Docker_学习笔记

目录

文章目录

    • @[toc]
  • 01 什么是云计算?
  • 02 什么是容器?
  • 03 容器和虚拟机的区别(优势)
  • 04 容器的发展历史
  • 05 Docker的五大概念
  • 06 Docker的发展史
  • 07 docker的安装
  • 08 体验docker容器
  • 09 镜像的管理命令
  • 10 容器的管理命令
  • 11 手动制作docker镜像
    • 11.1 单服务
    • 11.2 双服务
  • 12 自动制作docker镜像
    • 12.1 dockerfile基础指令
    • 12.2 dockerfile中的ADD指令
    • 12.3 dockerfile中的WORKDIR指令
    • 12.4 dockerfile中的EXPOSE指令
    • 12.5 dockerfile中的ENV指令
    • 12.6 dockerfile中的ENTRYPOINT指令
    • 12.7 单服务
    • 12.8 双服务
    • 12.9 优化镜像容量
  • 13 docker容器间的互联
  • 14 docker的私有仓库
    • 14.1 不带认证
    • 14.2 带认证
    • 14.3 删除镜像(未做实验)
    • 14.4 Harbor 安装和使用
  • 15 docker容器编排(单机版docker-compose)
  • 16 docker网络
    • 16.1 默认网络
    • 16.2 自建网络
    • 16.3 跨宿主机网络容器之间的通信overlay类型
  • 17 Docker监控

01 什么是云计算?

云计算是一种按量付费的模式,它的底层主要通过虚拟化来实现。


云计算的服务类型?
云服务只是一个统称,可以分成三大类。

Docker_学习笔记_第1张图片
上图转自:(http://www.ruanyifeng.com/blogimg/asset/2017/bg2017072301.jpg)


  • IaaS:基础设施服务,Infrastructure-as-a-service。(kvm openstack)
  • PaaS:平台服务,Platform-as-a-service。(docker k8s)
  • SaaS:软件服务,Software-as-a-service。(运维+开发)

Docker_学习笔记_第2张图片
上图转自(http://www.mobanhu.com/upload_files/qrcode/256810111314151619202223242.jpg)


02 什么是容器?

容器是在隔离的环境中运行的一个进程,如果进程停止,容器终止,这个隔离的环境,拥有自己的系统文件,ip地址,主机名,进程管理。
容器还是一个软件的打包技术。


程序:软件,代码
进程:正在运行的程序
协程:线程


03 容器和虚拟机的区别(优势)

虚拟机的开机启动流程(特点):

  • 1:按下电源开关,bios自检
  • 2:选择启动项,选择启动设备
  • 3:加载引导程序 mbr (grub) gpt(UEFI) grub启动菜单 操作系统类型 内核路径
  • 4:加载linux内核(初始化硬件)
  • 5:启动系统的第一个进程/sbin/init ,初始化系统
  • 6:应用程序

容器(特点):共用宿主机内核,一开始就启动第一个进程


Docker_学习笔记_第3张图片
上图转自(https://images2018.cnblogs.com/blog/1337265/201805/1337265-20180511172324561-1553907087.png)


容器相对于虚拟化的优势:启动快,损耗少,性能高,轻量级
容器相对于虚拟机的劣势:如果宿主机是linux,容器必须linux系统


虚拟机:10台宿主机 可跑100台虚拟机
容器:5台宿主机 可跑100个容器


04 容器的发展历史

  • a: chroot 切换根目录

  • b:lxc (linux container)
    采用的技术:namespace用于“资源隔离”,cgroup用于“资源限制”(本来限制进程使用的硬件资源)
    类似传统的虚拟机。第一个进程 /sbin/init,先初始化系统,再运行服务nginx

  • c:docker容器
    采用的技术:namespace用于“资源隔离”,cgroup用于“资源限制”
    更轻量,第一个进程直接启动服务:如nginx


05 Docker的五大概念

镜像,容器,仓库,存储,网络


06 Docker的发展史

docker版本:

  • 初版:docker engine。第一版1.0,最终版1.13
  • 社区版:docker-ce。第一版:17.03(2017年3月)
  • 企业版:docker-ee

07 docker的安装

系统版本:CentOS Linux release 7.6.1810 (Core)
Docker版本:19.03.5


虚拟机:
10.0.0.100 docker01-h-100
10.0.0.101 docker02-h-101


第一步:安装aliyun镜像源
docker01-h-100与docker02-h-101

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache

第二步:安装docker-ce
docker01-h-100与docker02-h-101

# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2

# Step 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# Step 3: 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce

# Step 4: 开启 Docker 服务并设定开机自启动
systemctl enable docker
systemctl start docker

第三步:验证
docker01-h-100与docker02-h-101

$ docker version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea
 Built:             Wed Nov 13 07:25:41 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea
  Built:            Wed Nov 13 07:24:18 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

08 体验docker容器

docker软件架构为cs架构,client和server


方法1:
将镜像直接上传nginx
docker01-h-100与docker02-h-101

mkdir /root/docker_image/
cd /root/docker_image/
# 将 docker_nginx.tar.gz 上传至 /root/docker_image/

docker load -i docker_nginx.tar.gz 
docker run -d -p 80:80 nginx

方法2:
在线直接启动nginx镜像
docker01-h-100与docker02-h-101

docker run -d -p 80:80 nginx

验证1:
通过curl查看版本

$ curl -I 10.0.0.100
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Tue, 26 Nov 2019 14:39:10 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

验证2:
直接浏览器访问http://10.0.0.100


09 镜像的管理命令

  • docker search 搜索镜像(优先选官方镜像,其次选择start数量多的)
$ docker search alpine
NAME                                   DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
alpine                                 A minimal Docker image based on Alpine Linux…   5864                [OK]                
mhart/alpine-node                      Minimal Node.js built on Alpine Linux           445                                     
anapsix/alpine-java                    Oracle Java 8 (and 7) with GLIBC 2.28 over A…   430                                     [OK]
frolvlad/alpine-glibc                  Alpine Docker image with glibc (~12MB)          220                                     [OK]
gliderlabs/alpine                      Image based on Alpine Linux will help you wi…   180                    
  • docker image pull 镜像名称:版本 下载指定的镜像
    缩写:docker pull
$ docker image pull alpine
Using default tag: latest
latest: Pulling from library/alpine
89d9c30c1d48: Pull complete 
Digest: sha256:c19173c5ada610a5989151111163d28a67368362762534d8a8121ce95cf2bd5a
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest

$ docker image pull alpine:3.8
3.8: Pulling from library/alpine
c87736221ed0: Pull complete 
Digest: sha256:04696b491e0cc3c58a75bace8941c14c924b9f313b03ce5029ebbc040ed9dcd9
Status: Downloaded newer image for alpine:3.8
docker.io/library/alpine:3.8
  • docker image push 上传镜像
    缩写:docker push

  • docker image ls
    说明:查看镜像列表
    缩写:docker images

$ docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              540a289bab6c        5 weeks ago         126MB
alpine              latest              965ea09ff2eb        5 weeks ago         5.55MB
alpine              3.8                 dac705114996        8 months ago        4.41MB
  • docker image save 镜像名称:版本 -o 镜像压缩包的路径
    说明:镜像的导出
    缩写:docker save
$ docker image save alpine:3.8 -o /root/docker_image/docker_alpine3.8.tar.gz
  • docker image load -i 镜像压缩包的路径
    说明:镜像的导入
    缩写:docker load
$ docker image load -i /root/docker_image/docker_alpine3.8.tar.gz
d9ff549177a9: Loading layer [==================================================>]  4.671MB/4.671MB
Loaded image: alpine:3.8
  • docker image rm nginx:latest
    说明:删除镜像
    缩写:docker rmi
$ docker image rm alpine:3.8
Untagged: alpine:3.8
Untagged: alpine@sha256:04696b491e0cc3c58a75bace8941c14c924b9f313b03ce5029ebbc040ed9dcd9
Deleted: sha256:dac7051149965716b0acdcab16380b5f4ab6f2a1565c86ed5f651e954d1e615c
Deleted: sha256:d9ff549177a94a413c425ffe14ae1cc0aa254bc9c7df781add08e7d2fba25d27
  • docker image tag ID号 rock:v1
    说明:给镜像打标签
    缩写:docker tag
$ docker image import docker_alpine3.8.tar.gz 
sha256:4b1b7fc88220e19f650a76bb0d39ab1fe9bae89c4c14c07dfe2736bf169a2ffb
$ docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
<none>              <none>              4b1b7fc88220        9 seconds ago       4.67MB
nginx               latest              540a289bab6c        5 weeks ago         126MB
alpine              latest              965ea09ff2eb        5 weeks ago         5.55MB
alpine              3.8                 dac705114996        8 months ago        4.41MB
$ docker image tag 4b1b7fc88220 rock:v1
$ docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
rock                v1                  4b1b7fc88220        48 seconds ago      4.67MB
nginx               latest              540a289bab6c        5 weeks ago         126MB
alpine              latest              965ea09ff2eb        5 weeks ago         5.55MB
alpine              3.8                 dac705114996        8 months ago        4.41MB

10 容器的管理命令

  • docker container run -d nginx:latest
    说明:创建并启动一个容器
    备注:该命令相当于docker container create + docker container start
docker run 参数:
-d   后台运行
-p   端口映射
-it  分配一个交互式的终端(it:interactive tty)
-v   将宿主机目录挂载到容器中
# 后台运行
$ docker container run -d nginx:latest
a5e3030fd9a21985630c86906571cf5d6e1d444b9966764dbcc8b2deaedc179e

# 端口映射
$ docker container run -d -p 88:80 nginx:latest
fe1bdd08cb5a7a67fa65c0ed3fcb75d51ee415f363fb7c17b8b894b31409aa65

$ docker container run -d -p 89:80 -p 9000:9000 nginx:latest
6468773ed77feabb218d6ccfcca5dda5b6b594333d4c65640eb2865b2000c98a

# 分配一个交互式的终端
[root@docker01-h-100 docker_image]# docker run -it centos:6.9 
[root@5fffa151eb6d /]# cat /etc/redhat-release 
CentOS release 6.9 (Final)
[root@5fffa151eb6d /]# exit
exit

# 将宿主机目录挂载到容器中
$ docker run -d -p 90:80 -v /root/project/xiaoniao:/usr/share/nginx/html nginx:latest 
82a6d786da946dfebcef67c60ef777fa59dc617570436871653c8680874405bd
# 浏览器:http://10.0.0.100:90
[root@docker01-h-100 project]# docker exec -it 82a6d786da94 /bin/bash
root@82a6d786da94:/# ls -l /usr/share/nginx/html/
total 232
-rw-r--r-- 1 root root 15329 Aug  2  2014 2000.png
-rw-r--r-- 1 root root 51562 Aug  2  2014 21.js
-rw-r--r-- 1 root root   254 Aug  2  2014 icon.png
drwxr-xr-x 2 root root   102 Aug  8  2014 img
-rw-r--r-- 1 root root  3049 Dec  1 07:54 index.html
-rw-r--r-- 1 root root 63008 Aug  2  2014 sound1.mp3
-rw-r--r-- 1 root root 91014 Nov 16 10:41 xiaoniaofeifei.zip
  • docker container start ID号或name
    说明:启动容器

  • docker container stop ID号或name
    说明:停止容器

  • docker container kill
    说明:强制停止容器(慎用

  • docker container ls -a
    说明:查看所有容器

# 查看正在处于运行状态的容器
$ docker container ls
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES
6468773ed77f        nginx:latest        "nginx -g 'daemon of…"   25 minutes ago      Up 25 minutes       0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp   nervous_bose
fe1bdd08cb5a        nginx:latest        "nginx -g 'daemon of…"   29 minutes ago      Up 29 minutes       0.0.0.0:88->80/tcp                           musing_lamport
a5e3030fd9a2        nginx:latest        "nginx -g 'daemon of…"   37 minutes ago      Up 37 minutes       80/tcp                                       clever_elbakyan

# 查看所有的容器
$ docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                                        NAMES
5fffa151eb6d        centos:6.9          "/bin/bash"              17 minutes ago      Exited (0) 8 minutes ago                                                zen_bhabha
6468773ed77f        nginx:latest        "nginx -g 'daemon of…"   26 minutes ago      Up 26 minutes              0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp   nervous_bose
fe1bdd08cb5a        nginx:latest        "nginx -g 'daemon of…"   30 minutes ago      Up 30 minutes              0.0.0.0:88->80/tcp                           musing_lamport
a5e3030fd9a2        nginx:latest        "nginx -g 'daemon of…"   38 minutes ago      Up 38 minutes              80/tcp                                       clever_elbakyan
6a54429657be        nginx               "nginx -g 'daemon of…"   3 days ago          Exited (0) 3 days ago                                                   boring_swanson
0dc1b90f0966        nginx               "nginx -g 'daemon of…"   3 days ago          Exited (0) 3 days ago                                                   gifted_spence

# 查看最后一个创建的容器(-l last)
[root@docker01-h-100 docker_image]# docker container ls -a -l
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES
6468773ed77f        nginx:latest        "nginx -g 'daemon of…"   57 minutes ago      Up 57 minutes       0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp   nervous_bose
  • docker container rm ID号
    说明:默认删除非启动状态的容器(可以删除多个容器)
[root@docker01-h-100 docker_image]# docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                                        NAMES
5fffa151eb6d        centos:6.9          "/bin/bash"              30 minutes ago      Exited (0) 21 minutes ago                                                zen_bhabha
6468773ed77f        nginx:latest        "nginx -g 'daemon of…"   39 minutes ago      Up 39 minutes               0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp   nervous_bose
fe1bdd08cb5a        nginx:latest        "nginx -g 'daemon of…"   42 minutes ago      Up 42 minutes               0.0.0.0:88->80/tcp                           musing_lamport
a5e3030fd9a2        nginx:latest        "nginx -g 'daemon of…"   51 minutes ago      Up 51 minutes               80/tcp                                       clever_elbakyan
6a54429657be        nginx               "nginx -g 'daemon of…"   3 days ago          Exited (0) 3 days ago                                                    boring_swanson
0dc1b90f0966        nginx               "nginx -g 'daemon of…"   3 days ago          Exited (0) 3 days ago                                                    gifted_spence
[root@docker01-h-100 docker_image]# docker container rm 0dc1b90f0966
0dc1b90f0966
[root@docker01-h-100 docker_image]# docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                                        NAMES
5fffa151eb6d        centos:6.9          "/bin/bash"              30 minutes ago      Exited (0) 21 minutes ago                                                zen_bhabha
6468773ed77f        nginx:latest        "nginx -g 'daemon of…"   39 minutes ago      Up 39 minutes               0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp   nervous_bose
fe1bdd08cb5a        nginx:latest        "nginx -g 'daemon of…"   43 minutes ago      Up 43 minutes               0.0.0.0:88->80/tcp                           musing_lamport
a5e3030fd9a2        nginx:latest        "nginx -g 'daemon of…"   51 minutes ago      Up 51 minutes               80/tcp                                       clever_elbakyan
6a54429657be        nginx               "nginx -g 'daemon of…"   3 days ago          Exited (0) 3 days ago                                                    boring_swanson
  • docker container exec -it 1e966bd48fb3 /bin/bash
    说明:进入正在运行的容器(分配一个新的终端)
# 格式
docker exec -it 容器的id/名字 /bin/bash(/bin/sh)
[root@docker01-h-100 docker_image]# docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES
6468773ed77f        nginx:latest        "nginx -g 'daemon of…"   48 minutes ago      Up 48 minutes       0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp   nervous_bose
fe1bdd08cb5a        nginx:latest        "nginx -g 'daemon of…"   51 minutes ago      Up 51 minutes       0.0.0.0:88->80/tcp                           musing_lamport
a5e3030fd9a2        nginx:latest        "nginx -g 'daemon of…"   About an hour ago   Up About an hour    80/tcp                                       clever_elbakyan
[root@docker01-h-100 docker_image]# docker container exec -it 6468773ed77f /bin/bash
root@6468773ed77f:/# exit
exit
  • docker container attach 7d9f9f980cba
    说明:使用相同的终端
[root@docker01-h-100 xiaoniao]# docker container ls -l -a 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                          PORTS               NAMES
9942e0cc9735        centos:6.9          "/bin/bash"         31 minutes ago      Exited (0) About a minute ago                       recursing_satoshi

[root@docker01-h-100 ~]# docker container start 9942e0cc9735
9942e0cc9735
[root@docker01-h-100 ~]# docker attach 9942e0cc9735
[root@9942e0cc9735 /]# history 

  • docker container cp xiaoniao 5a1ccc8b81c5:/usr/share/nginx/html
    说明:将宿主机的文件上传至容器中(此法不推荐)
# 创建一个nginx容器
$ docker run -d -p 80:80 nginx:latest
07758b5ae91587c5293c388e7d5ca8d6b8ff1da5ef95a1e2d75923572a2f91cd

# 宿主机将小鸟项目解包并上传至容器中
$ mkdir -p /root/project/xiaoniao
$ cd /root/project/xiaoniao
$ unzip xiaoniaofeifei.zip
$ cd /root/project/
$ docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
07758b5ae915        nginx:latest        "nginx -g 'daemon of…"   10 minutes ago      Up 10 minutes       0.0.0.0:80->80/tcp   hungry_merkle
$ docker container cp xiaoniao 07758b5ae915:/usr/share/nginx/html

# 使用浏览器打开:http://10.0.0.100/xiaoniao/

# 进入容器中查看对应目录
$ docker exec -it 07758b5ae915 /bin/bash
root@07758b5ae915:/# ls /usr/share/nginx/html/
50x.html  index.html  xiaoniao
root@07758b5ae915:/# ls /usr/share/nginx/html/xiaoniao/
2000.png  21.js  icon.png  img	index.html  sound1.mp3	xiaoniaofeifei.zip

注意:

  • 遇到的容器问题:为什么有的容器,起不来?
    如果想容器一直处于运行状态,需要让容器夯住(前台运行),并且提供服务。
# 例子
$ docker container run -d -it centos:6.9
  • 不是所有的镜像都是基于centos系统

11 手动制作docker镜像

11.1 单服务

a:启动一个基础的容器,在容器中安装服务

[root@docker01-h-100 ~]# docker run -it -p 80:80 centos:6.9
[root@9942e0cc9735 /]# $ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
[root@9942e0cc9735 /]# $ curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@9942e0cc9735 /]# $ yum install nginx -y
[root@9942e0cc9735 /]# $ cd /usr/share/nginx/html/
[root@9942e0cc9735 /]# $ rm -fr *

[root@docker01-h-100 xiaoniao]# docker container cp xiaoniaofeifei.zip 9942e0cc9735:/usr/share/nginx/html/

[root@9942e0cc9735 /]# yum install unzip -y
[root@9942e0cc9735 /]# unzip xiaoniaofeifei.zip
[root@9942e0cc9735 /]# nginx

# 浏览器访问:http://10.0.0.100

# 最后退出
[root@9942e0cc9735 /]# exit

b:将装好服务的容器提交为镜像

[root@docker01-h-100 ~]# docker ps -a -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                          PORTS               NAMES
9942e0cc9735        centos:6.9          "/bin/bash"         48 minutes ago      Exited (0) About a minute ago                       recursing_satoshi


[root@docker01-h-100 ~]# docker container commit 9942e0cc9735 xiaoniao:v1
sha256:7cb0e8bd861736b9029e86bbe2c19cb71245be2e842134d64018c0d632d9699c

[root@docker01-h-100 ~]# docker image ls
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
xiaoniao                                         v1                  7cb0e8bd8617        10 seconds ago      446MB

c:测试

[root@docker01-h-100 ~]# docker run -d -p 8080:80 xiaoniao:v1 nginx -g 'daemon off;'

11.2 双服务

安装可道云
a:启动一个基础的容器,在容器中安装服务

[root@docker01-h-100 ~]# docker run -it -p 80:80 centos:6.9
[root@00724e41ca12 /]# $ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
[root@00724e41ca12 /]# $ curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@00724e41ca12 /]# $ yum install nginx -y
[root@00724e41ca12 /]# $ cd /usr/share/nginx/html/
[root@00724e41ca12 /]# $ rm -fr *

[root@docker01-h-100 kedaoyun]# docker container cp kodexplorer4.40.zip 00724e41ca12:/usr/share/nginx/html/

[root@00724e41ca12 html]# yum install unzip -y
[root@00724e41ca12 html]# unzip kodexplorer4.40.zip

[root@00724e41ca12 html]# yum install php-fpm php-mbstring php-gd -y
[root@00724e41ca12 html]# vi /etc/php-fpm.d/www.conf

修改/etc/php-fpm.d/www.conf

第39行:user = nginx
第41行:group = nginx
[root@00724e41ca12 html]# service php-fpm start
[root@00724e41ca12 html]# vi /etc/nginx/conf.d/default.conf

编辑/etc/nginx/conf.d/default.conf文件

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;
    index        index.php index.html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html$fastcgi_script_name;
        include        fastcgi_params;
    }

    location / {
    }
[root@00724e41ca12 html]# chown -R nginx:nginx .
[root@00724e41ca12 html]# nginx

# 浏览器访问:http://10.0.0.100

[root@00724e41ca12 html]# vi /init.sh

容器内创建并编辑/init.sh文件

#!/bin/bash
service php-fpm start
nginx -g 'daemon off;'
[root@00724e41ca12 html]# chmod +x /init.sh
[root@00724e41ca12 html]# exit

b:将装好服务的容器提交为镜像

[root@docker01-h-100 ~]# docker commit 00724e41ca12 kod:v1
sha256:3908396abb7d66611e011f13b347a163dc41673027812413d0a460d4377e660d

c:测试

[root@docker01-h-100 ~]# docker run -d -p 8080:80 kod:v1 /init.sh
45d9e4147f19ad45b1ab19263d3268f8bf02beb4aabe6681218fa273fbf12063

12 自动制作docker镜像

  • a:手动制作一次镜像,记录历史命令
  • b:根据历史命令,编写dockerfile
  • c:docker build 构建
  • d:测试

12.1 dockerfile基础指令

FROM  基础镜像
RUN   安装服务所需要的命令(不能有交互式的命令)
CMD   镜像的初始命令(容器运行时的初始命令)  可以被替换
["nginx","-g","daemon off;"]
nginx  -g  'daemon off;'

ADD   将当面目录下的文件拷贝镜像的指定目录(自动解压tar包)
WORKDIR 相当于cd,切换工作目录
EXPOSE  你需要暴露容器的端口(做端口映射)
ENV    环境变量
COPY  将当面目录下的文件拷贝镜像的指定目录(不解压tar包)
ENTRYPOINT 镜像的初始命令(容器运行时的初始命令) 不能被替换

12.2 dockerfile中的ADD指令

$ cd /opt/dockerfile/xiaoniao
# 将xiaoniaofeifei.zip放到此处并解压
$ ls
2000.png  21.js  dockerfile  icon.png  img  index.html  sound1.mp3

$ vim dockerfile

编辑dockerfile文件

FROM centos:6.9

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
ADD . /usr/share/nginx/html

CMD ["nginx","-g","daemon off;"]

开始构建

$ docker build -t xiaoniao:v2 .

测试

[root@docker01-h-100 xiaoniao]# docker run -d -p 80:80 xiaoniao:v2
662b69f974717f5dee549dd909d1c2eb963f035334e1b1fd0dac7947ce6e3ade
[root@docker01-h-100 xiaoniao]# docker ps -a -l
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
662b69f97471        xiaoniao:v2         "nginx -g 'daemon of…"   6 seconds ago       Up 5 seconds        0.0.0.0:80->80/tcp   sad_haibt
[root@docker01-h-100 xiaoniao]# docker ps -a -l --no-trunc
CONTAINER ID                                                       IMAGE               COMMAND                    CREATED             STATUS              PORTS                NAMES
662b69f974717f5dee549dd909d1c2eb963f035334e1b1fd0dac7947ce6e3ade   xiaoniao:v2         "nginx -g 'daemon off;'"   2 minutes ago       Up 2 minutes        0.0.0.0:80->80/tcp   sad_haibt

# 浏览器访问:http://10.0.0.100

12.3 dockerfile中的WORKDIR指令

$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile

编辑dockerfile文件

FROM centos:6.9

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
RUN yum install unzip -y
WORKDIR /usr/share/nginx/html
RUN rm -fr *
RUN curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip
RUN unzip xiaoniao.zip

CMD ["nginx","-g","daemon off;"]

开始构建

$ docker build -t xiaoniao:v3 .

测试

[root@docker01-h-100 xiaoniao]# docker run -d -p 81:80 xiaoniao:v3
[root@docker01-h-100 xiaoniao]# docker exec -it a620020cc0d5 /bin/bash
[root@a620020cc0d5 html]# pwd
/usr/share/nginx/html

# 浏览器访问:http://10.0.0.100:81

12.4 dockerfile中的EXPOSE指令

$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile

编辑dockerfile文件

FROM centos:6.9

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
RUN yum install unzip -y
WORKDIR /usr/share/nginx/html
RUN rm -fr *
RUN curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip
RUN unzip xiaoniao.zip
EXPOSE 80

CMD ["nginx","-g","daemon off;"]

开始构建

$ docker build -t xiaoniao:v4 .

测试

[root@docker01-h-100 xiaoniao]# docker run -d -P xiaoniao:v4
[root@docker01-h-100 xiaoniao]# docker container ls -a -l
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
926cc84e873b        xiaoniao:v4         "nginx -g 'daemon of…"   21 seconds ago      Up 20 seconds       0.0.0.0:32768->80/tcp   nostalgic_engelbart

# 浏览器访问:http://10.0.0.100:32768

12.5 dockerfile中的ENV指令

$ cd /opt/dockerfile/vsftp
$ vim dockerfile

编辑dockerfile文件

FROM centos:6.9

ENV version=2.2.2
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN yum install vsftpd-$version -y

开始构建

$ docker build -t vsftpd:v1 .

测试

[root@docker01-h-100 vsftp]# docker run -it vsftpd:v1 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=bb3ebff344a2
TERM=xterm
version=2.2.2
HOME=/root

12.6 dockerfile中的ENTRYPOINT指令

$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile

编辑dockerfile文件

FROM centos:6.9

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
RUN yum install unzip -y
WORKDIR /usr/share/nginx/html
RUN rm -fr *
RUN curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip
RUN unzip xiaoniao.zip
EXPOSE 80

ENTRYPOINT ["nginx","-g","daemon off;"]

开始构建

$ docker build -t xiaoniao:v5 .

测试

[root@docker01-h-100 xiaoniao]# docker run -d xiaoniao:v5 lalala
9de30c3ec4b63782a07d21fb3526a26fb5180c99f4f0e0a5ef6fb52112e55651
[root@docker01-h-100 xiaoniao]# docker container ls -a -l --no-trunc
CONTAINER ID                                                       IMAGE               COMMAND                           CREATED             STATUS                     PORTS               NAMES
9de30c3ec4b63782a07d21fb3526a26fb5180c99f4f0e0a5ef6fb52112e55651   xiaoniao:v5         "nginx -g 'daemon off;' lalala"   2 minutes ago       Exited (1) 2 minutes ago                       hardcore_johnson

12.7 单服务

宿主机:

cd /opt/
mkdir dockerfile
cd dockerfile
mkdir centos-nginx
cd centos-nginx/
vim dockerfile

创建并编辑dockerfile文件

FROM centos:6.9

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y

CMD ["nginx","-g","daemon off;"]

开始构建

[root@docker01-h-100 centos-nginx]# docker image build -t centos_nginx:v1 /opt/dockerfile/centos-nginx/
或
[root@docker01-h-100 centos-nginx]# docker image build -t centos_nginx:v1 .

# 构建时采用加速方式(实验室环境)
docker image build --network=host -t centos_nginx:v1 .
或
docker image build --network=host -t centos_nginx:v1 /opt/dockerfile/centos-nginx/
# --network=host 采用宿主的hosts文件  "192.168.13.120  mirrors.aliyun.com" >>/etc/hosts

开始测试

[root@docker01-h-100 centos-nginx]# docker run -d -p 80:80 centos_nginx:v1
[root@docker01-h-100 centos-nginx]# docker ps -a -l --no-trunc
CONTAINER ID                                                       IMAGE               COMMAND                    CREATED             STATUS              PORTS                NAMES
e48b41b095768a9f4c1b5a39f5a63a87350ebc990d2e03383faa8bfc6393386b   centos_nginx:v1     "nginx -g 'daemon off;'"   2 minutes ago       Up 2 minutes        0.0.0.0:80->80/tcp   crazy_kepler

# 浏览器访问:http://10.0.0.100

12.8 双服务

宿主机:

cd /opt/dockerfile/kod

# 先从之前手动创建的镜像中拷取文件出来
[root@docker01-h-100 kod]# docker run -it kod:v1 /bin/bash
[root@dd5b8dfaa6e3 /]# ls /init.sh 
/init.sh
[root@dd5b8dfaa6e3 /]# ls /etc/php-fpm.d/www.conf
/etc/php-fpm.d/www.conf
[root@dd5b8dfaa6e3 /]# ls /etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf
[root@dd5b8dfaa6e3 /]# exit
exit
[root@docker01-h-100 kod]# docker cp dd5b8dfaa6e3:/init.sh .
[root@docker01-h-100 kod]# docker cp dd5b8dfaa6e3:/etc/php-fpm.d/www.conf .
[root@docker01-h-100 kod]# docker cp dd5b8dfaa6e3:/etc/nginx/conf.d/default.conf .
[root@docker01-h-100 kod]# ls
default.conf  init.sh  www.conf

vim dockerfile

创建并编辑dockerfile文件

FROM centos:6.9

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y

RUN yum install unzip php-fpm php-mbstring php-gd -y

WORKDIR /usr/share/nginx/html/
RUN rm -fr *
RUN curl -o kodexplorer4.40.zip http://10.0.0.200/kodexplorer4.40.zip

RUN unzip kodexplorer4.40.zip
RUN chown -R nginx:nginx .

COPY www.conf /etc/php-fpm.d/www.conf
COPY default.conf /etc/nginx/conf.d/default.conf
COPY init.sh /init.sh
EXPOSE 80
ENTRYPOINT ["/init.sh"]

开始构建

[root@docker01-h-100 centos-nginx]# docker build -t kod:v2 .

开始测试

[root@docker01-h-100 kod]# docker run -d -P kod:v2 lalala
a4ade3c4ac30100cf3ef2ca08470f7f62da816aa7efd1db90b0b4dad1a3948bc

[root@docker01-h-100 kod]# docker ps -a -l --no-trunc
CONTAINER ID                                                       IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
a4ade3c4ac30100cf3ef2ca08470f7f62da816aa7efd1db90b0b4dad1a3948bc   kod:v2              "/init.sh lalala"   13 seconds ago      Up 13 seconds       0.0.0.0:32770->80/tcp   practical_elion

# 浏览器访问:http://10.0.0.100:32770

12.9 优化镜像容量

将12.6的dockerfile文件优化

$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile

编辑dockerfile文件

FROM centos:6.9

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo && \
 curl -o  /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo && \
 yum install nginx unzip -y && yum clean all
WORKDIR /usr/share/nginx/html
RUN rm -fr * && \
 curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip && \
 unzip xiaoniao.zip && rm -fr xiaoniao.zip
EXPOSE 80
ENTRYPOINT ["nginx","-g","daemon off;"]

开始构建

$ docker build -t xiaoniao:v6 .

测试

[root@docker01-h-100 xiaoniao]# docker run -d -P xiaoniao:v6
45e161b5c86a178572c3e5c472fa3070c527beeb415d7294f1a3c3f6bfaae4ae
[root@docker01-h-100 xiaoniao]# docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                      PORTS                   NAMES
45e161b5c86a        xiaoniao:v6         "nginx -g 'daemon of…"   5 seconds ago        Up 4 seconds                0.0.0.0:32768->80/tcp   sweet_gould

# 浏览器访问:http://10.0.0.100:32770

比较v6与v7的大小

[root@docker01-h-100 xiaoniao]# docker image ls xiaoniao
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
xiaoniao            v6                  b26b82db7a31        17 seconds ago      355MB
xiaoniao            v5                  5531060931b0        47 hours ago        560MB
xiaoniao            v4                  527144eb17b2        2 days ago          560MB
xiaoniao            v3                  85c46d22e61e        2 days ago          560MB
xiaoniao            v2                  4c7f36954fe7        2 days ago          446MB
xiaoniao            v1                  7cb0e8bd8617        5 days ago          446MB

13 docker容器间的互联

  • docker run --link 名字:别名 # 此法为单方向互联

示例:

[root@docker02-h-101 ~]# docker run -d -it --name rock alpine:3.8
e683e3227dfc62ca1c9e3ebe926a60d3e0e7d136140654fa5886d660466ff573

[root@docker02-h-101 ~]# docker container ls -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
e683e3227dfc        alpine:3.8          "/bin/sh"           3 seconds ago       Up 2 seconds                            rock

[root@docker02-h-101 ~]# docker run -it --link rock:db alpine:3.8
/ # ping db
PING db (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.120 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.181 ms
^C
--- db ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.120/0.150/0.181 ms
/ # ping rock
PING rock (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.227 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.067 ms
^C
--- rock ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.067/0.147/0.227 ms
/ # cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.3	db e683e3227dfc rock
172.17.0.4	0538e941f87d

zabbix例子:

主机101:

# 导入镜像
[root@docker02-h-101 zabbix]# pwd
/root/docker_image/zabbix
[root@docker02-h-101 zabbix]# ls
docker-mysql-5.7.tar.gz  zabbix-java-gateway.tar.gz  zabbix-server-mysql.tar.gz  zabbix-web-nginx-mysql.tar.gz
[root@docker02-h-101 zabbix]# for n in `ls *.tar.gz`;do docker load -i $n;done

[root@docker02-h-101 zabbix]# docker image ls -a
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
nginx                           latest              540a289bab6c        6 weeks ago         126MB
alpine                          3.8                 dac705114996        9 months ago        4.41MB
zabbix/zabbix-server-mysql      latest              e36e7fa7e11a        3 years ago         106MB
zabbix/zabbix-web-nginx-mysql   latest              386dc9afc1c4        3 years ago         174MB
zabbix/zabbix-java-gateway      latest              4257519fd740        3 years ago         148MB
mysql                           5.7                 b7dc06006192        3 years ago         386MB

# 启动命令
docker run --name mysql-server -t \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -d mysql:5.7 \
      --character-set-server=utf8 --collation-server=utf8_bin

docker run --name zabbix-java-gateway -t \
      -d zabbix/zabbix-java-gateway:latest

docker run --name zabbix-server-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
      --link mysql-server:mysql \
      --link zabbix-java-gateway:zabbix-java-gateway \
      -p 10051:10051 \
      -d zabbix/zabbix-server-mysql:latest

docker run --name zabbix-web-nginx-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      --link mysql-server:mysql \
      --link zabbix-server-mysql:zabbix-server \
      -p 80:80 \
      -d zabbix/zabbix-web-nginx-mysql:latest

[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS                               NAMES
8d091e8c2900        zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabb…"   11 seconds ago      Up 11 seconds       0.0.0.0:80->80/tcp, 443/tcp         zabbix-web-nginx-mysql
8b72d9df775f        zabbix/zabbix-server-mysql:latest      "/bin/bash /run_zabb…"   14 seconds ago      Up 13 seconds       162/udp, 0.0.0.0:10051->10051/tcp   zabbix-server-mysql
585d52c39586        zabbix/zabbix-java-gateway:latest      "/bin/bash /run_zabb…"   14 seconds ago      Up 14 seconds       10052/tcp                           zabbix-java-gateway
c721fcdac608        mysql:5.7                              "docker-entrypoint.s…"   15 seconds ago      Up 14 seconds       3306/tcp                            mysql-server

# 浏览器访问:http://10.0.0.101
# 管理员初始密码:Admin / zabbix

主机100:

# 安装zabbix客户端
[root@docker01-h-100 rpm]# pwd
/root/rpm
[root@docker01-h-100 rpm]# ls
zabbix-agent-3.2.0-1.el7.x86_64.rpm
[root@docker01-h-100 rpm]# rpm -ivh zabbix-agent-3.2.0-1.el7.x86_64.rpm
warning: zabbix-agent-3.2.0-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:zabbix-agent-3.2.0-1.el7         ################################# [100%]

[root@docker01-h-100 rpm]# vim /etc/zabbix/zabbix_agentd.conf

编辑zabbix_agentd.conf

第95行:Server=10.0.0.101

启动服务

[root@docker01-h-100 rpm]# systemctl start zabbix-agent.service

主机101:

zabbix管理设置界面:http://10.0.0.101
配置 - 主机 - 创建主机

主机:
    主机名称:10.0.0.100
    群组:Linux servers
    agent代理程序的接口:IP地址10.0.0.100
模板:
    链接指示器:Template OS Linux

# 等不及的话重启服务
[root@docker02-h-101 zabbix]# docker restart zabbix-server-mysql

监测中点最新数据就能看到数据

14 docker的私有仓库

14.1 不带认证

100宿主机(服务端):

# 先导入私有仓库镜像
[root@docker01-h-100 dockerfile]# pwd
/opt/dockerfile
[root@docker01-h-100 dockerfile]# docker load -i registry.tar.gz

# 直接启动
[root@docker01-h-100 dockerfile]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry
cafb85d5bb902b768c490261983aaf4eecd313dbeee159285ff0959daa5aabfd

# --restart=always    宿主机重启后,该docker应用也跟着自动启动

101宿主机(客户端)

[root@docker02-h-101 ~]# vim /etc/docker/daemon.json

编辑/etc/docker/daemon.json(无论上传下载都要有)

{
  "insecure-registries": ["10.0.0.100:5000"],
  "registry-mirrors": ["https://registry.docker-cn.com"]
}
# registry-mirrors为镜像加速

重启docker服务

[root@docker02-h-101 ~]# systemctl restart docker

先打标签再推送

[root@docker02-h-101 ~]# docker tag alpine:3.8 10.0.0.100:5000/alpine:3.8
[root@docker02-h-101 ~]# docker push 10.0.0.100:5000/alpine
The push refers to repository [10.0.0.100:5000/alpine]
d9ff549177a9: Pushed 
3.8: digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209 size: 528
[root@docker02-h-101 ~]#

100宿主机

# 查看刚才推送的镜像与版本
[root@docker01-h-100 dockerfile]# ls /opt/myregistry/docker/registry/v2/repositories/
alpine
[root@docker01-h-100 dockerfile]# ls /opt/myregistry/docker/registry/v2/repositories/alpine/_manifests/tags/
3.8

101宿主机(客户端)

# 从私有仓库下载镜像
[root@docker02-h-101 ~]# docker pull 10.0.0.100:5000/alpine:3.8
3.8: Pulling from alpine
Digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209
Status: Image is up to date for 10.0.0.100:5000/alpine:3.8
10.0.0.100:5000/alpine:3.8

浏览器查看:

http://10.0.0.100:5000/v2/_catalog

国内的镜像广场:
时速云

# 下载公共外网的镜像
[root@docker02-h-101 ~]# docker pull index.tenxcloud.com/system_containers/fluentd-elk:v3.2.0
[root@docker02-h-101 ~]# docker pull daocloud.io/huangzhichong/alpine-cn:latest
latest: Pulling from huangzhichong/alpine-cn
0a8490d0dfd3: Pull complete 
8881e0c6b9b8: Pull complete 
Digest: sha256:57c79fbd51aac09ea307ba6ddbbb4cc60f49e015d261193bacff95f9fa39d88c
Status: Downloaded newer image for daocloud.io/huangzhichong/alpine-cn:latest
daocloud.io/huangzhichong/alpine-cn:latest

14.2 带认证

强哥的博客:docker私有仓库registry的使用

100宿主机(服务端):

[root@docker01-h-100 dockerfile]# yum install httpd-tools -y
[root@docker01-h-100 dockerfile]# mkdir /opt/registry-var/auth/ -p
[root@docker01-h-100 dockerfile]# htpasswd -Bbn oldboy 123456 >> /opt/registry-var/auth/htpasswd
[root@docker01-h-100 ~]# docker run -d -p 5001:5000 --restart=always --name registry_auth -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
391d185fbde8a7f008a366fd50046aabb8d5471db7eca83101e5f43649868f30
[root@docker01-h-100 ~]# docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                    NAMES
391d185fbde8        registry            "/entrypoint.sh /etc…"   47 seconds ago      Up 46 seconds              0.0.0.0:5001->5000/tcp   registry_auth

101宿主机(客户端)

[root@docker02-h-101 ~]# vim /etc/docker/daemon.json

编辑/etc/docker/daemon.json(无论上传下载都要有)

{
  "insecure-registries": ["10.0.0.100:5001"],
  "registry-mirrors": ["https://registry.docker-cn.com"]
}
# registry-mirrors为镜像加速

重启docker服务

[root@docker02-h-101 ~]# systemctl restart docker
# 登陆再上传
[root@docker02-h-101 ~]# docker login 10.0.0.100:5001
Username: oldboy
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@docker02-h-101 .docker]# docker tag alpine:3.8 10.0.0.100:5001/alpine:3.8
[root@docker02-h-101 .docker]# docker push 10.0.0.100:5001/alpine
The push refers to repository [10.0.0.100:5001/alpine]
d9ff549177a9: Layer already exists 
3.8: digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209 size: 528

退出

[root@docker02-h-101 .docker]# docker logout 10.0.0.100:5001
Removing login credentials for 10.0.0.100:5001

删除认证文件
[root@docker02-h-101 .docker]# rm -fr  /root/.docker/config.json

14.3 删除镜像(未做实验)

删除镜像
1)进入docker registry的容器中

docker exec -it registry /bin/sh
  1. 删除repo
rm -fr /var/lib/registry/docker/registry/v2/repositories/nginx
  1. 清楚掉blob
registry garbage-collect /etc/docker/registry/config.yml

14.4 Harbor 安装和使用

Harbor 1.8.0 仓库的安装和使用


15 docker容器编排(单机版docker-compose)

作用:一次性启动多个容器

配置文件:
docker-compose.yml(用于决定启动哪些容器)

版本参考:https://docs.docker.com/compose/compose-file/

相关命令:

docker-compose up -d(创建并启动)

docker-compose restart 单个服务名字
docker-compose restart(重启所有)

docker-compose stop(停止所有)
docker-compose stop 单个服务名字

docker-compose start (启动所有)
docker-compose start 单个服务名字

docker-compose down(停止并删除)

安装docker-compose(需要epel源)

[root@docker02-h-101 ~]# yum install docker-compose -y
[root@docker02-h-101 zabbix]# pwd
/opt/docker-compose/zabbix
[root@docker02-h-101 zabbix]# vim docker-compose.yaml

编辑yaml文件

version: '3'

services:
   mysql-server:
     image: mysql:5.7
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: root_pwd
       MYSQL_DATABASE: zabbix
       MYSQL_USER: zabbix
       MYSQL_PASSWORD: zabbix_pwd
     command: --character-set-server=utf8

   zabbix-java-gateway:
     image: zabbix/zabbix-java-gateway:latest
     restart: always

   zabbix-server:
     depends_on:
       - mysql-server
     image: zabbix/zabbix-server-mysql:latest
     restart: always
     environment:
       DB_SERVER_HOST: mysql-server
       MYSQL_DATABASE: zabbix
       MYSQL_USER: zabbix
       MYSQL_PASSWORD: zabbix_pwd
       MYSQL_ROOT_PASSWORD: root_pwd
       ZBX_JAVAGATEWAY: zabbix-java-gateway
     ports:
       - "10051:10051"

   zabbix-web-nginx-mysql:
     depends_on:
       - zabbix-server
     image: zabbix/zabbix-web-nginx-mysql:latest
     ports:
       - "80:80"
     restart: always
     environment:
       DB_SERVER_HOST: mysql-server
       MYSQL_DATABASE: zabbix
       MYSQL_USER: zabbix
       MYSQL_PASSWORD: zabbix_pwd
       MYSQL_ROOT_PASSWORD: root_pwd

启动docker-compose

[root@docker02-h-101 zabbix]# docker-compose up -d

查看状态

[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS                               NAMES
5e274626a917        zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabb…"   21 seconds ago      Up 20 seconds       0.0.0.0:80->80/tcp, 443/tcp         zabbix_zabbix-web-nginx-mysql_1
774cdef1c413        zabbix/zabbix-server-mysql:latest      "/bin/bash /run_zabb…"   22 seconds ago      Up 20 seconds       162/udp, 0.0.0.0:10051->10051/tcp   zabbix_zabbix-server_1
2089f645a34f        mysql:5.7                              "docker-entrypoint.s…"   23 seconds ago      Up 22 seconds       3306/tcp                            zabbix_mysql-server_1
9717d59f0d70        zabbix/zabbix-java-gateway:latest      "/bin/bash /run_zabb…"   23 seconds ago      Up 22 seconds       10052/tcp                           zabbix_zabbix-java-gateway_1
# 浏览器访问:http://10.0.0.101
# 管理员初始密码:Admin / zabbix

模拟异常:

# 先删除
[root@docker02-h-101 zabbix]# docker rm -f zabbix_zabbix-server_1
zabbix_zabbix-server_1

[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS                         NAMES
5e274626a917        zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabb…"   7 minutes ago       Up 7 minutes        0.0.0.0:80->80/tcp, 443/tcp   zabbix_zabbix-web-nginx-mysql_1
2089f645a34f        mysql:5.7                              "docker-entrypoint.s…"   7 minutes ago       Up 7 minutes        3306/tcp                      zabbix_mysql-server_1
9717d59f0d70        zabbix/zabbix-java-gateway:latest      "/bin/bash /run_zabb…"   7 minutes ago       Up 7 minutes        10052/tcp                     zabbix_zabbix-java-gateway_1

# 扩展
[root@docker02-h-101 zabbix]# docker-compose scale zabbix-server=1
WARNING: The scale command is deprecated. Use the up command with the --scale flag instead.
Creating zabbix_zabbix-server_1 ... done

[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS                               NAMES
5696cf6464b4        zabbix/zabbix-server-mysql:latest      "/bin/bash /run_zabb…"   2 seconds ago       Up 1 second         162/udp, 0.0.0.0:10051->10051/tcp   zabbix_zabbix-server_1
5e274626a917        zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabb…"   7 minutes ago       Up 7 minutes        0.0.0.0:80->80/tcp, 443/tcp         zabbix_zabbix-web-nginx-mysql_1
2089f645a34f        mysql:5.7                              "docker-entrypoint.s…"   8 minutes ago       Up 7 minutes        3306/tcp                            zabbix_mysql-server_1
9717d59f0d70        zabbix/zabbix-java-gateway:latest      "/bin/bash /run_zabb…"   8 minutes ago       Up 7 minutes        10052/tcp                           zabbix_zabbix-java-gateway_1

附加例子(未做实验):
wordpress
https://docs.docker.com/compose/wordpress/


16 docker网络

16.1 默认网络

  • host:使用宿主机的网络,性能最高 端口不能冲突
  • none:不使用网络
  • container:与其他容器共用网络,端口不能冲突。主要为k8s中使用
  • bridge:nat转换 172.17.0.0/16 默认

创建范例:

# host类型 #
[root@docker01-h-100 ~]# docker run -it --network=host alpine:3.9
/ # hostname 
docker01-h-100
/ # ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:60:6E:5A:7B  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0


# none类型 #
[root@docker01-h-100 ~]# docker run -it --network=none alpine:3.9
/ # hostname 
b2102b8dfc24
/ # ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


# container类型 #
# 先在none类型的容器中偷偷离开(按键ctrl + p --> ctrl +q)
/ # [root@docker01-h-100 ~]# docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                    NAMES
b2102b8dfc24        alpine:3.9          "/bin/sh"                4 minutes ago       Up 4 minutes                                        quizzical_austin
[root@docker01-h-100 ~]# docker run -it --network container:b2102b8dfc24 alpine:3.9
/ # hostname 
b2102b8dfc24
/ # ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

查看容器自身拥有的网络种类

[root@docker02-h-101 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
2f57a0bb3dbe        bridge              bridge              local
70ee693800de        host                host                local
4972003e7886        none                null                local
963d985f5825        zabbix_default      bridge              local

查看容器的网络类型

[root@docker02-h-101 ~]# docker container ls -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS                               NAMES
5696cf6464b4        zabbix/zabbix-server-mysql:latest      "/bin/bash /run_zabb…"   8 hours ago         Up 13 minutes       162/udp, 0.0.0.0:10051->10051/tcp   zabbix_zabbix-server_1
5e274626a917        zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabb…"   8 hours ago         Up 13 minutes       0.0.0.0:80->80/tcp, 443/tcp         zabbix_zabbix-web-nginx-mysql_1
2089f645a34f        mysql:5.7                              "docker-entrypoint.s…"   8 hours ago         Up 13 minutes       3306/tcp                            zabbix_mysql-server_1
9717d59f0d70        zabbix/zabbix-java-gateway:latest      "/bin/bash /run_zabb…"   8 hours ago         Up 13 minutes       10052/tcp                           zabbix_zabbix-java-gateway_1
[root@docker02-h-101 ~]# docker container inspect 5696cf6464b4

16.2 自建网络

范例:
第一步:自建一个名字为 rock 的 bridge 类型网络
第二步:根据自建网络创建一个容器

# 网络
[root@docker01-h-100 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
06dd2d885ed6        bridge              bridge              local
48c7831e04c6        host                host                local
dd692489f056        none                null                local

[root@docker01-h-100 ~]# docker network create --subnet 172.18.0.0/16 --gateway=172.18.0.1 -d bridge rock
e76e59153b529c5f9aca607f78f97452247911619bd47380a791509085395d42

[root@docker01-h-100 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
06dd2d885ed6        bridge              bridge              local
48c7831e04c6        host                host                local
dd692489f056        none                null                local
e76e59153b52        rock                bridge              local

[root@docker01-h-100 ~]# ifconfig
br-e76e59153b52: flags=4163  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        inet6 fe80::42:c1ff:fe96:8452  prefixlen 64  scopeid 0x20
        ether 02:42:c1:96:84:52  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


# 容器
[root@docker01-h-100 ~]# docker run -it --network rock alpine:3.9 
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:12:00:02  
          inet addr:172.18.0.2  Bcast:172.18.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1172 (1.1 KiB)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # ping www.baidu.com
PING www.baidu.com (180.101.49.12): 56 data bytes
64 bytes from 180.101.49.12: seq=0 ttl=127 time=13.613 ms
64 bytes from 180.101.49.12: seq=1 ttl=127 time=12.563 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 12.563/13.088/13.613 ms

16.3 跨宿主机网络容器之间的通信overlay类型

要点:

  • 宿主机 主机名不能相同
  • consul:kv类型的存储数据库(key:value)

103宿主机(consul服务端)

# 安装consul容器,它用来存储ip地址的分配
[root@docker03-h-102 docker_image]# pwd
/root/docker_image
[root@docker03-h-102 docker_image]# docker load -i docker_progrium_consul.tar.gz
[root@docker03-h-102 docker_image]# docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
progrium/consul     latest              09ea64205e55        4 years ago         69.4 MB

[root@docker03-h-102 docker_image]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
920687010b146669f931e7f3cabaff59bee0b32bab72e11c7d0907a7d8145461

[root@docker03-h-102 docker_image]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                                                                            NAMES
920687010b14        progrium/consul     "/bin/start -serve..."   About a minute ago   Up About a minute   53/tcp, 53/udp, 8300-8302/tcp, 8400/tcp, 8301-8302/udp, 0.0.0.0:8500->8500/tcp   consul

# 浏览器访问:http://10.0.0.102:8500

100宿主机

[root@docker01-h-100 ~]# vim /etc/docker/daemon.json

编辑/etc/docker/daemon.json

{
  # 下述两行为私有仓库相关
  "insecure-registries": ["10.0.0.100:5000"],
  "registry-mirrors": ["https://registry.docker-cn.com"],
  # 下述三行为容器间通讯
  "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.102:8500",
  "cluster-advertise": "10.0.0.100:2376"
}
[root@docker01-h-100 ~]# vim /usr/lib/systemd/system/docker.service

编辑/usr/lib/systemd/system/docker.service

第十四行:ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock

重启服务

[root@docker01-h-100 ~]# systemctl daemon-reload
[root@docker01-h-100 ~]# systemctl restart docker

# 浏览器访问:http://10.0.0.102:8500,key/Value中的node节点

101宿主机

[root@docker02-h-101 ~]# vim /etc/docker/daemon.json

编辑/etc/docker/daemon.json

{
  "insecure-registries": ["10.0.0.100:5000"],
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.102:8500",
  "cluster-advertise": "10.0.0.101:2376"
}
[root@docker02-h-101 ~]# vim /usr/lib/systemd/system/docker.service

编辑/usr/lib/systemd/system/docker.service

第十四行:ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock

重启服务

[root@docker02-h-101 ~]# systemctl daemon-reload
[root@docker02-h-101 ~]# systemctl restart docker

创建overlay网络
100宿主机

[root@docker01-h-100 ~]# docker network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1
b34d929dbdbdc85b68ba4b1b304aeb068b0155326f5b7c738e6cebb2990f95a9
[root@docker01-h-100 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
40d98ade0a84        bridge              bridge              local
48c7831e04c6        host                host                local
dd692489f056        none                null                local
b34d929dbdbd        ol1                 overlay             global
e76e59153b52        rock                bridge              local

101宿主机(无需创建)

[root@docker02-h-101 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
d9816afa2ce8        bridge              bridge              local
70ee693800de        host                host                local
4972003e7886        none                null                local
b34d929dbdbd        ol1                 overlay             global
963d985f5825        zabbix_default      bridge              local

# 查看100的容器是否有registry
[root@docker02-h-101 ~]# docker -H 10.0.0.100:2376 ps -a|grep "registry"
cafb85d5bb90        registry            "/entrypoint.sh /etc…"   39 hours ago        Up 21 minutes               0.0.0.0:5000->5000/tcp   registry

# 查看自己的容器是否有registry
[root@docker02-h-101 ~]# docker ps -a|grep "registry"

启动容器测试
100容器

[root@docker01-h-100 ~]# docker run -it --network ol1 --name rock01 10.0.0.100:5000/alpine:3.8 /bin/sh

101容器

[root@docker02-h-101 ~]# docker run -it --network ol1 --name rock02 10.0.0.100:5000/alpine:3.8 /bin/sh

# 直接ping rock01
/ # ping rock01
PING rock01 (172.16.2.1): 56 data bytes
64 bytes from 172.16.2.1: seq=0 ttl=64 time=0.451 ms
64 bytes from 172.16.2.1: seq=1 ttl=64 time=0.471 ms
64 bytes from 172.16.2.1: seq=2 ttl=64 time=0.438 ms
^C
--- rock01 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.438/0.453/0.471 ms
/ # 

/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:10:02:02  
          inet addr:172.16.2.2  Bcast:172.16.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:728 (728.0 B)  TX bytes:728 (728.0 B)

eth1      Link encap:Ethernet  HWaddr 02:42:AC:13:00:02  
          inet addr:172.19.0.2  Bcast:172.19.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1136 (1.1 KiB)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:230 (230.0 B)  TX bytes:230 (230.0 B)

/ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.19.0.1      0.0.0.0         UG    0      0        0 eth1
172.16.2.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.19.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1

注意:每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网

100容器
创建容器能通过对外访问

[root@docker01-h-100 ~]# docker run -d --network ol1 --name kod -p 90:80 kod:v2
d28449a26cc3cce33d982085fb8a7f199e94ec582fefe833b322e5e642f38b73

17 Docker监控

node-expoter(监控linux宿主机)与cadvisor(监控容器)安装在100与101
prometheus与grafana安装在102

100与101宿主机

# 导入node-exporter与cadisor
[root@docker02-h-101 docker_image]# docker load -i docker_monitor_node.tar.gz
975e03895fb7: Loading layer [==================================================>]  4.688MB/4.688MB
f9fe8137e4e3: Loading layer [==================================================>]  2.765MB/2.765MB
78f40987f0cd: Loading layer [==================================================>]  16.88MB/16.88MB
Loaded image: quay.io/prometheus/node-exporter:latest
cd7100a72410: Loading layer [==================================================>]  4.403MB/4.403MB
9ea477e6d99e: Loading layer [==================================================>]  33.09MB/33.09MB
66b3c2e84199: Loading layer [==================================================>]  32.88MB/32.88MB
Loaded image: google/cadvisor:latest

# 启动node-exporter
[root@docker02-h-101 docker_image]# docker run -d -p 9100:9100 -v "/:/host:ro,rslave" --name=node_exporter quay.io/prometheus/node-exporter --path.rootfs /host
89744ae8ca95ff8a5922fe8bf76d5f986a80bc689c0daf24d2aa933a6e7907c9

# 启动cadvisor
[root@docker02-h-101 docker_image]# docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=8080:8080 --detach=true --name=cadvisor google/cadvisor:latest
1d49ed343d74bfc3ac9bbc8090c9e41319a6cd856a6b7690342b57ed4ff066e2

102宿主机(安装prometheus)

[root@docker03-h-102 ~]# cd /opt/
[root@docker03-h-102 opt]# ls
prometheus-2.12.0.linux-amd64.tar.gz
[root@docker03-h-102 opt]# tar xf prometheus-2.12.0.linux-amd64.tar.gz
[root@docker03-h-102 opt]# cd prometheus-2.12.0.linux-amd64/
[root@docker03-h-102 prometheus-2.12.0.linux-amd64]# vim prometheus.yml

编辑prometheus.yml

scrape_configs:
  # The job name is added as a label `job=` to any timeseries scraped from this config.
  - job_name: 'prometheus'
    static_configs:
    - targets: ['localhost:9090']
  - job_name: 'cadvisor'
    static_configs:
    - targets: ['10.0.0.100:8080','10.0.0.101:8080']
  - job_name: 'node'
    static_configs:
    - targets: ['10.0.0.100:9100','10.0.0.101:9100']

启动prometheus

[root@docker03-h-102 prometheus-2.12.0.linux-amd64]# nohup ./prometheus --config.file="prometheus.yml" >> /dev/null 2>&1 &

# 浏览器访问:http://10.0.0.102:9090
查看status下的target

102宿主机(安装grafana)

[root@docker03-h-102 package]# yum localinstall grafana-6.3.3-1.x86_64.rpm -y
[root@docker03-h-102 package]# systemctl start grafana-server.service
[root@docker03-h-102 package]# systemctl enable grafana-server.service

[root@docker03-h-102 package]# ss -tnlp
State       Recv-Q Send-Q                                 Local Address:Port                                                Peer Address:Port              
LISTEN      0      128                                                *:22                                                             *:*                   users:(("sshd",pid=6999,fd=3))
LISTEN      0      128                                               :::8500                                                          :::*                   users:(("docker-proxy-cu",pid=7433,fd=4))
LISTEN      0      128                                               :::22                                                            :::*                   users:(("sshd",pid=6999,fd=4))
LISTEN      0      128                                               :::3000                                                          :::*                   users:(("grafana-server",pid=7858,fd=6))
LISTEN      0      128                                               :::9090                                                          :::*                   users:(("prometheus",pid=7705,fd=7))

# 浏览器访问:http://10.0.0.102:3000/login
账号 / 密码:admin / admin

Configuration - DataSource中新建一个数据源选择prometheus - IP:10.0.0.102:9090
create - import - 选择导入文件grafana_docker_dashboard.json - option内的Prometheus中选择Prometheus

grafana出图模板

grafana主要配置工作:

  • 插件:zabbix插件
  • 数据源:prometheus
  • 模板:出图dashboard

你可能感兴趣的:(容器)