1.容器
1.1什么是容器
容器是在隔离的环境中运行一个进程。
这个隔离的环境有自己的系统目录文件,有自己的ip地址,主机名等
容器是一种轻量级的虚拟化技术。
1.2容器的好处
1.容器能提供接近宿主机的性能,因为共用宿主机的内核。KVM由于需要模拟CPU,硬件资源,所以会会消耗部分资源。
2.同样硬件配置,宿主机最多启动10个虚拟机,但可以启动100+个容器。
3.启动KVM虚拟机,要完成整个Linux开机启动流程。启动容器不要要,直接启动服务,中间流程全部精简,只需要一秒钟就能启动。
4.KVM需要硬件CPU的支持,容器不需要。
5.KVM虚拟机每个有独立的操作系统,容器共用操作系统,共用内核。
linux开机启动流程:
bios开机硬件自检
根据bios设置的优先启动项
读取mbr引导
加载内核
启动第一个进程/sbin/init
执行系统初始化脚本/etc/rc.d/rc.sysinit完成系统初始化
运行想要的服务sshd
1.3容器的发展史
1)chroot技术
chroot,即change root directory(更改root目录),在linux操作系统中,系统默认以‘/’为根目录。
使用chroot后,系统的目录结构将会以指定的位置作为根目录。
2)lxc容器
全称:linux container,通过namespace命名空间实现资源隔离,cgroups实现资源的限制,提供类似虚拟机的体验。
3)docker容器
早期的docker容器底层就是调用lxc,后期才换成了libcontainer。
2 docker容器
2.1docker容器
Docker是通过内核虚拟化技术(namespace及cgroups)实现资源的隔离与资源限制。
由于Docker通过操作系统层的虚拟化实现隔离,对操作系统内核有要求,所以Docker容器运行时,不需要类似KVM额外的系统开销,因而比KVM虚拟机更轻量。
2.2docker理念
docker主要目标是"Build,Ship and Run any App,Angwhere",构建,运输,处处运行
构建:制作docker镜像,打包容器的所有系统目录文件
运输:下载docker镜像
运行:基于docker镜像提供的rootfs,启动容器
总结:只要能运行docker容器,那么docker镜像中已经安装好的软件也可以运行,所以说docker是一种软件的打包技术。
2.3docker优点
1:解决了操作系统和软件运行环境的依赖
nginx openssl
git openssl
2:对于开发人员来说,再也不用担心不会部署开发环境
3:开发环境,测试环境和生产环境高度一致。
4:让用户体验产品新特性的又一种思路。
2.4docker安装与启动
需要3.10的内核
[root@m03 ~]# cat /etc/centos-release
CentOS Linux release 7.4.1708 (Core)
[root@m03 ~]# uname -r
3.10.0-693.el7.x86_64
[root@m03 ~]#
安装
yum install -y docker-io
启动docker
systemctl start docker
systemctl enable docker
查看状态
[root@m03 cgroup]# systemctl sta
start status
[root@m03 cgroup]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2019-08-27 11:15:12 CST; 1h 50min ago
Docs: http://docs.docker.com
Main PID: 1775 (dockerd-current)
CGroup: /system.slice/docker.service
├─1775 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-cur...
└─1781 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-cont...
Aug 27 11:15:11 m03 dockerd-current[1775]: time="2019-08-27T11:15:11.804737630+08:00" level=warning ...tem"
Aug 27 11:15:11 m03 dockerd-current[1775]: time="2019-08-27T11:15:11.845641952+08:00" level=info msg...nds"
Aug 27 11:15:11 m03 dockerd-current[1775]: time="2019-08-27T11:15:11.846422068+08:00" level=info msg...rt."
Aug 27 11:15:11 m03 dockerd-current[1775]: time="2019-08-27T11:15:11.945520598+08:00" level=info msg...lse"
Aug 27 11:15:12 m03 dockerd-current[1775]: time="2019-08-27T11:15:12.090572937+08:00" level=info msg...ess"
Aug 27 11:15:12 m03 dockerd-current[1775]: time="2019-08-27T11:15:12.158684880+08:00" level=info msg...ne."
Aug 27 11:15:12 m03 dockerd-current[1775]: time="2019-08-27T11:15:12.171561097+08:00" level=info msg...ion"
Aug 27 11:15:12 m03 dockerd-current[1775]: time="2019-08-27T11:15:12.171604104+08:00" level=info msg...13.1
Aug 27 11:15:12 m03 systemd[1]: Started Docker Application Container Engine.
Aug 27 11:15:12 m03 dockerd-current[1775]: time="2019-08-27T11:15:12.183700012+08:00" level=info msg...ock"
Hint: Some lines were ellipsized, use -l to show in full.
2.5docker的架构
docker最重要的三大组件:
镜像,容器,仓库
docker是一个cs架构:
通过docker version来查看
[root@m03 yum.repos.d]# docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7f2769b/1.13.1
Built: Mon Aug 5 15:09:42 2019
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7f2769b/1.13.1
Built: Mon Aug 5 15:09:42 2019
OS/Arch: linux/amd64
Experimental: false
2.6启动第一个Docker容器
配置docker镜像加速
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
systemctl restart docker
docker容器是一种软件的打包技术,接下来我们体验一下
传统编译安装nginx:
官网下载Nginx源码包wget
tar解压源码包
创建Nginx用户
安装依赖包
编译安装三部曲configure,make,make install
修改nginx配置文件
启动nginx
docker容器
docker run -d -p 80:80 nginx
run (创建并运行一个容器)
-d 放在后台
-p 端口映射
nginx docker镜像的名字
2.7docker镜像管理
2.7.1搜索镜像
[root@m03 ~]# docker search httpd
选镜像的建议:
1,优先考虑官方
2,starts数量多
[root@m03 ~]# docker search httpd
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/httpd The Apache HTTP Server Project 2614 [OK]
docker.io docker.io/centos/httpd 24 [OK]
docker.io docker.io/centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or b... 22
docker.io docker.io/arm32v7/httpd The Apache HTTP Server Project 8
docker.io docker.io/armhf/httpd The Apache HTTP Server Project 8
docker.io docker.io/salim1983hoop/httpd24 Dockerfile running apache config 2 [OK]
docker.io docker.io/lead4good/httpd-fpm httpd server which connects via fcgi proxy... 1 [OK]
docker.io docker.io/rgielen/httpd-image-simple Docker image for simple Apache httpd based... 1 [OK]
docker.io docker.io/alvistack/httpd Docker Image Packaging for Apache 0 [OK]
docker.io docker.io/amd64/httpd The Apache HTTP Server Project 0
docker.io docker.io/appertly/httpd Customized Apache HTTPD that uses a PHP-FP... 0 [OK]
docker.io docker.io/buzzardev/httpd Based on the official httpd image 0 [OK]
docker.io docker.io/dockerpinata/httpd 0
docker.io docker.io/interlutions/httpd httpd docker image with debian-based confi... 0 [OK]
docker.io docker.io/itsziget/httpd24 Extended HTTPD Docker image based on the o... 0 [OK]
docker.io docker.io/izdock/httpd Production ready Apache HTTPD Web Server +... 0
docker.io docker.io/manageiq/httpd Container with httpd, built on CentOS for ... 0 [OK]
docker.io docker.io/manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK]
docker.io docker.io/manasip/httpd 0
docker.io docker.io/ppc64le/httpd The Apache HTTP Server Project 0
docker.io docker.io/publici/httpd httpd:latest 0 [OK]
docker.io docker.io/solsson/httpd-openidc mod_auth_openidc on official httpd image, ... 0 [OK]
docker.io docker.io/trollin/httpd 0
docker.io docker.io/tugboatqa/httpd The Apache HTTP Server Project 0
docker.io docker.io/waja/httpdiff Docker image for httpdiff: https://github.... 0 [OK]
2.7.2获取镜像
获取镜像:
docker pull(push)
镜像加速器:阿里云加速器,daocloud加速器,中科大加速器,Docker 中国官方镜像加速:https://registry.docker-cn.com
docker pull centos:6.8(没有指定版本,默认会下载最新版)
docker pull daocloud.io/huangzhichong/alpine-cn:latest (私有仓库下载)
扩展:查询docker镜像所有版本https://hub.docker.com/r/library/
2.7.3docker镜像其他操作
查看镜像
docker images
删除镜像
docker rmi 例子:docker image rm centos:latest
导出镜像
docker save 例子:docker image save centos > docker-centos7.4.tar.gz
导入镜像
docker load 例子:docker image load -i docker-centos7.4.tar.gz
查看镜像
[root@m03 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/httpd 2.4 7d85cc3b2d80 5 days ago 154 MB
docker.io/centos latest 67fa590cfc1c 6 days ago 202 MB
docker.io/nginx latest 5a3221f0137b 11 days ago 126 MB
docker.io/centos 6.8 82f3b5f3c58f 5 months ago 195 MB
docker.io/centos/httpd latest 2cc07fbb5000 8 months ago 258 MB
一台服务器不能联网,怎样导入docker镜像
m03服务器上导出镜像
[root@m03 ~]# docker image save httpd:2.4 >docker-httpd-2.4.tar.gz
[root@m03 ~]# ll
total 155296
-rw-------. 1 root root 1813 Mar 19 17:42 anaconda-ks.cfg
-rw-r--r-- 1 root root 159015936 Aug 27 13:58 docker-httpd-2.4.tar.gz
[root@m03 ~]# scp -r docker-httpd-2.4.tar.gz 10.0.0.62:/
The authenticity of host '10.0.0.62 (10.0.0.62)' cant be established.
ECDSA key fingerprint is SHA256:Ka9BMYk6kC3Do+tYMLHVaNYdiKe8It208D+ctt/mBJE.
ECDSA key fingerprint is MD5:bb:ce:ec:f9:ce:e3:25:51:84:83:a8:29:b0:68:59:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.62' (ECDSA) to the list of known hosts.
root@10.0.0.62s password:
docker-httpd-2.4.tar.gz 100% 152MB 54.0MB/s 00:02
[root@m03 ~]#
m02服务器上导入镜像
[root@m02 /]# systemctl start docker
[root@m02 /]# docker image load -i docker-httpd-2.4.tar.gz
1c95c77433e8: Loading layer 72.47 MB/72.47 MB
5bcb93651a74: Loading layer 2.56 kB/2.56 kB
8b16516271d6: Loading layer 36.7 MB/36.7 MB
7a0960d9b679: Loading layer 49.8 MB/49.8 MB
9e0ab3afff15: Loading layer 3.584 kB/3.584 kB
Loaded image: httpd:2.4
[root@m02 /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4 7d85cc3b2d80 5 days ago 154 MB
删除镜像,根据IMAGE ID删除。
[root@m02 /]# docker image rm 7d85cc3b2d80
Untagged: httpd:2.4
Deleted: sha256:7d85cc3b2d8064182718e70ca9f9601a309bb7499db680e15c3231a0b350a42e
Deleted: sha256:51d45e63b0d614f0c5f29a1d084c5e5de7172d29759779d1a4be4a6a23fe8146
Deleted: sha256:fcf8e3874f532184a2e2921b08a19fff19be0a5780ae880b5767de241fe8ab8f
Deleted: sha256:6b6b51bc4f21f666d01bf39241b7a3a80bd9eb292441a56a3e6be64f3c159fad
Deleted: sha256:d2b23cec91935d11520968e82edc529aa4cfb39a795178cd7e0a7dd117878005
Deleted: sha256:1c95c77433e8d7bf0f519c9d8c9ca967e2603f0defbf379130d9a841cca2e28e
2.8docker容器管理
2.8.1运行一个容器
docker run -d -p 80:80 nginx:latest
run (创建并运行一个容器)
-d 放在后台
-p 端口映射
nginx:latest docker镜像的名字和版本
还有很多其他的参数
docker run == docker create + docker start
[root@m03 cgroup]# docker run -d -p 80:80 nginx:latest
37df2d9d0f79bc5b5d4673fbdbb7952a1525478582b29f31e2e0036977649757
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37df2d9d0f79 nginx:latest "nginx -g 'daemon ..." 5 seconds ago Up 5 seconds 0.0.0.0:80->80/tcp quizzical_wing
[root@m03 cgroup]#
2.8.2其他命令
停止容器
docker stop CONTAINER_ID
杀死容器
docker kill container_name
查看容器列表
docker ps
docker ps –a
删除容器
docker rm
批量删除容器
docker rm -f `docker ps -a -q`
-- docker stop
[root@m03 cgroup]# docker stop 37df2d9d0f79
37df2d9d0f79
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37df2d9d0f79 nginx:latest "nginx -g 'daemon ..." 2 minutes ago Exited (0) 10 seconds ago quizzical_wing
-- docker start
[root@m03 cgroup]# docker start 37df2d9d0f79
37df2d9d0f79
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37df2d9d0f79 nginx:latest "nginx -g 'daemon ..." 2 minutes ago Up 20 seconds 0.0.0.0:80->80/tcp quizzical_wing
--docker kill
[root@m03 cgroup]# docker kill 37df2d9d0f79
37df2d9d0f79
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37df2d9d0f79 nginx:latest "nginx -g 'daemon ..." 3 minutes ago Exited (137) 2 seconds ago quizzical_wing
-- docker rm
[root@m03 cgroup]# docker rm 37df2d9d0f79
37df2d9d0f79
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@m03 cgroup]#
-- docker rm -f `docker ps -a -q`
[root@m03 cgroup]# docker run -d -p 80:80 nginx
bf5d45c04de7c35317da8d40bcb12021fa2561e234c3935411f36509d5dc0d5a
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bf5d45c04de7 nginx "nginx -g 'daemon ..." 5 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp goofy_lalande
[root@m03 cgroup]# docker rm -f `docker ps -a -q`
bf5d45c04de7
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@m03 cgroup]#
2.8.3Docker run
docker run -it --name centos6 centos:6.8 /bin/bash
## 退出容器后,容器就停止了,状态为Exited
-it 分配交互式的终端
--name 指定容器的名字
/bin/sh 覆盖容器的初始命令
--cpus 指定cpu的数量
--memory 限定内存的大小
-h 指定容器的主机名
[root@m03 cgroup]# docker run -it --name my_centos centos /bin/bash
[root@7a186083a51d /]# ifconfig
bash: ifconfig: command not found
[root@7a186083a51d /]# ipaddr
bash: ipaddr: command not found
[root@7a186083a51d /]# ip addr
bash: ip: command not found
[root@7a186083a51d /]# hostname
7a186083a51d
[root@7a186083a51d /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@7a186083a51d /]# exit
exit
## 退出容器后,容器就停止了,状态为Exited
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a186083a51d centos "/bin/bash" 46 seconds ago Exited (0) 4 seconds ago my_centos
[root@m03 cgroup]#
2.8.4docker进入容器
进入容器的目的:排错,调试
进入容器的方法:
docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
例子:
docker exec -it 容器id或容器名字 /bin/bash
推荐该方法,exit退出容器后,容器状态不会改变
docker attach [OPTIONS] CONTAINER
例子:
docker attach 容器id或容器名字
不推荐使用,exit退出容器后,容器就停止了
nsenter(安装yum install -y util-linux 弃用)
-- docker exec -it
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a186083a51d centos "/bin/bash" 46 seconds ago Exited (0) 4 seconds ago my_centos
[root@m03 cgroup]# docker start 7a186083a51d
7a186083a51d
[root@m03 cgroup]# docker exec -it 7a186083a51d
"docker exec" requires at least 2 argument(s).
See 'docker exec --help'.
Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
Run a command in a running container
[root@m03 cgroup]# docker exec -it 7a186083a51d /bin/bash
[root@7a186083a51d /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@7a186083a51d /]# ifconfig
bash: ifconfig: command not found
[root@7a186083a51d /]# exit
exit
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a186083a51d centos "/bin/bash" 12 minutes ago Up 35 seconds my_centos
[root@m03 cgroup]#
-- docker attach
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a186083a51d centos "/bin/bash" 15 minutes ago Up 3 minutes my_centos
[root@m03 cgroup]# docker attach 7a186083a51d
[root@7a186083a51d /]# exit
exit
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a186083a51d centos "/bin/bash" 16 minutes ago Exited (0) 6 seconds ago my_centos
[root@m03 cgroup]#
2.8.5docker容器的核心理念
docker的本质是:在隔离的环境运行的一个进程
所以:docker容器内的第一个进程必须一直处于前台运行的状态(必须夯住),否则这个容器,就会处于退出状态!
nginx -g 'daemon off'由于创建一个nginx容器,会在容器中运行nginx -g 'daemon off命令,该命令会一直在容器中运行,所以创建后,容器是Up状态
[root@m03 cgroup]# docker run -d nginx
306c620d3736be79b1b4bcd9e00c987b11cf338ba107eb5eab11a6667273754f
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
306c620d3736 nginx "nginx -g 'daemon off" 4 seconds ago Up 4 seconds 80/tcp xenodochial_hawking
创建centos容器,会在容器内部运行/bin/bash命令,不会一直在容器中的前台运行,所以创建容器后,容器处于Exit状态。
[root@m03 cgroup]# docker run -d centos
4c71e36149c8b8900d8e1e29e70f7a51a454a4f249b66e095cb2d686e54755fd
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4c71e36149c8 centos "/bin/bash" 4 seconds ago Exited (0) 3 seconds ago cranky_bohr
306c620d3736 nginx "nginx -g 'daemon ..." 15 seconds ago Up 14 seconds 80/tcp xenodochial_hawking
可以自己设置一个一直处于运行的命令,tail -F 不管后面的文件是否存在,都不会报错。这样创建的容器也是处于Up状态
[root@m03 cgroup]# docker run -d centos tail -F /var/log/messages
a24f4f2131aed27d81d038bbdaadd335cf9040535c667e6329adf05bd89c4a62
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a24f4f2131ae centos "tail -F /var/log/..." 5 seconds ago Up 4 seconds kickass_mayer
4c71e36149c8 centos "/bin/bash" 43 seconds ago Exited (0) 41 seconds ago cranky_bohr
306c620d3736 nginx "nginx -g 'daemon ..." 54 seconds ago Up 53 seconds 80/tcp xenodochial_hawking
[root@m03 cgroup]#
2.9docker容器的网络访问
2.9.1端口映射
运行容器为什么要使用端口映射?
默认,情况下,容器使用的ip是172.17.0.0/16网段的,外界的用户只能访问宿主机的10.0.0.0/24网段,无法访问172.17.0.0/16网段。
我们运行容器的目的:是希望运行在容器中的服务,能够被外界访问,这里就涉及到了外网10.0.0.0/24到容器内网172.17.0.0/16网段的转换,所以需要做端口映射。
-p hostPort:containerPort
[root@m03 cgroup]# docker ps -a -q
[root@m03 cgroup]# docker run -d -p 80:80 nginx
188958c08e0dc4055c8f7d86c226bc0f9b6f825fb2304715af7e2709bfec1810
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
188958c08e0d nginx "nginx -g 'daemon ..." 5 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp eager_colden
-- 自动添加iptables规则
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
[root@m03 cgroup]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:80
--查看容器信息
[root@m03 cgroup]# docker container inspect 188958c08e0d
[
{
"Id": "188958c08e0dc4055c8f7d86c226bc0f9b6f825fb2304715af7e2709bfec1810",
"Created": "2019-08-27T07:26:32.841177491Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 5901,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-08-27T07:26:33.010641251Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:5a3221f0137beb960c34b9cf4455424b6210160fd618c5e79401a07d6e5a2ced",
"ResolvConfPath": "/var/lib/docker/containers/188958c08e0dc4055c8f7d86c226bc0f9b6f825fb2304715af7e2709bfec1810/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/188958c08e0dc4055c8f7d86c226bc0f9b6f825fb2304715af7e2709bfec1810/hostname",
"HostsPath": "/var/lib/docker/containers/188958c08e0dc4055c8f7d86c226bc0f9b6f825fb2304715af7e2709bfec1810/hosts",
"LogPath": "",
"Name": "/eager_colden",
"RestartCount": 0,
"Driver": "overlay2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "docker-runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "overlay2",
"Data": {
"LowerDir": "/var/lib/docker/overlay2/13e745a873308d509df42f30dd6e45e9f6983540d73275cc9a6dc07356fdae8d-init/diff:/var/lib/docker/overlay2/43b1a03284cf713dde01a409ee94e34dd4063bd65771108f47a32d4f1f0dc4a0/diff:/var/lib/docker/overlay2/26cc92d5f67e41b39fe1041a37ef4541e3b9e9f777c6e5587651e0e2a9d97a2c/diff:/var/lib/docker/overlay2/638ccce05954d221feececeff185decd98c16cad615ed56117078f92c8deb7b0/diff",
"MergedDir": "/var/lib/docker/overlay2/13e745a873308d509df42f30dd6e45e9f6983540d73275cc9a6dc07356fdae8d/merged",
"UpperDir": "/var/lib/docker/overlay2/13e745a873308d509df42f30dd6e45e9f6983540d73275cc9a6dc07356fdae8d/diff",
"WorkDir": "/var/lib/docker/overlay2/13e745a873308d509df42f30dd6e45e9f6983540d73275cc9a6dc07356fdae8d/work"
}
},
"Mounts": [],
"Config": {
"Hostname": "188958c08e0d",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.17.3",
"NJS_VERSION=0.3.5",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"ArgsEscaped": true,
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGTERM"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "e9f1b8b31d8609b92479c5bc64d2c539d9289d4a5c299624ae3086e25f5611a4",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
}
]
},
"SandboxKey": "/var/run/docker/netns/e9f1b8b31d86",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "03d54b2dee1683609c98b095580b24d9d48a47101ca5570fe1c8e2fddaab27c5",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "b4e25627913f0b002b9bf37077d83ee75381ebc2d36b8b05a2ae7701db67b0ee",
"EndpointID": "03d54b2dee1683609c98b095580b24d9d48a47101ca5570fe1c8e2fddaab27c5",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
2.9.2docker运行容器端口映射的方法
指定映射(docker 自动添加一条iptables规则实现端口映射)
-p hostPort:containerPort
-p ip:hostPort:containerPort
-p ip::containerPort(随机端口)
-p hostPort:containerPort:udp
-p 81:80 -p 443:443 可以指定多个-p
随机映射
docker run -P (随机端口)
-p hostPort:containerPort
-- 宿主机的8080端口映射到容器的80端口
[root@m03 cgroup]# docker run -d -p 8080:80 nginx
a7492f5524975b611a8f6cd9f9113e7886d90b4d2e7daa513d01e8f583d74805
-- -p ip:hostPort:containerPort
--宿主机的多个IP映射
[root@m03 cgroup]# ifconfig eth0:1 10.0.0.111/24 up
-- 在m02上测试ip是否通
[root@m02 /]# ping 10.0.0.111
PING 10.0.0.111 (10.0.0.111) 56(84) bytes of data.
64 bytes from 10.0.0.111: icmp_seq=1 ttl=64 time=0.896 ms
64 bytes from 10.0.0.111: icmp_seq=2 ttl=64 time=0.491 ms
^C
--- 10.0.0.111 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1004ms
rtt min/avg/max/mdev = 0.491/0.693/0.896/0.204 ms
[root@m02 /]#
[root@m03 cgroup]# docker run -d -p 10.0.0.111:82:80 nginx:latest
ddbc8ae2170dfd64ef65d7d63f6f522756ab06bafdc30b09c72af22262366a1e
[root@m03 cgroup]# docker run -d -p 10.0.0.63:82:80 nginx:latest
cd4d9a6080667636941068be22de132a97d084fb09ed476208d8e31371badd0b
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cd4d9a608066 nginx:latest "nginx -g 'daemon ..." 3 seconds ago Up 2 seconds 10.0.0.63:82->80/tcp sad_wright
ddbc8ae2170d nginx:latest "nginx -g 'daemon ..." 7 seconds ago Up 6 seconds 10.0.0.111:82->80/tcp wizardly_pasteur
[root@m03 cgroup]#
-- -p ip::containerPort(随机端口)
[root@m03 cgroup]# docker run -d -p 10.0.0.111::80 nginx:latest
68eb270e308b7f31b7bffcd51f208d5c6c0677d20b0d452d996d200b472f9766
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
68eb270e308b nginx:latest "nginx -g 'daemon ..." 4 seconds ago Up 3 seconds 10.0.0.111:32770->80/tcp angry_fermi
[root@m03 cgroup]#
--docker run -P (随机端口)
[root@m03 cgroup]# docker run -d -P nginx
b0d676c41a9f5859b5191cbde53b43196dc2443235709d16cb7775edb2e21f18
[root@m03 cgroup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0d676c41a9f nginx "nginx -g 'daemon ..." 4 seconds ago Up 3 seconds 0.0.0.0:32769->80/tcp nifty_kilby
b07ae7c044c9 nginx "nginx -g 'daemon ..." 11 seconds ago Exited (0) 8 seconds ago vibrant_kalam
[root@m03 cgroup]#
2.9.3 上网原理
上网功能需要开启内核转发功能
这里docker会自动开启
[root@m03 cgroup]# sysctl -a|grep ip_forward
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
net.ipv4.ip_forward = 1
2.10数据卷存储
2.10.1数据卷命令
数据卷的作用:
1:持久化容器运行过程中产生的数据文件
2:实现多个容器间的文件共享。
正常情况下,删除容器,容器中所有的文件也会被删除。
创建一个数据卷
docker volume create
查看数据卷列表
docker volume ls
删除一个数据卷
docker volume rm
查看一个数据卷的属性
docker volume inspect
2.10.2数据卷应用
docker volume create my_volume
docker run -d -p 80:80 -v my_volume:/usr/share/nginx/html nginx:latest
cd /var/lib/docker/volumes/my_volume/_data/
rm -f *
wget https://www.qstack.com.cn/xiaoniaofeifei.zip
unzip xiaoniaofeifei.zip
docker run -d -p 81:80 -v my_volume:/usr/share/nginx/html nginx:latest
docker run -d -p 82:80 --volumes-from 51fa89744927 nginx:latest
查看数据卷
[root@m03 cgroup]# docker volume ls
DRIVER VOLUME NAME
创建数据卷
[root@m03 cgroup]# docker volume create my_volume
my_volume
[root@m03 cgroup]# docker volume ls
DRIVER VOLUME NAME
local my_volume
使用数据卷
[root@m03 cgroup]# docker run -d -p 80:80 -v my_volume:/usr/share/nginx/html nginx:latest
e8e2765fafcdcb5c4f4ce3a45a599f0983538ff6be169265b2533b0cfe82ab10
查看
[root@m03 cgroup]# cd /var/lib/docker/volumes/my_volume/
[root@m03 my_volume]# ll
total 0
drwxr-xr-x 2 root root 40 Aug 27 16:01 _data
[root@m03 my_volume]# cd _data/
[root@m03 _data]# ll
total 8
-rw-r--r-- 1 root root 494 Aug 13 16:50 50x.html
-rw-r--r-- 1 root root 612 Aug 13 16:50 index.html
[root@m03 _data]# pwd
/var/lib/docker/volumes/my_volume/_data
[root@m03 _data]#
删除容器,文件仍然存在
[root@m03 _data]# docker rm -f e8e2765fafcd
e8e2765fafcd
[root@m03 _data]# ll
total 8
-rw-r--r-- 1 root root 494 Aug 13 16:50 50x.html
-rw-r--r-- 1 root root 612 Aug 13 16:50 index.html
修改卷中的内容
[root@m03 _data]# echo "hello" > index.html
重新启动一个容器,使用改卷
[root@m03 _data]# docker run -d -p 8080:80 -v my_volume:/usr/share/nginx/html nginx
51fa89744927eb6189dace47e2891f48df0f711a4e0d68519d89759a1144970a
进入容器中,查看/usr/share/nginx/html中内容与宿主机my_volume卷对应的内容相同
[root@m03 _data]# docker exec -it 51fa89744927 /bin/bash
root@51fa89744927:/# cd /usr/
bin/ games/ include/ lib/ local/ sbin/ share/ src/
root@51fa89744927:/# cd /usr/share/nginx/html/
root@51fa89744927:/usr/share/nginx/html# ls
50x.html index.html
root@51fa89744927:/usr/share/nginx/html# exit
exit
[root@m03 _data]# ll
total 8
-rw-r--r-- 1 root root 494 Aug 13 16:50 50x.html
-rw-r--r-- 1 root root 6 Aug 27 16:10 index.html
--volumes-from
[root@m03 _data]# docker run -d -p 82:80 --volumes-from 51fa89744927 nginx:latest
7a6b9d7900b0eb36c46da4100153877430d8c0df751bfd6c1c8581dda331d64a
[root@m03 _data]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a6b9d7900b0 nginx:latest "nginx -g 'daemon ..." 7 seconds ago Up 6 seconds 0.0.0.0:82->80/tcp frosty_blackwell
51fa89744927 nginx "nginx -g 'daemon ..." 9 minutes ago Up 9 minutes 0.0.0.0:8080->80/tcp hungry_visvesvaraya
[root@m03 _data]#
2.10.3宿主机的目录挂载到容器中
[root@m03 opt]# mkdir my_dir
[root@m03 opt]# cd my_dir/
[root@m03 my_dir]# echo "hello my_dir" > index.html
[root@m03 my_dir]# docker run -d -p 83:80 -v /opt/my_dir:/usr/share/nginx/html/ nginx:latest
1c063420213127426bb0323cca6efb6f0e7f45e213ed342cc169e2bd98c57855
[root@m03 my_dir]#
