[docker entry (a)] https://blog.csdn.net/ck784101777/article/details/102496159
A custom image
1. When used in custom images
- with the naked system (most simplified configuration), create custom image and save system
- The currently running container made of mirrors, change reservations
- The currently running container transferred to other hosts
2. mirrored -commit way
Run container -> View container id-> Run -> View Mirror
Command: docker commit new mirror image id name
- [Root @ docker1 docker_images] # docker run -it docker.io/centos // run-time image
- [Root @ docker1 docker_images] # docker ps // View container id
- [root@docker1 docker_images]# docker commit 8d07ecd7e345 docker.io/myos:latest
- sha256: ac3f9c2e8c7e13db183636821783f997890029d687b694f5ce590a473ad82c5f
- [root@docker1 ~]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- docker.io/myos latest 87feda116c17 6 weeks ago 321.6 MB
3. mirrored -Dockerfile way
Dockerfile is mirrored by the way the script, do not need to manually start the container. We need a file named Dockerfile handwriting, and configure some parameters in the syntax. Then execute it
Dockerfile syntax:
- FROM: base image
- MAINTAINER: Mirror creator information (description)
- EXPOSE: open ports
- ENV: setting environment variables
- ADD: copy the file to the mirror
- RUN: execute the command when the mirrored, there may be multiple, multiple commands separated by &
- WORKDIR: define the default working directory container
- CMD: Command executed when the container starts, you can only have a CMD
To explain the usage of each parameter through a case, the following is to produce a container of experiments httpd
- [Root @ docker1 ~] # mkdir bulid // create a directory
- [root@docker1 ~]# cd bulid
- [Root @ docker1 bulid] # touch Dockerfile // Dockerfile file first letter capitalized
- [Root @ docker1 bulid] # cp /etc/yum.repos.d/local.repo ./ // yum source will be copied to the current path
- [Root @ docker1 bulid] #echo test> index.html // Create a new html page
- [root@docker1 bulid]# vim Dockerfile //编辑Dockerfile
- FROM docker.io/myos:latest // base image, here to write the reference mirror name
- RUN yum -y command to execute when // mirrored install httpd
- ENV EnvironmentFile = / etc / sysconfig / httpd // specify the execution environment, which is referred to when the httpd process execution environment
- WORKDIR / var / www / html / // define the default working directory container
- ADD index.html index.html // index.html will be copied to the current path in the image, named index.html
- EXPOSE 80 // set the number of open ports
- CMD [ "/ usr / sbin / httpd", "-DFOREGROUND"] // httpd start the service, you can find this line CMD viewed by httpd -T
- [Root @ docker1 bulid] # docker build -t docker.io/myos:http. // Do not forget to add. It represents the current path
- [root@docker1 bulid]# docker run -d docker.io/myos:http
- d9a5402709b26b42cd304c77be442559a5329dc784ec4f6c90e4abac1c88e206
- [Root @ docker1 bulid] # docker inspect d9 // ip View container
- [Root @ docker1 bulid] # curl 172.17.0.7 // access it, we have just written documents it
- test
Second, create a private warehouse mirror
Mirror warehouse chart, we look at this chart. First Images (mirror) and Containers (container), the relationship between them and commit the relationship run, run into the container through the mirror, the mirror can be connected via a hard-Tag (tag) according to the original image generation. By creating a mirrored container commit, and the container and can perform stop (Stop), start (start), restart (restart) Command
In Dockerfile look at this file, which is used to construct the mirrored image generated by the build command
Then backup.tar, mirror image generated by the local save, load command by reading the local mirror
Docker registry is a mirror of the warehouse, the warehouse is divided into private and public warehouses, warehouse storage mirroring is where we push public image uploaded to the repository, download the image through the pull command
1. Customize a private warehouse
1) installing warehouse
Creating a private warehouse needs to be installed docker-distribution service
Warehouse image memory address: / var / lib / registry
Warehouse configuration file: /etc/docker-distribution/registry/config.yml
- [root@docker1 bulid]# yum install docker-distribution
- [Root @ docker1 bulid] # systemctl start docker-distribution // start the service
- [root@docker1 bulid]# systemctl enable docker-distribution
2) modify the configuration file
Upload image needs to close https verification (private warehouses only) and add a warehouse
- [Root @ docker1 ~] #vim / etc / hosts // add a DNS
- 192.168.1.31 docker1
- [root@docker1 ~]# vim /etc/sysconfig/docker
- ADD_REGISTRY = '- add-registry docker1: 5000' // add a warehouse
- INSECURE_REGISTRY = '- insecure-registry docker1: 5000' // this warehouse by the security authority
- [root@docker1 ~]# systemctl restart docker //重启docker
3) Upload a local mirror to the warehouse
To create a label for the first image, the command: docker tag name new image: a new label name ip / hostname: 5000 / Mirror: Mirror Label
Then upload command: docker push ip / hostname: 5000 / Mirror: Mirror Label
- [root@docker1 ~]# docker tag docker.io/busybox:latest 192.168.1.31:5000/docker.io/busybox:latest
- // tagging
- [root@docker1 ~]# docker push 192.168.1.31:5000/docker.io/busybox:latest
- // upload
- [root@docker1 ~]# docker tag docker.io/myos:http 192.168.1.31:5000/ docker.io/myos:http
- [root@docker1 ~]# docker push 192.168.1.31:5000/docker.io/myos:http
4) other hosts Download image
If you want to download a mirror image of the warehouse, you have to install docker-distribution services, and modify the configuration file
- [root@docker2 ~]# yum install docker-distribution
- [Root @ docker2 ~] # systemctl start docker-distribution // start the service
- [root@docker2 ~]# systemctl enable docker-distribution
- [Root @ docker2 ~] #vim / etc / hosts // add a DNS
- 192.168.1.31 docker1
- [root@docker2 ~]# vim /etc/sysconfig/docker
- ADD_REGISTRY='--add-registry docker1:5000' //添加一个仓库
- INSECURE_REGISTRY='--insecure-registry docker1:5000' //将这个仓库通过安全授权
- [root@docker2 ~]# systemctl restart docker //重启docker
- [root@docker2 ~]#docker pull 192.168.1.31:5000/docker.io/busybox:latest //下载镜像到本地
5)查看镜像仓库
查看私有镜像仓库中的镜像名称:curl http://ip:5000/v2/_catalog
查看某一仓库的标签:cutl http://ip:5000/v2/镜像名/tags/list
仓库镜像存储地址:/var/lib/registry
仓库的ip和主机名都可,主机名必须添加域名解析,如果v2找不到就试一下v1,v3这个我也讲不定
- [root@docker1 bulid]# curl http://docker1:5000/v2/_catalog //查看所有镜像
- {"repositories":["docker.io/busybox","docker.io/myos"]}
- [root@docker1 bulid]# curl http://docker1:5000/v2/docker.io/busybox/tags/list //查看镜像标签
- {"name":"docker.io/busybox","tags":["latest"]}
三、持久化存储(外部存储)-存储卷
1.为什么使用外部存储
docker容器不是保存任何数据的,所以我们将重要的数据保存在外部磁盘上(存储卷),容器可以通过挂载真机的实际目录使用存储数据
2.启动时使用存储卷
命令:docker run -it -v /真机目录:/容器目录 容器名
本命令是将目录挂载到容器中提供持久化存储,目录不存在就自动创建,目录存在就覆盖掉,所以你要确认容器上是否有重名目录
3.实验-将NFS共享文件映射到两个容器中,使用共享资源
实验流程
1.服务器创建NFS共享存储目录,权限为rw
2.客户端挂载共享,将共享目录映射到容器中
3.docker1启动nginx
4.docker2启动apache
5.niginx和apache共享同一web目录
拓扑结构
镜像准备:
1个nginx镜像一个httpd镜像,用docker search 搜索即可
1)配置NFS服务器
- [root@nfs ~]# yum -y install nfs-utils //安装nfs服务
- [root@nfs ~]# mkdir /webroot //创建共享目录
- [root@nfs ~]# vim /etc/exports //编辑nfs配置文件
- /webroot *(rw,no_root_squash) //rw root不降权
- [root@nfs ~]# systemctl restart nfs-server.service
- [root@nfs ~]# systemctl restart nfs-secure.service
- [root@nfs ~]# chmod 777 /content //在其他主机上挂载nfs文件使用的用户是nfs用户没有写权限,将文件修改为777 所有用户有权限写
- [root@nfs ~]# echo hello wrold > /content/index.html //指定一个测试页面
2)docker1主机配置-apache服务
- [root@docker1 bulid]# yum -y install nfs-utils //安装nfs服务
- [root@docker1 bulid]# systemctl restart nfs-server.service
- [root@docker1 bulid]# showmount -e 192.168.1.254 //查看可以挂载的nfs服务
- Export list for 192.168.1.254:
- /webroot *
- [root@docker1 ~]# mkdir /mnt/webroot //创建挂载目录
- [root@docker1 ~]# mount -t nfs 192.168.1.254:/content /mnt/webroot //挂载
- [root@docker1 ~]# ls /mnt/webroot
- index.html
- //启动http容器 -p将端口映射到真机 -v映射真机存储卷
- [root@docker1 ~]# docker run -d -p 80:80 -v /mnt/webroot:/var/www/html -it docker.io/myos:http
- 224248f0df5d795457c43c2a7dad0b7e5ec86abdc3f31d577e72f7929f020e01
- [root@docker1 ~]# curl 192.168.1.31:80 //由于已经将端口映射到真机 直接访问真机80端口即可
- hello wrold
3)docker2主机配置-nginx服务
与上面配置差不多
- [root@docker2 ~]# yum -y install nfs-utils
- [root@docker2 ~]# showmount -e 192.168.1.254
- Export list for 192.168.1.254:
- /webroot *
- [root@docker2 ~]# mkdir /mnt/webroot
- [root@docker2 ~]# mount -t nfs 192.168.1.254:/content /mnt/webroot
- [root@docker2 ~]# docker run -d -p 80:80 -v /mnt/qq:/usr/share/nginx/html -it docker.io/nginx
- 00346dabec2c7a12958da4b7fee6551020249cdcb111ad6a1058352d2838742a
- [root@docker2 ~]# curl 192.168.1.32
- hello wrold
四、自定义网桥
1.为什么要自定义网桥?
-创建容器时默认创建的ip为172.17.0.0/24 这个网段的
-自定义网桥更容易记忆
-为了方便规划网络拓扑
-容器的特征是可以把宿主机变成对应的服务,为了外部网络的主机访问容器内的资源,必须配置网桥
2.如何使将容器端口与宿主端口绑定
使用-p 参数可以将容器端口与宿主端口绑定
命令: docker run -p 宿主机端口:容器端口 -it 镜像名
如将httpd容器变为宿主机httpd服务
docker run itd -p 80:80 docker.ip/httpd
3.实验-自定义网桥
1)查看docker网卡
命令:docker network list
或者 docker network inspect 网卡名
- [root@docker1 ~]# docker network list
- NETWORK ID NAME DRIVER SCOPE
- 996943486faa bridge bridge local
- 63c88dcc3523 host host local
- 5e5ab3d45e27 none null local
2)创建docker网卡
命令:docker network create --subnet=ip 网卡名
- [root@docker1 ~]# docker network create --subnet=10.10.10.0/24 docker1
- b447cacc0373631ff7c534f119047946be5c1498b5b2e31a31180c5ee6320ab5
- [root@docker1 ~]# docker network list
- NETWORK ID NAME DRIVER SCOPE
- 996943486faa bridge bridge local
- 63c88dcc3523 host host local
- 5e5ab3d45e27 none null local
- [root@docker1 ~]# docker network inspect docker1
- [
- {
- "Name": "docker1",
- "Id": "b447cacc0373631ff7c534f119047946be5c1498b5b2e31a31180c5ee6320ab5",
- "Scope": "local",
- "Driver": "bridge",
- "EnableIPv6": false,
- "IPAM": {
- "Driver": "default",
- "Options": {},
- "Config": [
- {
- "Subnet": "10.10.10.0/24"
- } ]
- },
- "Internal": false,
- "Containers": {},
- "Options": {},
- "Labels": {}
- }
- ]
3)使用创建的网卡
命令:docker run --network=网卡名 -itd 镜像名
- [root@docker1 ~]# docker run --network=docker1 -itd docker.io/myos
- 5270cba305c06c3da3f56185b35dc059aabcf2884a12ef717d89a768360e5326
4.修改宿主机网卡名
我们通过docker 命令创建的网卡,通过ifconfig看到的名字默认是br-网卡id ,可读性很差,下面演示如何修改默认网卡名
1)创建一个网卡并查看网卡名
- [root@docker1 ~]# docker network create --driver bridge docker02
- //新建一个 名为docker02的网络模型
- 5496835bd3f53ac220ce3d8be71ce6afc919674711ab3f94e6263b9492c7d2cc
- [root@docker1 ~]# ifconfig
- //但是在用ifconfig命令查看的时候,显示的名字并不是docker02,而是br-5496835bd3f5
- br-5496835bd3f5: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
- inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
- ether 02:42:89:6a:a2:72 txqueuelen 0 (Ethernet)
- RX packets 8 bytes 496 (496.0 B)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 8 bytes 496 (496.0 B)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2)查看inspect对于命名的规定
上面可以通过ifconfig查看到id号,前3位即可,或者通过docker network list 查看
我们再通过inspect查看一下docker网卡底层信息,看到"com.docker.network.bridge.name": "docker0"字样
[root@docker2 ~]# docker network inspect bc5
3)自定义命名创建
命令:docker network create 网卡名 -o com.docker.network.bridge.name=你要修改的网卡名
- [root@docker1 ~]# docker network rm docker02 //删除docker02重新创建
- docker02
- [root@docker1 ~]# docker network create \
- docker02 -o com.docker.network.bridge.name=docker02
- //创建docker02网桥
- 648bd5da03606d5a1a395c098662b5f820b9400c6878e2582a7ce754c8c05a3a
- [root@docker1 ~]# ifconfig //ifconfig查看有docker02
- docker02: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
- inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
- ether 02:42:94:27:a0:43 txqueuelen 0 (Ethernet)
- RX packets 0 bytes 0 (0.0 B)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 0 bytes 0 (0.0 B)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0