• 【笔记】Docker入门


    这个文章讲的比较透彻,就不复制粘贴了 《Docker从入门到实践》阅读笔记

    Docker安装

    环境

    root@fudonghai:~# uname -a
    Linux fudonghai 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
    root@fudonghai:~# cat /etc/issue
    Ubuntu 16.04.5 LTS 
     l

    卸载旧版本

    root@fudonghai:~# apt-get remove docker docker-engine docker.io

    由于 apt 源使用 HTTPS 以确保软件下载过程中不被篡改。因此,我们首先需要添加使用 HTTPS 传输的软件包以及 CA 证书。

    root@fudonghai:~# apt-get update

    鉴于国内网络问题,强烈建议使用国内源,官方源请在注释中查看。为了确认所下载软件包的合法性,需要添加软件源的 GPG 密钥。

    $ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
    
    
    # 官方源
    # $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

    然后,我们需要向 source.list 中添加 Docker 软件源,文件在/etc/apt/sources.list

    $ sudo add-apt-repository 
        "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu 
        $(lsb_release -cs) 
        stable"
    
    
    # 官方源
    # $ sudo add-apt-repository 
    #    "deb [arch=amd64] https://download.docker.com/linux/ubuntu 
    #    $(lsb_release -cs) 
    #    stable"

    终于开始安装dock了

    root@fudonghai:~# apt-get update
    root@fudonghai:~# apt-get install docker-ce

    在aws上提示E: Package 'docker-ce' has no installation candidate,使用下面语句解决

    sudo echo "deb https://download.docker.com/linux/ubuntu zesty edge" > /etc/apt/sources.list.d/docker.list
    
    sudo apt update && sudo apt install docker-ce

    启动docker

    root@fudonghai:~# systemctl enable docker
    Synchronizing state of docker.service with SysV init with /lib/systemd/systemd-sysv-install...
    Executing /lib/systemd/systemd-sysv-install enable docker
    root@fudonghai:~# systemctl start docker

     默认情况下,docker 命令会使用 Unix socket 与 Docker 引擎通讯。而只有 root 用户和 docker 组的用户才可以访问 Docker 引擎的 Unix socket。出于安全考虑,一般 Linux 系统上不会直接使用 root 用户。因此,更好地做法是将需要使用 docker 的用户加入 docker 用户组。

    建立Docker组:

    root@fudonghai:~# groupadd docker
    groupadd: group 'docker' already exists

    将当前用户加入docker组:

    root@fudonghai:~# echo $USER
    root
    root@fudonghai:~# usermod -aG docker $USER

    测试Docker是否安装正确

    root@fudonghai:~# docker run hello-world
    Unable to find image 'hello-world:latest' locally
    latest: Pulling from library/hello-world
    1b930d010525: Pull complete 
    Digest: sha256:6540fc08ee6e6b7b63468dc3317e3303aae178cb8a45ed3123180328bcc1d20f
    Status: Downloaded newer image for hello-world:latest
    
    Hello from Docker!
    This message shows that your installation appears to be working correctly.
    
    To generate this message, Docker took the following steps:
     1. The Docker client contacted the Docker daemon.
     2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
        (amd64)
     3. The Docker daemon created a new container from that image which runs the
        executable that produces the output you are currently reading.
     4. The Docker daemon streamed that output to the Docker client, which sent it
        to your terminal.
    
    To try something more ambitious, you can run an Ubuntu container with:
     $ docker run -it ubuntu bash
    
    Share images, automate workflows, and more with a free Docker ID:
     https://hub.docker.com/
    
    For more examples and ideas, visit:
     https://docs.docker.com/get-started/

    镜像加速器,  国内从 Docker Hub 拉取镜像有时会遇到困难,此时可以配置镜像加速器。

    Ubuntu 16.04+、Debian 8+、CentOS 7
    对于使用 systemd 的系统,请在 /etc/docker/daemon.json 中写入如下内容(如果文件不存在请新建该文件)

    {
      "registry-mirrors": [
        "https://registry.docker-cn.com"
      ]
    }

    之后重启服务

    root@fudonghai:~# systemctl daemon-reload
    root@fudonghai:~# systemctl restart docker
    root@fudonghai:~# docker info
    Client:
     Debug Mode: false
    省略若干
     Registry Mirrors:
      https://registry.docker-cn.com/   #说明成功
     Live Restore Enabled: false

    nginx镜像和容器

    后台运行nginx容器,如果本机没有镜像,则会先下载

    root@fudonghai:~# docker run -d --name mynginx nginx
    Unable to find image 'nginx:latest' locally
    latest: Pulling from library/nginx
    f5d23c7fed46: Pull complete 
    918b255d86e5: Pull complete 
    8c0120a6f561: Pull complete 
    Digest: sha256:eb3320e2f9ca409b7c0aa71aea3cf7ce7d018f03a372564dbdb023646958770b
    Status: Downloaded newer image for nginx:latest
    c5a247c65e97cafec001d24f371b627201f3a57a4268fd8a9a26538897ac86ff

    查看容器

    root@fudonghai:~# docker ps -l
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
    c5a247c65e97        nginx               "nginx -g 'daemon of…"   2 minutes ago       Up 2 minutes        80/tcp              mynginx

    nginx容器使用attach命令进入,不仅进不去还会导致容器退出

    root@fudonghai:~# docker attach c5a247c65e97
    ^C
    root@fudonghai:~# docker ps -a
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES
    c5a247c65e97        nginx               "nginx -g 'daemon of…"   9 minutes ago       Exited (0) 24 seconds ago                       mynginx

    nsenter命令可以使用另外一个进程的命名空间,通过容器pid进入容器中

    重新启动

    root@fudonghai:~# docker ps -l
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
    c5a247c65e97        nginx               "nginx -g 'daemon of…"   17 minutes ago      Exited (0) 7 minutes ago                       mynginx
    root@fudonghai:~# docker start c5a247c65e97
    c5a247c65e97
    root@fudonghai:~# docker ps -l
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
    c5a247c65e97        nginx               "nginx -g 'daemon of…"   18 minutes ago      Up 5 seconds        80/tcp              mynginx

    获取容器pid

    root@fudonghai:~# docker inspect --format "{{.State.Pid}}" mynginx     #或者c5a247c65e97
    7966

    进入容器

    root@fudonghai:~# nsenter --target 7966 --mount --uts --ipc --net --pid /bin/bash

    在容器内找不到ps命令,原因是使用了nginx:latest版本不带,下次选一个带的

    root@c5a247c65e97:/# ps -aux
    bash: ps: command not found

    于是自己装

    root@c5a247c65e97:/# apt-get update
    
    root@c5a247c65e97:/# apt-get install procps

    安装完后可以使用

    root@c5a247c65e97:/# ps -aux
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.1  10624  5400 ?        Ss   12:50   0:00 nginx: master process nginx -g daemon off;
    nginx        6  0.0  0.0  11096  2680 ?        S    12:50   0:00 nginx: worker process
    root        15  0.0  0.0   4000  3244 ?        S    13:02   0:00 /bin/bash
    root       347  0.0  0.0   7640  2704 ?        R+   13:12   0:00 ps -aux

    自己做了一个小试验,把这个容器停掉,重新启动,得到新的PID,然后进入,发现ps仍然可以,说明安装是有持久性的(但是新run起来的nginx镜像里面还是没有ps命令

    root@fudonghai:~# docker stop c5a247c65e97
    c5a247c65e97
    root@fudonghai:~# docker ps -l
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
    c5a247c65e97        nginx               "nginx -g 'daemon of…"   47 minutes ago      Exited (0) 3 seconds ago                       mynginx
    
    root@fudonghai:~# docker start c5a247c65e97
    c5a247c65e97
    root@fudonghai:~# docker inspect --format "{{.State.Pid}}" c5a247c65e97
    8614
    
    root@fudonghai:~# nsenter --target 8614 --mount --uts --ipc --net --pid /bin/bash
    root@c5a247c65e97:/# ps -aux
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.1  10624  5444 ?        Ss   13:20   0:00 nginx: master process nginx -g daemon off;
    nginx        7  0.0  0.0  11096  2648 ?        S    13:20   0:00 nginx: worker process
    root         8  0.0  0.0   4000  3168 ?        S    13:21   0:00 /bin/bash
    root         9  0.0  0.0   7640  2736 ?        R+   13:21   0:00 ps -aux

    官方镜像的配置文件放在/etc/nginx

    root@c5a247c65e97:/# cd /etc/nginx/
    root@c5a247c65e97:/etc/nginx# ls
    conf.d    fastcgi_params    koi-utf  koi-win  mime.types  modules  nginx.conf  scgi_params    uwsgi_params  win-utf
    root@c5a247c65e97:/etc/nginx# cat nginx.conf 
    
    user  nginx;
    worker_processes  1;
    
    error_log  /var/log/nginx/error.log warn;
    pid        /var/run/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  /var/log/nginx/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
    
        keepalive_timeout  65;
    
        #gzip  on;
    
        include /etc/nginx/conf.d/*.conf;
    }
    root@c5a247c65e97:/etc/nginx# cat conf.d/default.conf 
    server {
        listen       80;
        server_name  localhost;
    
        #charset koi8-r;
        #access_log  /var/log/nginx/host.access.log  main;
    
        location / {
            root   /usr/share/nginx/html;   #root目录很重要
            index  index.html index.htm;
        }
    
        #error_page  404              /404.html;
    
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ .php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
    
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ .php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}
    
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /.ht {
        #    deny  all;
        #}
    }

     做成一个in.sh脚本,方便使用,如./in.sh mynginx

    #!/bin/bash
    CNAME=$1
    CPID=$(docker inspect --format "{{.State.Pid}}" $CNAME)
    nsenter --target "$CPID" --mount --uts --ipc --net --pid /bin/bash

    不理解:nginx必须运行在前台,如果运行在后台就会退出

    网络访问

    主机端查看网络配置,发现docker0网桥,ip是172.17.0.1

    root@fudonghai:~# ifconfig
    docker0   Link encap:Ethernet  HWaddr 02:42:65:cd:6e:d0  
              inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
              inet6 addr: fe80::42:65ff:fecd:6ed0/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2596 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2581 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:148242 (148.2 KB)  TX bytes:8943856 (8.9 MB)
    root@fudonghai:~# iptables -L -n
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    DOCKER-USER  all  --  0.0.0.0/0            0.0.0.0/0           
    DOCKER-ISOLATION-STAGE-1  all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain DOCKER (1 references)
    target     prot opt source               destination         
    
    Chain DOCKER-ISOLATION-STAGE-1 (1 references)
    target     prot opt source               destination         
    DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0           
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain DOCKER-ISOLATION-STAGE-2 (1 references)
    target     prot opt source               destination         
    DROP       all  --  0.0.0.0/0            0.0.0.0/0           
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    
    Chain DOCKER-USER (1 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0  

    NAT表

    root@fudonghai:~# iptables -t nat -L -n
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
    
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL
    
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination         
    MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           #做了一个地址转换
    
    Chain DOCKER (2 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

    进入容器看看能不能上网

    root@fudonghai:~# ./in.sh mynginx
    root@c5a247c65e97:/# ping www.baidu.com
    bash: ping: command not found

    然后发现ping也没有,抓狂,安装后测试可以上网

    root@c5a247c65e97:/# apt-get install iputils-ping
    root@c5a247c65e97:/# ping baidu.com
    PING baidu.com (39.156.69.79) 56(84) bytes of data.
    64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=46 time=4.40 ms

    下面这个是管ifconfig的

    apt-get install net-tools

    下面这个管ip

    apt-get install iproute2

    查看路由表

    root@c5a247c65e97:/# ip ro li
    default via 172.17.0.1 dev eth0 
    172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2 

    下面进行端口映射 -P,随机映射端口

    root@fudonghai:~# docker run -d -P --name mynginx1 nginx
    b43280a11ebb9cb4721c5e4d490960b144db66245ad03ca7399fbc6a2a5c0fec
    root@fudonghai:~# docker ps 
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
    b43280a11ebb        nginx               "nginx -g 'daemon of…"   7 seconds ago       Up 6 seconds        0.0.0.0:32768->80/tcp   mynginx1

    浏览器测试http://114.115.147.49:32768/ 没有问题

    使用-p,指定端口映射

    root@fudonghai:~# docker run -d -p 30000:80 --name mynginx2 nginx
    3be3207d7d5c986c72aa485dc04af5d92475ab445641a0fc783c51f3348c4808
    root@fudonghai:~# docker ps 
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
    3be3207d7d5c        nginx               "nginx -g 'daemon of…"   4 seconds ago       Up 4 seconds        0.0.0.0:30000->80/tcp   mynginx2

    删除容器后,使用ps -a就看不到了

    root@fudonghai:~# docker rm b43280a11ebb
    b43280a11ebb
    root@fudonghai:~# docker ps -a
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
    3be3207d7d5c        nginx               "nginx -g 'daemon of…"   14 minutes ago      Up 14 minutes       0.0.0.0:30000->80/tcp   mynginx2
    c5a247c65e97        nginx               "nginx -g 'daemon of…"   2 days ago          Up 2 days           80/tcp                  mynginx

    数据管理

    数据卷。绕过ufs,直接写在宿主机上

    注意,nginx镜像不支持下面这种数据卷 -v 操作,运行会没有反应

    root@fudonghai:~# docker run -it --name volume-test1 -v /data nginx

    更换ubuntu镜像试试,成功

    root@fudonghai:~# docker run -it --name volume-test1 -v /data ubuntu
    Unable to find image 'ubuntu:latest' locally
    开始下载镜像
    root@06ccca061b5e:/# ps -aux
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.1  0.0  18508  3404 pts/0    Ss   05:45   0:00 /bin/bash
    root        13  0.0  0.0  34400  2896 pts/0    R+   05:46   0:00 ps -aux
    root@06ccca061b5e:/# uname -a
    Linux 06ccca061b5e 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
    root@06ccca061b5e:/# cat /etc/issue
    Ubuntu 18.04.2 LTS 
     l

    在宿主机上使用查找挂载文件位置命令出错,可能是ubuntu问题,centos可能没问题

    root@fudonghai:/# docker inspect -f {{.volumes}} volume-test1
    
    Template parsing error: template: :1:2: executing "" at <.volumes>: map has no entry for key "volumes"

    解决方法:

    root@fudonghai:/#  docker inspect volume-test1 | grep Mounts -A 10
            "Mounts": [
                {
                    "Type": "volume",
                    "Name": "e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4",
                    "Source": "/var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data",
                    "Destination": "/data",
                    "Driver": "local",
                    "Mode": "",
                    "RW": true,
                    "Propagation": ""
                }

    就是宿主机上/var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data

    对应容器内 /data

    使用 echo 123 > test 测试成功

    指定宿主机目录,挂载到容器内:   -v 宿主机目录:容器内目录

    root@fudonghai:/# docker run -it --name volume-test2  -v /opt:/opt ubuntu
    root@80ea323125c5:/# ls 
    bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
    root@80ea323125c5:/# echo hello world! > /opt/hello
    root@80ea323125c5:/# cat /opt/hello 
    hello world!
    root@80ea323125c5:/# exit
    exit
    root@fudonghai:/# cat /opt/hello 
    hello world!

    数据卷容器,使用其他容器的数据卷,共享方式  --volumes-from 其他容器名

    root@fudonghai:/# docker run -it --name volume-test4 --volumes-from volume-test1 ubuntu

    新容器容器内的目录和 volume-test1相同,都是 /data

    宿主机的目录都是 /var/lib/docker/volumes/e30a2482f41058cd6ad46a2b2cdce64fcec2aa3e8f483543cbd7c30e057a5eb4/_data

    构建镜像

     先运行centos容器,然后进行nginx构建

    root@fudonghai:/# docker run --name nginx-man -it centos

    安装支持包

    yum install -y wget gcc gcc-c++ make openssl-devel

     如果在ubuntu下是

    apt-get update
    apt-get install wget gcc make g++
    apt-get install openssl libssl-dev
    apt-get install zlib1g zlib1g.dev

    下载nginx

    wget http://nginx.org/download/nginx-1.9.3.tar.gz
    wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz

    解压

    root@b69d51510091:/# mv *.gz /usr/local/src
    root@b69d51510091:/# cd /usr/local/src/
    root@b69d51510091:/usr/local/src# tar zxf pcre-8.38.tar.gz 
    root@b69d51510091:/usr/local/src# tar zxf nginx-1.9.3.tar.gz 
    root@b69d51510091:/usr/local/src# ls
    nginx-1.9.3  nginx-1.9.3.tar.gz  pcre-8.38  pcre-8.38.tar.gz

    新建www用户

    root@b69d51510091:/usr/local/src# useradd -s /sbin/nologin -M www

     配置并安装

    root@b69d51510091:/usr/local/src/nginx-1.9.3# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.38
    [root@99925ed2ce2c nginx-1.9.3]# make
    [root@99925ed2ce2c nginx-1.9.3]# make install

    nginx得放到前台来运行

    vi /usr/local/nginx/conf/nginx.conf
    daemon off;                  #在第一行加入

    在容器内配置启动nginx(后来证明不行,容器会退出)

    [root@99925ed2ce2c nginx-1.9.3]# vi /etc/rc.local
    /usr/local/nginx/sbin/nginx  #最后一行加入启动命令

    退出容器后,提交镜像

    root@fudonghai:/# docker commit -m "my nginx" 99925ed2ce2c fudonghai/my-nginx:v1

    镜像已经准备好,开始运行

    docker run -d -p 30001:80 fudonghai/my-nginx:v1

    运行后发现会退出,于是重新编辑,把新增的启动命令/usr/local/nginx/sbin/nginx删除掉

    root@fudonghai:/# docker run -it fudonghai/my-nginx:v1
    [root@f4fb55971ae6 /]# vi /etc/rc.local

    退出重新提交,注意使用新的容器ID

    [root@f4fb55971ae6 /]# exit
    exit
    root@fudonghai:/# docker ps -l
    CONTAINER ID        IMAGE                   COMMAND             CREATED             STATUS                      PORTS               NAMES
    f4fb55971ae6        fudonghai/my-nginx:v1   "/bin/bash"         45 seconds ago      Exited (0) 17 seconds ago                       priceless_hertz
    root@fudonghai:/# docker commit -m "v2" f4fb55971ae6 fudonghai/my-nginx:v2

    把启动命令加到命令行里面,重新运行

    root@fudonghai:/# docker run -d -p 30001:80 fudonghai/my-nginx:v2 /usr/local/nginx/sbin/nginx
    1def5a7d02ed582650cce692eb58c8c3d406f0821ac9af172f5e9e279cf0e884
    root@fudonghai:/# docker ps -l
    CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS              PORTS                   NAMES
    1def5a7d02ed        fudonghai/my-nginx:v2   "/usr/local/nginx/sb…"   8 seconds ago       Up 7 seconds        0.0.0.0:30001->80/tcp   adoring_chatelet

    浏览器测试正常

    使用DockerFile构建镜像

    文件包含四类信息:

    基础镜像信息

    维护者信息

    镜像操作指令

    容器启动时执行指令

    Dockerfile文件如下

    # This is My first Dockerfile
    # Version 1.0
    # Author: fu
    
    #Base Image
    FROM centos
    
    #MAINTAINER
    MAINTAINER fu
    
    #ADD
    ADD pcre-8.38.tar.gz /usr/local/src
    ADD nginx-1.9.3.tar.gz /usr/local/src
    
    #RUN
    RUN yum install -y wget gcc gcc-c++ make openssl-devel
    RUN useradd -s /sbin/nologin -M www
    
    #WORKDIR
    WORKDIR /usr/local/src/nginx-1.9.3
    RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.38 && make && make install
    RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf
    
    ENV PATH /usr/local/nginx/sbin:$PATH
    EXPOSE 80
    
    CMD ["nginx"]   #搭配ENV PATH 使用,只需要使用nginx命令

    步骤

    1,在/opt/docker-file/nginx 下面准备文件,Dockerfile文件在上面,两个gz文件需要下载

    root@fudonghai:/opt/docker-file/nginx# ls
    Dockerfile  nginx-1.9.3.tar.gz  pcre-8.38.tar.gz

    2,使用构建命令

    docker build -t nginx-file:v1 /opt/docker-file/nginx/

    3,查看构建的镜像

    root@fudonghai:/opt/docker-file/nginx# docker images
    REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
    nginx-file           v1                  54453e437d81        28 minutes ago      458MB

    4,运行镜像

    docker run -d -p 30002:80 nginx-file:v1

    Docker原理

    Docker资源隔离

    使用Linux 的LXC,具体是namespace功能。namespace分pid,net,ipc,mnt,uts,user,

    Docker资源限制

    使用 内核的cgroup进行资源限制。分CPU,内存,磁盘手动

    使用压力测试工具stress

    准备工作

    root@fudonghai:/opt/docker-file# mkdir stress
    root@fudonghai:/opt/docker-file# ls
    nginx  stress
    root@fudonghai:/opt/docker-file# cd stress/
    root@fudonghai:/opt/docker-file/stress# wget http://mirrors.aliyun.com/repo/epel-6.repo

    Dockerfile

    ROM centos
    ADD epel-6.repo /etc/yum.repos.d/
    RUN yum -y install stress && yum clean all
    ENTRYPOINT ["stress"]

    构建镜像

    docker build -t stress .

    如果宿主机有1核cpu,使用--cpu 1 参数运行,如果启动2个容器,则各占50%。如果宿主机有2核,指定--cpu 2,则运行一个容器会启动两个进程,每个独占1个核

    docker run -it --rm stress --cpu 1

    使用-c 指定权重,默认是1024,-c 512 是一半的权重

    docker run -it --rm -c 512 stress --cpu 1

    使用--cpuset-cpus=?,指定运行在那个cpu核上

    docker run -it --rm  --cpuset-cpus=0 stress --cpu 1

    内存资源的限制,指定了128M,使用到128M就会退出

    root@fudonghai:/opt/docker-file/stress# docker run  -it --rm -m 128m stress --vm 1 --vm-bytes 128m --vm-hang 0
    WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.
    stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd
    stress: FAIL: [1] (415) <-- worker 6 got signal 9
    stress: WARN: [1] (417) now reaping child worker processes
    stress: FAIL: [1] (421) kill error: No such process
    stress: FAIL: [1] (451) failed run completed in 0s

    网络模式

    默认使用桥接模式,主要依赖于iptables

    root@fudonghai:/opt/docker-file/stress# iptables -t nat -L -n
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
    
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL
    
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination         
    MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
    MASQUERADE  tcp  --  172.17.0.4           172.17.0.4           tcp dpt:80
    MASQUERADE  tcp  --  172.17.0.3           172.17.0.3           tcp dpt:80
    
    Chain DOCKER (2 references)
    target     prot opt source               destination         
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:30000 to:172.17.0.4:80
    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:30001 to:172.17.0.3:80

    host模式,容器和宿主机用同一个网络和端口

    DockerRegistry

     1,使用官方的http://dockerhub.com,需要注册一个用户名XXX,记住密码

    登录

    root@fudonghai:/opt/docker-file/stress# docker login
    Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.c
    Username: XXX
    Password: 

    推送之前先打一个tag

    root@fudonghai:/opt/docker-file/stress# docker tag nginx-file:v1 XXX/nginx-file:v1
    root@fudonghai:/opt/docker-file/stress# docker images
    REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
    nginx-file             v1                  54453e437d81        23 hours ago        458MB
    XXX/nginx-file         v1                  54453e437d81        23 hours ago        458MB

    推送

    root@fudonghai:/opt/docker-file/stress# docker push XXX/nginx-file:v1
    The push refers to repository [docker.io/XXX/nginx-file]
    44505ee7adb6: Pushed 
    3bb66e7316b0: Pushed 
    7a2f86e0f3b5: Pushed 
    895dd72590ac: Pushed 
    bca36cca1852: Pushed 
    e66e81338148: Pushed 
    d69483a6face: Pushed 
    v1: digest: sha256:0f26c5eacfe5b099b44841e490260d819c9168643fc75a60a4861896dd9e6bdd size: 1789

    登录https://cloud.docker.com/u/XXX/repository/list 可以查看上传完毕的镜像

    2,使用阿里云,也需要有阿里云帐号XXX@XXX.com

    登录
    docker login --username=XXX@XXX.com registry.cn-beijing.aliyuncs.com
    拉取
    docker pull registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号]
    打tag docker tag [ImageId] registry.cn-beijing.aliyuncs.com/空间名/hello:[镜像版本号]
    推送 docker push registry.cn
    -beijing.aliyuncs.com/空间名/hello:[镜像版本号]

    推送例子

    root@fudonghai:~# docker tag hello-world:latest registry.cn-beijing.aliyuncs.com/od/hello:v1
    root@fudonghai:~# docker images
    REPOSITORY                                  TAG                 IMAGE ID            CREATED             SIZE
    hello-world                                 latest              fce289e99eb9        7 months ago        1.84kB
    registry.cn-beijing.aliyuncs.com/od/hello   v1                  fce289e99eb9        7 months ago        1.84kB
    root@fudonghai:
    ~# docker push registry.cn-beijing.aliyuncs.com/od/hello:v1 The push refers to repository [registry.cn-beijing.aliyuncs.com/od/hello] af0b15c8625b: Pushed v1: digest: sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a size: 524

    强制删除所有镜像,慎用

    docker rmi -f $(docker images -q)
  • 相关阅读:
    正则表达式之断言
    认识CSS中标题引入icon图标
    认识CSS中字体图标
    认识CSS中精灵技术(sprite)和滑动门
    认识CSS中高级技巧之用户界面样式
    认识CSS中高级技巧之元素的显示与隐藏
    认识CSS中布局之文档流、浮动、定位以及叠放次序
    正则表达式之括号
    正则表达式之量词
    正则表达式之字符组
  • 原文地址:https://www.cnblogs.com/fudonghai/p/11288680.html
Copyright © 2020-2023  润新知