Πανεπιστήμιο Δυτικής Αττικής Τμήμα Μηχανικών Πληροφορικής και Υπολογιστών # Υπολογιστική Νέφους και Υπηρεσίες ## Θέμα: Wordpress #### Στόχος: Δημιουργία docker swarm | Ομάδα | AM | | ---- | ---- | | manager | 131039 | | worker | 131113 | | worker | 151108| |worker | 151015 | ------ ### 1. Χρήση παραδείγματος github ``` wget -r -np https://github.com/gabidavila/docker-wordpress-ssl-nginx-mysql ``` ### 2. Έλεγχος swarm *Εκτέλεση* ``` docker node ls ``` *Αποτελέσματα* ``` ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION ob89puh8bz9n5cdxrsppmug2z snf-12364 Ready Active 19.03.8 9gx538gc60i9vzda7j5ct31al * snf-12366 Ready Active Leader 19.03.8 6cgh0yeqa65r53n7fabw9079f snf-12565 Ready Active 18.09.7 tjxyrlr4zlj6xgxcsz6gbf6s7 snf-12591 Ready Active 18.09.7 ``` ### 3. Δημιουργία και εκτέλεση Dockerfile *Δημιουργία:* ``` # =============================================================================== # Dockerfile # "Wordpress + Nginx + Cached + NoDB" docker image - production ready # # What's it included: # # - php-fpm # - Wordpress - build with the **latest** version # - Nginx - as reverse proxy, HTTP / HTTPS enabled. # - Cache - fastcgi-cache, fastcgi_cache_purge, Opcache # - No DB included. # # Optional # # - Deploy `letsencrypt` SSL. # - Deploy normal SSL. # # @link https://letsencrypt.org/ | letsencrypt # # It is based on Ubuntu 14.04 LTS # =============================================================================== # Set the base image to Ubuntu FROM ubuntu:14.04 # File Author / Maintainer MAINTAINER Lei SHI # Default HTTP and HTTPS and MySQL ports EXPOSE 80 443 3306 # =============================================================================== # Env. Setup # # Keep upstart from complaining RUN dpkg-divert --local --rename --add /sbin/initctl && \ ln -sf /bin/true /sbin/initctl # Let the container know that there is no tty ENV DEBIAN_FRONTEND noninteractive # Update the repository sources list and finish upgrade RUN apt-get update && apt-get -y upgrade # ---------------------------------------------------------- # Dependencies # ---------------------------------------------------------- # Basic Dependencies # # The basic dependecies includes: # # - PHP & fpm # - MySQL client # - curl # - Git # - pwgen - Open-Source Password Generator # - python-setuptools - for `easy_install` # RUN apt-get install -y mysql-client-5.6 \ mysql-server-5.6 \ php5-fpm \ php5-mysql \ pwgen \ python-setuptools \ curl \ git \ unzip # **Wordpress** Dependencies RUN apt-get install -y php5-curl \ php5-gd \ php5-intl \ php-pear \ php5-imagick \ php5-imap \ php5-mcrypt \ php5-memcache \ php5-ming \ php5-ps \ php5-pspell \ php5-recode \ php5-sqlite \ php5-tidy \ php5-xmlrpc \ php5-xsl ### ---- FIX ----- # Fix 'add-apt-repository: not found' in Ubuntu 14.04 LTS RUN apt-get -y install software-properties-common \ python-software-properties # ---------------------------------------------------------- # Nginx # # Nginx compiled with `fastcgi_cache` and `fastcgi_cache_purge` # # @link https://easyengine.io/wordpress-nginx/tutorials/single-site/fastcgi-cache-with-purging/ # ---------------------------------------------------------- RUN add-apt-repository ppa:rtcamp/nginx && \ apt-get update && \ apt-get remove nginx* && \ apt-get install -y nginx-custom ############################################################ # Configurations # # ---------------------------------------------------------- # MySQL Config # ---------------------------------------------------------- # RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf COPY config/my.cnf /etc/mysql/my.cnf # ---------------------------------------------------------- # Nginx Config # ---------------------------------------------------------- # Create uer for Nginx running RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login www-front # Copy config files to `/etc/nginx/` folder COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/nginx-site-http.conf /etc/nginx/nginx-site-http.conf COPY config/nginx-site-https.conf /etc/nginx/nginx-site-https.conf # Default **site** config - HTTP # Later if need to enforce SSL, use `nginx-site-http.conf` instead. COPY config/nginx-site-http.conf /etc/nginx/sites-available/default COPY config/nginx-ssl.conf /etc/nginx/ssl-template.conf COPY config/nginx-restrictions.conf /etc/nginx/restrictions.conf # ---------------------------------------------------------- # PHP-fpm Config # ---------------------------------------------------------- RUN sed -i -e "s/;cgi.fix_pathinfo\s*=\s*1/cgi.fix_pathinfo = 0/g; s/expose_php\s*=\s*On/expose_php = Off/g" \ /etc/php5/fpm/php.ini RUN sed -i -e "s/expose_php\s*=\s*On/expose_php = Off/g" /etc/php5/fpm/php.ini RUN sed -i -e "s/upload_max_filesize\s*=\s*2M/upload_max_filesize = 100M/g; s/post_max_size\s*=\s*8M/post_max_size = 100M/g" \ /etc/php5/fpm/php.ini #RUN sed -i -e "s/post_max_size\s*=\s*8M/post_max_size = 100M/g" /etc/php5/fpm/php.ini RUN sed -i -e "s/;daemonize\s*=\s*yes/daemonize = no/g" /etc/php5/fpm/php-fpm.conf RUN sed -i -e "s/;catch_workers_output\s*=\s*yes/catch_workers_output = yes/g; s/listen\s*=\s*\/var\/run\/php5-fpm.sock/listen = 127.0.0.1:9000/g; s/;listen.allowed_clients\s*=\s*127.0.0.1/listen.allowed_clients = 127.0.0.1/g" \ /etc/php5/fpm/pool.d/www.conf #RUN sed -i -e "s/listen\s*=\s*\/var\/run\/php5-fpm.sock/listen = 127.0.0.1:9000/g" /etc/php5/fpm/pool.d/www.conf #RUN sed -i -e "s/;listen.allowed_clients\s*=\s*127.0.0.1/listen.allowed_clients = 127.0.0.1/g" /etc/php5/fpm/pool.d/www.conf # ---------------------------------------------------------- # Opcode Config # ---------------------------------------------------------- RUN sed -i -e"s/^;opcache.enable\s*=\s*0/opcache.enable = 1/; s/^;opcache.max_accelerated_files\s*=\s*2000/opcache.max_accelerated_files = 4000/" /etc/php5/fpm/php.ini #RUN sed -i -e"s/^;opcache.max_accelerated_files\s*=\s*2000/opcache.max_accelerated_files = 4000/" /etc/php5/fpm/php.ini # =============================================================================== # Install & Config Supervisor # # Supervisor is a process manager which makes managing a number of long-running programs a trivial task # by providing a consistent interface through which they can be monitored and controlled. # # it uses `easy_install` (from `python-setuptools`) to install **supervisor**. # # @link http://supervisord.org/# # RUN /usr/bin/easy_install supervisor && \ /usr/bin/easy_install supervisor-stdout COPY config/supervisord.conf /etc/supervisord.conf # =============================================================================== # Install Wordpress # # Get the code of **latest** version. RUN cd /usr/share/nginx/ && \ curl -o wp-latest.tar.gz https://wordpress.org/latest.tar.gz && \ tar -xvf wp-latest.tar.gz && \ rm wp-latest.tar.gz # Target **webroot** - `/usr/share/nginx/www` RUN rm -rf /usr/share/nginx/www && \ mv /usr/share/nginx/wordpress /usr/share/nginx/www && \ chown -R www-data:www-data /usr/share/nginx/www # =============================================================================== # System Initialization # ## Copy the **pre-defined** bash script COPY bash/init.sh /init.sh ## Modify the permisison - make sure they are excuatable RUN chmod 755 /init.sh # Set up default CMD CMD ["/bin/bash", "/init.sh"] # =============================================================================== # Copy "optional" scripts # # Under `/addon` folder. # # `letsencrypt` SSL related # @link https://letsencrypt.org/ | letsencrypt COPY bash/ssl-letsencrypt.sh /addon/letsencrypt/ssl-letsencrypt.sh # Normal SSL related COPY bash/ssl.sh /addon/ssl.sh # Install WP plugins COPY bash/wp-install-plugins.sh /addon/wp-install-plugins.sh # =============================================================================== # Volume Mounting # # - Wprdpress webroot # - Log # # Mount the volumns VOLUME ["/var/lib/mysql", "/usr/share/nginx/www", "/var/log"] ``` *Εκτέλεση:* ``` chmod +x ./Dockerfile ./Dockerfile docker images ``` ### 4. Δημιουργία docker-compose.yml ``` version: '3.7' services: db: image: mariadb volumes: - db_data:/var/lib/mysql ports: - "3306:3306" networks: - wp-net restart: always environment: MYSQL_ROOT_PASSWORD: wordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress deploy: placement: constraints: [node.role == worker] replicas: 1 update_config: delay: 10s restart_policy: condition: on-failure wordpress: depends_on: - db image: wordpress:latest ports: - "9000:80" restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress volumes: - wordpress:/var/www/html networks: - wp-net deploy: placement: constraints: [node.role == worker] replicas: 1 resources: limits: #max resources cpus: '0.50' memory: 50M reservations: #default resources cpus: '0.25' memory: 20M update_config: delay: 10s restart_policy: condition: on-failure nginx: image: nginx ports: - 80:80 - 443:443 volumes: - wordpress:/var/www/html - ./nginx.conf:/etc/nginx/conf.conf depends_on: - wordpress networks: - wp-net deploy: mode: replicated replicas: 1 restart_policy: condition: on-failure minio1: image: minio/minio:RELEASE.2020-06-03T22-13-49Z hostname: minio1 volumes: - minio1-data:/export ports: - "9005:9000" networks: - minio_distributed deploy: restart_policy: delay: 10s max_attempts: 10 window: 60s placement: constraints: - node.labels.minio1==true command: server http://minio{1...4}/export secrets: - secret_key - access_key healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 minio2: image: minio/minio:RELEASE.2020-06-03T22-13-49Z hostname: minio2 volumes: - minio2-data:/export ports: - "9006:9000" networks: - minio_distributed deploy: restart_policy: delay: 10s max_attempts: 10 window: 60s placement: constraints: - node.labels.minio2==true command: server http://minio{1...4}/export secrets: - secret_key - access_key healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 minio3: image: minio/minio:RELEASE.2020-06-03T22-13-49Z hostname: minio3 volumes: - minio3-data:/export ports: - "9007:9000" networks: - minio_distributed deploy: restart_policy: delay: 10s max_attempts: 10 window: 60s placement: constraints: - node.labels.minio3==true command: server http://minio{1...4}/export secrets: - secret_key - access_key healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 minio4: image: minio/minio:RELEASE.2020-06-03T22-13-49Z hostname: minio4 volumes: - minio4-data:/export ports: - "9008:9000" networks: - minio_distributed deploy: restart_policy: delay: 10s max_attempts: 10 window: 60s placement: constraints: - node.labels.minio4==true command: server http://minio{1...4}/export secrets: - secret_key - access_key healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 volumes: minio1-data: minio2-data: minio3-data: minio4-data: db_data: wordpress: networks: wp-net: minio_distributed: driver: overlay secrets: secret_key: external: true access_key: external: true ``` ### 5. Swarm deploy ``` docker stack deploy -c docker-compose.yml wordpress docker service ls ``` *Αποτελέσματα* ``` vihqdyawjc10 nefos_db replicated 1/1 mariadb:latest *:3306->3306/tcp y7nbv60la2sg nefos_minio1 replicated 1/1 minio/minio:RELEASE.2020-06-03T22-13-49Z *:9005->9000/tcp 0bcjccvpagd2 nefos_minio2 replicated 1/1 minio/minio:RELEASE.2020-06-03T22-13-49Z *:9006->9000/tcp 17vpuld32qui nefos_minio3 replicated 0/1 minio/minio:RELEASE.2020-06-03T22-13-49Z *:9007->9000/tcp 0mbyzsuq5gvq nefos_minio4 replicated 0/1 minio/minio:RELEASE.2020-06-03T22-13-49Z *:9008->9000/tcp 8izloz68b9ky nefos_nginx replicated 1/1 nginx:latest *:80->80/tcp, *:443->443/tcp 2cbg82sytzbg nefos_wordpress replicated 1/1 wordpress:latest *:9000->80/tcp ``` ### 6. Nginx configuration ``` server { listen 80; server_name localhost; root /var/www/html; index index.php; access_log /var/log/nginx/wordpress-access.log; error_log /var/log/nginx/wordpress-error.log; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass wordpress:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; } } ``` ### 7. Update Minio nodes ``` docker node update --label-add minio1=true snf-12364 docker node update --label-add minio2=true snf-12366 docker node update --label-add minio3=true snf-12565 docker node update --label-add minio4=true snf-12591 docker node update --label-add group=minio snf-12364 docker node update --label-add group=minio snf-12565 ```