云计算day06-Docker容器
文章目录
- 1. 容器知识点回顾
- 2. docker常用指令
- 3. docker镜像的分层(kvm 链接克隆,写时复制的特性)
- 4. 容器间的互联(--link 是单方向的!)
- 4.1 docker部署zabbix监控
- 4.2 监控服务
- 5. docker registry(私有仓库)
- 5.1普通的registry
- 5.2 带basic认证的registry
- 6. docker-compose(单机版的容器编排工具)
1. 容器知识点回顾
容器是什么?
容器就是在隔离的环境中运行的一个进程.
容器的优势: 轻量,损耗少,启动快,性能高
docker: 软件的打包技术
#docker镜像:
docker search
docker pull
docker push
docker image ls == docker images
docker rmi == docker image rm
docker save
docker load
docker import
docker image build
docker image history
docekr tag, docker image tag 1e7f1b941c12 alpine:latest
#docker容器:
docker ps
docker run
docker rm
docker stop
docker start
docker restart
docker kill
docker exec
docker attach
docker cp
docker logs
docker commit
import 导入镜像
export 把容器导出为镜像
#dockerfile指令:
FROM
ADD
RUN
EXPOSE
WORKDIR
CMD
COPY
LABEL version=1.16
2. docker常用指令
docker volume ls
docker run -d -p 88:80 --volumes-from 0017aae5b068 kod:v6
3. docker镜像的分层(kvm 链接克隆,写时复制的特性)
镜像分层的好处:复用,节省磁盘空间,相同的内容只需加载一份到内存。
修改dockerfile之后,再次构建速度快
dockerfile 优化:
1:尽可能选择体积小linux,alpine
2:尽可能合并RUN指令,清理无用的文件(yum缓存,源码包)
3:修改dockerfile,把变化的内容尽可能放在dockerfile结尾
4: 使用.dockerignore,减少不必要的文件ADD . /html
4. 容器间的互联(–link 是单方向的!)
hosts解析
[root@docker01 kod]# docker run -d --name nginx centos6.9_nginx:v1 nginx -g 'daemon off;'
[root@docker01 kod]# docker exec -it nginx /bin/bash
[root@fef3cf194be8 /]# hostname -I
172.17.0.2
[root@docker01 kod]# docker run -it --link nginx:web centos6.9_nginx:v1 /bin/bash
[root@969c228864f2 /]# ping web
PING web (172.17.0.2) 56(84) bytes of data.
64 bytes from web (172.17.0.2): icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from web (172.17.0.2): icmp_seq=2 ttl=64 time=0.120 ms
^C
--- web ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1288ms
rtt min/avg/max/mdev = 0.118/0.119/0.120/0.001 ms
[root@969c228864f2 /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 web fef3cf194be8 nginx
4.1 docker部署zabbix监控
上传需要的tar包
#上传后校验md5值
ls *.tar.gz|xargs md5sum
for n in `ls *.tar.gz`;do docker load -i $n ;done
docker run --name mysql-server -it \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-d mysql:5.7 \
--character-set-server=utf8 --collation-server=utf8_bin
docker run --name zabbix-java-gateway -t \
-d zabbix/zabbix-java-gateway:latest
docker run --name zabbix-server-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
--link mysql-server:mysql \
--link zabbix-java-gateway:zabbix-java-gateway \
-p 10051:10051 \
-d zabbix/zabbix-server-mysql:latest
docker run --name zabbix-web-nginx-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
--link mysql-server:mysql \
--link zabbix-server-mysql:zabbix-server \
-p 80:80 \
-d zabbix/zabbix-web-nginx-mysql:latest
#zabbix的默认监控密码
Admin:zabbix
4.2 监控服务
zabbix-agent客户端软件包下载链接_提取码: y7ri
开启另外一台docker宿主机 10.0.0.12
上传zabbix-agent的软件包:
[root@docker02 ~]# hostname -I
10.0.0.12 172.17.0.1
[root@docker02 ~]# ls zabbix-agent-3.2.0-1.el7.x86_64.rpm
zabbix-agent-3.2.0-1.el7.x86_64.rpm
安装zabbix-agent客户端:
[root@docker02 ~]# rpm -ivh zabbix-agent-3.2.0-1.el7.x86_64.rpm
warning: zabbix-agent-3.2.0-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:zabbix-agent-3.2.0-1.el7 ################################# [100%]
修改zabbix-agent.conf配置文件中指定的服务端IP:
[root@docker02 ~]# egrep '^Server' /etc/zabbix/zabbix_agentd.conf
Server=10.0.0.11
ServerActive=127.0.0.1
重启zabbix-agent服务
[root@docker02 ~]# systemctl restart zabbix-agent.service
在10.0.0.11 上重启docker的zabbix服务端容器,数据能够加速被监控上
[root@docker01 ~]# docker restart zabbix-server-mysql
zabbix-server-mysql
5. docker registry(私有仓库)
强哥的文档—docker私有仓库registry的使用
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
上传镜像到私有仓库:
a:给镜像打标签
docker tag centos6-sshd:v3 10.0.0.11:5000/centos6-sshd:v3
b:上传镜像
docker push 10.0.0.11:5000/centos6-sshd:v3
如果遇到报错:
The push refers to repository [10.0.0.11:5000/centos6.9_ssh]
Get https://10.0.0.11:5000/v2/: http: server gave HTTP response to HTTPS client
解决方法:
vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.11:5000"]
}
systemctl restart docker
5.1普通的registry
registry软件包下载链接_提取码: fy19
在10.0.0.11上导入私有仓库的配置文件
[root@docker01 opt]# docker load -i registry.tar.gz
[root@docker01 opt]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
a958c7b6817dc8d38ba175c12e8a2452668a9b68b1fe9846e46004ee26646608
#上传镜像到私有仓库
[root@docker02 ~]# docker pull daocloud.io/huangzhichong/alpine-cn:latest
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest be1f31be9a87 11 months ago 109MB
daocloud.io/huangzhichong/alpine-cn latest e8289dcc1d4b 2 years ago 3.98MB
给镜像打标签:
[root@docker02 ~]# docker tag e8289dcc1d4b 10.0.0.11:5000/alpine:latest
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest be1f31be9a87 11 months ago 109MB
10.0.0.11:5000/alpine latest e8289dcc1d4b 2 years ago 3.98MB
daocloud.io/huangzhichong/alpine-cn latest e8289dcc1d4b 2 years ago 3.98MB
上传镜像:
[root@docker02 ~]# docker push 10.0.0.11:5000/alpine:latest
The push refers to repository [10.0.0.11:5000/alpine]
Get https://10.0.0.11:5000/v2/: dial tcp 10.0.0.11:5000: connect: connection refused
第一次报错后添加下面的配置:
[root@docker02 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.11:5000"]
}
重启docker
[root@docker02 ~]# systemctl restart docker
再次上传镜像成功
[root@docker02 ~]# docker push 10.0.0.11:5000/alpine:latest
The push refers to repository [10.0.0.11:5000/alpine]
78cd8c87ab42: Pushed
60ab55d3379d: Pushed
latest: digest: sha256:d438c876bc7cbfe7732ca1c9a689cc3c24e15f2492ba6270d55f0a8984f96078 size: 735
#再上传一个nginx的镜像
打标签
[root@docker02 ~]# docker tag be1f31be9a87 10.0.0.11:5000/nginx:latest
上传镜像
[root@docker02 ~]# docker push 10.0.0.11:5000/nginx
The push refers to repository [10.0.0.11:5000/nginx]
92b86b4e7957: Pushed
94ad191a291b: Pushed
8b15606a9e3e: Pushed
latest: digest: sha256:204a9a8e65061b10b92ad361dd6f406248404fe60efd5d6a8f2595f18bb37aad size: 948
5.2 带basic认证的registry
yum install httpd-tools -y
mkdir /opt/registry-var/auth/ -p
htpasswd -Bbn oldboy 123456 >> /opt/registry-var/auth/htpasswd
docker run -d -p 5000:5000 --restart=always -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
#账号密码为oldboy 123456
[root@docker02 ~]# docker login 10.0.0.11:5000
Username: oldboy
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker02 ~]# cat /root/.docker/config.json
{
"auths": {
"10.0.0.11:5000": {
"auth": "b2xkYm95OjEyMzQ1Ng=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.1 (linux)"
}
}[root@docker02 ~]#
删除仓库的镜像
6. docker-compose(单机版的容器编排工具)
ansible剧本
yum install -y docker-compose(需要epel源)
cd my_wordpress/
vi docker-compose.yml
version: '3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- web_data:/var/www/html
ports:
- "80:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
web_data:
#启动
docker-compose up
#后台启动
docker-compose up -d