java 访问docker的环境
1. 配置环境
新增 ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
root@ros-OptiPlex-3050:~# nano /lib/systemd/system/docker.service
root@ros-OptiPlex-3050:~# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
重启docker
root@ros-OptiPlex-3050:~# service docker reload
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
root@ros-OptiPlex-3050:~# systemctl daemon-reload
root@ros-OptiPlex-3050:~# systemctl docker restart
Unknown operation docker.
root@ros-OptiPlex-3050:~# service docker restart
检测配置的端口
root@ros-OptiPlex-3050:~# netstat -antp | grep 2375
tcp6 0 0 :::2375 :::* LISTEN 19143/dockerd
2. Java访问客户端
加载docker-java的jar
<!-- https://mvnrepository.com/artifact/com.github.docker-java/docker-java -->
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java</artifactId>
<version>3.0.14</version>
</dependency> 初始化客户端访问
DockerClient dockerClient = DockerClientBuilder.getInstance().build();
3. 配置证书认证
新建文件夹并导入证书
配置ca的密码
root@ros-OptiPlex-3050:/home/hett/certs# openssl genrsa -aes256 -out ca-key.pem 4096
Generating RSA private key, 4096 bit long modulus
........................................................................................................................................++
...........................................................................................................................................................................................................................................................................................................................................................................................++
e is 65537 (0x10001)
Enter pass phrase for ca-key.pem:
Verifying - Enter pass phrase for ca-key.pem:
root@ros-OptiPlex-3050:/home/hett/certs# openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:china
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [AU]:ch
State or Province Name (full name) [Some-State]:hett
Locality Name (eg, city) []:hefei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hrg
Organizational Unit Name (eg, section) []:ai
Common Name (e.g. server FQDN or YOUR name) []:192.168.30.240
Email Address []:1771084007@qq.com Common Name,说是要你填写,server FQDN或your name,意味着可以随便写,但是我在这里建议,写Docker所在服务器的IP,这个很重要。这个IP后边还会用到,我这里是192.168.99.101,在生产环境下,用使用你docker宿主机的DNS name替换下面的填入Common name,如api.google.com等
生成私钥
root@ros-OptiPlex-3050:/home/hett/certs# openssl genrsa -out server-key.pem 4096
Generating RSA private key, 4096 bit long modulus
................++
..........................++
e is 65537 (0x10001)
生成证书
root@ros-OptiPlex-3050:/home/hett/certs# openssl req -subj "/CN=192.168.30.240" -sha256 -new -key server-key.pem -out server.csr
下面我们可以用CA来签署证书了。这里我们可以填写IP地址或则DNS name,如,我们需要允许10.10.10.20和127.0.0.1连接:
$echo subjectAltName = IP:10.10.10.20, IP:127.0.0.1 > extfile.cnf,
上述命令有点像一个过滤器,如果地址填的不全,远程API就无法访问该Docker,那么我们就把,地址填的全一些,我的命令是这样滴:
$echo subjectAltName = DNS:192.168.99.101, IP: 192.168.99.101, IP: 192.168.1.101, IP:0.0.0.0, IP:127.0.0.1 > extfile.cnf
然后,将上述多个生成信息,写入文件。用如下命令。
$openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
再看客户端私钥:
$openssl genrsa -out key.pem 4096
下一步再生成客户端证书请求文件:
$openssl req -subj '/CN=client' -new -key key.pem -out client.csr
用CA为客户端签署证书文件:
$openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf
这时候,还需要输入你的密码,我的密码是
java 访问docker的环境的更多相关文章
- Docker学习笔记之搭建Docker运行环境
0x00 概述 既然 Docker 是一款实用软件,我们就不得不先从它的安装说起,只有让 Docker 运行在我们的计算机上,才能更方便我们对 Docker 相关知识和使用方式的学习.得益于与商业性的 ...
- 服务器部署docker lnmp环境
一.安装dockerDocker要求运行在Centos 7上,要求系统为64位,系统内核版本3.10以上 1.uname -an 查看当前系统版本 2.yum -y install docker 下载 ...
- Docker容器环境下ASP.NET Core Web API应用程序的调试
本文主要介绍通过Visual Studio 2015 Tools for Docker – Preview插件,在Docker容器环境下,对ASP.NET Core Web API应用程序进行调试.在 ...
- [THINKING IN JAVA]访问权限控制
6 访问权限控制 6.1 包:库单元 package.import.import *.import static: 修改classpath环境变量可以将自己写的类库添加至环境变量并在任何java程序中 ...
- Java开发和运行环境的搭建
Java开发需要准备的东西? JDK+Eclipse 其中JDK的意思是Java开发工具包,Eclipse是进行用于做Java程序开发的工具(当然你也可以用记事本什么的去做). 其他开发工具:JCre ...
- Java及Android开发环境搭建
前言 自从接触java以来,配置环境变量折腾了好几次,也几次被搞得晕头转向,后来常常是上网查阅相关资料才解决.但是过一段时间后一些细节就会记不清了,当要在其他机子上配置时又得上网查或者查阅相关书籍,如 ...
- eclipse ide for java ee developers 开发环境搭建(j2ee)
转载自:http://www.iteye.com/topic/982182 真的是一片很不错的文章啊! 使用eclipse真的有年头了,相信java程序员没有不知道它的,最近在给团队中新来的应届生做指 ...
- Docker容器环境下ASP.NET Core Web API
Docker容器环境下ASP.NET Core Web API应用程序的调试 本文主要介绍通过Visual Studio 2015 Tools for Docker – Preview插件,在Dock ...
- Hadoop(五)搭建Hadoop与Java访问HDFS集群
前言 上一篇详细介绍了HDFS集群,还有操作HDFS集群的一些命令,常用的命令: hdfs dfs -ls xxx hdfs dfs -mkdir -p /xxx/xxx hdfs dfs -cat ...
随机推荐
- windows64位 redis安装 步骤
官方下载:http://redis.io/download 可以根据需要下载不同版本 windows版:https://github.com/MSOpenTech/redis/releases 在D盘 ...
- CSS实现三角形图标原理解析
CSS实现三角形图标原理解析: border边框语法: border 四条边框设置border-left 设置左边框,一般单独设置左边框样式使用border-right 设置右边框,一般单独设置右边框 ...
- ZOJ 3512 Financial Fraud (左偏树)
题意:给定一个序列,求另一个不递减序列,使得Abs(bi - ai) 和最小. 析:首先是在每个相同的区间中,中位数是最优的,然后由于要合并,和维护中位数,所以我们选用左偏树来维护,当然也可以用划分树 ...
- VC OnCtlColor函数来修改控件背景颜色
CWnd::OnCtlColor afx_msg HBRUSH OnCtlColor( CDC* pDC, CWnd* pWnd, UINT nCtlColor ); 返回值:OnCtlColor必须 ...
- 如何获取AppStore上应用的ipa安装包
1.首先你得去下载一个Apple Configurator 2,我们通过这个工具来获取ipa包,从AppStore上下载安装你需要获取的App 2.连接手机,打开Apple Configurator ...
- Working Experience - WPF XAML 报错 - 命名空间中不存在该名称
问题 编辑 xaml 时,VS 提示一个存在的类不存在(如:命名空间"xxx"中不存在"xxx"名称). 运行环境 Windows 版本:Window 10 V ...
- 微服务监控神器Prometheus的安装部署
本文涉及:如何在k8s下搭建Prometheus+grafana的监控环境 基本概念 Prometheus提供了容器和云原生领域数据搜集.存储.处理.可视化和告警一套完整的解决方案,最初时是由Soun ...
- java.sql.SQLException: Could not commit with auto-commit set on
This kind of exceptions occur when the Oracle JDBC Driver (ojdbc6.jar) version 12 or above will be u ...
- [Java]String、 StringBuffer、StringBuilder的区别
一.异同点: 1) 都是 final 类, 都不允许被继承; 2) String 长度是不可变的, StringBuffer.StringBuilder 长度是可变的; 3) StringBuffer ...
- [NWPU2016][寒假作业][正常版第三组]I
素数环,简单的dfs,但这道题我有个小地方写错了半天发现不了..就是flag数组的位置.一定要放在if里面,刚开始没注意,一不小心写到外面了. #include <iostream> #i ...