目录
[toc]
01 什么是云计算?
云计算是一种按量付费的模式,它的底层主要通过虚拟化来实现。
云计算的服务类型?
云服务只是一个统称,可以分成三大类。
上图转自:(http://www.ruanyifeng.com/blogimg/asset/2017/bg2017072301.jpg)
- IaaS:基础设施服务,Infrastructure-as-a-service。(kvm openstack)
- PaaS:平台服务,Platform-as-a-service。(docker k8s)
- SaaS:软件服务,Software-as-a-service。(运维+开发)
[图片上传失败...(image-c054ca-1576387477923)]
上图转自(http://www.mobanhu.com/upload_files/qrcode/256810111314151619202223242.jpg)
02 什么是容器?
容器是在隔离的环境中运行的一个进程,如果进程停止,容器终止,这个隔离的环境,拥有自己的系统文件,ip地址,主机名,进程管理。
容器还是一个软件的打包技术。
程序:软件,代码
进程:正在运行的程序
协程:线程
03 容器和虚拟机的区别(优势)
虚拟机的开机启动流程(特点):
- 1:按下电源开关,bios自检
- 2:选择启动项,选择启动设备
- 3:加载引导程序 mbr (grub) gpt(UEFI) grub启动菜单 操作系统类型 内核路径
- 4:加载linux内核(初始化硬件)
- 5:启动系统的第一个进程/sbin/init ,初始化系统
- 6:应用程序
容器(特点):共用宿主机内核,一开始就启动第一个进程
上图转自(https://images2018.cnblogs.com/blog/1337265/201805/1337265-20180511172324561-1553907087.png)
容器相对于虚拟化的优势:启动快,损耗少,性能高,轻量级
容器相对于虚拟机的劣势:如果宿主机是linux,容器必须linux系统
虚拟机:10台宿主机 可跑100台虚拟机
容器:5台宿主机 可跑100个容器
04 容器的发展历史
a: chroot 切换根目录
b:lxc (linux container)
采用的技术:namespace用于“资源隔离”,cgroup用于“资源限制”(本来限制进程使用的硬件资源)
类似传统的虚拟机。第一个进程 /sbin/init,先初始化系统,再运行服务nginxc:docker容器
采用的技术:namespace用于“资源隔离”,cgroup用于“资源限制”
更轻量,第一个进程直接启动服务:如nginx
05 Docker的五大概念
镜像,容器,仓库,存储,网络
06 Docker的发展史
docker版本:
- 初版:docker engine。第一版1.0,最终版1.13
- 社区版:docker-ce。第一版:17.03(2017年3月)
- 企业版:docker-ee
07 docker的安装
系统版本:CentOS Linux release 7.6.1810 (Core)
Docker版本:19.03.5
虚拟机:
10.0.0.100 docker01-h-100
10.0.0.101 docker02-h-101
第一步:安装aliyun镜像源
docker01-h-100与docker02-h-101
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache
第二步:安装docker-ce
docker01-h-100与docker02-h-101
# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce
# Step 4: 开启 Docker 服务并设定开机自启动
systemctl enable docker
systemctl start docker
第三步:验证
docker01-h-100与docker02-h-101
$ docker version
Client: Docker Engine - Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:25:41 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:24:18 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
08 体验docker容器
docker软件架构为cs架构,client和server
方法1:
将镜像直接上传nginx
docker01-h-100与docker02-h-101
mkdir /root/docker_image/
cd /root/docker_image/
# 将 docker_nginx.tar.gz 上传至 /root/docker_image/
docker load -i docker_nginx.tar.gz
docker run -d -p 80:80 nginx
方法2:
在线直接启动nginx镜像
docker01-h-100与docker02-h-101
docker run -d -p 80:80 nginx
验证1:
通过curl查看版本
$ curl -I 10.0.0.100
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Tue, 26 Nov 2019 14:39:10 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
验证2:
直接浏览器访问http://10.0.0.100
09 镜像的管理命令
- docker search 搜索镜像(优先选官方镜像,其次选择start数量多的)
$ docker search alpine
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
alpine A minimal Docker image based on Alpine Linux… 5864 [OK]
mhart/alpine-node Minimal Node.js built on Alpine Linux 445
anapsix/alpine-java Oracle Java 8 (and 7) with GLIBC 2.28 over A… 430 [OK]
frolvlad/alpine-glibc Alpine Docker image with glibc (~12MB) 220 [OK]
gliderlabs/alpine Image based on Alpine Linux will help you wi… 180
- docker image pull 镜像名称:版本 下载指定的镜像
缩写:docker pull
$ docker image pull alpine
Using default tag: latest
latest: Pulling from library/alpine
89d9c30c1d48: Pull complete
Digest: sha256:c19173c5ada610a5989151111163d28a67368362762534d8a8121ce95cf2bd5a
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
$ docker image pull alpine:3.8
3.8: Pulling from library/alpine
c87736221ed0: Pull complete
Digest: sha256:04696b491e0cc3c58a75bace8941c14c924b9f313b03ce5029ebbc040ed9dcd9
Status: Downloaded newer image for alpine:3.8
docker.io/library/alpine:3.8
docker image push 上传镜像
缩写:docker pushdocker image ls
说明:查看镜像列表
缩写:docker images
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 540a289bab6c 5 weeks ago 126MB
alpine latest 965ea09ff2eb 5 weeks ago 5.55MB
alpine 3.8 dac705114996 8 months ago 4.41MB
- docker image save 镜像名称:版本 -o 镜像压缩包的路径
说明:镜像的导出
缩写:docker save
$ docker image save alpine:3.8 -o /root/docker_image/docker_alpine3.8.tar.gz
- docker image load -i 镜像压缩包的路径
说明:镜像的导入
缩写:docker load
$ docker image load -i /root/docker_image/docker_alpine3.8.tar.gz
d9ff549177a9: Loading layer [==================================================>] 4.671MB/4.671MB
Loaded image: alpine:3.8
- docker image rm nginx:latest
说明:删除镜像
缩写:docker rmi
$ docker image rm alpine:3.8
Untagged: alpine:3.8
Untagged: alpine@sha256:04696b491e0cc3c58a75bace8941c14c924b9f313b03ce5029ebbc040ed9dcd9
Deleted: sha256:dac7051149965716b0acdcab16380b5f4ab6f2a1565c86ed5f651e954d1e615c
Deleted: sha256:d9ff549177a94a413c425ffe14ae1cc0aa254bc9c7df781add08e7d2fba25d27
- docker image tag ID号 rock:v1
说明:给镜像打标签
缩写:docker tag
$ docker image import docker_alpine3.8.tar.gz
sha256:4b1b7fc88220e19f650a76bb0d39ab1fe9bae89c4c14c07dfe2736bf169a2ffb
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
4b1b7fc88220 9 seconds ago 4.67MB
nginx latest 540a289bab6c 5 weeks ago 126MB
alpine latest 965ea09ff2eb 5 weeks ago 5.55MB
alpine 3.8 dac705114996 8 months ago 4.41MB
$ docker image tag 4b1b7fc88220 rock:v1
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
rock v1 4b1b7fc88220 48 seconds ago 4.67MB
nginx latest 540a289bab6c 5 weeks ago 126MB
alpine latest 965ea09ff2eb 5 weeks ago 5.55MB
alpine 3.8 dac705114996 8 months ago 4.41MB
10 容器的管理命令
- docker container run -d nginx:latest
说明:创建并启动一个容器
备注:该命令相当于docker container create
+docker container start
docker run 参数:
-d 后台运行
-p 端口映射
-it 分配一个交互式的终端(it:interactive tty)
-v 将宿主机目录挂载到容器中
# 后台运行
$ docker container run -d nginx:latest
a5e3030fd9a21985630c86906571cf5d6e1d444b9966764dbcc8b2deaedc179e
# 端口映射
$ docker container run -d -p 88:80 nginx:latest
fe1bdd08cb5a7a67fa65c0ed3fcb75d51ee415f363fb7c17b8b894b31409aa65
$ docker container run -d -p 89:80 -p 9000:9000 nginx:latest
6468773ed77feabb218d6ccfcca5dda5b6b594333d4c65640eb2865b2000c98a
# 分配一个交互式的终端
[root@docker01-h-100 docker_image]# docker run -it centos:6.9
[root@5fffa151eb6d /]# cat /etc/redhat-release
CentOS release 6.9 (Final)
[root@5fffa151eb6d /]# exit
exit
# 将宿主机目录挂载到容器中
$ docker run -d -p 90:80 -v /root/project/xiaoniao:/usr/share/nginx/html nginx:latest
82a6d786da946dfebcef67c60ef777fa59dc617570436871653c8680874405bd
# 浏览器:http://10.0.0.100:90
[root@docker01-h-100 project]# docker exec -it 82a6d786da94 /bin/bash
root@82a6d786da94:/# ls -l /usr/share/nginx/html/
total 232
-rw-r--r-- 1 root root 15329 Aug 2 2014 2000.png
-rw-r--r-- 1 root root 51562 Aug 2 2014 21.js
-rw-r--r-- 1 root root 254 Aug 2 2014 icon.png
drwxr-xr-x 2 root root 102 Aug 8 2014 img
-rw-r--r-- 1 root root 3049 Dec 1 07:54 index.html
-rw-r--r-- 1 root root 63008 Aug 2 2014 sound1.mp3
-rw-r--r-- 1 root root 91014 Nov 16 10:41 xiaoniaofeifei.zip
docker container start ID号或name
说明:启动容器docker container stop ID号或name
说明:停止容器docker container kill
说明:强制停止容器(慎用
)docker container ls -a
说明:查看所有容器
# 查看正在处于运行状态的容器
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6468773ed77f nginx:latest "nginx -g 'daemon of…" 25 minutes ago Up 25 minutes 0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp nervous_bose
fe1bdd08cb5a nginx:latest "nginx -g 'daemon of…" 29 minutes ago Up 29 minutes 0.0.0.0:88->80/tcp musing_lamport
a5e3030fd9a2 nginx:latest "nginx -g 'daemon of…" 37 minutes ago Up 37 minutes 80/tcp clever_elbakyan
# 查看所有的容器
$ docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5fffa151eb6d centos:6.9 "/bin/bash" 17 minutes ago Exited (0) 8 minutes ago zen_bhabha
6468773ed77f nginx:latest "nginx -g 'daemon of…" 26 minutes ago Up 26 minutes 0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp nervous_bose
fe1bdd08cb5a nginx:latest "nginx -g 'daemon of…" 30 minutes ago Up 30 minutes 0.0.0.0:88->80/tcp musing_lamport
a5e3030fd9a2 nginx:latest "nginx -g 'daemon of…" 38 minutes ago Up 38 minutes 80/tcp clever_elbakyan
6a54429657be nginx "nginx -g 'daemon of…" 3 days ago Exited (0) 3 days ago boring_swanson
0dc1b90f0966 nginx "nginx -g 'daemon of…" 3 days ago Exited (0) 3 days ago gifted_spence
# 查看最后一个创建的容器(-l last)
[root@docker01-h-100 docker_image]# docker container ls -a -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6468773ed77f nginx:latest "nginx -g 'daemon of…" 57 minutes ago Up 57 minutes 0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp nervous_bose
- docker container rm ID号
说明:默认删除非启动状态的容器(可以删除多个容器)
[root@docker01-h-100 docker_image]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5fffa151eb6d centos:6.9 "/bin/bash" 30 minutes ago Exited (0) 21 minutes ago zen_bhabha
6468773ed77f nginx:latest "nginx -g 'daemon of…" 39 minutes ago Up 39 minutes 0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp nervous_bose
fe1bdd08cb5a nginx:latest "nginx -g 'daemon of…" 42 minutes ago Up 42 minutes 0.0.0.0:88->80/tcp musing_lamport
a5e3030fd9a2 nginx:latest "nginx -g 'daemon of…" 51 minutes ago Up 51 minutes 80/tcp clever_elbakyan
6a54429657be nginx "nginx -g 'daemon of…" 3 days ago Exited (0) 3 days ago boring_swanson
0dc1b90f0966 nginx "nginx -g 'daemon of…" 3 days ago Exited (0) 3 days ago gifted_spence
[root@docker01-h-100 docker_image]# docker container rm 0dc1b90f0966
0dc1b90f0966
[root@docker01-h-100 docker_image]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5fffa151eb6d centos:6.9 "/bin/bash" 30 minutes ago Exited (0) 21 minutes ago zen_bhabha
6468773ed77f nginx:latest "nginx -g 'daemon of…" 39 minutes ago Up 39 minutes 0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp nervous_bose
fe1bdd08cb5a nginx:latest "nginx -g 'daemon of…" 43 minutes ago Up 43 minutes 0.0.0.0:88->80/tcp musing_lamport
a5e3030fd9a2 nginx:latest "nginx -g 'daemon of…" 51 minutes ago Up 51 minutes 80/tcp clever_elbakyan
6a54429657be nginx "nginx -g 'daemon of…" 3 days ago Exited (0) 3 days ago boring_swanson
- docker container exec -it 1e966bd48fb3 /bin/bash
说明:进入正在运行的容器(分配一个新的终端)
# 格式
docker exec -it 容器的id/名字 /bin/bash(/bin/sh)
[root@docker01-h-100 docker_image]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6468773ed77f nginx:latest "nginx -g 'daemon of…" 48 minutes ago Up 48 minutes 0.0.0.0:9000->9000/tcp, 0.0.0.0:89->80/tcp nervous_bose
fe1bdd08cb5a nginx:latest "nginx -g 'daemon of…" 51 minutes ago Up 51 minutes 0.0.0.0:88->80/tcp musing_lamport
a5e3030fd9a2 nginx:latest "nginx -g 'daemon of…" About an hour ago Up About an hour 80/tcp clever_elbakyan
[root@docker01-h-100 docker_image]# docker container exec -it 6468773ed77f /bin/bash
root@6468773ed77f:/# exit
exit
- docker container attach 7d9f9f980cba
说明:使用相同的终端
[root@docker01-h-100 xiaoniao]# docker container ls -l -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9942e0cc9735 centos:6.9 "/bin/bash" 31 minutes ago Exited (0) About a minute ago recursing_satoshi
[root@docker01-h-100 ~]# docker container start 9942e0cc9735
9942e0cc9735
[root@docker01-h-100 ~]# docker attach 9942e0cc9735
[root@9942e0cc9735 /]# history
- docker container cp xiaoniao 5a1ccc8b81c5:/usr/share/nginx/html
说明:将宿主机的文件上传至容器中(此法不推荐)
# 创建一个nginx容器
$ docker run -d -p 80:80 nginx:latest
07758b5ae91587c5293c388e7d5ca8d6b8ff1da5ef95a1e2d75923572a2f91cd
# 宿主机将小鸟项目解包并上传至容器中
$ mkdir -p /root/project/xiaoniao
$ cd /root/project/xiaoniao
$ unzip xiaoniaofeifei.zip
$ cd /root/project/
$ docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07758b5ae915 nginx:latest "nginx -g 'daemon of…" 10 minutes ago Up 10 minutes 0.0.0.0:80->80/tcp hungry_merkle
$ docker container cp xiaoniao 07758b5ae915:/usr/share/nginx/html
# 使用浏览器打开:http://10.0.0.100/xiaoniao/
# 进入容器中查看对应目录
$ docker exec -it 07758b5ae915 /bin/bash
root@07758b5ae915:/# ls /usr/share/nginx/html/
50x.html index.html xiaoniao
root@07758b5ae915:/# ls /usr/share/nginx/html/xiaoniao/
2000.png 21.js icon.png img index.html sound1.mp3 xiaoniaofeifei.zip
注意:
- 遇到的容器问题:为什么有的容器,起不来?
如果想容器一直处于运行状态,需要让容器夯住(前台运行),并且提供服务。
# 例子
$ docker container run -d -it centos:6.9
- 不是所有的镜像都是基于centos系统
11 手动制作docker镜像
11.1 单服务
a:启动一个基础的容器,在容器中安装服务
[root@docker01-h-100 ~]# docker run -it -p 80:80 centos:6.9
[root@9942e0cc9735 /]# $ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
[root@9942e0cc9735 /]# $ curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@9942e0cc9735 /]# $ yum install nginx -y
[root@9942e0cc9735 /]# $ cd /usr/share/nginx/html/
[root@9942e0cc9735 /]# $ rm -fr *
[root@docker01-h-100 xiaoniao]# docker container cp xiaoniaofeifei.zip 9942e0cc9735:/usr/share/nginx/html/
[root@9942e0cc9735 /]# yum install unzip -y
[root@9942e0cc9735 /]# unzip xiaoniaofeifei.zip
[root@9942e0cc9735 /]# nginx
# 浏览器访问:http://10.0.0.100
# 最后退出
[root@9942e0cc9735 /]# exit
b:将装好服务的容器提交为镜像
[root@docker01-h-100 ~]# docker ps -a -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9942e0cc9735 centos:6.9 "/bin/bash" 48 minutes ago Exited (0) About a minute ago recursing_satoshi
[root@docker01-h-100 ~]# docker container commit 9942e0cc9735 xiaoniao:v1
sha256:7cb0e8bd861736b9029e86bbe2c19cb71245be2e842134d64018c0d632d9699c
[root@docker01-h-100 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
xiaoniao v1 7cb0e8bd8617 10 seconds ago 446MB
c:测试
[root@docker01-h-100 ~]# docker run -d -p 8080:80 xiaoniao:v1 nginx -g 'daemon off;'
11.2 双服务
安装可道云
a:启动一个基础的容器,在容器中安装服务
[root@docker01-h-100 ~]# docker run -it -p 80:80 centos:6.9
[root@00724e41ca12 /]# $ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
[root@00724e41ca12 /]# $ curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@00724e41ca12 /]# $ yum install nginx -y
[root@00724e41ca12 /]# $ cd /usr/share/nginx/html/
[root@00724e41ca12 /]# $ rm -fr *
[root@docker01-h-100 kedaoyun]# docker container cp kodexplorer4.40.zip 00724e41ca12:/usr/share/nginx/html/
[root@00724e41ca12 html]# yum install unzip -y
[root@00724e41ca12 html]# unzip kodexplorer4.40.zip
[root@00724e41ca12 html]# yum install php-fpm php-mbstring php-gd -y
[root@00724e41ca12 html]# vi /etc/php-fpm.d/www.conf
修改/etc/php-fpm.d/www.conf
第39行:user = nginx
第41行:group = nginx
[root@00724e41ca12 html]# service php-fpm start
[root@00724e41ca12 html]# vi /etc/nginx/conf.d/default.conf
编辑/etc/nginx/conf.d/default.conf文件
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
index index.php index.html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
location / {
}
[root@00724e41ca12 html]# chown -R nginx:nginx .
[root@00724e41ca12 html]# nginx
# 浏览器访问:http://10.0.0.100
[root@00724e41ca12 html]# vi /init.sh
容器内创建并编辑/init.sh文件
#!/bin/bash
service php-fpm start
nginx -g 'daemon off;'
[root@00724e41ca12 html]# chmod +x /init.sh
[root@00724e41ca12 html]# exit
b:将装好服务的容器提交为镜像
[root@docker01-h-100 ~]# docker commit 00724e41ca12 kod:v1
sha256:3908396abb7d66611e011f13b347a163dc41673027812413d0a460d4377e660d
c:测试
[root@docker01-h-100 ~]# docker run -d -p 8080:80 kod:v1 /init.sh
45d9e4147f19ad45b1ab19263d3268f8bf02beb4aabe6681218fa273fbf12063
12 自动制作docker镜像
- a:手动制作一次镜像,记录历史命令
- b:根据历史命令,编写dockerfile
- c:docker build 构建
- d:测试
12.1 dockerfile基础指令
FROM 基础镜像
RUN 安装服务所需要的命令(不能有交互式的命令)
CMD 镜像的初始命令(容器运行时的初始命令) 可以被替换
["nginx","-g","daemon off;"]
nginx -g 'daemon off;'
ADD 将当面目录下的文件拷贝镜像的指定目录(自动解压tar包)
WORKDIR 相当于cd,切换工作目录
EXPOSE 你需要暴露容器的端口(做端口映射)
ENV 环境变量
COPY 将当面目录下的文件拷贝镜像的指定目录(不解压tar包)
ENTRYPOINT 镜像的初始命令(容器运行时的初始命令) 不能被替换
12.2 dockerfile中的ADD指令
$ cd /opt/dockerfile/xiaoniao
# 将xiaoniaofeifei.zip放到此处并解压
$ ls
2000.png 21.js dockerfile icon.png img index.html sound1.mp3
$ vim dockerfile
编辑dockerfile文件
FROM centos:6.9
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
ADD . /usr/share/nginx/html
CMD ["nginx","-g","daemon off;"]
开始构建
$ docker build -t xiaoniao:v2 .
测试
[root@docker01-h-100 xiaoniao]# docker run -d -p 80:80 xiaoniao:v2
662b69f974717f5dee549dd909d1c2eb963f035334e1b1fd0dac7947ce6e3ade
[root@docker01-h-100 xiaoniao]# docker ps -a -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
662b69f97471 xiaoniao:v2 "nginx -g 'daemon of…" 6 seconds ago Up 5 seconds 0.0.0.0:80->80/tcp sad_haibt
[root@docker01-h-100 xiaoniao]# docker ps -a -l --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
662b69f974717f5dee549dd909d1c2eb963f035334e1b1fd0dac7947ce6e3ade xiaoniao:v2 "nginx -g 'daemon off;'" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp sad_haibt
# 浏览器访问:http://10.0.0.100
12.3 dockerfile中的WORKDIR指令
$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile
编辑dockerfile文件
FROM centos:6.9
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
RUN yum install unzip -y
WORKDIR /usr/share/nginx/html
RUN rm -fr *
RUN curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip
RUN unzip xiaoniao.zip
CMD ["nginx","-g","daemon off;"]
开始构建
$ docker build -t xiaoniao:v3 .
测试
[root@docker01-h-100 xiaoniao]# docker run -d -p 81:80 xiaoniao:v3
[root@docker01-h-100 xiaoniao]# docker exec -it a620020cc0d5 /bin/bash
[root@a620020cc0d5 html]# pwd
/usr/share/nginx/html
# 浏览器访问:http://10.0.0.100:81
12.4 dockerfile中的EXPOSE指令
$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile
编辑dockerfile文件
FROM centos:6.9
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
RUN yum install unzip -y
WORKDIR /usr/share/nginx/html
RUN rm -fr *
RUN curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip
RUN unzip xiaoniao.zip
EXPOSE 80
CMD ["nginx","-g","daemon off;"]
开始构建
$ docker build -t xiaoniao:v4 .
测试
[root@docker01-h-100 xiaoniao]# docker run -d -P xiaoniao:v4
[root@docker01-h-100 xiaoniao]# docker container ls -a -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
926cc84e873b xiaoniao:v4 "nginx -g 'daemon of…" 21 seconds ago Up 20 seconds 0.0.0.0:32768->80/tcp nostalgic_engelbart
# 浏览器访问:http://10.0.0.100:32768
12.5 dockerfile中的ENV指令
$ cd /opt/dockerfile/vsftp
$ vim dockerfile
编辑dockerfile文件
FROM centos:6.9
ENV version=2.2.2
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN yum install vsftpd-$version -y
开始构建
$ docker build -t vsftpd:v1 .
测试
[root@docker01-h-100 vsftp]# docker run -it vsftpd:v1 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=bb3ebff344a2
TERM=xterm
version=2.2.2
HOME=/root
12.6 dockerfile中的ENTRYPOINT指令
$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile
编辑dockerfile文件
FROM centos:6.9
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
RUN yum install unzip -y
WORKDIR /usr/share/nginx/html
RUN rm -fr *
RUN curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip
RUN unzip xiaoniao.zip
EXPOSE 80
ENTRYPOINT ["nginx","-g","daemon off;"]
开始构建
$ docker build -t xiaoniao:v5 .
测试
[root@docker01-h-100 xiaoniao]# docker run -d xiaoniao:v5 lalala
9de30c3ec4b63782a07d21fb3526a26fb5180c99f4f0e0a5ef6fb52112e55651
[root@docker01-h-100 xiaoniao]# docker container ls -a -l --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9de30c3ec4b63782a07d21fb3526a26fb5180c99f4f0e0a5ef6fb52112e55651 xiaoniao:v5 "nginx -g 'daemon off;' lalala" 2 minutes ago Exited (1) 2 minutes ago hardcore_johnson
12.7 单服务
宿主机:
cd /opt/
mkdir dockerfile
cd dockerfile
mkdir centos-nginx
cd centos-nginx/
vim dockerfile
创建并编辑dockerfile文件
FROM centos:6.9
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
CMD ["nginx","-g","daemon off;"]
开始构建
[root@docker01-h-100 centos-nginx]# docker image build -t centos_nginx:v1 /opt/dockerfile/centos-nginx/
或
[root@docker01-h-100 centos-nginx]# docker image build -t centos_nginx:v1 .
# 构建时采用加速方式(实验室环境)
docker image build --network=host -t centos_nginx:v1 .
或
docker image build --network=host -t centos_nginx:v1 /opt/dockerfile/centos-nginx/
# --network=host 采用宿主的hosts文件 "192.168.13.120 mirrors.aliyun.com" >>/etc/hosts
开始测试
[root@docker01-h-100 centos-nginx]# docker run -d -p 80:80 centos_nginx:v1
[root@docker01-h-100 centos-nginx]# docker ps -a -l --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e48b41b095768a9f4c1b5a39f5a63a87350ebc990d2e03383faa8bfc6393386b centos_nginx:v1 "nginx -g 'daemon off;'" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp crazy_kepler
# 浏览器访问:http://10.0.0.100
12.8 双服务
宿主机:
cd /opt/dockerfile/kod
# 先从之前手动创建的镜像中拷取文件出来
[root@docker01-h-100 kod]# docker run -it kod:v1 /bin/bash
[root@dd5b8dfaa6e3 /]# ls /init.sh
/init.sh
[root@dd5b8dfaa6e3 /]# ls /etc/php-fpm.d/www.conf
/etc/php-fpm.d/www.conf
[root@dd5b8dfaa6e3 /]# ls /etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf
[root@dd5b8dfaa6e3 /]# exit
exit
[root@docker01-h-100 kod]# docker cp dd5b8dfaa6e3:/init.sh .
[root@docker01-h-100 kod]# docker cp dd5b8dfaa6e3:/etc/php-fpm.d/www.conf .
[root@docker01-h-100 kod]# docker cp dd5b8dfaa6e3:/etc/nginx/conf.d/default.conf .
[root@docker01-h-100 kod]# ls
default.conf init.sh www.conf
vim dockerfile
创建并编辑dockerfile文件
FROM centos:6.9
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
RUN curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
RUN yum install nginx -y
RUN yum install unzip php-fpm php-mbstring php-gd -y
WORKDIR /usr/share/nginx/html/
RUN rm -fr *
RUN curl -o kodexplorer4.40.zip http://10.0.0.200/kodexplorer4.40.zip
RUN unzip kodexplorer4.40.zip
RUN chown -R nginx:nginx .
COPY www.conf /etc/php-fpm.d/www.conf
COPY default.conf /etc/nginx/conf.d/default.conf
COPY init.sh /init.sh
EXPOSE 80
ENTRYPOINT ["/init.sh"]
开始构建
[root@docker01-h-100 centos-nginx]# docker build -t kod:v2 .
开始测试
[root@docker01-h-100 kod]# docker run -d -P kod:v2 lalala
a4ade3c4ac30100cf3ef2ca08470f7f62da816aa7efd1db90b0b4dad1a3948bc
[root@docker01-h-100 kod]# docker ps -a -l --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a4ade3c4ac30100cf3ef2ca08470f7f62da816aa7efd1db90b0b4dad1a3948bc kod:v2 "/init.sh lalala" 13 seconds ago Up 13 seconds 0.0.0.0:32770->80/tcp practical_elion
# 浏览器访问:http://10.0.0.100:32770
12.9 优化镜像容量
将12.6的dockerfile文件优化
$ cd /opt/dockerfile/xiaoniao
$ vim dockerfile
编辑dockerfile文件
FROM centos:6.9
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo && \
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo && \
yum install nginx unzip -y && yum clean all
WORKDIR /usr/share/nginx/html
RUN rm -fr * && \
curl -o xiaoniao.zip http://10.0.0.200/xiaoniaofeifei.zip && \
unzip xiaoniao.zip && rm -fr xiaoniao.zip
EXPOSE 80
ENTRYPOINT ["nginx","-g","daemon off;"]
开始构建
$ docker build -t xiaoniao:v6 .
测试
[root@docker01-h-100 xiaoniao]# docker run -d -P xiaoniao:v6
45e161b5c86a178572c3e5c472fa3070c527beeb415d7294f1a3c3f6bfaae4ae
[root@docker01-h-100 xiaoniao]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45e161b5c86a xiaoniao:v6 "nginx -g 'daemon of…" 5 seconds ago Up 4 seconds 0.0.0.0:32768->80/tcp sweet_gould
# 浏览器访问:http://10.0.0.100:32770
比较v6与v7的大小
[root@docker01-h-100 xiaoniao]# docker image ls xiaoniao
REPOSITORY TAG IMAGE ID CREATED SIZE
xiaoniao v6 b26b82db7a31 17 seconds ago 355MB
xiaoniao v5 5531060931b0 47 hours ago 560MB
xiaoniao v4 527144eb17b2 2 days ago 560MB
xiaoniao v3 85c46d22e61e 2 days ago 560MB
xiaoniao v2 4c7f36954fe7 2 days ago 446MB
xiaoniao v1 7cb0e8bd8617 5 days ago 446MB
13 docker容器间的互联
- docker run --link 名字:别名 # 此法为单方向互联
示例:
[root@docker02-h-101 ~]# docker run -d -it --name rock alpine:3.8
e683e3227dfc62ca1c9e3ebe926a60d3e0e7d136140654fa5886d660466ff573
[root@docker02-h-101 ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e683e3227dfc alpine:3.8 "/bin/sh" 3 seconds ago Up 2 seconds rock
[root@docker02-h-101 ~]# docker run -it --link rock:db alpine:3.8
/ # ping db
PING db (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.120 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.181 ms
^C
--- db ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.120/0.150/0.181 ms
/ # ping rock
PING rock (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.227 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.067 ms
^C
--- rock ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.067/0.147/0.227 ms
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 db e683e3227dfc rock
172.17.0.4 0538e941f87d
zabbix例子:
主机101:
# 导入镜像
[root@docker02-h-101 zabbix]# pwd
/root/docker_image/zabbix
[root@docker02-h-101 zabbix]# ls
docker-mysql-5.7.tar.gz zabbix-java-gateway.tar.gz zabbix-server-mysql.tar.gz zabbix-web-nginx-mysql.tar.gz
[root@docker02-h-101 zabbix]# for n in `ls *.tar.gz`;do docker load -i $n;done
[root@docker02-h-101 zabbix]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 540a289bab6c 6 weeks ago 126MB
alpine 3.8 dac705114996 9 months ago 4.41MB
zabbix/zabbix-server-mysql latest e36e7fa7e11a 3 years ago 106MB
zabbix/zabbix-web-nginx-mysql latest 386dc9afc1c4 3 years ago 174MB
zabbix/zabbix-java-gateway latest 4257519fd740 3 years ago 148MB
mysql 5.7 b7dc06006192 3 years ago 386MB
# 启动命令
docker run --name mysql-server -t \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-d mysql:5.7 \
--character-set-server=utf8 --collation-server=utf8_bin
docker run --name zabbix-java-gateway -t \
-d zabbix/zabbix-java-gateway:latest
docker run --name zabbix-server-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
--link mysql-server:mysql \
--link zabbix-java-gateway:zabbix-java-gateway \
-p 10051:10051 \
-d zabbix/zabbix-server-mysql:latest
docker run --name zabbix-web-nginx-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
--link mysql-server:mysql \
--link zabbix-server-mysql:zabbix-server \
-p 80:80 \
-d zabbix/zabbix-web-nginx-mysql:latest
[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8d091e8c2900 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabb…" 11 seconds ago Up 11 seconds 0.0.0.0:80->80/tcp, 443/tcp zabbix-web-nginx-mysql
8b72d9df775f zabbix/zabbix-server-mysql:latest "/bin/bash /run_zabb…" 14 seconds ago Up 13 seconds 162/udp, 0.0.0.0:10051->10051/tcp zabbix-server-mysql
585d52c39586 zabbix/zabbix-java-gateway:latest "/bin/bash /run_zabb…" 14 seconds ago Up 14 seconds 10052/tcp zabbix-java-gateway
c721fcdac608 mysql:5.7 "docker-entrypoint.s…" 15 seconds ago Up 14 seconds 3306/tcp mysql-server
# 浏览器访问:http://10.0.0.101
# 管理员初始密码:Admin / zabbix
主机100:
# 安装zabbix客户端
[root@docker01-h-100 rpm]# pwd
/root/rpm
[root@docker01-h-100 rpm]# ls
zabbix-agent-3.2.0-1.el7.x86_64.rpm
[root@docker01-h-100 rpm]# rpm -ivh zabbix-agent-3.2.0-1.el7.x86_64.rpm
warning: zabbix-agent-3.2.0-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:zabbix-agent-3.2.0-1.el7 ################################# [100%]
[root@docker01-h-100 rpm]# vim /etc/zabbix/zabbix_agentd.conf
编辑zabbix_agentd.conf
第95行:Server=10.0.0.101
启动服务
[root@docker01-h-100 rpm]# systemctl start zabbix-agent.service
主机101:
zabbix管理设置界面:http://10.0.0.101
配置 - 主机 - 创建主机
主机:
主机名称:10.0.0.100
群组:Linux servers
agent代理程序的接口:IP地址10.0.0.100
模板:
链接指示器:Template OS Linux
# 等不及的话重启服务
[root@docker02-h-101 zabbix]# docker restart zabbix-server-mysql
监测中点最新数据就能看到数据
14 docker的私有仓库
14.1 不带认证
100宿主机(服务端):
# 先导入私有仓库镜像
[root@docker01-h-100 dockerfile]# pwd
/opt/dockerfile
[root@docker01-h-100 dockerfile]# docker load -i registry.tar.gz
# 直接启动
[root@docker01-h-100 dockerfile]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
cafb85d5bb902b768c490261983aaf4eecd313dbeee159285ff0959daa5aabfd
# --restart=always 宿主机重启后,该docker应用也跟着自动启动
101宿主机(客户端)
[root@docker02-h-101 ~]# vim /etc/docker/daemon.json
编辑/etc/docker/daemon.json(无论上传下载都要有)
{
"insecure-registries": ["10.0.0.100:5000"],
"registry-mirrors": ["https://registry.docker-cn.com"]
}
# registry-mirrors为镜像加速
重启docker服务
[root@docker02-h-101 ~]# systemctl restart docker
先打标签再推送
[root@docker02-h-101 ~]# docker tag alpine:3.8 10.0.0.100:5000/alpine:3.8
[root@docker02-h-101 ~]# docker push 10.0.0.100:5000/alpine
The push refers to repository [10.0.0.100:5000/alpine]
d9ff549177a9: Pushed
3.8: digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209 size: 528
[root@docker02-h-101 ~]#
100宿主机
# 查看刚才推送的镜像与版本
[root@docker01-h-100 dockerfile]# ls /opt/myregistry/docker/registry/v2/repositories/
alpine
[root@docker01-h-100 dockerfile]# ls /opt/myregistry/docker/registry/v2/repositories/alpine/_manifests/tags/
3.8
101宿主机(客户端)
# 从私有仓库下载镜像
[root@docker02-h-101 ~]# docker pull 10.0.0.100:5000/alpine:3.8
3.8: Pulling from alpine
Digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209
Status: Image is up to date for 10.0.0.100:5000/alpine:3.8
10.0.0.100:5000/alpine:3.8
浏览器查看:
http://10.0.0.100:5000/v2/_catalog
国内的镜像广场:
时速云
# 下载公共外网的镜像
[root@docker02-h-101 ~]# docker pull index.tenxcloud.com/system_containers/fluentd-elk:v3.2.0
[root@docker02-h-101 ~]# docker pull daocloud.io/huangzhichong/alpine-cn:latest
latest: Pulling from huangzhichong/alpine-cn
0a8490d0dfd3: Pull complete
8881e0c6b9b8: Pull complete
Digest: sha256:57c79fbd51aac09ea307ba6ddbbb4cc60f49e015d261193bacff95f9fa39d88c
Status: Downloaded newer image for daocloud.io/huangzhichong/alpine-cn:latest
daocloud.io/huangzhichong/alpine-cn:latest
14.2 带认证
强哥的博客:docker私有仓库registry的使用
100宿主机(服务端):
[root@docker01-h-100 dockerfile]# yum install httpd-tools -y
[root@docker01-h-100 dockerfile]# mkdir /opt/registry-var/auth/ -p
[root@docker01-h-100 dockerfile]# htpasswd -Bbn oldboy 123456 >> /opt/registry-var/auth/htpasswd
[root@docker01-h-100 ~]# docker run -d -p 5001:5000 --restart=always --name registry_auth -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
391d185fbde8a7f008a366fd50046aabb8d5471db7eca83101e5f43649868f30
[root@docker01-h-100 ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
391d185fbde8 registry "/entrypoint.sh /etc…" 47 seconds ago Up 46 seconds 0.0.0.0:5001->5000/tcp registry_auth
101宿主机(客户端)
[root@docker02-h-101 ~]# vim /etc/docker/daemon.json
编辑/etc/docker/daemon.json(无论上传下载都要有)
{
"insecure-registries": ["10.0.0.100:5001"],
"registry-mirrors": ["https://registry.docker-cn.com"]
}
# registry-mirrors为镜像加速
重启docker服务
[root@docker02-h-101 ~]# systemctl restart docker
# 登陆再上传
[root@docker02-h-101 ~]# docker login 10.0.0.100:5001
Username: oldboy
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker02-h-101 .docker]# docker tag alpine:3.8 10.0.0.100:5001/alpine:3.8
[root@docker02-h-101 .docker]# docker push 10.0.0.100:5001/alpine
The push refers to repository [10.0.0.100:5001/alpine]
d9ff549177a9: Layer already exists
3.8: digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209 size: 528
退出
[root@docker02-h-101 .docker]# docker logout 10.0.0.100:5001
Removing login credentials for 10.0.0.100:5001
删除认证文件
[root@docker02-h-101 .docker]# rm -fr /root/.docker/config.json
14.3 删除镜像(未做实验)
删除镜像
1)进入docker registry的容器中
docker exec -it registry /bin/sh
- 删除repo
rm -fr /var/lib/registry/docker/registry/v2/repositories/nginx
- 清楚掉blob
registry garbage-collect /etc/docker/registry/config.yml
14.4 Harbor 安装和使用
Harbor 1.8.0 仓库的安装和使用
15 docker容器编排(单机版docker-compose)
作用:一次性启动多个容器
配置文件:
docker-compose.yml(用于决定启动哪些容器)
版本参考:https://docs.docker.com/compose/compose-file/
相关命令:
docker-compose up -d(创建并启动)
docker-compose restart 单个服务名字
docker-compose restart(重启所有)
docker-compose stop(停止所有)
docker-compose stop 单个服务名字
docker-compose start (启动所有)
docker-compose start 单个服务名字
docker-compose down(停止并删除)
安装docker-compose(需要epel源)
[root@docker02-h-101 ~]# yum install docker-compose -y
[root@docker02-h-101 zabbix]# pwd
/opt/docker-compose/zabbix
[root@docker02-h-101 zabbix]# vim docker-compose.yaml
编辑yaml文件
version: '3'
services:
mysql-server:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: root_pwd
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: zabbix_pwd
command: --character-set-server=utf8
zabbix-java-gateway:
image: zabbix/zabbix-java-gateway:latest
restart: always
zabbix-server:
depends_on:
- mysql-server
image: zabbix/zabbix-server-mysql:latest
restart: always
environment:
DB_SERVER_HOST: mysql-server
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: zabbix_pwd
MYSQL_ROOT_PASSWORD: root_pwd
ZBX_JAVAGATEWAY: zabbix-java-gateway
ports:
- "10051:10051"
zabbix-web-nginx-mysql:
depends_on:
- zabbix-server
image: zabbix/zabbix-web-nginx-mysql:latest
ports:
- "80:80"
restart: always
environment:
DB_SERVER_HOST: mysql-server
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: zabbix_pwd
MYSQL_ROOT_PASSWORD: root_pwd
启动docker-compose
[root@docker02-h-101 zabbix]# docker-compose up -d
查看状态
[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e274626a917 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabb…" 21 seconds ago Up 20 seconds 0.0.0.0:80->80/tcp, 443/tcp zabbix_zabbix-web-nginx-mysql_1
774cdef1c413 zabbix/zabbix-server-mysql:latest "/bin/bash /run_zabb…" 22 seconds ago Up 20 seconds 162/udp, 0.0.0.0:10051->10051/tcp zabbix_zabbix-server_1
2089f645a34f mysql:5.7 "docker-entrypoint.s…" 23 seconds ago Up 22 seconds 3306/tcp zabbix_mysql-server_1
9717d59f0d70 zabbix/zabbix-java-gateway:latest "/bin/bash /run_zabb…" 23 seconds ago Up 22 seconds 10052/tcp zabbix_zabbix-java-gateway_1
# 浏览器访问:http://10.0.0.101
# 管理员初始密码:Admin / zabbix
模拟异常:
# 先删除
[root@docker02-h-101 zabbix]# docker rm -f zabbix_zabbix-server_1
zabbix_zabbix-server_1
[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e274626a917 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabb…" 7 minutes ago Up 7 minutes 0.0.0.0:80->80/tcp, 443/tcp zabbix_zabbix-web-nginx-mysql_1
2089f645a34f mysql:5.7 "docker-entrypoint.s…" 7 minutes ago Up 7 minutes 3306/tcp zabbix_mysql-server_1
9717d59f0d70 zabbix/zabbix-java-gateway:latest "/bin/bash /run_zabb…" 7 minutes ago Up 7 minutes 10052/tcp zabbix_zabbix-java-gateway_1
# 扩展
[root@docker02-h-101 zabbix]# docker-compose scale zabbix-server=1
WARNING: The scale command is deprecated. Use the up command with the --scale flag instead.
Creating zabbix_zabbix-server_1 ... done
[root@docker02-h-101 zabbix]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5696cf6464b4 zabbix/zabbix-server-mysql:latest "/bin/bash /run_zabb…" 2 seconds ago Up 1 second 162/udp, 0.0.0.0:10051->10051/tcp zabbix_zabbix-server_1
5e274626a917 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabb…" 7 minutes ago Up 7 minutes 0.0.0.0:80->80/tcp, 443/tcp zabbix_zabbix-web-nginx-mysql_1
2089f645a34f mysql:5.7 "docker-entrypoint.s…" 8 minutes ago Up 7 minutes 3306/tcp zabbix_mysql-server_1
9717d59f0d70 zabbix/zabbix-java-gateway:latest "/bin/bash /run_zabb…" 8 minutes ago Up 7 minutes 10052/tcp zabbix_zabbix-java-gateway_1
附加例子(未做实验):
wordpress
https://docs.docker.com/compose/wordpress/
16 docker网络
16.1 默认网络
- host:使用宿主机的网络,性能最高 端口不能冲突
- none:不使用网络
- container:与其他容器共用网络,端口不能冲突。主要为k8s中使用
- bridge:nat转换 172.17.0.0/16 默认
创建范例:
# host类型 #
[root@docker01-h-100 ~]# docker run -it --network=host alpine:3.9
/ # hostname
docker01-h-100
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:60:6E:5A:7B
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
# none类型 #
[root@docker01-h-100 ~]# docker run -it --network=none alpine:3.9
/ # hostname
b2102b8dfc24
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# container类型 #
# 先在none类型的容器中偷偷离开(按键ctrl + p --> ctrl +q)
/ # [root@docker01-h-100 ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b2102b8dfc24 alpine:3.9 "/bin/sh" 4 minutes ago Up 4 minutes quizzical_austin
[root@docker01-h-100 ~]# docker run -it --network container:b2102b8dfc24 alpine:3.9
/ # hostname
b2102b8dfc24
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
查看容器自身拥有的网络种类
[root@docker02-h-101 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
2f57a0bb3dbe bridge bridge local
70ee693800de host host local
4972003e7886 none null local
963d985f5825 zabbix_default bridge local
查看容器的网络类型
[root@docker02-h-101 ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5696cf6464b4 zabbix/zabbix-server-mysql:latest "/bin/bash /run_zabb…" 8 hours ago Up 13 minutes 162/udp, 0.0.0.0:10051->10051/tcp zabbix_zabbix-server_1
5e274626a917 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabb…" 8 hours ago Up 13 minutes 0.0.0.0:80->80/tcp, 443/tcp zabbix_zabbix-web-nginx-mysql_1
2089f645a34f mysql:5.7 "docker-entrypoint.s…" 8 hours ago Up 13 minutes 3306/tcp zabbix_mysql-server_1
9717d59f0d70 zabbix/zabbix-java-gateway:latest "/bin/bash /run_zabb…" 8 hours ago Up 13 minutes 10052/tcp zabbix_zabbix-java-gateway_1
[root@docker02-h-101 ~]# docker container inspect 5696cf6464b4
16.2 自建网络
范例:
第一步:自建一个名字为 rock 的 bridge 类型网络
第二步:根据自建网络创建一个容器
# 网络
[root@docker01-h-100 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
06dd2d885ed6 bridge bridge local
48c7831e04c6 host host local
dd692489f056 none null local
[root@docker01-h-100 ~]# docker network create --subnet 172.18.0.0/16 --gateway=172.18.0.1 -d bridge rock
e76e59153b529c5f9aca607f78f97452247911619bd47380a791509085395d42
[root@docker01-h-100 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
06dd2d885ed6 bridge bridge local
48c7831e04c6 host host local
dd692489f056 none null local
e76e59153b52 rock bridge local
[root@docker01-h-100 ~]# ifconfig
br-e76e59153b52: flags=4163 mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::42:c1ff:fe96:8452 prefixlen 64 scopeid 0x20
ether 02:42:c1:96:84:52 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 容器
[root@docker01-h-100 ~]# docker run -it --network rock alpine:3.9
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:12:00:02
inet addr:172.18.0.2 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1172 (1.1 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping www.baidu.com
PING www.baidu.com (180.101.49.12): 56 data bytes
64 bytes from 180.101.49.12: seq=0 ttl=127 time=13.613 ms
64 bytes from 180.101.49.12: seq=1 ttl=127 time=12.563 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 12.563/13.088/13.613 ms
16.3 跨宿主机网络容器之间的通信overlay类型
要点:
- 宿主机 主机名不能相同
- consul:kv类型的存储数据库(key:value)
103宿主机(consul服务端)
# 安装consul容器,它用来存储ip地址的分配
[root@docker03-h-102 docker_image]# pwd
/root/docker_image
[root@docker03-h-102 docker_image]# docker load -i docker_progrium_consul.tar.gz
[root@docker03-h-102 docker_image]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
progrium/consul latest 09ea64205e55 4 years ago 69.4 MB
[root@docker03-h-102 docker_image]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
920687010b146669f931e7f3cabaff59bee0b32bab72e11c7d0907a7d8145461
[root@docker03-h-102 docker_image]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
920687010b14 progrium/consul "/bin/start -serve..." About a minute ago Up About a minute 53/tcp, 53/udp, 8300-8302/tcp, 8400/tcp, 8301-8302/udp, 0.0.0.0:8500->8500/tcp consul
# 浏览器访问:http://10.0.0.102:8500
100宿主机
[root@docker01-h-100 ~]# vim /etc/docker/daemon.json
编辑/etc/docker/daemon.json
{
# 下述两行为私有仓库相关
"insecure-registries": ["10.0.0.100:5000"],
"registry-mirrors": ["https://registry.docker-cn.com"],
# 下述三行为容器间通讯
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.102:8500",
"cluster-advertise": "10.0.0.100:2376"
}
[root@docker01-h-100 ~]# vim /usr/lib/systemd/system/docker.service
编辑/usr/lib/systemd/system/docker.service
第十四行:ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock
重启服务
[root@docker01-h-100 ~]# systemctl daemon-reload
[root@docker01-h-100 ~]# systemctl restart docker
# 浏览器访问:http://10.0.0.102:8500,key/Value中的node节点
101宿主机
[root@docker02-h-101 ~]# vim /etc/docker/daemon.json
编辑/etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.100:5000"],
"registry-mirrors": ["https://registry.docker-cn.com"],
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.102:8500",
"cluster-advertise": "10.0.0.101:2376"
}
[root@docker02-h-101 ~]# vim /usr/lib/systemd/system/docker.service
编辑/usr/lib/systemd/system/docker.service
第十四行:ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock
重启服务
[root@docker02-h-101 ~]# systemctl daemon-reload
[root@docker02-h-101 ~]# systemctl restart docker
创建overlay网络
100宿主机
[root@docker01-h-100 ~]# docker network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1
b34d929dbdbdc85b68ba4b1b304aeb068b0155326f5b7c738e6cebb2990f95a9
[root@docker01-h-100 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
40d98ade0a84 bridge bridge local
48c7831e04c6 host host local
dd692489f056 none null local
b34d929dbdbd ol1 overlay global
e76e59153b52 rock bridge local
101宿主机(无需创建)
[root@docker02-h-101 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d9816afa2ce8 bridge bridge local
70ee693800de host host local
4972003e7886 none null local
b34d929dbdbd ol1 overlay global
963d985f5825 zabbix_default bridge local
# 查看100的容器是否有registry
[root@docker02-h-101 ~]# docker -H 10.0.0.100:2376 ps -a|grep "registry"
cafb85d5bb90 registry "/entrypoint.sh /etc…" 39 hours ago Up 21 minutes 0.0.0.0:5000->5000/tcp registry
# 查看自己的容器是否有registry
[root@docker02-h-101 ~]# docker ps -a|grep "registry"
启动容器测试
100容器
[root@docker01-h-100 ~]# docker run -it --network ol1 --name rock01 10.0.0.100:5000/alpine:3.8 /bin/sh
101容器
[root@docker02-h-101 ~]# docker run -it --network ol1 --name rock02 10.0.0.100:5000/alpine:3.8 /bin/sh
# 直接ping rock01
/ # ping rock01
PING rock01 (172.16.2.1): 56 data bytes
64 bytes from 172.16.2.1: seq=0 ttl=64 time=0.451 ms
64 bytes from 172.16.2.1: seq=1 ttl=64 time=0.471 ms
64 bytes from 172.16.2.1: seq=2 ttl=64 time=0.438 ms
^C
--- rock01 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.438/0.453/0.471 ms
/ #
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:10:02:02
inet addr:172.16.2.2 Bcast:172.16.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:728 (728.0 B) TX bytes:728 (728.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:13:00:02
inet addr:172.19.0.2 Bcast:172.19.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1136 (1.1 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:230 (230.0 B) TX bytes:230 (230.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.19.0.1 0.0.0.0 UG 0 0 0 eth1
172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
注意:每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网
100容器
创建容器能通过对外访问
[root@docker01-h-100 ~]# docker run -d --network ol1 --name kod -p 90:80 kod:v2
d28449a26cc3cce33d982085fb8a7f199e94ec582fefe833b322e5e642f38b73
17 Docker监控
node-expoter(监控linux宿主机)与cadvisor(监控容器)安装在100与101
prometheus与grafana安装在102
100与101宿主机
# 导入node-exporter与cadisor
[root@docker02-h-101 docker_image]# docker load -i docker_monitor_node.tar.gz
975e03895fb7: Loading layer [==================================================>] 4.688MB/4.688MB
f9fe8137e4e3: Loading layer [==================================================>] 2.765MB/2.765MB
78f40987f0cd: Loading layer [==================================================>] 16.88MB/16.88MB
Loaded image: quay.io/prometheus/node-exporter:latest
cd7100a72410: Loading layer [==================================================>] 4.403MB/4.403MB
9ea477e6d99e: Loading layer [==================================================>] 33.09MB/33.09MB
66b3c2e84199: Loading layer [==================================================>] 32.88MB/32.88MB
Loaded image: google/cadvisor:latest
# 启动node-exporter
[root@docker02-h-101 docker_image]# docker run -d -p 9100:9100 -v "/:/host:ro,rslave" --name=node_exporter quay.io/prometheus/node-exporter --path.rootfs /host
89744ae8ca95ff8a5922fe8bf76d5f986a80bc689c0daf24d2aa933a6e7907c9
# 启动cadvisor
[root@docker02-h-101 docker_image]# docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=8080:8080 --detach=true --name=cadvisor google/cadvisor:latest
1d49ed343d74bfc3ac9bbc8090c9e41319a6cd856a6b7690342b57ed4ff066e2
102宿主机(安装prometheus)
[root@docker03-h-102 ~]# cd /opt/
[root@docker03-h-102 opt]# ls
prometheus-2.12.0.linux-amd64.tar.gz
[root@docker03-h-102 opt]# tar xf prometheus-2.12.0.linux-amd64.tar.gz
[root@docker03-h-102 opt]# cd prometheus-2.12.0.linux-amd64/
[root@docker03-h-102 prometheus-2.12.0.linux-amd64]# vim prometheus.yml
编辑prometheus.yml
scrape_configs:
# The job name is added as a label `job=` to any timeseries scraped from this config.
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'cadvisor'
static_configs:
- targets: ['10.0.0.100:8080','10.0.0.101:8080']
- job_name: 'node'
static_configs:
- targets: ['10.0.0.100:9100','10.0.0.101:9100']
启动prometheus
[root@docker03-h-102 prometheus-2.12.0.linux-amd64]# nohup ./prometheus --config.file="prometheus.yml" >> /dev/null 2>&1 &
# 浏览器访问:http://10.0.0.102:9090
查看status下的target
102宿主机(安装grafana)
[root@docker03-h-102 package]# yum localinstall grafana-6.3.3-1.x86_64.rpm -y
[root@docker03-h-102 package]# systemctl start grafana-server.service
[root@docker03-h-102 package]# systemctl enable grafana-server.service
[root@docker03-h-102 package]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=6999,fd=3))
LISTEN 0 128 :::8500 :::* users:(("docker-proxy-cu",pid=7433,fd=4))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=6999,fd=4))
LISTEN 0 128 :::3000 :::* users:(("grafana-server",pid=7858,fd=6))
LISTEN 0 128 :::9090 :::* users:(("prometheus",pid=7705,fd=7))
# 浏览器访问:http://10.0.0.102:3000/login
账号 / 密码:admin / admin
Configuration - DataSource中新建一个数据源选择prometheus - IP:10.0.0.102:9090
create - import - 选择导入文件grafana_docker_dashboard.json - option内的Prometheus中选择Prometheus
grafana出图模板
grafana主要配置工作:
- 插件:zabbix插件
- 数据源:prometheus
- 模板:出图dashboard