文章目錄
-
- 1. 重新開機docker服務,容器全部退出的解決辦法
- 2. Docker Machine安裝docker服務
- 3. Docker網絡類型(插件形式)
-
- 3.1 host(主機)
- 3.2 bridge(橋接式網絡)(預設)
- 3.3 Container(K8S會常用)
- 3.4 none (空)
- 4. Docker跨主機容器之間的通信macvlan
- 5. Dcoker跨主機容器通信之overlay
-
- 5.1 設定容器的主機名
-
- 5.1.2 建立overlay網絡
- 5.1.3 啟動容器測試
- 5.2 搭建zabbix監控測試環境
- 6. docker企業級鏡像倉庫harbor(vmware 中國團隊)
-
- 6.1 配置harbor詳細步驟
- 6.2 harbor配置https
- 6.3 自動化腳本
- 7. docker cadvisor監控
-
-
-
- `docker cadvisor監控 + influxdb + grafana`
- `docker zabbix監控 低級自動發現 自動建立監控項`
-
- 7.1 配置步驟
- 7.2 添加grafana監控容器
-
1. 重新開機docker服務,容器全部退出的解決辦法
方法一:docker run --restart=always
方法二:"live-restore": true
docker server配置檔案/etc/docker/daemon.json參考
{
"registry-mirrors": ["http://b7a9017d.m.daocloud.io"],
"insecure-registries":["10.0.0.11:5000"],
"live-restore": true
}
#harbor 企業級容器 docker-compose down
2. Docker Machine安裝docker服務
Docker Machine 二進制 10.0.0.11
10.0.0.12 免密碼登陸 從docker的官網下載下傳二進制的包,去安裝docker
10.0.0.13 免密碼登陸
ansible:
shell
3. Docker網絡類型(插件形式)
Docker:網絡模式詳解
Docker網絡模式測試
檢視容器的詳細資訊(可以檢視網絡類型Networks)
docker container inspect 容器ID
[[email protected] ~]# docker network ls
NAME DRIVER SCOPE
bridge bridge local
host host local
none null local
| None: | 不為容器配置任何網絡功能, | –net=none |
| Container: | 與另一個運作中的容器共享 | Network Namespace,–net=container:containerID(K8S) |
| Host: | 與主控端共享 | Network Namespace,–network=host 性能最高 |
| Bridge: | Docker設計的NAT網絡模型 預設類型 |
[[email protected] ~]# docker run --help|grep -i '\-n'
--name string Assign a name to the container
--network network Connect a container to a network
--network-alias list Add network-scoped alias for the
--no-healthcheck Disable any container-specified
3.1 host(主機)
與主控端共用一個網絡 --network=host
[[email protected] ~]# docker run --network=host -d centos6.9_nginx:v2
47fcdc6d02a2fcaf96f94c01dd8c4e30f8d18f4554ecd041a5b92291dee3e72e
[[email protected] ~]# docker inspect 47fcdc6d02a2 |grep -i network
"NetworkMode": "host",
"NetworkSettings": {
"Networks": {
"NetworkID": "5755f7d4fc1e6e3b78efa629294ddc7f86a93a7d7863e
[[email protected] /]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 :::5000 :::* LISTEN -
tcp 0 0 :::80 :::* LISTEN 1/nginx
tcp 0 0 :::22 :::* LISTEN -
udp 0 0 127.0.0.1:323 0.0.0.0:* -
udp 0 0 ::1:323 :::* -
雲計算day07-Docker容器
3.2 bridge(橋接式網絡)(預設)
啟動容器時,首先會在主機上建立一個docker0的虛拟網橋,相當于交換機,同時自動配置設定一對網卡裝置,一半在容器(eth0),一半在主控端,并且還關聯到了docker0,進而進行連接配接。 每建立一個容器啟動時自動配置設定位址以後會生成iptables規則,iptables -t nat -vnL 檢視postrouting ,從任何接口進來,隻要不從docker0跳出去,源位址任何網絡位址,無論到達任何主機,都要做位址僞裝,自動選擇主機實體源位址
雲計算day07-Docker容器
[[email protected] ~]# yum install bridge-utils -y
[[email protected] ~]# docker run --network=bridge -d centos6.9_nginx:v2
[[email protected] ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242dffbd98d no vetha7e18ee
[[email protected] ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242dffbd98d no veth4e42c2f
vetha30a6de
3.3 Container(K8S會常用)
與另一個運作得容器共用一個網絡Network Namespace --network=container:容器ID
預設先起一個容器:
docker run -d phpwind:v1
随便啟一個容器共用phpwind:v1的網絡
docker run -it --network container:2735c9b78546 nginx
這時nginx容器和phpwind的ip都是相同的 ,同樣誰先占用80端口就是誰的
##檢視網絡類型
docker inspect nginx容器ID |grep -i network
NetworkMode
3.4 none (空)
不為容器配置任何網絡功能 --network=none 不使用任何網絡類型
docker run --network=none -d phpwind:v1 /bin/bash
沒有網絡适合聯系使用,隻有基礎指令
4. Docker跨主機容器之間的通信macvlan
預設一個實體網卡,隻有一個實體mac位址,虛拟多個mac位址
##建立macvlan網絡
docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
##設定eth0的網卡為混雜模式
ip link set eth1 promisc on
##建立使用macvlan網絡的容器
docker run -it --network macvlan_1 --ip=10.0.0.200 busybox
作業1:docker跨主機容器間的通信flannel
[root@docker01 ~]# docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
e088d87e361f bridge bridge local
e7638e062d74 macvlan_1 macvlan local
[root@docker01 ~]# docker run -it --network macvlan_1 alpine:latest
/ #
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:01
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
[root@docker01 ~]# docker run -it --network macvlan_1 --ip 10.0.0.100 alpine:latest
/ #
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:64
inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0
[root@docker01 ~]# docker stats --no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
e1b597321916 laughing_nobel 0.00% 192KiB / 1.934GiB 0.01% 0B / 0B 0B / 0B 1
af48e50366d1 confident_hypatia 0.00% 188KiB / 1.934GiB 0.01% 0B / 0B 0B / 0B
5. Dcoker跨主機容器通信之overlay
準備 overlay 網絡實驗環境
docker_progrium_consul.tar.gz鏡像包下載下傳連結_提取碼: uk8p
5.1 設定容器的主機名
consul:kv類型的存儲資料庫(key:value)
docker01上:
[[email protected] ~]# wget http://192.168.37.202/linux59/docker_progrium_consul.tar.gz
[[email protected] ~]# docker load -i docker_progrium_consul.tar.gz
[[email protected] ~]# vim /etc/docker/daemon.json
{
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.11:8500",
"cluster-advertise": "10.0.0.11:2376"
}
[[email protected] ~]# vim /usr/lib/systemd/system/docker.service
...
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl restart docker
docker02上:
[[email protected] ~]# wget http://192.168.37.202/linux59/docker_progrium_consul.tar.gz
[[email protected] ~]# docker load -i docker_progrium_consul.tar.gz
[[email protected] ~]# vim /etc/docker/daemon.json
{
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.11:8500",
"cluster-advertise": "10.0.0.12:2376"
}
[[email protected] ~]# vim /usr/lib/systemd/system/docker.service
...
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock
docker01上建立容器:
浏覽器通路10.0.0.11:8500
雲計算day07-Docker容器
5.1.2 建立overlay網絡
[[email protected] ~]# docker network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1
[[email protected] ~]# docker network ls
b2de7ebcc1f6 ol1 overlay global
#docker02上檢視
[[email protected] ~]# docker network ls
b2de7ebcc1f6 ol1 overlay global
5.1.3 啟動容器測試
[[email protected] ~]# docker run -it --network ol1 --name test01 busybox:latest
[[email protected] ~]# docker run -it --network ol1 --name test02 busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:10:02:02
inet addr:172.16.2.2 Bcast:172.16.2.255 Mask:255.255.255.0
/ # ping 172.16.2.1
64 bytes from 172.16.2.1: seq=0 ttl=64 time=1.665 ms
64 bytes from 172.16.2.1: seq=1 ttl=64 time=0.399 ms
#每個容器有兩塊網卡,eth0實作容器間的通訊,eth1實作容器通路外網
5.2 搭建zabbix監控測試環境
docker01上:
# 添加--network ol1的網絡環境
上面已添加
docker run --name mysql-server -t --network ol1\
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-d mysql:5.7 \
--character-set-server=utf8 --collation-server=utf8_bin
docker run --name zabbix-java-gateway -t --network ol1\
-d zabbix/zabbix-java-gateway:latest
docker run --name zabbix-server-mysql -t --network ol1\
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
--link mysql-server:mysql \
--link zabbix-java-gateway:zabbix-java-gateway \
-p 10051:10051 \
-d zabbix/zabbix-server-mysql:latest
docker02上:
#上傳zabbix-web-nginx-mysql.tar.gz的鏡像并導入鏡像
[[email protected] ~]# ls zabbix-web-nginx-mysql.tar.gz
zabbix-web-nginx-mysql.tar.gz
[[email protected] ~]# docker load -i zabbix-web-nginx-mysql.tar.gz
#在docker02上添加zabbix-web-nginx-mysql容器
docker run --name zabbix-web-nginx-mysql -t --network ol1\
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
--link mysql-server:mysql \
--link zabbix-server-mysql:zabbix-server \
-p 80:80 \
-d zabbix/zabbix-web-nginx-mysql:latest
浏覽器通路10.0.0.12
雲計算day07-Docker容器 雲計算day07-Docker容器
6. docker企業級鏡像倉庫harbor(vmware 中國團隊)
部署,維護(處理故障),高可用,監控,優化,代碼更新
官方安裝文檔
6.1 配置harbor詳細步驟
在docker02上
#配置epel源下載下傳docker-compose
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y docker-compose
#上傳 harbor-offline-installer-v1.5.1.tgz 的包并解壓
[[email protected] opt]# ls harbor
common docker-compose.notary.yml ha install.sh NOTICE
docker-compose.clair.yml docker-compose.yml harbor.cfg LICENSE prepare
#修改配置檔案
[[email protected] harbor]# vim harbor.cfg
hostname = 10.0.0.12
harbor_admin_password = 123456
#把腳本中的這一行注釋掉,安裝就變快了
[[email protected] harbor]# vim install.sh
# docker load -i ./harbor*.tar.gz
#執行腳本安裝harbor
[[email protected] harbor]# docker-compose up -d
[[email protected] harbor]# ./install.sh
docker01上:
#修改daemon.json配置檔案,指定倉庫IP為10.0.0.12
[[email protected] ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["10.0.0.11:5000","10.0.0.12"],
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.11:8500",
"cluster-advertise": "10.0.0.11:2376"
}
#重新開機docker
[[email protected] ~]# systemctl restart docker
#上傳鏡像并下載下傳鏡像,要先登入10.0.0.12(admin 123456)
[[email protected] ~]# docker tag kod:v3 10.0.0.12/library/kod:v3
[[email protected] ~]# docker push 10.0.0.12/library/kod:v3
[[email protected] ~]# docker login 10.0.0.12
Username: admin
Password: <123456>
#上傳alpine的鏡像,并下載下傳測試
[[email protected] ~]# docker tag alpine:latest 10.0.0.12/library/alpine:latest
[[email protected] ~]# docker push 10.0.0.12/library/alpine:latest
雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器
下載下傳鏡像的方法
雲計算day07-Docker容器
6.2 harbor配置https
#上傳https證書檔案并解壓
[[email protected] opt]# ls blog.qstack.com.cn.zip
blog.qstack.com.cn.zip
[[email protected] opt]# mv blog.qstack.com.cn.zip certs/
[[email protected] opt]# cd certs/
[[email protected] opt]# unzip blog.qstack.com.cn.zip
#修改harbor配置檔案
[[email protected] harbor]# vim harbor.cfg
hostname = blog.blog.qstack.com.cn
ui_url_protocol = https
ssl_cert = /opt/certs/Nginx/1_blog.qstack.com.cn_bundle.crt
ssl_cert_key = /opt/certs/Nginx/2_blog.qstack.com.cn.key
#修改腳本檔案注釋這一行
[[email protected] harbor]# vim install.sh
# docker load -i ./harbor*.tar.gz
#執行腳本安裝harbor
[[email protected] harbor]# ./install.sh
雲計算day07-Docker容器
6.3 自動化腳本
[[email protected] ~]# vim /server/scripts/a.sh
#!/bin/bash
for i in `ls /opt/myregistry/docker/registry/v2/repositories/`
do
image=$i
echo 鏡像名稱:$image
for v in `ls /opt/myregistry/docker/registry/v2/repositories/nginx/_manifests/tags/`
do
docker pull 10.0.0.11:5000/$image:$v
docker tag 10.0.0.11:5000/$image:$v blog.qstack.com.cn/library/$image:$v
docker push blog.qstack.com.cn/library/$image:$v
done
echo "-------------------------------------"
done
#docker01上登入
[[email protected] ~]# docker login blog.qstack.com.cn
Username: admin
Password: <123456>
#執行腳本
[[email protected] ~]# sh /server/scripts/a.sh
鏡像名稱:alpine
latest: Pulling from alpine
Digest: sha256:d438c876bc7cbfe7732ca1c9a689cc3c24e15f2492ba6270d55f0a8984f96078
Status: Image is up to date for 10.0.0.11:5000/alpine:latest
10.0.0.11:5000/alpine:latest
The push refers to repository [blog.qstack.com.cn/library/alpine]
78cd8c87ab42: Pushed
60ab55d3379d: Pushed
latest: digest: sha256:d438c876bc7cbfe7732ca1c9a689cc3c24e15f2492ba6270d55f0a8984f96078 size: 735
-------------------------------------
鏡像名稱:nginx
latest: Pulling from nginx
Digest: sha256:204a9a8e65061b10b92ad361dd6f406248404fe60efd5d6a8f2595f18bb37aad
Status: Image is up to date for 10.0.0.11:5000/nginx:latest
10.0.0.11:5000/nginx:latest
The push refers to repository [blog.qstack.com.cn/library/nginx]
92b86b4e7957: Pushed
94ad191a291b: Pushed
8b15606a9e3e: Pushed
latest: digest: sha256:204a9a8e65061b10b92ad361dd6f406248404fe60efd5d6a8f2595f18bb37aad size: 948
-------------------------------------
鏡像名稱:test
Error response from daemon: manifest for 10.0.0.11:5000/test:latest not found: manifest unknown: manifest unknown
Error response from daemon: No such image: 10.0.0.11:5000/test:latest
The push refers to repository [blog.qstack.com.cn/library/test]
An image does not exist locally with the tag: blog.qstack.com.cn/library/test
-------------------------------------
雲計算day07-Docker容器
7. docker cadvisor監控
docker cadvisor監控 + influxdb + grafana
docker zabbix監控 低級自動發現 自動建立監控項
Influxdb參考部落格
#需要用到的指令
docker run -itd -p 8083:8083 -p 8086:8086 --name influxdb tutum/influxdb
docker run -itd --name cadvisor -p 8080:8080 --link influxdb:influxdb --mount type=bind,src=/,dst=/rootfs,ro --mount type=bind,src=/var/run,dst=/var/run --mount type=bind,src=/sys,dst=/sys,ro --mount type=bind,src=/var/lib/docker/,dst=/var/lib/docker,ro google/cadvisor -storage_driver=influxdb -storage_driver_db=cadvisor -storage_driver_user=root -storage_driver_password=root -storage_driver_host=influxdb:8086
docker run -itd --name grafana -p 3000:3000 grafana/grafana
cadvisor 采集
influxdb 存儲
grafana 展示,報警
7.1 配置步驟
docker監控鏡像的下載下傳連結_提取碼: 39fd
在docker02上
#上傳docker監控的鏡像,并導入docker中
[root@docker02 ~]# ls docker_monitor.tar.gz
docker_monitor.tar.gz
[root@docker02 ~]# docker load -i docker_monitor.tar.gz
#啟動資料庫—influxdb
#8083端口是web界面管理,8086端口是對外提供服務的
[root@docker02 ~]# docker run -itd -p 8083:8083 -p 8086:8086 --name influxdb tutum/influxdb
創庫授權雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器
再啟動一個容器
浏覽器通路10.0.0.12:8080雲計算day07-Docker容器 雲計算day07-Docker容器
7.2 添加grafana監控容器
docker run -itd --name grafana -p 3000:3000 grafana/grafana
浏覽器通路10.0.0.12:3000
雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器
官方下載下傳模闆_cadvisor
官方下載下傳模闆_InfluxDB Docker
導入模闆雲計算day07-Docker容器 雲計算day07-Docker容器 雲計算day07-Docker容器 另外一種雲計算day07-Docker容器 雲計算day07-Docker容器