry/docker-edgex-proxy-go:security 镜像制作
进入edgexsecurity目录(由security-api-gateway-master改名而来的,上面有提及此),
执行如下命令,生成镜像:
- make docker
复制代码
此镜像属于安全模块,用于对kong模块的用户管理、JWT生成、数据初始化与复位等功能,将状安全版块详细说明
2.3.5 myedgex/mongo 镜像制作去github下在
解压后进入目录,执行如下命令制作镜像
- sudo docker build -t myedgex/mongo .
复制代码
2.3.5.1 Dockerfile文件说明
FROM mongo:3.4.9
MAINTAINER Jim White <james_white2@dell.com>
#拷入数据初始化脚本
COPY *.js /edgex/mongo/config/
COPY launch-edgex-mongo.sh /edgex/mongo/config/
#官网没有下面一行,执行会报错,也是个坑
RUN chmod +x /edgex/mongo/config/launch-edgex-mongo.sh
#expose Mongodb's port
EXPOSE 27017
CMD /edgex/mongo/config/launch-edgex-mongo.sh
2.3.5.1 launch-edgex-mongo.sh文件说明
#!/bin/sh
set -e
#以smallfiles方式执行
mongod --smallfiles &
while true; do
mongo /edgex/mongo/config/init_mongo.js && break #执行初始化脚本,即创建用户与相应集合
sleep 5
done
wait
2.3.6 edgex-go包中的镜像制作
在此包中,我们可以制作如下镜像:
- edgexfoundry/docker-support-logging-go:security
- edgexfoundry/docker-support-notifications-go:security
- edgexfoundry/docker-core-metadata-go:security
- edgexfoundry/docker-core-data-go:security
- edgexfoundry/docker-core-command-go:security
- edgexfoundry/docker-export-client-go:security
- edgexfoundry/docker-export-distro-go:security
2.3.6.1 安装go依赖包
进入edgex-go目录,执行如下命令
- make perpare
复制代码
此命令将安装go依赖,放置在vendor目录下,上面命令会执行不成功,因为有些包无法下载,需要修改glide.yaml文件如下:
- package: github.com/edgexfoundry/edgex-go
- import:
- - package: github.com/BurntSushi/toml
- - package: github.com/eclipse/paho.mqtt.golang
- repo: https://github.com/eclipse/paho.mqtt.golang.git
- vcs: git
- - package: github.com/go-zoo/bone
- - package: github.com/gorilla/mux
- - package: github.com/hashicorp/consul
- subpackages:
- - api
- - package: github.com/pebbe/zmq4
- - package: github.com/robfig/cron
- - package: go.uber.org/zap
- repo: https://github.com/uber-go/zap.git
- vcs: git
- - package: gopkg.in/mgo.v2
- repo: https://github.com/go-mgo/mgo.git
- vcs: git
- subpackages:
- - bson
- - package: gopkg.in/yaml.v2
- repo: https://github.com/go-yaml/yaml.git
- vcs: git
- - package: github.com/mattn/go-xmpp
- - package: github.com/satori/go.uuid
- - package: github.com/stretchr/testify
- - package: golang.org/x/net/proxy
- repo: https://github.com/golang/net.git
- vcs: git
- subpackages:
- - proxy
- - package: golang.org/x/net/websocket
- repo: https://github.com/golang/net.git
- vcs: git
- subpackages:
- - websocket
- - package: github.com/influxdata/influxdb
- repo: https://github.com/influxdata/influxdb.git
- vcs: git
- subpackages:
- - client/v2
复制代码
修改后,还有会有问题,因为golang.org/x/net/proxy与 golang.org/x/net/websocket
会在vendor中生多一级目录,这种目录结构不是预期所要的,需要进入vendor相应目录中手工上传一层
2.3.6.2 生成镜像文件
执行如下命令
- make docker
复制代码
===============到此为止,所有go版服务镜像已创建完成,写作时以下镜像没有go版的,暂时使用java版的。这正是edgexfoundry框架好处的体现,服务之间不限语言,互相调用=================
插播:myalpine-openjdk8-curl 镜像制作
由于java版都用到jdk,及一些通用的功能,为了提高效率,我制作了myalpine-openjdk8-curl镜像作为基础镜像
Dockerfile内容如下:
FROM alpine
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
RUN apk --update add openjdk8-jre
RUN apk --update add curl
CMD /bin/sh
镜像制作命令
- sudo docker build -t myalpine-openjdk8-curl .
复制代码
2.3.7 myedgex/support-rulesengine镜像制作
2.3.7.1 从github下载源码
点击可下载:support-rulesengine
2.3.7.1 Dockerfile文件说明
FROM myalpine-openjdk8-curl
# environment variables
ENV APP_DIR=/edgex/edgex-support-rulesengine
ENV APP=support-rulesengine
ENV APP_PORT=48075
ENV TEMPLATE_DIR=/edgex/edgex-support-rulesengine/templates
#copy JAR and property files to the image
#COPY *.properties $APP_DIR/
RUN rm -rf $TEMPLATE_DIR/*.drl
COPY *.drl $TEMPLATE_DIR/
#RUN mkdir /edgex/edgex-support-rulesengine/rules
#RUN chmod 777 /edgex/edgex-support-rulesengine/rules
#expose logging port
EXPOSE $APP_PORT
#set the working directory
WORKDIR $APP_DIR
#为了自动化运维,我将编译好的jar发布到nexus,然后从nexus私服务下载jar,你也可以改为copy你打包的jar,172.17.0.1为访问主机用的地址
RUN curl -o $APP.jar http://172.17.0.1:8081/nexus/con ... s/org/edgexfoundry/$APP/0.5.0-docker-RELEASE/$APP-0.5.0-docker-RELEASE.jar
#kick off the micro service
ENTRYPOINT java -jar $APP.jar
进入support-rulesengine目录,执行如下命令制作镜像
- sudo docker build -t myedgex/support-rulesengine .
复制代码
2.3.8 myedgex/device-virtual 镜像制作
2.3.8.1 从github下载源码
点击可下载:device-virtual
2.3.8.1 Dockerfile文件说明
FROM myalpine-openjdk8-curl
# environment variables
ENV APP_DIR=/edgex/edgex-device-virtual
ENV APP=device-virtual
ENV APP_PORT=49990
#copy JAR and property files to the image
#COPY *.properties $APP_DIR/
COPY bacnet_sample_profiles $APP_DIR/bacnet_sample_profiles/
COPY modbus_sample_profiles $APP_DIR/modbus_sample_profiles/
#expose logging port
EXPOSE $APP_PORT
#set the working directory
WORKDIR $APP_DIR
RUN curl -o $APP.jar http://172.17.0.1:8081/nexus/con ... s/org/edgexfoundry/$APP/0.5.0-docker-RELEASE/$APP-0.5.0-docker-RELEASE.jar
#kick off the micro service
ENTRYPOINT java -jar $APP.jar
进入device-virtual目录,执行如下命令制作镜像
- sudo docker build -t myedgex/device-virtual .
复制代码
2.3.9 myedgex/device-modbus 镜像制作
2.3.9.1 从github下载源码
点击可下载:device-modbus
2.3.9.1 Dockerfile文件说明
FROM myalpine-openjdk8-curl
# environment variables
ENV APP_DIR=/edgex/edgex-device-modbus
ENV APP=device-modbus
ENV APP_PORT=49991
#copy JAR and property files to the image
#COPY *.properties $APP_DIR/
#expose logging port
EXPOSE $APP_PORT
#set the working directory
WORKDIR $APP_DIR
RUN curl -o $APP.jar http://172.17.0.1:8081/nexus/con ... s/org/edgexfoundry/$APP/0.5.0-docker-RELEASE/$APP-0.5.0-docker-RELEASE.jar
#kick off the micro service
ENTRYPOINT java -jar $APP.jar
进入device-modbus目录,执行如下命令制作镜像
- sudo docker build -t myedgex/device-modbus .
复制代码
2.4 运行所有服务
上面把所有镜像制作好后,就可以通过docker-compose启动所有服务了。
点击下载: 
docker-compose-california-security.zip (3.34 KB, 下载次数: 4)
解压后,运行命令,启动服务
- chmod +x run-all.sh
- ./run-all.sh docker-compose-california-security.yml
复制代码
浏览器输入地址 http://localhost:8500/ui ,若出现本文开始效果,就大功告成了。
欢迎交流,请联系QQ:15599633
权威|前沿|技术|干货|国内首个API全生命周期开发者社区
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)