Docker讲解与实战,精炼易懂!
1、docker简介docker通过内核虚拟化技术(namespace及cgroups等)来提供容器的资源隔离与安全保障等,由于docker通过操作系统层的虚拟化实现隔离,所以docker容器在运行时,不需要类似虚拟机额外的操作系统开销,提供资源利用率
2、dockervskvm
http://i2.运维网.com/images/blog/201808/17/d14bc1ed6eeb5af2d8bff193c38e838d.png
3、dockervsvms
http://i2.运维网.com/images/blog/201808/17/bb0aacbdea683fb790db1e95f1301ee9.png
4、docker三大组件
镜像(image)、容器(container)、仓库(repository)
一、docker安装
#tee /etc/yum.repos.d/docker.repo 443/tcp nginx-test1
# netstat -lntup|grep 32768
tcp6 0 0 :::32768 :::* LISTEN 11213/docker-proxy
# curl -I http://172.16.80.132:32769
HTTP/1.1 200 OK
Server: nginx/1.11.5
Date: Thu, 24 Nov 2016 05:58:47 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 11 Oct 2016 15:03:01 GMT
Connection: keep-alive
ETag: "57fcff25-264"
Accept-Ranges: bytes
转换前
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all--0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp --0.0.0.0/0 0.0.0.0/0
ACCEPT all--0.0.0.0/0 0.0.0.0/0
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATIONall--0.0.0.0/0 0.0.0.0/0
DOCKER all--0.0.0.0/0 0.0.0.0/0
ACCEPT all--0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all--0.0.0.0/0 0.0.0.0/0
ACCEPT all--0.0.0.0/0 0.0.0.0/0
REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all--0.0.0.0/0 0.0.0.0/0
转换后
# docker run -d -P --name nginx-test1 daocloud.io/library/nginx
42783cf5053639383004f82b9e72fe0223c7c028d2754b2d0f74429824715f05
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42783cf50536 daocloud.io/library/nginx "nginx -g 'daemon off" 9 seconds ago Up 7 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp nginx-test1
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all--0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp --0.0.0.0/0 0.0.0.0/0
ACCEPT all--0.0.0.0/0 0.0.0.0/0
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATIONall--0.0.0.0/0 0.0.0.0/0
DOCKER all--0.0.0.0/0 0.0.0.0/0
ACCEPT all--0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all--0.0.0.0/0 0.0.0.0/0
ACCEPT all--0.0.0.0/0 0.0.0.0/0
REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp--0.0.0.0/0 172.17.0.2 tcp dpt:443
ACCEPT tcp--0.0.0.0/0 172.17.0.2 tcp dpt:80
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all--0.0.0.0/0 0.0.0.0/0
# sh docker_in.sh nginx-test1
root@42783cf50536:/#
root@42783cf50536:/#
root@42783cf50536:/# ip addr
1: lo:mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0:mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
五、docker数据存储
# docker run -d --name nginx-volume-test1 -v /data daocloud.io/library/nginx
88b24d79a4f3b021325592ceac20e86291166d675b213d60db017548c4d9d960
# sh docker_in.sh nginx-volume-test1
root@88b24d79a4f3:/# cd /data/
root@88b24d79a4f3:/data# ls
root@88b24d79a4f3:/data# touch hehe
root@88b24d79a4f3:/data# ls -l
total 0
-rw-r--r-- 1 root root 0 Nov 24 06:30 hehe
# cd /var/lib/docker/
# ll
total 32
drwx------ 6 root root 4096 Nov 24 14:28 containers
drwx------ 5 root root 4096 Nov 24 02:05 devicemapper
drwx------ 3 root root 4096 Nov 24 01:20 image
drwxr-x--- 3 root root 4096 Nov 24 01:20 network
drwx------ 2 root root 4096 Nov 24 01:20 swarm
drwx------ 2 root root 4096 Nov 24 10:09 tmp
drwx------ 2 root root 4096 Nov 24 01:20 trust
drwx------ 3 root root 4096 Nov 24 14:28 volumes
# cd volumes/
# ls
4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60metadata.db
# cd 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60/
# ls
_data
# cd _data/ 容器内的文件实际在物理机上面的的保存目录
# ls
hehe
# docker run -d --name nginx-volume-test2 -v /data/mysql:/mysql daocloud.io/library/nginx
f7278ce9bd88c26a0c5aaefcb2b39f1f9df0066bc94edb7a530213815e166f5e
#-v /data/mysql:/mysql表示把物理机的/data/mysql目录挂载到容器内的/mysql目录下面
# docker run -d --name nginx-volumes -v /data/mysql:/mysql daocloud.io/library/nginx
28c616e44352fc4eafeb2f87dbbb7b6eb9df447235afe027034efa96df1c5071
#
# docker run -d --name web-node1 --volumes-from nginx-volumes daocloud.io/library/nginx
0f022ce56e8b800cb1a4ac76bb8a326d42e198093146e8661ad3ac8925ad317d
#
# docker run -d --name web-node2 --volumes-from nginx-volumes daocloud.io/library/nginx
03d5e88c15f6604eeee2b8af500b8f356ba69adc34710f3c19b813530f19dc3d
六、基于Dockerfile来创建mysql镜像
1)创建Dockerfile文件
# mkdir mysql_ubuntu
# cd mysql_ubuntu/
# cat Dockerfile
FROM ubuntu:14.04
RUN apt-get update
RUN apt-get -y install mysql-client mysql-server
RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
ADD ./startup.sh /opt/startup.sh
EXPOSE 3306
CMD ["/bin/bash", "/opt/startup.sh"]
2)创建mysql服务启动脚本文件
# cat startup.sh
#!/bin/bash
if [ ! -f /var/lib/mysql/ibdata1 ]; then
mysql_install_db
/usr/bin/mysqld_safe &
sleep 10s
echo "GRANT ALL ON *.* TO admin@'%' IDENTIFIED BY 'changeme' WITH GRANT OPTION; FLUSH PRIVILEGES" | mysql
killall mysqld
sleep 10s
fi
/usr/bin/mysqld_safe
3)构建mysql镜像
docker build -t centos/mysql .
4)查看镜像
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos/mysql latest f58add96ecb7 About a minute ago 338.9 MB
5)基于新镜像创建mysql容器
# mkdir /data/mysql -p
# docker run -d -p 3306:3306 -v /data/mysql:/var/lib/mysql centos/mysql
0112ba90e4a30a13e4f3af26f4a5bcd73e91ae3afa881a36fadd34cd953d0ada
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112ba90e4a3 centos/mysql:latest "/bin/bash /opt/star 4 seconds ago Up 3 seconds 0.0.0.0:3306->3306/tcp reverent_hawking
# ll /data/mysql/
total 28680
-rw-rw----. 1 103106 18874368 Apr 25 17:46 ibdata1
-rw-rw----. 1 1031065242880 Apr 25 19:09 ib_logfile0
-rw-rw----. 1 1031065242880 Apr 25 17:45 ib_logfile1
drwx------. 2 103 root 4096 Apr 25 17:45 mysql
drwx------. 2 103106 4096 Apr 25 17:45 performance_schema
6)测试mysql容器
# mysql -uadmin -p123456 -h192.168.0.104 -P 3306 -e 'show databases'
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
或者提供一个登陆mysql客户端脚本
run-client.sh
#!/bin/sh
TAG="mysql"
CONTAINER_ID=$(docker ps | grep $TAG | awk '{print $1}')
IP=$(docker inspect $CONTAINER_ID | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["NetworkSettings"]["IPAddress"]')
mysql -u admin -p -h $IP
用dockerfile文件构建docker镜像灵活简便,推荐多多运用。
页:
[1]