Docker的通信方式
在默认情况下,Docker使用网桥(bridge)+ NAT的通信模型,
Docker在启动时默认会自动创建网桥设备Docker0,并配置IP172.18.0.1/16:
[root@VM_0_7_centos ~]# ifconfig docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:5c:e1:12:0b txqueuelen 0 (Ethernet)
RX packets 45260 bytes 58564444 (55.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 43508 bytes 9891692 (9.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@VM_0_7_centos ~]#当Docker启动容器时,会创建一对veth虚拟网络设备,并将其中一个veth网络设备附加到网桥docker0,另一个加入容器的网络名字空间(network namespace),并改名为eth0.这样,同一个Host的容器与容器之间就可以通过docker0通信了。
[root@VM_0_7_centos ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:5c:e1:12:0b txqueuelen 0 (Ethernet)
RX packets 45260 bytes 58564444 (55.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 43508 bytes 9891692 (9.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.7 netmask 255.255.240.0 broadcast 172.17.15.255
ether 52:54:00:2d:1d:06 txqueuelen 1000 (Ethernet)
RX packets 166487137 bytes 18716862191 (17.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 166914495 bytes 16039972180 (14.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 48390085 bytes 2815306278 (2.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48390085 bytes 2815306278 (2.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth49c3c33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether b2:4d:90:ec:32:87 txqueuelen 0 (Ethernet)
RX packets 28578 bytes 7712323 (7.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26083 bytes 23266735 (22.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0数据卷
1.创建数据卷
我们可以不指定host-dir,从而在容器内部创建一个数据卷:
如果不存在ubuntu:14:04 docker run 会创建,如果存在exec直接进入,
[root@VM_0_7_centos ~]# docker run -it --rm -v /volume1 --name test1 ubuntu:14.04 /bin/bash
[root@VM_0_7_centos ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27a87dd06ac6 ubuntu:14.04 "/bin/bash" 7 minutes ago Up 7 minutes test1
[root@VM_0_7_centos ~]# docker exec -it 27a87dd06ac6 /bin/bash
root@27a87dd06ac6:/# df -lh
Filesystem Size Used Avail Use% Mounted on
overlay 50G 16G 32G 33% /
tmpfs 920M 0 920M 0% /dev
tmpfs 920M 0 920M 0% /sys/fs/cgroup
/dev/vda1 50G 16G 32G 33% /volume1
shm 64M 0 64M 0% /dev/shm
tmpfs 920M 0 920M 0% /proc/scsi
tmpfs 920M 0 920M 0% /sys/firmware
root@27a87dd06ac6:/# echo "volume1" > /volume1/test.txt
root@27a87dd06ac6:/# ls /volume1/
test.txt
root@27a87dd06ac6:/#执行df可以看到Host的根分区被挂载到了容器的/volume1。
对于这种方式创建的数据卷,当容器被删除后,如果没有其他容器引用该数据卷,对应的Host目录也会被删除。所以,如果不想Host的目录被删除,必须指定Host的目录。
2.挂在Host的目录作为数据卷
除了创建数据卷外,我们还可以挂载Host的目录到容器,作为容器的数据卷。
[root@VM_0_7_centos ~]# docker run -it --rm -v /data/volume1:/volume1 ubuntu:14.04 /bin/bash
root@c6ac6c7d2684:/# df -lh
Filesystem Size Used Avail Use% Mounted on
overlay 50G 16G 32G 33% /
tmpfs 920M 0 920M 0% /dev
tmpfs 920M 0 920M 0% /sys/fs/cgroup
/dev/vda1 50G 16G 32G 33% /volume1
shm 64M 0 64M 0% /dev/shm
tmpfs 920M 0 920M 0% /proc/scsi
tmpfs 920M 0 920M 0% /sys/firmware
root@c6ac6c7d2684:/# ls /volume1/
root@c6ac6c7d2684:/# echo "hello" > /volume1/hello.txt
root@c6ac6c7d2684:/# exit
exit
[root@VM_0_7_centos ~]# ls /data/volume1/
hello.txt
[root@VM_0_7_centos ~]# cat /data/volume1/hello.txt
hello
[root@VM_0_7_centos ~]#我们将Host上的/data/volume1挂载容器中的/volume1.通过这种方式我们可以在Host与容器之间进行数据交换。比如,容器内的应用程序可以将日志、重要数据写到/volume1上,这样,即使容器被删除,数据仍然会保留在Host上。实际上,Docker内部是通过mount –bind来实现的。
3.挂载Host的文件作为数据卷
[root@VM_0_7_centos ~]# docker run --rm -it -v ~/.bash_history:/root/.bash_histroy ubuntu:14.04 /bin/bash
root@791f31d4d355:/# date +%z
+0000
root@791f31d4d355:/# exit
exit
[root@VM_0_7_centos ~]# date +%z
+0800
[root@VM_0_7_centos ~]#数据卷容器
1.创建和挂载数据卷容器
创建一个dbdata的容器,通过–volumes-from在其他容器挂载/dbdata数据卷。
进入db1和db2,可以看到容器dbdata所有的数据卷(/dbdata)的内容。
[root@saltstack-node2 ~]# docker run -d -v /dbdata --name dbdata training/postgres echo Data-only container for postgres
Unable to find image 'training/postgres:latest' locally
Trying to pull repository docker.io/training/postgres ...
latest: Pulling from docker.io/training/postgres
a3ed95caeb02: Pull complete
6e71c809542e: Pull complete
2978d9af87ba: Pull complete
e1bca35b062f: Pull complete
500b6decf741: Pull complete
74b14ef2151f: Pull complete
7afd5ed3826e: Pull complete
3c69bb244f5e: Pull complete
d86f9ec5aedf: Pull complete
010fabf20157: Pull complete
Digest: sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907e
Status: Downloaded newer image for docker.io/training/postgres:latest
8e4e3fcfbc387a4cccc2e2ae023b3d16b40784ed55f4c921133cda1fe4b20158
[root@saltstack-node2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/training/postgres latest 6fa973bb3c26 4 years ago 365 MB
[root@saltstack-node2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8e4e3fcfbc38 training/postgres "echo Data-only co..." 17 seconds ago Exited (0) 16 seconds ago
[root@saltstack-node2 ~]# docker run -d --volumes-from dbdata --name db1 training/postgres
12439f1fbdb2e80a9bab304d193c027c91d9d906fe535c1acdec113837632759
[root@saltstack-node2 ~]# docker run -d --volumes-from dbdata --name db2 training/postgres
a2eaf3de9e3a935bba71a4d6536c155479f77f288d205c7dce586563f6793e2f
[root@saltstack-node2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2eaf3de9e3a training/postgres "su postgres -c '/..." 10 seconds ago Up 8 seconds 5432/tcp db2
12439f1fbdb2 training/postgres "su postgres -c '/..." 27 seconds ago Up 25 seconds 5432/tcp db1
8e4e3fcfbc38 training/postgres "echo Data-only co..." 3 minutes ago Exited (0) 3 minutes ago dbdata
[root@saltstack-node2 ~]# docker exec -it a2eaf3de9e3a /bin/bash
root@a2eaf3de9e3a:/# cd /dbdata/
root@a2eaf3de9e3a:/dbdata# ls
root@a2eaf3de9e3a:/dbdata#备份、恢复和迁移数据卷
1.备份数据卷
我们可以通过“–volumes-from”从数据卷挂载数据卷,然后备份数据卷中的数据,
这里我们创建一个新的容器,将Host本地目录挂载到/backup,然后将数据卷容器dbdata的数据卷(/dbdata)打包到/backup/backup.tar。然后在Host的当前目录下就可以得到backup.tar。
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e2289a4b7dd4 training/postgres "su postgres -c '/usr" 11 minutes ago Up 11 minutes 5432/tcp db2
3fcec61c9501 training/postgres "su postgres -c '/usr" 11 minutes ago Up 11 minutes 5432/tcp db1
25158b44ecd6 training/postgres "echo Data-only conta" 12 minutes ago Exited (0) 12 minutes ago dbdata
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/ubuntu latest d355ed3537e9 14 months ago 119.2 MB
[root@localhost ~]# docker exec -it db1 /bin/bash
root@3fcec61c9501:/# cd d
dbdata/ dev/
root@3fcec61c9501:/# cd dbdata/
root@3fcec61c9501:/dbdata# ls
root@3fcec61c9501:/dbdata# echo "hello" > hello.txt
root@3fcec61c9501:/dbdata# ls
hello.txt
root@3fcec61c9501:/dbdata# cat hello.txt
hello
root@3fcec61c9501:/dbdata# exit
exit
[root@localhost ~]# docker run --volumes-from dbdata -v $(pwd):/backup d355ed3537e9 tar cvf /backup/backup.tar /dbdata
tar: Removing leading `/' from member names
/dbdata/
/dbdata/hello.txt
[root@localhost ~]# tar -xvf backup.tar
dbdata/
dbdata/hello.txt
[root@localhost ~]# ls
] nginx-1.10.1 Python-3.5.0 setuptools-19.6.tar.gz
anaconda-ks.cfg nginx-1.10.1.tar.gz Python-3.5.0.tgz web
backup.tar ovpn-data readline-6.2.4.1 zhuxiaolin
dbdata pip-8.0.2 readline-6.2.4.1.tar.gz
nginx pip-8.0.2.tar.gz setuptools-19.6
[root@localhost ~]# cat dbdata/hello.txt
hello
[root@localhost ~]# 2.恢复数据卷
创建一个需要恢复数据的容器 ,恢复数据
[root@localhost ~]# docker run -v /dbdata --name dbdata2 ubuntu /bin/bash
[root@localhost ~]# docker run --volumes-from dbdata2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar
dbdata/
dbdata/hello.txt