docker容器官网:https://hub.docker.com/
一、centos7.4中指定安装docker版本
1)默认yum源安装的docker版本为docker1.3。性能偏低,不支持k8s。k8s目前只支持docker1.7
谷歌浏览器打开。清华大学镜像网站:https://mirrors4.tuna.tsinghua.edu.cn/
找到docker的镜像源
https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/
2)复制该链接地址
cd /etc/yum.repos.d/
wget https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
注意该文件的源并不是指向清华源,所以需要修改docker-ce.repo
3)修改源
修改源。修改前面的linux的父目录
vim docker-ce.repo
原来的:baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
原来的:baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/$basearch/stable
vim命令快速修改
:%s@https://download.docker.com/@https://mirrors.tuna.tsinghua.edu.cn/docker-ce/@
回车之后。24 次替换,共 24 行
4)yum安装
[root@Mysql yum.repos.d]# yum repolist
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.shu.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.cn99.com
源标识 源名称 状态
base/7/x86_64 CentOS-7 - Base 10,019
docker-ce-stable/x86_64 Docker CE Stable - x86_64 32
extras/7/x86_64 CentOS-7 - Extras 364
updates/7/x86_64 CentOS-7 - Updates 1,067
repolist: 11,482
[root@Mysql yum.repos.d]# yum install docker-ce -y
View Code
[root@Mysql yum.repos.d]# docker -v
Docker version 18.09.2, build 6247962
5)创建配置文件
[root@Mysql yum.repos.d]# mkdir -p /etc/docker
[root@Mysql yum.repos.d]# touch /etc/docker/daemon.json
[root@Mysql yum.repos.d]# vim /etc/docker/daemon.json
[root@Mysql yum.repos.d]# cat /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"]
}
6)docker加速器
docker cn
阿里云加速器
中国科技大学
二、docker基础
1)启动docker
systemctl start docker.service 启动服务
docker version 查看版本
docker info 更详细的信息
2)官方寻找nginx的最小稳定镜像文件,进行容器测试
[root@Mysql ~]# docker image pull nginx:1.14-alpine
3)最小的容器测试http网络服务
docker image pull nginx:1.14-alpine # 下载最小镜像
docker pull busybox
docker image ls
docker image ls --no-trunc
docker ps == docker container ls
docker network ls 显示网络
[root@Mysql ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.14-alpine 66952fd0a8ef 2 weeks ago 16MB
busybox latest 3a093384ac30 6 weeks ago 1.2MB
[root@Mysql ~]# docker run --name b1 -it busybox:latest # 进入最小化的容器,进入shell交互
/ #
/ # mkdir /data/html -p
/ # vi /data/html/index.html
/ # cat /data/html/index.html
hello world
/ # httpd -f -h /data/html/
docker inspect b1 # 查看运行中的容器信息,包括里面的ip地址
[root@Mysql ~]# curl 172.17.0.2
hello world
4)容器内,使用exit,退出容器。容器处于停止状态
/ # exit
[root@Mysql ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@Mysql ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b3cda629bceb busybox:latest "sh" 9 minutes ago Exited (0) 7 seconds ago b1
View Code
再次启动容器:docker start -i -a b1
5)强制停止容器,删除容器
[root@Mysql ~]# docker kill b1
b1
[root@Mysql ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b3cda629bceb busybox:latest "sh" 14 minutes ago Exited (137) 10 seconds ago b1
[root@Mysql ~]# docker rm b1
b1
View Code
6)docker最小化的运行容器,且只运行一个进程,容器内并不会有存放日志的文件夹。docker logs 容器 查看日志
docker run --name web1 -d nginx:1.14-alpine # -d 后台启动
[root@Mysql ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8eeeefc3e562 nginx:1.14-alpine "nginx -g 'daemon of…" About a minute ago Up 59 seconds 80/tcp web1
[root@Mysql ~]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
docker run --name kvstor1 -d redis:4-alpine # 最小化启动redis
[root@Mysql ~]# docker exec -it kvstor1 /bin/sh
/data # ps
PID USER TIME COMMAND
1 redis 0:00 redis-server
17 root 0:00 /bin/sh
22 root 0:00 ps
[root@Mysql ~]# docker logs web1 查看web1容器的日志
172.17.0.1 - - [16/Feb/2019:17:32:49 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
View Code
7)容器的保存,删除
docker inspect web1 显示容器的信息
docker commit -p web1 暂停容器,保存镜像
[root@Mysql ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> c1d0456bb6ff About a minute ago 16MB
[root@Mysql ~]# docker tag c1d0456bb6ff test/httpd:v0.1-1 为保存的容器打标签
[root@Mysql ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
test/httpd v0.1-1 c1d0456bb6ff 3 minutes ago 16MB
[root@Mysql ~]# docker tag test/httpd:v0.1-1 test/httpd:latest 再次创建标签
[root@Mysql ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
test/httpd latest c1d0456bb6ff 5 minutes ago 16MB
test/httpd v0.1-1 c1d0456bb6ff 5 minutes ago 16MB
docker image rm test/httpd:latest 删除标签镜像
docker run --name t1 -it test/httpd:v0.1-1 运行保存的镜像
docker commit -a "1257063655@qq.com" -c 'CMD ["/bin/httpd","-f","-h","/data/html"]' -p web1 test/httpd:v0.2
View Code
8)容器的分享,打包
传镜像到docker.github
[root@Mysql ~]# docker login -u 1257063655 登录https://hub.docker.com/
Password:
docker push 1257063655/httpd # 将镜像上传到https://hub.docker.com/,需要去官网建立httpd仓库,并且1257063655/httpd 既是本地的镜像名,也是远程的仓库名
https://promotion.aliyun.com/ntms/act/kubernetes.html 阿里镜像
docker save -o myimages.gz test/httpd:v0.2 test/httpd:v0.1-1 本地打包2个镜像,合并为一个镜像
[root@Mysql ~]# ls myimages.gz
myimages.gz
docker load -i myimages.gz 另一台机器导入打包的镜像myimages.gz
View Code
三、docker网络
1)查看网络(扩展)
yum install bridge-utils -y
[root@Mysql ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02423f80d8e7 no veth2a1c29a
veth32a55df
veth90301d9
ip link show
iptables -t nat -vnL
docker network inspect bridge
docker container inspect web1
rpm -q iproute
ip netns
ip netns add r1
ip netns add r2
ip netns list
r2
r1
ip netns exec r1 ifconfig
ip netns exec r1 ifconfig -a
View Code
iptables -t nat -vnL
2)指定运行的容器的dns,主机文件
docker run --name t1 -it --network bridge -h t1.hostname --dns 114.114.114.114 --dns-search www.com --add-host web01:172.17.0.3 --rm busybox:latest
进入容器,退出则删除
homename =》t1.hostname
cat /etc/host
172.17.0.2 t1.hostname
nslookup -type=A www.baidu.com 解析路由网络
View Code
3)端口映射等问题。必须掌握
docker run --name myweb --rm -p 80 test/httpd:v0.2
宿组机随机映射一个端口给80
docker inspect myweb
该内部的通信:curl 172.17.0.2
iptables -t nat -vnL 查看被所有被随机映射的端口
docker port myweb 查看被映射的端口
更多的映射方法
docker run --name myweb --rm -p 192.168.1.5::80 test/httpd:v0.2
docker run --name myweb --rm -p 80:80 test/httpd:v0.2
docker run --name myweb --rm -p 192.168.1.5:8080:80 test/httpd:v0.2
View Code
4)容器共享网络,共用同一个ip
容器共享网络的方式,b1和b2共用一个网络。类似于同一个主机运行了2个进程
docker run --name b2 --network container:b1 -it rm busybox
docker run --name b2 --network host -it rm busybox 将宿机的网络给了容器
View Code
5) 修改docker内的网络,网卡信息
示例,
重启服务。启动的容器ip网缎为:10.0.0.1的网段的
重启服务后,
6)额外创建新的网关
docker network create -d bridge --subnet "172.26.0.0/16" --gateway "172.26.0.1" mybr0 创建自己的网络网关
docker network ls 查看创建的自己网络
docker run --name t1 -it --net mybr0 busybox:latest # 运行的容器为自己的网络
View Code
问题:同一个宿主机的2个容器在不同的网断怎么通信。
理论上可以直接通信的,防火墙规则。iptables -t nat -vnL 的阻碍
四、docker的持久化存储
1)存储卷的基本使用
第一种,docker自行选择映射路径,不建议。不好区别是谁存储的数据
docker run --name b2 -it -v /data busybox 建立存储卷,容器内的 /data下面的数据会被宿主机保存
docker inspect b2 查看容器信息
Source": "/var/lib/docker/volumes/25dd2c087543280b9569ff34356330cf72ee74863bb5a0028a08e2802852fa83/_data", 该位置内容与容器内的 data目录已做了关联
第二种,手动指定位置,即便删除容器,数据仍在
docker run --name b2 -it -v /data/volumes/b2:/data busybox
[root@Mysql ~]# docker inspect -f {{.Mounts}} b2 # 过滤查找选项
[{bind /data/volumes/b2 /data true rprivate}]
[root@Mysql ~]# docker inspect -f {{.NetworkSettings.IPAddress}} b2
172.17.0.5
多个容器,可以共享同一个存储卷
四、dockerfile语法
1)最简单的Dockerfile语法,制作镜像
[root@Mysql ~]# mkdir img1
[root@Mysql ~]# cd img1/
创建镜像文件Dockerfile文件
[root@Mysql img1]# vim Dockerfile
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
COPY index.html /data/web/html/ # 注意index.html 需要在当前目录
[root@Mysql img1]# cat index.html
<h1>Busybox httpd server</h1>
<h2>Hello world</h1>
[root@Mysql img1]# docker build -t tinyhttpd:v0.1-1 /root/img1/ # 启动镜像
[root@Mysql img1]# docker image ls |grep tinyhttpd
tinyhttpd v0.1-1 080174d7d1a9 About a minute ago 1.2MB
View Code
编辑被拷贝的index.html
[root@Mysql img1]# cat index.html
<h1>Busybox httpd server</h1>
<h2>Hello world</h1>
View Code
根据制作的镜像的启动容器,检验是否有文件
[root@Mysql img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-1 cat /data/web/html/index.html
<h1>Busybox httpd server</h1>
<h2>Hello world</h1>
View Code
2)镜像文件的修改,新增不同路径的拷贝内容
[root@Mysql img1]# cp -r /etc/yum.repos.d/ ./
[root@Mysql img1]# ls yum.repos.d/
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo docker-ce.repo
[root@Mysql img1]# vim Dockerfile
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
[root@Mysql img1]# docker build -t tinyhttpd:v0.1-2 /root/img1/
View Code
检验是否被拷贝进去
[root@Mysql img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-2 ls /etc/yum.repos.d/
CentOS-Base.repo
CentOS-CR.repo
CentOS-Debuginfo.repo
CentOS-Media.repo
CentOS-Sources.repo
CentOS-Vault.repo
CentOS-fasttrack.repo
docker-ce.repo
View Code
3)add用法
以nginx为例
3.1)ADD后面加链接地址,通过链接地址下载
复制其链接地址 http://nginx.org/download/nginx-1.15.8.tar.gz
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
ADD http://nginx.org/download/nginx-1.15.8.tar.gz /usr/local/src/
cat Dockerfile
检验add效果
docker run --name tinyweb1 --rm tinyhttpd:v0.1-3 ls /usr/local/src
View Code
3.2)ADD加本地文件,本地文件实现拷贝效果
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
# ADD http://nginx.org/download/nginx-1.15.8.tar.gz /usr/local/src/
ADD nginx-1.15.8.tar.gz /usr/local/src/
[root@Mysql img1]# docker build -t tinyhttpd:v0.1-4 ./
View Code
3.3)指明工作目录。WORKDIR
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
# ADD http://nginx.org/download/nginx-1.15.8.tar.gz /usr/local/src/
WORKDIR /usr/local/
ADD nginx-1.15.8.tar.gz ./src/
View Code
4)创建存储卷。VOLUME
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
# ADD http://nginx.org/download/nginx-1.15.8.tar.gz /usr/local/src/
WORKDIR /usr/local/
ADD nginx-1.15.8.tar.gz ./src/
VOLUME /data/mysql
View Code
5.1)暴露端口,端口仅可被宿主机访问
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
# ADD http://nginx.org/download/nginx-1.15.8.tar.gz /usr/local/src/
WORKDIR /usr/local/
ADD nginx-1.15.8.tar.gz ./src/
VOLUME /data/mysql
EXPOSE 80/tcp
EXPOSE
检验端口是否可以被外界访问
启动:
docker run --name tinyweb1 --rm tinyhttpd:v0.1-5 /bin/httpd -f -h /data/web/html
docker inspect tinyweb1查看ip
[root@Mysql img1]# curl 172.17.0.6
<h1>Busybox httpd server</h1>
<h2>Hello world</h1>
但暴露的端口也只有宿主机能访问,没有做端口映射
[root@Mysql img1]# docker port tinyweb1 没有查到端口
[root@Mysql img1]# docker kill tinyweb1
5.2)启动时加上 -P
[root@Mysql img1]# docker run --name tinyweb1 --rm -P tinyhttpd:v0.1-5 /bin/httpd -f -h /data/web/html
检查端口
[root@Mysql img1]# docker port tinyweb1
80/tcp -> 0.0.0.0:32768
6.1)环境变量 ENV
COPY index.html ${DOC_ROOT:-/data/web/html/} 如果定义的环境变量没有值,则用后面的
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
ENV DOC_ROOT /data/web/html/
COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
# ADD http://nginx.org/download/nginx-1.15.8.tar.gz /usr/local/src/
WORKDIR /usr/local/
ADD nginx-1.15.8.tar.gz ./src/
VOLUME /data/mysql
EXPOSE 80/tcp
View Code
6.2)定义多个环境变量
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
ENV DOC_ROOT=/data/web/html/ \
WEB_SERVER_PACKAGE="nginx-1.15.8"
COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
# ADD http://nginx.org/download/nginx-1.15.8.tar.gz /usr/local/src/
WORKDIR /usr/local/
ADD ${WEB_SERVER_PACKAGE}.tar.gz ./src/
VOLUME /data/mysql
EXPOSE 80/tcp
View Code
6.3)容器运行后输出环境变量
[root@Mysql img1]# docker run --name tinyweb1 --rm -P tinyhttpd:v0.1-6 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=634ff3a5d399
DOC_ROOT=/data/web/html/
WEB_SERVER_PACKAGE=nginx-1.15.8
HOME=/root
运行时,再次传变量,有的原变量会被替换
[root@Mysql img1]# docker run --name tinyweb1 --rm -P -e WEB_SERVER_PACKAGE=nginx-1.15.7 tinyhttpd:v0.1-6 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=7dc972609f71
WEB_SERVER_PACKAGE=nginx-1.15.7
DOC_ROOT=/data/web/html/
HOME=/root
View Code
7.1)制作镜像时RUN 命令
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
ENV DOC_ROOT=/data/web/html/ \
WEB_SERVER_PACKAGE="nginx-1.15.8.tar.gz"
COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
ADD http://nginx.org/download/${WEB_SERVER_PACKAGE} /usr/local/src/
WORKDIR /usr/local/
# ADD ${WEB_SERVER_PACKAGE} ./src/
VOLUME /data/mysql/
EXPOSE 80/tcp
RUN cd /usr/local/src && \
tar xf ${WEB_SERVER_PACKAGE}
View Code
7.2)命令测试
[root@Mysql img1]# cat Dockerfile
# Description:test image
FROM busybox:latest
MAINTAINER "Test <1257063655@qq.com>"
# LABEL maintainer="1257063655@qq.com"
ENV DOC_ROOT=/data/web/html/ \
WEB_SERVER_PACKAGE="nginx-1.15.8.tar.gz"
COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
# ADD http://nginx.org/download/${WEB_SERVER_PACKAGE} /usr/local/src/
WORKDIR /usr/local/
ADD ${WEB_SERVER_PACKAGE} ./src/
VOLUME /data/mysql/
EXPOSE 80/tcp
RUN cd /usr/local/src && \
mv nginx-1.15.8 nginx
[root@Mysql img1]# docker build -t tinyhttpd:v0.2.1 ./
Sending build context to Docker daemon 1.051MB
Step 1/10 : FROM busybox:latest
---> 3a093384ac30
Step 2/10 : MAINTAINER "Test <1257063655@qq.com>"
---> Using cache
---> c04c090e9e40
Step 3/10 : ENV DOC_ROOT=/data/web/html/ WEB_SERVER_PACKAGE="nginx-1.15.8.tar.gz"
---> Using cache
---> 6832ee6cc92e
Step 4/10 : COPY index.html ${DOC_ROOT:-/data/web/html/}
---> Using cache
---> 45c2e54c0d74
Step 5/10 : COPY yum.repos.d /etc/yum.repos.d/
---> Using cache
---> 348917f42afe
Step 6/10 : WORKDIR /usr/local/
---> Using cache
---> df3d710f5ac9
Step 7/10 : ADD ${WEB_SERVER_PACKAGE} ./src/
---> Using cache
---> 83c0b4f691e4
Step 8/10 : VOLUME /data/mysql/
---> Using cache
---> c13d38f9b94b
Step 9/10 : EXPOSE 80/tcp
---> Using cache
---> 7bd7c1d365cf
Step 10/10 : RUN cd /usr/local/src && mv nginx-1.15.8 nginx
---> Running in 35f4b3aae6a1
Removing intermediate container 35f4b3aae6a1
---> 41413a7ce98a
Successfully built 41413a7ce98a
Successfully tagged tinyhttpd:v0.2.1
View Code
7.3)根据命令yum安装nginx
FROM centos
RUN yum -y install epel-release && yum makecache && yum install nginx -y
View Code
8.1)CMD命令的使用
[root@Mysql img2]# cat Dockerfile
FROM busybox
LABEL maintainer="My <1257063655.qq.com>" app="httpd"
ENV WEB_DOC_ROOT="/data/web/html"
RUN mkdir -p $WEB_DOC_ROOT && \
echo '<h1>hello world,httpd server</h1>' > ${WEB_DOC_ROOT}/index.html
CMD /bin/httpd -f -h ${WEB_DOC_ROOT}
[root@Mysql img2]# docker build -t tinyhttpd:v0.2-1 ./
查看制作镜像的详细信息
docker image inspect tinyhttpd:v0.2-1
运行
docker run --name tinyweb2 -it --rm -P tinyhttpd:v0.2-1
查看
[root@Mysql ~]# docker exec -it tinyweb2 /bin/sh
/ #
/ # ps
PID USER TIME COMMAND
1 root 0:00 /bin/httpd -f -h /data/web/html
6 root 0:00 /bin/sh
11 root 0:00 ps
9)不会被覆盖的运行命令。ENTRYPOINT
[root@Mysql img2]# cat Dockerfile
FROM busybox
LABEL maintainer="My <1257063655.qq.com>" app="httpd"
ENV WEB_DOC_ROOT="/data/web/html"
RUN mkdir -p $WEB_DOC_ROOT && \
echo '<h1>hello world,httpd server</h1>' > ${WEB_DOC_ROOT}/index.html
# CMD /bin/httpd -f -h ${WEB_DOC_ROOT}
# CMD ["/bin/sh","-c","/bin/httpd","-f","-h ${WEB_DOC_ROOT}"] # 有问题,不建议用
ENTRYPOINT /bin/httpd -f -h ${WEB_DOC_ROOT}
View Code
启动容器。docker run --name tinyweb2 -it --rm -P tinyhttpd:v0.2-3 ls /data/ 后面接的命令不会覆盖制作镜像用的命令。后面接的命令会被当做参数传给它
10) 脚本启动nginx。使用传参的方法
10.1)编辑脚本文件
[root@Mysql img3]# cat entrypoint.sh
#!/bin/sh
#
cat > /etc/nginx/conf.d/www.conf <<EOF
server {
server_name ${HOSTNAME};
listen ${IP:-0.0.0.0}:${PORT:-80};
root ${NGX_DOC_ROOT:-/usr/share/nginx/html};
}
EOF
exec "$@"
entrypoint.sh
10.2)编辑首页文件
[root@Mysql img3]# cat index.html
<h1>
Hello world,study python
</h1>
index.html
10.3)编辑Dockerfile文件
[root@Mysql img3]# cat Dockerfile
FROM nginx:1.14-alpine
LABEL maintainer="my <125.7063655@qq.com>"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
10.4)启动容器检验
启动
[root@Mysql img3]# docker run --name myweb1 --rm -P myweb:v0.3-3
进入容器
[root@Mysql img3]# docker exec -it myweb1 /bin/sh
/ # cat /etc/nginx/conf.d/www.conf
server {
server_name 0e107f492212;
listen 0.0.0.0:80;
root /data/web/html;
}
/ # cat /data/web/html
<h1>
Hello world,study python
</h1>
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
--------
/ # wget -O - -q localhost 本地明
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
-------------------------
/ # wget -O - -q 0e107f492212
<h1>
Hello world,study python
</h1>
View Code
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
10.5)启动容器时再增加端口参数,测试
添加端口
[root@Mysql img3]# docker run --name myweb1 --rm -P -e "PORT=8080" myweb:v0.3-4
/ # [root@Mysql img3]# docker exec -it myweb1 /bin/sh
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
11)健康检查。HEALTHCHECK 健康检查,不太清楚。
[root@Mysql img3]# cat Dockerfile
FROM nginx:1.14-alpine
LABEL maintainer="my <125.7063655@qq.com>"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
EXPOSE 80/tcp
HEALTHCHECK --start-period=3s CMD wget -o - -q http://${IP:-0.0.0.0}:${PORT:-80}/
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
View Code
12.1) ARG常量传参的用法
[root@Mysql img3]# cat Dockerfile
FROM nginx:1.14-alpine
ARG author="my <125.7063655@qq.com>"
LABEL maintainer="${author}"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
EXPOSE 80/tcp
HEALTHCHECK --start-period=3s CMD wget -o - -q http://${IP:-0.0.0.0}:${PORT:-80}/
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
View Code
替换定义的常量
docker build -t myweb:v0.3-7 ./
替换定义的默认值 author="pony <pony@qq.com>"
docker build --build-arg author="pony <pony@qq.com>" -t myweb:v0.3-8 ./
13)ONBUILD 。根据ONBUILD 创建的镜像,其他dockerfile引用此镜像创建镜像时,会触发执行ONBUILD 里面的指令
FROM nginx:1.14-alpine
ARG author="my <125.7063655@qq.com>"
LABEL maintainer="${author}"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
EXPOSE 80/tcp
HEALTHCHECK --start-period=3s CMD wget -o - -q http://${IP:-0.0.0.0}:${PORT:-80}/
ONBUILD ADD http://repo.webtatic.com/yum/el6/latest.rpm /usr/local/src/
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
View Code
14)GitHub里面有很大dockerfile文件
五、resistry使用
[root@Mysql img3]# yum info docker-registry
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.shu.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
可安装的软件包
名称 :docker-registry
架构 :x86_64
版本 :0.9.1
发布 :7.el7
大小 :123 k
源 :extras/7/x86_64
简介 : Registry server for Docker
网址 :https://github.com/docker/docker-registry
协议 : ASL 2.0
描述 : Registry server for Docker (hosting/delivering of repositories and images).
yum info docker-registry
1)在服务端安装resistry 私有仓库
[root@Mysql img3]# yum info docker-registry
[root@Mysql img3]# yum install docker-registry -y 安装
[root@Mysql img3]# rpm -ql docker-distribution 查看安装生成的文件
/etc/docker-distribution/registry/config.yml 主配置文件
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry
[root@Mysql registry]# systemctl start docker-distribution 启动服务
[root@Mysql registry]# netstat -lntup|grep registry
tcp6 0 0 :::5000 :::* LISTEN 22359/registry
yum install docker-registry -y
2)推送文件,拉取文件测试
[root@Centos7pvz2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.14-alpine 8a2fb25a19f5 9 days ago 16MB
[root@Centos7pvz2 ~]# docker tag nginx:1.14-alpine pvz2.test.com:5000/nginx:1.15-alpine # 打标记为自己的仓库镜像
[root@Centos7pvz2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
pvz2.test.com:5000/nginx 1.15-alpine 8a2fb25a19f5 9 days ago 16MB
nginx 1.14-alpine 8a2fb25a19f5 9 days ago 16MB
[root@Centos7pvz2 ~]# cat /etc/docker/daemon.json # 修改docker拉取服务信息
{
"registry-mirrors": ["https://4mii0w1b.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"insecure-registries": ["pvz2.test.com:5000"]
}
[root@Centos7pvz2 ~]# systemctl restart docker 重启docker
[root@Centos7pvz2 ~]# cat /etc/hosts # 配置主机解析文件
192.168.10.28 pvz2.test.com
[root@Centos7pvz2 ~]# docker push pvz2.test.com:5000/nginx:1.15-alpine # 将本地镜像推向仓库
The push refers to repository [pvz2.test.com:5000/nginx]
076c58d2644f: Pushed
b2cbae4b8c15: Pushed
5ac9a5170bf2: Pushed
a464c54f93a9: Pushed
1.15-alpine: digest: sha256:a3a0c4126587884f8d3090efca87f5af075d7e7ac8308cffc09a5a082d5f4760 size: 1153
另一台机器拉取镜像
[root@node02 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://4mii0w1b.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"insecure-registries": ["pvz2.test.com:5000"]
}
[root@Centos7pvz2 ~]# systemctl restart docker
[root@Centos7pvz2 ~]# cat /etc/hosts # 配置主机解析文件
192.168.10.28 pvz2.test.com
[root@node02 ~]# docker pull pvz2.test.com:5000/nginx:1.15-alpine # 拉取镜像
1.15-alpine: Pulling from nginx
bdf0201b3a05: Pull complete
3d0a573c81ed: Pull complete
8129faeb2eb6: Pull complete
3dc99f571daf: Pull complete
Digest: sha256:a3a0c4126587884f8d3090efca87f5af075d7e7ac8308cffc09a5a082d5f4760
Status: Downloaded newer image for pvz2.test.com:5000/nginx:1.15-alpine
[root@node02 ~]#
View Code
3)服务端可查看客户端推送过来的镜像文件
[root@Centos7pvz2 ~]# ll /var/lib/registry/docker/registry/v2/repositories/
总用量 0
drwxr-xr-x 5 root root 55 4月 19 16:50 nginx
六、单机多容器编排
七、harbor安装(仓库网站安装)
1)安装说明
1)官网
https://github.com/goharbor/harbor
2)安装说明
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
3)下载安装包
https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.4.tgz
2)修改配置文件
3)启动服务 ./install.sh 需要docker-compose(1.7.1以上的版本)
3.1 )安装docker-compose。注意该安装方式版本 为 docker-compose version 1.24.0, build 0aa5906 。经过测试,也可以运行
./install.sh结束后,80端口和443端口被监听
4)访问 http://192.168.10.28/harbor/sign-in
用户:admin
密码:harbor12345 / Harbor12345 官方文档有说明(harbor.cfg)
登录进来。先创建用户管理,仓库管理
5)创建用户
6)创建仓库
7)切换账号,新建项目
8)推送docker镜像文件
[root@Centos7pvz2 harbor]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://4mii0w1b.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"insecure-registries": ["pvz2.test.com"]
}
[root@Centos7pvz2 harbor]# systemctl restart docker
[root@Centos7pvz2 harbor]# docker tag goharbor/harbor-db:v1.7.4 pvz2.test.com/devel/harbor-db:v1.7.4
[root@Centos7pvz2 harbor]# docker tag goharbor/harbor-adminserver:v1.7.4 pvz2.test.com/devel/harbor-adminserver:v1.7.4
[root@Centos7pvz2 harbor]# docker image ls|grep pvz2.test.com/devel
pvz2.test.com/devel/harbor-adminserver v1.7.4 5706c65d65dc 7 weeks ago 72.3MB
pvz2.test.com/devel/harbor-db v1.7.4 08d163f732f3 7 weeks ago 136MB
[root@Centos7pvz2 harbor]# docker login pvz2.test.com 登录服务器
[root@Centos7pvz2 harbor]# docker push pvz2.test.com/devel/harbor-adminserver:v1.7.4
[root@Centos7pvz2 harbor]# docker push pvz2.test.com/devel/harbor-db:v1.7.4
查看服务端,文件存储的路径
暂停容器服务
继续运行
docker资源
启动测试,256M内存,2个进程
docke stats 能查看容器资源
八、最终环节,应用实战
最终章。dokerfiles实战应用
1)快速构建基础镜像
cat Dockerfile
#Docker from CentOS
# Base images
FROM centos
# who
MAINTAINER Mr.Cao 11111qq.com
# EPEL
add epel.repo /etc/yum.repos.d/
# Base pkg
RUN yum install -y wget mysql-devel supervisor git redis tree net-tools sudo psmisc && yum clean all
docker build -t test/centos:base .
构建基础的Dockerfile
1.2)基于基础镜像创建python环境
cat Dockerfile
FROM test/centos:base
MAINTAINER Mr.Cao 11111qq.com
RUN yum install -y python-devel python-pip supervisor
RUN pip install --upgrade pip
docker build -t test/python .
View Code
2)基于ssh管理的基础镜像
cat Dockerfile
#Docker from CentOS
# Base images
FROM centos
# who
MAINTAINER Mr.Cao 11111qq.com
# EPEL
add epel.repo /etc/yum.repos.d/
# Base pkg
RUN yum install -y openssh-clients openssl-devel openssh-server wget mysql-devel supervisor git redis tree net-tools sudo psmisc && yum clean all
# For SSHD
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN echo "root:helloworld" | chpasswd
docker build -t test/centos-ssh:base .
View Code
2.1)基于ssh的Python环境
cat Dockerfile
FROM test/centos-ssh
MAINTAINER Mr.Cao 11111qq.com
RUN yum install -y python-devel python-pip supervisor
RUN pip install --upgrade pip
docker build -t test/python-ssh .
View Code
3)基于Python环境运行app
supervisord.conf文件修改
3.1) 编辑文件过程
================================================
cat app.py
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
return 'hello world'
if __name__ == '__main__':
app.run(host="0.0.0.0",debug=True)
==================
cat requirements.txt
flask
===================
cat app-supervisor.ini
[program:shop-api]
command=/usr/bin/python2.7 /opt/app.py
process_name=%(program_name)s
autostart=true
user=www
stdout_logfile=/tmp/app.log
stderr_logfile=/tmp/app.error
[program:sshd]
command=/usr/sbin/sshd -D
process_name=%(program_name)s
autostart=true
==================
cat Dockerfile
FROM test/python-ssh
MAINTAINER Mr.Cao 11111qq.com
RUN useradd -s /sbin/nologin -M www
ADD app.py /opt/app.py
ADD requirements.txt /opt/
ADD supervisord.conf /etc/supervisord.conf
ADD app-supervisor.ini /etc/supervisord.d/
RUN /usr/bin/pip2.7 install /opt/requirements.txt
# Port
EXPOSE 22 5000
# CMD
CMD ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]
===============================================================
View Code
3.2)制作镜像,并启动应用服务
docker build -t test/hello-api .
docker run --name hello-api -d -p 88:5000 -p 8022:22 test/hello-api
View Code
ssh服务可这样进入服务