docker的部署及使用

Docker部署及使用

1.安装docker 1.查看系统环境： [root@bogon ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@bogon ~]# uname -r 3.10.0-514.el7.x86_64 [root@bogon ~]# systemctl stop firewalld [root@bogon ~]# systemctl disable firewalld [root@bogon ~]# setenforce 0 2.安装docker [root@bogon ~]# yum install -y docker 3.docker和OpenStack对比表 4.启动docker并设置开机自启 [root@bogon ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. 5.更改docker镜像源（默认会去国外官方站点下载，可能会慢也有被拦截的风险，所以改成国内的） [root@bogon ~]# docker deamon –help 上述命令可以查看到下面文件中需要添加参数的帮助信息。 [root@bogon ~]# vim /usr/lib/systemd/system/docker.service #在文件里添加×××部分，×××部分地址需要登录阿里云获取 ExecStart=/usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
6.加载下文件 [root@bogon ~]# systemctl daemon-reload 7.启动docker [root@bogon ~]# systemctl start docker Docker启动报错解决方案： 启动不成功会提示去哪里看报错，如下： [root@bogon ~]# systemctl start docker Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details. [root@bogon ~]# journalctl -xe #仔细看报错文件，如果是如下报错： -- Unit docker.service has begun starting up. 8月 28 16:42:20 bogon dockerd-current[3316]: time="2018-08-28T16:42:20.529170789+08:00" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found" 8月 28 16:42:20 bogon dockerd-current[3316]: time="2018-08-28T16:42:20.542715409+08:00" level=info msg="libcontainerd: new containerd process, pid: 3321" 8月 28 16:42:22 bogon dockerd-current[3316]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or disable selinux in docker (--selin 8月 28 16:42:22 bogon systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE 8月 28 16:42:22 bogon systemd[1]: Failed to start Docker Application Container Engine. -- Subject: Unit docker.service has failed 解决方法： 修改下面配置文件内容 [root@bogon ~]# vim /etc/sysconfig/docker #下面内容中添加×××部分 OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false' 修改后再次启动就可以了 8.docker启动后查看下状态： [root@bogon ~]# systemctl status docker #下面绿色部分说明启动没有问题 ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since 二 2018-08-28 16:46:06 CST; 5min ago Docs: http://docs.docker.com Main PID: 3390 (dockerd-current) CGroup: /system.slice/docker.service ├─3390 /usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com --ad... └─3395 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-co...

8月 28 16:46:05 bogon dockerd-current[3390]: time="2018-08-28T16:46:05.866842623+08:00" level=info...ds" 8月 28 16:46:05 bogon dockerd-current[3390]: time="2018-08-28T16:46:05.868038662+08:00" level=info...t." 8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:05.999481830+08:00" level=info...se" 8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.180906259+08:00" level=info...ss" 8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.281198675+08:00" level=info...e." 8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.285045777+08:00" level=warn...ix" 8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.334406287+08:00" level=info...on" 8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.334428391+08:00" level=info...3.1 8月 28 16:46:06 bogon systemd[1]: Started Docker Application Container Engine. 8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.370242046+08:00" level=info...ck" Hint: Some lines were ellipsized, use -l to show in full. 2.docker简单操作 镜像的下载 [root@bogon ~]# docker pull alpine Using default tag: latest Trying to pull repository docker.io/library/alpine ... latest: Pulling from docker.io/library/alpine 8e3ba11ec2a2: Pull complete Digest: sha256:7043076348bf5040220df6ad703798fd8593a0918d06d3ce30c6c93be117e430 Status: Downloaded newer image for docker.io/alpine:latest 镜像的搜索，如下搜索一个nginx镜像 [root@bogon ~]# docker search nginx INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/nginx Official build of Nginx. 9370 [OK]
docker.io docker.io/jwilder/nginx-proxy Automated Nginx reverse proxy for docker c... 1388 [OK] docker.io docker.io/richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable ... 609 [OK] docker.io docker.io/jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as... 396 [OK] docker.io docker.io/kong Open-source Microservice & API Management ... 219 [OK]
docker.io docker.io/webdevops/php-nginx Nginx with PHP-FPM 111 [OK] docker.io docker.io/kitematic/hello-world-nginx A light-weight nginx container that demons... 108
docker.io docker.io/zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server ... 63 [OK] docker.io docker.io/bitnami/nginx Bitnami nginx Docker Image 57 [OK] docker.io docker.io/1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 43 [OK] docker.io docker.io/linuxserver/nginx An Nginx container, brought to you by Linu... 38
docker.io docker.io/tobi312/rpi-nginx NGINX on Raspberry Pi / armhf 20 [OK] docker.io docker.io/blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 12 [OK] docker.io docker.io/nginxdemos/nginx-ingress NGINX Ingress Controller for Kubernetes . ... 11
docker.io docker.io/wodby/drupal-nginx Nginx for Drupal container image 10 [OK] docker.io docker.io/nginxdemos/hello NGINX webserver that serves a simple page ... 8 [OK] docker.io docker.io/webdevops/nginx Nginx container 8 [OK] 下载nginx镜像： [root@bogon ~]# docker pull nginx 查看本地镜像： [root@bogon ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/nginx latest c82521676580 4 weeks ago 109 MB docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB 镜像的导出： [root@bogon ~]# docker save nginx >/tmp/nginx.tar.gz [root@bogon ~]# ls /tmp/ nginx.tar.gz
镜像删除操作 [root@bogon ~]# docker rmi nginx Untagged: nginx:latest Untagged: docker.io/nginx@sha256:d85914d547a6c92faa39ce7058bd7529baacab7e0cd4255442b04577c4d1f424 Deleted: sha256:c82521676580c4850bb8f0d72e47390a50d60c8ffe44d623ce57be521bca9869 Deleted: sha256:2c1f65d17acf8759019a5eb86cc20fb8f8a7e84d2b541b795c1579c4f202a458 Deleted: sha256:8f222b457ca67d7e68c3a8101d6509ab89d1aad6d399bf5b3c93494bbf876407 Deleted: sha256:cdb3f9544e4c61d45da1ea44f7d92386639a052c620d1550376f22f5b46981af [root@bogon ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB 导入镜像导入： [root@bogon ~]# docker load < /tmp/nginx.tar.gz cdb3f9544e4c: Loading layer 58.44 MB/58.44 MB a8c4aeeaa045: Loading layer 54.24 MB/54.24 MB 08d25fa0442e: Loading layer 3.584 kB/3.584 kB Loaded image: docker.io/nginx:latest [root@bogon ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/nginx latest c82521676580 4 weeks ago 109 MB docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB docker镜像启动：（run其实是两个命令的结合，一个是create,创建容器，一个是run运行容器） [root@bogon ~]# docker run alpine sh 上述这样启动是免交互的相当于后台运行。 [root@bogon ~]# docker run -it alpine sh / # #加上-it后会启动镜像并进入到镜像内。 / # cd /tmp/ /tmp # ls /tmp # mkdir abc /tmp # touch 111 /tmp # ls 111 abc /tmp # exit #可以在容器里进行操作，exit退出，容器退出即关闭，想退出不关闭，按住ctrl按下p按下q就可以退出不关闭。 查看正在运行的容器： [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 显示所有的容器，不管是否在运行。 [root@bogon ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 212334d5b4e6 alpine "sh" 21 minutes ago Exited (0) 18 minutes ago stupefied_mclean 939f8d7c326a alpine "sh" 22 minutes ago Exited (0) 22 minutes ago keen_ramanujan 删除容器： [root@bogon ~]# docker rm 212334d5b4e6 939f8d7c326a #rm后面加上容器的ID，运行中的容器删除时会报错，需要在rm后面加上-f强制删除 212334d5b4e6 939f8d7c326a 运行nginx容器： [root@bogon ~]# docker run -it --name mynginx nginx #--name：给运行的容器指定个名称，默认会随机起个名，不好识别 [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8c39a0d44943 nginx "nginx -g 'daemon ..." 56 seconds ago Up 55 seconds 80/tcp mynginx 显示容器的详细信息： [root@bogon ~]# docker inspect mynginx （可以指定容器的ID号） [ { "Id": "8c39a0d449436812f7384cdad68dbb7cf303a20cf2e04f4360754e4941575c5d", "Created": "2018-08-28T10:12:27.182865131Z", "Path": "nginx", "Args": [ "-g", "daemon off;" 。。。。。。。。。。 最后几行信息 "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "44fcef1e4efb63b10dc5742f09d18848e25b235f5c2f7c38ad6d1a05d00946ba", "EndpointID": "2b6d3969bfaffbbbbd166f694f7bf3e1fc5945195849cf12c45ee0906a010275", "Gateway": "172.17.0.1", #网关 "IPAddress": "172.17.0.2", #Ip地址 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02" } } } } ] Curl 下ip地址看能否访问： [root@bogon ~]# curl 172.17.0.2 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> Welcome to nginx! <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p>

<p>For online documentation and support please refer to <a rel="nofollow" href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a rel="nofollow" href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p> </body> </html> 进入已经运行的容器中 [root@bogon ~]# docker attach mynginx 这种方法进入没有bash终端，并且输入信息其他终端也可以看见且无法直接退出，只有ctrl+p+q退出 [root@bogon ~]# docker exec -it mynginx sh

这种方式是比较推荐的，会提供一个指定的bash终端，可以做任意操作。

ls

bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var

[root@bogon ~]# docker run -it -d --name mynginx nginx #-d：后台运行，-d和-rm是冲突参数，只能 81a545910b0d1215fedc279ec38ff65a4a7ddbc7be1b8f37ed7b87fa8a6c244a [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 81a545910b0d nginx "nginx -g 'daemon ..." 7 seconds ago Up 6 seconds 80/tcp mynginx 查看docker里面服务的访问日志： [root@bogon ~]# docker logs mynginx 172.17.0.1 - - [28/Aug/2018:11:43:16 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" [root@bogon ~]# docker logs -f mynginx 172.17.0.1 - - [28/Aug/2018:11:43:16 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 172.17.0.1 - - [28/Aug/2018:11:44:50 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 172.17.0.1 - - [28/Aug/2018:11:44:51 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 172.17.0.1 - - [28/Aug/2018:11:44:52 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" #docker logs -f 类似于tailf日志追踪 3.Docker镜像制作 1.下载centos镜像： [root@bogon ~]# docker pull centos 2.运行容器并进入容器里： [root@bogon ~]# docker run -it centos bash [root@0fca23e3d80d /]# 3.默认没有wget，先yum一个wget： [root@0fca23e3d80d /]# yum install -y wget 4.切换成阿里云源 [root@0fca23e3d80d /]# cd /etc/yum yum/ yum.conf yum.repos.d/ [root@0fca23e3d80d /]# cd /etc/yum yum/ yum.conf yum.repos.d/ [root@0fca23e3d80d /]# cd /etc/yum.repos.d/ [root@0fca23e3d80d yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-fasttrack.repo CentOS-CR.repo CentOS-Media.repo CentOS-Vault.repo [root@0fca23e3d80d yum.repos.d]# rm -f * [root@0fca23e3d80d yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 阿里云epel源； [root@0fca23e3d80d yum.repos.d]# yum install -y epel-release [root@0fca23e3d80d yum.repos.d]# ls CentOS-Base.repo epel-testing.repo epel.repo 5.安装nginx： [root@0fca23e3d80d yum.repos.d]# yum install -y nginx 配置nginx [root@0fca23e3d80d yum.repos.d]# vi /etc/nginx/nginx.conf #添加×××部分 user nginx; daemon off; 查看下docker commit帮助 [root@bogon ~]# docker commit --help

Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]

Create a new image from a container's changes

Options: -a, --author string Author (e.g., "John Hannibal Smith hannibal@a-team.com") -c, --change list Apply Dockerfile instruction to the created image (default []) --help Print usage -m, --message string Commit message -p, --pause Pause container during commit (default true) [root@bogon ~]# docker commit -m "add nginx images" mynginx liyongli/my_nginx 语法：-m后面是描述 Mynginx：运行的容器名 liyongli/my_nginx：镜像名 查看本地镜像会发现多一个×××部分的镜像 [root@bogon ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE liyongli/my_nginx latest 66ff70d8a103 22 seconds ago 408 MB docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB docker.io/nginx latest c82521676580 5 weeks ago 109 MB docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB tag号默认是latest，在上述镜像名后面加上×××部分tag就是你指定的liyongli/my_nginx:v1 [root@bogon ~]# docker commit -m "add nginx images" happy_perlman liyongli/my_nginx:v1 sha256:e6cdb103b333963c17a7ef185e0ec040b3f25c93e3aabaa152040b569cfbe804 [root@bogon ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE liyongli/my_nginx v1 e6cdb103b333 4 seconds ago 408 MB liyongli/my_nginx latest 66ff70d8a103 4 minutes ago 408 MB docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB docker.io/nginx latest c82521676580 5 weeks ago 109 MB docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB 启动自己做的镜像： [root@bogon ~]# docker run -d --name mnginx liyongli/my_nginx nginx --name:运行容器的描述 liyongli/my_nginx：镜像名 nginx：运行的服务名 5a15d9986e8f460ff047ab716f809309a7e828218986d95df7749b1115b33953 [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5a15d9986e8f liyongli/my_nginx "nginx" 11 seconds ago Up 10 seconds mnginx 0fca23e3d80d centos "bash" About an hour ago Up About an hour happy_perlman Docker网络 Docker端口映射： [root@bogon ~]# docker run -d --name mnginx -P nginx #-P：端口映射 dc1c5779e7b9f0146376da4bcad1827fe2f80c1fac39c21b7076ce65e4446d51 [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dc1c5779e7b9 nginx "nginx -g 'daemon ..." 7 seconds ago Up 6 seconds 0.0.0.0:32768->80/tcp mnginx 将随机产生一个端口映射到容器里的80 访问验证：

[root@bogon ~]# docker run --name my_nginx -d -p 80:80 liyongli/my_nginx nginx

liyongli/my_nginx：镜像名

nginx：镜像里的服务

#-p:指定80端口去映射docker上的80 c826a3ea327a0f2957c9f4181af8d4408e8d7de1ebee645def8e07891afc2757 [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c826a3ea327a liyongli/my_nginx "nginx" 12 seconds ago Up 11 seconds 0.0.0.0:80->80/tcp my_nginx 访问测试：

注：默认采用tcp，想换成UDP，需要在端口后面加上协议（如下×××部分） [root@bogon ~]# docker run --name my_nginx -d -p 80:80/udp liyongli/my_nginx nginx 46f6b91ed321ed0fd0cf2e638a68d859207e7ff4dc33c02d7d299e258200496f [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 46f6b91ed321 liyongli/my_nginx "nginx" 2 seconds ago Up 2 seconds 0.0.0.0:80->80/udp my_nginx 指定端口和IP映射： [root@bogon ~]# docker run --name my_nginx -d -p 127.0.0.1:80:80 liyongli/my_nginx nginx 7266e28a7f4b7a1a38f41b55ccf33136f3f7867081e0d1369f662a6292d9fc0a [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7266e28a7f4b liyongli/my_nginx "nginx" 21 seconds ago Up 21 seconds 127.0.0.1:80->80/tcp my_nginx 访问测试，外面的浏览器访问不到了：

本地curl访问： [root@bogon ~]# curl 127.0.0.1:80 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Test Page for the Nginx HTTP Server on Fedora</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /<![CDATA[/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; 第二种制作镜像的方法： 此方法快速方便，但不规范，可用于测试环境 [root@bogon ~]# docker commit c6907664eaa6 mysqlserver 语法：docker commit 运行停止的容器ID 镜像名 sha256:5fa23cedfee037c1645f446b8d5e11d67419c93e89c73cf81a28386a403e8407 [root@bogon ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE mysqlserver latest 5fa23cedfee0 9 seconds ago 484 MB 127.0.0.1:6000/zhouhao/nginx latest a8ddb97e410c 3 days ago 429 MB <none> <none> 6ebd2e131385 3 days ago 429 MB liyongli/my_nginx v1 e6cdb103b333 4 days ago 408 MB liyongli/my_nginx latest 66ff70d8a103 4 days ago 408 MB docker.io/mysql latest 29e0ae3b69b9 2 weeks ago 484 MB docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB docker.io/nginx latest c82521676580 5 weeks ago 109 MB docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB 4.docker之间互相通信：

1. 先运行两台容器 [root@bogon ~]# docker run -d --name web1 -p 80:80 liyongli/my_nginx nginx e79fa7dd7157cd69b87dd125743a711996679c03698d8079421adb697d132f72 [root@bogon ~]# docker run -d --name web2 --link web1 -p 8080:80 liyongli/my_nginx nginx #--link：是指与哪台容器进行通信，后面跟上容器名即可 27a7ebdb7f74ff28deb70b425d591043301dcd83dd15d25056dd6f981d2ae603 [root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 27a7ebdb7f74 liyongli/my_nginx "nginx" 7 seconds ago Up 6 seconds 0.0.0.0:8080->80/tcp web2 e79fa7dd7157 liyongli/my_nginx "nginx" About a minute ago Up 59 seconds 0.0.0.0:80->80/tcp web1

2.进入web2查看下host文件： [root@bogon ~]# docker exec -it web2 sh sh-4.2# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 web1 e79fa7dd7157 172.17.0.3 27a7ebdb7f74 会发现多出web1 的解析 3.ping测试： sh-4.2# ping web1 PING web1 (172.17.0.2) 56(84) bytes of data. 64 bytes from web1 (172.17.0.2): icmp_seq=1 ttl=64 time=0.142 ms 64 bytes from web1 (172.17.0.2): icmp_seq=2 ttl=64 time=0.091 ms 64 bytes from web1 (172.17.0.2): icmp_seq=3 ttl=64 time=0.091 ms 也能拼通，访问没有问题 sh-4.2# curl 172.17.0.2:80 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Test Page for the Nginx HTTP Server on Fedora</ti

上述的操作，连接互通是单向性的，web2可以连通web1但是web1连不上web2： [root@bogon ~]# docker exec -it web1 sh sh-4.2# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 e79fa7dd7157 Web1 的host文件并没有解析。 解决容器名被更改如何还能连通： [root@bogon ~]# docker run -d --name web2 --link web1:shop_nginx -p 8080:80 liyongli/my_nginx nginx #增加×××部分相当于起个别名，这样前面的web1可以随意改动，只要后面不变就可以 d8f650859edd7d516f098a342931833ef3fe790531e02a05e29dbe1b567d383c [root@bogon ~]# docker exec -it web2 bash [root@d8f650859edd /]# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 shop_nginx e79fa7dd7157 web1 172.17.0.3 d8f650859edd 查看docker支持的网络类型： [root@bogon ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 9d714af60380 bridge bridge local fb92c872341e host host local 0901c10db04a none null local Host:走的是物理机本地内网IP，默认使用本地IP，相对来说网络稳定，只要同一网段，可以跨主机。但端口不能重复， [root@bogon ~]# docker run -it --rm --net=host nginx 2018/08/30 07:25:56 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) #提示80端口被占用 None:需要通过程序或者其他方法给容器配置IP，默认只有本地回环地址。 [root@bogon ~]# docker run -it --rm --net=none alpine sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever docker实现跨主机互联： 1.修改下docker.service文件使其docker网段不同： [root@bogon ~]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com --bip=172.18.42.1/16
在配置文件中添加×××部分，指定IP地址段，×××部分改的是网关地址 2.重新加载配置文件并重启docker [root@bogon ~]# systemctl daemon-reload [root@bogon ~]# systemctl restart docker 3.查看docker状态是否正常 [root@bogon ~]# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since 四 2018-08-30 15:52:34 CST; 11s ago Docs: http://docs.docker.com Main PID: 4145 (dockerd-current) CGroup: /system.slice/docker.service ├─4145 /usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com --bi... └─4149 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-co...

8月 30 15:52:33 bogon dockerd-current[4145]: time="2018-08-30T15:52:33.400672397+08:00" level=info...49" 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.586152872+08:00" level=info...ds" 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.587277463+08:00" level=info...t." 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.623423404+08:00" level=info...se" 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.860582020+08:00" level=info...e." 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.879169723+08:00" level=warn...ix" 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.976361022+08:00" level=info...on" 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.976387296+08:00" level=info...3.1 8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.997355105+08:00" level=info...ck" 8月 30 15:52:34 bogon systemd[1]: Started Docker Application Container Engine. Hint: Some lines were ellipsized, use -l to show in full. 4.查看ip，×××部分为上方改的，和改的一样说明没有问题 [root@bogon ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:29:85:5b brd ff:ff:ff:ff:ff:ff inet 192.168.200.200/24 brd 192.168.200.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe29:855b/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:57:0e:e5:98 brd ff:ff:ff:ff:ff:ff inet 172.18.43.1/24 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:57ff:fe0e:e598/64 scope link valid_lft forever preferred_lft forever 第二台的机器和上述一样。 Node2的ip [root@bogon ~]# ip a show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:0f:6b:3a brd ff:ff:ff:ff:ff:ff inet 192.168.200.201/24 brd 192.168.200.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0f:6b3a/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:0b:ba:3a:99 brd ff:ff:ff:ff:ff:ff inet 172.17.42.1/24 scope global docker0 valid_lft forever preferred_lft forever 5.保证两台机器能够互相通信： [root@bogon ~]# ping 192.168.200.201 PING 192.168.200.201 (192.168.200.201) 56(84) bytes of data. 64 bytes from 192.168.200.201: icmp_seq=1 ttl=64 time=0.338 ms 64 bytes from 192.168.200.201: icmp_seq=2 ttl=64 time=0.403 ms ^C --- 192.168.200.201 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.338/0.370/0.403/0.037 ms [root@bogon ~]# ping 192.168.200.200 PING 192.168.200.200 (192.168.200.200) 56(84) bytes of data. 64 bytes from 192.168.200.200: icmp_seq=1 ttl=64 time=0.244 ms ^C --- 192.168.200.200 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.244/0.244/0.244/0.000 ms 6.两台机器分别运行容器： [root@bogon ~]# docker run -it --name node1 centos bash #安装相关网络工具，默认没有 [root@1af63485012b /]# yum install net-tools -y 第二台机器也是一样 [root@bogon ~]# docker run -it --name node2 centos bash [root@3f346455006b /]# yum install -y net-tools 7.测试两台容器能否通信： [root@1af63485012b /]# ping 172.17.0.1 PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data. [root@3f346455006b /]# ping 172.18.0.1 PING 172.18.0.1 (172.18.0.1) 56(84) bytes of data. 默认两台之间无法通信

5.Docker数据管理： 1.数据卷： [root@bogon ~]# docker run -it --name node1 --rm -v /data centos bash #--rm :退出容器即删除 #-v :指定容器卷显示在容器里面的名字，默认是真机的/目录 [root@f96cadd91776 /]# df -h Filesystem Size Used Avail Use% Mounted on overlay 17G 2.4G 15G 14% / tmpfs 489M 0 489M 0% /dev tmpfs 489M 0 489M 0% /sys/fs/cgroup /dev/mapper/cl-root 17G 2.4G 15G 14% /data shm 64M 0 64M 0% /dev/shm tmpfs 489M 0 489M 0% /proc/acpi tmpfs 489M 0 489M 0% /proc/scsi tmpfs 489M 0 489M 0% /sys/firmware 正确的用法： [root@bogon ~]# mkdir /home/opt [root@bogon ~]# docker run -it --name node1 --rm -v /home/opt:/opt centos bash [root@a5dce0b1320d /]# df -h Filesystem Size Used Avail Use% Mounted on overlay 17G 2.4G 15G 14% / tmpfs 489M 0 489M 0% /dev tmpfs 489M 0 489M 0% /sys/fs/cgroup /dev/mapper/cl-root 17G 2.4G 15G 14% /opt shm 64M 0 64M 0% /dev/shm tmpfs 489M 0 489M 0% /proc/acpi tmpfs 489M 0 489M 0% /proc/scsi tmpfs 489M 0 489M 0% /sys/firmware [root@a5dce0b1320d /]# cd /opt/ [root@a5dce0b1320d opt]# touch a [root@a5dce0b1320d opt]# ls a [root@a5dce0b1320d opt]# exit exit [root@bogon ~]# ls /home/opt/ a 挂载真机的指定目录（默认都是可读写的） 文件的挂载：（真机上的host文件被挂载上了，建议如果有需要，挂载文件挂载不常被改动的文件。） [root@bogon ~]# docker run -it --name node1 --rm -v /etc/hosts:/opt/hosts centos bash [root@e96915900ad9 /]# ls /opt/hosts /opt/hosts [root@e96915900ad9 /]# cat /opt/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 给挂载点设置成只读权限： [root@bogon ~]# docker run -it --name node1 --rm -v /etc/hosts:/opt/hosts:ro centos bash [root@ac01a4cc01ee /]# echo "1111" >>/opt/hosts bash: /opt/hosts: Read-only file system 这样会比较安全。 2.数据卷容器： 创建第一个容器： [root@bogon ~]# docker run -it -v /opt:/opt --name node1 centos bash [root@680e78302bb6 /]# ls /opt/ [root@680e78302bb6 opt]# mkdir ppp [root@680e78302bb6 opt]# ls ppp 创建第二个容器： [root@bogon ~]# docker run -it --name node2 --volumes-from node1 centos bash #--volumes-from ;数据卷容器来自哪里，后面跟上容器名 [root@37a43f150d4d /]# df -h Filesystem Size Used Avail Use% Mounted on overlay 17G 2.4G 15G 14% / tmpfs 489M 0 489M 0% /dev tmpfs 489M 0 489M 0% /sys/fs/cgroup /dev/mapper/cl-root 17G 2.4G 15G 14% /opt shm 64M 0 64M 0% /dev/shm tmpfs 489M 0 489M 0% /proc/acpi tmpfs 489M 0 489M 0% /proc/scsi tmpfs 489M 0 489M 0% /sys/firmware [root@37a43f150d4d /]# cd /opt/ [root@37a43f150d4d opt]# ls ppp 注：即使将容器卷那个容器删除或者关闭，容器卷依然有效 [root@bogon ~]# docker rm -fv 680e78302bb6 #-v :删除容器的数据卷，不加-v只是将容器删除，容器产生的数据还在硬盘里。

6.Docker_file编写： 注：dockerfile的文件名D必须大写 [root@bogon ~]# mkdir docker [root@bogon ~]# cd docker [root@bogon docker]# vim Dockerfile #This is dockerfile for nginx #基于的镜像是什么，这里采用centos，可以是本地也可以是官网的，本地没有会从官网下载，若官网没有会失败。 FROM centos #维护者信息 MAINTAINER zhouhao zhouhao@123.com #相关操作，默认镜像没有epel源的，这里给安装epel RUN rpm -ivh https://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-9.noarch.rpm RUN yum install -y nginx #ENV：增加环境变量，比如JAVA，TOMCAT，都会用到此项 #添加文件,index.html要和Dockerfile在同一目录下 ADD index.html /usr/share/nginx/html/index.html #配置文件中添加参数 RUN echo "daemon off;" >> /etc/nginx/nginx.conf #设置开放端口 EXPOSE 80 #执行命令 CMD ["nginx"] [root@bogon docker]# vim index.html <h1>This is ngnix<h1> [root@bogon docker]# docker build -t zhouhao/nginx /root/docker/ 查看镜像 [root@bogon docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE zhouhao/nginx latest a8ddb97e410c About an hour ago 429 MB <none> <none> 6ebd2e131385 About an hour ago 429 MB liyongli/my_nginx v1 e6cdb103b333 30 hours ago 408 MB liyongli/my_nginx latest 66ff70d8a103 30 hours ago 408 MB docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB docker.io/nginx latest c82521676580 5 weeks ago 109 MB docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB 运行下制作出来的nginx镜像 [root@bogon docker]# docker run -it -d --name mnginx zhouhao/nginx 9b6d3bd599df08588ec0d77c2596932c28baaf47a9538e627f6a2e42bbcd264b 查看下容器的详细信息 [root@bogon docker]# docker inspect mnginx 。。。。。。。。。。。。。。。 "EndpointID": "14e1914c63a667e098e17ae03a2613c5df0620efceb09bf58706da89ffdeea8a", "Gateway": "172.18.42.1", "IPAddress": "172.18.42.2", "IPPrefixLen": 24, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:2a:02" } } } } ] 访问测试下： [root@bogon docker]# curl 172.18.42.2 <h1>This is ngnix<h1> 7.docker私有仓库： 生成一个认证文件 [root@localhost opt]# mkdir auth [root@localhost opt]# cd auth/ [root@localhost auth]# cd ../ [root@localhost opt]# docker run --entrypoint htpasswd registry:2 -Bbn zhouhao 123456 > auth/htpasswd [root@localhost opt]# cat auth/htpasswd zhouhao:$2y$05$GZ3y3GPCmp6anequ4TYh2OrJGmrnMBOmInuR1JrrxIDHf0E6myVqG 搭建仓库： [root@localhost opt]# docker run -d -p 6000:5000 --restart=always --name registry1 -v pwd/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry 查看下仓库是否在运行： [root@localhost opt]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 559c4b6283b0 registry "/entrypoint.sh /e..." 23 minutes ago Up 22 minutes 0.0.0.0:6000->5000/tcp registry1 将镜像上传的仓库中 #先要登录 [root@localhost opt]# docker login 127.0.0.1:6000 Username: zhouhao Password: Login Succeeded #登录成功后才能上传： #打个标签 [root@localhost opt]# docker tag a8ddb97e410c 127.0.0.1:6000/zhouhao/nginx #a8ddb97e410c：镜像的ID号 #上传 [root@localhost opt]# docker push 127.0.0.1:6000/zhouhao/nginx 验证： #先删除上传的镜像 [root@localhost opt]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 127.0.0.1:6000/zhouhao/nginx latest a8ddb97e410c 26 hours ago 429 MB zhouhao/nginx latest a8ddb97e410c 26 hours ago 429 MB <none> <none> 6ebd2e131385 26 hours ago 429 MB liyongli/my_nginx v1 e6cdb103b333 2 days ago 408 MB liyongli/my_nginx latest 66ff70d8a103 2 days ago 408 MB docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB docker.io/nginx latest c82521676580 5 weeks ago 109 MB docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB [root@localhost opt]# docker rmi -f a8ddb97e410c a8ddb97e410c Untagged: 127.0.0.1:6000/zhouhao/nginx:latest Untagged: 127.0.0.1:6000/zhouhao/nginx@sha256:2a1cad070e6076f26211cf421f4e602535ad2c1c9178356e5849da79f9bb9cfd Untagged: zhouhao/nginx:latest Deleted: sha256:a8ddb97e410ca1aa9e1a5302fcbc759da4c23175b11fe1837ccda1cc633d40f3 Deleted: sha256:f2e0a6f60b465336517be0b0a2698d208fa09162b4f3e6777efe271b4180cc72 Deleted: sha256:55525487441930ca00294e416a5ead6982b6e3e10b8c79132fe8a1cdc354fbba Deleted: sha256:66e4a5bd55c9378bdf4ceae514f37d581e416df74853808cbf9a45b7018aafcd Deleted: sha256:186e9eb4fe8f6df36b525a2dbe1e1141c3e2eec3a908543a685e13e6c9096b6e Deleted: sha256:2da5317e2754c6af07a8ef8ab0bae487032abb5f204da8358cbfca4a6d9fddb1 Error response from daemon: No such image: a8ddb97e410c:latest [root@localhost opt]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> 6ebd2e131385 26 hours ago 429 MB liyongli/my_nginx v1 e6cdb103b333 2 days ago 408 MB liyongli/my_nginx latest 66ff70d8a103 2 days ago 408 MB docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB docker.io/nginx latest c82521676580 5 weeks ago 109 MB docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB

#将仓库中的镜像下载下来： [root@localhost opt]# docker pull 127.0.0.1:6000/zhouhao/nginx Using default tag: latest Trying to pull repository 127.0.0.1:6000/zhouhao/nginx ... latest: Pulling from 127.0.0.1:6000/zhouhao/nginx 256b176beaff: Already exists 77b0a013ec06: Already exists f9b1980a6dd6: Already exists a5a9ce092668: Already exists a24ee7e77c51: Already exists Digest: sha256:2a1cad070e6076f26211cf421f4e602535ad2c1c9178356e5849da79f9bb9cfd Status: Downloaded newer image for 127.0.0.1:6000/zhouhao/nginx:latest [root@localhost opt]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 127.0.0.1:6000/zhouhao/nginx latest a8ddb97e410c 26 hours ago 429 MB <none> <none> 6ebd2e131385 26 hours ago 429 MB liyongli/my_nginx v1 e6cdb103b333 2 days ago 408 MB liyongli/my_nginx latest 66ff70d8a103 2 days ago 408 MB docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB docker.io/nginx latest c82521676580 5 weeks ago 109 MB docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB 注意：其他docker主要要下载的话，docker要映射443端口 8Docker容器编排： #先安装epel源： [root@localhost ~]# yum install -y epel-release #安装pip： [root@localhost ~]# yum install -y python-pip #安装编排工具 [root@localhost ~]# pip install docker-compose #编辑docker-compose.yml文件 [root@localhost compose]# vim docker-compose.yml web1: image: nginx expose: - 80 web2: image: expose: - 80 haproxy: image: haproxy volumes: - /opt/haproxy.cfg:/use/local/etc/haproxy/haproxy.cfg links: - web1 - web2 ports: - "7777:1080" - "80:80" #运行 [root@localhost compose]# docker-compose up 9.docker运行MySQL 1.下载mysql镜像： docker pull mysql 2.运行mysql镜像：×××部分设置默认密码，必须设置否则会报错 docker run -it -d --name mysqlserver -e MYSQL_ROOT_PASSWORD=123456 -p 192.168.200.200:3306:3306 mysql 3.进入容器内重新授权用户密码，否则主机登录不上： [root@bogon ~]# docker exec -it mysqlserver /bin/bash root@d9aab9384ca6:/# mysql -uroot -p123456 mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456'; mysql> flush privileges; 4.主机登录验证： [root@bogon ~]# mysql -uroot -p123456 -h 192.168.200.200 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 15 Server version: 8.0.12 MySQL Community Server - GPL

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]>

[root@bogon ~]# yum install -y openvswitch [root@bogon ~]# yum install -y bridge-utils [root@bogon ~]# systemctl start openvswitch [root@bogon ~]# systemctl status openvswitch ● openvswitch.service - Open vSwitch Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled) Active: active (exited) since 二 2018-09-04 14:00:50 CST; 38s ago Process: 3330 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 3330 (code=exited, status=0/SUCCESS)

9月 04 14:00:50 bogon systemd[1]: Starting Open vSwitch... 9月 04 14:00:50 bogon systemd[1]: Started Open vSwitch.

[root@bogon ~]# ovs-vsctl add-br br0 [root@bogon ~]# ovs-vsctl add-port br0 gre1 -- set interface gre1 type=gre option:remove_ip=192.168.200.200 [root@bogon ~]# brctl addif docker0 br0 [root@bogon ~]# ip link set dev br0 up [root@bogon ~]# ip link set dev docker0 up [root@bogon ~]# iptables -F [root@bogon ~]# ip route add 172.18.0.0/16 dev docker0