docker容器数据卷:
Docker中的数据可以存储在类似于虚拟机磁盘的介质中,在Docker中称为数据卷(Data Volume)。
数据卷可以用来存储Docker应用的数据,也可以用来在Docker容器间进行数据共享。
数据卷呈现给Docker容器的形式就是一个目录,支持多个容器间共享,修改也不会影响镜像。使用Docker的数据卷,
类似在系统中使用
Docker Volume数据卷可以实现:
1)绕过“拷贝写”系统,以达到本地磁盘IO的性能,(比如运行一个容器,在容器中对数据卷修改内容,会直接改变宿主机
上的数据卷中的内容,所以是本地磁盘IO的性能,而不是先在容器中写一份,最后还要将容器中的修改的内容拷贝出来进行同步。)
2)绕过“拷贝写”系统,有些文件不需要在docker commit打包进镜像文件。
3)数据卷可以在容器间共享和重用数据
4)数据卷可以在宿主和容器间共享数据
5)数据卷数据改变是直接修改的
6)数据卷是持续性的,直到没有容器使用它们。即便是初始的数据卷容器或中间层的数据卷容器删除了,只要还有其他的
容器使用数据卷,那么里面的数据都不会丢失。
Docker数据持久化:
容器在运行期间产生的数据是不会写在镜像里面的,重新用此镜像启动新的容器就会初始化镜像,会加一个全新的读写入
层来保存数据。如果想做到数据持久化,Docker提供数据卷(Data volume)或者数据容器卷来解决问题,另外还可以
通过commit提交一个新的镜像来保存产生的数据。
搭建docker服务:
[root@foundation38 docker]# systemctl start docker.service 开启服务
[root@foundation38 docker]# systemctl enable docker.service 开机自动启动
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@foundation38 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation38 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
可以共享文件:
[root@foundation38 docker]# docker pull ubuntu 拉取镜像
[root@foundation38 docker]# mkdir /data1 建立目录
[root@foundation38 docker]# docker run -it --name vm1 -v /data1 ubuntu 创建容器
root@a1ea76896400:/# df
Filesystem 1K-blocks Used Available Use% Mounted on
overlay 307430744 36681704 270749040 12% /
tmpfs 1965404 0 1965404 0% /dev
tmpfs 1965404 0 1965404 0% /sys/fs/cgroup
/dev/mapper/rhel_foundation38-root 307430744 36681704 270749040 12% /data1
shm 65536 0 65536 0% /dev/shm
tmpfs 1965404 0 1965404 0% /sys/firmware
root@a1ea76896400:/# cd data1/
root@a1ea76896400:/data1# ls
root@a1ea76896400:/data1# [root@foundation38 docker]#
[root@foundation38 docker]# docker inspect vm1 | grep vol 过滤逻辑卷组
"Type": "volume",
"Source": "/var/lib/docker/volumes/cf43cdd721deda6d59111031b839ad18539c8e2c6edb4114dd776ad0c8f55567/_data",
[root@foundation38 docker]# cd /var/lib/docker/volumes/cf43cdd721deda6d59111031b839ad18539c8e2c6edb4114dd776ad0c8f55567/_data
[root@foundation38 _data]# ls
[root@foundation38 _data]# cp /etc/passwd . 可以复制文件到当前目录
[root@foundation38 _data]# ls
passwd
搭建nginx查看数据卷volume:
[root@foundation38 kiosk]# docker container attach vm1 连接
root@a1ea76896400:/data1# ls
passwd
root@a1ea76896400:/data1# pwd
/data1
root@a1ea76896400:/data1# [root@foundation38 kiosk]#
[root@foundation38 kiosk]# docker run -d --name vm2 -v /usr/share/nginx/html nginx 创建容器
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
Digest: sha256:d85914d547a6c92faa39ce7058bd7529baacab7e0cd4255442b04577c4d1f424
Status: Downloaded newer image for nginx:latest
13a02584b2cadb623d508ec81ac477154b0d724e8bdce82fb8c84428b51a426d
[root@foundation38 kiosk]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
13a02584b2ca nginx "nginx -g 'daemon ..." 16 seconds ago Up 15 seconds 80/tcp vm2
a1ea76896400 ubuntu "/bin/bash" 4 minutes ago Up 4 minutes vm1
[root@foundation38 kiosk]# docker inspect vm2 | grep vol 过滤数据卷
"Type": "volume",
"Source": "/var/lib/docker/volumes/e1c145db72ef8c408a0181a49e8e2c7f90eafe66dd59bf4ffbe80a49ae91a505/_data",
[root@foundation38 kiosk]# cd /var/lib/docker/volumes/e1c145db72ef8c408a0181a49e8e2c7f90eafe66dd59bf4ffbe80a49ae91a505/_data
[root@foundation38 _data]# ls
50x.html index.html
[root@foundation38 _data]# docker inspect vm1 | grep vol 过滤数据卷
"Type": "volume",
"Source": "/var/lib/docker/volumes/cf43cdd721deda6d59111031b839ad18539c8e2c6edb4114dd776ad0c8f55567/_data",
[root@foundation38 _data]# cd
还原环境:
[root@foundation38 ~]# docker stop vm2
vm2
[root@foundation38 ~]# docker rm vm2
vm2
[root@foundation38 ~]# docker stop vm1
vm1
[root@foundation38 ~]# docker rm -v vm1
vm1
[root@foundation38 ~]# docker volume ls 查看当前的卷组
DRIVER VOLUME NAME
local 38ccddfc978442523e8107ce8bd7122dc6fcb501121b7f48edf0c7c0b5a27c49
local e1c145db72ef8c408a0181a49e8e2c7f90eafe66dd59bf4ffbe80a49ae91a505
[root@foundation38 ~]# docker volume rm `docker volume ls -q` 删除所有卷组
38ccddfc978442523e8107ce8bd7122dc6fcb501121b7f48edf0c7c0b5a27c49
e1c145db72ef8c408a0181a49e8e2c7f90eafe66dd59bf4ffbe80a49ae91a505
[root@foundation38 ~]# docker volume ls
DRIVER VOLUME NAME
[root@foundation38 ~]# cd /tmp/docker/
[root@foundation38 docker]# ls
certs Dockerfile ssh supervisord.conf test web yum.repo
[root@foundation38 docker]# cd certs/
[root@foundation38 certs]# ls
domain.crt domain.key
[root@foundation38 certs]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation38 ~]# cd /tmp/docker/
[root@foundation38 docker]# pwd
/tmp/docker
[root@foundation38 docker]# ls
certs Dockerfile ssh supervisord.conf test web yum.repo
[root@foundation38 docker]# cd test/
[root@foundation38 test]# ls
0a3eb3fde7fd a87e3a0a73f3 Dockerfile Running
[root@foundation38 test]# rm -fr Running 0a3eb3fde7fd a87e3a0a73f3
[root@foundation38 test]# ls
Dockerfile
[root@foundation38 test]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v4 fa8d510a0508 23 hours ago 140 MB
rhel7 v3 7065648c9208 23 hours ago 178 MB
rhel7 v1 a6aec614557e 24 hours ago 169 MB
rhel7 v2 0f3f4a1b0b2e 2 days ago 154 MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140 MB
[root@foundation38 test]# cd ..
[root@foundation38 docker]# ls
certs Dockerfile ssh supervisord.conf test web yum.repo
[root@foundation38 docker]# cd web/
[root@foundation38 web]# ls
index.html
[root@foundation38 web]# cat index.html 查看阿帕其默认访问目录
<h1>hello xfl </h1>
[root@foundation38 web]# cd ..
[root@foundation38 docker]# ls
certs Dockerfile ssh supervisord.conf test web yum.repo
[root@foundation38 docker]# cp web/index.html test/
[root@foundation38 docker]# cd test/
[root@foundation38 test]# ls
Dockerfile index.html
[root@foundation38 test]# vim Dockerfile 编写dockerfile
[root@foundation38 test]# cat Dockerfile
FROM rhel7
ADD html.tar /usr/share
VOLUME ["/usr/share/nginx/html"]
[root@foundation38 test]# pwd
/tmp/docker/test
[root@foundation38 test]# ls
Dockerfile nginx
[root@foundation38 test]# tar cf html.tar nginx/ 我们可以直接使用tar cfv显示tar包内容
[root@foundation38 test]# tar tf html.tar
nginx/
nginx/html/
nginx/html/index.html
[root@foundation38 test]# cd nginx/
[root@foundation38 nginx]# ls
html
[root@foundation38 nginx]# cd html/
[root@foundation38 html]# ls
index.html
[root@foundation38 html]# cd ..
[root@foundation38 nginx]# cd ..
[root@foundation38 test]# docker build -t rhel7:v4 . 运行dockerfile
[root@foundation38 test]# docker create --name vol rhel7:v4 bash 创建卷组
[root@foundation38 test]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation38 test]# docker run -d --name vm1 --volumes-from vol nginx 创建容器运行卷组
9c017aaad92a3723a6e1715d8582cc66fd2ab1df8e377625b6f55de82e8d483e
[root@foundation38 test]# docker inspect vm1 | grep "IPAddress" 过滤IP
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@foundation38 test]# curl 172.17.0.2 可以看到阿帕其测试页
<h1>hello xfl </h1>
还原环境:
[root@foundation38 test]# cd /tmp/docker/
[root@foundation38 docker]# ls
certs Dockerfile ssh supervisord.conf test web yum.repo
[root@foundation38 docker]# cd certs/
[root@foundation38 certs]# cd .
[root@foundation38 certs]# cd ..
[root@foundation38 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9c017aaad92a nginx "nginx -g 'daemon ..." 2 minutes ago Up 2 minutes 80/tcp vm1
[root@foundation38 docker]# docker rm -f -v vm1
vm1
[root@foundation38 docker]# docker volume ls 查看数据卷
DRIVER VOLUME NAME
local af5a4dbb288a701c2a43db3ba26cc16405908f77e14bf77d740b5a91b4864504
[root@foundation38 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4dd3d32b6522 rhel7:v4 "bash" 6 minutes ago Created vol
ea91a251faa9 0a3eb3fde7fd "/bin/sh -c '#(nop..." 44 minutes ago Created nostalgic_hugle
[root@foundation38 docker]# docker rm -v vol 删除数据卷
vol
[root@foundation38 docker]# docker volume ls
DRIVER VOLUME NAME
[root@foundation38 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea91a251faa9 0a3eb3fde7fd "/bin/sh -c '#(nop..." 48 minutes ago Created nostalgic_hugle
[root@foundation38 docker]# docker rm -f nostalgic_hugle 删除容器
nostalgic_hugle
[root@foundation38 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation38 docker]# ls
certs Dockerfile ssh supervisord.conf test web yum.repo
创建用户密码进行加密:
[root@foundation38 docker]# mkdir auth
[root@foundation38 docker]# docker run --entrypoint htpasswd registry:2 -Bbn xfl westos > auth/htpasswd 创建用户密码导入htpasswd文件中
[root@foundation38 docker]# cat auth/htpasswd 可以查看到自己的用户密码
xfl:$2y$05$.TgDAUiThbYxZF0uFcdCZuj4VWjKteXP9wASmIU6n82KPwQK/afx.
[root@foundation38 docker]# docker run --entrypoint htpasswd registry:2 -Bbn xyy linux >> auth/htpasswd 再次创建用户密码需要使用追加的方式,不然会覆盖之前的用户密码
[root@foundation38 docker]# cat auth/htpasswd 可以查看到两个用户以及密码
xfl:$2y$05$.TgDAUiThbYxZF0uFcdCZuj4VWjKteXP9wASmIU6n82KPwQK/afx.
xyy:$2y$05$K/teEBKjMLjt2qVGxRVTmumiWd6ZD/PCJ/WnkS0SDRuLnegD9jeni
[root@foundation38 docker]# docker ps -a 查看进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
caba4c389197 registry:2 "htpasswd -Bbn xyy..." 10 seconds ago Exited (0) 9 seconds ago determined_euler
7165f6674918 registry:2 "htpasswd -Bbn xfl..." 38 seconds ago Exited (0) 37 seconds ago practical_austin
[root@foundation38 docker]# ls
auth certs Dockerfile ssh supervisord.conf test web yum.repo
[root@foundation38 docker]# htpasswd -cm htpaswd xyy 创建一个用户密码,下次继续用-c会覆盖之前的密码,直接用-m就好
New password:
Re-type new password:
Adding password for user xyy
[root@foundation38 docker]# ls
auth certs Dockerfile htpaswd ssh supervisord.conf test web yum.repo
[root@foundation38 docker]# rm -f htpaswd 删除创建的文件
[root@foundation38 docker]# cd auth/
[root@foundation38 auth]# ls
htpasswd
[root@foundation38 auth]# cd ..
[root@foundation38 docker]# docker container prune 删除已经停止的容器
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:
caba4c3891973d32bc0bc1985322aa20305c3c96732bc37520370a1d2dbf7f2f
7165f6674918c479e2f53b645ad230371809a8851bfcc77ba0631e13af79f605
Total reclaimed space: 0 B
将设置的用户密码放入加密证书:
[root@foundation38 docker]# docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`/certs:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
> -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" \
> -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
> -p 443:443 \
> registry:2
f03948cf01e970251b222876ed14762342e49168ae0b804407290457a6223b37
[root@foundation38 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f03948cf01e9 registry:2 "/entrypoint.sh /e..." 6 seconds ago Up 4 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@foundation38 docker]# docker push westos.org/rhel7
[root@foundation38 docker]# pwd
/tmp/docker
[root@foundation38 docker]# cd
[root@foundation38 ~]# docker tag nginx westos.org/nginx
[root@foundation38 ~]# docker push westos.org/nginx
[root@foundation38 ~]# ping westos.org 可以Ping通域名
[root@foundation38 ~]# docker login -u xfl -p westos westos.org 登陆用户
Login Succeeded
[root@foundation38 ~]# netstat -antlp |grep :443 可以过滤出来443端口
tcp6 0 0 :::443 :::* LISTEN 17107/docker-proxy
[root@foundation38 ~]# cd .docker/
[root@foundation38 .docker]# ls
config.json
[root@foundation38 .docker]# cat config.json 可以看到信息
{
"auths": {
"westos.org": {
"auth": "eGZsOndlc3Rvcw=="
}
}
}[root@foundation38 .docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dff160d34d7a registry:2 "/entrypoint.sh /e..." 14 minutes ago Up 13 minutes 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@foundation38 .docker]# docker rm -f registry 还原环境
registry
[root@foundation38 .docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES