云计算day06-Docker容器

文章目录

    • 1. 容器知识点回顾
    • 2. docker常用指令
    • 3. docker镜像的分层(kvm 链接克隆,写时复制的特性)
    • 4. 容器间的互联(--link 是单方向的!)
      • 4.1 docker部署zabbix监控
      • 4.2 监控服务
    • 5. docker registry(私有仓库)
      • 5.1普通的registry
      • 5.2 带basic认证的registry
      • 6. docker-compose(单机版的容器编排工具)

1. 容器知识点回顾

容器是什么?

容器就是在隔离的环境中运行的一个进程.


容器的优势:   轻量,损耗少,启动快,性能高


docker:  软件的打包技术


#docker镜像:

docker  search

docker  pull

docker  push

docker  image ls  == docker  images

docker  rmi  == docker  image  rm

docker save  

docker  load

docker  import

docker  image  build

docker image   history

docekr  tag,  docker image tag 1e7f1b941c12 alpine:latest



#docker容器:

docker   ps

docker  run

docker   rm

docker  stop

docker  start

docker restart

docker  kill

docker exec

docker attach

docker cp

docker  logs

docker commit


import  导入镜像

export  把容器导出为镜像


#dockerfile指令:

FROM

ADD

RUN

EXPOSE

WORKDIR

CMD

COPY
LABEL   version=1.16

2. docker常用指令

云计算day06-Docker容器_第1张图片

docker volume ls

docker run -d -p 88:80 --volumes-from 0017aae5b068  kod:v6

3. docker镜像的分层(kvm 链接克隆,写时复制的特性)

云计算day06-Docker容器_第2张图片

镜像分层的好处:复用,节省磁盘空间,相同的内容只需加载一份到内存。
修改dockerfile之后,再次构建速度快

dockerfile 优化:

1:尽可能选择体积小linux,alpine

2:尽可能合并RUN指令,清理无用的文件(yum缓存,源码包)

3:修改dockerfile,把变化的内容尽可能放在dockerfile结尾

4: 使用.dockerignore,减少不必要的文件ADD .   /html

云计算day06-Docker容器_第3张图片
云计算day06-Docker容器_第4张图片
云计算day06-Docker容器_第5张图片

云计算day06-Docker容器_第6张图片
云计算day06-Docker容器_第7张图片

4. 容器间的互联(–link 是单方向的!)

hosts解析

云计算day06-Docker容器_第8张图片


[root@docker01 kod]# docker run -d  --name nginx centos6.9_nginx:v1 nginx -g 'daemon off;'
[root@docker01 kod]# docker exec -it nginx /bin/bash
[root@fef3cf194be8 /]# hostname -I
172.17.0.2 
[root@docker01 kod]# docker run -it --link nginx:web centos6.9_nginx:v1 /bin/bash
[root@969c228864f2 /]# ping web
PING web (172.17.0.2) 56(84) bytes of data.
64 bytes from web (172.17.0.2): icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from web (172.17.0.2): icmp_seq=2 ttl=64 time=0.120 ms
^C
--- web ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1288ms
rtt min/avg/max/mdev = 0.118/0.119/0.120/0.001 ms
[root@969c228864f2 /]# cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.2	web fef3cf194be8 nginx

4.1 docker部署zabbix监控

上传需要的tar包云计算day06-Docker容器_第9张图片

#上传后校验md5值
ls *.tar.gz|xargs md5sum

for n in `ls *.tar.gz`;do docker load -i $n  ;done

docker run --name mysql-server -it \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -d mysql:5.7 \
      --character-set-server=utf8 --collation-server=utf8_bin

docker run --name zabbix-java-gateway -t \
      -d zabbix/zabbix-java-gateway:latest

docker run --name zabbix-server-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
      --link mysql-server:mysql \
      --link zabbix-java-gateway:zabbix-java-gateway \
      -p 10051:10051 \
      -d zabbix/zabbix-server-mysql:latest

docker run --name zabbix-web-nginx-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      --link mysql-server:mysql \
      --link zabbix-server-mysql:zabbix-server \
      -p 80:80 \
      -d zabbix/zabbix-web-nginx-mysql:latest


#zabbix的默认监控密码
Admin:zabbix

云计算day06-Docker容器_第10张图片

4.2 监控服务

zabbix-agent客户端软件包下载链接_提取码: y7ri

开启另外一台docker宿主机 10.0.0.12

云计算day06-Docker容器_第11张图片云计算day06-Docker容器_第12张图片云计算day06-Docker容器_第13张图片

上传zabbix-agent的软件包:
[root@docker02 ~]# hostname -I
10.0.0.12 172.17.0.1 
[root@docker02 ~]# ls zabbix-agent-3.2.0-1.el7.x86_64.rpm 
zabbix-agent-3.2.0-1.el7.x86_64.rpm

安装zabbix-agent客户端:
[root@docker02 ~]# rpm -ivh zabbix-agent-3.2.0-1.el7.x86_64.rpm
warning: zabbix-agent-3.2.0-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:zabbix-agent-3.2.0-1.el7         ################################# [100%]

修改zabbix-agent.conf配置文件中指定的服务端IP:
[root@docker02 ~]# egrep '^Server' /etc/zabbix/zabbix_agentd.conf 
Server=10.0.0.11
ServerActive=127.0.0.1

重启zabbix-agent服务
[root@docker02 ~]# systemctl restart zabbix-agent.service 


在10.0.0.11 上重启docker的zabbix服务端容器,数据能够加速被监控上
[root@docker01 ~]# docker restart zabbix-server-mysql 
zabbix-server-mysql

云计算day06-Docker容器_第14张图片

5. docker registry(私有仓库)

强哥的文档—docker私有仓库registry的使用

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry

上传镜像到私有仓库:
a:给镜像打标签
docker  tag centos6-sshd:v3 10.0.0.11:5000/centos6-sshd:v3
b:上传镜像
docker push 10.0.0.11:5000/centos6-sshd:v3

如果遇到报错:
The push refers to repository [10.0.0.11:5000/centos6.9_ssh]
Get https://10.0.0.11:5000/v2/: http: server gave HTTP response to HTTPS client

解决方法:
vim  /etc/docker/daemon.json
{
  "insecure-registries": ["10.0.0.11:5000"]
}
systemctl restart docker

5.1普通的registry

registry软件包下载链接_提取码: fy19

在10.0.0.11上导入私有仓库的配置文件
[root@docker01 opt]# docker load -i registry.tar.gz 
[root@docker01 opt]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry
a958c7b6817dc8d38ba175c12e8a2452668a9b68b1fe9846e46004ee26646608


#上传镜像到私有仓库
[root@docker02 ~]# docker pull daocloud.io/huangzhichong/alpine-cn:latest
[root@docker02 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             SIZE
nginx                                 latest              be1f31be9a87        11 months ago       109MB
daocloud.io/huangzhichong/alpine-cn   latest              e8289dcc1d4b        2 years ago         3.98MB


给镜像打标签:
[root@docker02 ~]# docker tag e8289dcc1d4b 10.0.0.11:5000/alpine:latest
[root@docker02 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             SIZE
nginx                                 latest              be1f31be9a87        11 months ago       109MB
10.0.0.11:5000/alpine                 latest              e8289dcc1d4b        2 years ago         3.98MB
daocloud.io/huangzhichong/alpine-cn   latest              e8289dcc1d4b        2 years ago         3.98MB


上传镜像:
[root@docker02 ~]# docker push 10.0.0.11:5000/alpine:latest 
The push refers to repository [10.0.0.11:5000/alpine]
Get https://10.0.0.11:5000/v2/: dial tcp 10.0.0.11:5000: connect: connection refused


第一次报错后添加下面的配置:
[root@docker02 ~]# vim  /etc/docker/daemon.json
{
  "insecure-registries": ["10.0.0.11:5000"]
}


重启docker
[root@docker02 ~]# systemctl restart docker

再次上传镜像成功
[root@docker02 ~]# docker push 10.0.0.11:5000/alpine:latest 
The push refers to repository [10.0.0.11:5000/alpine]
78cd8c87ab42: Pushed 
60ab55d3379d: Pushed 
latest: digest: sha256:d438c876bc7cbfe7732ca1c9a689cc3c24e15f2492ba6270d55f0a8984f96078 size: 735

#再上传一个nginx的镜像
打标签
[root@docker02 ~]# docker tag be1f31be9a87 10.0.0.11:5000/nginx:latest

上传镜像
[root@docker02 ~]# docker push 10.0.0.11:5000/nginx
The push refers to repository [10.0.0.11:5000/nginx]
92b86b4e7957: Pushed 
94ad191a291b: Pushed 
8b15606a9e3e: Pushed 
latest: digest: sha256:204a9a8e65061b10b92ad361dd6f406248404fe60efd5d6a8f2595f18bb37aad size: 948

5.2 带basic认证的registry

yum install httpd-tools -y
mkdir /opt/registry-var/auth/ -p
htpasswd  -Bbn oldboy 123456  >> /opt/registry-var/auth/htpasswd

docker run -d -p 5000:5000 --restart=always -v /opt/registry-var/auth/:/auth/   -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e  "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry 

#账号密码为oldboy 123456

[root@docker02 ~]# docker login 10.0.0.11:5000
Username: oldboy
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker02 ~]# cat /root/.docker/config.json 
{
	"auths": {
		"10.0.0.11:5000": {
			"auth": "b2xkYm95OjEyMzQ1Ng=="
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/19.03.1 (linux)"
	}
}[root@docker02 ~]# 

删除仓库的镜像

6. docker-compose(单机版的容器编排工具)

ansible剧本

yum install -y docker-compose(需要epel源)

cd my_wordpress/
vi docker-compose.yml

version: '3'
​
services:
   db:
     image: mysql:5.7
     volumes:
       - db_data:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: somewordpress
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress
​
   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     volumes:
       - web_data:/var/www/html
     ports:
       - "80:80"
     restart: always
     environment:
       WORDPRESS_DB_HOST: db
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress
volumes:
    db_data:
    web_data:
 

#启动
docker-compose up
#后台启动
docker-compose up -d

你可能感兴趣的:(云计算,docker容器)