Docker实践(二)
1、Docker网络和存储html
1. Docker网络访问mysql
[root@localhost ~]# iptables -vnLlinux
Chain INPUT (policy ACCEPT 328K packets, 440M bytes)nginx
pkts bytes target prot opt in out source destination git
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53github
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53web
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67sql
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67chrome
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)docker
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstateRELATED,ESTABLISHED
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstateRELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-withicmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 298K packets, 18M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@localhost~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 2079 packets, 163Kbytes)
pkts bytes target prot opt in out source destination
11 780 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 2067 packets, 162K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 793 packets, 50031 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 793 packets, 50031 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports:1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports:1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
[root@localhost ~]# brctl show //查看桥接,如下docker0为docker的桥接网卡
bridge name bridge id STPenabled interfaces
docker0 8000.02425122513f no
virbr0 8000.5254007c0675 yes virbr0-nic
经过如下两种映射方式,能够直接从容器外部访问docker容器内的服务:
随机映射:
[root@localhost~]# docker p_w_picpaths
REPOSITORY TAG IMAGE ID CREATED SIZE
daocloud.io/library/centos latest c3987965c15d 2 weeks ago 196.5 MB
docker.io/centos latest 0584b3d2cf6d 2 weeks ago 196.5 MB
daocloud.io/library/tomcat latest ebb17717bed4 2 weeks ago 355.4 MB
daocloud.io/library/nginx latest 067c8da9d5ab 4 weeks ago 181.4 MB
daocloud.io/daocloud/tutum-mysql latest d8d5e73655c0 8months ago 317.8 MB
[root@localhost ~]# docker run -d -P daocloud.io/library/nginx //随机映射,经过-大P
78b7b435fe729d7fa7e8344a7165b8506ee1e5d8df81c26aca5888f89f6ec065
[root@localhost ~]# docker ps -l //查看更详细的容器运行状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78b7b435fe72 daocloud.io/library/nginx "nginx -g 'daemon off" 8 seconds ago Up 7seconds 0.0.0.0:32769->80/tcp,0.0.0.0:32768->443/tcp elated_keller
[root@localhost ~]# curl -I 192.168.8.113:32769
HTTP/1.1 200 OK
Server: nginx/1.11.5
Date: Sun, 20 Nov 2016 14:17:54 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 11 Oct 2016 15:03:01 GMT
Connection: keep-alive
ETag: "57fcff25-264"
Accept-Ranges: bytes
[root@localhost ~]# docker logs 78b7b435fe72 //查看上面的nginx访问日志
192.168.8.113 - - [20/Nov/2016:14:17:40 +0000]"GET / HTTP/1.1" 200 612 "-" "curl/7.29.0""-"
192.168.8.113 - - [20/Nov/2016:14:17:47 +0000]"GET / HTTP/1.1" 200 612 "-" "curl/7.29.0""-"
192.168.8.113 - - [20/Nov/2016:14:17:50 +0000]"GET / HTTP/1.1" 200 612 "-" "curl/7.29.0""-"
指定ip、协议或端口映射:
[root@localhost ~]# docker run -d -p 81:80 daocloud.io/library/nginx //-小p指定端口映射
7cf3dc36e8bd863350fbd2fc8da88a7289a15d95f8400e47ec907ae33f41ed04
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7cf3dc36e8bd daocloud.io/library/nginx "nginx -g 'daemon off" 7 seconds ago Up 5seconds 443/tcp,0.0.0.0:81->80/tcp stoic_bohr
78b7b435fe72 daocloud.io/library/nginx "nginx -g 'daemon off" 20 minutes ago Up 20minutes 0.0.0.0:32769->80/tcp,0.0.0.0:32768->443/tcp elated_keller
2. Docker存储
1. 数据卷(相似NFS)
[root@localhost~]# docker run -it --name volume-test1 -v /data centos //指定目标挂载卷
[root@10c9c9a8333c /]# ls -l/data
total 0
[root@localhost ~]# docker inspect 10c9c9a8333c //列出容器的全部信息
[root@localhost ~]# docker inspect 10c9c9a8333c|grep "data"
"Source":"/var/lib/docker/volumes/41bcdd63f68b161c8f5cec2c7aa81a491ad3b14a2c39be203cd2e06d377dc138/_data",
"Destination":"/data",
"/data": {}
[root@localhost ~]# cd /var/lib/docker/volumes/41bcdd63f68b161c8f5cec2c7aa81a491ad3b14a2c39be203cd2e06d377dc138/_data
[root@localhost _data]# touch 123
[root@10c9c9a8333c /]# ls -l /data
total 0
-rw-r--r--. 1 root root 0 Nov 2014:51 123
[root@localhost _data]# pwd
/var/lib/docker/volumes/41bcdd63f68b161c8f5cec2c7aa81a491ad3b14a2c39be203cd2e06d377dc138/_data
[root@localhost _data]# docker run -it -v /opt:/opt centos //指定源和目标挂载卷
[root@6262b9129773 /]# cd /opt
[root@6262b9129773 opt]# ll
total 1936192
-rw-r--r--. 1 107 107 632291328 Nov 19 11:52CentOS-7-x86_64-Minimal-1511.iso
-rw-r--r--. 1 root root5368709120 Nov 19 21:07 CentOS-7-x86_64-Minimal-1511.raw
[root@localhost opt]# touch hehe //物理机增长文件
[root@6262b9129773 opt]# ll //容器内的opt目录查看,已有物理机增长的文件
total 1936192
-rw-r--r--. 1 107 107 632291328 Nov 19 11:52CentOS-7-x86_64-Minimal-1511.iso
-rw-r--r--. 1 root root5368709120 Nov 19 21:07 CentOS-7-x86_64-Minimal-1511.raw
-rw-r--r--. 1 root root 0 Nov 20 15:00 hehe
[root@localhost _data]# docker run -it -v /opt:/opt:ro centos //挂载时指定权限,rw可读可写,ro只读。
[root@localhost _data]# docker run -it -v ~/.bash_history:/.bash_history centos //挂载单个文件到容器内
2. 数据卷容器
[root@localhost~]# docker run -d --name nfs -v /data centos
b20c906b6d294a69ee5185f28140b4526a7ec3cd0a910b01d698a690b10bc104
[root@localhost ~]# docker run-it --name test1 --volumes-from nfs centos
[root@694de5623330 /]# ls/data
[root@localhost ~]# docker ps-a|grep nfs
b20c906b6d29 centos "/bin/bash" 9 minutes ago Exited (0) 9minutes ago nfs
[root@localhost ~]# docker inspect b20c906b6d29|grep data
"Source":"/var/lib/docker/volumes/410ded5e8d7ea33ac483c774d6e5e03f0058920dada4522b3e9dc5b33a774a19/_data",
"Destination":"/data",
"/data": {}
[root@localhost _data]# cd /var/lib/docker/volumes/410ded5e8d7ea33ac483c774d6e5e03f0058920dada4522b3e9dc5b33a774a19/_data
[root@localhost _data]# ll
total 0
[root@localhost _data]# touch heha
[root@694de5623330 /]# ls /data
Heha
2、Docker手动构建镜像
#使用镜像启动docker容器
[root@localhost~]# docker run -it --name “my-nginx”docker.io/centos
[root@99512cefb074/]# rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
Retrieving http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.txjYCK: Header V3 RSA/SHA256 Signature, key ID352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:epel-release-7-8 ################################# [100%]
[root@99512cefb074 /]# yum install nginx –y
[root@99512cefb074 /]# vi /etc/nginx/nginx.conf
在第1行添加以下内容:
daemon off;
[root@99512cefb074 /]# vi /etc/rc.local
#start nginx
/usr/sbin/nginx
[root@99512cefb074 /]# /usr/sbin/nginx
[root@99512cefb074 /]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 158/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 158/nginx: master p
[root@99512cefb074 /]# exit
#查看容器运行状态
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
99512cefb074 linuxzkq/nginx:v2 "/bin/bash" 4minutes ago Exited (0) 4 secondsago mynginx
#提交镜像
[root@localhost ~]# docker commit -m "my-nginx" 99512cefb074 linuxzkq/nginx:v2
sha256:009edeb97d41cd1fb3d75afcb1f3a71f1afff10425ed1d0362dd0040acac1bc5
-m:指定提交的说明信息
99512cefb074 :容器的id
linuxzkq/nginx:v2:指定仓库名和TAG信息
#查看镜像
[root@localhost ~]# docker p_w_picpaths
REPOSITORY TAG IMAGE ID CREATED SIZE
linuxzkq/nginx v2 009edeb97d41 6 secondsago 401.5 MB
daocloud.io/library/centos latest c3987965c15d 3 weeksago 196.5 MB
#使用新提交的镜像启动docker容器
[root@localhost ~]# docker run -d -p 80:80 linuxzkq/nginx:v2/usr/sbin/nginx
ae9a2bf9e132667f31e2336b2dc722500ff3040136273218d49ff6eb50e7d018
'-p': 端口映射,第一个80为本地端口,第二个80为docker容器端口
linuxzkq/nginx:v2: 刚才提交的镜像名称
/usr/sbin/nginx: 启动nginx程序
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae9a2bf9e132 linuxzkq/nginx:v2 "/usr/sbin/nginx" 7seconds ago Up 5 seconds 0.0.0.0:80->80/tcp adoring_kalam
[root@localhost ~]# netstat -tunlp|grep 80
tcp6 0 0 :::80 :::* LISTEN 24183/docker-proxy
[root@localhost ~]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Thu, 24 Nov 2016 15:32:55 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Mon, 31 Oct 2016 12:37:02 GMT
Connection: keep-alive
ETag: "58173aee-e74"
Accept-Ranges: bytes
3、使用Dockerfile建立镜像
#建立dockerfile文件:
[root@localhost~]# mkdir /opt/dockerfile/nginx -p
[root@localhost~]# cd /opt/dockerfile/nginx
[root@localhostnginx]# touch dockerfile
[root@localhostnginx]# ll
total 4
-rw-r--r--. 1 root root 0 Nov 25 00:16 dockerfile
-rw-r--r--. 1 root root 3700 Oct 31 20:37 index.html //此文件为上传的,必须和dockerfile文件放到一块儿。
#文件内容:
# This docker file
# Version v1
# Author: linuxzkq
# Base p_w_picpath
FROM centos
# Maintainer
# MAINTAINER linuxzkq 1729294227@qq.com
# Commands
RUN rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
RUN yum install nginx -y
ADD index.html/usr/share/nginx/html/index.html
RUN echo "daemonoff;" >> /etc/nginx/nginx.conf
EXPOSE 80
CMD ["/usr/sbin/nginx"]
#:注释行FROM:告诉Docker使用哪一个镜像做为基础MAINTAINER:维护者的信息RUN:要执行的操做或命令EXPOSE:向外部开放端口
ADD:往建立的镜像里面放点文件(copy文件,会自动解压)CMD:描述容器启动后运行的程序
#生成镜像:
[root@localhostnginx]# docker build -t "linuxzkq/mynginx:v3" /opt/dockerfile/nginx
Sending build context to Docker daemon 6.656 kB
Step 1 : FROM centos
---> 0584b3d2cf6d
Step 2 : RUN rpm -ivhhttp://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
---> Running in1d63f384d48e
warning: /var/tmp/rpm-tmp.gItLFd: Header V3 RSA/SHA256Signature, key ID 352c64e5: NOKEY
Retrievinghttp://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
Preparing... ########################################
Updating / installing...
epel-release-7-8 ########################################
---> 30f24dde6a03
Removing intermediate container 1d63f384d48e
Step 3 : RUN yum install nginx -y
---> Running inf33d845038dc
Loaded plugins: fastestmirror, ovl
https://epel.mirror.angkasa.id/pub/epel/7/x86_64/repodata/9edce4d5e3c9437849fbbbae7c2faa50a9b0326b968dd8faa66ece83984c23de-primary.sqlite.xz:[Errno 12] Timeout onhttps://epel.mirror.angkasa.id/pub/epel/7/x86_64/repodata/9edce4d5e3c9437849fbbbae7c2faa50a9b0326b968dd8faa66ece83984c23de-primary.sqlite.xz:(28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30seconds')
Determining fastest mirrors
* base: mirrors.btte.net
* epel: mirror.premi.st
* extras:mirrors.btte.net
* updates:mirrors.btte.net
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.10.2-1.el7 will be installed
--> Processing Dependency: nginx-filesystem = 1:1.10.2-1.el7for package: 1:nginx-1.10.2-1.el7.x86_64
--> Processing Dependency: nginx-all-modules = 1:1.10.2-1.el7for package: 1:nginx-1.10.2-1.el7.x86_64
--> Processing Dependency: openssl for package:1:nginx-1.10.2-1.el7.x86_64
。。。。。。
Installing:
nginx x86_64 1:1.10.2-1.el7 epel 505 k
Installing for dependencies:
GeoIP x86_64 1.5.0-9.el7 base 709 k
fontconfig x86_64 2.10.95-7.el7 base 228 k
fontpackages-filesystem noarch 1.44-8.el7 base 9.9 k
freetype x86_64 2.4.11-11.el7 base 391 k
。。。。。。
Installing :1:nginx-1.10.2-1.el7.x86_64 52/54
Installing :1:nginx-mod-http-perl-1.10.2-1.el7.x86_64 53/54
Installing : 1:nginx-all-modules-1.10.2-1.el7.noarch 54/54
Verifying : perl-HTTP-Tiny-0.033-3.el7.noarch 1/54
。。。。。。
Complete!
---> 51706bb3c2b7
Removing intermediate container f33d845038dc
Step 4 : ADD index.html /usr/share/nginx/html/index.html
---> 8f83c05f78cf
Removing intermediate container c950deffc2e9
Step 5 : RUN echo “daemon off;”>> /etc/nginx/nginx.conf
---> Running ine487f7fddaea
---> 414cb47691cd
Removing intermediate container fe6d8a8269b5
Step 6 : EXPOSE 80
---> Running in73503b9727d4
---> 831ac040cc67
Removing intermediate container 73503b9727d4
Step 7 : CMD [“/usr/sbin/nginx”]
---> Running ind28d018734ae
---> 6f988f0e763b
Removing intermediate container d28d018734ae
Successfully built 6f988f0e763b
其中-t标记来添加tag,指定新的镜像的用户信息。“/opt/dockerfile/nginx”是Dockerfile所在的路径
#使用生成镜像启动容器:
[root@localhost nginx]# docker run -dit -p 80:80 linuxzkq/mynginx:v3
a4aed4b5f6ae421746ebe5b68119c1426ae848f7f59bab501829ace00dea4306
[root@localhost nginx]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a4aed4b5f6ae linuxzkq/mynginx:v3 "/usr/sbin/nginx" 2seconds ago Up 1 seconds 0.0.0.0:80->80/tcp pedantic_ritchie
Dockerfile 语法:
一个简单的例子:
1. # Print "Hello docker!"
2. RUN echo "Hello docker!"
FROM
第一条指令必须为 FROM 指令,用来指定使用的镜像,#号开头的为注释。
1. FROM centos:6
MAINTAINER
指定维护者信息。
1. MAINTAINER xiaohou
RUN
RUN 指令对镜像执行跟随的命令。
1. RUN echo "xiaohou">/opt/author
CMD
和RUN命令类似,CMD能够用于执行特定的命令。和RUN不一样的是,这些命令不是在镜像构建的过程当中执行的,而是在用镜像构建容器后被调用。
1. CMD "echo""Hello docker!"
支持三种格式
CMD [“executable”,”param1″,”param2″] 使用 exec 执行,推荐方式;
CMD command param1 param2 在 /bin/sh 中执行,提供给须要交互的应用;
CMD [“param1″,”param2”] 提供给 ENTRYPOINT 的默认参数;
VOLUME
VOLUME命令用于让你的容器访问宿主机上的目录。
1. VOLUME ["/my_files"]
EXPOSE
EXPOSE用来指定端口,使容器内的应用能够经过端口和外界交互。
1. EXPOSE 80
ENV
用来设置环境变量
1. ENV LANG en_US.UTF-8
2. ENV PATH /usr/local/postgres-$PG_MAJOR/bin:$PATH
WORKDIR
至关于CD命令,指定以后的RUN命令的运行目录
1. WORKDIR /a
2. WORKDIR b
3. WORKDIR c
4. RUN pwd
ADD
将源文件拷贝到容器对应的路径
1. ADD <src><dest>
能够是Dockerfile所在目录的一个相对路径,也能够是一个 URL;还能够是一个tar 文件(自动解压为目录)。
4、Docker-Registry私有仓库构建
#拉取registry镜像
[root@localhost nginx]# docker pull registry
[root@localhost nginx]# docker p_w_picpaths
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest c9bd19d022f6 5 weeksago 33.27 MB
[root@localhost ~]# mkdir /opt/data/registry –p
#运行建立私有仓库
registry的介绍提到的最佳实践建议将registry做为容器运行起来。
默认状况下,会将仓库存放于容器内的/tmp/registry目录下,这样若是容器被删除,则存放在容器内的镜像也会丢失,因此通常状况下会指定本地一个目录挂载到容器内的/tmp/registry下,以下:
[root@localhost ~]# docker run -d -p 5000:5000 -v/opt/data/registry:/tmp/registry registry
00b1e3a57642f6353a53dce9d50a635caaef0bd35a1a4131e80a67a15a2ec238
-p: 端口映射,第一个5000为本地端口,第二个5000为docker容器端口
-v: 指定源和目标挂载卷,-v/opt/data/registry:/tmp/registry, /opt/data/registry/为本地目录,/tmp/registry为docker容器内的目录
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
00b1e3a57642 registry "/entrypoint.sh/etc/" 35 seconds ago Up 34 seconds 0.0.0.0:5000->5000/tcp pedantic_heyrovsky
[root@localhost ~]# docker p_w_picpaths
REPOSITORY TAG IMAGE ID CREATED SIZE
linuxzkq/mynginx v5 f0e91fa9ede2 43 hoursago 400.5 MB //手工建立的镜像
docker.io/registry latest c9bd19d022f6 5 weeksago 33.27 MB
#向私有仓库push一个镜像
[root@localhost ~]# docker tag linuxzkq/mynginx:v5localhost:5000/zkq/mynginx:latest
[root@localhost ~]# docker push localhost:5000/zkq/mynginx:latest
The push refers to a repository [localhost:5000/zkq/mynginx]
a54678910e90: Pushed
525dc2fb194f: Pushed
ce5fb7f85633: Pushed
97ca462ad9ee: Pushed
latest: digest: sha256:76bcd5f2631cafff12d8b2de38b5d9481883d927cadb35c9544b9498603def88size: 1138
#结果确认
[root@localhost ~]# docker p_w_picpaths
REPOSITORY TAG IMAGE ID CREATED SIZE
linuxzkq/mynginx v5 f0e91fa9ede2 43 hours ago 400.5 MB
localhost:5000/zkq/mynginx latest f0e91fa9ede2 43 hoursago 400.5 MB
docker.io/registry latest c9bd19d022f6 5 weeksago 33.27 MB
#从私库中pull镜像
事前准备:将其余镜像都删除,以便确认该镜像确实是从私有仓库中pull出来的.
[root@localhost ~]# docker pull localhost:5000/zkq/mynginx
Using default tag: latest
Trying to pull repository localhost:5000/zkq/mynginx ...
latest: Pulling from localhost:5000/zkq/mynginx
Digest:sha256:76bcd5f2631cafff12d8b2de38b5d9481883d927cadb35c9544b9498603def88
Status: Image is up to date for localhost:5000/zkq/mynginx:latest
[root@localhost ~]# docker p_w_picpaths
REPOSITORY TAG IMAGE ID CREATED SIZE
linuxzkq/mynginx v5 f0e91fa9ede2 43 hoursago 400.5 MB
localhost:5000/zkq/mynginx latest f0e91fa9ede2 43 hoursago 400.5 MB
docker.io/registry latest c9bd19d022f6 5 weeksago 33.27 MB
[root@localhost ~]# docker run -it localhost:5000/zkq/mynginx /bin/sh
sh-4.2# hostname
f9fd364dc6da
sh-4.2# exit
exit
5、Docker的资源隔离(LXC:Linux资源隔离机制)
Linux kernel namespace: pid net ipc mnt uts user
6、Docker集中化web界面管理平台shipyard
一、Docker Shipyard是什么 ?shipyard是一个开源的docker管理平台,记得之前安装很麻烦的,如今官方有了自动安装脚本,使用很是方便。复制、粘贴、使用,就这么简单。先不研究他是如何实现的,安装使用起来再说。
$ curl -s https://shipyard-project.com/deploy| bash -s
Deploying Shipyard
-> Starting Database
-> Starting Discovery
-> Starting Cert Volume
-> Starting Proxy
-> Starting Swarm Manager
-> Starting Swarm Agent
-> Starting Controller
Waiting for Shipyard on 192.168.2.xxx:8080
..
Shipyard available at http://192.168.2.xxx:8080
Username: admin Password: shipyard
Shipyard 启用了7个容器,默认访问端口是8080,默认用户名和密码是admin 和 shipyard
注意事项:
若是安装出现了问题怎么办?是不是由于端口冲突?网络出现问题怎么办?这个项目用到了哪些Docker镜像?一键安装的脚本是如何实现的?
一、Shipyard的默认访问端口为8080,这个端口许多程序都会用,使用时尽可能要避免冲突。若是你在测试机器上安装过多款软件,而后再安装Shipyard时,却发现没法访问Shipyard,能够考虑一下,是否是由于端口被其余程序占用的问题。
二、因为网络的缘由,所以第一次执行时可能不会很顺利,镜像可能未下载全,又或者端口冲突,致使没法经过8080端口访问shipyard页面。查看主机发现其中有几个Shipyard容器已经运行了,怎么办?不妨先使用 docker ps -a 命令,查看一下正在进行的容器状况,而后用docker stop xxx 把7个shipyard开头的容器都中止掉、最后再用docker rm xxx 把上一次安装出现问题的容器都删除掉,最后再次执行curl这一行命令。
三、比较稳妥的方法是先下载这七个Docker镜像,而后再运行这一行。其中rethinkdb 181MB,shipyard/shipyard 58MB,七个一共300MB。
docker pull alpineshipyard/shipyard
docker pull swarm
docker pull shipyard/shipyard
docker pull rethinkdb
docker pull microbox/etcd
docker pull ehazlett/curl
docker pull shipyard/docker-proxy
四、若是访问不了,请检查你使用的浏览器,记得使用谷歌的chrome浏览器。
五、安装Shipyard 的脚本地址: https://shipyard-project.com/deploy,有兴趣的能够看一看如何部署一个小型的容器应用。
其特性主要包括:
· 支持节点动态集群,可扩展节点的规模(swarm、etcd方案)
· 支持镜像管理、容器管理、节点管理等功能
· 可视化的容器管理和监控管理
· 在线容器console终端
二、 Shipyard中文版源代码托管在github,有兴趣能够访问git获取代码。
容器集群工具
Kubernetes, Swarm, Mesos…
结论
编排、集群以及管理容器显然有多种选择。话虽如此,但这些选择通常都是高度分化的。在编排方面,咱们能够说:
Swarm具备使用标准Docker接口的优点(及劣势)。虽然这样使得它与现有的工做流程交互起来简单易用,但也可能对于支持更为复杂的定义在定制接口的调度变得更加困难。
Fleet是底层级的并且至关简单的编排层,它被于运行更高级别的编排工具,例如Kubernetes或者自定义系统。
Kubernetes是带有服务发现和复制的编排工具。它可能须要从新设计一些现有的应用程序,可是正确地使用能够提供一个可容错和可扩展的系统。
Mesos是一种底层级、久经沙场的调度器,对于容器的编排,它支持多种frameworks,包括Marathon、Kubernetes、和Swarm。在写这篇文章的时候,Kubernetes和Mesos比Swarm开发的更多以及更为稳定。在规模上,只有Mesos已经证实了支持成百上千个节点的大型系统。可是,对于小的集群比方说,还不到十几个节点的集群,用Mesos可能过于复杂。
本文部份内容参考了老男孩教育博客:http://blog.oldboyedu.com
- 1. Docker 实践(二):使用教程
- 2. Docker开发实践笔记二
- 3. Docker实践
- 4. docker swarm实践
- 5. Docker实践(一)
- 6. docker 实践
- 7. docker-nginx实践
- 8. Docker 实践
- 9. docker-compose实践
- 10. Docker实践 —— 安装Docker
- 更多相关文章...
- • Thymeleaf项目实践 - Thymeleaf 教程
- • Hibernate整合EHCache实现二级缓存 - Hibernate教程
- • TiDB 在摩拜单车在线数据业务的应用和实践
- • Java Agent入门实战(二)-Instrumentation源码概述
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Docker 实践(二):使用教程
- 2. Docker开发实践笔记二
- 3. Docker实践
- 4. docker swarm实践
- 5. Docker实践(一)
- 6. docker 实践
- 7. docker-nginx实践
- 8. Docker 实践
- 9. docker-compose实践
- 10. Docker实践 —— 安装Docker