Dockers深入

案例:定义一个私有仓库

1. 整体思路
   
2. 服务端设置
   
3. 上传镜像
   
4. 客户端配置
   
5. 客户端使用
   
6. 操作代码

~]# yum install docker-distribution
~]# systemctl start docker-distribution
~]# systemctl enable docker-distribution
~]# docker tag docker.io/busybox:latest 192.168.1.31:5000/docker.io/busybox:latest //打标签
~]# docker push 192.168.1.31:5000/docker.io/busybox:latest     //上传
~]# docker tag docker.io/myos:http 192.168.1.31:5000/ docker.io/myos:http
~]# docker push  192.168.1.31:5000/docker.io/myos:http

私有仓库默认目录为 /var/lib/registry

案例:NFS共享存储

本案例要求创建NFS共享，能映射到容器里

• 服务器创建NFS共享存储，共享目录为/content，权限为rw
• 客户端挂载共享，并将共享目录映射到容器中
  本方案要求需要一台NFS服务器，ip为192.168.1.254，一台客户端docker1主机，ip为192.168.1.10，一台户端docker2主机，ip为192.168.1.20，实现客户端挂载共享，并将共享目录映射到容器中，docker1更新文件时，docker2实现同步更新

步骤一：配置NFS服务器

    [root@room9pc01 ~]# yum -y install nfs-utils
    [root@room9pc01 ~]# mkdir /content
    [root@room9pc01 ~]# vim /etc/exports
    /content     *(rw，no_root_squash)
    [root@room9pc01 ~]# systemctl restart nfs-server.service
    [root@room9pc01 ~]# systemctl restart nfs-secure.service
    [root@room9pc01 ~]# exportfs  -rv
    exporting *:/content
    [root@room9pc01 ~]# chmod 777 /content
    [root@room9pc01 ~]# echo 11 > /content/index.html

步骤二：配置客户端

    [root@docker1 bulid]# yum -y install nfs-utils
    [root@docker1 bulid]# systemctl restart nfs-server.service
    [root@docker1 bulid]# showmount -e 192.168.1.254
    Export list for 192.168.1.254:
    /content *
    [root@docker1 ~]# mkdir /mnt/qq
    [root@docker1 ~]# mount -t nfs 192.168.1.254:/content /mnt/qq
    [root@docker1 ~]# ls /mnt/qq
    index.html
    [root@docker1 ~]# cat  /mnt/qq/index.html 
    11
    [root@docker1 ~]# docker run  -d -p 80:80 -v /mnt/qq:/var/www/html -it docker.io/myos:http
    224248f0df5d795457c43c2a7dad0b7e5ec86abdc3f31d577e72f7929f020e01
    [root@docker1 ~]# curl 192.168.1.31
    11
    [root@docker2 ~]# yum -y install nfs-utils
    [root@docker2 ~]# showmount -e 192.168.1.254
    Export list for 192.168.1.254:
    /content *
    [root@docker2 ~]# mkdir /mnt/qq
    [root@docker2 ~]# mount -t nfs 192.168.1.254:/content /mnt/qq
    [root@docker2 ~]# docker run  -d -p 80:80 -v /mnt/qq:/usr/share/nginx/html -it 192.168.1.10:5000/docker.io/myos:http
    00346dabec2c7a12958da4b7fee6551020249cdcb111ad6a1058352d2838742a
    [root@docker2 ~]# curl 192.168.1.32
    11
    [root@docker1 ~]# touch /mnt/qq/a.sh
    [root@docker1 ~]# echo 22 > /mnt/qq/index.html
    [root@docker2 ~]#ls  /mnt/qq/
    a.sh  index.html
    [root@docker2 ~]# cat /mnt/qq/index.html 
    22

案例:创建自定义网桥

实现容器之间网络互通和隔离
1 ) 新建Docker网络模型

    [root@docker1 ~]# docker  network   create  --subnet=10.10.10.0/24  docker1
    b447cacc0373631ff7c534f119047946be5c1498b5b2e31a31180c5ee6320ab5 
    [root@docker1 ~]# docker network list
    NETWORK ID          NAME                DRIVER              SCOPE
    996943486faa        bridge              bridge              local               
    b447cacc0373        docker1             bridge              local               
    63c88dcc3523        host                host                local               
    5e5ab3d45e27        none                null                local 
    [root@docker1 ~]# ip  a   s
     [root@docker1 ~]# docker  network   inspect   docker1
    [
        {
     
            "Name": "docker1",
            "Id": "b447cacc0373631ff7c534f119047946be5c1498b5b2e31a31180c5ee6320ab5",
            "Scope": "local",
            "Driver": "bridge",
            "EnableIPv6": false,
            "IPAM": {
     
                "Driver": "default",
                "Options": {
     },
                "Config": [
                    {
     
                        "Subnet": "10.10.10.0/24"
                    }            ]
            },
            "Internal": false,
            "Containers": {
     },
            "Options": {
     },
            "Labels": {
     }
        }
    ]

2）使用自定义网桥（docker1）启动容器

[root@docker1 ~]# docker  run  --network=docker1   -itd   docker.io/myos
5270cba305c06c3da3f56185b35dc059aabcf2884a12ef717d89a768360e5326
[root@docker1 ~]# docker  run  --network=docker1   -itd   docker.io/myos
4b4a4e8bebfbcc18a0deaa17225f0b5dec8c6d5d52e513617849c9579b0b1813
[root@docker1 ~]# docker  network   inspect   docker1  //可以看到容器的ip

3）使用默认网桥（docker0）启动容器

    [root@docker1 ~]# docker  run     -itd   docker.io/myos
    63e99284b1a78d7d5fe17d25697424502054c59e0cc61b58c3070758fff1c35d
    [root@docker1 ~]# docker  run     -itd   docker.io/myos
    f41cb77a6fe0574ce5b810498d6f42223e55d677df391d050a2901c678dfea3f
    [root@docker1 ~]# docker inspect -f '{
     {.NetworkSettings.IPAddress}}' f41
    172.17.0.3
    [root@docker1 ~]# docker inspect -f '{
     {.NetworkSettings.IPAddress}}' 63e
    172.17.0.2

4）测试

    [root@docker1 ~]# docker exec -it ae /bin/bash
    [root@ae1500292be8 /]# ping 172.17.0.3   //可以ping通
    PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
    64 bytes from 172.17.0.3: icmp_seq=1 ttl=255 time=0.140 ms
    64 bytes from 172.17.0.3: icmp_seq=2 ttl=255 time=0.107 ms
    [root@ae1500292be8 /]# ping 10.10.10.2  //ping不通
    PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data