我开发了一个nodejs应用程序,它在一侧提供https(http / 2)接口,并与另一方面的SQL Server数据库,SMTP邮件发件人和基于http的邮政编码查询服务进行通信。 本质上是一个基于Web的单页面应用程序。
这是在一个小型的覆盆子pi / 2上运行,它位于公司局域网上,与局域网上的Windows机器上的数据库通信。 其他服务是外部的。 应用程序保持私密非常重要。
这是此应用程序的早期版本,因此会有一些更改。 其中最复杂的是如何在没有长时间停机的情况下升级到更新版本的节点。
昨天我遇到了Docker,更具体地说是一篇关于如何在覆盆子pi上设置Docker的文章。 令我兴奋的是,这可能是快速更新我的应用程序的解决方案。 如果我将节点和我的应用程序打包到Docker容器中,我可以为最新版本的节点和我的应用程序预先构建容器,测试它们并确实非常快速地安装它们。
目前,Raspberry Pi文件系统的SD卡配置为4个分区。 1)是启动分区,2)是文件系统的根。 这两个都是只读的,3)是pi用户家的分区,4)是/ var后两个是读写的。
原因是安装后的软件除了日志(进入/ var)外都是只读的。 防止关闭电源时SD卡损坏。 我确实有一个用户在只读区域中有一个主目录,其设置使得登录将文件系统转为rw直到他再次注销。 我在这个用户运行命令来安装最新的生产版本。 一些测试和开发可以在pi用户中进行,这就是该区域是读写的原因。
我刚刚在运行Debian的桌面(amd64)机器上安装了Docker。 据我所知,所有Docker文件都位于/ var / lib / docker下。 这包括组成加载图像的所有文件。 虽然有一个/ etc / docker目录,但那里的唯一配置似乎是一个密钥。
所以我的问题是,有没有办法配置Docker,以便容器图像实际上可以放在我在登录帐户时在读写之间切换的区域,并在我退出时再次变为只读,但部件写入的容器(可能没有 - 见下一段)就是/ var。
我的应用程序实际上将其日志写入stdout和stderr。 目前它们由PM2管理,它们在退出时重新启动它们,但也将日志写入它旋转的一对日志文件中。 不幸的是我遇到了应用程序失败并且PM2没有重新启动它的实例
我怀疑Docker也可能被设置为自动重启失败的容器,我也可以设置它以便内容stdout和stderr被重定向到Docker容器外的文件中。 这将使以后更容易查看它们。 这可能吗? 确实,如果有可能是好的做法,或者我会更好地继续在Docker容器中使用pm2
I have developed a nodejs application which provides a https (http/2) interface on the one side and talks to an SQL Server database, an SMTP mail sender, and an http based postcode lookup service on the other. In essence its a web based single page application.
This runs on a small raspberry pi/2 sitting on a company lan, talking to the database on a windows machine on the lan. The other services are external. It is important that the application remains private.
This is an early release of this application, so will be subject to some change. The most complex of which is going to be how to upgrade to newer versions of node without long downtimes.
Yesterday I came across Docker, and more specifically an article about how to set up Docker on a raspberry pi. It excited me that this might be the solution to updating my application rapidly. If I package node and my application into a Docker container I can pre-build containers for the latest version of node and my application, test them and the install them very rapidly indeed.
Currently the SD card for the Raspberry Pi's filesystem is configured into 4 partitions. 1) is the boot partition, 2) is the root of the filesystem. These two are both read-only, 3) is the partition for the pi user's home and 4) is /var These latter two are read-write.
The reason for this is that the software once installed is all read only except for the logs (which go into /var). To protect against SD Card Corruption on Power Off. I do have a user who has a home directory in the read only area, and its set so that logon turns the filesystem rw until he logs off again. This user is where I run the commands to install the latest production release. Some testing and development can take place in the pi user, which is why the area is read-write.
I have just installed Docker on my desktop (amd64) machine running Debian. As far as I can tell all of Docker files sit somewhere under /var/lib/docker. This includes all the files that make up the loaded images. Although there is a /etc/docker directory the only configuration in there appears to be a key.
So my question is, Is there a way to configure Docker so that the container images can actually sit in the area that switches between read-write when I log into the account there and become read-only again when I log out, but the parts of the containers that get written to (maybe none - see next paragraph) sit is /var.
My application actually writes its logs to stdout and stderr. At the moment they are being managed by PM2, which restarts them when they exit, but also writes the logs to a pair of log files which it rotates. Unfortunately I have had instances where the application has failed and PM2 hasn't restarted it
I suspect Docker may also be setup to automatically restart a failing container, and that I could also set it up so that the contents stdout and stderr get redirected into a file outside of the Docker container. This would make it easier to view them later. Is this possible? Indeed if it is possible is it good practice, or would I do better to continue to use pm2 inside the Docker container
最满意答案
我刚刚在运行Debian的桌面(amd64)机器上安装了Docker。 据我所知,所有Docker文件都位于/ var / lib / docker下。 这包括组成加载图像的所有文件。 虽然有一个/ etc / docker目录,但那里的唯一配置似乎是一个密钥。
所以我的问题是,有没有办法配置Docker,以便容器图像实际上可以放在我在登录帐户时在读写之间切换的区域,并在我退出时再次变为只读,但部件写入的容器(可能没有 - 见下一段)就是/ var。
您可以通过设置守护程序的--graph (或short -g )标志将Docker根目录从/var/lib/docker --graph为任何其他目录。 使用systemd时,您可以使用简单的drop-in完成此操作(例如,在/etc/systemd/system/docker.service.d ):
[Service] ExecStart= ExecStart=/usr/bin/dockerd --graph=/path/to/readonly/dir确切的过程可能因Docker版本和Linux发行版而异。 有关更多信息,请参阅文档 。
但是,这将影响映像和容器文件系统存储。 只有一个只读和另一个可写,这种方式是不可能的。
我的应用程序实际上将其日志写入stdout和stderr。 目前它们由PM2管理,它们在退出时重新启动它们,但也将日志写入它旋转的一对日志文件中。 不幸的是我遇到了应用程序失败并且PM2没有重新启动它的实例
我怀疑Docker也可能被设置为自动重启失败的容器,我也可以设置它以便内容stdout和stderr被重定向到Docker容器外的文件中。 这将使以后更容易查看它们。 这可能吗? 确实,如果有可能是好的做法,或者我会更好地继续在Docker容器中使用pm2
您可以使用--restart=on-failure启动容器( 有关重新启动策略的详细信息,请参阅更多信息 )。 这将导致Docker引擎自动重启容器(如果它存在非零退出代码)。 或者,使用--restart=always重新启动容器,而不管退出代码如何。 就个人而言,我建议不要在Docker中使用PM2进行简单的故障重启,除非您需要任何PM2的附加功能。
关于日志记录:默认情况下,Docker将捕获容器主进程的所有STDOUT和STDERR输出,并将它们存储在自己的日志文件中(默认情况下,在/var/lib/docker/containers/<CONTAINER-ID>/<CONTAINER-ID>-json.log )。 您可以使用docker logs <CONTAINER-NAME>查看它们。
如果这不是您想要的,您可以通过在启动容器时设置--log-driver标志来更改日志记录机制(例如,更改为--log-driver=syslog )。 再次,请参阅文档以获取更多信息。
I have just installed Docker on my desktop (amd64) machine running Debian. As far as I can tell all of Docker files sit somewhere under /var/lib/docker. This includes all the files that make up the loaded images. Although there is a /etc/docker directory the only configuration in there appears to be a key.
So my question is, Is there a way to configure Docker so that the container images can actually sit in the area that switches between read-write when I log into the account there and become read-only again when I log out, but the parts of the containers that get written to (maybe none - see next paragraph) sit is /var.
You can change the Docker root directory from /var/lib/docker to any other directory by setting the daemon's --graph (or short -g) flag. When using systemd, you can accomplish this using a simple drop-in (for example, in /etc/systemd/system/docker.service.d):
[Service] ExecStart= ExecStart=/usr/bin/dockerd --graph=/path/to/readonly/dirThe exact procedure may vary depending on your Docker version and Linux distribution. See the documentation for more information.
However, this will affect both the image and container file system storage. Having one read-only and the other writeable, is not possible this way.
My application actually writes its logs to stdout and stderr. At the moment they are being managed by PM2, which restarts them when they exit, but also writes the logs to a pair of log files which it rotates. Unfortunately I have had instances where the application has failed and PM2 hasn't restarted it
I suspect Docker may also be setup to automatically restart a failing container, and that I could also set it up so that the contents stdout and stderr get redirected into a file outside of the Docker container. This would make it easier to view them later. Is this possible? Indeed if it is possible is it good practice, or would I do better to continue to use pm2 inside the Docker container
You can start your containers with --restart=on-failure (see more on restart policies). This will cause the Docker engine to automatically restart the container if it exists with a non-zero exit code. Alternatively, use --restart=always to have the container restarted regardless of exit code. Personally, I would recommend against using PM2 inside Docker for a simple restart-on-failure, unless you need any of PM2's additional features.
Regarding logging: By default, Docker will capture all STDOUT and STDERR output of the container's main process and store them in its own logfiles (by default, in /var/lib/docker/containers/<CONTAINER-ID>/<CONTAINER-ID>-json.log). You can view them using docker logs <CONTAINER-NAME>.
If this is not what you want, you can change the logging mechanism by setting the --log-driver flag when starting a container (for example, to --log-driver=syslog). Again, see the documentation for more information.
更多推荐
发布评论