Docker

https://www.centos.bz/2018/02/%E5%AE%9A%E5%88%B6entrypoint%E8%87%AA%E5%8A%A8%E4%BF%AE%E6%94%B9docker%E4%B8%ADvolume%E7%9A%84%E6%9D%83%E9%99%90/ ………. Other way 1、make shell and run shell, before run docker-compose. mkdir ./data sudo chown docker ./data #sudo chown user01 ./data sudo chmod g+rwx ./data sudo chgrp 994 ./data Directory exist and correct Access. 994 or 50 or 1000 see /etc/passwd or /etc/group 2、But sometime OS install docker by you don’t know way… maybe have user dockerroot、group dockerroot or only group docker you maybe already run sudo usermod -a -G docker $(whoami) 100% in docker group. ...

docker & docker-compose 一堆坑 FROM alpine RUN apk –no-cache upgrade RUN apk update &&\ apk add bash

Use chown 1000 xxxoo xxxooo file name logtest: build: context: logtest/ volumes: - ./logtest/logs:./logs:rw networks: - elk command: | /bin/sh -c '/bin/sh -s << EOF echo "Start filebeat...." filebeat run -c ./filebeat.yml -v & sleep 2 while [ ! -f ./logs/filebeat ] do sleep 2 done chown 1000 ./logs/filebeat tail -f /dev/null EOF'

docker-compose.yml services: elasticsearch: logstash: kibana: nginx: docker-compose run ngnix docker-compose run kibana

restart docker service iptables be reset Docker Basic rule (New Docker maybe change somethings) *nat :PREROUTING ACCEPT [27:11935] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [598:57368] :POSTROUTING ACCEPT [591:57092] :DOCKER - [0:0] -A PREROUTING -m addrtype –dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype –dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE COMMIT # Completed on Sun Sep 20 17:35:31 2015 # Generated by iptables-save v1.4.21 on Sun Sep 20 17:35:31 2015 *filter :INPUT ACCEPT [139291:461018923] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [127386:5251162] :DOCKER - [0:0] -A FORWARD -o docker0 -j DOCKER -A FORWARD -o docker0 -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT COMMIT # Completed on Sun Sep 20 17:35:31 2015 ...