标题
狂神Docker基础、进阶笔记,为k8s的学习预预热
笔记来源于视频:
狂神docker基础篇
狂神docker进阶篇
笔记中图片有些取自于:这位博主的两篇docker笔记中的一些图片
百度云笔记工具包自取地址:
链接:https://pan.baidu.com/s/1VaXaj6DZoDLG0VmDdyTFWQ
提取码:03g5
笔记和工具都是我自己去记的和找的,只有不断去学习分享才会更强大,有什么错漏的敌方欢迎指出,不要忘了给文章点个赞。
实战全部实践测试!!
了解阿里云
阿里云,阿里巴巴集团旗下云计算品牌,全球卓越的云计算技术和服务提供商。创立于2009年,在杭州、北京、硅谷等地设有研发中心和运营机构。
阿里云创立于2009年,是全球领先的云计算及人工智能科技公司,致力于以在线公共服务的方式,提供安全、可靠的计算和数据处理能力,让计算和人工智能成为普惠科技。阿里云服务着制造、金融、政务、交通、医疗、电信、能源等众多领域的领军企业,包括中国联通、12306、中石化、中石油、飞利浦、华大基因等大型企业客户,以及微博、知乎、锤子科技等明星互联网公司。在天猫双11全球狂欢节、12306春运购票等极富挑战的应用场景中,阿里云保持着良好的运行纪录 。
阿里云在全球各地部署高效节能的绿色数据中心,利用清洁计算为万物互联的新世界提供源源不断的能源动力,目前开服的区域包括中国(华北、华东、华南、香港)、新加坡、美国(美东、美西)、欧洲、中东、澳大利亚、日本。
2014年,阿里云曾帮助用户抵御全球互联网史上最大的DDoS攻击,峰值流量达到每秒453.8Gb 。在Sort Benchmark 2016 排序竞赛 CloudSort项目中,阿里云以1.44 / T B 的 排 序 花 费 打 破 了 A W S 保 持 的 4.51 /TB的排序花费打破了AWS保持的4.51 /TB的排序花费打破了AWS保持的4.51/TB纪录 [3] 。在Sort Benchmark 2015,阿里云利用自研的分布式计算平台ODPS,377秒完成100TB数据排序,刷新了Apache Spark 1406秒的世界纪录 。
2019年3月3日凌晨,阿里云深夜出现故障,阿里云官方回复,华北2地域可用区C部分ECS服务器等实例出现IO HANG [4] 持续了三个小时左右, [5] 经紧急排查处理后逐步恢复。 2019年6月11日,阿里云入选“2019福布斯中国最具创新力企业榜”。
阿里云注册
阿里云注册十分简单,可以用支付宝和手机号进行注册。
官方地址:https://www.aliyun.com/?utm_content=se_1003105888
按照提示步骤进行注册即可。
Docker学习
Docker概述
Docker为什么会出现
一款产品:开发——上线 两套环境,应用环境,应用配置。
开发——运维。问题:我在我的电脑上可以运行。版本更新,导致服务不可用!对运维来说,考验就特别大。
环境配置是十分麻烦的事情,没一个机器都要部署环境(集群Redis、es、Hadoop……)费时费力。
发布一个项目(jar+(Redis MySQL jdk es Hadoop)),项目能不能都带上环境安装打包?
之前在一个服务器配置一个应用的环境Redis、MySQL、jdk、es、Hadoop,配置会很阿发,不能够跨平台。
Windows,最后发布到Linux!
传统:开发jar,运维来做。
现在:开发打包部署上线,一套流程走完。
java——apk——发布(应用商店)——张三使用APP——安装即可用
java——jar(环境)——打包项目带上环境(镜像)——(docker仓库:商店)——下载我们发布的镜像——直接运行即可
docker的出现给以上的问题,提出了解决方案。
docker的思想来源于集装箱!
JRE——多个应用(端口冲突)——原来都是交叉的
隔离:docker核心思想!打包装箱,每个箱子是互相隔离的。
docker通过隔离机制,可以将服务器利用到极致。
本质:所有的技术都是因为出现了一些问题,需要我们去解决,才去学习。
Docker的历史
2010年,几个搞IT的年轻人,在美国成立了一家公司 DotCloud
做一些pass的云计算服务,LXC有关的容器技术。
他们将自己的技术(容器化技术)命名就是docker!
docker刚刚诞生的时候,没有引起行业的注意。DotCloud,就活不下去。
最后只能将docker开源。
2013年docker开源。
docker开源后让越来越多的人发现了docker的优点,docker就火了,此后docker每个月都会更新一个版本。
2014年4月9号,docker1.0发布。
docker为什么这么火,因为它十分的轻巧。
在容器技术出来之前,我们都是使用虚拟化技术!
虚拟机:在Windows中装一个VMware,通过这个软件我们可以虚拟出一台或多台电脑,比较笨重。
虚拟机也是属于虚拟化技术,docker容器技术,也是一种虚拟化技术。
vm : liunx centos原生镜像(一个电脑!) 隔离,需要开启多个虚拟机! 几个G 几分钟
docker:隔离 镜像(最核心的环境 4M + jdk + mysql)十分的轻巧,运行镜像就可以了!小巧,几个M、KB 秒级启动
到现在,docker是一项有必要去掌握的技能。
聊聊Docker
docker是基于go语言开发的开源项目。
官网地址:https://www.docker.com
文档地址:https://docs.docker.com
仓库地址:https://hub.docker.com
Docker 能干嘛
之前的虚拟技术
虚拟机技术缺点:
1、 资源占用十分多
2、 冗余步骤多
3、 启动很慢!
容器化技术
容器化技术不是模拟一个完整的操作系统
比较Docker和虚拟机技术的不同:
传统虚拟机,虚拟出一条硬件,运行一个完整的操作系统,然后在这个系统上安装和运行软件
容器内的应用直接运行在宿主机的内容,容器是没有自己的内核的,也没有虚拟我们的硬件,所以就轻便了
每个容器间是互相隔离,每个容器内都有一个属于自己的文件系统,互不影响
DevOps(开发、运维)
应用更快速的交付和部署
传统:一堆帮助文档,安装程序
Docker:打包镜像发布测试,一键运行
更便捷的升级和扩缩容
使用了docker之后,我们部署应用就和搭积木一样。
项目打包为一个镜像之后,拓展服务器A,服务器B
更简单的系统运维
在容器化之后,我们开发,测试环境都是高度一致的
更高效的计算资源利用:
Docker是内核级别的虚拟化,可以在一个物理机上运行很多的容器实例。服务器的性能可以被压榨到极致。
Docker安装
Docker的基本组成
镜像(image):
docker镜像就好比是一个目标,可以通过这个目标来创建容器服务,tomcat镜像==>run==>容器(提供服务器),通过这个镜像可以创建多个容器(最终服务运行或者项目运行就是在容器中的)。
容器(container):
Docker利用容器技术,独立运行一个或者一组应用,通过镜像来创建的.
启动,停止,删除,基本命令
目前就可以把这个容器理解为就是一个简易的 Linux系统。
仓库(repository):
仓库就是存放镜像的地方!
仓库分为公有仓库和私有仓库。(很类似git)
Docker Hub是国外的。
阿里云…都有容器服务器(配置镜像加速!)
安装Docker
环境准备
1、需要一点liunx基础
2、centos 7
3、我们使用Xshell连接远程服务器进行操作!(其它的工具也行)
https://www.netsarang.com/en/free-for-home-school/ 申请免费Xshell网址。
4、阿里云服务器
阿里云优惠购买地址:https://www.aliyun.com/minisite/goods?userCode=0phtycgr
购买之后需要创建安全组开放端口入口
刚创建的只默认三个端口。
我们可以开放一些常用的端口。
接着要修改实例名称和密码,重启系统,就可以了。
接着用Xshell远程阿里云服务器就可以了。
#系统内核是3.10以上的
[[email protected] /]# uname -r
3.10.0-1062.18.1.el7.x86_64
#系统版本
[[email protected] /]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
docker 官方文档CentOS平台安装指南
#开始安装
#在官方文档查看安装流程
yum -y install gcc
#1、卸载旧的版本
[[email protected] /]# yum remove docker \
> docker-client \
> docker-client-latest \
> docker-common \
> docker-latest \
> docker-latest-logrotate \
> docker-logrotate \
> docker-engine
Loaded plugins: fastestmirror
No Match for argument: docker
No Match for argument: docker-client
No Match for argument: docker-client-latest
No Match for argument: docker-common
No Match for argument: docker-latest
No Match for argument: docker-latest-logrotate
No Match for argument: docker-logrotate
No Match for argument: docker-engine
No Packages marked for removal
#卸载完毕
#2、安装安装包
[[email protected] /]# yum install -y yum-utils
#3、设置镜像的仓库
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
#官方文档默认是从国外的,不推荐
#推荐使用国内的,这个是阿里云的,十分的快。
[[email protected] /]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
#4、更新yum的索引
[[email protected] /]# yum makecache fast
#5、安装docker
docker-ce 社区版 docker-ee 企业版
[[email protected] /]# yum install docker-ce docker-ce-cli containerd.io
#6、启动docker
[[email protected] /]# systemctl start docker
#7、查看版本 helloword测试是否成功
[[email protected] /]# docker version
Client: Docker Engine - Community
Version: 20.10.5
API version: 1.41
Go version: go1.13.15
Git commit: 55c4c88
Built: Tue Mar 2 20:33:55 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.5
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 363e9a8#8、测试Holleword
Built: Tue Mar 2 20:32:17 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
#8、测试Holle—word
[[email protected] /]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:89b647c604b2a436fc3aa56ab1ec515c26b085ac0c15b0d105bc475be15738fb
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[[email protected] /]# docker run hello-world
Hello from Docker!#出现这句话表示成功了
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
#9、查看刚刚下载的holle-word镜像
[[email protected] /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 4 days ago 13.3kB
#10、卸载docker
#第一步卸载Docker Engine,CLI和Containerd软件包:
sudo yum remove docker-ce docker-ce-cli containerd.io
#第二步主机上的映像,容器,卷或自定义配置文件不会自动删除。要删除所有图像,容器和卷:
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
阿里云镜像加速
登录阿里云,找到这个菜单。
点击镜像加速器,选择centOS系统 cope 代码运行
mkdir -p /etc/docker#创建目录
#添加修改配置
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://2m22qn0c.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload#关闭
systemctl restart docker#重启
#加速就配置好了
回顾HelloWorld流程
Docker run 流程图
底层原理
Docker是怎么工作的?
Docker是一个Client-Server结构的系统,Docker的守护进程运行在主机上。通过Socket从客户端访问!
Docker-Server接收到Docker-Client的指令,就会执行这个命令!
docker为什么比VM快
1、docker有着比虚拟机更少的抽象层。由于docker不需要Hypervisor实现硬件资源虚拟化,运行在docker容器上的程序直接使用的都是实际物理机的硬件资源。因此在CPU、内存利用率上docker将会在效率上有明显优势。
2、docker利用的是宿主机的内核,而不需要Guest OS。
GuestOS: VM(虚拟机)里的的系统(OS)
HostOS:物理机里的系统(OS)
因此,当新建一个 容器时,docker不需要和虚拟机一样重新加载一个操作系统内核。仍而避免引导、加载操作系统内核这个比较费时费资源的过程,当新建一个虚拟机时,虚拟机软件需要加载GuestOS,这个新建过程是分钟级别的。而docker由于直接利用宿主机的操作系统,则省略了这个复杂的过程,因此新建一个docker容器只需要几秒钟。
之后学习完所有的命令再回过头来看这段理论,就会很清晰。
Docker命令
基本命令
命令帮助文档地址:https://docs.docker.com/reference/
docker version #查看docker的版本信息
docker info #显示docker的系统信息,包括镜像和容器的数量
docker 命令 ——help #帮助命令
镜像命令
[[email protected] /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 4 days ago 13.3kB
#镜像的仓库源 镜像的标签 镜像的ID 镜像创建的时间 镜像的大
小
#可选项(常用)
-a, --all # 列出所有镜像
-q, --quiet # 只显示镜像的ID
#搜索命令 search
[[email protected] /]# docker search mysql
#可选项
[[email protected] /]# docker search --help
Usage: docker search [OPTIONS] TERM
Search the Docker Hub for images
Options:
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print search using a Go template
--limit int Max number of search results (default 25)
--no-trunc Don't truncate output
# --filter 只搜索stars大于500以上的
[[email protected] /]# docker search mysql --filter=STARS=500
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 10593 [OK]
mariadb MariaDB Server is a high performing open sou… 3968 [OK]
mysql/mysql-server Optimized MySQL Server Docker images. Create… 778 [OK]
percona Percona Server is a fork of the MySQL relati… 528 [OK]
#下载镜像 docker pull 镜像名[:tag],tag是docker-hub 商店里面应用存在的版本号,商店中没有的版本无法下载
[[email protected] /]# docekr pull mysql
-bash: docekr: command not found
[[email protected] /]# docker pull mysql
Using default tag: latest #不写tag,默认就是latest
latest: Pulling from library/mysql
a076a628af6f: Pull complete #分层下载,docker images 核心 联合文件系统
f6c208f3f991: Pull complete
88a9455a9165: Pull complete
406c9b8427c6: Pull complete
7c88599c0b25: Pull complete
25b5c6debdaf: Pull complete
43a5816f1617: Pull complete
1a8c919e89bf: Pull complete
9f3cf4bd1a07: Pull complete
80539cea118d: Pull complete
201b3cad54ce: Pull complete
944ba37e1c06: Pull complete
Digest: sha256:feada149cb8ff54eade1336da7c1d080c4a1c7ed82b5e320efb5beebed85ae8c # 签名
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest #真实地址
#指定版本下载
[[email protected] /]# docker pull mysql:5.7
5.7: Pulling from library/mysql
a076a628af6f: Already exists #文件共用,已存在已下载的文件不再重复下载,极大地节省内存
f6c208f3f991: Already exists
88a9455a9165: Already exists
406c9b8427c6: Already exists
7c88599c0b25: Already exists
25b5c6debdaf: Already exists
43a5816f1617: Already exists
1831ac1245f4: Pull complete
37677b8c1f79: Pull complete
27e4ac3b0f6e: Pull complete
7227baa8c445: Pull complete
Digest: sha256:b3d1eff023f698cd433695c9506171f0d08a8f92a0c8063c1a4d9db9a55808df
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7
[[email protected] /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 4 days ago 13.3kB
mysql 5.7 a70d36bc331a 7 weeks ago 449MB
mysql latest c8562eaf9d81 7 weeks ago 546MB
# 删除指定镜像
[[email protected] /]# docker rmi -f a70d36bc331a
Untagged: mysql:5.7
Untagged: [email protected]:b3d1eff023f698cd433695c9506171f0d08a8f92a0c8063c1a4d9db9a55808df
Deleted: sha256:a70d36bc331a13d297f882d3d63137d24b804f29fa67158c40ad91d5050c39c5
Deleted: sha256:50c77bf7bcddd1f1d97789d80ac2404eec22c860c104e858620d2a2e321f0ef7
Deleted: sha256:14244329b83dfc8982398ee4104a548385652d2bffb957798ff86a419013efd6
Deleted: sha256:6d990477f90af28473eb601a9bca22253f6381e053c5a8edda0a4f027e124a3c
Deleted: sha256:ee0449796df204071589162fc16f8d65586312a40c68d1ba156c93c56f5e5ce8
#[[email protected] /]# docker rmi -f 镜像id1 镜像id2 镜像id3
#删除全部镜像
[[email protected] /]# docker rmi -f $(docker images -aq)
Untagged: hello-world:latest
Untagged: [email protected]:89b647c604b2a436fc3aa56ab1ec515c26b085ac0c15b0d105bc475be15738fb
Deleted: sha256:d1165f2212346b2bab48cb01c1e39ee8ad1be46b87873d9ca7a4e434980a7726
Untagged: mysql:latest
Untagged: [email protected]:feada149cb8ff54eade1336da7c1d080c4a1c7ed82b5e320efb5beebed85ae8c
Deleted: sha256:c8562eaf9d81c779cbfc318d6e01b8e6f86907f1d41233268a2ed83b2f34e748
Deleted: sha256:1b649b85960473808c6b812fc30c3f6a3ff1c0ffdcba5c9435daf01cf7d5373a
Deleted: sha256:19cc889447050c16c797fd209fa114ee219de23facb37c00d4137a4ed4aad922
Deleted: sha256:3c793c06a026d276cf56a6a6a75527026ed9eafa7a7d21a438f7d5ed2314148e
Deleted: sha256:1e1cd89a2bc183a7fea3dab0b543e9924278321ad0921c22cc088adbf3c2e77b
Deleted: sha256:83b2015dfd000588c7c947b2d89b3be7a8e5a3abc6ab562668c358033aa779ec
Deleted: sha256:d08533f1e2acc40ad561a46fc6a76b54c739e6b24f077c183c5709e0a6885312
Deleted: sha256:4f9d91a4728e833d1062fb65a792f06e22e425f63824f260c8b5a64b776ddc38
Deleted: sha256:20bf4c759d1b0d0e6286d2145453af4e0e1b7ba3d4efa3b8bce46817ad4109de
Deleted: sha256:a9371bbdf16ac95cc72555c6ad42f79b9f03a82d964fe89d52bdc5f335a5f42a
Deleted: sha256:5b02130e449d94f51e8ff6e5f7d24802246198749ed9eb064631e63833cd8f1d
Deleted: sha256:ab74465b38bc1acb16c23091df32c5b7033ed55783386cb57acae8efff9f4b37
Deleted: sha256:cb42413394c4059335228c137fe884ff3ab8946a014014309676c25e3ac86864
#查询全部都已经删除完毕
[[email protected] /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
容器命令
说明:我们有了镜像才可以创建容器,liunx,下载一个centos镜像来测试学习
#之间讲过的 直接 pull就行了
[[email protected] /]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
7a0437f04f83: Pull complete
Digest: sha256:5528e8b1b1719d34604c87e11dcd1c0a20bedf46e83b5632cdeac91b8c04efc1
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
新建容器并启动
docker run [可选参数]
#参数说明 基本常用 全部请查看 --help或者官方文档
--name=“name” 容器名字 MySQL01 MySQL02,用来区分容器
-d 后台方式运行
-it 使用交互方式运行,进入容器进行查看内容
-P 指定容器的端口 -P 8080:8080
-P ip:主机端口:容器端口
-P 主机端口:容器端口(常用)
-P 容器端口
直接指定容器端口也行
-p 随机指定端口
# 测试启动并进入容器
[[email protected] /]# docker run -it centos /bin/bash
[[email protected] /]# ls
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
#退出容器
[[email protected] /]# exit
exit
#查看容器内的centos,基础版本,很多命令没有完善。
[[email protected] /]# ls
bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
列出所有运行的容器
# docker ps 命令
# 列出当前正在运行的容器
-a # 列出当前正在运行的容器+带出历史运行过的容器
-n=? #显示最近创建的容器,?表示显示的数量。
-q #显示容器编号
[[email protected] /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[[email protected] /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
eafb3befb9a5 centos "/bin/bash" 3 minutes ago Exited (0) 2 minutes ago kind_sanderson
bb9ddcf15a43 d1165f221234 "/hello" 2 hours ago Exited (0) 2 hours ago boring_noyce
2598a89d1827 d1165f221234 "/hello" 5 hours ago Exited (0) 5 hours ago zen_bouman
[[email protected] /]# docker ps -n=1
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
eafb3befb9a5 centos "/bin/bash" 9 minutes ago Exited (0) 7 minutes ago kind_sanderson
[[email protected] /]# docker ps -aq
eafb3befb9a5
bb9ddcf15a43
2598a89d1827
退出容器
exit #直接容器停止退出
Ctrl + P + Q #容器不停止退出
删除容器
docker rm 容器id #删除指定的容器,不能删除正在运行的容器,如需强制删除加上参数 -f
docker rm $(docker ps -aq) # 删除所有的容器
docker ps -a -q|xqrgs docker rm #删除所有的容器
[[email protected] /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c476eb7ac6e centos "/bin/bash" About a minute ago Up About a minute practical_cerf
eafb3befb9a5 centos "/bin/bash" 15 minutes ago Exited (0) 14 minutes ago kind_sanderson
bb9ddcf15a43 d1165f221234 "/hello" 2 hours ago Exited (0) 2 hours ago boring_noyce
2598a89d1827 d1165f221234 "/hello" 5 hours ago Exited (0) 5 hours ago zen_bouman
[[email protected] /]# docker rm eafb3befb9a5
eafb3befb9a5
[[email protected] /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c476eb7ac6e centos "/bin/bash" 2 minutes ago Up 2 minutes practical_cerf
bb9ddcf15a43 d1165f221234 "/hello" 2 hours ago Exited (0) 2 hours ago boring_noyce
2598a89d1827 d1165f221234 "/hello" 5 hours ago Exited (0) 5 hours ago zen_bouman
[[email protected] /]# docker rm -f $(docker ps -aq)
8c476eb7ac6e
bb9ddcf15a43
2598a89d1827
[[email protected] /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
启动和停止容器的操作
docker start 容器id #启动容器
docker restart 容器id #重启容器
docker stop 容器id #停止当前正在运行的容器
docker kill 容器id #强制停止当前容器
常用的其它命令
后台启动容器
#命令 docker run -d 镜像名
[[email protected] /]# docker run -d centos
c4c3fe45386a572b76b110a521481f7d165f1e8c32a3aa359870f9364e829134
[[email protected] /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[[email protected] /]#
#问题docker PS,发现centos停止了。
#docker 容器使用后台运行,就必行要有一个前台进程,docker发现没有应用,就会自动停止。
#Nginx,容器启动后,发现自己没有提供服务,就会立刻停止,就是没有程序了
查看日志
#通过shell脚本模拟日志
[[email protected] /]# docker run -d centos /bin/sh -c "while true;do echo 6666;sleep 1;done"
e598481e2c11f12fa301d29f361e7d2247985fba54620e81757f09f2c3c423fd
[[email protected] /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e598481e2c11 centos "/bin/sh -c 'while t…" 19 seconds ago Up 18 seconds strange_tharp
[[email protected] /]# docker logs -tf --tail 10 e598481e2c11
2021-03-10T10:33:01.016503726Z 6666
2021-03-10T10:33:02.018478185Z 6666
2021-03-10T10:33:03.020801113Z 6666
2021-03-10T10:33:04.022784436Z 6666
2021-03-10T10:33:05.024788114Z 6666
2021-03-10T10:33:06.026739830Z 6666
2021-03-10T10:33:07.028655993Z 6666
2021-03-10T10:33:08.031886421Z 6666
2021-03-10T10:33:09.034487008Z 6666
2021-03-10T10:33:10.036418498Z 6666
2021-03-10T10:33:11.038581752Z 6666
2021-03-10T10:33:12.040528786Z 6666
2021-03-10T10:33:13.042594899Z 6666
2021-03-10T10:33:14.050412235Z 6666
2021-03-10T10:33:15.052447800Z 6666
2021-03-10T10:33:16.054290434Z 6666
2021-03-10T10:33:17.056320440Z 6666
#显示日志
-tf #显示日志
--tail number #要显示日志的条数
查看容器中进程信息
[[email protected]haimian ~]# docker top 容器id
UID PID PPID C STIME TTY TIME CMD
root 4253 4233 0 08:56 pts/0 00:00:00 /bin/bash
查看元数据
[[email protected] ~]# docker inspect 容器id
[
{
"Id": "9b04278c721c6a32280f5a6b2cfca4d09695197e0eb054334eff32fa9d34f4c2",
"Created": "2021-03-11T00:56:04.357924839Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4253,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-03-11T00:56:04.620762643Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/9b04278c721c6a32280f5a6b2cfca4d09695197e0eb054334eff32fa9d34f4c2/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/9b04278c721c6a32280f5a6b2cfca4d09695197e0eb054334eff32fa9d34f4c2/hostname",
"HostsPath": "/var/lib/docker/containers/9b04278c721c6a32280f5a6b2cfca4d09695197e0eb054334eff32fa9d34f4c2/hosts",
"LogPath": "/var/lib/docker/containers/9b04278c721c6a32280f5a6b2cfca4d09695197e0eb054334eff32fa9d34f4c2/9b04278c721c6a32280f5a6b2cfca4d09695197e0eb054334eff32fa9d34f4c2-json.log",
"Name": "/nervous_tharp",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/71d8502f96fe3491087c496beed13c2a556440cd645343baf6324630f1758ef4-init/diff:/var/lib/docker/overlay2/b250fa3307e25d8fe349fc1ab141f9e17a65b53f7dd1efd8ae77a85d6a2c2f34/diff",
"MergedDir": "/var/lib/docker/overlay2/71d8502f96fe3491087c496beed13c2a556440cd645343baf6324630f1758ef4/merged",
"UpperDir": "/var/lib/docker/overlay2/71d8502f96fe3491087c496beed13c2a556440cd645343baf6324630f1758ef4/diff",
"WorkDir": "/var/lib/docker/overlay2/71d8502f96fe3491087c496beed13c2a556440cd645343baf6324630f1758ef4/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "9b04278c721c",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "433bb847363bdb8e427808cba6ab8c4ec393a7cc47c581ca46a809c56147c465",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/433bb847363b",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "946467ddce58eea2929f97f93987f75556f53e7dca2d81300e210942e6248643",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "090280e003617c467adbb6fba6bcb1342a5b5e419a82a6d1f2eb8deec3d89933",
"EndpointID": "946467ddce58eea2929f97f93987f75556f53e7dca2d81300e210942e6248643",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
进入当前正在运行的容器
#我们通常容器都是使用后台方式运行的,需要进入容器,进行一些修改
#命令
docker exec -it 容器id /bin/bash
#测试
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9b04278c721c centos "/bin/bash" 18 minutes ago Up 18 minutes nervous_tharp
[[email protected] ~]# docker exec -it 9b04278c721c /bin/bash
[[email protected] /]# ls
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[[email protected] /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 00:56 pts/0 00:00:00 /bin/bash
root 15 0 0 01:15 pts/1 00:00:00 /bin/bash
root 30 15 0 01:15 pts/1 00:00:00 ps -ef
#方式二
docker attach 容器id
#测试
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9b04278c721c centos "/bin/bash" 24 minutes ago Up 24 minutes nervous_tharp
[[email protected] ~]# docker attach 9b04278c721c
正在执行当前的代码...
#docker exec #进入容器后开启一个新的终端,可以在里面操作(常用)
#docker attach #进入容器正在执行的终端,不会启动新的进程。
从容器内拷贝文件到主机上
docker cp 容器id:容器目录地址 主机地址
#查看当前主机下目录文件
[[email protected] home]# ls
paidaxing.txt
#进入容器
[[email protected] home]# docker attach e5dfa59ded55
#创建测试文件
[[email protected] /]# touch test.txt
[[email protected] /]# ls
bin dev etc home lib lib64 lost+found media mnt opt paidaxing.txt proc root run sbin srv sys test.txt tmp usr var
#退出容器cope到主机目录上
[[email protected] home]# docker cp e5dfa59ded55:/test.txt /home
#查看文件,cope到了
[[email protected] home]# ls
paidaxing.txt test.txt
学习方式:将所有的命令全部敲一遍,自己记录笔记!
小结
常用代码合集
attach attach to a running container #当前 shell下attach连接指定运行镜像
build build an image from a dockerfile #通过dockerfile定制镜像
commit create a new image from a container #提交当前容器为新的镜像
cp cope files/folders from the containers filesystem to the host path #从容器中拷贝指定文件或目录到宿主机
create create a new container #创建一个新的容器,同run,但不启动容器
diff inspect changes on a container’s filesystem #查看docker容器变化
events get real time events from the server #从docker服务获取容器实时事件
exec run a command in an existing container #在已存在的容器上运行命令
export stream the contents of a container as a tar archive #导出容器的内容流作为一个tar归档文件[对应import]
history show the history of an image #展示一个镜像形成历史
images list images #列出当前镜像
import create a new filesystem image from the contents of a tarball #从tar包中的内容创建一个新的文件系统映像[对应export]
info display system-wide information # 显示系统相关信息
inspect return low-level information on a container #查看容器详细信息
kill kill a running container #kill 指定docker容器
load load an image from a tar archive #从一个tar包中加载一个镜像[对应save]
login register or login to the docker registry server #注册或者登陆一个docker源服务器
logout log out from a docker registry server #从当前docker registry 退出
logs fetch the logs of a container #输出当前容器日期信息
port lookup the public-facing port which is nat-ed to private_port #查看映射端口对应的容器内部端口
pause pause all processes within a container #暂停容器
PS list continues #列出容器列表
pull pull an image or a repository from the docker registry server #从docker镜像源服务器拉取指定镜像或者库镜像
push push an image or a repository from the docker registry server #推送指定镜像或者库镜像至docker源服务器
restart restart a running container #重启运行容器
rm remove one or more containers #移除一个或者多个容器
rmi remove one or more images #移除一个或者多个镜像[无容器使用改镜像才可删除,否则删除相关内容才可继续或 -f 强制删除]
run run a command in a new container #创建一个新的容器并运行一个命令
save save 按 image to a tar archive #保存一个镜像为一个tar包[对应load]
search search for an image on the docker hub #在docker hub中搜索镜像
start start a stopped containers #启动容器
stop stop a running processes of a container #停止容器
top lookup the running processes of container #查看容器中运行的进程信息
tag tag an image info a repository # 给源中镜像打标签
UNpause UNpause a paused container #取消暂停容器
version show the docker version information #查看docker版本号
wait block until a container stops,then print its exit code #截取容器停止时的退出状态值
作业练习
#1、搜索镜像
[[email protected] ~]# docker search Nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 14547 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1982 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 810 [OK]
jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 158
linuxserver/nginx An Nginx container, brought to you by LinuxS… 142
tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 115 [OK]
jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 97 [OK]
bitnami/nginx Bitnami nginx Docker Image 94 [OK]
alfg/nginx-rtmp NGINX, nginx-rtmp-module and FFmpeg from sou… 89 [OK]
jasonrivers/nginx-rtmp Docker images to host RTMP streams using NGI… 88 [OK]
nginxdemos/hello NGINX webserver that serves a simple page co… 67 [OK]
privatebin/nginx-fpm-alpine PrivateBin running on an Nginx, php-fpm & Al… 49 [OK]
nginx/nginx-ingress NGINX Ingress Controller for Kubernetes 49
nginxinc/nginx-unprivileged Unprivileged NGINX Dockerfiles 31
schmunk42/nginx-redirect A very simple container to redirect HTTP tra… 19 [OK]
staticfloat/nginx-certbot Opinionated setup for automatic TLS certs lo… 19 [OK]
nginx/nginx-prometheus-exporter NGINX Prometheus Exporter 16
centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 15
centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 13
raulr/nginx-wordpress Nginx front-end for the official wordpress:f… 13 [OK]
flashspys/nginx-static Super Lightweight Nginx Image 9 [OK]
bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr… 8 [OK]
mailu/nginx Mailu nginx frontend 8 [OK]
ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 2 [OK]
wodby/nginx Generic nginx 1 [OK]
#2、下载镜像 镜像名称不能大写。。。
[[email protected] ~]# docker pull Nginx
invalid reference format: repository name must be lowercase
[[email protected] ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
a076a628af6f: Pull complete
0732ab25fa22: Pull complete
d7f36f6fe38f: Pull complete
f72584a26f32: Pull complete
7125e4df9063: Pull complete
Digest: sha256:10b8cc432d56da8b61b070f4c7d2543a9ed17c2b23010b43af434fd40e2ca4aa
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
#3、查看下载好的镜像
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest f6d0b4767a6c 8 weeks ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
#4、运行容器测试
[[email protected] ~]# docker run -d --name nginx01 -p 3344:80 nginx
efb55f5c5ac7b696491a15e64b984e91c6c9868f92b2e85bc4a6439c2979c386
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
efb55f5c5ac7 nginx "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 0.0.0.0:3344->80/tcp nginx01
e5dfa59ded55 centos "/bin/bash" 5 hours ago Up 5 hours heuristic_lamport
#Welcome to nginx!表示没有问题
[[email protected] ~]# curl localhost:3344
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
#5、进入容器
[[email protected] ~]# docker exec -it nginx01 /bin/bash
[email protected]:/# whereis nginx
nginx: /usr/sbin/nginx /usr/lib/nginx /etc/nginx /usr/share/nginx
[email protected]:/# cd /etc/nginx
[email protected]:/etc/nginx# ls
conf.d fastcgi_params koi-utf koi-win mime.types modules nginx.conf scgi_params uwsgi_params win-utf
端口映射
-p 外部端口:容器端口
通过公网地址访问也没有问题
作业2
#docker 来装一个Tomcat
#官方文档给出的代码:docker run -it --rm tomcat:9.0
#我们之前的启动都是后台,停止了容器之后,容器还是可以,--rm 一般用来测试,用完即删
#我们不用官方这个
[[email protected] ~]# docker pull tomcat:9.0
9.0: Pulling from library/tomcat
Digest: sha256:94cc18203335e400dbafcd0633f33c53663b1c1012a13bcad58cced9cd9d1305
Status: Image is up to date for tomcat:9.0
docker.io/library/tomcat:9.0
#下载成功
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat 9.0 040bdb29ab37 8 weeks ago 649MB
nginx latest f6d0b4767a6c 8 weeks ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
#安装步骤就不多说了,和Nginx一样的,安装完成之后我们启动了容器通过端口映射,在公网范围的时候发现没有Tomcat初始界面。这是因为阿里云的原因,默认是最小的镜像,所有不必要的都剔除掉
#保证最小的可运行环境
#但是我们发现在WebApps.dist 有我们需要的文件,直接cope到WebApps目录下即可。
[[email protected] ~]# docker run -d -p 3355:8080 --name tomcat01 tomcat
[[email protected] ~]# docker exec -it tomcat01 /bin/bash
[email protected]:/usr/local/tomcat# ls
BUILDING.txt LICENSE README.md RUNNING.txt conf logs temp webapps.dist
CONTRIBUTING.md NOTICE RELEASE-NOTES bin lib native-jni-lib webapps work
[email protected]:/usr/local/tomcat# cd webapps.dist
[email protected]:/usr/local/tomcat/webapps.dist# ls
ROOT docs examples host-manager manager
[email protected]:/usr/local/tomcat/webapps.dist# cd ..
[email protected]:/usr/local/tomcat# cp -r webapps.dist/* webapps
[email protected]:/usr/local/tomcat# cd webapps
[email protected]:/usr/local/tomcat/webapps# ls
ROOT docs examples host-manager manager
没有问题的。
作业3
#部署es+kibana
#es 十分耗内存
#es 的数据一般需要放置到安全目录挂在!
#--net somenetwork 网络配置
docker network create somenetwork
docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.2
#es下载好了
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat 9.0 040bdb29ab37 8 weeks ago 649MB
tomcat latest 040bdb29ab37 8 weeks ago 649MB
nginx latest f6d0b4767a6c 8 weeks ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
elasticsearch 7.6.2 f29a1ee41030 11 months ago 791MB
[[email protected] ~]# docker network create somenetwork
63d3626d7dc7dbe327bff56b01bceb072bb25e6eb6e1d05ab668343c825ab030
[[email protected] ~]# docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.2
7079aa33b1bea3526315c3ccdb2fd581f478e5f973096698202d0eacb3edffa7
[[email protected] ~]# docker stats 内存已经使用了70%多
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
7079aa33b1be elasticsearch 0.38% 1.241GiB / 1.694GiB 73.25% 0B / 0B 265MB / 733kB 43
#内存太大了,我们需要修改分配
docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" elasticsearch:7.6.2
[[email protected] ~]# docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" elasticsearch:7.6.2
43a90d0eee76f1776e450c639a9952ea7acdd7f2591025d264e3b2641e5db062
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
43a90d0eee76 elasticsearch:7.6.2 "/usr/local/bin/dock…" 4 seconds ago Up 3 seconds 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp elasticsearch
#启动之后我们发现比之前的内存小多了
[[email protected] ~]# docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
43a90d0eee76 elasticsearch 0.02% 382.1MiB / 1.694GiB 22.03% 0B / 0B 82.9MB / 696kB 44
#没有问题
[[email protected] ~]# curl localhost:9200
{
"name" : "43a90d0eee76",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "isNkwujwQbCW-kK5uPTZJw",
"version" : {
"number" : "7.6.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
"build_date" : "2020-03-26T06:34:37.794943Z",
"build_snapshot" : false,
"lucene_version" : "8.4.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
可视化
portainer
docker run -d -p 8088:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainer
rancher(CI/CD用)
#下载成功
[[email protected] ~]# docker run -d -p 8088:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainer
Unable to find image 'portainer/portainer:latest' locally
latest: Pulling from portainer/portainer
d1e017099d17: Pull complete
717377b83d5c: Pull complete
Digest: sha256:f8c2b0a9ca640edf508a8a0830cf1963a1e0d2fd9936a64104b3f658e120b868
Status: Downloaded newer image for portainer/portainer:latest
b6cac10ec0295cafc5d3646bae7eb702ce05b843ba74c8eea1aef8fbe5a17c7c
通过公网地址访问portainer,创建好用户之后选择登陆
我们选择本地,可以看到一些基础的信息。其它的自行查看了。
平时用的比较少,用来测试玩玩就好了。
Docker镜像讲解
镜像是什么
镜像是一种轻量级、可执行的独立软件保,用来打包软件运行环境和基于运行环境开发的软件,他包含运行某个软件所需的所有内容,包括代码、运行时库、环境变量和配置文件。所有应用,直接打包docker镜像,就可以直接跑起来!
如何得到镜像
- 从远程仓库下载
- 别人拷贝给你
- 自己制作一个镜像 DockerFile
Docker镜像加载原理
UnionFs (联合文件系统)
UnionFs(联合文件系统):Union文件系统(UnionFs)是一种分层、轻量级并且高性能的文件系统,他支持对文件系统的修改作为一次提交来一层层的叠加,同时可以将不同目录挂载到同一个虚拟文件系统下( unite several directories into a single virtual filesystem)。Union文件系统是 Docker镜像的基础。镜像可以通过分层来进行继承,基于基础镜像(没有父镜像),可以制作各种具体的应用镜像
特性:一次同时加载多个文件系统,但从外面看起来,只能看到一个文件系统,联合加载会把各层文件系统叠加起来,这样最终的文件系统会包含所有底层的文件和目录。
Docker镜像加载原理
docker的镜像实际上由一层一层的文件系统组成,这种层级的文件系统UnionFS。
boots(boot file system)主要包含 bootloader和 Kernel, bootloader主要是引导加 kernel, Linux刚启动时会加bootfs文件系统,在 Docker镜像的最底层是 boots。这一层与我们典型的Linux/Unix系统是一样的,包含boot加載器和内核。当boot加载完成之后整个内核就都在内存中了,此时内存的使用权已由 bootfs转交给内核,此时系统也会卸载bootfs。
rootfs(root file system),在 bootfs之上。包含的就是典型 Linux系统中的/dev,/proc,/bin,/etc等标准目录和文件。 rootfs就是各种不同的操作系统发行版,比如 Ubuntu, Centos等等。
平时我们安装进虚拟机的CentOS都是好几个G,为什么Docker这里才200M?
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat 9.0 040bdb29ab37 8 weeks ago 649MB
tomcat latest 040bdb29ab37 8 weeks ago 649MB
nginx latest f6d0b4767a6c 8 weeks ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
elasticsearch 7.6.2 f29a1ee41030 11 months ago 791MB
对于个精简的OS,rootfs可以很小,只需要包合最基本的命令,工具和程序库就可以了,因为底层直接用Host的kernel,自己只需要提供rootfs就可以了。由此可见对于不同的Linux发行版, boots基本是一致的, rootfs会有差別,因此不同的发行版可以公用bootfs.虚拟机是分钟级别,容器是秒级!
分层理解
分层的镜像
我们可以去下载一个镜像,注意观察下载的日志输出,可以看到是一层层的在下载
思考:为什么Docker镜像要采用这种分层的结构呢?
最大的好处,我觉得莫过于资源共享了!比如有多个镜像都从相同的Base镜像构建而来,那么宿主机只需在磁盘上保留一份base镜像,同时内存中也只需要加载一份base镜像,这样就可以为所有的容器服务了,而且镜像的每一层都可以被共享。
查看镜像分层的方式可以通过docker image inspect 命令
[[email protected] ~]# docker image inspect centos
[
{
"Id": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"RepoTags": [
"centos:latest"
],
"RepoDigests": [
"[email protected]:5528e8b1b1719d34604c87e11dcd1c0a20bedf46e83b5632cdeac91b8c04efc1"
],
"Parent": "",
"Comment": "",
"Created": "2020-12-08T00:22:53.076477777Z",
"Container": "395e0bfa7301f73bc994efe15099ea56b8836c608dd32614ac5ae279976d33e4",
"ContainerConfig": {
"Hostname": "395e0bfa7301",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"/bin/bash\"]"
],
"Image": "sha256:6de05bdfbf9a9d403458d10de9e088b6d93d971dd5d48d18b4b6758f4554f451",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"DockerVersion": "19.03.12",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "sha256:6de05bdfbf9a9d403458d10de9e088b6d93d971dd5d48d18b4b6758f4554f451",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 209348104,
"VirtualSize": 209348104,
"GraphDriver": {
"Data": {
"MergedDir": "/var/lib/docker/overlay2/b250fa3307e25d8fe349fc1ab141f9e17a65b53f7dd1efd8ae77a85d6a2c2f34/merged",
"UpperDir": "/var/lib/docker/overlay2/b250fa3307e25d8fe349fc1ab141f9e17a65b53f7dd1efd8ae77a85d6a2c2f34/diff",
"WorkDir": "/var/lib/docker/overlay2/b250fa3307e25d8fe349fc1ab141f9e17a65b53f7dd1efd8ae77a85d6a2c2f34/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:2653d992f4ef2bfd27f94db643815aa567240c37732cae1405ad1c1309ee9859"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
所有的 Docker镜像都起始于一个基础镜像层,当进行修改或培加新的内容时,就会在当前镜像层之上,创建新的镜像层。
举一个简单的例子,假如基于 Ubuntu Linux16.04创建一个新的镜像,这就是新镜像的第一层;如果在该镜像中添加 Python包,
就会在基础镜像层之上创建第二个镜像层;如果继续添加一个安全补丁,就会创健第三个镜像层该像当前已经包含3个镜像层,如下图所示(这只是一个用于演示的很简单的例子)。
在添加额外的镜像层的同时,镜像始终保持是当前所有镜像的组合,理解这一点.
在添加额外的镜像层的同时,镜像始终保持是当前所有镜像的组合,理解这一点非常重要。下图中举了一个简单的例子,每个镜像层包含3个文件,而镜像包含了来自两个镜像层的6个文件。
上图中的镜像层跟之前图中的略有区別,主要目的是便于展示文件
下图中展示了一个稍微复杂的三层镜像,在外部看来整个镜像只有6个文件,这是因为最上层中的文件7是文件5的一个更新版。
文中情況下,上层镜像层中的文件覆盖了底层镜像层中的文件。这样就使得文件的更新版本作为一个新镜像层添加到镜像当中
Docker通过存储引擎(新版本采用快照机制)的方式来实现镜像层堆栈,并保证多镜像层对外展示为统一的文件系统
Linux上可用的存储引撃有AUFS、 Overlay2、 Device Mapper、Btrfs以及ZFS。顾名思义,每种存储引擎都基于 Linux中对应的
件系统或者块设备技术,井且每种存储引擎都有其独有的性能特点。
Docker在 Windows上仅支持 windowsfilter 一种存储引擎,该引擎基于NTFS文件系统之上实现了分层和CoW [1]。
特点Docker 镜像都是只读的,当容器启动时,一个新的可写层加载到镜像的顶部!
这一层就是我们通常说的容器层,容器之下的都叫镜像层!
commit镜像
docker commit 提交容器成为一个新的副本
#命令和git原理类似
docker commit -m "提交的描述信息" -a-"作者" 容器id 目标镜像名:[TAG]
#实战测试
# 1、启动一个默认的tomcat
# 2、发现这个默认的tomcat 是没有webapps应用,官方的镜像默认webapps下面是没有文件的!
# 3、从webapps.dist拷贝文件进去webapp
#这几步都是之前作业里面的就不放代码了
#4、上传之前修改过的Tomcat文件
[[email protected] ~]# docker commit -a="paidaxing" -m="add webapps app" 87333a05a9f6 tomcat02:1.0
sha256:2cef4ca7716dae5564ecf80124e60bd6a7b3a487541ab5855a4812da5a209955
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat02 1.0 2cef4ca7716d 6 seconds ago 654MB
tomcat 9.0 040bdb29ab37 8 weeks ago 649MB
tomcat latest 040bdb29ab37 8 weeks ago 649MB
nginx latest f6d0b4767a6c 8 weeks ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
elasticsearch 7.6.2 f29a1ee41030 11 months ago 791MB
#如果你想要保存当前容器的状态,就可以通过commit来提交,获得一个镜像,就好比我们我们使用虚拟机的快照。
#到这里才算入门。
数据容器卷
什么是容器数据卷
docker的理念回顾
将应用和环境打包成一个镜像!
如果数据都在容器中,那么我们容器删除,数据就会丢失! 需求:数据可以持久化。
MySQL,容器删了,删库跑路!需求:MySQL数据可以存储在本地!
容器之间可以有一个数据共享的技术!docker容器中产生的数据,同步到本地!
这就是卷技术!目录的挂载,将我们容器内的目录,挂载到liunx上面。
总结一句话:容器的持久化和同步操作!容器间也是可以数据共享的!
使用数据卷
#方式一:直接使用命令来挂载 -v
docker run -it -v 主机目录:容器目录
[[email protected] ~]# docker run -it -v /home/ceshi2:/home centos /bin/bash
#在容器内部创建测试文件
[[email protected] /]# cd /home
[[email protected] home]# ls
[[email protected] home]# touch ceshi.txt
[[email protected] home]# ls
ceshi.txt
#在宿主机上查看挂载目录文件
[[email protected] ceshi2]# docker inspect 容器id
#看到目录已经对应上了
"Mounts": [
{
"Type": "bind",
"Source": "/home/ceshi2",
"Destination": "/home",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
[[email protected] home]# cd /home/ceshi2
[[email protected] ceshi2]# ls
ceshi.txt
#可以看到文件已经挂载到宿主机上面了
#测试一下从宿主机到容器内是否可以
#vim 进test.java编辑helloword!
[[email protected] ceshi2]# vim test.java
#从容器上打印输出,没有问题,数据已经挂载过来/
[[email protected] home]# cat test.java
hello word !
#好处:我们以后修改只需要在本地修改即可,容器内会自动同步!
实战:安装MySQL
#官方文档
docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:tag
#我们自己启动容器的命令
docker run -d -p 3310:3306 -v /home/mysql/conf:/etc/mysql/conf.d -v /home/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7
#测试连接:注意3310端口要在阿里云服务器的安全组中打开,否则无法连接。
#通过sqlyog来测试
#接着我们在数据库上创建一个test数据库,可以在宿主机data文件中看到这个test文件,说明文件挂载是没有问题的。
[[email protected] home]# cd /home/mysql
[[email protected] mysql]# ls
conf data
[[email protected] mysql]# cd data
[[email protected] data]# ls
auto.cnf ca.pem client-key.pem ibdata1 ib_logfile1 mysql private_key.pem server-cert.pem sys
ca-key.pem client-cert.pem ib_buffer_pool ib_logfile0 ibtmp1 performance_schema public_key.pem server-key.pem test
#把启动的MySQL01容器删掉之后,我们再去查看data目录数据也是存在的,不用再担心删库跑路了。
可以看到远程连接MySQL服务没有问题
具名和匿名挂载
# 匿名挂载
-v 容器内路径!
docker run -d -P --name nginx01 -v /etc/nginx nginx
# 查看所有的volume(卷)的情况
[[email protected] /]# docker volume ls
DRIVER VOLUME NAME
local 8c4f2eaefebd32b784282a017216d9f95b9ed574686c53ad104baef5a2081f83
local 22cc1a5276452507a161e1f439c5dd35e1342d48effccf4bde4459f82bee7bf8
local 28f275a528a2e7b660a062ab76d61747607a662a565a648a3fa302ef66e5c0b1
local 301f0fd19527fd0fc4c877aa5ac14401c7bd5ff144b26908fefcd7c989a03942
# 具名挂载 -P:表示随机映射端口
docker run -d -P --name nginx02 -v juming-nginx:/etc/nginx nginx
[[email protected] /]# docker volume ls
DRIVER VOLUME NAME
local 8c4f2eaefebd32b784282a017216d9f95b9ed574686c53ad104baef5a2081f83
local 22cc1a5276452507a161e1f439c5dd35e1342d48effccf4bde4459f82bee7bf8
local 28f275a528a2e7b660a062ab76d61747607a662a565a648a3fa302ef66e5c0b1
local 301f0fd19527fd0fc4c877aa5ac14401c7bd5ff144b26908fefcd7c989a03942
local juming-nginx
#查看容器内路径
[[email protected] /]# docker volume inspect juming-nginx
[
{
"CreatedAt": "2021-03-12T15:28:59+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/juming-nginx/_data",
"Name": "juming-nginx",
"Options": null,
"Scope": "local"
}
]
#所有的docker容器内的卷,没有指定目录的情况下都是在**/var/lib/docker/volumes/自定义的卷名/_data**下,
#如果指定了目录,docker volume ls 是查看不到的。
#我们通过具名挂载可以方便的找到我们的一个卷,大多数情况下我们使用具名挂载。
#如何确定是具名挂载还是匿名挂载,还是指定路径挂载。
-v 容器内路径 #匿名挂载
-v 卷名:容器内路径 #具名挂载
-v /宿主机路径:容器内路径 #指定路径挂载
#拓展
# 通过 -v 容器内路径: ro rw 改变读写权限
#一旦设置了容器权限,容器对我们挂载出来的内容就有限定了。
ro #readonly 只读
rw #readwrite 可读可写
docker run -d -P --name nginx05 -v juming:/etc/nginx:ro nginx
docker run -d -P --name nginx05 -v juming:/etc/nginx:rw nginx
# ro 只要看到ro就说明这个路径只能通过宿主机来操作,容器内部是无法操作!
初识Dockerfile
#Dockerfile 就是用来构建docker镜像的构建文件!命令脚本!先体验一下!
#通过这个脚本可以生成镜像,镜像是一层一层的,脚本是一个个的命令,每个命令都是一层!
[[email protected] home]# mkdir docker-test-volume
[[email protected] home]# ls
ceshi ceshi2 docker-test-volume mysql test.txt
[[email protected] docker-test-volume]# vim dockerfile1
$ vim dockerfile1
FROM centos # 当前这个镜像是以centos为基础的
VOLUME ["volume01","volume02"] # 挂载卷的卷目录列表(多个目录)匿名挂载
CMD echo "-----end-----" # 输出一下用于测试
CMD /bin/bash # 默认走bash控制台
[[email protected] docker-test-volume]# cat dockerfile1
from centos
VOLUME ["volume01","volume02"]
CMD echo "----end----"
CMD /bin/bash
[[email protected] docker-test-volume]# docker build -f dockerfile1 -t paidaxing/centos:9.1 .
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM centos
---> 300e315adb2f
Step 2/4 : VOLUME ["volume01","volume02"]
---> Running in 0063f9fc9fe7
Removing intermediate container 0063f9fc9fe7
---> a3d86ee7e84e
Step 3/4 : CMD echo "----end----"
---> Running in c3cb71e4c615
Removing intermediate container c3cb71e4c615
---> 37a72a286603
Step 4/4 : CMD /bin/bash
---> Running in ec28fafc6700
Removing intermediate container ec28fafc6700
---> 3bb6b30650fe
Successfully built 3bb6b30650fe
Successfully tagged paidaxing/centos:9.1
[[email protected] docker-test-volume]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
paidaxing/centos 9.1 3bb6b30650fe 24 seconds ago 209MB
tomcat02 1.0 2cef4ca7716d 7 hours ago 654MB
mysql 5.7 a70d36bc331a 7 weeks ago 449MB
tomcat 9.0 040bdb29ab37 8 weeks ago 649MB
tomcat latest 040bdb29ab37 8 weeks ago 649MB
nginx latest f6d0b4767a6c 8 weeks ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
elasticsearch 7.6.2 f29a1ee41030 11 months ago 791MB
#开启我们自己打包镜像
[[email protected] docker-test-volume]# docker run -it 3bb6b30650fe /bin/bash
[[email protected] /]# ls -l
total 56
lrwxrwxrwx 1 root root 7 Nov 3 15:22 bin -> usr/bin
drwxr-xr-x 5 root root 360 Mar 12 08:20 dev
drwxr-xr-x 1 root root 4096 Mar 12 08:20 etc
drwxr-xr-x 2 root root 4096 Nov 3 15:22 home
lrwxrwxrwx 1 root root 7 Nov 3 15:22 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Nov 3 15:22 lib64 -> usr/lib64
drwx------ 2 root root 4096 Dec 4 17:37 lost+found
drwxr-xr-x 2 root root 4096 Nov 3 15:22 media
drwxr-xr-x 2 root root 4096 Nov 3 15:22 mnt
drwxr-xr-x 2 root root 4096 Nov 3 15:22 opt
dr-xr-xr-x 111 root root 0 Mar 12 08:20 proc
dr-xr-x--- 2 root root 4096 Dec 4 17:37 root
drwxr-xr-x 11 root root 4096 Dec 4 17:37 run
lrwxrwxrwx 1 root root 8 Nov 3 15:22 sbin -> usr/sbin
drwxr-xr-x 2 root root 4096 Nov 3 15:22 srv
dr-xr-xr-x 13 root root 0 Mar 12 08:20 sys
drwxrwxrwt 7 root root 4096 Dec 4 17:37 tmp
drwxr-xr-x 12 root root 4096 Dec 4 17:37 usr
drwxr-xr-x 20 root root 4096 Dec 4 17:37 var
drwxr-xr-x 2 root root 4096 Mar 12 08:20 volume01
drwxr-xr-x 2 root root 4096 Mar 12 08:20 volume02
[[email protected] data]# docker inspect 41f048f757fe
"Mounts": [
{
"Type": "volume",
"Name": "63a7b1f1b480889a2f5b7a38538ae0fe639d27a621c2e575c12539bee009738f",
"Source": "/var/lib/docker/volumes/63a7b1f1b480889a2f5b7a38538ae0fe639d27a621c2e575c12539bee009738f/_data",
"Destination": "volume01",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "85cbb117c2fdecccfce1d22290ecc6be05078e920911b7e7051418dca04755f1",
"Source": "/var/lib/docker/volumes/85cbb117c2fdecccfce1d22290ecc6be05078e920911b7e7051418dca04755f1/_data",
"Destination": "volume02",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
数据卷容器
多个MySQL同步数据
命名的容器挂载数据卷
[[email protected] /]# docker run -it --name docker01 paidaxing/centos:9.1
[[email protected] /]# docker run -it --name docker02 --volumes-from docker01 paidaxing/centos:9.1
#docker01容器 volume01添加测试文件
[[email protected] /]# cd volume01
[[email protected] volume01]# ls
[[email protected] volume01]# touch ceshi.java
[[email protected] volume01]# ls
ceshi.java
#docker02 volume01也同步了文件
[[email protected] volume01]# ls
ceshi.java
# 测试:可以删除docker01,查看一下docker02是否可以访问这个文件
# 测试发现:数据依旧保留在docker02中没有被删除
#多个mysql实现数据共享
docker run -d -p 3306:3306 -v /home/mysql/conf:/etc/mysql/conf.d -v /home/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7
docker run -d -p 3310:3306 -e MYSQL_ROOT_PASSWORD=123456 --name mysql02 --volumes-from mysql01 mysql:5.7
#容器之间的配置信息的传递,数据卷容器的生命周期一直持续到没有容器使用为止。
#但是一旦你持久化到了本地,这个时候,本地的数据是不会删除的!
Dockerfile
DockerFile介绍
dockerfile是用来构建docker镜像的文件!命令参数脚本!
构建步骤:
1、 编写一个dockerfile文件
2、 docker build 构建称为一个镜像
3、 docker run运行镜像
4、 docker push发布镜像(DockerHub 、阿里云仓库)
点击后跳到一个Dockerfile
很多官方镜像都是基础包,很多功能没有,我们通常会自己搭建自己的镜像!
官方既然可以制作镜像,那我们也可以。
DockerFile构建过程
基础知识:
1、每个保留关键字(指令)都是必须是大写字母
2、执行从上到下顺序
3、#表示注释
4、每一个指令都会创建提交一个新的镜像曾,并提交!
Dockerfile是面向开发的,我们以后要发布项目,做镜像,就需要编写dockerfile文件,这个文件十分简单!
Docker镜像逐渐成企业交付的标准,必须要掌握!
DockerFile:构建文件,定义了一切的步骤,源代码
DockerImages:通过DockerFile构建生成的镜像,最终发布和运行产品。
Docker容器:容器就是镜像运行起来提供服务。
Dockerfile的指令
FROM # from:基础镜像,一切从这里开始构建
MAINTAINER # maintainer:镜像是谁写的, 姓名+邮箱
RUN # run:镜像构建的时候需要运行的命令
ADD # add:步骤,tomcat镜像,这个tomcat压缩包!添加内容 添加同目录
WORKDIR # workdir:镜像的工作目录
VOLUME # volume:挂载的目录
EXPOSE # expose:保留端口配置
CMD # cmd:指定这个容器启动的时候要运行的命令,只有最后一个会生效,可被替代
ENTRYPOINT # entrypoint:指定这个容器启动的时候要运行的命令,可以追加命令
ONBUILD # onbuild:当构建一个被继承DockerFile这个时候就会运行onbuild的指令,触发指令
COPY # copy:类似ADD,将我们文件拷贝到镜像中
ENV # env:构建的时候设置环境变量!
实战测试
Docker Hub 中 99%的镜像都是从这个基础镜像过来的 FROM scratch,然后配置需要的软件和配置来进行构建。
#1、编写dockerfile文件
[[email protected] ~]# cd /home
[[email protected] home]# ls
ceshi ceshi2 docker-test-volume mysql test.txt
[[email protected] home]#
[[email protected] home]# mkdir dockerfile
[[email protected] home]# ls
ceshi ceshi2 dockerfile docker-test-volume mysql test.txt
[[email protected] home]# cd dockerfile
[[email protected] dockerfile]# ls
#2、编辑测试脚本
[[email protected] dockerfile]# vim mydockerfile-centos
[[email protected] dockerfile]# cat mydockerfile-centos
FROM centos
MAINTAINER paidaxing<#邮箱
ENW MYPATH /use/local
WOEKDIR $MYPATH
RUN yun -y install vim
RUM yun -y install net-tools
EXPOSE 80
CMD echo $MYPATH
CMD echo "----end----"
CMD /bin/bash
#3、运行脚本生成
[[email protected] dockerfile]# docker build -f mydockerfile-centos -t mycentos:1.0 .
Sending build context to Docker daemon 2.048kB
Step 1/10 : FROM centos
---> 300e315adb2f
Step 2/10 : MAINTAINER paidaxing<#邮箱
---> Using cache
---> 46c14b4b0ba2
Step 3/10 : ENV MYPATH /use/local
---> Using cache
---> f8fff150ed37
Step 4/10 : WORKDIR $MYPATH
---> Using cache
---> bc1b77f2c74e
Step 5/10 : RUN yum -y install vim
---> Running in 2f9d6e664a5c
CentOS Linux 8 - AppStream 1.8 MB/s | 6.3 MB 00:03
CentOS Linux 8 - BaseOS 2.0 MB/s | 2.3 MB 00:01
CentOS Linux 8 - Extras 10 kB/s | 9.2 kB 00:00
Last metadata expiration check: 0:00:01 ago on Mon Mar 15 02:54:49 2021.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-15.el8 appstream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-15.el8 appstream 39 k
vim-common x86_64 2:8.0.1763-15.el8 appstream 6.3 M
vim-filesystem noarch 2:8.0.1763-15.el8 appstream 48 k
which x86_64 2.21-12.el8 baseos 49 k
Transaction Summary
================================================================================
Install 5 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-15.el8.x86_64.rpm 103 kB/s | 39 kB 00:00
(2/5): vim-filesystem-8.0.1763-15.el8.noarch.rp 396 kB/s | 48 kB 00:00
(3/5): which-2.21-12.el8.x86_64.rpm 185 kB/s | 49 kB 00:00
(4/5): vim-enhanced-8.0.1763-15.el8.x86_64.rpm 856 kB/s | 1.4 MB 00:01
(5/5): vim-common-8.0.1763-15.el8.x86_64.rpm 2.0 MB/s | 6.3 MB 00:03
--------------------------------------------------------------------------------
Total 1.6 MB/s | 7.8 MB 00:04
warning: /var/cache/dnf/appstream-02e86d1c976ab532/packages/gpm-libs-1.20.7-15.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS Linux 8 - AppStream 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <[email protected]>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : which-2.21-12.el8.x86_64 1/5
Installing : vim-filesystem-2:8.0.1763-15.el8.noarch 2/5
Installing : vim-common-2:8.0.1763-15.el8.x86_64 3/5
Installing : gpm-libs-1.20.7-15.el8.x86_64 4/5
Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64 4/5
Installing : vim-enhanced-2:8.0.1763-15.el8.x86_64 5/5
Running scriptlet: vim-enhanced-2:8.0.1763-15.el8.x86_64 5/5
Running scriptlet: vim-common-2:8.0.1763-15.el8.x86_64 5/5
Verifying : gpm-libs-1.20.7-15.el8.x86_64 1/5
Verifying : vim-common-2:8.0.1763-15.el8.x86_64 2/5
Verifying : vim-enhanced-2:8.0.1763-15.el8.x86_64 3/5
Verifying : vim-filesystem-2:8.0.1763-15.el8.noarch 4/5
Verifying : which-2.21-12.el8.x86_64 5/5
Installed:
gpm-libs-1.20.7-15.el8.x86_64 vim-common-2:8.0.1763-15.el8.x86_64
vim-enhanced-2:8.0.1763-15.el8.x86_64 vim-filesystem-2:8.0.1763-15.el8.noarch
which-2.21-12.el8.x86_64
Complete!
Removing intermediate container 2f9d6e664a5c
---> 0de061ed713e
Step 6/10 : RUN yum -y install net-tools
---> Running in 121a254d12c8
Last metadata expiration check: 0:00:12 ago on Mon Mar 15 02:54:49 2021.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.52.20160912git.el8 baseos 322 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 322 k
Installed size: 942 k
Downloading Packages:
net-tools-2.0-0.52.20160912git.el8.x86_64.rpm 897 kB/s | 322 kB 00:00
--------------------------------------------------------------------------------
Total 90 kB/s | 322 kB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Running scriptlet: net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Verifying : net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Installed:
net-tools-2.0-0.52.20160912git.el8.x86_64
Complete!
Removing intermediate container 121a254d12c8
---> 73dd2dec4a47
Step 7/10 : EXPOSE 80
---> Running in f77204136a2a
Removing intermediate container f77204136a2a
---> 4776c4559b03
Step 8/10 : CMD echo $MYPATH
---> Running in fc421ef0050e
Removing intermediate container fc421ef0050e
---> cfbfd3bde115
Step 9/10 : CMD echo "----end----"
---> Running in 12563e09abad
Removing intermediate container 12563e09abad
---> 820a8596c7f4
Step 10/10 : CMD /bin/bash
---> Running in efa3bf6841d5
Removing intermediate container efa3bf6841d5
---> 4ab2ff5bb2ba
Successfully built 4ab2ff5bb2ba
Successfully tagged mycentos:1.0
#4、查看,测试相关命令
[[email protected] dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mycentos 1.0 4ab2ff5bb2ba 6 minutes ago 291MB
paidaxing/centos 9.1 3bb6b30650fe 2 days ago 209MB
tomcat02 1.0 2cef4ca7716d 3 days ago 654MB
mysql 5.7 a70d36bc331a 7 weeks ago 449MB
tomcat 9.0 040bdb29ab37 2 months ago 649MB
tomcat latest 040bdb29ab37 2 months ago 649MB
nginx latest f6d0b4767a6c 2 months ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
elasticsearch 7.6.2 f29a1ee41030 11 months ago 791MB
[[email protected] dockerfile]# docker run -it mycentos:1.0 /bin/bash
[[email protected] local]# pwd
/use/local
[[email protected] local]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#我们平时拿到一个镜像,可以用 “docker history 镜像id” 研究一下是什么做的
CMD 和 ENTRYPOINT区别
CMD # 指定这个容器启动的时候要运行的命令,只有最后一个会生效,可被替代。
ENTRYPOINT # 指定这个容器启动的时候要运行的命令,可以追加命令
#测试cmd
# 编写dockerfile文件
vim dockerfile-test-cmd
FROM centos
CMD ["ls","-a"] # 启动后执行 ls -a 命令
# 构建镜像
docker build -f dockerfile-test-cmd -t cmd-test:0.1 .
# 运行镜像
docker run cmd-test:0.1 # 由结果可得,运行后就执行了 ls -a 命令
.
..
.dockerenv
bin
dev
etc
home
# 想追加一个命令 -l 成为ls -al:展示列表详细数据
docker run cmd-test:0.1 -l
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"-l\":
executable file not found in $PATH": unknown.
ERRO[0000] error waiting for container: context canceled
# cmd的情况下 -l 替换了CMD["ls","-l"] 而 -l 不是命令所以报错
测试ENTRYPOINT
# 编写dockerfile文件
vim dockerfile-test-entrypoint
FROM centos
ENTRYPOINT ["ls","-a"]
# 构建镜像
docker build -f dockerfile-test-entrypoint -t cmd-test:0.1 .
# 运行镜像
docker run entrypoint-test:0.1
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found ...
# 我们的命令,是直接拼接在我们得ENTRYPOINT命令后面的
docker run entrypoint-test:0.1 -l
total 56
drwxr-xr-x 1 root root 4096 May 16 06:32 .
drwxr-xr-x 1 root root 4096 May 16 06:32 ..
-rwxr-xr-x 1 root root 0 May 16 06:32 .dockerenv
lrwxrwxrwx 1 root root 7 May 11 2019 bin -> usr/bin
drwxr-xr-x 5 root root 340 May 16 06:32 dev
drwxr-xr-x 1 root root 4096 May 16 06:32 etc
drwxr-xr-x 2 root root 4096 May 11 2019 home
lrwxrwxrwx 1 root root 7 May 11 2019 lib -> usr/lib
lrwxrwxrwx 1 root root 9 May 11 2019 lib64 -> usr/lib64 ....
实战Tomcat镜像
1、准备镜像文件
#上传文件到服务器文件夹
#发现rz命令没有,yum一下lrzsz
[[email protected] tomcat]# rz
-bash: rz: command not found
[[email protected] tomcat]# yum -y install lrzsz
#查看是否安装成功
[[email protected] tomcat]# rpm -qa lrzsz
lrzsz-0.12.20-36.el7.x86_64
#传输成功后查看文件
[[email protected] tomcat]# ls
apache-tomcat-9.0.44.tar.gz Dockerfile jdk-8u281-linux-x64.tar.gz readme.txt
[[email protected] tomcat]# ll
total 151584
-rw-r--r-- 1 root root 11487016 Mar 15 15:24 apache-tomcat-9.0.44.tar.gz
-rw-r--r-- 1 root root 96 Mar 15 15:23 Dockerfile
-rw-r--r-- 1 root root 143722924 Mar 15 11:30 jdk-8u281-linux-x64.tar.gz
-rw-r--r-- 1 root root 0 Mar 15 15:18 readme.txt
#编辑生成脚本
[[email protected] tomcat]# cat Dockerfile
FROM centos
MAINTAINER paidaxing<571022036>
COPY readme.txt /usr/local/readme.txt
ADD jdk-8u281-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-9.0.44.tar.gz /usr/local/
RUN yum -y vim
ENV MYPATH /usr/local
WORKDIR $MYPATH
ENV JAVA_HOME /usr/local/jdk.1.8.2.81
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.44
ENV CATALINA_BASH /usr/local/apache-tomcat-9.0.44
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
EXPOSE 8080
CMD /usr/local/apache-tomcat-9.0.44/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.44/logs/catalina.out
[[email protected] tomcat]# docker build -t diytomcat .
#发布成功
[[email protected] tomcat]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
diytomcat latest 3f9a321c0efa About a minute ago 640MB
mycentos 1.0 4ab2ff5bb2ba 5 hours ago 291MB
paidaxing/centos 9.1 3bb6b30650fe 3 days ago 209MB
tomcat02 1.0 2cef4ca7716d 3 days ago 654MB
mysql 5.7 a70d36bc331a 7 weeks ago 449MB
tomcat 9.0 040bdb29ab37 2 months ago 649MB
tomcat latest 040bdb29ab37 2 months ago 649MB
nginx latest f6d0b4767a6c 2 months ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
elasticsearch 7.6.2 f29a1ee41030 11 months ago 791MB
#运行
[[email protected] home]# docker run -d --net="host" -p 8080:8080 --name tomcat01 -v /home/paidaxing/build/tomcat/test:/usr/local/apache-tomcat-9.0.44/webapps/test -v/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.44/logs diytomcat
fbeb93e7c177c401a2535153300ba55f90cc9173e732ba5c44764452704a6146
[[email protected] home]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fbeb93e7c177 diytomcat "/bin/sh -c '/usr/lo…" 9 seconds ago Up 8 seconds 0.0.0.0:8080->8080/tcp tomcat01
#进入容器
[[email protected] home]# docker exec -it fbeb93e7c177 /bin/bash
[[email protected] local]# ls
apache-tomcat-9.0.44 bin etc games include jdk1.8.0_281 lib lib64 libexec readme.txt sbin share src
[[email protected] local]# pwd
/usr/local
[[email protected] local]# ls -l
total 52
drwxr-xr-x 1 root root 4096 Mar 15 07:45 apache-tomcat-9.0.44
drwxr-xr-x 2 root root 4096 Nov 3 15:22 bin
drwxr-xr-x 2 root root 4096 Nov 3 15:22 etc
drwxr-xr-x 2 root root 4096 Nov 3 15:22 games
drwxr-xr-x 2 root root 4096 Nov 3 15:22 include
drwxr-xr-x 8 10143 10143 4096 Dec 9 12:50 jdk1.8.0_281
drwxr-xr-x 2 root root 4096 Nov 3 15:22 lib
drwxr-xr-x 3 root root 4096 Dec 4 17:37 lib64
drwxr-xr-x 2 root root 4096 Nov 3 15:22 libexec
-rw-r--r-- 1 root root 0 Mar 15 07:18 readme.txt
drwxr-xr-x 2 root root 4096 Nov 3 15:22 sbin
drwxr-xr-x 5 root root 4096 Dec 4 17:37 share
drwxr-xr-x 2 root root 4096 Nov 3 15:22 src
#报错,未解决
[[email protected] tomcat]# curl localhost:8080
curl: (56) Recv failure: Connection reset by peer
2、编写Dockerfile文件
发布自己的镜像
1、注册登录Dockerhub
[[email protected] /]# docker login -u paidaxin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#给镜像更名,要你的hub登录名/镜像名:版本号
[[email protected] /]# docker tag 3ec66db83b5d paidaxin/tomcat:1.0
[[email protected] /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
diytomcat latest 3ec66db83b5d 16 hours ago 640MB
paidaxin/tomcat 1.0 3ec66db83b5d 16 hours ago 640MB
mycentos 1.0 4ab2ff5bb2ba 23 hours ago 291MB
paidaxing/centos 9.1 3bb6b30650fe 3 days ago 209MB
tomcat02 1.0 2cef4ca7716d 4 days ago 654MB
mysql 5.7 a70d36bc331a 8 weeks ago 449MB
tomcat 9.0 040bdb29ab37 2 months ago 649MB
tomcat latest 040bdb29ab37 2 months ago 649MB
nginx latest f6d0b4767a6c 2 months ago 133MB
centos latest 300e315adb2f 3 months ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
elasticsearch 7.6.2 f29a1ee41030 11 months ago 791MB
#push 镜像,和下载一样,上传也是分层的
[[email protected] /]# docker push paidaxin/tomcat:1.0
The push refers to repository [docker.io/paidaxin/tomcat]
3840eb430363: Pushing [==> ] 2.778MB/58.03MB
5a5ac5466a8f: Pushing [=======> ] 2.532MB/15.9MB
24825b25e159: Pushing [> ] 2.751MB/356.6MB
413a81c31294: Pushed
2653d992f4ef: Pushing [> ] 3.807MB/209.3MB
2、阿里云镜像服务
1、登录阿里云
2、找到容器镜像服务
3、创建命名空间
4、创建容器镜像
5、浏览阿里云信息
6、push镜像
[[email protected] /]# docker push registry.cn-chengdu.aliyuncs.com/paidaxing/paidaxing:1.0
The push refers to repository [registry.cn-chengdu.aliyuncs.com/paidaxing/paidaxing]
5c40d26fba08: Pushed
dd4969f97241: Pushed
1.0: digest: sha256:02c51e3116cddbeff35da5a968ce909fcb07ff1b9688faa2eaaa2c237e9f7548 size: 739
7、上传成功,在镜像仓库查看
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-2ySCyShE-1616133602559)(C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20210316103417821.png)]
小结
Docker网络
理解Docker 0
学习之前清空下前面的docker 镜像、容器
# 删除全部容器
docker rm -f $(docker ps -aq)
# 删除全部镜像
docker rmi -f $(docker images -aq)
# 查看容器内部地址
ip address
#重新下载Tomcat镜像测试
[[email protected] /]# docker run -d -P --name tomcat01 tomcat
[[email protected] /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 040bdb29ab37 2 months ago 649MB
#查看容器的内部网络地址 ip address
#发现有个143的网络地址,是docker分配的
[[email protected] /]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
142: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
#思考。liunx能不能ping通容器内部
#可以的
[[email protected] ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.074 ms
#我们每启动一个docker容器,docker就会给docker容器分配一个ip,我们只要按照了docker,就会有一个docker0桥接模式,使用的技术是veth-pair技术!
#再次查看docker网络信息,发现多了一个143的网络地址
#可以发现这个143和之前启动的Tomcat01的142地址是对应的
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:01:e9:d7 brd ff:ff:ff:ff:ff:ff
inet 172.20.245.58/20 brd 172.20.255.255 scope global dynamic eth0
valid_lft 314843138sec preferred_lft 314843138sec
74: br-63d3626d7dc7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:85:3c:22:e8 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-63d3626d7dc7
valid_lft forever preferred_lft forever
133: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 8e:80:24:0f:b4:13 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
143: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 8e:80:24:0f:b4:13 brd ff:ff:ff:ff:ff:ff link-netnsid 0
#再启动一个Tomcat02 网卡是144
[[email protected] /]# docker run -d -P --name tomcat02 tomcat
36de4fb03692eafe717b7b42f6b518245eede2596b73de1beb713b88fefc551d
[[email protected] /]# docker exec -it tomcat02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
144: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
#再查看docker网络信息
[[email protected] /]# docker exec -it tomcat02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
144: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[[email protected] /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:01:e9:d7 brd ff:ff:ff:ff:ff:ff
inet 172.20.245.58/20 brd 172.20.255.255 scope global dynamic eth0
valid_lft 314842883sec preferred_lft 314842883sec
74: br-63d3626d7dc7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:85:3c:22:e8 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-63d3626d7dc7
valid_lft forever preferred_lft forever
133: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 76:b4:59:05:94:8d brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
143: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 8e:80:24:0f:b4:13 brd ff:ff:ff:ff:ff:ff link-netnsid 0
145: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 76:b4:59:05:94:8d brd ff:ff:ff:ff:ff:ff link-netnsid 1
#我们发现这个容器的网卡,都是一对对的。
# veth-pair 就是一对的虚拟设备接口,他们都是成对出现的,一端连着协议,一端彼此相连
# 正因为有这个特性 veth-pair 充当一个桥梁,连接各种虚拟网络设备的
# OpenStac,Docker容器之间的连接,OVS的连接,都是使用evth-pair技术
#我们来测试下Tomcat01和Tomcat02是否可以ping通
#也是可以的
[[email protected] /]# docker exec -it tomcat02 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.114 ms
# 结论:容器和容器之间是可以互相ping通
网图:
结论:tomcat01和tomcat02公用一个路由器,docker0。
所有的容器不指定网络的情况下,都是docker0路由的,docker会给我们的容器分配一个默认的可用ip。
小结
Docker使用的是Linux的桥接,宿主机是一个Docker容器的网桥 docker0
Docker中所有网络接口都是虚拟的,虚拟的转发效率高(内网传递文件)
只要容器删除,对应的网桥一对就没了!
–link
#思考一个场景:我们编写了一个微服务,database url=ip: 项目不重启,数据ip换了,我们希望可以处理这个问题,可以通过名字来进行访问容器
#直接ping是ping不同的
[[email protected] /]# docker exec -it tomcat02 ping tomcat01
ping: tomcat01: Name or service not known
#如何解决
#通过--link可以解决
[[email protected] /]# docker run -d -P --name tomcat03 --link tomcat02 tomcat
d5b624d5ccc5e32094beb37e6c7a8b0317c5506ea6d46baa63bb8d07fc4af95d
[[email protected] /]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.102 ms
#查看网络信息
[[email protected] /]# docker network inspect fc147941dd4b
{
"Name": "bridge",
"Id": "fc147941dd4b4f86f9d6991e9e4224cae145080f6898f68b15e81103c2d81b53",
"Created": "2021-03-15T17:45:42.319600456+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1" #docker0
}
]
},
"ConfigOnly": false,
"Containers": {
"36de4fb03692eafe717b7b42f6b518245eede2596b73de1beb713b88fefc551d": {
"Name": "tomcat02",
"EndpointID": "465e2300914d5d1362a8130b39113781dc937abbc08cbfdbf340ba9045a75276",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"3a8d9a318c825971e2969320920352b09ba059829f07bfb09a93946cad634859": {
"Name": "tomcat01",
"EndpointID": "5f7db6cad386842705eb4c655175c4fbbbcd80d8e7a604939adc5d825d54207f",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"d5b624d5ccc5e32094beb37e6c7a8b0317c5506ea6d46baa63bb8d07fc4af95d": {
"Name": "tomcat03",
"EndpointID": "5428ccd4b4a038c032f4c7925253beeae6034ec25515f1f2ceb513eb2c7b4fb5",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
}
},
#其实这个Tomcat03是在本地配置了tomcat02的地址
#查看hosts配置,在这里原理发现。
[[email protected] /]# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat02 36de4fb03692
172.17.0.4 d5b624d5ccc5
#–link 本质就是在hosts配置中添加映射
#现在使用Docker已经不建议使用–link了!
#自定义网络,不适用docker0!
#docker0问题:不支持容器名连接访问!
自定义网络
#查看docker网络
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fc147941dd4b bridge bridge local
a6ac3789c498 host host local
4d1ab894aec6 none null local
63d3626d7dc7 somenetwork bridge local
#bridge :桥接 docker(默认,自己创建也是用bridge模式)
#none :不配置网络,一般不用
#host :和所主机共享网络
#container :容器网络连通(用得少!局限很大)
# 我们直接启动的命令 --net bridge,而这个就是我们得docker0
# bridge就是docker0
docker run -d -P --name tomcat01 tomcat
等价于 => docker run -d -P --name tomcat01 --net bridge tomcat
# docker0,特点:默认,域名不能访问。 --link可以打通连接,但是很麻烦!
# 我们可以 自定义一个网络
[[email protected] ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
5d36c3180b51968029b07ec3ea42955619118b3cfd5ff23629f3e3848ea5169c
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fc147941dd4b bridge bridge local
a6ac3789c498 host host local
5d36c3180b51 mynet bridge local
4d1ab894aec6 none null local
63d3626d7dc7 somenetwork bridge local
[[email protected] ~]# docker network inspect mynet
#重新创建容器分配我们自定义的网络
[[email protected] ~]# docker run -d -P --name tomcat01 --net mynet tomcat
8225c3b0aeaf38b5680c67d91ddeff9afeded0ec4f0d8befb7107882dc114e65
[[email protected] ~]# docker run -d -P --name tomcat02 --net mynet tomcat
34d7b50e65e37a40ed08ab3021a6f8d98efcaafdd05ea3b73e14adf723c3ad35
#发现直接用容器名可以直接ping,因为都在同一个网段,不使用--link也可以直接ping
[[email protected] ~]# docker exec -it tomcat01 ping tomcat02
PING tomcat02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.079 ms
[[email protected] ~]# docker exec -it tomcat02 ping tomcat01
PING tomcat01 (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.092 ms
#我们自定义的网络docker当我们维护好了对应的关系,推荐我们平时这样使用网络!
#好处:
#redis -不同的集群使用不同的网络,保证集群是安全和健康的
#mysql-不同的集群使用不同的网络,保证集群是安全和健康的
#那么网段不同的两个容器是否可以ping通
#创建一个tomcat03使用默认的docker0网卡
#发现是ping不同的
[[email protected] ~]# docker run -d -P --name tomcat03 tomcat
411de1e33b75e995ead240087edd02e7a358b5eb215c0c2c2b223103debc1fb0
[[email protected] ~]# docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Name or service not known
# 要将tomcat03 连通 tomcat02 ,连通就是将 tomcat03加到 mynet网络
# 一个容器两个ip(tomcat03)
#tomcat03发现添加了mynet网络之后可以ping通
#结论:假设要跨网络操作别人,就需要使用docker network connect 连通!
[[email protected] ~]# docker network connect mynet tomcat03
[[email protected] ~]# docker exec tomcat01 ping tomcat03
PING tomcat03 (192.168.0.4) 56(84) bytes of data.
64 bytes from tomcat03.mynet (192.168.0.4): icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from tomcat03.mynet (192.168.0.4): icmp_seq=2 ttl=64 time=0.072 ms
实战:部署Redis集群
#创建Redis专属的网络
[[email protected] ~]# docker network create redis --subnet 172.38.0.0/16
ec86a0358f3302a1899ecc595955f3c40e58f7a321162963b9a913f315e09110
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fc147941dd4b bridge bridge local
a6ac3789c498 host host local
5d36c3180b51 mynet bridge local
4d1ab894aec6 none null local
ec86a0358f33 redis bridge local
63d3626d7dc7 somenetwork bridge local
#通过for循环创建六个Redis文件
[[email protected] ~]# for port in $(seq 1 6);\
> do \
> mkdir -p /mydata/redis/node-${port}/conf
> touch /mydata/redis/node-${port}/conf/redis.conf
> cat << EOF >> /mydata/redis/node-${port}/conf/redis.conf
> port 6379
> bind 0.0.0.0
> cluster-enabled yes
> cluster-config-file nodes.conf
> cluster-node-timeout 5000
> cluster-announce-ip 172.38.0.1${port}
> cluster-announce-port 6379
> cluster-announce-bus-port 16379
> appendonly yes
> EOF
> done
[[email protected] ~]# ls
[[email protected] ~]# cd mydata
-bash: cd: mydata: No such file or directory
[[email protected] ~]# cd /mydata
[[email protected] mydata]# ls
redis
[[email protected] mydata]# cd redis
[[email protected] redis]# ls
node-1 node-2 node-3 node-4 node-5 node-6
#启动服务
#Redis1
docker run -p 6371:6379 -p 16379:16379 --name redis-1 \
-v /mydata/redis/node-1/data:/data \
-v /mydata/redis/node-1/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.11 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
#Redis2
docker run -p 6372:6379 -p 16380:16379 --name redis-2 \
-v /mydata/redis/node-2/data:/data \
-v /mydata/redis/node-2/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.12 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
#Redis3
docker run -p 6373:6379 -p 16381:16379 --name redis-3 \
-v /mydata/redis/node-3/data:/data \
-v /mydata/redis/node-3/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.13 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
#redis4
docker run -p 6374:6379 -p 16382:16379 --name redis-4 \
-v /mydata/redis/node-4/data:/data \
-v /mydata/redis/node-4/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.14 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
#redis5
docker run -p 6375:6379 -p 16383:16379 --name redis-5 \
-v /mydata/redis/node-5/data:/data \
-v /mydata/redis/node-5/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.15 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
#Redis6
docker run -p 6376:6379 -p 16384:16379 --name redis-6 \
-v /mydata/redis/node-6/data:/data \
-v /mydata/redis/node-6/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.16 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
#全部脚本执行完了之后查看一下已经全部挂起来了
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2885c3c36a09 redis:5.0.9-alpine3.11 "docker-entrypoint.s…" 20 seconds ago Up 19 seconds 0.0.0.0:6376->6379/tcp, 0.0.0.0:16384->16379/tcp redis-6
f8fa02919e15 redis:5.0.9-alpine3.11 "docker-entrypoint.s…" 30 seconds ago Up 29 seconds 0.0.0.0:6375->6379/tcp, 0.0.0.0:16383->16379/tcp redis-5
cade69bb1a40 redis:5.0.9-alpine3.11 "docker-entrypoint.s…" 39 seconds ago Up 38 seconds 0.0.0.0:6374->6379/tcp, 0.0.0.0:16382->16379/tcp redis-4
55e1fd4f41ec redis:5.0.9-alpine3.11 "docker-entrypoint.s…" 49 seconds ago Up 48 seconds 0.0.0.0:6373->6379/tcp, 0.0.0.0:16381->16379/tcp redis-3
961882696d76 redis:5.0.9-alpine3.11 "docker-entrypoint.s…" 59 seconds ago Up 57 seconds 0.0.0.0:6372->6379/tcp, 0.0.0.0:16380->16379/tcp redis-2
d5bb9167df2c redis:5.0.9-alpine3.11 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 0.0.0.0:16379->16379/tcp, 0.0.0.0:6371->6379/tcp redis-1
#进入容器Redis-1
[[email protected] ~]# docker exec -it redis-1 /bin/sh
/data # ls
appendonly.aof nodes.conf
#创建集群
/data # redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379 --cluster-replicas 1
#创建成功后进入集群查看相关信息
/data # redis-cli -c
127.0.0.1:6379> cluster info
cluster_state:ok
cluster_slots_assigned:16384
cluster_slots_ok:16384
cluster_slots_pfail:0
cluster_slots_fail:0
cluster_known_nodes:6
cluster_size:3
cluster_current_epoch:6
cluster_my_epoch:1
cluster_stats_messages_ping_sent:73
cluster_stats_messages_pong_sent:75
cluster_stats_messages_sent:148
cluster_stats_messages_ping_received:70
cluster_stats_messages_pong_received:73
cluster_stats_messages_meet_received:5
cluster_stats_messages_received:148
127.0.0.1:6379> cluster nodes
2485d749d748c0bd373d25e2c1e6de36094e2879 172.38.0.14:[email protected] slave eff86a3299f4794d143ffb1ccb735549eb7a79c9 0 1615888137000 4 connected
eff86a3299f4794d143ffb1ccb735549eb7a79c9 172.38.0.13:[email protected] master - 0 1615888137590 3 connected 10923-16383
b4f869da6eead890365089d941f9d85e7758cf75 172.38.0.16:[email protected] slave ddd614967750281f19f41a679a77322435019499 0 1615888136588 6 connected
31efa7504ce8c14b909bc9d1f3bcce33d2fdf2a9 172.38.0.15:[email protected] slave 9b36017e9541d55d64096a1f6e366131694f57ef 0 1615888136000 5 connected
ddd614967750281f19f41a679a77322435019499 172.38.0.12:[email protected] master - 0 1615888136588 2 connected 5461-10922
9b36017e9541d55d64096a1f6e366131694f57ef 172.38.0.11:[email protected] myself,master - 0 1615888137000 1 connected 0-5460
#停掉master,看看从机是否会自动启用
127.0.0.1:6379> set a b
-> Redirected to slot [15495] located at 172.38.0.13:6379
OK
[[email protected] /]# docker stop redis-3
redis-3
#没有问题
127.0.0.1:6379> get a
-> Redirected to slot [15495] located at 172.38.0.14:6379
"b"
172.38.0.14:6379> cluster nodes
9b36017e9541d55d64096a1f6e366131694f57ef 172.38.0.11:[email protected] master - 0 1615888482000 1 connected 0-5460
ddd614967750281f19f41a679a77322435019499 172.38.0.12:[email protected] master - 0 1615888482827 2 connected 5461-10922
31efa7504ce8c14b909bc9d1f3bcce33d2fdf2a9 172.38.0.15:[email protected] slave 9b36017e9541d55d64096a1f6e366131694f57ef 0 1615888481000 5 connected
b4f869da6eead890365089d941f9d85e7758cf75 172.38.0.16:[email protected] slave ddd614967750281f19f41a679a77322435019499 0 1615888481323 6 connected
2485d749d748c0bd373d25e2c1e6de36094e2879 172.38.0.14:[email protected] myself,master - 0 1615888482000 7 connected 10923-16383
eff86a3299f4794d143ffb1ccb735549eb7a79c9 172.38.0.13:[email protected] master,fail - 1615888316140 1615888314000 3 connected
172.38.0.14:6379>
springboot微服务打包docker镜像
#1、构建SpringBoot项目
#创建一个hellocontroller测试
package com.example.demo.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@RequestMapping("/hello")
public String hello(){
return "hello,paidaxing";
}
}
#我本机的8080端口被占用了,我切换到了7788端口启动服务访问成功
#2、打包运行
#3、编写dockerfile
FROM java:8
COPY *.jar /app.jar
CMD ["--server.port=7788"]
EXPOSE 7788
ENTRYPOINT ["java","-jar","/app.jar"]
#4、上传文件,构建镜像
[[email protected] idea]# ll
total 16656
-rw-r--r-- 1 root root 17048669 Mar 17 11:08 demo-0.0.1-SNAPSHOT.jar
-rw-r--r-- 1 root root 120 Mar 17 11:07 Dockerfile
[[email protected] idea]# docker build -t paidaxing .
[[email protected] idea]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
paidaxing latest 94a761fada63 2 minutes ago 660MB
tomcat latest 040bdb29ab37 2 months ago 649MB
redis 5.0.9-alpine3.11 3661c84ee9d0 10 months ago 29.8MB
java 8 d23bdf5b1b1b 4 years ago 643MB
#5、运行容器访问网站
[[email protected] idea]# docker run -d -P --name paidaxing-hello paidaixing
[[email protected] idea]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a9f37ee2675b paidaxing:latest "java -jar /app.jar …" 37 seconds ago Up 36 seconds 0.0.0.0:49161->7788/tcp paidaxing-hello
#访问成功!!
[[email protected] idea]# curl localhost:49161
{"timestamp":"2021-03-17T03:17:17.811+00:00","status":404,"error":"Not Found","message":"","path":"/"}
[[email protected] idea]# curl localhost:49161/hello
hello,paidaxing[[email protected] idea]#
#文件上传
Docker Compose
简介
dockerfile build run 手动操作,单个容器
微服务。100个微服务!依赖关系。
docker compose 来轻松高效的管理容器。定义运行多个容器。
官方文档简介:(https://docs.docker.com/compose/)
定义运行多个容器
YAML file配置文件。
single command 命令
所有环境都可以使用compose。
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration. To learn more about all the features of Compose, see the list of features.
Compose works in all environments: production, staging, development, testing, as well as CI workflows. You can learn more about each case in Common Use Cases.
Using Compose is basically a three-step process:
Define your app’s environment with a
Dockerfile
so it can be reproduced anywhere.
dockerfile保证我们的项目在任何地方都可以运行。
Define the services that make up your app in
docker-compose.yml
so they can be run together in an isolated environment.
servers是什么服务
docker-compose-yml 这个文件怎么写
Run
docker compose up
and the Docker compose command starts and runs your entire app. You can alternatively run
docker-compose up
using the docker-compose binary.
启动项目。
作用:批量容器编排
compose是docker官方的开源项目。需要安装
dockerfile 让程序在任何地方运行。 Web服务、Redis、MySQL、Nginx……多个容器
compose
version: "3.9" # optional since v1.27.0
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
compose重要概念:
服务services:容器,应用(Web服务、Redis、MySQL、Nginx)
项目project:一组相关的容器。
安装compose
#官方文档下载方式(非常慢)
sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#百度上找的国内镜像地址下载非常快
[[email protected] ~]# curl -L "https://get.daocloud.io/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" > /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 423 100 423 0 0 214 0 0:00:01 0:00:01 --:--:-- 214
100 15.4M 100 15.4M 0 0 5896k 0 0:00:02 0:00:02 --:--:-- 36.5M
#查看下载目录下是否有文件
[[email protected] ~]# cd /usr/local/bin
[[email protected] bin]# ls
chardetect cloud-init docker-compose easy_install-3.6 jsondiff jsonpointer
cloud-id cloud-init-per easy_install easy_install-3.8 jsonpatch jsonschema
#授权
[[email protected] bin]# sudo chmod +x /usr/local/bin/docker-compose
#查看版本信息,查得到代表安装成功
[[email protected] bin]# docker-compose version
docker-compose version 1.27.4, build 40524192
docker-py version: 4.3.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
体验compose
#文档地址https://docs.docker.com/compose/gettingstarted/
[[email protected] home]# mkdir composetest
[[email protected] home]# cd composetest
[[email protected] composetest]# ll
total 0
#接着按照官方文档创建 app.py,requirements.txtDockerfile,docker-compose.yml
[[email protected] composetest]# ll
total 16
-rw-r--r-- 1 root root 513 Mar 17 15:35 app.py
-rw-r--r-- 1 root root 111 Mar 17 15:41 docker-compose.yml
-rw-r--r-- 1 root root 254 Mar 17 15:38 dockerfile
-rw-r--r-- 1 root root 12 Mar 17 15:36 requirements.txt
#思路整理
#(1)创建一个应用、(2)dockerfile应用打包为镜像
#(3)docker-compose.yam文件(定义整个服务需要的环境。web\redis)--完整的上线服务
#(4)启动compose项目(docker-compose up)
#流程
#1、创建网络
#2、执行docker-compose yaml
#3、启动服务 docker-compose yaml
#creating composetest_web_1 ...done
#creating composetest_redis_1 ...done
#执行的时候会报这个错composetest_web_1 exited with code 1
#我们按照代码的提示退出运行执行
#再执行docker-compose build
#执行完了之后再 docker-compose up
#再查看容器已经起来了
[[email protected] composetest]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe5c2ec7b0c3 composetest_web "flask run" 58 seconds ago Up 57 seconds 0.0.0.0:5000->5000/tcp composetest_web_1
827fd362ac1c redis:alpine "docker-entrypoint.s…" 11 minutes ago Up 57 seconds 6379/tcp composetest_redis_1
#web页面也可以正常访问
[[email protected] composetest]# curl localhost:5000
Hello World! I have been seen 1 times.
#依赖的镜像也已经自动下载
[[email protected] composetest]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
composetest_web latest ac6045d1daa4 14 minutes ago 196MB
<none> <none> 2a51e65a5d98 24 minutes ago 196MB
paidaxing latest 94a761fada63 6 hours ago 660MB
redis alpine 933c79ea2511 2 months ago 31.6MB
tomcat latest 040bdb29ab37 2 months ago 649MB
python 3.7-alpine 72e4ef8abf8e 2 months ago 41.1MB
redis 5.0.9-alpine3.11 3661c84ee9d0 10 months ago 29.8MB
java 8 d23bdf5b1b1b 4 years ago 643MB
[[email protected] composetest]# docker service ls
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.
#默认的服务名,文件名_服务名_num
#多个服务器。集群 A B _num副本数量
#服务Redis>=4个副本
#集群状态。服务都不可能只有一个实例运行。弹性 高并发
#kubecl service负载均衡
#网络规则
[[email protected] composetest]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fc147941dd4b bridge bridge local
ec3648819180 composetest_default bridge local#compose网络
a6ac3789c498 host host local
5d36c3180b51 mynet bridge local
4d1ab894aec6 none null local
ec86a0358f33 redis bridge local
63d3626d7dc7 somenetwork bridge local
#composetest_redis_1和composetest_web_1在同一个网段
#可以通过域名直接访问。
[[email protected] composetest]# docker network inspect composetest_default
"ConfigOnly": false,
"Containers": {
"827fd362ac1c2549581430d4641bc1928e60ede82b0af3fac7a703b229d32340": {
"Name": "composetest_redis_1",
"EndpointID": "377227b4d71ba26e4e5b88dda1986b86c045b0cb7cec159f5c4ff1a05e31f5da",
"MacAddress": "02:42:ac:13:00:02",
"IPv4Address": "172.19.0.2/16",
"IPv6Address": ""
},
"fe5c2ec7b0c33953eba56e863dfdc2fab1f8bf40358a7b504cdc2b0989e443c2": {
"Name": "composetest_web_1",
"EndpointID": "3384abbc243f87da99e04824e59521ce0661d24c7fdd16b2f6c1306487a8e410",
"MacAddress": "02:42:ac:13:00:03",
"IPv4Address": "172.19.0.3/16",
"IPv6Address": ""
}
},
#停止docker-compose down Ctrl+c
#要在项目目录下
#docker-compose。通过docker-compose编写yaml配置文件。
#可以通过compose一键启动所有服务、停止。
浏览器上面访问也是可以的,这就是官方测试的一个web应用
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Rhv9Ih47-1616133602564)(C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20210317164008230.png)]
compose yaml 编写规则
#docker-composeyaml 核心
#文档地址:https://docs.docker.com/compose/compose-file/
#3层
version: " " #版本
service: #服务
服务1:web
#服务配置
images
build
network
……
服务2:Redis
……
服务3:Redis
……
#其它配置 网络/卷 全局规则
#volumes、network、configs
开源项目(wordpress博客)
#docker官方文档地址:https://docs.docker.com/compose/wordpress/
#创建一个新的文件夹
[[email protected] home]# cd my_wordpress
[[email protected] my_wordpress]# ll
total 0
#编写docker-compose.yml
version: "3.9" #版本
services:
db:
image: mysql:5.7#数据库应用
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:#依赖
- db
image: wordpress:latest#应用2
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
#启动项目docker-compose up
#后台启动docker-compose up -d
[[email protected] my_wordpress]# docker compose up
#文件准备齐全(直接一键启动项目)
访问博客站点进行搭建,搭建成功我们访问前台,完全没有问题
实战:计数器
#1、编写项目微服务
#2、dockerfile构建镜像
#3、docker-compose.yaml编排项目
#4、在服务器上启动
#上传文件
[[email protected] haimian]# ll
total 25812
-rw-r--r-- 1 root root 26421170 Mar 18 10:51 demo-0.0.1-SNAPSHOT.jar
-rw-r--r-- 1 root root 171 Mar 18 10:52 docker-compose.yml
-rw-r--r-- 1 root root 122 Mar 18 10:52 Dockerfile
#compose up 一键启动
[[email protected] haimian]# docker-compose up --build
[[email protected] my_wordpress]# curl localhost:7788/hello
hello,paidadxing,thonk you with me happy1[[email protected] my_wordpress]# curl localhost:7788/hello
hello,paidadxing,thonk you with me happy2[[email protected] my_wordpress]#
#远程访问也没有问题。
总结:
工程、服务、容器
项目:compose:三层
工程Poriect
服务 服务
容器运行实例! docker k8s 容器
Docker Swarm
集群
#为四台服务安装docker
#安装完毕之后先看一下docker官方文档swarm一些原理
地址:https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/
Docker Engine 1.12引入了swarm模式,使您可以创建一个或多个Docker Engine集群,称为swarm。一个群集由一个或多个节点组成:以群集模式运行Docker Engine 1.12或更高版本的物理机或虚拟机。
管理节点和工作节点,操作都在manager管理节点上。
管理节点最少需要三台。
搭建集群
[[email protected] ~]# docker swarm --help
Usage: docker swarm COMMAND
Manage Swarm
Commands:
ca Display and rotate the root CA
init Initialize a swarm
join Join a swarm as a node and/or manager
join-token Manage join tokens
leave Leave the swarm
unlock Unlock swarm
unlock-key Manage the unlock key
update Update the swarm
Run 'docker swarm COMMAND --help' for more information on a command.
[[email protected] ~]# docker swarm init --help
Usage: docker swarm init [OPTIONS]
Initialize a swarm
Options:
--advertise-addr string Advertised address (format: <ip|interface>[:port])
#创建集群 docker swarm init 初始化一个节点
#docker swarm join 加入一个节点
#docker swarm join-token manager 获取令牌
#docker swarm join-token worker
#docker swarm leave --force 管理节点,解散集群
[[email protected] ~]# docker swarm init --advertise-addr 172.28.239.103
Swarm initialized: current node (681hwoonzdmw28thceumiuieq) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1- 1jr3qs75lpu6zcprc2z2ka6ye485dpqxucb19w6qcqgia9uv7j-1neo402s3yfhqzswzqw5shpji 172.28.239.103:2377
To add a manager to this swarm, run 'c' and follow the instructions.
#服务器docker-2加入集群成为worker节点
[[email protected] ~]# docker swarm join --token SWMTKN-1-1jr3qs75lpu6zcprc2z2ka6ye485dpqxucb19w6qcqgia9uv7j-1neo402s3yfhqzswzqw5shpji 172.28.239.103:2377
This node joined a swarm as a worker.
#查看集群节点信息
[[email protected] ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
681hwoonzdmw28thceumiuieq * iZm5e7tq4538l94vqz9upjZ Ready Active Leader 20.10.5
vbhakfutdb5jkom5j1n5zm5qd iZm5e7tq4538l94vqz9uplZ Ready Active 20.10.5
#让另外两个主机加入集群节点成为双主双从
[[email protected] ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
dn4dj1o6g8fn0bx9md2qmhim0 iZm5e7tq4538l94vqz9upiZ Ready Active Reachable 20.10.5
681hwoonzdmw28thceumiuieq * iZm5e7tq4538l94vqz9upjZ Ready Active Leader 20.10.5
xhkwosy7afij6sphlybcukq8r iZm5e7tq4538l94vqz9upkZ Ready Active 20.10.5
vbhakfutdb5jkom5j1n5zm5qd iZm5e7tq4538l94vqz9uplZ Ready Active 20.10.5
raft协议
思考:双主双从已经搭设完毕,假设一个节点挂了。其它节点是否可用。
raft协议:保证 大多数节点存活才可用。集群至少要大于三台。
#挂掉一个集群管理节点
[[email protected] ~]# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
#查看另一个集群管理节点
[[email protected] ~]# docker node ls
Error response from daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded
#因为是双主,其中一个主机停了,另一个就也使用不了。
#重新挂起节点,发现可以用了,但是Leader已经不是我们挂掉的那个节点了,变成了另外一个管理节点。
[[email protected] ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
dn4dj1o6g8fn0bx9md2qmhim0 iZm5e7tq4538l94vqz9upiZ Ready Active Leader 20.10.5
681hwoonzdmw28thceumiuieq * iZm5e7tq4538l94vqz9upjZ Ready Active Reachable 20.10.5
xhkwosy7afij6sphlybcukq8r iZm5e7tq4538l94vqz9upkZ Ready Active 20.10.5
vbhakfutdb5jkom5j1n5zm5qd iZm5e7tq4538l94vqz9uplZ Ready Active 20.10.5
#让一个工作节点离开集群 docker swarm leave
[[email protected] ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
dn4dj1o6g8fn0bx9md2qmhim0 iZm5e7tq4538l94vqz9upiZ Ready Active Leader 20.10.5
681hwoonzdmw28thceumiuieq * iZm5e7tq4538l94vqz9upjZ Ready Active Reachable 20.10.5
xhkwosy7afij6sphlybcukq8r iZm5e7tq4538l94vqz9upkZ Down Active 20.10.5
vbhakfutdb5jkom5j1n5zm5qd iZm5e7tq4538l94vqz9uplZ Ready Active 20.10.5
#恢复离开的节点,设置其为管理节点,模式变成三主一从。
[[email protected] ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
dn4dj1o6g8fn0bx9md2qmhim0 iZm5e7tq4538l94vqz9upiZ Ready Active Leader 20.10.5
681hwoonzdmw28thceumiuieq iZm5e7tq4538l94vqz9upjZ Ready Active Reachable 20.10.5
cqubo1rk3hzma2ynkcf8vj7u9 * iZm5e7tq4538l94vqz9upkZ Ready Active Reachable 20.10.5
xhkwosy7afij6sphlybcukq8r iZm5e7tq4538l94vqz9upkZ Down Active 20.10.5
vbhakfutdb5jkom5j1n5zm5qd iZm5e7tq4538l94vqz9uplZ Ready Active 20.10.5
#再次down掉一个管理节点,这次我们发现其它两个管理节点是可用的,这符合了我们raft协议大多数可用
[[email protected] ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
dn4dj1o6g8fn0bx9md2qmhim0 iZm5e7tq4538l94vqz9upiZ Ready Active Leader 20.10.5
681hwoonzdmw28thceumiuieq iZm5e7tq4538l94vqz9upjZ Ready Active Unreachable 20.10.5
cqubo1rk3hzma2ynkcf8vj7u9 * iZm5e7tq4538l94vqz9upkZ Ready Active Reachable 20.10.5
xhkwosy7afij6sphlybcukq8r iZm5e7tq4538l94vqz9upkZ Down Active 20.10.5
vbhakfutdb5jkom5j1n5zm5qd iZm5e7tq4538l94vqz9uplZ Ready Active 20.10.5
#我们再down掉一个管理节点,发现剩下的管理节点是不可用的。
[[email protected] ~]# docker node ls
Error response from daemon: rpc error: code = Unknown desc = The swarm does not have a leader. It's possible that too few managers are online. Make sure more than half of the managers are online.
#这就能很好地理解上面那个官方网站的图,最少需要三个主节点,保证存活大于1台的管理节点存活
#raft协议:保证大多数存活,才可使用,达到我们高可用的要求。
Docker swarm 集群弹性创建服务
弹性,扩缩容,集群
告别docker run
docker-compose ,启动一个项目 单机
集群:swarm service
容器>服务
容器>服务>副本
Redis服务>=10个副本
#灰度发布,金丝雀
[[email protected] ~]# docker service --help
Usage: docker service COMMAND
Manage services
Commands:
create Create a new service
inspect Display detailed information on one or more services
logs Fetch the logs of a service or task
ls List services
ps List the tasks of one or more services
rm Remove one or more services
rollback Revert changes to a service's configuration
scale Scale one or multiple replicated services
update Update a service
Run 'docker service COMMAND --help' for more information on a command.
#docker run 容器启动!不具备扩缩容。
#docker service 服务! 具有扩缩容器,滚动更新。
[[email protected] ~]# docker service create -p 7788:80 --name my-nginx nginx
qktvdpw9j2i0543cvscc8hit9
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
[[email protected] ~]# docker service ps my-nginx
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ij9np5kqyliq my-nginx.1 nginx:latest iZm5e7tq4538l94vqz9upjZ Running Running 2 minutes ago
#查看服务 replicas
[[email protected] ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
qktvdpw9j2i0 my-nginx replicated 1/1 nginx:latest *:7788->80/tcp
#为服务增加副本
[[email protected] ~]# docker service update --replicas 3 my-nginx
my-nginx
overall progress: 3 out of 3 tasks
1/3: running [==================================================>]
2/3: running [==================================================>]
3/3: running [==================================================>]
verify: Service converged
#我们可以通过docker ps 查看到我们所创建的容器副本被随机分配到其它集群节点上。
#查看docker2节点,这个节点上没有运行容器副本,但是一样可以远程访问服务。
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#集群就是一个整体
#动态扩缩容
#服务,集群中任意节点都可以访问,服务可以有多个副本动态扩缩容实现高可用
#我现在不想要那么多副本,只想要一个,也是可以的,我们直接更新服务为一个副本就行了
[[email protected] ~]# docker service update --replicas 1 my-nginx
my-nginx
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9a33d46f1cf4 nginx:latest "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 80/tcp my-nginx.1.ij9np5kqyliqhejn1rrblyb95
#副本拓展docker service scale my-nginx=5
#和之前那个是一样的,不过这个更方便。
[[email protected] ~]# docker service scale my-nginx=5
my-nginx scaled to 5
overall progress: 5 out of 5 tasks
1/5: running [==================================================>]
2/5: running [==================================================>]
3/5: running [==================================================>]
4/5: running [==================================================>]
5/5: running [==================================================>]
verify: Service converged
#移除服务
[[email protected] ~]# docker service rm my-nginx
my-nginx
[[email protected] ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
#docker swarm其实不难
#只要会搭建集群,会启动服务,动态管理容器就可以了。
概念总结
swarm
集群的管理和编排,docker可以初始化一个swarm集群,其它节点可以加入。
node
就是一个docker节点,多个节点组成了一个网络集群。
service
任务,可以在管理节点或工作节点来运行。
task
容器的命令
拓展
网络模式:
swarm
overlay
ingress:特殊overlay网络!负载均衡功能!IPVS VIP!
虽然docker在四台机子上,实际上是一个网络。
Docker Stack
#单机
docker-compose up -d wordpress.yaml
#集群
docker stack deploy wordpress.yaml
#案例
version: "3"
services:
nginx:
image: nginx:alpine
ports:
- 80:80
deploy:
mode: replicated
replicas: 4
visualizer:
image: dockersamples/visualizer
ports:
- "9001:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:#集群部署
replicas: 1
placement:
constraints: [node.role == manager]
portainer:
image: portainer/portainer
ports:
- "9000:9000"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
Docker Secret
安全!配置密码。证书。
k8s里面再深入了解。
Docker Config
配置
[[email protected] ~]# docker config --help
Usage: docker config COMMAND
Manage Docker configs
Commands:
create Create a config from a file or STDIN
inspect Display detailed information on one or more configs
ls List configs
rm Remove one or more configs
结语:
–help
k8s
go语言
云原生
CI\CD
devops是一种思想方法论,它涵盖开发、测试、运维的整个过程。
devops强调软件开发人员与软件测试、软件运维,质量保证(QA)
部门之间有效的沟通与协作。
强调通过自动化的方法管理软件变更,软件继承。
使软件从构建到测试,发布更加快捷、可靠,最终按时交付。
最初是瀑布模型,后来是敏捷开发,现在是DevOps,这是现代开发人员构建出色的产品的技术路线。随着DevOps的兴起,出现了持续集成(Continuous Integration)、持续交付(Continuous Delivery) 、持续部署(Continuous Deployment) 的新方法。传统的软件开发和交付方法正在迅速变得过时。从历史上看,在敏捷时代,大多数公司会每月,每季度,每两年甚至每年发布部署/发布软件。然而,现在,在DevOps时代,每周,每天,甚至每天多次是常态。当SaaS正在占领世界时,尤其如此,您可以轻松地动态更新应用程序,而无需强迫客户下载新组件。很多时候,他们甚至都不会意识到正在发生变化。开发团队通过软件交付流水线(Pipeline)实现自动化,以缩短交付周期,大多数团队都有自动化流程来检查代码并部署到新环境。今天,我们将介绍什么是CI / CD / CD,以及现代软件公司如何使用工具将部署代码的流程自动化。
持续集成的重点是将各个开发人员的工作集合到一个代码仓库中。通常,每天都要进行几次,主要目的是尽早发现集成错误,使团队更加紧密结合,更好地协作。
持续交付的目的是最小化部署或释放过程中固有的摩擦。它的实现通常能够将构建部署的每个步骤自动化,以便任何时刻能够安全地完成代码发布(理想情况下)。
持续部署是一种更高程度的自动化,无论何时对代码进行重大更改,都会自动进行构建/部署。
这些阶段中的每一个都是交付管道的一部分 。在Humble和Farley的书《持续交付:可靠的软件版本中,通过构建,测试和部署自动化》,解释“对软件的每次更改,都会在发布过程中经历一个复杂的过程。该过程涉及构建软件,然后通过多个测试和部署阶段进行这些构建。反过来,这需要许多人之间的合作,也许需要几个团队之间的合作。部署管道对此过程进行建模,并且它在持续集成和发布管理工具中的实现,使您能够在从版本控制转移到各种测试和部署,以向用户发布时查看和控制每个更改的进度。”