1十、經過案例學習Secret (Swarm17)

 
在下面的例子中,咱們會部署一個 WordPress 應用,WordPress 是流行的開源博客系統。
 
咱們將建立一個 Mysql Service ,將密碼保存到secret 中。咱們還會建立一個 WordPress service ,他將使用 secret 鏈接Mysql 。這個例子將展現如何使用secret避免在image中存放敏感信息,或者在命令行中直接傳遞敏感信息。
 
建立 secret
 
root@host03:~# openssl rand -base64 20 | docker secret create mysql_root_password -    #    直接生成隨機字符串並建立secret
4pjwxd6sr9du56wi1zpicejoy
root@host03:~# docker secret inspect mysql_root_password
[
    {
        "ID": "4pjwxd6sr9du56wi1zpicejoy",
        "Version": {
            "Index": 17167
        },
        "CreatedAt": "2019-05-16T06:52:50.88254189Z",
        "UpdatedAt": "2019-05-16T06:52:50.88254189Z",
        "Spec": {
            "Name": "mysql_root_password",
            "Labels": {}
        }
    }
]
root@host03:~# openssl rand -base64 20 > password.txt    #    生成隨機字符串保存到文件
root@host03:~# docker secret create mysql_root_password_file ./password.txt    #    從文件讀取密碼生成secret
m6rc31lat7wutlcmfxn88z8dy
root@host03:~# docker secret inspect mysql_root_password_file
[
    {
        "ID": "m6rc31lat7wutlcmfxn88z8dy",
        "Version": {
            "Index": 17168
        },
        "CreatedAt": "2019-05-16T06:54:19.792675996Z",
        "UpdatedAt": "2019-05-16T06:54:19.792675996Z",
        "Spec": {
            "Name": "mysql_root_password_file",
            "Labels": {}
        }
    }
]
root@host03:~# openssl rand -base64 20 | docker secret create mysql_password -    #    咱們這裏爲WordPress建立一個非root的secret
v6a7aqck9okemsopzc870e6p4
root@host03:~# docker secret inspect mysql_password
[
    {
        "ID": "v6a7aqck9okemsopzc870e6p4",
        "Version": {
            "Index": 17169
        },
        "CreatedAt": "2019-05-16T06:57:15.399204873Z",
        "UpdatedAt": "2019-05-16T06:57:15.399204873Z",
        "Spec": {
            "Name": "mysql_password",
            "Labels": {}
        }
    }
]
 
root@host03:~# docker secret ls
ID                          NAME                       DRIVER              CREATED              UPDATED
v6a7aqck9okemsopzc870e6p4   mysql_password                                 About a minute ago   About a minute ago    
4pjwxd6sr9du56wi1zpicejoy   mysql_root_password                            5 minutes ago        5 minutes ago         
m6rc31lat7wutlcmfxn88z8dy   mysql_root_password_file                       4 minutes ago        4 minutes ago
 
 
建立自定義 overlay 網絡
 
root@host03:~# docker network create --driver overlay mysql_private
ssi9vxai6fppn1xfydaoedjth
root@host03:~# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
c31c660ab056        bridge              bridge              local
b5ff39d0ca1f        docker_gwbridge     bridge              local
e9f624212e28        host                host                local
sngp88bsqode        ingress             overlay             swarm
ssi9vxai6fpp        mysql_private       overlay             swarm
39b5e5857095        none                null                local
 
 
建立mysql service
 
root@host03:~# docker service create --name mysql --network mysql_private --secret source=mysql_root_password,target=mysql_root_password --secret source=mysql_password,target=mysql_password -e MYSQL_ROOT_PASSWORD_FILE='/run/secrets/mysql_root_password' -e MYSQL_PASSWORD_FILE='/run/secrets/mysql_password' -e MYSQL_USER='wordpress' -e MYSQL_DATABASE='wordpress' mysql:5.7
image mysql:latest could not be accessed on a registry to record
its digest. Each node will access mysql:latest independently,
possibly leading to different nodes running different
versions of the image.
wtcc6kth07v7hmf528bfe1p1y
overall progress: 1 out of 1 tasks
1/1: running   [==================================================>]
verify: Service converged
 
root@host03:~# docker service ps mysql
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE                 ERROR                           PORTS
p69wao0p573p        mysql.1             mysql:latest        host01              Running             Running about a minute ago                                    
 
 
建立 WordPress service
 
root@host03:~# docker service create --name wordpress --network mysql_private --publish 80:80 --secret source=mysql_password,target=wp_db_password -e WORDPRESS_DB_HOST='mysql:3306' -e WORDPRESS_DB_NAME='wordpress' -e WORDPRESS_DB_USER='wordpress' -e WORDPRESS_DB_PASSWORD_FILE='/run/secrets/wp_db_password' wordpress
sl396197rt8jh52xwsrg7x2gv
overall progress: 1 out of 1 tasks
1/1: running   [==================================================>]
verify: Service converged
 
root@host03:~# docker service ps wordpress
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
bvlccd2fsho2        wordpress.1         wordpress:latest    host02              Running             Running 17 seconds ago                       
 
 
訪問 WordPress頁面 http://10.12.31.211
 
 
 
相關文章
相關標籤/搜索