Docker 是一个开源的应用容器引擎,主要利用 linux 内核 namespace 实现沙盒隔离,用
cgroup 实现资源限制
1.下载docker安装包和依赖包
[root@server1 ~]# ls ##安装包在docker目录内
docker
[root@server1 ~]# cd docker/
[root@server1 docker]# ls
containerd.io-1.2.5-3.1.el7.x86_64.rpm
container-selinux-2.21-1.el7.noarch.rpm
docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
docker-ce-18.06.1.ce-3.el7.x86_64.rpm
docker-ce-18.09.5-3.el7.x86_64.rpm
docker-ce-cli-18.09.5-3.el7.x86_64.rpm
libsemanage-2.5-8.el7.x86_64.rpm
libsemanage-python-2.5-8.el7.x86_64.rpm
pigz-2.3.4-1.el7.x86_64.rpm
policycoreutils-2.5-17.1.el7.x86_64.rpm
policycoreutils-python-2.5-17.1.el7.x86_64.rpm
2.安装docker和依赖包
(使用docker-ce-18.06.1.ce-3.el7.x86_64.rpm这个版本的,删除其余版本的安装包)
[root@server1 docker]# rm -fr containerd.io-1.2.5-3.1.el7.x86_64.rpm docker-ce-18.09.5-3.el7.x86_64.rpm docker-ce-cli-18.09.5-3.el7.x86_64.rpm docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
[root@server1 docker]# ls
container-selinux-2.21-1.el7.noarch.rpm
docker-ce-18.06.1.ce-3.el7.x86_64.rpm
libsemanage-2.5-8.el7.x86_64.rpm
libsemanage-python-2.5-8.el7.x86_64.rpm
pigz-2.3.4-1.el7.x86_64.rpm
policycoreutils-2.5-17.1.el7.x86_64.rpm
policycoreutils-python-2.5-17.1.el7.x86_64.rpm
[root@server1 docker]# yum install -y *
3.开启docker,可查看信息
[root@server1 docker]# systemctl start docker
[root@server1 docker]# docker info
4.将镜像game2048.tar导入到docker
[root@server1 ~]# docker load -i game2048.tar
011b303988d2: Loading layer 5.05MB/5.05MB
36e9226e74f8: Loading layer 51.46MB/51.46MB
192e9fad2abc: Loading layer 3.584kB/3.584kB
6d7504772167: Loading layer 4.608kB/4.608kB
88fca8ae768a: Loading layer 629.8kB/629.8kB
Loaded image: game2048:latest
5.查看镜像,可以看到刚才导入的镜像game2048
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 2 years ago 55.5MB
[root@server1 ~]# docker run -d -p 80:80 --name vm1 game2048
a925d243e85f8a2289231555411c4510033f6f85231ee31093ba57c6b25a93aa
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a925d243e85f game2048 "/bin/sh -c 'sed -i …" 7 seconds ago Up 7 seconds 0.0.0.0:80->80/tcp, 443/tcp vm1
6.浏览器访问http://172.25.8.1/ 可以看到2048小游戏上线了
1.安装docker和依赖包(之前已经安装完成)
2.往docker中导入ubuntu镜像
[root@server1 ~]# ls
docker game2048.tar nginx.tar rhel7.tar ubuntu.tar
[root@server1 ~]# docker load -i ubuntu.tar
56abdd66ba31: Loading layer 196.8MB/196.8MB
9468150a390c: Loading layer 208.9kB/208.9kB
11083b444c90: Loading layer 4.608kB/4.608kB
5f70bf18a086: Loading layer 1.024kB/1.024kB
Loaded image: ubuntu:latest
3.查看docker中的镜像
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 2 years ago 55.5MB
ubuntu latest 07c86167cdc4 3 years ago 188MB
4.运行ubuntu
[root@server1 ~]# docker run -it --name vm2 ubuntu
5.docker中与物理机共用一个内核
root@665db1d5ab4a:/# uname -r
3.10.0-514.el7.x86_64
[root@server1 ~]# uname -r
3.10.0-514.el7.x86_64
6.查看docker中ubuntu系统的ip是:172.17.0.3
9.docker所在虚拟机server1有docker0。IP是:172.17.0.1
10.安装bridge-utils
[root@foundation8 ~]# which brctl
/usr/sbin/brctl
[root@foundation8 ~]# rpm -qf /sbin/brctl
bridge-utils-1.5-9.el7.x86_64
[root@server1 ~]# yum install -y bridge-utils-1.5-9.el7.x86_64
11.查看
[root@server1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242f32e806c no vethb74fb69
vethc8b42c5
[root@server1 ~]# sysctl -a | grep ip_for
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
12.查看端口转发,数据只能从server1(docker)80端口进入,转发到172.17.0.2的80端口
[root@server1 ~]# iptables -t nat -nL
[root@server1 ~]# docker ps