这个文章讲的比较透彻,就不复制粘贴了 《Docker从入门到实践》阅读笔记
Docker安装
环境
root@fudonghai:~# uname -a Linux fudonghai 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux root@fudonghai:~# cat /etc/issue Ubuntu 16.04.5 LTS l
卸载旧版本
root@fudonghai:~# apt-get remove docker docker-engine docker.io
由于 apt 源使用 HTTPS 以确保软件下载过程中不被篡改。因此,我们首先需要添加使用 HTTPS 传输的软件包以及 CA 证书。
root@fudonghai:~# apt-get update
鉴于国内网络问题,强烈建议使用国内源,官方源请在注释中查看。为了确认所下载软件包的合法性,需要添加软件源的 GPG 密钥。
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # 官方源 # $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
然后,我们需要向 source.list 中添加 Docker 软件源,文件在/etc/apt/sources.list
$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable" # 官方源 # $ sudo add-apt-repository # "deb [arch=amd64] https://download.docker.com/linux/ubuntu # $(lsb_release -cs) # stable"
终于开始安装dock了
root@fudonghai:~# apt-get update
root@fudonghai:~# apt-get install docker-ce
在aws上提示E: Package 'docker-ce' has no installation candidate,使用下面语句解决
sudo echo "deb https://download.docker.com/linux/ubuntu zesty edge" > /etc/apt/sources.list.d/docker.list sudo apt update && sudo apt install docker-ce
启动docker
root@fudonghai:~# systemctl enable docker Synchronizing state of docker.service with SysV init with /lib/systemd/systemd-sysv-install... Executing /lib/systemd/systemd-sysv-install enable docker root@fudonghai:~# systemctl start docker
默认情况下,docker 命令会使用 Unix socket 与 Docker 引擎通讯。而只有 root 用户和 docker 组的用户才可以访问 Docker 引擎的 Unix socket。出于安全考虑,一般 Linux 系统上不会直接使用 root 用户。因此,更好地做法是将需要使用 docker 的用户加入 docker 用户组。
建立Docker组:
root@fudonghai:~# groupadd docker groupadd: group 'docker' already exists
将当前用户加入docker组:
root@fudonghai:~# echo $USER root root@fudonghai:~# usermod -aG docker $USER
测试Docker是否安装正确
root@fudonghai:~# docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 1b930d010525: Pull complete Digest: sha256:6540fc08ee6e6b7b63468dc3317e3303aae178cb8a45ed3123180328bcc1d20f Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/
镜像加速器, 国内从 Docker Hub 拉取镜像有时会遇到困难,此时可以配置镜像加速器。
Ubuntu 16.04+、Debian 8+、CentOS 7
对于使用 systemd 的系统,请在 /etc/docker/daemon.json 中写入如下内容(如果文件不存在请新建该文件)
{ "registry-mirrors": [ "https://registry.docker-cn.com" ] }
之后重启服务
root@fudonghai:~# systemctl daemon-reload root@fudonghai:~# systemctl restart docker root@fudonghai:~# docker info Client: Debug Mode: false 省略若干 Registry Mirrors: https://registry.docker-cn.com/ #说明成功 Live Restore Enabled: false
nginx镜像和容器
后台运行nginx容器,如果本机没有镜像,则会先下载
root@fudonghai:~# docker run -d --name mynginx nginx Unable to find image 'nginx:latest' locally latest: Pulling from library/nginx f5d23c7fed46: Pull complete 918b255d86e5: Pull complete 8c0120a6f561: Pull complete Digest: sha256:eb3320e2f9ca409b7c0aa71aea3cf7ce7d018f03a372564dbdb023646958770b Status: Downloaded newer image for nginx:latest c5a247c65e97cafec001d24f371b627201f3a57a4268fd8a9a26538897ac86ff
查看容器
root@fudonghai:~# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c5a247c65e97 nginx "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 80/tcp mynginx
nginx容器使用attach命令进入,不仅进不去还会导致容器退出
root@fudonghai:~# docker attach c5a247c65e97 ^C root@fudonghai:~# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c5a247c65e97 nginx "nginx -g 'daemon of…" 9 minutes ago Exited (0) 24 seconds ago mynginx
nsenter命令可以使用另外一个进程的命名空间,通过容器pid进入容器中
重新启动
root@fudonghai:~# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c5a247c65e97 nginx "nginx -g 'daemon of…" 17 minutes ago Exited (0) 7 minutes ago mynginx root@fudonghai:~# docker start c5a247c65e97 c5a247c65e97 root@fudonghai:~# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c5a247c65e97 nginx "nginx -g 'daemon of…" 18 minutes ago Up 5 seconds 80/tcp mynginx
获取容器pid
root@fudonghai:~# docker inspect --format "{{.State.Pid}}" mynginx #或者c5a247c65e97 7966
进入容器
root@fudonghai:~# nsenter --target 7966 --mount --uts --ipc --net --pid /bin/bash
在容器内找不到ps命令,原因是使用了nginx:latest版本不带,下次选一个带的
root@c5a247c65e97:/# ps -aux bash: ps: command not found
于是自己装
root@c5a247c65e97:/# apt-get update root@c5a247c65e97:/# apt-get install procps
安装完后可以使用
root@c5a247c65e97:/# ps -aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 10624 5400 ? Ss 12:50 0:00 nginx: master process nginx -g daemon off; nginx 6 0.0 0.0 11096 2680 ? S 12:50 0:00 nginx: worker process root 15 0.0 0.0 4000 3244 ? S 13:02 0:00 /bin/bash root 347 0.0 0.0 7640 2704 ? R+ 13:12 0:00 ps -aux
自己做了一个小试验,把这个容器停掉,重新启动,得到新的PID,然后进入,发现ps仍然可以,说明安装是有持久性的(但是新run起来的nginx镜像里面还是没有ps命令)
root@fudonghai:~# docker stop c5a247c65e97 c5a247c65e97 root@fudonghai:~# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c5a247c65e97 nginx "nginx -g 'daemon of…" 47 minutes ago Exited (0) 3 seconds ago mynginx root@fudonghai:~# docker start c5a247c65e97 c5a247c65e97 root@fudonghai:~# docker inspect --format "{{.State.Pid}}" c5a247c65e97 8614 root@fudonghai:~# nsenter --target 8614 --mount --uts --ipc --net --pid /bin/bash root@c5a247c65e97:/# ps -aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 10624 5444 ? Ss 13:20 0:00 nginx: master process nginx -g daemon off; nginx 7 0.0 0.0 11096 2648 ? S 13:20 0:00 nginx: worker process root 8 0.0 0.0 4000 3168 ? S 13:21 0:00 /bin/bash root 9 0.0 0.0 7640 2736 ? R+ 13:21 0:00 ps -aux
官方镜像的配置文件放在/etc/nginx
root@c5a247c65e97:/# cd /etc/nginx/ root@c5a247c65e97:/etc/nginx# ls conf.d fastcgi_params koi-utf koi-win mime.types modules nginx.conf scgi_params uwsgi_params win-utf
root@c5a247c65e97:/etc/nginx# cat nginx.conf user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; }
root@c5a247c65e97:/etc/nginx# cat conf.d/default.conf server { listen 80; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; location / { root /usr/share/nginx/html; #root目录很重要 index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} }
做成一个in.sh脚本,方便使用,如./in.sh mynginx
#!/bin/bash CNAME=$1 CPID=$(docker inspect --format "{{.State.Pid}}" $CNAME) nsenter --target "$CPID" --mount --uts --ipc --net --pid /bin/bash
不理解:nginx必须运行在前台,如果运行在后台就会退出
网络访问
主机端查看网络配置,发现docker0网桥,ip是172.17.0.1
root@fudonghai:~# ifconfig docker0 Link encap:Ethernet HWaddr 02:42:65:cd:6e:d0 inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 inet6 addr: fe80::42:65ff:fecd:6ed0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2596 errors:0 dropped:0 overruns:0 frame:0 TX packets:2581 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:148242 (148.2 KB) TX bytes:8943856 (8.9 MB)
root@fudonghai:~# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0
NAT表
root@fudonghai:~# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 #做了一个地址转换 Chain DOCKER (2 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0
进入容器看看能不能上网
root@fudonghai:~# ./in.sh mynginx root@c5a247c65e97:/# ping www.baidu.com bash: ping: command not found
然后发现ping也没有,抓狂,安装后测试可以上网
root@c5a247c65e97:/# apt-get install iputils-ping root@c5a247c65e97:/# ping baidu.com PING baidu.com (39.156.69.79) 56(84) bytes of data. 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=46 time=4.40 ms
下面这个是管ifconfig的
apt-get install net-tools
下面这个管ip
apt-get install iproute2
查看路由表
root@c5a247c65e97:/# ip ro li default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
下面进行端口映射 -P,随机映射端口
root@fudonghai:~# docker run -d -P --name mynginx1 nginx b43280a11ebb9cb4721c5e4d490960b144db66245ad03ca7399fbc6a2a5c0fec root@fudonghai:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b43280a11ebb nginx "nginx -g 'daemon of…" 7 seconds ago Up 6 seconds 0.0.0.0:32768->80/tcp mynginx1
浏览器测试http://114.115.147.49:32768/ 没有问题
使用-p,指定端口映射
root@fudonghai:~# docker run -d -p 30000:80 --name mynginx2 nginx 3be3207d7d5c986c72aa485dc04af5d92475ab445641a0fc783c51f3348c4808 root@fudonghai:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3be3207d7d5c nginx "nginx -g 'daemon of…" 4 seconds ago Up 4 seconds 0.0.0.0:30000->80/tcp mynginx2
删除容器后,使用ps -a就看不到了
root@fudonghai:~# docker rm b43280a11ebb b43280a11ebb root@fudonghai:~# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3be3207d7d5c nginx "nginx -g 'daemon of…" 14 minutes ago Up 14 minutes 0.0.0.0:30000->80/tcp mynginx2 c5a247c65e97 nginx "nginx -g 'daemon of…" 2 days ago Up 2 days 80/tcp mynginx
数据管理
数据卷。绕过ufs,直接写在宿主机上
注意,nginx镜像不支持下面这种数据卷 -v 操作,运行会没有反应
root@fudonghai:~# docker run -it --name volume-test1 -v /data nginx
更换ubuntu镜像试试,成功
root@fudonghai:~# docker run -it --name volume-test1 -v /data ubuntu Unable to find image 'ubuntu:latest' locally 开始下载镜像 root@06ccca061b5e:/# ps -aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.1 0.0 18508 3404 pts/0 Ss 05:45 0:00 /bin/bash root 13 0.0 0.0 34400 2896 pts/0 R+ 05:46 0:00 ps -aux root@06ccca061b5e:/# uname -a Linux 06ccca061b5e 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux root@06ccca061b5e:/# cat /etc/issue Ubuntu 18.04.2 LTS l
在宿主机上使用查找挂载文件位置命令出错,可能是ubuntu问题,centos可能没问题
root@fudonghai:/# docker inspect -f {{.volumes}} volume-test1 Template parsing error: template: :1:2: executing "" at <.volumes>: map has no entry for key "volumes"
解决方法:
root@fudonghai:/# docker inspect volume-test1 | grep Mounts -A 10 "Mounts": [ { "Type": "volume", "Name": "e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4", "Source": "/var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data", "Destination": "/data", "Driver": "local", "Mode": "", "RW": true, "Propagation": "" }
就是宿主机上/var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data
对应容器内 /data
使用 echo 123 > test 测试成功
指定宿主机目录,挂载到容器内: -v 宿主机目录:容器内目录
root@fudonghai:/# docker run -it --name volume-test2 -v /opt:/opt ubuntu root@80ea323125c5:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var root@80ea323125c5:/# echo hello world! > /opt/hello root@80ea323125c5:/# cat /opt/hello hello world! root@80ea323125c5:/# exit exit root@fudonghai:/# cat /opt/hello hello world!
数据卷容器,使用其他容器的数据卷,共享方式 --volumes-from 其他容器名
root@fudonghai:/# docker run -it --name volume-test4 --volumes-from volume-test1 ubuntu
新容器容器内的目录和 volume-test1相同,都是 /data
宿主机的目录都是 /var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data
构建镜像
先运行centos容器,然后进行nginx构建
root@fudonghai:/# docker run --name nginx-man -it centos
安装支持包
yum install -y wget gcc gcc-c++ make openssl-devel
如果在ubuntu下是:
apt-get update apt-get install wget gcc make g++ apt-get install openssl libssl-dev apt-get install zlib1g zlib1g.dev
下载nginx
wget http://nginx.org/download/nginx-1.9.3.tar.gz wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
解压
root@b69d51510091:/# mv *.gz /usr/local/src root@b69d51510091:/# cd /usr/local/src/ root@b69d51510091:/usr/local/src# tar zxf pcre-8.38.tar.gz root@b69d51510091:/usr/local/src# tar zxf nginx-1.9.3.tar.gz root@b69d51510091:/usr/local/src# ls nginx-1.9.3 nginx-1.9.3.tar.gz pcre-8.38 pcre-8.38.tar.gz
新建www用户
root@b69d51510091:/usr/local/src# useradd -s /sbin/nologin -M www
配置并安装
root@b69d51510091:/usr/local/src/nginx-1.9.3# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.38 [root@99925ed2ce2c nginx-1.9.3]# make [root@99925ed2ce2c nginx-1.9.3]# make install
nginx得放到前台来运行
vi /usr/local/nginx/conf/nginx.conf daemon off; #在第一行加入
在容器内配置启动nginx(后来证明不行,容器会退出)
[root@99925ed2ce2c nginx-1.9.3]# vi /etc/rc.local /usr/local/nginx/sbin/nginx #最后一行加入启动命令
退出容器后,提交镜像
root@fudonghai:/# docker commit -m "my nginx" 99925ed2ce2c fudonghai/my-nginx:v1
镜像已经准备好,开始运行
docker run -d -p 30001:80 fudonghai/my-nginx:v1
运行后发现会退出,于是重新编辑,把新增的启动命令/usr/local/nginx/sbin/nginx删除掉
root@fudonghai:/# docker run -it fudonghai/my-nginx:v1 [root@f4fb55971ae6 /]# vi /etc/rc.local
退出重新提交,注意使用新的容器ID
[root@f4fb55971ae6 /]# exit exit root@fudonghai:/# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f4fb55971ae6 fudonghai/my-nginx:v1 "/bin/bash" 45 seconds ago Exited (0) 17 seconds ago priceless_hertz root@fudonghai:/# docker commit -m "v2" f4fb55971ae6 fudonghai/my-nginx:v2
把启动命令加到命令行里面,重新运行
root@fudonghai:/# docker run -d -p 30001:80 fudonghai/my-nginx:v2 /usr/local/nginx/sbin/nginx 1def5a7d02ed582650cce692eb58c8c3d406f0821ac9af172f5e9e279cf0e884 root@fudonghai:/# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1def5a7d02ed fudonghai/my-nginx:v2 "/usr/local/nginx/sb…" 8 seconds ago Up 7 seconds 0.0.0.0:30001->80/tcp adoring_chatelet
浏览器测试正常
使用DockerFile构建镜像
文件包含四类信息:
基础镜像信息
维护者信息
镜像操作指令
容器启动时执行指令
Dockerfile文件如下
# This is My first Dockerfile # Version 1.0 # Author: fu #Base Image FROM centos #MAINTAINER MAINTAINER fu #ADD ADD pcre-8.38.tar.gz /usr/local/src ADD nginx-1.9.3.tar.gz /usr/local/src #RUN RUN yum install -y wget gcc gcc-c++ make openssl-devel RUN useradd -s /sbin/nologin -M www #WORKDIR WORKDIR /usr/local/src/nginx-1.9.3 RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.38 && make && make install RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf ENV PATH /usr/local/nginx/sbin:$PATH EXPOSE 80 CMD ["nginx"] #搭配ENV PATH 使用,只需要使用nginx命令
步骤
1,在/opt/docker-file/nginx 下面准备文件,Dockerfile文件在上面,两个gz文件需要下载
root@fudonghai:/opt/docker-file/nginx# ls Dockerfile nginx-1.9.3.tar.gz pcre-8.38.tar.gz
2,使用构建命令
docker build -t nginx-file:v1 /opt/docker-file/nginx/
3,查看构建的镜像
root@fudonghai:/opt/docker-file/nginx# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx-file v1 54453e437d81 28 minutes ago 458MB
4,运行镜像
docker run -d -p 30002:80 nginx-file:v1
Docker原理
Docker资源隔离
使用Linux 的LXC,具体是namespace功能。namespace分pid,net,ipc,mnt,uts,user,
Docker资源限制
使用 内核的cgroup进行资源限制。分CPU,内存,磁盘手动
使用压力测试工具stress
准备工作
root@fudonghai:/opt/docker-file# mkdir stress root@fudonghai:/opt/docker-file# ls nginx stress root@fudonghai:/opt/docker-file# cd stress/ root@fudonghai:/opt/docker-file/stress# wget http://mirrors.aliyun.com/repo/epel-6.repo
Dockerfile
ROM centos ADD epel-6.repo /etc/yum.repos.d/ RUN yum -y install stress && yum clean all ENTRYPOINT ["stress"]
构建镜像
docker build -t stress .
如果宿主机有1核cpu,使用--cpu 1 参数运行,如果启动2个容器,则各占50%。如果宿主机有2核,指定--cpu 2,则运行一个容器会启动两个进程,每个独占1个核
docker run -it --rm stress --cpu 1
使用-c 指定权重,默认是1024,-c 512 是一半的权重
docker run -it --rm -c 512 stress --cpu 1
使用--cpuset-cpus=?,指定运行在那个cpu核上
docker run -it --rm --cpuset-cpus=0 stress --cpu 1
内存资源的限制,指定了128M,使用到128M就会退出
root@fudonghai:/opt/docker-file/stress# docker run -it --rm -m 128m stress --vm 1 --vm-bytes 128m --vm-hang 0 WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap. stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd stress: FAIL: [1] (415) <-- worker 6 got signal 9 stress: WARN: [1] (417) now reaping child worker processes stress: FAIL: [1] (421) kill error: No such process stress: FAIL: [1] (451) failed run completed in 0s
网络模式
默认使用桥接模式,主要依赖于iptables
root@fudonghai:/opt/docker-file/stress# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 MASQUERADE tcp -- 172.17.0.4 172.17.0.4 tcp dpt:80 MASQUERADE tcp -- 172.17.0.3 172.17.0.3 tcp dpt:80 Chain DOCKER (2 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:30000 to:172.17.0.4:80 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:30001 to:172.17.0.3:80
host模式,容器和宿主机用同一个网络和端口
DockerRegistry
1,使用官方的http://dockerhub.com,需要注册一个用户名XXX,记住密码
登录
root@fudonghai:/opt/docker-file/stress# docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.c Username: XXX Password:
推送之前先打一个tag
root@fudonghai:/opt/docker-file/stress# docker tag nginx-file:v1 XXX/nginx-file:v1 root@fudonghai:/opt/docker-file/stress# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx-file v1 54453e437d81 23 hours ago 458MB XXX/nginx-file v1 54453e437d81 23 hours ago 458MB
推送
root@fudonghai:/opt/docker-file/stress# docker push XXX/nginx-file:v1 The push refers to repository [docker.io/XXX/nginx-file] 44505ee7adb6: Pushed 3bb66e7316b0: Pushed 7a2f86e0f3b5: Pushed 895dd72590ac: Pushed bca36cca1852: Pushed e66e81338148: Pushed d69483a6face: Pushed v1: digest: sha256:0f26c5eacfe5b099b44841e490260d819c9168643fc75a60a4861896dd9e6bdd size: 1789
登录https://cloud.docker.com/u/XXX/repository/list 可以查看上传完毕的镜像
2,使用阿里云,也需要有阿里云帐号XXX@XXX.com
登录 docker login --username=XXX@XXX.com registry.cn-beijing.aliyuncs.com
拉取
docker pull registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号] 打tag docker tag [ImageId] registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号]
推送 docker push registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号]
推送例子
root@fudonghai:~# docker tag hello-world:latest registry.cn-beijing.aliyuncs.com/od/hello:v1 root@fudonghai:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest fce289e99eb9 7 months ago 1.84kB registry.cn-beijing.aliyuncs.com/od/hello v1 fce289e99eb9 7 months ago 1.84kB
root@fudonghai:~# docker push registry.cn-beijing.aliyuncs.com/od/hello:v1 The push refers to repository [registry.cn-beijing.aliyuncs.com/od/hello] af0b15c8625b: Pushed v1: digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a size: 524
强制删除所有镜像,慎用
docker rmi -f $(docker images -q)