(1).查看内核
[kiosk@miaomiao yum.repos.d]$ uname -r
3.10.0-327.el7.x86_64
[kiosk@miaomiao yum.repos.d]$ cat /etc/os-release ##
NAME="Red Hat Enterprise Linux Server"
VERSION="7.2 (Maipo)" ##rhel7.2版本
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="7.2"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.2 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.2:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.2"
(2).docker 容器管理
# docker run -it --name vm1 ubuntu bash 创建容器
# docker ps -a 查看容器状态
# docker attach vm1 连接容器
# docker top vm1 查看容器进程
# docker logs vm1 查看容器指令输出 -f 参数可以实时查看
# docker inspect vm1 查看容器详情
# docker stats vm1 查看容器资源使用率
# docker diff vm1 查看容器修改# docker run -d --name vm1 ubuntu bash -c "while true; do echo westos; sleep 1; done" 后台运行
# docker stop vm1 停止容器
# docker start vm1 启动容器
# docker kill vm1 强制干掉容器
# docker restart vm1 重启容器
# docker pause/unpause vm1 暂停/恢复容器
# docker rm vm1 删除容器
# docker export vm1 > vm1.tar 导出容器
# docker import vm1.tar image 导入容器为镜像 image
[root@miaomiao Desktop]# docker load -i nginx.tar ##导入镜像
[root@miaomiao Desktop]# systemctl status docker ##查看docker状态
● docker.service - Docker Application Container Engine
Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2017-05-09 10:07:51 CST; 3h 14min ago
Docs: https://docs.docker.com
Main PID: 9896 (docker)
CGroup: /system.slice/docker.service
└─9896 /usr/bin/docker daemon -H fd:// --bip 192.168.0.222/24 --in...
May 09 11:15:40 miaomiao docker[9896]: time="2017-05-09T11:15:40.390826087+...d"
May 09 11:16:06 miaomiao docker[9896]: time="2017-05-09T11:16:06.564389245+...f"
May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.229044064+...0"
May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.275173249+...0"
May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988404710+...]"
May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988436872+...]"
May 09 11:29:58 miaomiao docker[9896]: time="2017-05-09T11:29:58.156325714+08...
May 09 11:31:20 miaomiao docker[9896]: time="2017-05-09T11:31:20.821704586+08...
May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206451035+...]"
May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206484521+...]"
Hint: Some lines were ellipsized, use -l to show in full.
(21).docker 参数
[root@miaomiao Desktop]# docker version ##版本
Client:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
[root@miaomiao Desktop]# docker images ##查看本地镜像
[root@miaomiao Desktop]# docker run -it --name vm0 ubuntu ##创建容器vm0
root@2f0275b71c7b:/#
root@2f0275b71c7b:/# [root@miaomiao Desktop]#docker attach vm0 ##'Ctrl + p +q'在后台运行,attach 连接容器
[root@miaomiao Desktop]# docker run -it ubuntu
root@b2e45a701946:/# [root@miaomiao Desktop]# docker ps -a ##查看容器状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b2e45a701946 ubuntu "/bin/bash" 17 seconds ago Up 14 seconds serene_ride
2f0275b71c7b ubuntu "/bin/bash" 10 minutes ago Up 58 seconds vm0
[root@miaomiao Desktop]# docker stop serene_ride
serene_ride
[root@miaomiao Desktop]# docker rm serene_ride
serene_ride
##commit ##更新镜像
[root@miaomiao backup]# docker run -it --name vm1 ubuntu
root@424c3479a001:/#
root@424c3479a001:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@424c3479a001:/# touch file{1..10}
root@424c3479a001:/# ls
bin dev file1 file2 file4 file6 file8 home lib64 mnt proc run ubuntu:v1 srv tmp var
boot etc file10 file3 file5 file7 file9 lib media opt root sbin sys usr
root@424c3479a001:/# [root@miaomiao backup]# docker commit vm1 ubuntu:v1 ##在ubuntu的v1版本上更新容器vm1
sha256:6d42725a81105bd6265b5d1d0e5e29cb64988c558f4566cafc5c0752c25015bc
[root@miaomiao backup]# docker history ubuntu ##查看ubuntu历史修改
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao backup]# docker history ubuntu:v1 ##查看ubuntu的v1版本历史修改
IMAGE CREATED CREATED BY SIZE COMMENT
6d42725a8110 About a minute ago /bin/bash 0 B ##原本4层,新加了一层,最多127层
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao backup]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 6d42725a8110 About a minute ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[root@miaomiao backup]# docker stop vm1
vm1
[root@miaomiao backup]# docker rm vm1
vm1
[root@miaomiao backup]# docker run -it --name vm2 ubuntu:v1 ##在ubuntu的v1版本上创建容器vm2,v1版本的数据会保存
root@005818c2d392:/#
root@005818c2d392:/# ls
bin dev file1 file2 file4 file6 file8 home lib64 mnt proc run srv tmp var
boot etc file10 file3 file5 file7 file9 lib media opt root sbin sys usr
root@005818c2d392:/#
[root@miaomiao Desktop]# docker attach vm0
root@2f0275b71c7b:/#
root@2f0275b71c7b:/# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
root@2f0275b71c7b:/# exit
exit
[root@miaomiao Desktop]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f0275b71c7b ubuntu "/bin/bash" 14 minutes ago Exited (0) 10 seconds ago
[root@miaomiao Desktop]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao Desktop]# docker commit vm0 ubuntu:v0 ##更新镜像ubuntu
sha256:1990c428381bc97798ff8a561a4948e185fe6678b7ec642041299a6e9dfb4e3d
[root@miaomiao Desktop]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v0 1990c428381b 29 seconds ago 187.9 MB
ubuntu v6 c106646cac34 3 hours ago 187.9 MB
ubuntu vm1 e152ab232884 3 hours ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[root@miaomiao Desktop]# docker history ubuntu:v0
IMAGE CREATED CREATED BY SIZE COMMENT
1990c428381b 5 minutes ago /bin/bash 13 B
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao Desktop]# docker run -it --name vm0 ubuntu:v0
[root@miaomiao Desktop]# docker run -d nginx ##-d后台运行
dc0256224c5e0d439dbfcf07d1b5ab5eb636f550b7d46a4432e527b43ffb1a35
[root@miaomiao Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc0256224c5e nginx "nginx -g 'daemon off" 18 seconds ago Up 16 seconds 80/tcp, 443/tcp drunk_franklin
2f0275b71c7b ubuntu "/bin/bash" 44 minutes ago Up 29 minutes vm0
[root@miaomiao Desktop]# for i in {1..5};do docker run -d nginx;done
a576e9dc0943342646c79188e4ac226fd8fc761ca573390ebb4fbb451754340a
ef2c0d97aef90d231c43e2f6b474e43565be694b777f205333a99e93f0af9501
6ffa5fd9abd3282a88c8c1f7d6e7c41a20067d73915ea81900dc31118d4ff92d
fe530950f5fb6f678291658bcd404e1a8aca095c53de6126b16d605d90d6717c
80664f333a75f83c1f8c4144a55ec6a98ef1dc4eeca031966e2b8e0d52955bf6
[root@miaomiao Desktop]# docker stop `docker ps -aq`
80664f333a75
fe530950f5fb
6ffa5fd9abd3
ef2c0d97aef9
a576e9dc0943
dc0256224c5e
2f0275b71c7b
[root@miaomiao Desktop]# docker rm `docker ps -aq`
80664f333a75
fe530950f5fb
[root@miaomiao Desktop]# docker cp ml vm0:/ ##复制本地文件ml到容器vm0的/目录下
[root@miaomiao Desktop]# docker attach vm0
root@fb7a26874f00:/# ls
bin dev home lib64 ml opt root sbin sys usr
boot etc lib media mnt proc run srv tmp var
root@fb7a26874f00:/# rm -fr ml
root@fb7a26874f00:/# [root@miaomiao Desktop]# docker attach v^C
[root@miaomiao Desktop]# docker logs vm0 ##查看容器指令输出 -f 参数可以实时查看,进入容器有所修改才会显示
root@fb7a26874f00:/#
root@fb7a26874f00:/# ls
bin dev home lib64 ml opt root sbin sys usr
boot etc lib media mnt proc run srv tmp var
root@fb7a26874f00:/# rm -fr ml
[root@miaomiao Desktop]# docker export -o vm0.tar vm0 ##将vm0容器输出为vm0.tar到当前目录
[root@miaomiao Desktop]# ll vm0.tar
-rw-r--r-- 1 root root 196854784 May 9 15:08 vm0.tar
[root@miaomiao Desktop]# docker save -o ubuntu.tar ubuntu:v0 ##将ubuntu:v0镜像输出为ubuntu.tar到当前目录
[root@miaomiao Desktop]# docker load -i ubuntu.tar ##容器输入ubuntu。tar镜像
[root@miaomiao Desktop]# save load export import^C
[root@miaomiao Desktop]# evince Docker学习笔记.pdf & ##evince 查看 &后台
[root@miaomiao Desktop]# docker run -d --name web -p 8000:80 nginx ##进来dnat,出去snat
在本地nginx镜像中将http的80端口伪装(映射)成8000端口
1bd84acbf617b572510cd6d102a38011052c6c70cc4cff5ea837c7d1959fac04
[root@miaomiao Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1bd84acbf617 nginx "nginx -g 'daemon off" 16 seconds ago Up 12 seconds 443/tcp, 0.0.0.0:8000->80/tcp web
fb7a26874f00 ubuntu "/bin/bash" 12 minutes ago Up 12 minutes vm0
[root@miaomiao Desktop]# netstat -antlp |grep :8000 ##查看8000端口
tcp6 0 0 :::8000 :::* LISTEN 28822/docker-proxy
[root@miaomiao Desktop]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0
MASQUERADE tcp -- 192.168.0.2 192.168.0.2 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:192.168.0.2:80
[root@miaomiao Desktop]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.0.2 tcp dpt:http
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
[root@miaomiao lib]# docker start web ##输入网址http://172.25.254.4:8000/ 或 localhost:8000 查看
[root@miaomiao Desktop]# docker attach vm0
root@fb7a26874f00:/# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
root@fb7a26874f00:/# cp /etc/passwd .
root@fb7a26874f00:/# [root@miaomiao Desktop]# docker diff vm0
A /passwd ##A 为add
(22).修改docker的ip
[root@miaomiao system]# cd /usr/lib
[root@miaomiao lib]# cp /usr/lib^C
[root@miaomiao lib]# cp /lib/systemd/system/docker.service /etc/systemd/system^C
[root@miaomiao lib]# systemctl daemon-reload ^C
[root@miaomiao lib]# systemctl restart docker ##重启docker
[root@miaomiao lib]# docker network ls
NETWORK ID NAME DRIVER
a3d8431a63f6 bridge bridge
3fd2c5b5e9c8 none null
fcff84aa1644 host host
[root@miaomiao lib]# ssh -X [email protected] firefox ##连接172.25.254.4的firefox
(3).数据卷管理
docker run 在创建容器时使用 -v 参数可以挂载一个或多个数据卷到当前运行的容器中,-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中,使宿主机和容器之间可以共享一个目录。
挂载数据卷到新创建的容器上:
# docker run -it --name westos -v /tmp/data1:/data1 -v /tmp/data2:/data2 rhel7 /bin/bash
-v 参数可以重复使用,挂载多个数据卷到容器中,冒号前面的是宿主机的目录(本地目录不存在 docker 会自动创建),冒号后面的是容器中的挂载目录。
注:docker commit 时卷的数据不会被保存。
默认挂载可以读写数据卷,也可以只读挂载:
# docker run -it --name westos2 -v /tmp/data2:/data2:ro rhel /bin/bash
挂载宿主机文件:
#docker run -it --name westos3 -v /etc/yum.repos.d/rhel-dvd.repo:/etc/yum.repos.d/rhel-dvd.repo:ro rhel7 /bin/bash
数据卷容器:
# docker create --name data -v /tmp/sharedata:/sharedata rhel7 /bin/true
# docker run -it --name vm1 --volumes-from data rhel7 /bin/bash
# docker run -it --name vm2 --volumes-from data rhel7 /bin/bash
# docker attach vm1
bash-4.2# cd /sharedata/
bash-4.2# touch vm1file
# docker attach vm2
bash-4.2# cd /sharedata/
bash-4.2# ls
passwd vm1file
bash-4.2# touch vm2file
[root@foundation0 ~]# ls /tmp/sharedata/
passwd vm1file vm2file
备份数据卷:
# docker run --rm --volumes-from data -v /tmp/backup:/backup rhel7 tar cf /sharedata /backup/test.tar
eg:
[root@miaomiao lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu ##-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中 本地目录不存在 docker 会自动创建
root@0a71b1c6ee76:/# cd data1/
root@0a71b1c6ee76:/data1# ls
passwd
[root@miaomiao lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu
root@0a71b1c6ee76:/# cd data1/
root@0a71b1c6ee76:/data1# ls
passwd
root@0a71b1c6ee76:~# [root@miaomiao lib]#
[root@miaomiao lib]# cd /tmp/data1
[root@miaomiao data1]# ls
[root@miaomiao data1]# docker run -it --name vm2 -v /tmp/data2:/data2 ubuntu
root@b2a25f80b0e0:/# cd /data2/
root@b2a25f80b0e0:/data2# ls
root@b2a25f80b0e0:/data2# [root@miaomiao data1]#
[root@miaomiao data1]# docker run -it --name vm3 -v /tmp/data1:/data1 -v /tmp/data2:/data2:ro -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat.repo:ro ubuntu
root@4adc953b1fb8:/# cd /etc/yum.repos.d/
root@4adc953b1fb8:/etc/yum.repos.d# ls
redhat.repo
root@4adc953b1fb8:/etc/yum.repos.d# echo 1 > redhat.repo
bash: redhat.repo: Read-only file system
root@4adc953b1fb8:/etc/yum.repos.d# [root@miaomiao data1]#
[root@miaomiao data1]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4adc953b1fb8 ubuntu "/bin/bash" About a minute ago Up About a minute vm3
b2a25f80b0e0 ubuntu "/bin/bash" 5 minutes ago Up 5 minutes vm2
0a71b1c6ee76 ubuntu "/bin/bash" 8 minutes ago Up 8 minutes vm1
[root@miaomiao data1]# docker create --name datavol -v /tmp/data1:/data1 -v /tmp/data2:/data2 -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat:ro ubuntu
83c9e4ce93a3d47326a33d6693214c0d8e2b36d26f0700702d10f960027feb5c
[root@miaomiao data1]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83c9e4ce93a3 ubuntu "/bin/bash" 21 seconds ago Created datavol
4adc953b1fb8 ubuntu "/bin/bash" 7 minutes ago Up 7 minutes vm3
b2a25f80b0e0 ubuntu "/bin/bash" 11 minutes ago Up 11 minutes vm2
0a71b1c6ee76 ubuntu "/bin/bash" 14 minutes ago Up 14 minutes vm1
[root@miaomiao data1]# docker run -it --name vm4 --volumes-from datavol ubuntu
root@67ae4c3067b1:/# cd /data1
root@67ae4c3067b1:/data1# ls
root@67ae4c3067b1:/data1# cd /etc/yum.repos.d/
root@67ae4c3067b1:/etc/yum.repos.d# ls
redhat
root@67ae4c3067b1:/etc/yum.repos.d#cd /data1
root@67ae4c3067b1:/data1# ls
passwd
[root@miaomiao ~]# docker cp vm4:/data1/passwd .
[root@miaomiao ~]# ll passwd
-rw-r--r-- 1 root root 956 May 9 16:06 passwd
[root@miaomiao data1]# docker run --rm -v /tmp/backup:/backup ubuntu tar cf /backup/vm4.tar /etc
tar: Removing leading `/' from member names
[root@miaomiao data1]# cd /tmp/backup/
[root@miaomiao backup]# ls
etc.tar vm4.tar
[root@miaomiao backup]# ll vm4.tar
-rw-r--r-- 1 root root 798720 May 9 16:12 vm4.tar
[root@miaomiao backup]# tar tf vm4.tar |less
(4).设置docker的ip
[root@foundation60 Desktop]# docker network ls ##
NETWORK ID NAME DRIVER
a6086676733c host host
c69c955d85a6 bridge bridge
b2fe5e31a343 none null
[root@foundation60 Desktop]# brctl show ##显示桥接
bridge name bridge id STP enabled interfaces
br0 8000.28d24434e123 no enp2s0 ##本机br0
docker0 8000.02423c7d609f no ##容器通过docker0(桥接)与物理机(宿主机|本机)通信
virbr0 8000.525400c63db4 yes virbr0-nic ##虚拟机通过virbr0(桥接)与物理机(宿主机|本机)通信
virbr1 8000.5254002538eb yes virbr1-nic
[root@foundation60 Desktop]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation60 Desktop]# docker run -it --name vm1 ubuntu
root@33293f33ace2:/# [root@foundation60 Desktop]#
[root@foundation60 Desktop]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.28d24434e123 no enp2s0
docker0 8000.02423c7d609f no veth67f57bf
virbr0 8000.525400c63db4 yes virbr0-nic
virbr1 8000.5254002538eb yes virbr1-nic
[root@foundation60 Desktop]# ll /usr/lib/systemd/system/docker.service
-rw-r--r-- 1 root root 347 2月 11 2016 /usr/lib/systemd/system/docker.service
[root@foundation60 Desktop]# cp /usr/lib/systemd/system/docker.service /etc/systemd/system/docker.service
[root@foundation60 Desktop]# vim /etc/systemd/system/docker.service 改docker0的ip方式二:修改配置文件
ExecStart=/usr/bin/docker daemon -H fd:// --bip 192.168.60.1/24 ##设置docker0的ip为192.168.60.1/24
[root@foundation60 Desktop]# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
3: wlp3s0:
link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff
inet 192.168.253.4/24 brd 192.168.253.255 scope global dynamic wlp3s0
valid_lft 35968sec preferred_lft 35968sec
inet6 fe80::a6db:30ff:fe7a:f8c5/64 scope link
valid_lft forever preferred_lft forever
4: br0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::2ad2:44ff:fe34:e123/64 scope link
valid_lft forever preferred_lft forever
5: virbr1:
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
6: virbr1-nic:
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
7: virbr0:
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic:
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
9: docker0:
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
11: veth67f57bf@if10:
link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::b854:d0ff:febc:523c/64 scope link
valid_lft forever preferred_lft forever
[root@foundation60 Desktop]# systemctl daemon-reload
[root@foundation60 Desktop]# systemctl restart network
[root@foundation60 Desktop]# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
3: wlp3s0:
link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff
5: virbr1:
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
6: virbr1-nic:
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
7: virbr0:
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic:
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
9: docker0:
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
11: veth67f57bf@if10:
link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::b854:d0ff:febc:523c/64 scope link
valid_lft forever preferred_lft forever
12: br0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
[root@foundation60 Desktop]# ip link set down dev docker0 ##改docker0的ip方式二:link
[root@foundation60 Desktop]# ip addr del 172.17.0.1/16 dev docker0
[root@foundation60 Desktop]# ip addr add 192.168.60.1/24 dev docker0
[root@foundation60 Desktop]# ip link set up dev docker0
[root@foundation60 Desktop]# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
3: wlp3s0:
link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff
5: virbr1:
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
6: virbr1-nic:
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
7: virbr0:
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic:
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
9: docker0:
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.60.1/24 scope global docker0 ##改后的ip:192.168.60.1/24
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
11: veth67f57bf@if10:
link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::b854:d0ff:febc:523c/64 scope link
valid_lft forever preferred_lft forever
12: br0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
[root@foundation60 Desktop]#
[root@foundation60 Desktop]# docker attach vm1
root@33293f33ace2:/# uname -r
3.10.0-327.el7.x86_64
root@33293f33ace2:/# ip addr show ##创建一个容器vm1 ,默认ip????????
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
(5).四种模式
[root@foundation60 Desktop]# docker run -it --name web --net host nginx ##host模式 和物理机bro的ip相同
WARNING: IPv4 forwarding is disabled. Networking will not work.
2017/05/10 11:48:52 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use) ##80端口正在占用
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2017/05/10 11:48:52 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
[root@foundation60 Desktop]# ^C
[root@foundation60 Desktop]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7ce6e4f9b27 nginx "nginx -g 'daemon off" 34 seconds ago Exited (1) 28 seconds ago web
33293f33ace2 ubuntu "/bin/bash" 19 minutes ago Up 18 minutes vm1
[root@foundation60 Desktop]# systemctl stop httpd.service ##关闭httpd服务
[root@foundation60 Desktop]# docker start web
web
[root@foundation60 Desktop]# netstat -antlp |grep :80 ##80端口正在被占用
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6687/nginx: master
[root@foundation60 Desktop]# curl 172.25.254.60
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
Commercial support is available at
Thank you for using nginx.
[root@foundation60 Desktop]# docker stop web
web
[root@foundation60 Desktop]# curl 172.25.254.60
curl: (7) Failed connect to 172.25.254.60:80; 拒绝连接
[root@foundation60 Desktop]# netstat -antlp |grep :80
tcp 0 0 172.25.254.60:46343 172.25.254.60:80 TIME_WAIT -
[root@foundation4 pub]# docker run -it --name vm1 --net host ubuntu ##vm1为host模式
root@foundation4:/#
root@foundation4:/# [root@foundation4 pub]#
[root@foundation4 pub]# docker run -it --name vm2 --net container:vm1 ubuntu ##vm1为container模式,同vm1 与物理机ip相同
root@foundation4:/#
root@foundation4:/# ip addr show
9: docker0:
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.60.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
12: br0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
root@foundation4:/# [root@foundation4 pub]# docker attach vm1
root@foundation4:/# ip addr show
9: docker0:
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.60.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
12: br0:
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
root@foundation4:/# ##关机vm1,vm2的ip不再存在,开启vm1,vm2的ip存在
[root@foundation60 Desktop]# docker attach vm2
root@33293f33ace2:/# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@33293f33ace2:/# [root@foundation60 Desktop]#
(6).禁用模式 自己设ip
[root@foundation15 netns]# docker run -it --name vm3 --net none ubuntu
root@e8bf0b4bce45:/# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@e8bf0b4bce45:/# [root@foundation15 netns]#
[root@foundation15 netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc5dee66 no enp0s25
docker0 8000.024241e13709 no
virbr0 8000.525400c2e396 yes virbr0-nic
virbr1 8000.52540005d6c1 yes virbr1-nic
[root@foundation15 netns]# docker inspect vm3 |grep Pid ##每次开机Pid 都会改变,所以最好写脚本
"Pid": 4648,
"PidMode": "",
"PidsLimit": 0,
[root@foundation15 netns]# cd /proc/4648 ##/proc存放内核的信息,存放在内存上,关机所有信息消失,开机所有信息自动出现
[root@foundation15 4648]# ls
attr cpuset limits net projid_map statm
autogroup cwd loginuid ns root status
auxv environ map_files numa_maps sched syscall
cgroup exe maps oom_adj sessionid task
clear_refs fd mem oom_score setgroups timers
cmdline fdinfo mountinfo oom_score_adj smaps uid_map
comm gid_map mounts pagemap stack wchan
coredump_filter io mountstats personality stat
[root@foundation15 4648]# cd ns
[root@foundation15 ns]# ls
ipc mnt net pid user uts
[root@foundation15 ns]# ll
total 0
lrwxrwxrwx 1 root root 0 May 10 10:51 ipc -> ipc:[4026532409]
lrwxrwxrwx 1 root root 0 May 10 10:51 mnt -> mnt:[4026532407]
lrwxrwxrwx 1 root root 0 May 10 10:49 net -> net:[4026532412]
lrwxrwxrwx 1 root root 0 May 10 10:51 pid -> pid:[4026532410]
lrwxrwxrwx 1 root root 0 May 10 10:51 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 May 10 10:51 uts -> uts:[4026532408]
[root@foundation15 ns]# ln -s /proc/4648/ns/net /var/run/netns/4648
[root@foundation15 ns]# ip netns ls
4648
[root@foundation15 ns]# ll
total 0
lrwxrwxrwx 1 root root 0 May 10 10:51 ipc -> ipc:[4026532409]
lrwxrwxrwx 1 root root 0 May 10 10:51 mnt -> mnt:[4026532407]
lrwxrwxrwx 1 root root 0 May 10 10:49 net -> net:[4026532412]
lrwxrwxrwx 1 root root 0 May 10 10:51 pid -> pid:[4026532410]
lrwxrwxrwx 1 root root 0 May 10 10:51 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 May 10 10:51 uts -> uts:[4026532408]
[root@foundation15 ns]# cd /var/run/netns/
[root@foundation15 netns]# ls
4648
[root@foundation15 netns]# ll
total 0
lrwxrwxrwx 1 root root 17 May 10 10:53 4648 -> /proc/4648/ns/net
[root@foundation15 netns]# ip link add name veth0 type veth peer name veth1
[root@foundation15 netns]# ip link set up dev veth0 ##在 namespace 中启用一个设备veth0
[root@foundation15 netns]# ip link set up dev veth1
[root@foundation15 netns]# ip addr show
。。。
4: br0:
link/ether 00:21:cc:5d:ee:66 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.15/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.15.250/24 brd 172.25.15.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::221:ccff:fe5d:ee66/64 scope link
valid_lft forever preferred_lft forever
9: docker0:
被桥接到 docker0 上,并自动分配到一个 IP 地址
link/ether 02:42:41:e1:37:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 scope global docker0
valid_lft forever preferred_lft forever
10: veth1@veth0:
link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff
inet6 fe80::947e:83ff:feec:4cfc/64 scope link
valid_lft forever preferred_lft forever
11: veth0@veth1:
link/ether ca:bc:43:25:e7:91 brd ff:ff:ff:ff:ff:ff
inet6 fe80::c8bc:43ff:fe25:e791/64 scope link
valid_lft forever preferred_lft forever
[root@foundation15 netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc5dee66 no enp0s25
docker0 8000.024241e13709 no
virbr0 8000.525400c2e396 yes virbr0-nic
virbr1 8000.52540005d6c1 yes virbr1-nic
[root@foundation15 netns]# brctl addif docker0 veth0
[root@foundation15 netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc5dee66 no enp0s25
docker0 8000.024241e13709 no veth0
virbr0 8000.525400c2e396 yes virbr0-nic
virbr1 8000.52540005d6c1 yes virbr1-nic
[root@foundation15 netns]# ip link set veth1 netns 4648
[root@foundation15 netns]# docker attach vm3
root@e8bf0b4bce45:/# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: veth1@if11:
link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff
[root@foundation15 netns]# ip netns exec 4648 ip link set veth1 name eth0
[root@foundation15 netns]# ip netns exec 4648 ip link set up eth0
[root@foundation15 netns]# ip netns exec 4648 ip addr add 192.168.15.115/24 dev eth0
[root@foundation15 netns]# ip netns exec 4648 ip route add default via 192.168.15.1
[root@foundation15 netns]# docker attach vm3
root@e8bf0b4bce45:/#
root@e8bf0b4bce45:/# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: eth0@if11:
link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.15.115/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::947e:83ff:feec:4cfc/64 scope link
valid_lft forever preferred_lft forever
root@e8bf0b4bce45:/# ip route show
default via 192.168.15.1 dev eth0
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.115
root@e8bf0b4bce45:/# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0 0 eth0
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@e8bf0b4bce45:/# ping 192.168.15.1
PING 192.168.15.1 (192.168.15.1) 56(84) bytes of data.
--- 192.168.15.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
root@e8bf0b4bce45:/# ping 172.25.254.251
PING 172.25.254.251 (172.25.254.251) 56(84) bytes of data.
--- 172.25.254.251 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
root@e8bf0b4bce45:/# ping 172.25.254.15
PING 172.25.254.15 (172.25.254.15) 56(84) bytes of data.
^C
--- 172.25.254.15 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
(7)容器间互联
[root@foundation60 Desktop]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 4 months ago 55.5 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[root@foundation60 Desktop]# docker run -d game2048
25c89dfe2e6fa670613e0386de8f05284dd74c017426dc7087e897df44284135
[root@foundation60 Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
25c89dfe2e6f game2048 "/bin/sh -c 'sed -i \"" 32 seconds ago Up 30 seconds 80/tcp, 443/tcp boring_newton
[root@foundation60 Desktop]# docker run -it --link boring_newton:WQ ubuntu ##两个容器间建立安全连接, --link 参数可以连接一个
或多个容器到将要创建的容器
root@000a7f3d3283:/#
root@000a7f3d3283:/# env |grep WQ
WQ_PORT_443_TCP_ADDR=192.168.60.2
WQ_ENV_NGINX_VERSION=1.11.7
WQ_NAME=/prickly_poincare/WQ
WQ_PORT_80_TCP_PROTO=tcp
WQ_PORT_80_TCP=tcp://192.168.60.2:80
WQ_PORT_443_TCP_PORT=443
WQ_PORT_80_TCP_PORT=80
WQ_PORT_443_TCP=tcp://192.168.60.2:443
WQ_PORT_443_TCP_PROTO=tcp
WQ_PORT_80_TCP_ADDR=192.168.60.2
WQ_PORT=tcp://192.168.60.2:80
(8)基于rhel7镜像,搭建自己的镜像 搭建appache
[root@foundation4 Desktop]$ cd /tmp/docker/
[root@foundation4 docker]$ cd apache/
[root@foundation4 apache]# vim Dockerfile
[root@foundation4 apache]# docker build -t rhel7:v1 .
[root@foundation4 apache]# ls
Dockerfile
[root@foundation4 apache]# du -h Dockerfile
4.0K Dockerfile
[root@foundation4 apache]# docker run -d -p 8000:80 --name apache rhel7:v1
410b97e65f58d824bad92b7824d01c7cc11a3aafe5614133bcddb4bb8c6f6159
vm1
[root@foundation4 apache]# docker kill apache
apache
[root@foundation4 apache]# docker rm apache
apache
[root@foundation4 apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v1
a8248ed115240b4d840c586402ced465477e3893f95c330b9b4365f5a120c3aa
[root@foundation4 apache]# vim index.html
[root@foundation4 apache]# ls
Dockerfile index.html
[root@foundation4 apache]# docker kill apache
apache
[root@foundation4 apache]# docker rm apache
apache
[root@foundation4 apache]# docker run -d -p 8000:80 --name apache rhel7:v2
Unable to find image 'rhel7:v2' locally
Pulling repository docker.io/library/rhel7
^C[root@foundation4 apache]# docker build -t rhel7:v2 .
Sending build context to Docker daemon 3.072 kB
Step 1 : FROM rhel7:v1
---> c7728e4708e3
Step 2 : MAINTAINER [email protected]
---> Running in c433f5e76e66
---> 573359cb1d1f
Removing intermediate container c433f5e76e66
Step 3 : ENV hostname ll
---> Running in 440673aa5929
---> d3a6eb82360a
Removing intermediate container 440673aa5929
Step 4 : EXPOSE 80
---> Running in 59142267cc63
---> 54f13e0b05b1
Removing intermediate container 59142267cc63
Step 5 : RUN yum install -y httpd && yum clean all
---> Running in 84ce816c5092
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Package httpd-2.4.6-40.el7.x86_64 already installed and latest version
Nothing to do
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: rhel7.2
Cleaning up everything
---> 8d81b8881a9f
Removing intermediate container 84ce816c5092
Step 6 : CMD /usr/sbin/httpd -D FOREGROUND
---> Running in c9a98b333e16
---> 5ab0460229f8
Removing intermediate container c9a98b333e16
Successfully built 5ab0460229f8
[root@foundation4 apache]# docker run -d -p 8000:80 --name apache rhel7:v2
43ecdd284a6a5a51c1186c0849c9d16f70d05e128806be36bfdacce48997641a
[root@foundation4 apache]#
[root@foundation4 apache]# curl localhost:8000
..........
[root@foundation4 apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v2
docker: Error response from daemon: Conflict. The name "/apache" is already in use by container 43ecdd284a6a5a51c1186c0849c9d16f70d05e128806be36bfdacce48997641a. You have to remove (or rename) that container to be able to reuse that name..
See 'docker run --help'.
[root@foundation4 apache]# docker kill apache
apache
[root@foundation4 apache]# docker rm apache
apache
[root@foundation4 apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v2
ce6b701984229e411ca8dcb07fef754106d9118a22000078b4655fb5f4f08e63
[root@foundation4 apache]# curl localhost:8000
hello world
[root@foundation4 apache]# netstat -antlp |grep :80
tcp6 0 0 :::80 :::* LISTEN 1204/httpd
[root@foundation4 apache]# which ip
/usr/sbin/ip
[root@foundation4 apache]# rpm -qf /usr/sbin/ip ##查看/usr/sbin/ip属于哪个安装包
iproute-3.10.0-54.el7.x86_64
(9)搭建ssh镜像
[root@foundation4 docker]#mkdir ssh
[root@foundation4 docker]#cd ssh/
[root@foundation4 ssh]#cp ../apache/Dockerfile .
bash-4.2# yum install -y openssh-clients
bash-4.2# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
bash-4.2# cd /etc/ssh/
bash-4.2# ls
moduli ssh_config sshd_config
bash-4.2# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N ""
bash-4.2# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""
bash-4.2# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""
bash-4.2# ls
moduli ssh_host_ecdsa_key.pub ssh_host_rsa_key
ssh_config ssh_host_ed25519_key ssh_host_rsa_key.pub
ssh_host_ecdsa_key ssh_host_ed25519_key.pub sshd_config
bash-4.2# netstat -antlp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 39/sshd
tcp6 0 0 :::22 :::* LISTEN 39/sshd
bash-4.2# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 32:79:e7:50:20:0e:0d:c8:e5:ab:55:17:5a:b3:61:f1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
bash-4.2# echo root:westos |chpasswd
bash-4.2# ssh localhost
root@localhost's password:
-bash-4.2# [root@foundation4 ssh]#
[root@foundation4 ssh]# vim Dockerfile
[root@foundation4 ssh]# cat Dockerfile
FROM rhel7:v1 ##指定基础镜像
MAINTAINER [email protected] ##作者信息(可不写)
ENV hostname lll ##设置容器主机名(可不写)
EXPOSE 22 ##暴露容器端口
RUN yum install -y openssh-server openssh-clients && yum clean all
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd ##镜像操作命令
CMD ["/usr/sbin/sshd", "-D"] ##镜像启动命令,默认只能启动一条
[root@foundation4 ssh]# docker build -t rhel7:v6 . ##创建镜像 rhel7:v6
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM rhel7:v1
---> c7728e4708e3
Step 2 : MAINTAINER [email protected]
---> Using cache
---> 573359cb1d1f
Step 3 : ENV hostname lll
---> Using cache
---> 0445caf75265
Step 4 : EXPOSE 22
---> Using cache
---> c31fe7ee8a78
Step 5 : RUN yum install -y openssh-server openssh-clients && yum clean all
---> Using cache
---> 9ec68f83787d
Step 6 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd
---> Using cache
---> 66d55ef13f55
Step 7 : CMD /usr/sbin/sshd -D
---> Running in c1da2a758664
---> 0df474967f24
Removing intermediate container c1da2a758664
Successfully built 0df474967f24
[root@foundation4 ssh]# docker run -d --name ssh -p 2222:22 rhel7:v6
9e9b9180bdf7eb7029dccafa22a88c4ba14ec10b36ea0a40a15961ea718c6f47
[root@foundation4 ssh]# ssh localhost -p 2222
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
74:5d:6e:b3:fa:e7:80:6b:8a:e8:13:d2:85:cc:f5:c2.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:11
ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.
Host key verification failed.
[root@foundation4 ssh]# vim /root/.ssh/known_hosts
[root@foundation4 ssh]# rm -fr /root/.ssh/known_hosts
[root@foundation4 ssh]# ssh localhost -p 2222 ##连接物理机2222端口
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ECDSA key fingerprint is 74:5d:6e:b3:fa:e7:80:6b:8a:e8:13:d2:85:cc:f5:c2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.
root@localhost's password:
-bash-4.2# exit
logout
Connection to localhost closed.
(10)多服务
bash-4.2# yum install supervisor -y
bash-4.2# cat dvd.repo
[rhel7.2]
name=rhel7.2
baseurl=http://172.25.254.250/rhel7.2
gpgcheck=0
[update]
name=update
baseurl=ftp://172.25.254.250/pub/docker
gpgcheck=0
bash-4.2# vi /etc/supervisord.conf
[root@foundation4 ssh]# cd ..
[root@foundation4 docker]# mkdir super
[root@foundation4 docker]# cd super/
[root@foundation4 super]# cp ../ssh/Dockerfile .
[root@foundation4 super]# ls
Dockerfile
[root@foundation4 super]# vim update.repo
[root@foundation4 super]# ls
Dockerfile update.repo
[root@foundation4 super]# vim Dockerfile
[root@foundation4 super]# vim supervisord.conf
[root@foundation4 super]# docker build -t rhel7:v7 .
Sending build context to Docker daemon 4.096 kB
Step 1 : FROM rhel7:v1
---> c7728e4708e3
Step 2 : MAINTAINER [email protected]
---> Using cache
---> 573359cb1d1f
Step 3 : ENV hostname llll
---> Running in 2bcc58c208a6
---> c52c29905899
Removing intermediate container 2bcc58c208a6
Step 4 : EXPOSE 22 80
---> Running in b0f255eee335
---> ad02a414cb33
Removing intermediate container b0f255eee335
Step 5 : COPY update.repo /etc/yum.repos.d
---> 96ecee8435d0
Removing intermediate container 95bde59e0de3
Step 6 : RUN yum install -y openssh-server openssh-clients httpd supervisor&& yum clean all
---> Running in f50c57b7f861
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Package httpd-2.4.6-40.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
---> Package supervisor.noarch 0:3.1.3-3.el7 will be installed
--> Processing Dependency: python-meld3 >= 0.6.5 for package: supervisor-3.1.3-3.el7.noarch
--> Processing Dependency: python-setuptools for package: supervisor-3.1.3-3.el7.noarch
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package python-meld3.x86_64 0:0.6.10-1.el7 will be installed
---> Package python-setuptools.noarch 0:0.9.8-4.el7 will be installed
--> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-4.el7.noarch
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7 will be installed
--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
openssh-clients x86_64 6.6.1p1-22.el7 rhel7.2 638 k
openssh-server x86_64 6.6.1p1-22.el7 rhel7.2 436 k
supervisor noarch 3.1.3-3.el7 update 445 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 rhel7.2 21 k
fipscheck-lib x86_64 1.4.1-5.el7 rhel7.2 11 k
libedit x86_64 3.0-12.20121213cvs.el7 rhel7.2 92 k
openssh x86_64 6.6.1p1-22.el7 rhel7.2 435 k
python-backports x86_64 1.0-8.el7 rhel7.2 5.8 k
python-backports-ssl_match_hostname
noarch 3.4.0.2-4.el7 rhel7.2 12 k
python-meld3 x86_64 0.6.10-1.el7 update 73 k
python-setuptools noarch 0.9.8-4.el7 rhel7.2 397 k
tcp_wrappers-libs x86_64 7.6-77.el7 rhel7.2 66 k
Transaction Summary
================================================================================
Install 3 Packages (+9 Dependent packages)
Total download size: 2.6 M
Installed size: 9.3 M
Downloading packages:
--------------------------------------------------------------------------------
Total 2.2 MB/s | 2.6 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/12
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/12
Installing : openssh-6.6.1p1-22.el7.x86_64 3/12
Installing : python-meld3-0.6.10-1.el7.x86_64 4/12
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 5/12
Installing : python-backports-1.0-8.el7.x86_64 6/12
Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 7/12
Installing : python-setuptools-0.9.8-4.el7.noarch 8/12
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 9/12
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 10/12
Installing : supervisor-3.1.3-3.el7.noarch 11/12
Installing : openssh-server-6.6.1p1-22.el7.x86_64 12/12
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/12
Verifying : python-setuptools-0.9.8-4.el7.noarch 2/12
Verifying : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 3/12
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 4/12
Verifying : openssh-6.6.1p1-22.el7.x86_64 5/12
Verifying : python-backports-1.0-8.el7.x86_64 6/12
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 7/12
Verifying : python-meld3-0.6.10-1.el7.x86_64 8/12
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 9/12
Verifying : supervisor-3.1.3-3.el7.noarch 10/12
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 11/12
Verifying : fipscheck-1.4.1-5.el7.x86_64 12/12
Installed:
openssh-clients.x86_64 0:6.6.1p1-22.el7
openssh-server.x86_64 0:6.6.1p1-22.el7
supervisor.noarch 0:3.1.3-3.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7
fipscheck-lib.x86_64 0:1.4.1-5.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7
openssh.x86_64 0:6.6.1p1-22.el7
python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7
python-meld3.x86_64 0:0.6.10-1.el7
python-setuptools.noarch 0:0.9.8-4.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: rhel7.2 update
Cleaning up everything
---> 1f29557e45b4
Removing intermediate container f50c57b7f861
Step 7 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd
---> Running in b6eaedc8e112
---> ea220bf69ab3
Removing intermediate container b6eaedc8e112
Step 8 : COPY supervisord.conf /etc/supervisord.conf
---> 68350609a0b1
Removing intermediate container ff06da275cf9
Step 9 : CMD /usr/bin/supervisord
---> Running in aa6a51911b44
---> cb4316476c0c
Removing intermediate container aa6a51911b44
Successfully built cb4316476c0c vm1
[root@foundation4 super]# docker kill `docker ps -aq`
9e9b9180bdf7
ce6b70198422
52bbe0b717f2
Failed to kill container (239358aff01d): Error response from daemon: Cannot kill container 239358aff01d: Container 239358aff01d676cfaccece93e631e7530fdab787920e37c74490c8d1bd4df6b is not running
[root@foundation4 super]# docker rm `docker ps -aq`
9e9b9180bdf7
239358aff01d
ce6b70198422
52bbe0b717f2
[root@foundation4 super]#
[root@foundation4 super]# docker run -d --name super -p 2222:22 -p 8000:80 -v /tmp/docker/apache:/var/www/html rhel7:v7
e23cc1d8c9faeb569c30fdca824c9609a7cd5cf2f4bbf02452991293de96344d
[root@foundation4 super]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e23cc1d8c9fa rhel7:v7 "/usr/bin/supervisord" 14 seconds ago Up 11 seconds 0.0.0.0:2222->22/tcp, 0.0.0.0:8000->80/tcp super
[root@foundation4 super]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:22
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.17.0.2:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:172.17.0.2:22
[root@foundation4 super]# ssh localhost -p 2222 -l root
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
e0:5a:77:37:14:bf:ac:58:1f:8c:e2:a8:ab:1b:6f:58.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.
Host key verification failed.
[root@foundation4 super]# rm -fr /root/.ssh/known_hosts
[root@foundation4 super]# ssh localhost -p 2222 -l root
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ECDSA key fingerprint is e0:5a:77:37:14:bf:ac:58:1f:8c:e2:a8:ab:1b:6f:58.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.
root@localhost's password:
-bash-4.2# ls
anaconda-ks.cfg
-bash-4.2# logout
Connection to localhost closed.
[root@foundation4 super]# curl localhost:8000
hello world
[root@foundation4 super]# ls
Dockerfile supervisord.conf update.repo
[root@foundation4 super]# cat Dockerfile
FROM rhel7:v1
MAINTAINER [email protected]
ENV hostname llll
EXPOSE 22 80
COPY update.repo /etc/yum.repos.d
RUN yum install -y openssh-server openssh-clients httpd supervisor&& yum clean all
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd
COPY supervisord.conf /etc/supervisord.conf
CMD ["/usr/bin/supervisord"]
[root@foundation4 super]# cat update.repo
[update]
name=update
baseurl=ftp://172.25.254.250/pub/docker
gpgcheck=0
[root@foundation4 super]# cat supervisord.conf
[supervisord]
nodaemon=true
[program:httpd]
command=/usr/sbin/httpd
[program:sshd]
command=/usr/sbin/sshd -D
[root@foundation4 super]# docker inspect rhel7:v7 ##查看暴露的端口
"ExposedPorts": {
"22/tcp": {},
"80/tcp": {}