docker
2019-03-01 本文已影响0人
转身为墙
docker的组成
client、server
docker组件
镜像image :镜像是只读的
容器container :启动容器的时候是在只读层上加了一层可写层
仓库repository :集中存放镜像
docker命令:
搜索镜像:
#docker search centos
获取镜像:
#docker pull centos
列出本地镜像:
#docker images!
[root@instance-9sw700gb zxt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 1e1148e4cc2c 2 months ago 202MB
删除镜像:后面跟容器id
#docker rm cb9065df9d04 (若容器正在运行则需用docker stop 停止容器后再删除)
创建一个新的容器并运行命令
# docker run centos /bin/echo 'Hello World'
显示所有状态的容器:
# docker ps -a
显示当前正在运行的容器:
# docker ps
显示最后运行的那个容器:
# docker ps -l
启动容器:启动容器时若本地没有镜像,则会下载镜像然后启动
#docker run nginx
进入到docker容器中:
# docker run --name mydocker -it centos /bin/bash
--name指定容器名称
[root@instance-9sw700gb zxt]# docker run --name mydocker -it centos /bin/bash
[root@b3253b5fd19a /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
启动一个容器并在后台运行:-d
# docker run -d --name mynginx nginx
[root@instance-9sw700gb zxt]# docker run -d --name mynginx nginx
93a665880926664788b2c727bd9a9552bed2a18173070fc974ec181afe71f1b4
进入到已经运行的容器中:attach、ncenter
方法一:
# docker attach 93a665880926 (并不好用)
方法二:ncenter命令 (yum install -y util-linux)
# docker inspect --format "{{.State.Pid}}" mynginx (获取容器的pid)
80959
[root@instance-9sw700gb zxt]# nsenter --target 80959 --mount --uts --ipc --net --pid
mesg: ttyname failed: No such file or directory
root@93a665880926:/#
root@93a665880926:/# cd /etc/nginx/
root@93a665880926:/etc/nginx# ls
conf.d fastcgi_params koi-utf koi-win mime.types modules nginx.conf scgi_params uwsgi_params win-utf
编写进入容器的脚本:
[root@instance-9sw700gb zxt]# cat in.sh
#!/bin/bash
CNAME=$1
CPID=$(docker inspect --format "{{.State.Pid}}" $CNAME)
nsenter --target 80959 --mount --uts --ipc --net --pid
[root@instance-9sw700gb zxt]# ./in.sh mynginx
mesg: ttyname failed: No such file or directory
root@93a665880926:/#
docker的网络访问
[root@instance-9sw700gb zxt]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024201a2e27b no veth7006f1a
vethdcd7677
有一个docker0的网桥。
随机映射:
#docker run -P
[root@instance-9sw700gb zxt]# docker run -P -d --name mynginx1 nginx
e7657ad92b7e0838051577829fce54a66a314b4408d5ab937d10cf053a812ddf
[root@instance-9sw700gb zxt]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7657ad92b7e nginx "nginx -g 'daemon of…" 20 seconds ago Up 19 seconds 0.0.0.0:32768->80/tcp mynginx1
可以访问到容器中的端口:http://106.12.156.169:32768
指定映射:
# docker -p hostPort:containerPort
# docker -p ip:hostPort:containerPort
# docker -p ip::containerPort
[root@instance-9sw700gb zxt]# docker run -d -p 91:80 --name mynginx2 nginx
62c88fc93246586ba132df4cee803e01b0d346fe1446a2f843f1525635f9474c
可以访问到容器中的端口:http://106.12.156.169:91/
docker 的数据管理
数据卷:
-v /data
-v src:dst
[root@instance-9sw700gb zxt]# docker run -it --name volume-test1 -h centos -v /data centos
[root@centos /]# cd /data/
[root@centos data]# ll
total 0
(-h:设置主机名)
[root@instance-9sw700gb zxt]# docker run -it --name volume-test2 -h nginx -v /opt:/opt centos
[root@nginx /]# ls /opt/
avalokita bcm-agent containerd hosteye rh
数据卷容器
--volumes-
from
[root@instance-9sw700gb zxt]# docker run -it --name volume-test4 --volumes-from volume-test1 centos
镜像构建
手动构建:
[root@instance-9sw700gb docker]# docker pull centos
[root@instance-9sw700gb docker]# docker run --name nginx-man -it centos
[root@5041df20782e /]# yum install wget gcc gcc-c++ make openssl-devel
[root@5041df20782e /]# wget http://nginx.org/download/nginx-1.15.9.tar.gz
[root@5041df20782e /]# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.43.tar.gz
[root@5041df20782e src]# mv nginx-1.15.9.tar.gz /usr/local/src/
[root@5041df20782e src]# mv pcre2-10.21.tar.gz /usr/local/src/
[root@5041df20782e src]# cd /usr/local/src/
[root@5041df20782e src]# tar zxvf nginx-1.15.9.tar.gz
[root@5041df20782e src]# tar zxvf pcre-8.43.tar.gz
[root@5041df20782e src]# useradd -s /sbin/nologin -M www (-M不创建主目录)
[root@5041df20782e nginx-1.15.9]# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.43
[root@f55c14cccea0 nginx-1.15.9]# make
[root@f55c14cccea0 nginx-1.15.9]# make install
[root@c0e86620ef81 /]# vi /etc/rc.local
/usr/local/nginx/sbin/nginx
配置nginx在前台运行:
[root@f55c14cccea0 nginx-1.15.9]# vi /usr/local/nginx/conf/nginx.conf
daemon off
[root@f55c14cccea0 nginx-1.15.9]# exit
构建镜像:
[root@instance-9sw700gb zxt]# docker commit -m "my nginx" f55c14cccea0 zhangxiaoteng/my-nginx:v1
sha256:71a5275be6500932226d444395ab84f22a952b1b6227d822430d9a89e5eb1d0d
[root@instance-9sw700gb zxt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zhangxiaoteng/my-nginx v1 71a5275be650 53 seconds ago 429MB
构建了一个名字为zhangxiaoteng/my-nginx tag是v1的镜像
将自己构建的镜像运行起来:
[root@instance-9sw700gb zxt]# docker run -d -p92:80 zhangxiaoteng/my-nginx:v1
ba7a3610a27a0e7d8ea8332f415bfa1419373a6a03a64962ce863fbdd9da43dd
[root@instance-9sw700gb zxt]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba7a3610a27a zhangxiaoteng/my-nginx:v1 "/bin/bash" 9 seconds ago Exited (0) 8 seconds ago naughty_matsumoto
注意:
出现了一个问题,通过 docker ps -l查看得知这个镜像启动后就退出了,说明镜像中nginx自启动设置的不正确,rc.local中设置的有问题,将rc.local中的/usr/local/nginx/sbin/nginx删除
[root@instance-9sw700gb zxt]# docker run -it zhangxiaoteng/my-nginx:v1
[root@c0e86620ef81 /]# vi /etc/rc.local
[root@c0e86620ef81 /]# exit
[[root@instance-9sw700gb zxt]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
85b08a73eee5 zhangxiaoteng/my-nginx:v3 "/bin/bash" 30 seconds ago Exited (0) 3 seconds ago laughing_mclaren
[root@instance-9sw700gb zxt]# docker commit -m "v4" 85b08a73eee5 zhangxiaoteng/my-nginx:v4
sha256:5e1ddba6e55bf18386ab57484c4f2c3afcad5c2d5a533b0bfeed4ea0467fe89a
[root@instance-9sw700gb zxt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zhangxiaoteng/my-nginx v4 5e1ddba6e55b 6 seconds ago 429MB
zhangxiaoteng/my-nginx v3 837816fa3efb 14 minutes ago 429MB
zhangxiaoteng/my-nginx v2 740cf0ad5ae6 21 minutes ago 429MB
zhangxiaoteng/my-nginx v1 71a5275be650 32 minutes ago 429MB
[root@instance-9sw700gb zxt]# docker run -d -p 99:80 zhangxiaoteng/my-nginx:v4 /usr/local/nginx/sbin/nginx
015de6db9d839b23385cd6534071ef24d314e5d38b7510130986b3bc28447492
[root@instance-9sw700gb zxt]# docker run -d -p 99:80 zhangxiaoteng/my-nginx:v4 /usr/local/nginx/sbin/nginx
015de6db9d839b23385cd6534071ef24d314e5d38b7510130986b3bc28447492
[root@instance-9sw700gb zxt]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
015de6db9d83 zhangxiaoteng/my-nginx:v4 "/usr/local/nginx/sb…" 6 seconds ago Up 5 seconds 0.0.0.0:99->80/tcp loving_borg
检测访问nginx:http://106.12.156.169:99/
Dockerfile构建:
- 基础镜像信息
- 维护者信息
- 镜像操作指令
-
容器启动时执行指令
图片.png
[root@instance-9sw700gb nginx]# pwd
/data/zxt/docker-file/nginx
[root@instance-9sw700gb nginx]# vim Dockerfile
# This is my first dockerfile
# Version 1.0
# Author: ZXT
#Base images
FROM centos
MAINTAINER zxt
ADD pcre-8.43.tar.gz /usr/local/src
ADD nginx-1.15.9.tar.gz /usr/local/src
RUN yum install -y wget gcc gcc-c++ make openssl-devel
RUN useradd -s /sbin/nologin -M www
WORKDIR /usr/local/src/nginx-1.15.9
RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.43 && make && make install
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf
ENV PATH /usr/local/nginx/sbin:$PATH
EXPOSE 80
CMD ["nginx"]
[root@instance-9sw700gb nginx]# docker build -t nginx-file:v1 /data/zxt/docker-file/nginx/
[root@instance-9sw700gb nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-file v1 6b63353a090b 11 seconds ago 426MB
运行这个刚刚用dockerfile构建的镜像:
[root@instance-9sw700gb nginx]# docker run -d -p 98:80 nginx-file:v1 /usr/local/nginx/sbin/nginx
edf652db0ab0de69e9003945d225998b2f0ae46a91e564e06cec791ed2829eaf
[root@instance-9sw700gb nginx]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
edf652db0ab0 nginx-file:v1 "/usr/local/nginx/sb…" 6 seconds ago Up 5 seconds 0.0.0.0:98->80/tcp vibrant_swirles
测试:http://106.12.156.169:98/
docker核心原理--资源隔离和限制
-
资源隔离
LXC Kernel namespace
pid
net
ipc
mnt
uts
user -
资源限制:cgroup
CPU
内存
压力测试:stress
http://mirrors.aliyun.com/repo/
[root@instance-9sw700gb stress]# pwd
/data/zxt/docker-file/stress
[root@instance-9sw700gb stress]# wget http://mirrors.aliyun.com/repo/epel-6.repo
[root@instance-9sw700gb stress]# vim Dockerfile
FROM centos
ADD epel-6.repo /etc/yum.repos.d
RUN yum -y install stress && yum clean all
ENTRYPOINT ["stress"]
[root@instance-9sw700gb stress]# docker build -t stress .
[root@instance-9sw700gb stress]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
stress latest 6ede6b8f8c16 5 seconds ago 225MB
nginx-file v1 6b63353a090b 21 hours ago 426MB
[root@instance-9sw700gb ~]# docker run -it --rm stress --cpu 1
(启动一个压力测试的容器,占用一个cpu
容器退出之后自动删除)
[root@instance-9sw700gb ~]# docker run -it --rm -c 512 stress --cpu 1
[-c参数指定CPU配额,默认每个容器有1024的配额]
-m参数限制docker容器只能使用128m的内存:
[root@instance-9sw700gb ~]# docker run -it --rm -m 128m stress --vm 1 --vm-bytes 120m --vm-hang 0
[root@instance-9sw700gb ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8ce47201f85d stress "stress --vm 1 --vm-…" 22 seconds ago Up 21 seconds sad_hodgkin
图片.png
docker的核心原理--网络和registry
默认是桥接模式bridge
图片.png
图片.png
图片.png
查看docker0的虚拟网桥:
[root@instance-9sw700gb ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024201a2e27b no veth7006f1a
veth71ecf6e
veth78cabb9
vethb20623e
vethdcd7677
vethf5b0255
docker-compose
docker私有仓库
[root@instance-9sw700gb ~]# docker pull registry
[root@instance-9sw700gb ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
stress latest 6ede6b8f8c16 43 minutes ago 225MB
nginx-file v1 6b63353a090b 21 hours ago 426MB
zhangxiaoteng/my-nginx v4 5e1ddba6e55b 25 hours ago 429MB
zhangxiaoteng/my-nginx v3 837816fa3efb 25 hours ago 429MB
zhangxiaoteng/my-nginx v2 740cf0ad5ae6 25 hours ago 429MB
zhangxiaoteng/my-nginx v1 71a5275be650 25 hours ago 429MB
nginx latest 8c9ca4d17702 5 days ago 109MB
mysql latest 81f094a7e4cc 3 weeks ago 477MB
registry latest d0eed8dad114 4 weeks ago 25.8MB
启动docker私有仓库:
[root@instance-9sw700gb ~]# docker run -d -p 5001:5000 registry
54e13568020ac345453d773a026e5ace93830c36b319f2a35275bdfc0e1b80ad
[root@instance-9sw700gb ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
54e13568020a registry "/entrypoint.sh /etc…" 11 seconds ago Up 10 seconds 0.0.0.0:5001->5000/tcp heuristic_minsky
打包一个镜像传到私有仓库中:
[root@instance-9sw700gb ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
stress latest 6ede6b8f8c16 About an hour ago 225MB
nginx-file v1 6b63353a090b 21 hours ago 426MB
zhangxiaoteng/my-nginx v4 5e1ddba6e55b 25 hours ago 429MB
zhangxiaoteng/my-nginx v3 837816fa3efb 25 hours ago 429MB
zhangxiaoteng/my-nginx v2 740cf0ad5ae6 25 hours ago 429MB
zhangxiaoteng/my-nginx v1 71a5275be650 25 hours ago 429MB
nginx latest 8c9ca4d17702 5 days ago 109MB
mysql latest 81f094a7e4cc 3 weeks ago 477MB
registry latest d0eed8dad114 4 weeks ago 25.8MB
打包nginx-file:v1镜像命名为mynginx-file:v1到私库中:
[root@instance-9sw700gb ~]# docker tag nginx-file:v1 106.12.156.169:5001/test/mynginx-file:v1
[root@instance-9sw700gb ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
stress latest 6ede6b8f8c16 About an hour ago 225MB
106.12.156.169:5001/test/mynginx-file v1 6b63353a090b 22 hours ago 426MB
nginx-file v1 6b63353a090b 22 hours ago 426MB
zhangxiaoteng/my-nginx v4 5e1ddba6e55b 25 hours ago 429MB
zhangxiaoteng/my-nginx v3 837816fa3efb 25 hours ago 429MB
zhangxiaoteng/my-nginx v2 740cf0ad5ae6 25 hours ago 429MB
zhangxiaoteng/my-nginx v1 71a5275be650 26 hours ago 429MB
nginx latest 8c9ca4d17702 5 days ago 109MB
mysql latest 81f094a7e4cc 3 weeks ago 477MB
registry latest d0eed8dad114 4 weeks ago 25.8MB
[root@instance-9sw700gb ~]# docker push 106.12.156.169:5001/test/mynginx-file:v1
The push refers to repository [106.12.156.169:5001/test/mynginx-file]
Get https://106.12.156.169:5001/v2/: http: server gave HTTP response to HTTPS client
报错:
解决:
[root@instance-9sw700gb ~]# echo '{ "insecure-registries":["106.12.156.169:5001"] }' > /etc/docker/daemon.json
[root@instance-9sw700gb ~]# systemctl stop docker
[root@instance-9sw700gb ~]# systemctl start docker.service
[root@instance-9sw700gb ~]# docker run -d -p 5001:5000 registry
495990004d080c4ce0f054232376686f156b67c05014e658cd926ebd67b09ee2
[root@instance-9sw700gb ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
495990004d08 registry "/entrypoint.sh /etc…" 4 seconds ago Up 3 seconds 0.0.0.0:5001->5000/tcp modest_grothendieck
[root@instance-9sw700gb ~]# docker push 106.12.156.169:5001/test/mynginx-file:v1
The push refers to repository [106.12.156.169:5001/test/mynginx-file]
59e5eacdec8a: Pushed
4568f66cb1f4: Pushed
39b1bd831116: Pushed
87818500728d: Pushed
bcdaebad2cd2: Pushed
c36ccdbeb957: Pushed
071d8bd76517: Pushed
v1: digest: sha256:e66476f76e97f3a0d29c9f4858d7d0e5fc22931f9e201a883888431e15eb5a89 size: 1791
