Contents
一.Docker基础操作之制作镜像
1.拉取centos官方镜像
[root@node01 ~]# docker pull nginx Using default tag: latest Trying to pull repository docker.io/library/nginx ... Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet valid #出现如上提示解决办法 [root@node01 ~]# yum install -y ntpdate [root@node01 ~]# ntpdate ntp1.aliyun.com #拉取镜像 [root@node01 ~]# docker pull centos
1.1启动镜像
[root@node01 ~]# docker run -it centos bash [root@2749ecb71fe2 /]# #优化yum仓库 [root@2749ecb71fe2 /]# cd /etc/yum.repos.d/ [root@2749ecb71fe2 yum.repos.d]# ls CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo CentOS-fasttrack.repo [root@2749ecb71fe2 yum.repos.d]# rm -rf * #下载Base源 [root@2749ecb71fe2 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #下载epel源 [root@2749ecb71fe2 yum.repos.d]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
1.2制作nginx镜像
[root@2749ecb71fe2 yum.repos.d]# yum install -y nginx [root@2749ecb71fe2 yum.repos.d]# vi /etc/nginx/nginx.conf daemon off; ##添加,docker默认后台运行的,添加此参数就能在前台运行 #获取commit帮助 [root@node01 ~]# docker commit --help Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] Create a new image from a container's changes Options: -a, --author string Author (e.g., "John Hannibal Smith <hannibal@a-team.com>") ##作者信息 -c, --change list Apply Dockerfile instruction to the created image (default []) #改变描述信息 --help Print usage -m, --message string Commit message #描述信息 -p, --pause Pause container during commit (default true) #制作nginx镜像 [root@node01 ~]# docker commit -m 'add nginx images' 2749ecb71fe2 xiejc/my_nginx sha256:579ab388ab4374fb488ef0a6a685cd83af11a16fca6bb1c7fddd43f98cbd9993 [root@node01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE xiejc/my_nginx latest 579ab388ab43 7 seconds ago 396 MB docker.io/nginx latest 649dcb69b782 4 days ago 109 MB docker.io/centos latest 49f7960eb7e4 4 weeks ago 200 MB docker.io/alpine latest 3fd9065eaf02 5 months ago 4.15 MB [root@node01 ~]# docker commit -m 'add nginx images' 2749ecb71fe2 xiejc/my_nginx:v1 #添加标签 sha256:5cdb0f8136e18c5d57e8b671cce754421ce3b5803ebea5a9b3dfb792ca298978 [root@node01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE xiejc/my_nginx v1 5cdb0f8136e1 15 seconds ago 396 MB xiejc/my_nginx latest 579ab388ab43 44 seconds ago 396 MB docker.io/nginx latest 649dcb69b782 4 days ago 109 MB docker.io/centos latest 49f7960eb7e4 4 weeks ago 200 MB docker.io/alpine latest 3fd9065eaf02 5 months ago 4.15 MB
1.3启动制作的镜像
[root@node01 ~]# docker run -d --name my_nginx xiejc/my_nginx nginx 0898a46ab132fd41b941e9bb9116e11852f0a193a0efa7198c375aa9270efd43 [root@node01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0898a46ab132 xiejc/my_nginx "nginx" 11 seconds ago Up 10 seconds my_nginx 2749ecb71fe2 centos "bash" 55 minutes ago Up 55 minutes hungry_joliot
默认Docker仓库地址:https://hub.docker.com
#把制作的dcker镜像上传到hub上 docker login默认就是访问官网 [root@node01 ~]# docker login https://hub.docker.com Username: xiejincheng123 Password: Login Succeeded #登录成功之后在家目录下生成认证信息 [root@node01 ~]# cat .docker/config.json { "auths": { "hub.docker.com": { "auth": "eGllamluY2hlbmcxMjM6QHNhbmdmb3IxMjM=" } } } #上传镜像 [root@node01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE xiejc/my_nginx v1 5cdb0f8136e1 43 minutes ago 396 MB xiejc/my_nginx latest 579ab388ab43 44 minutes ago 396 MB [root@node01 ~]# docker tag 5cdb0f8136e1 docker.io/xiejincheng123/my_nginx #贴上标记xiejincheng123为登录账号 [root@node01 ~]# docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one. Username: xiejincheng123 Password: Login Succeeded [root@node01 ~]# docker push docker.io/xiejincheng123/my_nginx
Docker特点:①面向产品: 产品快速交付 ②面向开发: 简化环境配置 ③面向测试: 多版本测试 ④面向运维: 环境一致性
⑤面向架构: 自动化扩容(微服务)
1.4Docker端口管理
#通过浏览器能访问到web服务随机端口映射 [root@node01 ~]# docker run -d --name mynginx -P nginx b243585bd7aa2c5b185d56a5dff6397de0696656be856b2539a050740a556735 #说明: -d 指定后台运行 --name 指定运行的名字 -P 随机端口进行映射 容器的80端口映射到32768端口 nginx 为镜像名 [root@node01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b243585bd7aa nginx "nginx -g 'daemon ..." 6 seconds ago Up 4 seconds 0.0.0.0:32768->80/tcp mynginx #指定端口 [root@node01 ~]# docker run --name mynginx -d -p 80:80 xiejc/my_nginx nginx c9d913c04164e9424391494587b996070420ca1bfebf6922b6512333939bd803 说明: 80:80 前面的80是宿主机的80端口 nginx 后面的nginx是运行的命令 ~]# docker run --name mynginx -d -p 80:80/udp xiejc/my_nginx nginx #指定udp协议 ~]# docker run --name mynginx -d -p 118.190.201.68:80:80 xiejc/my_nginx nginx #绑定IP映射 [root@node01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c9d913c04164 xiejc/my_nginx "nginx" 5 seconds ago Up 3 seconds 0.0.0.0:80->80/tcp mynginx
2.Docker网络基础入门篇
2.1Docker之间的互联
#运行容器web1 [root@node01 ~]# docker run --name web1 -d -p 80:80 xiejc/my_nginx nginx #运行web2与web1互连 [root@node01 ~]# docker run --name web2 -d --link web1 -p 8080:80 xiejc/my_nginx nginx #进入容器查看 [root@node01 ~]# docker exec -it web2 sh sh-4.2# cat /etc/host host.conf hostname hosts hosts.allow hosts.deny sh-4.2# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 web1 6f8f29c34799 172.17.0.3 aaee458a4bab sh-4.2# ping web1 PING web1 (172.17.0.2) 56(84) bytes of data. 64 bytes from web1 (172.17.0.2): icmp_seq=1 ttl=64 time=0.291 ms 64 bytes from web1 (172.17.0.2): icmp_seq=2 ttl=64 time=0.106 ms #预防前端容器名更换方式 [root@node01 ~]# docker rm web2 [root@node01 ~]# docker run -d --name web2 --link web1:shop_web -p 8080:80 xiejc/my_nginx nginx [root@node01 ~]# docker exec -it web2 sh sh-4.2# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 shop_web 6f8f29c34799 web1 ##shop_web为别名 172.17.0.3 a3b659f0bc18
2.2Docker网络模式
[root@node01 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 9bb56067e2b3 bridge bridge local b09acd205beb host host local b6da18a07cb0 none null local [root@node01 ~]# docker run -it --rm --net=host nginx 2018/07/08 20:59:22 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) 说明: nginx容器默认启动80端口,因为采用host这种网络方式,默认网络走的是本地的,而本地的80端口被占用了,优势:网络性能最高,直接走 网卡,不用内核转换 [root@node01 ~]# docker run -it --rm --net=none alpine sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever / # 说明: 采用none模式只有lo回环地址,需要配置相应的网络才能访问
2.3Docker实现跨主机互联
实现跨主机之间互联,保证两台主机之间能够通信
#修改主机node1 [root@node01 ~]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd-current --bip=172.18.42.1/16 \ ##绑定IP-18网段 [root@node01 ~]# systemctl daemon-reload #修改主机node2 [root@node02 ~]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd-current --bip=172.17.42.1/16 \ ##绑定IP-17网段 [root@node02 ~]# systemctl daemon-reload [root@node02 ~]# systemctl restart docker #进行互ping #node1上 [root@node01 ~]# ping 118.190.201.38 PING 118.190.201.38 (118.190.201.38) 56(84) bytes of data. 64 bytes from 118.190.201.38: icmp_seq=1 ttl=64 time=0.762 ms #node2上 [root@node02 ~]# ping 118.190.201.68 PING 118.190.201.68 (118.190.201.68) 56(84) bytes of data. 64 bytes from 118.190.201.68: icmp_seq=1 ttl=64 time=0.726 ms #创建容器 #node01 [root@node01 ~]# docker run -it --name node01 centos bash [root@c6fd1c799215 /]# yum install -y net-tools [root@c6fd1c799215 /]# ping 172.17.0.1 #互ping不通 PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data. ctrl+p+q退出 #node02 [root@node02 ~]# docker run -it --name node02 centos bash [root@7cc9525eeb25 /]# yum install net-tools -y [root@789f53b79937 /]# ping 172.18.0.1 #互ping不通 PING 172.18.0.1 (172.18.0.1) 56(84) bytes of data. ctrl+p+q退出 #添加路由 [root@node01 ~]# route add -net 172.17.42.0/24 gw 118.190.201.38 [root@node02 ~]# route add -net 172.18.42.0/24 gw 118.190.201.68 [root@node02 ~]# docker exec -it node02 bash [root@789f53b79937 /]# ping 172.18.42.1 PING 172.18.42.1 (172.18.42.1) 56(84) bytes of data. 64 bytes from 172.18.42.1: icmp_seq=1 ttl=63 time=1.12 ms
3.Docker数据管理
Docker数据类型分为两种:①数据卷(挂载) ②数据卷容器
3.1数据卷
数据卷可以在多个容器相互共享使用,对数据卷里的数据进行更改容器里会立即生效,数据卷的更新会影响镜像本身,数据卷会一直存在,删除数据卷命令docker rm -fv xxx,存放在默认目录/var/lib/docker下
数据卷是一个可以提供容器使用的特殊目录,它将主机操作系统目录直接映射进容器,类似于linux 中的mount操作。
数据卷可以有很多有用的特性
- 数据卷可以再容器之间共享和重用,容器间传递数据将变得高效方便
- 对数据卷内数据的修改会立马生效,无论是容器内操作还是本地操作
- 对数据卷的更新不会影响镜像,解耦了应用和数据
- 卷会一直存在,直到没有容器使用,才可以安全的卸载它
#根映射到容器data目录 [root@node01 ~]# docker run -it --name node --rm -v /data centos bash [root@836615bd9584 /]# df -h #对目录进行挂载 [root@node01 ~]# cd /opt/ [root@node01 opt]# ls [root@node01 opt]# touch docker_test [root@node01 opt]# docker run -it --name node --rm -v /opt/:/opt/ centos bash [root@974dc269ced0 /]# ls /opt/ docker_test [root@974dc269ced0 /]# touch /opt/john #宿主机查看 [root@node01 ~]# ls /opt/ docker_test john #对文件的挂载 [root@node01 opt]# docker run -it --name node --rm -v /etc/hosts:/opt/hosts:ro centos bash #只读 [root@1d4dc8243e21 /]# cd /opt/ [root@1d4dc8243e21 opt]# ls hosts [root@1d4dc8243e21 opt]# cat hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 注意: 没有需求不用进行修改,INODE会改变
3.2数据卷容器
数据卷容器归根到本质还是个容器,但是他的目的是专门用来提供数据卷到其他容器挂载
[root@node01 opt]# docker run -it --name node -v /opt/:/opt/ centos bash [root@ce2d5e60b0d3 /]# ctrl+p+q退出 [root@node01 opt]# docker run -it --name node01 --volumes-from node centos bash [root@7114e2b3ba03 /]# df -h Filesystem Size Used Avail Use% Mounted on overlay 27G 2.7G 25G 10% / tmpfs 993M 0 993M 0% /dev tmpfs 993M 0 993M 0% /sys/fs/cgroup /dev/mapper/centos-root 27G 2.7G 25G 10% /opt shm 64M 0 64M 0% /dev/shm tmpfs 993M 0 993M 0% /proc/scsi tmpfs 993M 0 993M 0% /sys/firmware [root@7114e2b3ba03 /]# ls /opt/ docker_test john #node作为数据卷容器的容器可以停了 [root@node01 opt]# docker stop node node [root@node01 opt]# docker exec -it node01 bash [root@7114e2b3ba03 /]# cd /opt/ [root@7114e2b3ba03 opt]# ls docker_test john [root@7114e2b3ba03 opt]# touch cc [root@7114e2b3ba03 opt]# ctrl+p+q退出 [root@node01 opt]# [root@node01 opt]# ls cc docker_test john #删除容器文件 [root@node01 opt]# docker exec -it node01 bash [root@7114e2b3ba03 /]# cd /opt/ [root@7114e2b3ba03 opt]# ls cc docker_test john [root@7114e2b3ba03 opt]# rm -f cc [root@7114e2b3ba03 opt]# ls docker_test john #彻底删除数据 [root@node01 opt]# docker rm -fv node01 node01 说明: 加-v创建的数据卷一定要加-v参数进行删除
4.Docker镜像构建和Dockerfile
https://hub.docker.com/_/centos/
[root@node01 docker]# vim Dockerfile #This is dockerfile for nginx #基于centos构建属于你自己的镜像 FROM centos #维护者的信息 MAINTAINER xiejc 44306096@qq.com #相关操作默认没有wget命令 RUN rpm -ivh https://mirrors.aliyun.com/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm RUN yum install -y nginx #添加文件把index.html文件添加到nginx/html目录,index.html与Dockerfile文件同级 ADD index.html /usr/share/nginx/html/index.html #参数 RUN echo "daemon off;" >>/etc/nginx/nginx.conf #设置开放端口 EXPOSE 80 #执行命令容器启动默认执行的命令 CMD ["nginx"] #index.html文件 [root@node01 docker]# ls Dockerfile index.html [root@node01 docker]# cat index.html <h1>This is Dockerfile test</h1> #调用Dockerfile [root@node01 docker]# docker build -t xiejc/nginx /root/docker/ ##添加版本一般nginx不用 docker build -t xiejc/nginx:v1 /root/docker/ ---> 7fffb2a3b1ed Removing intermediate container 656710e33345 Successfully built 7fffb2a3b1ed [root@node01 docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE xiejc/nginx latest 7fffb2a3b1ed About a minute ago 417 MB #启动容器 [root@node01 docker]# docker run -it --rm xiejc/nginx #curl测试打开新窗口 [root@node01 ~]# docker inspect ee39a1d31531 [root@node01 ~]# curl 172.18.0.1 <h1>This is Dockerfile test</h1>
5.Docker单机编排工具compose
如一个应用依赖于数据库,此时需要数据库启动应用才能正常运行,在或者依赖与web接口或者redis等服务,所有要一台台解决比较麻烦,docker官方推出了一个编排工具compose
#安装 [root@node01 ~]# yum install -y python-pip [root@node01 ~]# pip install docker-compose #docker-compose参数讲解 https://docs.docker.com/compose/reference/overview/ #查看版本 [root@node01 ~]# docker-compose version docker-compose version 1.21.2, build a133471 docker-py version: 3.4.1 CPython version: 2.7.5 OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 #查看帮助 [root@node01 ~]# docker-compose --help [root@node01 compose]# vim docker-compose.yml web1: image: nginx expose: - 80 web2: image: nginx expose: - 80 haproxy: image: haproxy volumes: - /opt/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg links: - web1 - web2 ports: - "7777:1080" - "80:80" #haproxy文件内容 [root@node01 opt]# cat haproxy.cfg global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 defaults log global mode http option httplog option dontlognull timeout connect 5000ms timeout client 5000ms timeout server 5000ms listen stats bind 0.0.0.0:1080 mode http stats enable stats hide-version stats uri /stats stats auth admin:admin frontend balance bind 0.0.0.0:80 default_backend web_backends backend web_backends mode http option forwardfor balance roundrobin server web1 web1:80 check server web2 web2:80 check #启动 [root@node01 compose]# pwd /root/compose [root@node01 compose]# docker-compose up #查看进程 [root@node01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e58263117074 haproxy "/docker-entrypoin..." 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:7777->1080/tcp compose_haproxy_1 11e4c0e1abf4 nginx "nginx -g 'daemon ..." 6 minutes ago Up 6 minutes 80/tcp compose_web1_1 f9d8373e2115 nginx "nginx -g 'daemon ..." 6 minutes ago Up 6 minutes 80/tcp compose_web2_1 #进入容器 [root@node01 ~]# docker exec -it compose_web1_1 sh # cd /usr/share/nginx/html # echo "node01 page" >index.html # cat index.html node01 page # #浏览器访问 http://118.190.201.68:7777/stats 账号admin 密码admin
如无特殊说明,文章均为本站原创,转载请注明出处
- 转载请注明来源:Docker系列三之基础操作实践
- 本文永久链接地址:https://www.xionghaier.cn/archives/484.html
该文章由 John 发布
