docker是一个开源的应用容器引擎,系统级的轻量虚拟化技术。
应用程序的自动化部署解决方案,能够迅速创建一个容器,并在容器上部署和运行应用程序,并通过配置文件可以轻松实现应用程序的自动化安装、部署和升级。
docker使用Go语言编写,用cgroup实现资源隔离,容器技术采用LXC,lxc是一种内核虚拟化技术,提供轻量级的虚拟化。lxc是linux内核一个特性,它允许进程或进程组运行在一块独立的空间,并能对其控制。并实现容器与宿主机资源共享。
相关组件及功能?
1.LXC,docker是lxc的管理器。提供一系列更强的功能,如可移植性(定义了标准,可以在任意主机运行)、自动化构建(dockerfile)、版本控制、镜像共享等。
2.cgroup,lxc是cgroup的管理工具。限制进程或进程组使用的系统资源管理。提供类似文件的接口,非常方便配置。
3.namespace,cgroup是namespace的用户空间的管理接口。并对进程或进程组之间隔离,如果net、mnt、pid、user等。
4.aufs(AnotherUnionFS),支持将不同目录挂载到同一个虚拟文件系统。docker容器分为只读的镜像层与上面可写层,AUFS实现在可写层上进行增量的修改(增量文件系统)。
docker目前支持的联合文件系统种类包括 AUFS、btrfs、vfs和DeviceMapper
5.chroot,使容器运行在指定的目录内。
组件之间关系?
cgroup是在底层实现资源管理,lxc在cgroup上封装了一层,docker又在lxc封装了一层。
工作方式?
当我们启动一个docker容器时,docker会加载只读镜像,并在其上添加一个读写层(将镜像目录复制一份到/var/lib/docker/aufs/mnt以ID为目录下,我们可以使用chroot进入此目录,与容器里面的目录一样)。如果运行中的容器修改现有的一个已经存在的文件,那该文件将会从读写层下面的只读层复制到读写层,该文件的只读版本仍然存在,只是已经被读写层中的该文件的副本所隐藏,当删除docker容器,并通过该镜像重新启动时,之前的更改将会丢失。
在docker中,只读层及在顶部的读写层的组合被称为Union File System,UFS(联合文件系统)
(1)下载安装
下载安装
~$sudo apt-get install docker.io
~$sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker
查看状态
~$sudo service docker status
docker start/running, process 17905
查看版本
~$sudo docker version
docker start/running, process 17905
~$ sudo docker version
Client version: 1.6.2
Client API version: 1.18
Go version (client): go1.2.1
Git commit (client): 7c8fca2
OS/Arch (client): linux/amd64
Server version: 1.6.2
Server API version: 1.18
Go version (server): go1.2.1
Git commit (server): 7c8fca2
OS/Arch (server): linux/amd64
查看信息
~$sudo docker -D info
Containers: 5
Images: 2
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 12
Dirperm1 Supported: false
Execution Driver: native-0.2
Kernel Version: 3.13.0-92-generic
Operating System: Ubuntu 14.04.3 LTS
CPUs: 4
Total Memory: 7.681 GiB
Name: vobile-B85M-D3V
ID: UBLC:EWSG:XV2E:5ILL:WDOY:PZTG:KGGO:O6GQ:ZBGJ:MFBO:UT4L:A5JH
Debug mode (server): false
Debug mode (client): true
Fds: 20
Goroutines: 22
System Time: Tue Aug 23 16:14:27 CST 2016
EventsListeners: 0
Init SHA1: 22082e594df367c79a11672c59a9d5da15851227
Init Path: /usr/lib/docker.io/dockerinit
Docker Root Dir: /var/lib/docker
WARNING: No swap limit support
补充:
安装最新版本deocker(添加源https://get.docker.io/ubuntu):
确认/usr/lib/apt/methods/https是否存在,如果不存在,则安装 apt-get install apt-transport-https
~$sudo apt-get install apt-transport-https
将Docker官方资料库的访问Key添加到你本地系统
~$sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.wfZ40rp7nH --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/sogou-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com
gpg: key A88D21E9: public key "Docker Release Tool (releasedocker) <docker@dotcloud.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
安装Lxc-docker包
~$sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
~$sudo apt-get update
安装最新版本的docker:
~$sudo apt-get install -y lxc-docker
ln -sf /usr/bin/docker /usr/local/bin/docker
~$sudo apt-get upgrade lxc-docker
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
lxc-docker is already the newest version.
(2)搜索/下载/安装images
查看images
~$sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
搜索images
~$sudo docker search debian
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
debian Debian is a Linux distribution that's comp... 1585 [OK]
neurodebian NeuroDebian provides neuroscience research... 27 [OK]
jesselang/debian-vagrant Stock Debian Images made Vagrant-friendly ... 8 [OK]
armbuild/debian ARMHF port of debian 8 [OK]
eboraas/debian Debian base images, for all currently-avai... 5 [OK]
mschuerig/debian-subsonic Subsonic 5.1 on Debian/wheezy. 4 [OK]
reinblau/debian Debian with usefully default packages for ... 2 [OK]
frekele/debian docker run --rm --name debian frekele/debian 2 [OK]
datenbetrieb/debian minor adaption of official upstream debian... 1 [OK]
maxexcloo/debian Docker base image built on Debian with Sup... 1 [OK]
servivum/debian Debian Docker Base Image with Useful Tools 1 [OK]
lucasbarros/debian Basic image based on Debian 1 [OK]
webhippie/debian Docker images for debian 1 [OK]
lephare/debian Base debian images 1 [OK]
eeacms/debian Docker image for Debian to be used with EE... 1 [OK]
icedream/debian-jenkinsslave Debian for Jenkins to be used as slaves. 0 [OK]
konstruktoid/debian Debian base image 0 [OK]
smartentry/debian Debian with smartentry 0 [OK]
fike/debian Debian Images with language locale installed. 0 [OK]
mariorez/debian Debian Containers for PHP Projects 0 [OK]
nimmis/debian This is different version of Debian with a... 0 [OK]
visono/debian Docker base image of debian 7 with tools i... 0 [OK]
ustclug/debian debian image for docker with rustic mirror 0 [OK]
pl31/debian Debian base image. 0 [OK]
gnumoksha/debian [PT-BR] Imagem básica do Debian com ajust... 0 [OK]
安装debian
~$sudo docker pull debian
...
查看images
~$sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
debian latest 04d4df406f8b 3 weeks ago 125.1 MB
删除images(docker rmi IMAGE_ID )
~$ sudo docker rmi 04d4df406f8b
Untagged: debian:latest
Deleted: 04d4df406f8b...
创建容器debian
~$sudo docker create debian
运行容器debian
~$sudo docker run -i -t -d debian /bin/bash
80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f
(关于run命令各项参数说明,请参考:http://www.cnblogs.com/vikings-blog/p/4238062.html)
查看后台运行容器
~$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
80742db56cbb debian:latest "/bin/bash" 21 minutes ago Up 21 minutes serene_shockley
查看容器日志(docker logs CONTAINER ID/NAMES)
~$sudo docker logs serene_shockley
或
~$sudo docker logs 80742db56cbb
返回容器(docker exec -i -t CONTAINER ID/NAMES )
~$sudo docker exec -i -t serene_shockley /bin/bash 或 ~$sudo docker exec -i -t 80742db56cbb /bin/bash
root@80742db56cbb:/#
root@80742db56cbb:/# exit
exit
停止容器而不将其删除
~$sudo docker stop NAME/ContainerID
重新启动容器:
~$sudo docker start NAME/ContainerID
删除容器,先停止它,然后用命令将其删除:
~$sudo docker rm NAME/ContainerID
删除后继续重启会报错:
Error response from daemon: no such id: 80742db56cbb
FATA[0000] Error: failed to start one or more containers
(4)文件双向拷贝
拷贝物理系统文件至容器
获取容器完整id(docker inspect -f '{{.Id}}' CONTAINER ID/NAMES)
~$sudo docker inspect -f '{{.Id}}' serene_shockley 或 ~$sudo docker inspect -f '{{.Id}}' 80742db56cbb
80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f
借助 /var/lib/docker/aufs/mnt/通道+CONTAINER ID容器完整 完成文件(be.log)拷贝至 容器的/root/ 目录下
~$sudo cp -r ./be.log /var/lib/docker/aufs/mnt/80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f/root/
拷贝容器文件至物理系统(docker cp CONTAINER ID/NAMES:/root/be.log /tmp/)
~$sudo docker cp 80742db56cbb:/root/be.log /tmp/ 或 ~$sudo docker cp serene_shockley:/root/be.log /tmp/
(5)安装软件
在docker中安装软件:
root@80742db56cbb:~# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package vim
执行update,同步 /etc/apt/sources.list 和 /etc/apt/sources.list.d 中列出的源的索引,这样才能获取到最新的软件包
root@80742db56cbb:~# apt-get update
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Ign http://httpredir.debian.org jessie InRelease
Get:2 http://httpredir.debian.org jessie-updates InRelease [142 kB]
Get:3 http://httpredir.debian.org jessie Release.gpg [2373 B]
Get:4 http://httpredir.debian.org jessie Release [148 kB]
Get:5 http://httpredir.debian.org jessie/main amd64 Packages [9032 kB]
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Get:6 http://httpredir.debian.org jessie-updates/main amd64 Packages [15.5 kB]
Get:7 http://security.debian.org jessie/updates/main amd64 Packages [385 kB]
Fetched 9788 kB in 1min 42s (95.4 kB/s)
Reading package lists... Done
再次安装vim
root@80742db56cbb:~# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
........
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/ex (ex) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in auto mode
Processing triggers for libc-bin (2.19-18+deb8u4) ...
(6)容器迁移
查看所有CONTAINER
~$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
086a7124db71 debian "/bin/bas" 18 hours ago Created dreamy_lumiere
80742db56cbb debian "/bin/bash" 18 hours ago Exited (0) About an hour ago serene_shockley
a7fc8d3d28d5 debian "/bin/bash" 18 hours ago Exited (0) 18 hours ago happy_yonath
7cc08a218270 debian "/bin/bash" 18 hours ago Exited (0) 18 hours ago drunk_fermat
acb345834663 debian "/bin/bash" 18 hours ago Created happy_mccarthy
选择CONTAINER,完成commit
~$ sudo docker commit acb345834663 mynewimage
0e7ebd3dd379ed8df8a22255d8a437342b218791f2d33072c9793aa48dc95a13
导出:保存CONTAINER为tar文件
~$ sudo docker save mynewimage > /tmp/mynewimage.tar
选择合适的方式scp/ftp/cp移动tar至目标docker中
导入:在目标机器的docker中执行load
~$ sudo docker load < /tmp/mynewimage.tar
检查:docker images 命令检查镜像现在是否可用。
~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
mynewimage latest 0e7ebd3dd379 3 minutes ago 125.1 MB
(6)网络设置
当docker启动时,它会在宿主机器上创建一个名为docker0的虚拟网络接口。它会从RFC 1918定义的私有地址中随机选择一个主机不用的地址和子网掩码,并将它分配给docker0。例如当我启动docker几分钟后它选择了172.17.42.1/16-一个16位的子网掩码为主机和它的容器提供了65,534个ip地址。但docker0并不是正常的网络接口。它只是一个在绑定到这上面的其他网卡间自动转发数据包的虚拟以太网桥。它可以使容器与主机相互通信。每次Docker创建一个容器,它就会创建一对对等接口(peer interface),类似于一个管子的两端-在这边可以收到另一边发送的数据包。Docker会将对等接口中的一个做为eth0接口连接到容器上,并使用类似于vethAQI2QT这样的惟一名称来持有另一个,该名称取决于主机的命名空间。通过将所有veth*接口绑定到docker0桥接网卡上,Docker在主机和所有Docker容器间创建一个共享的虚拟子网。
(详细介绍参考:http://www.oschina.net/translate/docker-network-configuration)
bridge模式是Docker默认的网络设置,此模式会为每一个容器分配Network Namespace、设置IP等,并将一个主机上的Docker容器连接到一个虚拟网桥上。
由于docker容器的IP地址每次启动都会变,最简单的当然是做宿主机的端口映射,前期尽可能的把需要映射的端口在创建容器时配置好,如下:
ssh 50022:22
tomcat/jetty 58080:8080
nginx/apache 50080:80
mysql 53306:3306
在创建容器的时候,指定参数:
eg:
docker run -h="debian" --name debian -itd -p 50022:22 -p 53306:3306 -p 58080:8080 -p 192.168.6.210:50080:80 debian /bin/bash