docker镜像的分层(kvm 链接克隆,写时复制的特性)
镜像分层的好处:
复用,节省磁盘空间,相同的内容只需加载一份到内存。 修改dockerfile之后,再次构建速度快
dockerfile 优化:
1:尽可能选择体积小linux发行版,alpine
2:尽可能合并RUN指令,清理无用的文件(yum缓存,源码包)
3:修改dockerfile,把变化的内容尽可能放在dockerfile结尾
4: 使用.dockerignore,减少不必要的文件ADD . /html
容器间的互联(--link 是单方向的!!!)
docker run -d -p 80:80 nginx docker run -it --link quirky_brown:web01 qstack/centos-ssh /bin/bash ping web01lb ---> nginx 172.17.0.4 --> db01 172.17.0.3 --> nfs01 172.17.0.2
使用docker运行zabbix-server
[root@docker01 zabbix]# cat docker-compose.yml
version: '3'
services:
mysql-server:
image: mysql:5.7
restart: always
command: --character-set-server=utf8 --collation-server=utf8_bin
environment:
MYSQL_ROOT_PASSWORD: root_pwd
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: zabbix_pwd
zabbix-java-gateway:
image: zabbix/zabbix-java-gateway:latest
restart: always
zabbix-server:
depends_on:
- mysql-server
- zabbix-java-gateway
image: zabbix/zabbix-server-mysql:latest
ports:
- "10051:10051"
restart: always
environment:
DB_SERVER_HOST: mysql-server
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: zabbix_pwd
MYSQL_ROOT_PASSWORD: root_pwd
ZBX_JAVAGATEWAY: zabbix-java-gateway
zabbix-web:
depends_on:
- mysql-server
- zabbix-server
image: zabbix/zabbix-web-nginx-mysql:latest
ports:
- "80:80"
restart: always
environment:
DB_SERVER_HOST: mysql-server
MYSQL_DATABASE: zabbix
MYSQL_USER: zabbix
MYSQL_PASSWORD: zabbix_pwd
MYSQL_ROOT_PASSWORD: root_pwd
yum 安装zabbix好使
docker registry(私有仓库)
15.1普通的registry
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
将压缩包做成镜像
docker load -i wordpress-latest.tar.gz
docker load -i registry.tar.gz
上传镜像到私有仓库:
a:给镜像打标签 docker tag centos6-sshd:v3 10.0.0.11:5000/centos6-sshd:v3
b:上传镜像 docker push 10.0.0.11:5000/centos6-sshd:v3
如果遇到报错:
The push refers to repository [10.0.0.11:5000/centos6.9_ssh] Get [https://10.0.0.11:5000/v2/](https://10.0.0.11:5000/v2/): http: server gave HTTP response to HTTPS client
解决方法:
vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.11:5000"]
}
systemctl restart docker
带basic认证的registry
yum install httpd-tools -y
mkdir /opt/registry-var/auth/ -p
htpasswd -Bbn oldboy 123456 >> /opt/registry-var/auth/htpasswd
docker run -d -p 5000:5000 --restart=always -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
docker-compose(单机版的容器编排工具)
ansible剧本 yml
yum install -y docker-compose(需要epel源)
示例:安装wordpress
cd my_wordpress/
vi docker-compose.yml
[root@docker01 wordpress]# ls
docker-compose.yml
[root@docker01 wordpress]# cat docker-compose.yml
version: '3'
services:
db:
image: mysql:5.7
volumes:
- /data/db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- /data/web_data:/var/www/html
ports:
- "80:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
启动
docker-compose up
后台启动
docker-compose up -d
重启docker服务,容器全部退出的解决办法
方法一:docker run --restart=always
方法二:"live-restore": true docker server
配置文件/etc/docker/daemon.json
参考 { "registry-mirrors": ["http://b7a9017d.m.daocloud.io"], "insecure-registries":["10.0.0.11:5000"], "live-restore": true }
Docker Machine安装docker服务
Docker Machine 二进制 10.0.0.11 10.0.0.12 免密码登陆
从docker的官网下载二进制的包,去安装docker 10.0.0.13 免密码登陆
ansible: shell
----docker企业级镜像仓库harbor(vmware 中国团队)
第一步:安装docker和docker-compose
yum install docker docker-compose -y
第二步:下载harbor-offline-installer-v1.5.1.tgz
第三步:上传到/opt,并解压
第四步:修改harbor.cfg配置文件
hostname = 10.0.0.11
harbor_admin_password = 123456
第五步:执行install.sh
harbor配置https:
[root@docker02 harbor]# cat harbor.yml
.....
hostname = blog.qstack.com.cn
# https related config
https:
port: 443
certificate: /opt/sert/nginx/1_blog.oldqiang.com_bundle.crt
private_key: /opt/sert/nginx/2_blog.oldqiang.com.key
执行install.sh