一、安装php项目初始镜像php8.1.0:alpine
1、镜像测试:
镜像对比:
Base image Size Time to install tcpdump
alpine:3.11 5.6 MB 1-2s
archlinux:20200106 409 MB 7-9s
centos:8 237 MB 5-6s
debian:10 114 MB 5-7s
fedora:31 194 MB 35-60s
ubuntu:18.04 64 MB 6-8s
2. 下载官方php8.1.0-alpine镜像
https://hub.docker.com/layers/library/php/8.1.0-fpm-alpine3.15/images/sha256-489eda60a2d06649c966f89babafb668b0607ac9f97f5a72b6b5499f0000ce21?context=explore
[root@longxi-01 ~]# docker pull php:8.1.0-fpm-alpine3.15
3. 自定义一些参数使用这个镜像为项目的初始镜像:
[root@longxi-01 ~]# vim Dockerfile
FROM php:8.1.0-fpm-alpine3.15
RUN echo “http://mirrors.aliyun.com/alpine/v3.15/main” > /etc/apk/repositories \
&& echo “http://mirrors.aliyun.com/alpine/v3.15/community” >> /etc/apk/repositories \
&& mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \
&& sed -i ‘s/www-data/root/p’ /usr/local/etc/php-fpm.d/www.conf
CMD [“php-fpm”,”-R”]
注释:
1. 替换/etc/apk/repositories是更换为阿里云的下载源,加快下载速度便于后期下载扩展使用
2. 使用php.ini当配置文件使用
3. 使用root用户启动php-fpm防止出现权限问题报错,改了root用户后必须使用php-fpm -R 启动
[root@longxi-01 ~]# docker build -t php8.1.0-alpine:v1 .
二、安装扩展的方法
一共有三种方法:
1. 容器内无需下载已自带的一些拓展如:gd
查看docker容器中已经打了哪些扩展包,可以直接下载使用:
[root@longxi-01 ~]# docker run -itd php8.1.0-alpine:v1
a6122592d4979a398d139b58b52a8416247702ed45db36b2c1bf437705ef2293
[root@longxi-01 ~]# docker exec -it a6122592d4979a398d139b58b52a8416247702ed45db36b2c1bf437705ef2293 sh
/var/www/html # docker-php-source extract #拉取所有的docker已打包的扩展到/usr/src
/var/www/html # ls /usr/src/php/ext
如图所示这些扩展都可以使用docker自带命令直接下载,可以写入Dockerfile中
[root@longxi-01 docker]# vim Dockerfile
FROM php8.1.0-alpine:v1
RUN apk update && apk add –no-cache freetype-dev libjpeg-turbo-dev libpng-dev \
&& docker-php-ext-configure gd –with-freetype –with-jpeg \
&& docker-php-ext-install gd \
&& docker-php-ext-install bcmath
[root@longxi-01 docker]# docker build -t php8.1.0-alpine:v2 .
[root@longxi-01 docker]# docker run -it php8.1.0-alpine:v2 sh -c “php -m”
如图这两扩展都已安装
2. pecl库中存在的扩展,比较常见的就是redis、swoole等扩展
我就实战操作了,和上述的安装扩展方法差不多
FROM php8.1.0-alpine:v1
RUN apk update && apk add –no-cache \
autoconf g++ make libmemcached-dev \
&& pecl install redis-6.0.0 \
&& docker-php-ext-enable redis \
&& pecl install memcached \
&& docker-php-ext-enable memcached \
&& pecl install swoole \
&& docker-php-ext-enable swoole
3. 自己编译生成扩展,以zmq为例
FROM php8.1.0-alpine:v1
# 安装zmq扩展
RUN cd /usr/src \
&& apk add –no-cache –virtual .git_deps git \
&& git clone git://github.com/mkoppanen/php-zmq.git \
&& apk del .git_deps \
&& apk add –no-cache zeromq-dev \
&& cd php-zmq \
&& phpize \
&& ./configure \
&& make \
&& make install \
&& docker-php-ext-enable zmq
三、安装supervisor管理进程
[root@longxi-01 docker]# vim Dockerfile
FROM php8.1.0-alpine:v2
RUN apk add supervisor
[root@longxi-01 docker]# docker build -t php8.1.0-alpine:v3 .
四、简单阐述一下cicd流程
综上所述,整个php项目运行的一些环境基本上都已经安装完成了
自动化最常见的打包部署流程搭配:gitlab 、jenkins、harbor、ansible、docker
1.使用supervisor启动php-fpm进程或者swoole以及其他的进程,最常见做法supervisor.d.conf和使用初始镜像构建项目的Dockerfile文件与php后台代码一起上传到gitlab
supervisord.conf文件:
; Sample supervisor config file.
;
; For more information on the config file, please see:
; http://supervisord.org/configuration.html
;
; Notes:
; – Shell expansion (“~” or “$HOME”) is not supported. Environment
; variables can be expanded using this syntax: “%(ENV_HOME)s”.
; – Quotes around values are not supported, except in the case of
; the environment= options as shown below.
; – Comments must have a leading space: “a=b ;comment” not “a=b;comment”.
; – Command will be truncated if it looks like a config file comment, e.g.
; “command=bash -c ‘foo ; bar'” will truncate to “command=bash -c ‘foo “.
;
; Warning:
; Paths throughout this example file use /tmp because it is available on most
; systems. You will likely need to change these to locations more appropriate
; for your system. Some systems periodically delete older files in /tmp.
; Notably, if the socket file defined in the [unix_http_server] section below
; is deleted, supervisorctl will be unable to connect to supervisord.
[unix_http_server]
file=/run/supervisord.sock ; the path to the socket file
;chmod=0700 ; socket file mode (default 0700)
;chown=nobody:nogroup ; socket file uid:gid owner
;username=user ; default is no username (open server)
;password=123 ; default is no password (open server)
; Security Warning:
; The inet HTTP server is not enabled by default. The inet HTTP server is
; enabled by uncommenting the [inet_http_server] section below. The inet
; HTTP server is intended for use within a trusted environment only. It
; should only be bound to localhost or only accessible from within an
; isolated, trusted network. The inet HTTP server does not support any
; form of encryption. The inet HTTP server does not use authentication
; by default (see the username= and password= options to add authentication).
; Never expose the inet HTTP server to the public internet.
[inet_http_server] ; inet (TCP) server disabled by default
port=127.0.0.1:9001 ; ip_address:port specifier, *:port for all iface
;username=user ; default is no username (open server)
;password=123 ; default is no password (open server)
[supervisord]
logfile=/var/log/supervisord.log ; main log file; default $CWD/supervisord.log
;logfile_maxbytes=50MB ; max main logfile bytes b4 rotation; default 50MB
;logfile_backups=10 ; # of main logfile backups; 0 means none, default 10
;loglevel=info ; log level; default info; others: debug,warn,trace
;pidfile=/run/supervisord.pid ; supervisord pidfile; default supervisord.pid
nodaemon=true ; start in foreground if true; default false
;silent=false ; no logs to stdout if true; default false
;minfds=1024 ; min. avail startup file descriptors; default 1024
;minprocs=200 ; min. avail process descriptors;default 200
;umask=022 ; process file creation umask; default 022
;user=chrism ; setuid to this UNIX account at startup; recommended if root
;identifier=supervisor ; supervisord identifier, default is ‘supervisor’
;directory=/tmp ; default is not to cd during start
;nocleanup=true ; don’t clean up tempfiles at start; default false
;childlogdir=/var/log/supervisor ; ‘AUTO’ child log dir, default $TEMP
;environment=KEY=”value” ; key value pairs to add to environment
;strip_ansi=false ; strip ansi escape codes in logs; def. false
; The rpcinterface:supervisor section must remain in the config file for
; RPC (supervisorctl/web interface) to work. Additional interfaces may be
; added by defining them in separate [rpcinterface:x] sections.
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
; The supervisorctl section configures how supervisorctl will connect to
; supervisord. configure it match the settings in either the unix_http_server
; or inet_http_server section.
[supervisorctl]
serverurl=unix:///run/supervisord.sock ; use a unix:// URL for a unix socket
;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=chris ; should be same as in [*_http_server] if set
;password=123 ; should be same as in [*_http_server] if set
;prompt=mysupervisor ; cmd line prompt (default “supervisor”)
;history_file=~/.sc_history ; use readline history if available
; The sample program section below shows all possible program subsection values.
; Create one or more ‘real’ program: sections to be able to control them under
; supervisor.
;[program:theprogramname]
;command=/bin/cat ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=999 ; the relative start priority (default 999)
;autostart=true ; start at supervisord start (default: true)
;startsecs=1 ; # of secs prog must stay up to be running (def. 1)
;startretries=3 ; max # of serial start failures when starting (default 3)
;autorestart=unexpected ; when to restart if exited after running (def: unexpected)
;exitcodes=0 ; ‘expected’ exit codes used with autorestart (default 0)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false ; send stop signal to the UNIX process group (default false)
;killasgroup=false ; SIGKILL the UNIX process group (def false)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=true ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)
;stdout_capture_maxbytes=1MB ; number of bytes in ‘capturemode’ (default 0)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stdout_syslog=false ; send stdout to syslog with process name (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)
;stderr_capture_maxbytes=1MB ; number of bytes in ‘capturemode’ (default 0)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;stderr_syslog=false ; send stderr to syslog with process name (default false)
;environment=A=”1″,B=”2″ ; process environment additions (def no adds)
;serverurl=AUTO ; override serverurl computation (childutils)
; The sample eventlistener section below shows all possible eventlistener
; subsection values. Create one or more ‘real’ eventlistener: sections to be
; able to handle event notifications sent by supervisord.
;[eventlistener:theeventlistenername]
;command=/bin/eventlistener ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;events=EVENT ; event notif. types to subscribe to (req’d)
;buffer_size=10 ; event buffer queue size (default 10)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=-1 ; the relative start priority (default -1)
;autostart=true ; start at supervisord start (default: true)
;startsecs=1 ; # of secs prog must stay up to be running (def. 1)
;startretries=3 ; max # of serial start failures when starting (default 3)
;autorestart=unexpected ; autorestart if exited after running (def: unexpected)
;exitcodes=0 ; ‘expected’ exit codes used with autorestart (default 0)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false ; send stop signal to the UNIX process group (default false)
;killasgroup=false ; SIGKILL the UNIX process group (def false)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=false ; redirect_stderr=true is not allowed for eventlisteners
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stdout_syslog=false ; send stdout to syslog with process name (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;stderr_syslog=false ; send stderr to syslog with process name (default false)
;environment=A=”1″,B=”2″ ; process environment additions
;serverurl=AUTO ; override serverurl computation (childutils)
; The sample group section below shows all possible group values. Create one
; or more ‘real’ group: sections to create “heterogeneous” process groups.
;[group:thegroupname]
;programs=progname1,progname2 ; each refers to ‘x’ in [program:x] definitions
;priority=999 ; the relative start priority (default 999)
; The [include] section can just contain the “files” setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor.d/*.ini
;这是使用php-fpm启动,如果使用swoole就把这段注释掉
[program:php-fpm]
command=php-fpm -R -F
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/code/storage/logs/php-fpm.log
;如果要跑定时任务,需启动这个进程
[program:crond]
command=/usr/sbin/crond -f
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/code/storage/logs/crond.log
;swoole启动,案例使用的php-fpm启动先注释
;[program:swoole]
;command=php artisan swoole:http start
;autostart=true
;autorestart=true
;redirect_stderr=true
;stdout_logfile=/code/storage/logs/swoole.log
Dockerfile文件
FROM php8.1.0-alpine:v3
WORKDIR /code
ADD . /code
COPY supervisord.conf /etc/supervisord.conf
CMD [“/usr/bin/supervisord”, “-c”, “/etc/supervisord.conf”]
1. 可以使用jenkins拉取后台代码先下载其相关依赖
2. 使用docker build -t 打包上述Dockerfile文件生成一个项目docker容器并上传至harbor
3.使用ansible连接部署到主机上
3.最后利用ansible中的docker_container模块,拉取项目容器、挂载项目.env或者config.php等相关配置文件、挂载日志目录,需要映射的端口等
评论0