Before learning docker, we briefly look chroot jail restrictions, and lxc container.
Because of the nature docker using these two technologies:
1: chroot jail restrictions
2: lxc container
Technology development process vessel:
. 1): CHROOT technology, a new subsystem
Reference: HTTPS: //www.ibm.com/developerworks/cn/linux/l-cn-chroot/
Chang the root
2): Use SSH chroot jail restrict users from accessing the specified directory and use the specified command
Reference: https://linux.cn/article-8313-1.html
linux container (lxc) linux container
Which used two techniques:
Network namespaces namespace isolation environment
cgroups resource constraints)
Let's install it lxc:
# Installation epel source
wget -O easily installed or Tsinghua Ali will do (the best source remains the same base and belong to the same source)
##安装lxc
yum install lxc-* -y
yum install libcgroup* -y
yum install bridge-utils.x86_64 -y
##桥接网卡
[root@controller ~]#
echo 'TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0' >/etc/sysconfig/network-scripts/ifcfg-eth0
[root@controller ~]#
echo 'TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.6.128
NETMASK=255.255.255.0
GATEWAY=192.168.6.254
DNS1=223.5.5.5' >/etc/sysconfig/network-scripts/ifcfg-br0
Restart card:
/etc/init.d/network restart or systemctl restart network.service
view the bridge is normal: brctl Show
Bridge Bridge the above mentioned id name STP Enabled in the interfaces
br0 eth0 8000.000c294f9218 NO
##修改lxc默认配置
vi /etc/lxc/default.conf
修改第2行为:lxc.network.link = br0
##启动cgroup
systemctl start cgconfig.service
##启动lxc
systemctl start lxc.service
##创建lxc容器
方法1:
lxc-create -t download -n centos6 -- --server mirrors.tuna.tsinghua.edu.cn/lxc-images -d centos -r 6 -a amd64
方法2:
lxc-create -t centos -n test (我这里使用这种方式创建的)
#####为lxc容器设置root密码:
[root@controller ~]# chroot /var/lib/lxc/test/rootfs passwd
Changing password for user root.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
##为容器指定ip和网关
vi /var/lib/lxc/test/config
lxc.network.name = eth0
lxc.network.ipv4 = 192.168.6.111/24
lxc.network.ipv4.gateway = 192.168.6.254
##启动容器
lxc-start -n test (Lxc-start -n test -d 后台启动)
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to CentOS Linux 7 (Core)!
test login:
CentOS Linux 7 (Core)
Kernel 3.10.0-957.el7.x86_64 on an x86_64
test login: root (输入root ,密码登录ip a 查看ip地址就是我们刚刚配置文件指定的111ip)
Password:
登录后就和平时的窗口一样,关机执行init 0 就可以关掉容器了。