Docker实战应用
一、基本概念镜像(image):只读的模板
容器(container):从镜像创建的运行实例。
镜像是只读的,容器在启动的时候创建一层可写层作为最上层。
仓库(repository):集中存放镜像文件的场所
二、安装
$ sudo apt-get install apt-transport-https ca-certificates
sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
$ sudo cat <<EOF > /etc/apt/sources.list.d/docker.list
deb https://apt.dockerproject.org/repo ubuntu-trusty main
EOF
$ sudo apt-get update
$ sudo apt-get install -y linux-image-extra-$(uname -r)
$ sudo apt-get install apparmor
$ sudo apt-get install linux-image-generic-lts-trusty
$ sudo apt-get install -y docker-engine
service docker restart
docker info
三、镜像
docker pull ubuntu:14.04==docker pull registry.hub.docker.com/ubuntu:14.04
使用 docker images 显示本地已有的镜像。
创建镜像:
1、修改已有的镜像
sudo docker commit -m "Added json gem" -a "Docker Newbee" 0b2616b0e5a8 ouruser/sinatra:v2
2、使用Dockerfile
基础镜像信息
维护者信息
镜像操作指令
容器启动时执行指令
示例:
mkdir /opt/docker-file/nginx
cd /opt/docker-file/nginx
# more Dockerfile
# This is my first dockerfile uses the ubuntu image
# VERSION 1 - EDITION 1
# Author: zhong
# Base image to use, this must be set as the first line
FROM ubuntu
# Maintainer
MAINTAINER zhong zhong@email.com
# Commands to update the image
RUN echo "deb http://archive.ubuntu.com/ubuntu/ raring main universe" >> /etc/apt/sources.list
RUN apt-get update && apt-get install -y nginx
RUN echo "\ndaemon off;" >> /etc/nginx/nginx.conf
# Commands when creating a new container
CMD /usr/sbin/nginx
>-------------------------------------------------------------
执行:
docker build -t nginx-file:v1 /opt/docker-file/nginx/
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
nginx-file v1 3bc95f4f5b41 19 seconds ago 353.1 MB
3、从本地文件系统导入
导出容器到本地文件:
docker export 0fe6f27ed8b2 > origin-tomcat.tar
导入容器快照:
cat origin-tomcat.tar | sudo docker import - ld/origin-tomcat:v1.0
存出镜像:
docker save -o ubuntu_14.04.tar 192.168.88.66:5000/tomcat
载入镜像:
docker load --input ubuntu_14.04.tar
docker load < ubuntu_14.04.tar(保留元数据信息 如tag等信息)
打标签:
docker tag ld/origin-tomcat:v1.0 192.168.88.66:5000/origin-tomcat
上传库:
docker --insecure-registry 192.168.88.66:5000 push 192.168.88.66:5000/origin-zookeeper:v2.0
移除:
docker rmi 镜像ID
docker rm 容器ID
四、容器
$ sudo docker run ubuntu:14.04 /bin/echo 'Hello world'
Hello world
-d 后台运行
docker stop 停止
进入容器:nsenter 命令
$ wget https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz
$ tar xzvf util-linux-2.24.tar.gz
$ cd util-linux-2.24
$ ./configure --without-ncurses && make nsenter
$ sudo cp nsenter /usr/local/bin
下载 .bashrc_docker,并将内容放到 .bashrc 中。
wget -P ~ https://github.com/yeasy/docker_practice/raw/master/_local/.bashrc_docker
echo "[ -f ~/.bashrc_docker ] && . ~/.bashrc_docker" >> ~/.bashrc
source ~/.bashrc
docker-enter ID
清理所有处于终止状态的容器:
docker rm $(docker ps -a -q)
五、仓库
公有仓库: Docker Hub 仓库:https://hub.docker.com/ 超过 15,000 个镜像
私有仓库:$ sudo docker run -d -p 5000:5000 registry
查看私有仓库中的镜像:$ curl http://192.168.88.66:5000/v1/search
六、数据管理
挂载一个本地目录作为数据卷
-v /ld:/ld
挂载一个本地主机文件作为数据卷
-v ~/.bash_history:/.bash_history
数据卷容器:
-v /dbdata --name dbdata
在其他容器中使用 --volumes-from 来挂载 dbdata 容器中的数据卷。
docker run -d --volumes-from dbdata --name db1 ubuntu:14.04
七、网络
外部访问容器
通过 -P 或 -p 参数来指定端口映射。
随机映射:
docker run -P
docker run -d -P --name mynginx1 nginx
指定映射:
-p hostPort:containerPort
-p ip:hostPort:containerPort
-p ip::containerPort
-p hostPort:containerPort
-p hostPort:containerPort
docker run -d -p 91:80 --name mynginx2 nginx
查看端口映射:
docker port shipyard-controller 8080
-p 标记可以多次使用来绑定多个端口
-p 5000:5000-p 3000:80
容器互联:
--link
固定IP地址:
*虚拟机桥接网口需开启混杂模式。
1、修改宿主机IP地址,建立桥接网口
root@ubuntu:~# more /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto br0
iface br0 inet static
address 192.168.88.71
netmask 255.255.255.0
network 192.168.88.0
broadcast 192.168.88.255
bridge_ports p2p1
bridge_stp off
gateway 192.168.88.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 114.114.114.114
2、启动时使用br0
root@ubuntu:~# more /etc/default/docker
DOCKER_OPTS="--insecure-registry 192.168.88.66:5000 -b=br0"
3、添加静态IP地址
root@ubuntu:~# more manual_con_static_ip.sh
#/bin/bash
if [ -z $1 ] || [ -z $2 ] || [ -z $3 ] || [ -z $4 ] || [ -z $5 ];
then
echo "*****Input the necessary parameters: CONTAINERID IP MASK GATEWAY ETHNAME"
echo "*****Call the script like: sh manual_con_static_ip.shb0e18b6a4432 192.168.88.70 24 192.168.88.1 eth1"
exit
fi
CONTAINERID=$1
SETIP=$2
SETMASK=$3
GATEWAY=$4
ETHNAME=$5
#判断宿主机网卡是否存在
ifconfig $ETHNAME > /dev/null 2>&1
if [ $? -eq 0 ]; then
read -p "$ETHNAME exist,do you want delelte it? y/n " del
if [[ $del == 'y' ]]; then
ip link del $ETHNAME
else
exit
fi
fi
#
pid=`docker inspect -f '``.`State`.`Pid`' $CONTAINERID`
mkdir -p /var/run/netns
find -L /var/run/netns -type l -delete
if [ -f /var/run/netns/$pid ]; then
rm -f /var/run/netns/$pid
fi
ln -s /proc/$pid/ns/net /var/run/netns/$pid
#
ip link add $ETHNAME type veth peer name B
brctl addif br0 $ETHNAME
ip link set $ETHNAME up
ip link set B netns $pid
#先删除容器内已存在的eth0
ip netns exec $pid ip link del eth0 > /dev/null 2>&1
#设置容器新的网卡eth0
ip netns exec $pid ip link set dev B name eth0
ip netns exec $pid ip link set eth0 up
ip netns exec $pid ip addr add $SETIP/$SETMASK dev eth0
ip netns exec $pid ip route add default via $GATEWAY
八、图形化管理:shipyard
https://shipyard-project.com/docs/deploy/automated/自动安装
示例:
http://192.168.88.66:8080/
admin/shipyard
增加node:
curl -sSL https://shipyard-project.com/deploy | ACTION=node DISCOVERY=etcd://192.168.88.66:4001bash -s
九、微容器:alpine linux
https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management
参考文档:
Docker —— 从入门到实践:
https://www.gitbook.com/book/yeasy/docker_practice/details
Docker为容器分配指定物理网段的静态IP:
http://www.xiaomastack.com/2015/02/06/docker-static-ip/
附:Docker Commands
attach Attach to a running container# 当前shell下attach连接指定运行镜像
build Build an image from a Dockerfile # 通过Dockerfile定制镜像
commit Create a new image from a container's changes # 提交当前容器为新的镜像
cp Copy files/folders from the containers filesystem to the host path# 从容器中拷贝指定文件或者目录到宿主机中
diff Inspect changes on a container's filesystem # 查看docker容器变化
events Get real time events from the server # 从docker服务获取容器实时事件
export Stream the contents of a container as a tar archive# 导出容器的内容流作为一个tar归档文件[对应import]
history Show the history of an image # 展示一个镜像形成历史
images List images # 列出系统当前镜像
import Create a new filesystem image from the contents of a tarball# 从tar包中的内容创建一个新的文件系统映像[对应export]
info Display system-wide information # 显示系统相关信息
inspect Return low-level information on a container # 查看容器详细信息
kill Kill a running container # kill指定docker容器
load Load an image from a tar archive # 从一个tar包中加载一个镜像[对应save]
login Register or Login to the docker registry server# 注册或者登陆一个docker源服务器
logs Fetch the logs of a container # 输出当前容器日志信息
port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT# 查看映射端口对应的容器内部源端口
pause Pause all processes within a container # 暂停容器
ps List containers # 列出容器列表
pull Pull an image or a repository from the docker registry server# 从docker镜像源服务器拉取指定镜像或者库镜像
push Push an image or a repository to the docker registry server# 推送指定镜像或者库镜像至docker源服务器
restart Restart a running container # 重启运行的容器
rm Remove one or more containers # 移除一个或者多个容器
rmi Remove one or more images # 移除一个或多个镜像[无容器使用该镜像才可删除,否则需删除相关容器才可继续或-f强制删除]
run Run a command in a new container# 在一个新的容器中运行一个命令
save Save an image to a tar archive # 保存一个镜像为一个tar包[对应load]
search Search for an image in the docker index # 在docker index中搜索镜像
start Start a stopped containers # 启动容器
stop Stop a running containers # 停止容器
tag Tag an image into a repository # 给源中镜像打标签
top Lookup the running processes of a container # 查看容器中运行的进程信息
unpause Unpause a paused container # 取消暂停容器
version Show the docker version information # 查看docker版本号
wait Block until a container stops, then print its exit code# 截取容器停止时的退出状态值
整理以上命令:
容器生命周期管理 — docker
容器操作运维 — docker
容器rootfs命令 — docker
镜像仓库 — docker
本地镜像管理 — docker
其他命令 — docker
页:
[1]