Article Directory
Linux cloud computing architecture-deployment of Docker container virtualization platform (1)
1. Docker overview
Docker is an open source application container engine. Developers can package their applications and dependencies into a portable container, and then publish it to any popular Linux machine, which can also be virtualized. Containers use the sandbox mechanism completely , and there will be no interfaces between them. There is almost no performance overhead, and it can be easily run in machines and data centers. Most importantly, they do not depend on any language, framework or packaging system.
Docker is an LXC-based advanced container engine open source by dotCloud. The source code is hosted on Github , based on the Go language and open source in compliance with the Apache2.0 protocol.
LXC (Linux Container), the Linux container technology, is a kernel virtualization technology that can provide lightweight virtualization to isolate processes and resources without the need to provide instruction interpretation mechanisms and other complexities of full virtualization. The
namespaceisolation between each user instance is mainly achieved through the kernel . Through thecgroupsrealization of resource quota and measurement.
The purpose of Docker: Docker images are built once and run everywhere.
Docker official website :https://www.docker.com/
The docker server can be regarded as a whale, and the container can be regarded as a container on the whale.
Both docker containers and virtual machines are virtualization technologies. Docker does not involve Hypervisor virtual machines, so docker is more efficient than virtual machines. It takes about 1-2 seconds to start a docker instance.
Virtual machine technology:
docker container technology:
2. Docker architecture
2.1 Docker working principle
2.2 Docker core technology
Technology 1: namespace [Isolation of container process, network, message, file system, and host name]
Technology 2: cgroup [realize resource quota and measurement, such as allocating cpu and memory]
Features:
File system isolation : each process container runs in a completely independent root file system.
Network isolation : each process container has its own network, virtual interface, and IP address.
Log isolation : docker will collect and record the information of each process container Standard stream for real-time retrieval and batch retrieval.
Change management : Changes to the container file system can be submitted to a new image, which can be reused to create more containers.
Resource isolation : System resources are allocated on demand and isolated from each other. Configure
interactive shell with cgroup : docker can allocate a virtual terminal and associate it with the standard input stream of any container.
Advantages:
1. It is smaller than vm and faster than vm. It only takes 1-2 seconds to start a container instance.
2. docker is one An open platform for building, publishing, and running distributed applications.
3. You can use docker on the company's local area network, cloud, and virtual machines.
4. Developers don't need to care about which operating system the application uses.
5. You can use docker on Unix/Linux, Windows, Mac and other operating systems.
Disadvantages:
1. docker Most useful when used in applications, but does not include data. Logs, traces, and databases are placed outside the docker container. The image of a container is often small and not suitable for storing large amounts of data. Storage can be realized by external mounting. [Docker is only used for computing, storage is handed over to others]
2. mysql and oracle databases are not suitable for running with docker, which stores too much data.
3. Docker deployment
老名字:docker、docker-engine【yum install docker】【yum install docker-engine】
New name: docker-ce (open source), docker-ee (closed source)
Install docker:
# 安装docker环境依赖
[root@server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
# 配置国内docker的yum源,这里使用aliyun的
官方源:https://download.docker.com/linux/centos/docker-ce.repo
阿里源:http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
清华源:https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
# 安装docker
[root@server ~]# yum install docker-ce docker-ce-cli containerd.io -y
# 启动并开机自启
[root@server ~]# systemctl start docker && systemctl enable docker
# 查看docker的版本信息、系统信息(容器和镜像个数)
[root@server ~]# docker version
Client: Docker Engine - Community
Version: 19.03.13
API version: 1.40
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:03:45 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.13
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:02:21 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.7
GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
[root@server ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0 -- 容器个数
Running: 0 -- 运行的容器个数
Paused: 0 -- 终止的容器个数
Stopped: 0 -- 停止的容器个数
Images: 0 -- 镜像个数
Server Version: 19.03.13
Simple use of docker: pull image
# docker的使用
# 搜索image,OFFICIAL为OK才是安全可用的。
[root@server ~]# docker search centos
# 从docker hub上下载image到docker服务器
[root@server ~]# docker pull centos
=================================================================
pull的四种方法:
法1:使用阿里云docker镜像加速器,提升pull的速度
创建配置文件 /etc/docker/daemon.json【推荐使用】
{
"registry-mirrors": ["https://e9yneuy4.mirror.aliyuncs.com"] }
修改docker服务启动脚本【不推荐使用】
# 重新加载systemd服务脚本
systemctl daemon-reload
# 重启docker服务
systemctl restart docker
法2:使用网易镜像https://c.163.com/hub#/m/home/
法3:将image导入容器
docker load -i /root/docker.io-centos-lastest-image.tar
法4:下载其他站点的应用程序
docker pull hub.c.163.com/library/tomcat:latest
=================================================================
# 列出本地所有镜像,通过info可以看到有一个镜像,通过images可以看到具体是哪个镜像。
[root@server ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0d120b6ccaa8 8 weeks ago 215MB
# 删除镜像前必须删除使用该镜像创建的容器,否则只会删除镜像的TAG
[root@server ~]# docker rmi 0d120b6ccaa8
The docker image includes the program and the libraries or binary files that the program depends on.
# 开启NAT网络转发功能
[root@server ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@server ~]# sysctl -p # NAT立即生效
net.ipv4.ip_forward = 1
[root@server ~]# cat /proc/sys/net/ipv4/ip_forward
1
# 启动docker实例
[root@server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0d120b6ccaa8 8 weeks ago 215MB
[root@server ~]# docker run -it centos:latest /bin/bash
# 新开一个终端查看正在运行的docker容器,可以看到有一个容器实例正在运行。
[root@server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
19c2d3353908 centos:latest "/bin/bash" 16 seconds ago Up 15 seconds elastic_proskuriakova
# 关闭firewalld防火墙后,需重启docker服务,否则ip包转发功能无法使用。
[root@server ~]# systemctl stop firewalld
[root@server ~]# systemctl restart docker
4. Use of Docker container virtualization platform
| Run command | meaning |
|---|---|
| docker images | See what docker image |
| docker run -it centos:latest bash | Run a container, load the mirror centos, start a docker instance environment, and execute bash commands in the instance |
| exit | Exit the instance environment |
| parameter | meaning |
|---|---|
| -i | Run the container in interactive mode, usually used with -t |
| -t | Reallocate a pseudo output terminal for the container, usually used with -i. |
| -d | Run the container in the background and return the container ID |
| -c | Followed by the command to be completed |
| docker logs container ID | container short ID | Obtain the log from a container and view the output content, which can be used to later check the error message or normal information popped up in the standard output of the docker instance. |
| docker ps | List all running containers |
| docker ps -a | List all containers, including those in a sleeping or exiting state. |
| kill | Kill a container |
| run | Create and run a container instance |
| stop | Stop the instance |
| start | Start instance |
| restart | Restart the instance |
| docker exec -it container name|container ID /bin/bash | Enter the container |
| rm | Delete the instance, provided the instance is stopped |
| rm -f | Forced deletion, which can be a running instance. |
Actual combat drill:
# 后台运行一个容器实例,并在容器中的终端执行命令df -h,返回值是容器ID
[root@server ~]# docker run -d centos:latest /bin/bash -c "df -h"
3e5930e087a17e6f11298a1786844da22facb390e90115d7a8ff57cce0b33a09
[root@server ~]# docker logs 3e59
Filesystem Size Used Avail Use% Mounted on
overlay 17G 6.1G 11G 36% /
tmpfs 64M 0 64M 0% /dev
tmpfs 910M 0 910M 0% /sys/fs/cgroup
shm 64M 0 64M 0% /dev/shm
/dev/mapper/centos_master-root 17G 6.1G 11G 36% /etc/hosts
tmpfs 910M 0 910M 0% /proc/acpi
tmpfs 910M 0 910M 0% /proc/scsi
tmpfs 910M 0 910M 0% /sys/firmware
# 启动一个容器实例
[root@server ~]# docker run -it centos:latest /bin/bash
[root@397d90de57b3 /]#
# 新开一个终端,杀死启动的容器实例
[root@server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
397d90de57b3 centos:latest "/bin/bash" 37 seconds ago Up 36 seconds recursing_jepsen
[root@server ~]# docker kill 397d90de57b3
397d90de57b3
# 启动一个容器实例
[root@server ~]# docker run -it centos:latest /bin/bash
# 新开终端
[root@server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21a11864b0ad centos:latest "/bin/bash" 13 seconds ago Up 12 seconds sad_albattani
[root@server ~]# docker stop 21a11864b0ad
21a11864b0ad
[root@server ~]# docker start 21a11864b0ad
21a11864b0ad
[root@server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21a11864b0ad centos:latest "/bin/bash" 56 seconds ago Up 17 seconds sad_albattani
# 进入容器
[root@server ~]# docker exec -it 21a11864b0ad /bin/bash
[root@21a11864b0ad /]#
# 查看所有的容器
[root@server ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21a11864b0ad centos:latest "/bin/bash" 2 hours ago Up 2 hours sad_albattani
3e5930e087a1 centos:latest "/bin/bash -c 'df -h'" 3 hours ago Exited (0) 3 hours ago gracious_aryabhata
# 进入到某个容器
[root@server ~]# docker exec -it 21a11864b0ad /bin/bash
# 删除某个容器
[root@server ~]# docker rm 3e
3e
[root@server ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21a11864b0ad centos:latest "/bin/bash" 3 hours ago Up 3 hours sad_albattani
5. Docker makes image
Install apache service:
[root@21a11864b0ad /]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@21a11864b0ad /]# yum install -y httpd
In order to save the current state of the container, the current container can be made into a mirror image.
Docker Image 的制作两种方法:
#保存container的当前状态到image后,然后生成对应的image【快照】
方法 1:docker commit 容器ID 新镜像名[repository:tag]
[root@server ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21a11864b0ad centos:latest "/bin/bash" 3 hours ago Up 3 hours sad_albattani
[root@server ~]# docker commit 21a11864b0ad centos:httpd
sha256:a1b9cc833f6c02944fdd0a4021179bbe4ce28008ddc46d0d4852e3c9e65991bb
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos httpd a1b9cc833f6c 9 seconds ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
#使用Dockerfile文件自动化制作image
方法 2:docker build
Method 2 concrete realization:
1. 创建工作目录和Dockerfile文件
[root@server ~]# mkdir /opt/docker
[root@server ~]# cd /opt/docker/
[root@server docker]# touch Dockerfile
2. 编辑Dockerfile
[root@server docker]# vim Dockerfile
FROM centos:latest # 基于哪个镜像制作镜像
MAINTAINER <[email protected]> # 镜像创建者
RUN yum install -y httpd
ADD start.sh /usr/local/bin/start.sh # 本地文件替换容器内的对应路径中的文件
ADD index.html /var/www/html/index.html
CMD /usr/local/bin/start.sh # 终端执行脚本,一个Dockerfile文件中仅有一个CMD语句,存在多个时最后一个有效。
3. 创建start.sh启动脚本启动apache服务和apache首页index.html文件
root@server docker]# echo "/usr/sbin/httpd" > start.sh
[root@server docker]# chmod a+x start.sh
[root@server docker]# echo "docker image apache" > index.html
4. 使用build命令创建新的镜像
docker build -t 原镜像名[repository:tag] ./
[root@server docker]# docker build -t centos:httpd ./
5. 查看镜像
[root@server docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos httpd 1e0cccb31310 10 seconds ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
6. Docker release
Two methods of publishing docker image:
①save image to tarball
docker save -o tar包名 镜像名[repository:tag] # 导出
docker load -i tar包名 #导入
# 导出镜像
[root@server ~]# docker save -o docker-centos-httpd.tar.gz centos:httpd
[root@server ~]# ll docker-centos-httpd.tar.gz
-rw------- 1 root root 262351872 10月 8 13:07 docker-centos-httpd.tar.gz
# 导入镜像
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos httpd 1e0cccb31310 6 minutes ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
[root@server ~]# docker rmi centos:httpd
Untagged: centos:httpd
Deleted: sha256:1e0cccb3131058019c071b7c93f69c149482fa9cf1f0332a25b8c6711c4da94a
Deleted: sha256:ac16f03b97984ee900ef5d031f164cfaeaa6cd8dc019ce72cc959dff632501a8
Deleted: sha256:c9abe0f55ae1426a5e07f09cd9dc7ed854fe9811463871408c7c96c23160a4e2
Deleted: sha256:8764928fbf45abca97f14c34ef943767a5c9501f8e4711bd3a14c8e08b319934
Deleted: sha256:6560e60c44efb0f75384dce5c108bbe657268454aed3931f0e65c42f620e2294
Deleted: sha256:6201f9e06a0712f85fb608bcf920f6faaeb90fafa715f5de45e037f7d1e38805
Deleted: sha256:8735743637ddd6750349b5cf46d4e09663979b0f5bf9d25ceda53d865b8f55b0
Deleted: sha256:986b70081cb31f68b2aa7d32129bdb9babbc4ca2f0a55ecae18c7463bedbc206
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0d120b6ccaa8 8 weeks ago 215MB
[root@server ~]# docker load -i docker-centos-httpd.tar.gz
45dcccff5e24: Loading layer 39.97MB/39.97MB
4d2bed0847aa: Loading layer 3.584kB/3.584kB
78d2cfc17a25: Loading layer 3.584kB/3.584kB
Loaded image: centos:httpd
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos httpd 1e0cccb31310 7 minutes ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
②push image to docker hub
1. 注册账号:https://hub.docker.com/
2. 标记本地镜像,将其归入某一仓库。
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos httpd b5c91959b65d About an hour ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
[root@server ~]# docker tag centos:httpd abong123/centos:httpd # 为镜像分类,仍为同一镜像。
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
abong123/centos httpd b5c91959b65d About an hour ago 254MB
centos httpd b5c91959b65d About an hour ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
3. 登录到docker hub
[root@server ~]# docker login -u abong123 -p123456
4. 上传镜像
[root@server ~]# docker push abong123/centos:httpd
5. 删除centos:httpd镜像
[root@server ~]# docker rmi abong123/centos:httpd
Untagged: abong123/centos:httpd
Untagged: abong123/centos@sha256:64b4e1a73d1bb959e222a6098bf45cec472b23a0b95be779a9f427168b8eb3bb
6. 下载镜像
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos httpd b5c91959b65d 2 hours ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
[root@server ~]# docker pull abong123/centos:httpd
httpd: Pulling from abong123/centos
Digest: sha256:64b4e1a73d1bb959e222a6098bf45cec472b23a0b95be779a9f427168b8eb3bb
Status: Downloaded newer image for abong123/centos:httpd
docker.io/abong123/centos:httpd
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
abong123/centos httpd b5c91959b65d 2 hours ago 254MB
centos httpd b5c91959b65d 2 hours ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
7. Container port mapping
The principle of container port mapping : the application running the container occupies a certain port number, and is mapped to an unused port number on the docker server through NAT network address translation, and then you can access it by accessing the docker server address and port number The content of the app in the container.
Start the container container and perform port mapping:
# -p 物理机80端口:容器实例的80端口
# 把容器中的80端口号映射到物理机的80端口上,这样可以使得容器中的内容可以外部访问。
[root@server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos httpd b5c91959b65d 32 minutes ago 254MB
centos latest 0d120b6ccaa8 8 weeks ago 215MB
[root@server ~]# docker run -it -p 80:80 centos:httpd
[root@f4ad69e99787 /]# netstat -antup |grep 80
bash: netstat: command not found
[root@f4ad69e99787 /]# ifconfig
bash: ifconfig: command not found
[root@f4ad69e99787 /]# yum install net-tools -y # 安装网络软件包
[root@f4ad69e99787 /]# netstat -antup | grep 80
[root@f4ad69e99787 /]# /usr/sbin/httpd
[root@f4ad69e99787 /]# netstat -antup | grep 80 # docker容器要正常监听80端口号
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29/httpd
[root@f4ad69e99787 /]# vi /etc/httpd/conf/httpd.conf
98 ServerName localhost:80
[root@2531def57c03 /]# exit
exit
[root@server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4ad69e99787 centos:httpd "/bin/bash" 8 minutes ago Exited (0) 10 seconds ago xenodochial_chandrasekhar
21a11864b0ad centos:latest "/bin/bash" 13 hours ago Exited (255) About an hour ago sad_albattani
[root@server ~]# docker start f4ad69e99787
f4ad69e99787
[root@server ~]# docker ps # 容器要正常运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4ad69e99787 centos:httpd "/bin/bash" 8 minutes ago Up 2 seconds 0.0.0.0:80->80/tcp xenodochial_chandrasekhar
[root@server ~]# netstat -antup | grep 80 # docker服务器上的80端口号被占用
tcp6 0 0 :::80 :::* LISTEN 27806/docker-proxy
Visit docker server address :http://192.168.43.178/
If you cannot open the physical machine address normally, you can check the following :
①Whether the 80 port number of the physical machine allows external access, that is, whether the firewall opens the 80 port number.
②Whether the port 80 of the physical world is occupied by other applications.
③Whether the 80 port number of the container is occupied and whether the apache service is turned on
④Whether the NAT network forwarding function is turned on, you can use the command to cat /proc/sys/net/ipv4/ip_forwardcheck, the result is 1 to turn on.
⑤ vessel is operating correctly, can be used docker psto view
Enter the running container instance:
# 进入容器
docker exec -it 容器名|容器ID /bin/bash
View the container's network:
# 进入容器中,安装net-tools包
[root@d0d20c406c83 ~]# yum install net-tools -y
[root@d0d20c406c83 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 163 bytes 343276 (335.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 124 bytes 8554 (8.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
8. Learning experience (1)
docker容器The study can be regarded 镜像(image)as a template, stored in 模板库(docker hub)it, we should take 拉取(pull)a template from the template library , and then use the template to create one 容器实例(container). At this time, this container instance is the carrier we use to run applications or services. The container may 创建运行(run), , 启动(start), 停止(stop), 重启(restart), 删除(rm), 查看(ps)can also be used to make a mirror, and the mirror can be published to the template stored in the library for later use. The port number occupied by a certain service or application in the container can be NAT映射reached to a certain port number of the physical machine for external access.