docker入门学习
作者:mj培根【mjboy】
参考:老男孩教育、docker官方手册、Google
docker安装
(1)虚拟机环境准备
yum源准备:
CentOS 7
阿里云
base源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
之后运行yum makecache生成缓存
中科大
base源:一串文件
epel源
sudo yum install -y epel-release
sudo sed -e 's!^mirrorlist=!#mirrorlist=!g' \
-e 's!^#baseurl=!baseurl=!g' \
-e 's!//download\.fedoraproject\.org/pub!//mirrors.ustc.edu.cn!g' \
-e 's!http://mirrors\.ustc!https://mirrors.ustc!g' \
-i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo
准备两台虚拟机:docker01、docker02
修改主机名和ip
docker01
hostnamectl set-hostname docker01
sed -i 's#IPADDR=10.0.0.201#IPADDR=10.0.0.11#g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's#IPADDR=172.16.1.201#IPADDR=172.16.1.11#g' /etc/sysconfig/network-scripts/ifcfg-eth1
systemctl restart network.service
docker02
hostnamectl set-hostname docker02
sed -i 's#IPADDR=10.0.0.201#IPADDR=10.0.0.12#g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's#IPADDR=172.16.1.201#IPADDR=172.16.1.12#g' /etc/sysconfig/network-scripts/ifcfg-eth1
systemctl restart network.service
host解析:
[root@docker01 ~]# vim /etc/hosts
127.0.0.1 localhost
::1 localhost
192.168.19.200 mirrors.aliyun.com
202.141.176.110 mirrors.ustc.edu.cn
[root@docker01 ~]# echo $LANG
zh_CN.UTF-8
(2)docker-ce软件准备与安装
中科大
1)docker-ce.repo
中科大:wget http://centos.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -i 's#download.docker.com#mirrors.ustc.edu.cn/docker-ce#g' docker-ce.repo
2)docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
下载docker-ce安装包,并yum localinstall安装
中科大:http://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
阿里云:
https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
或者直接yum install -y docker即可
[root@docker01 tools]# yum localinstall docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm -y
(3)验证是否安装成功
[root@docker01 tools]# rpm -qa|grep docker
docker-ce-18.03.1.ce-1.el7.centos.x86_64
--------------------------------------------------------------------------------------------------------------
docker加速器:
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://5deb2181.m.daocloud.io
docker加速
Docker CE 的官方文档有中文版,但更新可能不如英文版及时,请移步 https://docs.docker-cn.com/engine/installation/ 。
安装完 Docker CE 之后,替换掉官方的 Docker Registry 服务,可加快拉取 Docker 镜像的速度,请
参考 Docker Hub 源使用帮助。(http://mirrors.ustc.edu.cn/help/dockerhub.html)
Docker Hub 镜像缓存
使用说明
Linux
在配置文件 /etc/docker/daemon.json 中加入:
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
重新启动dockerd:
sudo service docker restart
# docker启动、关闭、重启状态查看
[root@docker01 ~]# systemctl start docker.service
[root@docker01 ~]# systemctl stop docker.service
[root@docker01 ~]# systemctl restart docker.service
[root@docker01 ~]# ps -ef|grep docker|grep -v grep
root 3604 1 0 23:31 ? 00:00:00 /usr/bin/dockerd
root 3608 3604 0 23:31 ? 00:00:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
注意:docker卸载
yum list installed | grep docker
yum -y remove docker-client.x86_64 docker-common.x86_64
docker镜像操作命令
搜索镜像
docker search
获取镜像
docker pull
docker image pull
删除镜像
docker image rm alpine
docker image rm alpine:latest
docker image rm IMAGE ID [3fd9065eaf02]
导入镜像
docker image load -i docker.alpine.tar.gz
docker image import docker-mysql.tar.gz
docker image import --help
import导入方式,没有名字,没有tag,需要手动指定标签,删除需要根据image_id来删除镜像
docker镜像保存或导出
docker image save --help
Usage: docker image save [OPTIONS] IMAGE [IMAGE...]
[root@docker01 ~]# docker image save -o docker.alpine.tar.gz alpine:latest
[root@docker01 ~]# docker image save alpine:latest >docker.alpine.tar.gz
docker image history --help
docker image history alpine --镜像制作历史
docker image history --no-trunc nginx
docker image history --no-trunc nginx|grep daemon
docker容器操作命令
运行容器
[root@docker01 ~]# docker run -p 1314:80 -d --name nginx1314 nginx:latest
9cce0d2ab36b579c03800ff5a029db083b7cfba377438e3c054fde2a2004fee9
参数:docker run --help
-p 80:80:将容器的80端口映射到主机的80端口
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
-d:容器放入后台执行
-d, --detach Run container in background and print container ID
-t, --tty Allocate a pseudo-TTY
--ulimit ulimit Ulimit options (default [])
-i, --interactive Keep STDIN open even if not attached
--name mynginx:将容器命名为mynginx
-v, --volume list Bind mount a volume
--volume-driver string Optional volume driver for the container
--volumes-from list Mount volumes from the specified container(s)
-v $PWD/www:/www:将主机中当前目录下的www挂载到容器的/www
-v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf:将主机中当前目录下的nginx.conf挂载到容器的/etc/nginx/nginx.conf
-v $PWD/logs:/wwwlogs:将主机中当前目录下的logs挂载到容器的/wwwlogs
停止所有容器
[root@docker01 ~]# docker stop $(docker ps -a -q)
a71bd000c483
fae714b1361e
删除容器
docker rm $(docker ps -a -q)
docker rm -f $(docker ps -a -q) --强制
docker kill $(docker ps -a -q)
进入容器
docker run -it --进入了新的容器,但是每次都会创建容器
docker exec --重新开辟新终端(pts/1和pts/2),事务隔离,相当于数据库的session
[root@docker01 ~]# docker exec -it oldboy /bin/bash
[root@49ab47eb9f3e /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 19:52 pts/0 00:00:00 /bin/bash
root 15 0 0 19:54 pts/1 00:00:00 /bin/bash
root 26 15 0 19:54 pts/1 00:00:00 ps -ef
docker attach --同一个终端(pts/0),神同步,仿佛有双眼睛能看到操作
[root@docker01 ~]# docker attach oldboy
[root@49ab47eb9f3e /]#
nsenter进入容器
yum install -y util-linux
[root@docker01 ~]# nsenter --help
用法:
nsenter [options] <program> [<argument>...]
Run a program with namespaces of other processes.
选项:
-t, --target <pid> 要获取名字空间的目标进程
-m, --mount[=<file>] enter mount namespace
-u, --uts[=<file>] enter UTS namespace (hostname etc)
-i, --ipc[=<file>] enter System V IPC namespace
-n, --net[=<file>] enter network namespace
-p, --pid[=<file>] enter pid namespace
-U, --user[=<file>] enter user namespace
-S, --setuid <uid> set uid in entered namespace
-G, --setgid <gid> set gid in entered namespace
--preserve-credentials do not touch uids or gids
-r, --root[=<dir>] set the root directory
-w, --wd[=<dir>] set the working directory
-F, --no-fork 执行 <程序> 前不 fork
-Z, --follow-context set SELinux context according to --target PID
-h, --help 显示此帮助并退出
-V, --version 输出版本信息并退出
[root@docker01 ~]# docker inspect oldboy222|grep -i pid
"Pid": 14962,
"PidMode": "",
"PidsLimit": 0,
[root@docker01 ~]# nsenter -t 14962 -m -n -u -i -p
[root@1698139ebfa3 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 20:14 pts/0 00:00:00 /bin/bash
root 19 0 0 20:21 pts/0 00:00:00 -bash
root 32 19 0 20:21 pts/0 00:00:00 ps -ef
注意:
(1)docker container start
前面的docker container run命令是新建容器,每运行一次,就会新建一个容器。同样的命令运行两次,就会生成两个一模一样的容器文件。
如果希望重复使用容器,就要使用docker container start命令,它用来启动已经生成、已经停止运行的容器文件。
$ docker container start [containerID]
(2)docker container stop(优雅关闭)
前面的docker container kill命令终止容器运行,相当于向容器里面的主进程发出 SIGKILL 信号。而docker container stop命令也是用来终止容器运行,相当于向容器里面的主进程发出 SIGTERM 信号,然后过一段时间再发出 SIGKILL 信号。
docker container stop [containerID] | kill差别
这两个信号的差别是,应用程序收到 SIGTERM 信号以后,可以自行进行收尾清理工作,但也可以不理会这个信号。如果收到 SIGKILL 信号,就会强行立即终止,那些正在进行中的操作会全部丢失。
docker [container] inspect
获取容器的ip地址
[root@docker01 ~]# docker container inspect cf6ef5d2476c|grep -i ipaddr
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@docker01 ~]# yum install psmisc -y
[root@docker01 ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─abrt-watch-log
├─abrtd
├─2*[anacron]
├─auditd───{auditd}
├─crond
├─dbus-daemon
├─dockerd─┬─docker-containe─┬─docker-containe─┬─nginx───nginx
│ │ │ └─8*[{docker-containe}]
│ │ └─8*[{docker-containe}]
│ └─11*[{dockerd}]
├─login───bash
├─master─┬─pickup
│ └─qmgr
├─polkitd───5*[{polkitd}]
├─rsyslogd───2*[{rsyslogd}]
├─sshd─┬─sshd───bash───pstree
│ └─sshd───bash───docker───6*[{docker}]
├─systemd-journal
├─systemd-logind
├─systemd-udevd
├─tuned───4*[{tuned}]
└─wpa_supplicant
如何让容器一直夯住?(容器一直运行)
小测试:
七、实例:hello world下面,我们通过最简单的 image 文件"hello world",感受一下 Docker。
$ docker image pull library/hello-world
上面代码中,docker image pull是抓取 image 文件的命令。library/hello-world是 image 文件在仓库里面的位置,其中library是 image 文件所在的组,hello-world是 image 文件的名字。
由于 Docker 官方提供的 image 文件,都放在library组里面,所以它的是默认组,可以省略。因此,上面的命令可以写成下面这样。
$ docker image pull hello-world
抓取成功以后,就可以在本机看到这个 image 文件了。
$ docker images
现在,运行这个 image 文件。
$ docker container run hello-world
docker container run命令会从 image 文件,生成一个正在运行的容器实例。
注意,docker container run命令具有自动抓取 image 文件的功能。如果发现本地没有指定的 image 文件,就会从仓库自动抓取。因此,前面的docker image pull命令并不是必需的步骤。
如果运行成功,你会在屏幕上读到下面的输出。
$ docker container run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
... ...
输出这段提示以后,hello world就会停止运行,容器自动终止。
有些容器不会自动终止,因为提供的是服务。比如,安装运行 Ubuntu 的 image,就可以在命令行体验 Ubuntu 系统。
$ docker container run -it ubuntu bash
对于那些不会自动终止的容器,必须使用docker container kill 命令手动终止。
$ docker container kill [containID]
docker网络访问
随机映射
docker run -P
指定映射
-p hostPort:containerPort
-p ip:hostPort:containerPort
-P ip::containerPort
-p hostPort:containerPort:udp
-p 80:80 -p 443:443
1)docker run -d -p 0.0.0.0:80:80 nginx:latest
2)
[root@a2d993b86129 /]# systemctl start sshd
Failed to get D-Bus connection: Operation not permitted
原因及解决方式:
这个的原因是因为dbus-daemon没能启动。其实systemctl并不是不可以使用。将你的CMD或者entrypoint设置为/usr/sbin/init即可。会自动将dbus等服务启动起来。
然后就可以使用systemctl了。命令如下:
在创建docker容器时添加--privileged
docker run --privileged -d -e "container=docker" -p 520:22 -v /sys/fs/cgroup:/sys/fs/cgroup centos /usr/sbin/init
[root@docker01 ~]# docker exec -it 44b6b1d9b7b4 /bin/bash
[root@44b6b1d9b7b4 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 21:06 ? 00:00:00 /usr/sbin/init
root 15 1 0 21:06 ? 00:00:00 /usr/lib/systemd/systemd-journ
root 28 1 0 21:06 ? 00:00:00 /usr/lib/systemd/systemd-udevd
root 45 1 0 21:06 ? 00:00:00 /usr/lib/systemd/systemd-login
dbus 46 1 0 21:06 ? 00:00:00 /bin/dbus-daemon --system --ad
root 65 0 0 21:07 pts/0 00:00:00 /bin/bash
root 77 65 0 21:07 pts/0 00:00:00 ps -ef
docker的数据卷管理
数据卷(文件或目录)
-v src:destination
宿主机与容器是保持同步的,访问源的目录或文件,就是访问卷的目录或文件(两个人穿一条裤子,但是删除不会同步)
删除容器,会报资源繁忙
root@1c0ff7c3f5f1:/# rm -f /usr/share/nginx/html/index.html
rm: cannot remove '/usr/share/nginx/html/index.html': Device or resource busy
删除宿主文件,容器不会同步,我行我素,只能重新构建容器文件
--volumes-from --可以借助第一次创建的容器数据卷映射,减少冗长的目录或文件书写
[root@docker01 ~]# docker run -d --name mynginx -p 80:80 -v /data:/usr/share/nginx/html/ nginx:latest
baf6fefeb0062273e654d7798fc1677e1b5ebb5fc6d3d330179db50c5e7e7b01
[root@docker01 ~]#
[root@docker01 ~]#
[root@docker01 ~]# ls -ld /data/
drwxr-xr-x 2 root root 6 5月 3 07:41 /data/
[root@docker01 ~]#
[root@docker01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
baf6fefeb006 nginx:latest "nginx -g 'daemon of…" 37 seconds ago Up 36 seconds 0.0.0.0:80->80/tcp mynginx
[root@docker01 ~]# cd /data/
[root@docker01 data]# ll
总用量 0
[root@docker01 data]# echo "docker hello world" >index.html
[root@docker01 data]# docker run -d --name nginx2 -p 81:80 --volumes-from mynginx nginx:latest
6fa779d1e30d19c12ca7232c4476b2171da7316a907854157496c16396f5fb42
[root@docker01 data]#
html中文乱码解决:
index.html
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<body>
<h1>能人所不能,忍人所不忍</h1>
<p>培根,醒醒吧,不要再沉睡了</p>
</body>
</html>
手动制作docker镜像
docker commit
一、制作sshd镜像(centos-6.9-sshd )
[root@docker01 data]# docker run -it -p 1122:22 guyton/centos6 /bin/bash
[root@a2a67ba14d85 /]#
[root@a2a67ba14d85 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 20:24 pts/0 00:00:00 /bin/bash
root 11 1 0 20:24 pts/0 00:00:00 ps -ef
[root@a2a67ba14d85 /]#
[root@a2a67ba14d85 /]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
[root@a2a67ba14d85 /]#
[root@a2a67ba14d85 /]# yum install -y openssh-server
[root@a2a67ba14d85 /]# ls -l /etc/ssh
total 132
-rw------- 1 root root 125811 Aug 31 2017 moduli
-rw-r--r-- 1 root root 2047 Aug 31 2017 ssh_config
-rw------- 1 root root 3879 Aug 31 2017 sshd_config
[root@a2a67ba14d85 /]# /etc/init.d/sshd start
Generating SSH2 RSA host key: [ OK ]
Generating SSH1 RSA host key: [ OK ]
Generating SSH2 DSA host key: [ OK ]
Starting sshd: [ OK ]
[root@a2a67ba14d85 /]# ls -l /etc/ssh
total 156
-rw------- 1 root root 125811 Aug 31 2017 moduli
-rw-r--r-- 1 root root 2047 Aug 31 2017 ssh_config
-rw------- 1 root root 668 May 2 20:29 ssh_host_dsa_key
-rw-r--r-- 1 root root 590 May 2 20:29 ssh_host_dsa_key.pub
-rw------- 1 root root 963 May 2 20:29 ssh_host_key
-rw-r--r-- 1 root root 627 May 2 20:29 ssh_host_key.pub
-rw------- 1 root root 1675 May 2 20:29 ssh_host_rsa_key
-rw-r--r-- 1 root root 382 May 2 20:29 ssh_host_rsa_key.pub
-rw------- 1 root root 3879 Aug 31 2017 sshd_config
[root@a2a67ba14d85 /]#
先停止sshd
[root@a2a67ba14d85 /]# /etc/init.d/sshd stop
Stopping sshd: [ OK ]
[root@a2a67ba14d85 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 20:24 pts/0 00:00:00 /bin/bash
root 85 1 0 20:26 ? 00:00:00 /sbin/udevd -d
root 162 1 0 20:32 pts/0 00:00:00 ps -ef
[root@a2a67ba14d85 /]#
关键步骤:把它夯住,Ctrl+p,ctrl+q组合退出容器,这样确保了sshd进程仍然存在
[root@a2a67ba14d85 /]# /usr/sbin/sshd -D
[root@docker01 data]#
[root@docker01 data]# docker commit a2a67ba14d85 centos-6.9-sshd
sha256:25f64b657ea0377b7801086ba4d57b0100a840bb62dfca8e71b5027acc8ea4aa
[root@docker01 data]#
[root@docker01 data]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-6.9-sshd latest 25f64b657ea0 9 seconds ago 322MB
nginx latest ae513a47849c 2 days ago 109MB
httpd latest fb2f3851a971 2 days ago 177MB
guyton/centos6 latest 89e582eff18a 2 weeks ago 197MB
centos latest e934aafc2206 3 weeks ago 199MB
alpine latest 3fd9065eaf02 3 months ago 4.14MB
ansible/centos7-ansible latest 688353a31fde 16 months ago 447MB
[root@docker01 data]#
[root@docker01 ssh]# ssh [email protected] -p 52113
The authenticity of host '[10.0.0.11]:52113 ([10.0.0.11]:52113)' can't be established.
RSA key fingerprint is SHA256:e8pPc/HX02Ft3/pBwEVQXAaDy0h0SvaJ0cuBGIRmjjs.
RSA key fingerprint is MD5:42:4a:30:ec:30:45:35:e9:d4:be:1d:a7:2e:0b:eb:0d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.11]:52113' (RSA) to the list of known hosts.
[email protected]'s password:
Last login: Wed May 2 21:07:32 2018 from 172.17.0.1
两种访问方式:
ssh [email protected] -p 52113
ssh [email protected] -p 22
问题:
[root@docker01 ssh]# ssh [email protected] -p 22 br/>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @br/>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:e8pPc/HX02Ft3/pBwEVQXAaDy0h0SvaJ0cuBGIRmjjs.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
RSA host key for 172.17.0.2 has changed and you have requested strict checking.
Host key verification failed.
[root@docker01 ssh]#
解决方法:
[root@docker01 ssh]# rm -f /root/.ssh/known_hosts
[root@docker01 ssh]#
[root@docker01 ssh]# ssh [email protected] -p 22
二、制作httpd镜像
[root@docker01 ssh]# docker run -it --name xiepeigen centos6.9-sshd /bin/bash
[root@ad192259c3b3 /]#
[root@ad192259c3b3 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 21:16 pts/0 00:00:00 /bin/bash
root 13 1 0 21:16 pts/0 00:00:00 ps -ef
[root@ad192259c3b3 /]#
[root@ad192259c3b3 /]# /etc/init.d/sshd start
Starting sshd: [ OK ]
[root@ad192259c3b3 /]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 28/sshd
tcp 0 0 :::22 ::: LISTEN 28/sshd
[root@ad192259c3b3 /]#
[root@ad192259c3b3 /]#
[root@ad192259c3b3 /]# yum install -y httpd
[root@ad192259c3b3 /]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2 for ServerName
[ OK ]
[root@ad192259c3b3 /]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 71/httpd
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 28/sshd
tcp 0 0 :::22 :::* LISTEN 28/sshd
[root@ad192259c3b3 /]#
dockefile自动构建镜像
批量强制清除镜像或容器
for id in docker images -q
;do docker rmi $id;done;
for id in docker ps -a -q
;do docker rm -f $id;done;
准备:
[root@docker01 ~]# mkdir -p /opt/centos6-base
[root@docker01 ~]# vim /opt/centos6-base/Dockerfile
FROM scratch
ADD rootfs.tar.xz /
CMD ["/bin/bash"]
保存:wq
[root@docker01 ~]# ll /opt/centos6-base/
总用量 68144
-rw-r--r-- 1 root root 52 5月 3 11:41 Dockerfile
-rw-r--r-- 1 root root 69772388 5月 4 19:34 rootfs.tar.xz
开始build构建基础centos6-base镜像
[root@docker01 centos6-base]# docker image build -t centos6-base .
Sending build context to Docker daemon 69.78MB
Step 1/3 : FROM scratch
--->
Step 2/3 : ADD rootfs.tar.xz /
---> 5ae2c6ae23df
Step 3/3 : CMD ["/bin/bash"]
---> Running in 2ff86660e686
Removing intermediate container 2ff86660e686
---> fa247694e7ce
Successfully built fa247694e7ce
Successfully tagged centos-base:latest
[root@docker01 centos6-base]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-base latest fa247694e7ce 18 seconds ago 341MB
build构建的centos6基础镜像进行测试
[root@docker01 centos6-base]# docker run -it --name oldboy centos-base
[root@53dbb8b9be6b /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 11:38 pts/0 00:00:00 /bin/bash
root 11 1 0 11:38 pts/0 00:00:00 ps -ef
[root@53dbb8b9be6b /]# ll
total 32
自己构建ssh镜像
[root@docker01 centos6-ssh]# cd /opt/centos6-ssh
[root@docker01 centos6-ssh]# cp ../centos6-base/* .
[root@docker01 centos6-ssh]# ll
总用量 68144
-rw-r--r-- 1 root root 53 5月 4 23:44 Dockerfile
-rw-r--r-- 1 root root 69772388 5月 4 23:44 rootfs.tar.xz
编辑Dockerfile
[root@docker01 centos6-ssh]# cat Dockerfile
FROM scratch
ADD rootfs.tar.xz /
RUN yum install openssh-server httpd -y
ADD init.sh /init.sh
CMD ["/bin/bash","/init.sh"]
[root@docker01 centos6-ssh]# cat init.sh
#!/bin/bash
/etc/init.d/httpd start
/etc/init.d/sshd start
/etc/init.d/sshd stop
/usr/sbin/sshd -D
如果脚本直接以sshd -D形式启动,ssh连接总会报被重置,因此不能直接以-D形式启动
[root@docker01 centos6-ssh]# ssh [email protected]
Connection reset by 172.17.0.2 port 22
构建随机密码容器
脚本:init.sh
#!/bin/bash
echo $ssh_pass|passwd --stdin root
/etc/init.d/httpd start
/etc/init.d/sshd start
/etc/init.d/sshd stop
/usr/sbin/sshd -D
[root@docker01 centos6-ssh]# docker image build -t centos6-ssh-plus .
[root@docker01 centos6-ssh]# docker run -d -p 8181:80 -p 1122:22 --name xpg -e "ssh_pass=5201314" centos6-ssh-plus
f1bddfe98f766f6a5c885dab8d417a50778bdc563a0fef6a189c5d035d9ffd8c
[root@docker01 centos6-ssh]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1bddfe98f76 centos6-ssh-plus "/bin/bash /init.sh" 19 seconds ago Up 18 seconds 0.0.0.0:1122->22/tcp, 0.0.0.0:8181->80/tcp xpg
[root@docker01 centos6-ssh]# ssh [email protected]
输入密码5201314进入容器
什么时候把密码传入到容器的呢?
[root@docker01 centos6-ssh]# docker exec -it f1bddfe98f76 /bin/bash
[root@f1bddfe98f76 /]#
[root@f1bddfe98f76 /]# env|grep ssh_pass
ssh_pass=5201314
利用-e变成全局的环境变量,docker容器能够识别到(宿主机也能识别)
docker run -d -p 8181:80 -p 1122:22 --name xpg -e "ssh_pass=5201314" centos6-ssh-plus
docker镜像分层
[root@docker01 centos6-ssh]# docker image history centos6-ssh:latest
IMAGE CREATED CREATED BY SIZE COMMENT
45f17a25a8ba 32 minutes ago /bin/sh -c #(nop) CMD ["/bin/bash" "/init.s… 0B
156571fdca4f 32 minutes ago /bin/sh -c #(nop) ADD file:41a2a690f73446bb3… 133B
2f2235d4fde2 32 minutes ago /bin/sh -c yum install openssh-server httpd … 75.5MB
6aa4a8a8d5f0 3 hours ago /bin/sh -c #(nop) ADD file:d05c94c5bbd24cd2b… 341MB
[root@docker01 centos6-ssh]#
[root@docker01 centos6-ssh]# docker image history centos6-base:xpg
IMAGE CREATED CREATED BY SIZE COMMENT
cba961e7c420 3 hours ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
6aa4a8a8d5f0 3 hours ago /bin/sh -c #(nop) ADD file:d05c94c5bbd24cd2b… 341MB
[root@docker01 centos6-ssh]#
docker镜像分层查看
核心思想:每一步变化作为一个分层,而每个变化分层都指向基础层
[root@docker01 sha256]# pwd
/var/lib/docker/image/devicemapper/layerdb/sha256
[root@docker01 sha256]# tree
.
├── 340009c3309ea22896f9cdbd2073f874f846803ca27411d82219b1cb4f9b8fbb
│ ├── cache-id
│ ├── diff
│ ├── parent
│ ├── size
│ └── tar-split.json.gz
├── 7e7627d71ea498fb9c6d03066481cae329a9e285c7dbf5d73bdf76ee8c819539
│ ├── cache-id
│ ├── diff
│ ├── size
│ └── tar-split.json.gz
├── b57b55938b7bb90fe6f8cc3c0a83beb9db10d8cf499797765169812a4b719198
│ ├── cache-id
│ ├── diff
│ ├── parent
│ ├── size
│ └── tar-split.json.gz
├── bc905520a7bdc380e9107e8d250a10d7c9714dfd1f7b20345d4c7d9182d69e63
│ ├── cache-id
│ ├── diff
│ ├── parent
│ ├── size
│ └── tar-split.json.gz
└── bf4340bfa81bc28bd42928950862c3853adb9f466f1dc580a618bd6622f0d2ba
├── cache-id
├── diff
├── size
└── tar-split.json.gz
5 directories, 23 files
[root@docker01 sha256]#
docker容器互联
--link
[root@docker01 ~]# docker run -it --link xpg:mjboy centos6-ssh-plus /bin/bash
[root@def476d9200a /]# ping mjboy -c3
PING mjboy (172.17.0.3) 56(84) bytes of data.
64 bytes from mjboy (172.17.0.3): icmp_seq=1 ttl=64 time=0.093 ms
64 bytes from mjboy (172.17.0.3): icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from mjboy (172.17.0.3): icmp_seq=3 ttl=64 time=0.182 ms
--- mjboy ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.050/0.108/0.182/0.055 ms
[root@def476d9200a /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 mjboy f1bddfe98f76 xpg
172.17.0.2 def476d9200a
[root@def476d9200a /]#
实战1:docker(zabbix监控)
https://www.zabbix.com/documentation/3.4/manual/installation/containers
docker-搭建zabbix官方文档:
Example 1
The example demonstrates how to run Zabbix server with MySQL database support, Zabbix web interface based on the Nginx web server and Zabbix Java gateway.
-
Start empty MySQL server instance
docker run --name mysql-server -t \
-e MYSQL_DATABASE="zabbix" \ -e MYSQL_USER="zabbix" \ -e MYSQL_PASSWORD="zabbix_pwd" \ -e MYSQL_ROOT_PASSWORD="root_pwd" \ -d mysql:5.7 \ --character-set-server=utf8 --collation-server=utf8_bin
-
Start Zabbix Java gateway instance
docker run --name zabbix-java-gateway -t \
-d zabbix/zabbix-java-gateway:latest
-
Start Zabbix server instance and link the instance with created MySQL server instance
docker run --name zabbix-server-mysql -t \
-e DB_SERVER_HOST="mysql-server" \ -e MYSQL_DATABASE="zabbix" \ -e MYSQL_USER="zabbix" \ -e MYSQL_PASSWORD="zabbix_pwd" \ -e MYSQL_ROOT_PASSWORD="root_pwd" \ -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \ --link mysql-server:mysql \ --link zabbix-java-gateway:zabbix-java-gateway \ -p 10051:10051 \ -d zabbix/zabbix-server-mysql:latest
Zabbix server instance exposes 10051/TCP port (Zabbix trapper) to host machine.
-
Start Zabbix web interface and link the instance with created MySQL server and Zabbix server instances
docker run --name zabbix-web-nginx-mysql -t \
-e DB_SERVER_HOST="mysql-server" \ -e MYSQL_DATABASE="zabbix" \ -e MYSQL_USER="zabbix" \ -e MYSQL_PASSWORD="zabbix_pwd" \ -e MYSQL_ROOT_PASSWORD="root_pwd" \ --link mysql-server:mysql \ --link zabbix-server-mysql:zabbix-server \ -p 80:80 \ -d zabbix/zabbix-web-nginx-mysql:latest
Zabbix web interface instance exposes 80/TCP port (HTTP) to host machine.
实战练习:
[root@docker01 ~]# docker search *zabbix
zabbix/zabbix-server-mysql
zabbix/zabbix-web-nginx-mysql
zabbix/zabbix-java-gateway最好提前准备好镜像,docker run是从官网下载,慢
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 db763dfc448b 4 days ago 372MB
zabbix/zabbix-server-mysql latest 7f60df27cc28 2 weeks ago 62.3MB
zabbix/zabbix-web-nginx-mysql latest f35815d83d5c 2 weeks ago 177MB
zabbix/zabbix-java-gateway latest 3087817ce6d6 4 weeks ago 107MBdocker02:下载安装zabbix-agent
https://mirrors.tuna.tsinghua.edu.cn/[root@docker02 tools]# ll
总用量 336
-rw-r--r-- 1 root root 341176 9月 14 2016 zabbix-agent-3.2.0-1.el7.x86_64.rpm
[root@docker02 tools]#
[root@docker02 tools]#
[root@docker02 tools]# rpm -Uvh zabbix-agent-3.2.0-1.el7.x86_64.rpm
警告:zabbix-agent-3.2.0-1.el7.x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID a14fe591: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:zabbix-agent-3.2.0-1.el7 ################################# [100%]
[root@docker02 tools]#[root@docker02 tools]# sed -i '95s#Server=127.0.0.1#Server=10.0.0.11#g' /etc/zabbix/zabbix_agentd.conf
[root@docker02 tools]# systemctl start zabbix-agent.service
[root@docker02 tools]# systemctl enable zabbix-agent.servicezabbix创建主机测试
创建主机
--主机名
--【可见名称】
--群组
--代理地址查看是否zbx变绿
docker仓库(registry)
镜像存储路径查看:
cat /var/lib/docker/image/devicemapper/repositories.json |python -m json.tool
1)普通版的(registry)--没有密码认证
运行一个registry容器
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
打标签tag
[root@docker01 ~]# docker image tag centos6-base:xpg 10.0.0.11:5000/oldboy/centos6-base
[root@docker01 ~]#
[root@docker01 ~]# docker push 10.0.0.11:5000/oldboy/centos6-base
The push refers to repository [10.0.0.11:5000/oldboy/centos6-base]
Get https://10.0.0.11:5000/v2/: http: server gave HTTP response to HTTPS client
[root@docker01 ~]#
解决:
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://5deb2181.m.daocloud.io"],
"insecure-registries":["10.0.0.11:5000"]
}
修改配置文件,必须重启docker才生效
systemctl restart docker.service
[root@docker01 run]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1412/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1492/master
tcp6 0 0 :::5000 :::* LISTEN 19217/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 1412/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1492/master
[root@docker01 run]#
再次push,推到仓库
[root@docker01 run]# docker push 10.0.0.11:5000/oldboy/centos6-base
The push refers to repository [10.0.0.11:5000/oldboy/centos6-base]
bf4340bfa81b: Pushed
latest: digest: sha256:58d6ed0136df38cb6841d80b94c29506d01081b84ab22c872f48d5a0c65daa23 size: 530
[root@docker01 run]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6-ssh-plus latest 6e38547e5adf 3 hours ago 417MB
centos6-ssh latest 45f17a25a8ba 3 hours ago 417MB
centos7-base xpg 64688cfface6 4 hours ago 390MB
10.0.0.11:5000/oldboy/centos6-base latest cba961e7c420 5 hours ago 341MB
centos6-base xpg cba961e7c420 5 hours ago 341MB
mysql 5.7 db763dfc448b 4 days ago 372MB
mysql latest 80bbf861367a 4 days ago 445MB
zabbix/zabbix-server-mysql latest 7f60df27cc28 2 weeks ago 62.3MB
zabbix/zabbix-web-nginx-mysql latest f35815d83d5c 2 weeks ago 177MB
zabbix/zabbix-java-gateway latest 3087817ce6d6 4 weeks ago 107MB
registry latest d1fd7d86a825 3 months ago 33.3MB
[root@docker01 run]#
使用docker02拉取pull
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://5deb2181.m.daocloud.io"],
"insecure-registries":["10.0.0.11:5000"]
}
修改配置文件,必须重启docker才生效
[root@docker02 tools]# systemctl restart docker.service
pull
[root@docker02 tools]# docker pull 10.0.0.11:5000/oldboy/centos6-base
Using default tag: latest
latest: Pulling from oldboy/centos6-base
fe4bfde44a6f: Pull complete
Digest: sha256:58d6ed0136df38cb6841d80b94c29506d01081b84ab22c872f48d5a0c65daa23
Status: Downloaded newer image for 10.0.0.11:5000/oldboy/centos6-base:latest
[root@docker02 tools]#
如何验证是否推送成功镜像image
[root@docker02 tools]# curl 10.0.0.11:5000/v2/_catalog
{"repositories":["oldboy/centos6-base"]}
或者网页访问
再推个mysql镜像至docker02
docker01
[root@docker01 ~]# docker image tag mysql:5.7 10.0.0.11:5000/oldboy/mysql
[root@docker01 ~]# docker push 10.0.0.11:5000/oldboy/mysql
docker02
[root@docker02 tools]# docker pull 10.0.0.11:5000/oldboy/mysql
2)带有basic验证的registry
[root@docker01 ~]# mkdir -p /opt/registry-var/auth
[root@docker01 ~]# yum install -y httpd-tools.x86_64 -y
[root@docker01 ~]# htpasswd -Bbn oldboy 123456 >>/opt/registry-var/auth/htpasswd
[root@docker01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
25a985f0a3d49628b9d328301f1afc6d302b7bee4c4b2235861bf80882d26eca
[root@docker01 ~]#
docker02测试
[root@docker02 tools]# docker login 10.0.0.11:5000
Username: oldboy
Password:
Login Succeeded
[root@docker02 tools]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.11:5000/oldboy/centos6-base latest cba961e7c420 Less than a second ago 341MB
10.0.0.11:5000/oldboy/mysql latest db763dfc448b 2 days ago 372MB
[root@docker02 tools]# docker pull 10.0.0.11:5000/oldboy/centos6-base
Using default tag: latest
latest: Pulling from oldboy/centos6-base
Digest: sha256:58d6ed0136df38cb6841d80b94c29506d01081b84ab22c872f48d5a0c65daa23
Status: Image is up to date for 10.0.0.11:5000/oldboy/centos6-base:latest
[root@docker02 tools]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.11:5000/oldboy/centos6-base latest cba961e7c420 Less than a second ago 341MB
10.0.0.11:5000/oldboy/mysql latest db763dfc448b 2 days ago 372MB
[root@docker02 tools]#
docker的服务编排--docker-compose
安装docker-compose
[root@docker01 ~]# yum install python2-pip -y
[root@docker01 ~]# yum install docker-compose -y
[root@docker01 ~]# docker-compose -v
docker-compose version 1.9.0, build 2585387
mkdir -p /opt/my_worldpress
cd /opt/my_worldpress
编辑docker-compose.yml
vim docker-compose.yml
version : '2'
services:
db:
image: mysql:5.7
volumes:
-
db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpresswordpress:
depends_on: - db
image: wordpress:latest
ports: -
"8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:测试失败!!!
测试成功:https://www.cnblogs.com/wushangjue/p/7795969.html
version: '2'
services:
db:
image: mysql:5.7
volumes:- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: your-mysql-root-password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on: - db
image: wordpress:latest
volumes:
- db_data:/var/lib/mysql
-
wp_site:/var/www/html
ports:- "80:80"
- "443:443"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
wp_site:
docker-compose --help
docker集群拓展
https://docs.docker.com/samples/
docker-swarm
docker-kubenates --基于谷歌
Docker默认地址是172.17.0.1
改一下方便本地机和服务器上docker远程访问
sudo service docker stop
sudo ip link set dev docker0 down
sudo brctl delbr docker0 # sudo apt-get install bridge-util
sudo iptables -t nat -F POSTROUTING
sudo brctl addbr docker0
sudo ip addr add xxx.xxx.xxx.xxx/xx dev docker0
sudo ip link set dev docker0 up
vi /etc/docker/daemon.json
{
...
"bip": "xxx.xxx.xxx.xxx/xxx",
...
}
sudo service docker start