一、Docker 基本操作 (环境:Centos7.2)
(1) 安装启动docker
yum -y install docker
systemctl start docker.service
systemctl enable docker.service
systemctl grep docker查看docker进程的状态
systemctl disable firewalld
[root@node1 ~]# docker version
Client:
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64
Go version: go1.7.4
Git commit: 88a4867/1.12.6
Built: Mon Jul 3 16:02:02 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64
Go version: go1.7.4
Git commit: 88a4867/1.12.6
Built: Mon Jul 3 16:02:02 2017
OS/Arch: linux/amd64
[root@node1 ~]#
[root@node1 ~]# docker info
docker create/start/stop/pause/unpause
(2) 拉取镜像
docker pull docker.io/registry
docker images 查看当前导入的镜像文件
(3) 运行容器
docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...]
docker run --name container_name -itd image_name 'command'
-it 表示交互模式
-d 后台进程模式
-rm 当容器运行完毕后就会自动删除
docker run -itd --name=n2 -p 80:80 docker.io/nginx '/bin/bash'
docker ps [-a]
(4) 容器数据持久化
docker run -itd --name c1 -p 80:80 -v /tmp/web:/var/www/html docker.io/ansible/centos7-ansible '/bin/bash'
docker exec来进入到到该容器中,或者attach重新连接容器的会话 (docker exec -it container_name command)
[root@localhost ~]# docker attach c1
[root@67cb25bb92be ansible]# ls /var/www/html/
ls: cannot open directory /var/www/html/: Permission denied
[root@67cb25bb92be ansible]#
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# docker attach c1
[root@67cb25bb92be ansible]# ls /var/www/html/
index.html
[root@67cb25bb92be ansible]#
[root@localhost ~]#
(5) 容器间的连接
docker run --name test1 --link myweb:web -it ubuntu /bin/bash
上面命令创建了一个新的容器test1。 这里引入了一个新的标记 --link,其参数部分的myweb表示要连接的容器,web是要连接的容器的别名。
例:--link name:alias
[root@localhost ~]# docker run -it --name n1 --link c1:centos docker.io/nginx '/bin/bash'
root@80dbefc24db7:/# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 centos 67cb25bb92be c1
172.17.0.3 80dbefc24db7
root@80dbefc24db7:/# ping centos
[root@localhost ~]# docker inspect --format '{{ .NetworkSettings.IPAddress }}' n1
172.17.0.3
(6) 容器间数据共享
[root@localhost ~]# docker run -it --name n2 --volumes-from c1 docker.io/ansible/centos7-ansible '/bin/bash'
[root@64f9e61cc100 ansible]# ls /var/www/html/
index.html
[root@64f9e61cc100 ansible]# echo "n2" > /var/www/html/n2.html
[root@64f9e61cc100 ansible]# ls /var/www/html/
index.html n2.html
[root@64f9e61cc100 ansible]# [root@localhost ~]#
[root@localhost ~]# docker attach c1
[root@67cb25bb92be ansible]# ls /var/www/html/
index.html n2.html
[root@67cb25bb92be ansible]# [root@localhost ~]#
[root@localhost ~]# ls /tmp/web/
index.html n2.html
[root@localhost ~]# cat /tmp/web/n2.html
n2
[root@localhost ~]#
(7) 端口映射
[root@localhost ~]# docker create -it --name=web03 -p 80:80 nginx
3e28f52bfd9a5156b9656a99adb3005e8f026555f95c705167977e1b4703cc72
[root@localhost ~]# docker start web03
web03
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e28f52bfd9a nginx "nginx -g 'daemon off" 19 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 443/tcp web03
49c788b78b75 nginx "nginx -g 'daemon off" 3 minutes ago Up 2 minutes 80/tcp, 443/tcp web02
[root@localhost ~]# netstat -tnlp
-P 随机端口映射
[root@docker ~]# docker run -d -P -v /web2/html:/usr/share/nginx/html --name web6 nginx
006d1043652b1fb002a627767ab5a5aa0bade98f17639fb5d1f17dfa9d77cea5
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
006d1043652b nginx:latest "nginx -g 'daemon of 15 seconds ago Up 15 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp web6
[root@docker ~]# elinks 192.168.100.100:32769 --dump
web2
(8) 标记镜像
docker tag old-image[:old-tag] new-image[:new-tag]
(9) 将容器设置为自动启动
[root@localhost ~]# docker run -itd --name n3 --restart always docker.io/nginx '/bin/bash'
56b582d9aa257d297d9fb40bb2b6a8373f6549480f7ed95f0408a51501e56c6b
[root@localhost ~]#
(10) 停止并删除容器
docker stop container_id
docker rm container_id
(11) 输出容器日志
docker logs
(12) 技巧用法
docker rm `docker ps -a -q`:删除所有容器
docker kill `docker ps -q`
docker rmi `docker images -q -a`
docker top :查看容器中运行的进程
docker diff :查看容器中的变化
docker inspect :查看容器详细信息(输出为Json)
-f:查找特定信息,如docker inspect -f '{{ .NetworkSettings.IPAddress }}'
sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID
列出所有绑定的端口:
docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
找出特殊的端口映射:
sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
获取配置信息:
sudo docker inspect --format='{{json .config}}' $INSTANCE_ID
docker inspect -f '{{.Id}}' cranky_pare
cp file.txt /var/lib/docker/aufs/mnt/**d8e703d7e3039a6df6d01bd7fb58d1882e592a85059eb16c4b83cf91847f88e5
ip addr 可以看到docker与真机联接的桥Docker0的IP
docker的日志文件写入到/var/log/message里
docker search image_name 命令可以搜索指定的镜像
docker pull image_name也可以下载并导入指定的镜像
docker load < local_image_file 导入本地镜像文件
二、docker 配置文件
docker配置文件/etc/sysconfig/docker
重要参数解释:
OPTIONS 用来控制Docker Daemon进程参数
-H 表示Docker Daemon绑定的地址, -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375
--registry-mirror表示Docker Registry的镜像地址--registry-mirror=http://4bc5abeb.m.daocloud.io
--insecure-registry表示(本地)私有Docker Registry的地址, --insecure-registry ${pivateRegistyHost}:5000
--selinux-enabled是否开启SELinux,默认开启 --selinux-enabled=true
-b 表示采用已经创建好的网桥, -b=xxx
OPTIONS=-H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375 --registry-mirror=http://4bc5abeb.m.daocloud.io --selinux-enabled=true
下面是代理的设置
http_proxy=xxxxx:8080
https_proxy=xxxxxx:8080
vi /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/docker daemon -H fd:// -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375 --registry-mirror=http://4bc5abeb.m.daocloud.io --selinux-enabled=true
[Service]
Environment="HTTP_PROXY=..."
Environment="HTTPS_PROXY=..."
Type=notify
ExecStart=/usr/bin/docker daemo
Docker有自动化的需求时,你可以将containerID输出到指定的文件中(PIDfile): --cidfile=""
Docker的容器是没有特权的,例如不能在容器中再启动一个容器。这是因为默认情况下容器是不能访问任何其它设备的。但是通过"privileged",容器就拥有了访问任何其它设备的权限。
三、网络管理
可参考:http://blog.chinaunix.net/uid-522675-id-4861366.html
Docker 默认指定了docker0接口的IP/netmask,让主机和容器之间可以通过网桥相互通信,它还给出了MTU(接口允许接收的最大传输单元1500 Bytes),或宿主机网络路由上支持的默认MTU。这些值都可以在服务启动的时候进行配置。
[root@master ~]# cat /etc/sysconfig/docker-network
# /etc/sysconfig/docker-network
DOCKER_NETWORK_OPTIONS="-b=bridge0"
修改文件 /etc/docker/daemon.json 添加内容 "bip": "ip/netmask" (切勿与宿主机同网段)
[root@node1 ~]# cat /etc/docker/daemon.json
{
"bip" : "192.168.2.1/24"
}
[root@node1 ~]# systemctl restart docker.service
利用OVS 实现多容器间通迅
(1) Openvswitch 的下载与安装 :
yum install -y bridge-utils wget
yum install -y python-six selinux-policy-devel gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool
wget http://openvswitch.org/releases/openvswitch-2.7.2.tar.gz
mkdir -p ~/rpmbuild/SOURCES
tar -zxvf openvswitch-2.7.2.tar.gz
cp openvswitch-2.7.2.tar.gz ~/rpmbuild/SOURCES/
ls /lib/modules/$(uname -r) -ln
rpmbuild -bb --without check openvswitch-2.7.2/rhel/openvswitch.spec
cd rpmbuild/RPMS/x86_64/
yum -y localinstall openvswitch-*
拓扑如下:
Master 172.16.170.10 docker 192.168.1.0/24
Node 172.16.170.20 docker 192.168.2.0/24
(2) docker master端配置如下
[root@master ~]# systemctl start openvswitch.service && systemctl enable openvswitch.service
[root@master ~]# ovs-vsctl add-br br0
[root@master ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: mtu 1500 qdisc fq state UP qlen 1000
link/ether 00:0c:29:97:92:e8 brd ff:ff:ff:ff:ff:ff
inet 172.16.170.10/24 brd 172.16.170.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe97:92e8/64 scope link
valid_lft forever preferred_lft forever
3: docker0: mtu 1500 qdisc noqueue state UP
link/ether 02:42:45:b7:c2:fd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:45ff:feb7:c2fd/64 scope link
valid_lft forever preferred_lft forever
5: vethcff8026@if4: mtu 1500 qdisc noqueue master docker0 state UP
link/ether 32:4a:f5:b7:33:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::304a:f5ff:feb7:33f7/64 scope link
valid_lft forever preferred_lft forever
6: ovs-system: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:ac:8e:a1:68:2b brd ff:ff:ff:ff:ff:ff
7: br0: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:ae:47:8e:30:4d brd ff:ff:ff:ff:ff:ff
[root@master ~]# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre option:remote_ip=172.16.170.20
[root@master ~]# ovs-vsctl show
4fe9a5b3-46ec-432c-a990-bb8e8fee96fe
Bridge "br0"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="172.16.170.20"}
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.7.2"
[root@master ~]# brctl addif docker0 br0
[root@master ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024245b7c2fd no br0
[root@master ~]# ip link set dev br0 up
[root@master ~]# ip link set dev docker0 up
[root@master ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: mtu 1500 qdisc fq state UP qlen 1000
link/ether 00:0c:29:97:92:e8 brd ff:ff:ff:ff:ff:ff
inet 172.16.170.10/24 brd 172.16.170.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe97:92e8/64 scope link
valid_lft forever preferred_lft forever
3: docker0: mtu 1500 qdisc noqueue state UP
link/ether 02:42:45:b7:c2:fd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:45ff:feb7:c2fd/64 scope link
valid_lft forever preferred_lft forever
5: vethcff8026@if4: mtu 1500 qdisc noqueue master docker0 state UP
link/ether 32:4a:f5:b7:33:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::304a:f5ff:feb7:33f7/64 scope link
valid_lft forever preferred_lft forever
6: ovs-system: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:ac:8e:a1:68:2b brd ff:ff:ff:ff:ff:ff
7: br0: mtu 1500 qdisc noqueue master docker0 state UNKNOWN qlen 1000
link/ether 82:ae:47:8e:30:4d brd ff:ff:ff:ff:ff:ff
inet6 fe80::80ae:47ff:fe8e:304d/64 scope link
valid_lft forever preferred_lft forever
8: gre0@NONE: mtu 1476 qdisc noop state DOWN qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
9: gretap0@NONE: mtu 1462 qdisc noop state DOWN qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: gre_sys@NONE: mtu 65490 qdisc fq master ovs-system state UNKNOWN qlen 1000
link/ether aa:3a:19:78:48:89 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a83a:19ff:fe78:4889/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]#
[root@master ~]# ip route add 192.168.2.0/24 dev docker0
[root@master ~]# docker run -itd --name c1 docker.io/centos '/bin/bash'
WARNING: IPv4 forwarding is disabled. Networking will not work.
a326fb2eae1ecf1c0b1a26b4b947f20eb44864fc5232e253b582c8c7bb50522a
[root@master ~]# vim /etc/sysctl.conf
[root@master ~]# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv4.ip_forward = 1
[root@master ~]#
(3) docker node端配置如下
[root@node1 ~]# systemctl start openvswitch.service && systemctl enable openvswitch.service
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no
[root@node1 ~]# ovs-vsctl add-br br0
[root@node1 ~]# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre option:remote_ip=172.16.170.10
[root@node1 ~]# brctl addif docker0 br0
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no br0
[root@node1 ~]#
[root@node1 ~]# ip link set dev br0 up
[root@node1 ~]# ip link set dev docker0 up
[root@node1 ~]# ip route add 192.168.1.0/24 dev docker0
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no br0
[root@node1 ~]# ovs-vsctl show
f0be12f7-1aa7-4b93-8d4f-5511b56efec7
Bridge "br0"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="172.16.170.10"}
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.7.2"
[root@node1 ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@node1 ~]# sysctl -p
[root@node1 ~]# docker run -itd --name c2 docker.io/centos '/bin/bash'
c9414017f86e6c362b9481ceffc658275b3557cf0991e84853066d4eccb37b0f
[root@node1 ~]#
(4) 测试
[root@node1 ~]# docker attach c941
[root@c9414017f86e /]# ping -c1 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=5.19 ms
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.194/5.194/5.194/0.000 ms
[root@c9414017f86e /]# ping -c1 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=63 time=2.74 ms
--- 192.168.1.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.742/2.742/2.742/0.000 ms
[root@c9414017f86e /]# ping -c1 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.051 ms
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms
[root@c9414017f86e /]# [root@node1 ~]#
四、私有仓库
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 751f286bc25e 3 weeks ago 33.19 MB
[root@master ~]# ls /registry/
[root@master ~]# docker run -d -p 5000:5000 -v /registry:/var/lib/registry --name registry_server registry
4eaa8bb4447641560e7445ca709a2a6e198adc183dcf7f4700fcca5fe5b50d2f
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4eaa8bb44476 registry "/entrypoint.sh /etc/" 6 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp registry_server
[root@master ~]#
[root@master ~]# curl http://172.16.170.10:5000/v2/search
404 page not found
[root@master ~]# curl http://172.16.170.10:5000/v2/_catalog
{"repositories":[]}
[root@master ~]#
[root@master ~]# vim /etc/sysconfig/docker
[root@master ~]# grep ^ADD /etc/sysconfig/docker
ADD_REGISTRY='--insecure-registry 172.16.170.10:5000'
[root@master ~]# systemctl restart docker.service
[root@master ~]# docker run -d -p 5000:5000 -v /registry:/var/lib/registry --name registry_server --restart=always registry
47b4df1618a35d19788994fff4054b7e998995f9903c197ef45e63aac447f750
[root@master ~]#
[root@node1 ~]# grep ^ADD /etc/sysconfig/docker
ADD_REGISTRY='--insecure-registry 172.16.170.10:5000'
[root@node1 ~]# systemctl restart docker.service
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Pushed
6bc90c4dba69: Pushed
latest: digest: sha256:4aa012b1460b1c5a025eb7c7e56c4035f66516e38c5c3b57f0e489cb663b28e4 size: 1147
格式必须是: docker push new-repo:tagName
[root@node1 ~]# curl http://172.16.170.10:5000/v2/_catalog
{"repositories":["kubernets-dashboard"]}
[root@node1 ~]#
[root@node1 ~]# docker search 172.16.170.10:5000/kubernets-dashboard:latest
Error response from daemon: Unexpected status code 404
[root@node1 ~]#
带有认证功能的私有仓库:
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47b4df1618a3 registry "/entrypoint.sh /etc/" 17 hours ago Up 8 minutes 0.0.0.0:5000->5000/tcp registry_server
[root@master ~]# docker stop registry_server
registry_server
[root@master ~]# docker rm registry_server
registry_server
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 751f286bc25e 3 weeks ago 33.19 MB
[root@master ~]# mkdir -p /opt/data/auth
[root@master ~]# docker run --entrypoint htpasswd registry:latest -Bbn dockerUser dockerPwd >> /opt/data/auth/htpasswd
[root@master ~]# ls /opt/data/auth/
htpasswd
[root@master ~]# cat /opt/data/auth/htpasswd
dockerUser:$2y$05$uT/PA/TpWvLYIlSYV.3JjufAd/HtcYKSlGNA0hkm5Vs2brgUG.1Aa
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@master ~]#
[root@master ~]# docker run -d -p 5000:5000 --restart=always -v /opt/data/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" -v /registry:/var/lib/registry registry:latest
995c98405ae2192b645350a853f15038081b421258bf7937101b43098df6b450
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
995c98405ae2 registry:latest "/entrypoint.sh /etc/" 4 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp angry_kalam
[root@master ~]#
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Preparing
6bc90c4dba69: Preparing
no basic auth credentials
[root@node1 ~]# docker login 172.16.170.10:5000
Username: dockerUser
Password:
Login Succeeded
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Pushed
6bc90c4dba69: Pushed
latest: digest: sha256:4aa012b1460b1c5a025eb7c7e56c4035f66516e38c5c3b57f0e489cb663b28e4 size: 1147
[root@node1 ~]# curl http://172.16.170.10:5000/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
[root@node1 ~]#
kubernetes secret的设置如下:
kubectl create secret docker-registry regsecret --docker-server=name.domain.com --docker-username=**** --docker-password=**** [email protected]
五、Images 管理
安装最小化系统,然后将系统制作成image
tar --numeric-owner --exclude=/proc --exclude=/sys -cvf centos7-base.tar
导入image并标记tag
docker import centos7-base.tar 172.16.170.10:5000/centos7-base:latest
如下
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest b8efb18f159b 2 weeks ago 107.5 MB
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker run -itd --name c1 docker.io/nginx '/bin/bash'
4d30aca011ec38380fc1cfba23582127c8d336f33eda116fa05b963bddd9755a
[root@node1 ~]# docker attach 4d30
root@4d30aca011ec:/# ls /usr/share/nginx/html/
50x.html index.html
root@4d30aca011ec:/# echo "Welcome to Yeecall company" > /usr/share/nginx/html/index.html
root@4d30aca011ec:/# nginx
root@4d30aca011ec:/# [root@node1 ~]#
[root@node1 ~]# docker inspect -f '{{ .NetworkSettings.IPAddress }}' c1
172.17.0.2
[root@node1 ~]# curl http://172.17.0.2
Welcome to Yeecall company
提交image
[root@node1 ~]# docker commit 4d30 172.16.170.10:5000/nginx:latest
sha256:7d5bf2507db41007d09cf491259aae0d947fd2c739bc4c40156b29b1ee5c28a7
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.170.10:5000/nginx latest 7d5bf2507db4 3 seconds ago 107.5 MB
docker.io/nginx latest b8efb18f159b 2 weeks ago 107.5 MB
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker push 172.16.170.10:5000/nginx
The push refers to a repository [172.16.170.10:5000/nginx]
3109d2b079eb: Pushed
af5bd3938f60: Pushed
29f11c413898: Pushed
eb78099fbf7f: Pushed
latest: digest: sha256:0ce18ab5e00b1cc12258e77e79626771666705381dad05cde597130509ea1e32 size: 1155
[root@node1 ~]#
客户端使用images:
[root@docker ~]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache100 /bin/bash -c "exec /usr/sbin/httpd -D FOREGROUND"
[root@docker ~]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache100 /bin/bash -c "/etc/init.d/httpd start; tail -f /var/log/messages"
六、Dockerfile创建自定义镜像
原理:按照Dockerfile定义创建一个临时容器,最后把容器commit,产生新的image
dockerfile关键字解释
FROM(指定基础image)
该指令有两种格式:FROM
FROM
MAINTAINER(用来指定镜像创建者信息)
格式:MAINTAINER
RUN(安装软件用)
该指令有两种格式:RUN /bin/sh -c
)
RUN ["executable", "param1", "param2" ... ] (exec form)
CMD(设置container启动时执行的操作)
该指令有三种格式:CMD ["executable","param1","param2"]
CMD command param1 param2 (as a shell)
当Dockerfile指定了ENTRYPOINT,那么使用下面的格式:
CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
ENTRYPOINT(设置container启动时执行的操作)
两种格式:ENTRYPOINT ["executable", "param1", "param2"] (like an exec, the preferred form)
ENTRYPOINT command param1 param2 (as a shell)
USER(设置container容器的用户)
格式:USER daemon
EXPOSE(指定容器需要映射到宿主机器的端口)
格式:EXPOSE
ENV(用于设置环境变量)
格式: ENV
ADD(从src复制文件到container的dest路径)
格式: ADD
VOLUME(指定挂载点))
格式: VOLUME ["
WORKDIR(切换目录)
格式: WORKDIR /path/to/workdir
ONBUILD(在子镜像中执行)
格式: ONBUILD
说明:Dockfile并不需要所有的关键字
实例:
[root@docker ~]# tree sshd_dockfile/
/root/sshd_dockfile/
├── authorized_keys
└── Dockerfile
[root@docker ~]# cd sshd_dockfile/
[root@docker sshd_dockfile]# cat Dockerfile
FROM centos6:latest
MAINTAINER docker sshd v1.0
RUN mkdir /root/.ssh
RUN chmod 700 /root/.ssh
RUN rm -rf /etc/yum.repos.d/*
RUN wget -P /etc/yum.repos.d/ http://192.168.100.100/yum.repo
RUN yum install -y openssh-server
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN mkdir /var/run/sshd
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
ADD authorized_keys /root/.ssh/authorized_keys
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
[root@docker sshd_dockfile]# docker build -t rhel-sshd .
........
[root@docker sshd_dockfile]# docker run -d -p 2222:22 --name web1 rhel-sshd
[root@docker sshd_dockfile]# netstat -anplt | grep :2222
tcp 0 0 :::2222 :::* LISTEN 10200/docker-proxy
测试登录
[root@docker sshd_dockfile]# ssh 192.168.100.100 -p 2222
实例2:apache
[root@docker apache_docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest 49f7960eb7e4 5 weeks ago 200 MB
[root@docker apache_dockfile]# pwd
/root/apache_dockfile
[root@docker apache_docker]# cat Dockerfile
# base image
FROM docker.io/centos
# MAINTAINER
MAINTAINER [email protected]
RUN yum install -y httpd
CMD ["systemctl start httpd"]
EXPOSE 80
[root@docker apache_docker]# docker build -t 192.168.20.79:5000/apache:v1 .
Sending build context to Docker daemon 2.048 kB
Step 1/5 : FROM docker.io/centos
---> 49f7960eb7e4
Step 2/5 : MAINTAINER [email protected]
---> Using cache
---> 064edac0b581
Step 3/5 : RUN yum install -y httpd
---> Running in c71b442a3ea7
.............
Complete!
---> 3e7f656fdb5b
Removing intermediate container c71b442a3ea7
Step 4/5 : CMD systemctl start httpd
---> Running in c45a6fcd91bd
---> b3729588fe62
Removing intermediate container c45a6fcd91bd
Step 5/5 : EXPOSE 80
---> Running in 6508fef6e199
---> c5fb48c808d4
Removing intermediate container 6508fef6e199
Successfully built c5fb48c808d4
[root@docker apache_docker]#
[root@docker apache_docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.20.79:5000/apache v1 c5fb48c808d4 2 minutes ago 314 MB
docker.io/centos latest 49f7960eb7e4 5 weeks ago 200 MB
[root@docker apache_dockfile]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache /bin/bash -c "exec /usr/sbin/httpd -D FOREGROUND"
测试:
[root@docker apache_dockfile]# elinks 192.168.100.100 --dump
web2