网络运营

虚拟化小鲜肉Docker

1、Docker简介

docker通过内核虚拟化技术(namespace及cgroups等)来提供容器的资源隔离与安全保障等,由于docker通过操作系统层的虚拟化实现隔离,所以docker容器在运行时,不需要类似虚拟机额外的操作系统开销,提供资源利用率。

2、Docker vs kvm

3、Docker组件

镜像、容器、仓库

4、Docker安装

[root@tiejiang ~]#tee /etc/yum.repos.d/docker.repo <<-‘EOF’

[dockerrepo]

name=Docker Repository

baseurl=https://yum.dockerproject.org/repo/main/centos/7/

enabled=1

gpgcheck=1

gpgkey=https://yum.dockerproject.org/gpg

EOF

[root@tiejiang ~]# yum install docker-engine -y

5、Docker基础操作

[root@tiejiang ~]# systemctl enable docker.service

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

[root@tiejiang ~]# systemctl start docker.service

[root@tiejiang ~]#

[root@tiejiang ~]# docker pull centos  #拉取镜像

[root@tiejiang ~]# docker pull daocloud.io/library/nginx

有时候拉取速度很慢,采用国内源加速

[root@tiejiang ~]# vim /usr/lib/systemd/system/docker.service

增加下面这行

EnvironmentFile=/etc/sysconfig/docker

新建配置文件

[root@tiejiang ~]# vim /etc/sysconfig/docker

https://dashboard.daocloud.io/注册,然后点击加速器生成加速链接

OPTIONS=–registry-mirror=curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s

[root@tiejiang ~]# docker search nginx  #搜索镜像

[root@tiejiang ~]# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

centos              latest              0584b3d2cf6d        2 weeks ago         196.5 MB

导出镜像

[root@tiejiang ~]# docker save -o nginx.tar daocloud.io/library/nginx

[root@tiejiang ~]# docker save -o cnetos.tar centos

导入镜像

[root@tiejiang ~]# docker load –input cnetos.tar 或者 [root@docker ~]# docker load < cnetos.tar

删除镜像

[root@tiejiang ~]# docker rmi 0584b3d2cf6d (镜像ID)

[root@tiejiang ~]# docker run centos /bin/echo “Hello world”

Hello world

[root@docker ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES5e381e68a385        centos              “/bin/echo ‘Hello wor”   6 seconds ago       Exited (0) 5 seconds ago                       clever_lamarr

[root@docker ~]# docker run –name mydocker -t -i centos /bin/bash

[root@1a67f4c92b6e /]#

[root@1a67f4c92b6e /]# ps -ef

UID         PID   PPID  C STIME TTY          TIME CMD

root          1      0  0 18:56 ?        00:00:00 /bin/bash

root         14      1  0 18:56 ?        00:00:00 ps -ef

[root@1a67f4c92b6e /]# exitexit

[root@tiejiang ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES1a67f4c92b6e        centos              “/bin/bash”              12 minutes ago      Exited (0) 6 seconds ago                        mydocker5e381e68a385        centos              “/bin/echo ‘Hello wor”   16 minutes ago      Exited (0) 16 minutes ago                       clever_lamarr

[root@tiejiang ~]# docker run –name docker-demo -d centos /bin/bash    -d代表放入后台执行6c5a777467b9552714f9cd3322e677750e2b8b5b0bd2d81e79094ad560828a5e

[root@tiejiang ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES6c5a777467b9        centos              “/bin/bash”              11 seconds ago      Exited (0) 11 seconds ago                       docker-demo1a67f4c92b6e        centos              “/bin/bash”              17 minutes ago      Exited (0) 4 minutes ago                        mydocker5e381e68a385        centos              “/bin/echo ‘Hello wor”   21 minutes ago      Exited (0) 21 minutes ago                       clever_lamarr

[root@tiejiang ~]# docker stop mydocker    停止容器

[root@tiejiang ~]# docker start 1a67f4c92b6e   启动容器

[root@tiejiang ~]# docker run -d –name mynginx daocloud.io/library/nginx225a9b0459630c62dcf2199d6244b16a74ad9412471abf0be03755768df3ae63

[root@tiejiang ~]#

[root@tiejiang ~]# docker ps

CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS               NAMES225a9b045963        daocloud.io/library/nginx   “nginx -g ‘daemon off”   6 seconds ago

Up 5 seconds        80/tcp, 443/tcp     mynginx

进入容器

[root@tiejiang ~]# cat docker_in.sh

#!/bin/bash

docker_in(){

NAME_ID=$1

PID=$(docker inspect –format “{{ .State.Pid }}” $NAME_ID)

nsenter -t $PID -m -u -i -n -p

}

docker_in $1

6、docker网络

root@tiejiang ~]# docker run -d -P –name nginx-test1 daocloud.io/library/nginx9b1d36d40127fe2c84bbe7750802e435a817a15b4159b24fc49bfb1107a2cb74

[root@tiejiang ~]# docker ps -l

CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS                                           NAMES9b1d36d40127        daocloud.io/library/nginx   “nginx -g ‘daemon off”   2 minutes ago       Up 2 minutes        0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp   nginx-test1

[root@tiejiang ~]# netstat -lntup|grep 32768

tcp6       0      0 :::32768                :::*                    LISTEN      11213/docker-proxy

[root@tiejiang ~]# curl -I http://172.16.80.132:32769

HTTP/1.1 200 OKServer: nginx/1.11.5Date: Thu, 24 Nov 2016 05:58:47 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Tue, 11 Oct 2016 15:03:01 GMTConnection: keep-aliveETag: “57fcff25-264”

转换前

[root@tiejiang ~]# iptables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

ACCEPT     icmp —  0.0.0.0/0            0.0.0.0/0

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0

ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

REJECT     all  —  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

DOCKER-ISOLATION  all  —  0.0.0.0/0            0.0.0.0/0

DOCKER     all  —  0.0.0.0/0            0.0.0.0/0

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0

REJECT     all  —  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

 

Chain DOCKER (1 references)

target     prot opt source               destination

 

Chain DOCKER-ISOLATION (1 references)

target     prot opt source               destination

RETURN     all  —  0.0.0.0/0            0.0.0.0/0

转换后

[root@tiejiang ~]# docker run -d -P –name nginx-test1 daocloud.io/library/nginx42783cf5053639383004f82b9e72fe0223c7c028d2754b2d0f74429824715f05

[root@tiejiang ~]# docker ps -l

CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS                                           NAMES42783cf50536        daocloud.io/library/nginx   “nginx -g ‘daemon off”   9 seconds ago       Up 7 seconds        0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp   nginx-test1

[root@tiejiang ~]# iptables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

ACCEPT     icmp —  0.0.0.0/0            0.0.0.0/0

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0

ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

REJECT     all  —  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

DOCKER-ISOLATION  all  —  0.0.0.0/0            0.0.0.0/0

DOCKER     all  —  0.0.0.0/0            0.0.0.0/0

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0

ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0

REJECT     all  —  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

Chain DOCKER (1 references)

target     prot opt source               destination

ACCEPT     tcp  —  0.0.0.0/0            172.17.0.2           tcp dpt:443

ACCEPT     tcp  —  0.0.0.0/0            172.17.0.2           tcp dpt:80

Chain DOCKER-ISOLATION (1 references)

target     prot opt source               destination

RETURN     all  —  0.0.0.0/0            0.0.0.0/0

[root@tiejiang ~]# sh docker_in.sh nginx-test1

root@42783cf50536:/#

root@42783cf50536:/#

root@42783cf50536:/# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default

link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff

inet 172.17.0.2/16 scope global eth0

valid_lft forever preferred_lft forever

inet6 fe80::42:acff:fe11:2/64 scope link

valid_lft forever preferred_lft forever

7、Docker数据存储

[root@tiejiang ~]# docker run -d –name nginx-volume-test1 -v /data daocloud.io/library/nginx88b24d79a4f3b021325592ceac20e86291166d675b213d60db017548c4d9d960

[root@tiejiang ~]# sh docker_in.sh nginx-volume-test1

root@88b24d79a4f3:/# cd /data/

root@88b24d79a4f3:/data# ls

root@88b24d79a4f3:/data# touch hehe

root@88b24d79a4f3:/data# ls -l

total 0

-rw-r–r– 1 root root 0 Nov 24 06:30 hehe

[root@tiejiang ~]# cd /var/lib/docker/

[root@tiejiang docker]# ll

total 32

drwx—— 6 root root 4096 Nov 24 14:28 containers

drwx—— 5 root root 4096 Nov 24 02:05 devicemapper

drwx—— 3 root root 4096 Nov 24 01:20 image

drwxr-x— 3 root root 4096 Nov 24 01:20 network

drwx—— 2 root root 4096 Nov 24 01:20 swarm

drwx—— 2 root root 4096 Nov 24 10:09 tmp

drwx—— 2 root root 4096 Nov 24 01:20 trust

drwx—— 3 root root 4096 Nov 24 14:28 volumes

[root@tiejiang docker]# cd volumes/

[root@tiejiang volumes]# ls4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60  metadata.db

[root@tiejiang volumes]# cd 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60/

[root@tiejiang 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# ls

_data

[root@tiejiang 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# cd _data/    容器内的文件实际在物理机上面的的保存目录

[root@tiejiang _data]# ls

hehe

[root@tiejiang ~]# docker run -d –name nginx-volume-test2 -v /data/mysql:/mysql daocloud.io/library/nginx

f7278ce9bd88c26a0c5aaefcb2b39f1f9df0066bc94edb7a530213815e166f5e

#-v /data/mysql:/mysql  表示把物理机的/data/mysql目录挂载到容器内的/mysql目录下面

[root@tiejiang ~]# docker run -d –name nginx-volumes -v /data/mysql:/mysql daocloud.io/library/nginx28c616e44352fc4eafeb2f87dbbb7b6eb9df447235afe027034efa96df1c5071

[root@tiejiang ~]#

[root@tiejiang ~]# docker run -d –name web-node1 –volumes-from nginx-volumes daocloud.io/library/nginx

0f022ce56e8b800cb1a4ac76bb8a326d42e198093146e8661ad3ac8925ad317d

[root@tiejiang ~]#

[root@tiejiang ~]# docker run -d –name web-node2 –volumes-from nginx-volumes daocloud.io/library/nginx03d5e88c15f6604eeee2b8af500b8f356ba69adc34710f3c19b813530f19dc3d

Be the First to comment.

Leave a Comment

电子邮件地址不会被公开。 必填项已用*标注

69 views