Docker基础
一、检查物理机版本,实验环境rhel7.2
[root@foundation62 docker]# uname -r
3.10.0-327.el7.x86_64
[root@foundation62 docker]# cat /etc/os-release
NAME="Red Hat Enterprise Linux Server"
VERSION="7.2 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="7.2"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.2 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.2:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.2"
二、安装Docker
首先用的是docker1.10.3版本
[root@foundation62 docker]# ls
docker-engine-1.10.3-1.el7.centos.x86_64.rpm nginx.tar
docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm ubuntu.tar
安装docker时,先安装依赖包
[root@foundation62 docker]# rpm -ivh docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm
warning: docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID 2c52609d: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:docker-engine-selinux-1.10.3-1.el################################# [100%]
setsebool: SELinux is disabled.
[root@foundation62 docker]# rpm -ivh docker-engine-1.10.3-1.el7.centos.x86_64.rpm
warning: docker-engine-1.10.3-1.el7.centos.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 2c52609d: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:docker-engine-1.10.3-1.el7.centos################################# [100%]
[root@foundation62 docker]# ls
docker-engine-1.10.3-1.el7.centos.x86_64.rpm docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm
[root@foundation62 docker]# docker version
Client:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
开启Docker
[root@foundation62 docker]# systemctl start docker
查看Docker状态
[root@foundation62 docker]# systemctl status docker
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2017-05-09 10:16:44 CST; 1s ago
Docs: https://docs.docker.com
Main PID: 6565 (docker)
CGroup: /system.slice/docker.service
└─6565 /usr/bin/docker daemon -H fd://
May 09 10:16:43 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:43 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:43 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:44 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:44 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:44 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:44 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:44 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
May 09 10:16:44 foundation62.ilt.example.com systemd[1]: Started Docker Appli...
May 09 10:16:44 foundation62.ilt.example.com docker[6565]: time="2017-05-09T1...
Hint: Some lines were ellipsized, use -l to show in full.
[root@foundation62 docker]# docker version
Client:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
三、容器管理
查看容器状态
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
查看镜像状态
[root@foundation62 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
导入镜像
[root@foundation62 docker]# docker load -i ubuntu.tar
[root@foundation62 docker]# docker load -i nginx.tar
此刻查看镜像状态,有镜像Ubuntu和nginx
[root@foundation62 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
创建容器,没有指定名称的时候,会自动生成
[root@foundation62 docker]# docker run -it ubuntu
root@60be275d99b8:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@60be275d99b8:/# [root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
60be275d99b8 ubuntu "/bin/bash" 17 seconds ago Up 15 seconds nostalgic_ritchie
创建容器,并给容器名称docker1,ctrl+q+p将容器打入后台运行
[root@foundation62 docker]# docker run -it --name docker1 ubuntu
root@347ab6df8d56:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@347ab6df8d56:/# [root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
347ab6df8d56 ubuntu "/bin/bash" 18 seconds ago Up 15 seconds docker1
60be275d99b8 ubuntu "/bin/bash" 2 minutes ago Up 2 minutes nostalgic_ritchie
停止容器
[root@foundation62 docker]# docker stop nostalgic_ritchie
nostalgic_ritchie
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
347ab6df8d56 ubuntu "/bin/bash" About a minute ago Up About a minute docker1
查看所有的容器状态
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
347ab6df8d56 ubuntu "/bin/bash" About a minute ago Up About a minute docker1
60be275d99b8 ubuntu "/bin/bash" 3 minutes ago Exited (0) 13 seconds ago nostalgic_ritchie
删除容器docker1
[root@foundation62 docker]# docker rm docker1
Failed to remove container (docker1): Error response from daemon: Conflict, You cannot remove a running container. Stop the container before attempting removal or use -f
失败原因:运行中的容器无法删除
[root@foundation62 docker]# docker rm nostalgic_ritchie
nostalgic_ritchie
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
347ab6df8d56 ubuntu "/bin/bash" 2 minutes ago Up 2 minutes docker1
连接容器
[root@foundation62 docker]# docker attach docker1
root@347ab6df8d56:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@347ab6df8d56:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3/64 scope link
valid_lft forever preferred_lft forever
root@347ab6df8d56:/# exit
Exit
Exit退出容器时,容器停止运行
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
347ab6df8d56 ubuntu "/bin/bash" 3 minutes ago Exited (0) 4 seconds ago docker1
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 docker]# docker rm docker1
docker1
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
查看nginx镜像状态
[root@foundation62 docker]# docker images nginx
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest af4b3d7d5401 14 months ago 190.5 MB
查看Ubuntu镜像状态
[root@foundation62 docker]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
查看nginx镜像历史
[root@foundation62 docker]# docker history nginx
IMAGE CREATED CREATED BY SIZE COMMENT
af4b3d7d5401 14 months ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon o 0 B
1f13f00bff49 14 months ago /bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp 0 B
ca041140639d 14 months ago /bin/sh -c ln -sf /dev/stdout /var/log/nginx/ 0 B
991d91ef3b7a 14 months ago /bin/sh -c apt-key adv --keyserver hkp://pgp. 65.38 MB
0b9cb8ba0ed6 14 months ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.9.12-1~ 0 B
e8ec4c78f0a1 14 months ago /bin/sh -c #(nop) MAINTAINER NGINX Docker Mai 0 B
f50f9524513f 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
61e59900d3c0 14 months ago /bin/sh -c #(nop) ADD file:b5391cb13172fb513d 125.1 MB
查看Ubuntu镜像历史
[root@foundation62 docker]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#s*(deb.*universe)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
创建容器,打入后台运行,-d
[root@foundation62 docker]# docker run -d nginx
f5eb5043361253231a5df1d1528f11021a4876d8a5cc9240f848a57d719b9e2c
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f5eb50433612 nginx "nginx -g 'daemon off" 8 seconds ago Up 5 seconds 80/tcp, 443/tcp pedantic_curie
创建5个容器,并打入后台运行
[root@foundation62 docker]# for i in {1..5};do docker run -d nginx;done
fcd49a3a6972c75d62cc1981b3b328270b6136917b27e3234533b847888a5d78
b21ca4b2a1dbbd2af9cee4026a06da8c75d10071519004f5e17c953f42b270bd
2c79273479d47b6a1d95f48767deef470033ff88639c5269db79bf4aeece7c4a
1bf2e223679d907f8394086a69562b3ef1795ab83923c267bd6c18af82025e4b
27fa29d25bbc51615b17a34ae866b819adf30fa21299cd373d55bd78b6d70a7b
查看正在运行的容器
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27fa29d25bbc nginx "nginx -g 'daemon off" 14 seconds ago Up 12 seconds 80/tcp, 443/tcp loving_colden
1bf2e223679d nginx "nginx -g 'daemon off" 16 seconds ago Up 13 seconds 80/tcp, 443/tcp cocky_poitras
2c79273479d4 nginx "nginx -g 'daemon off" 18 seconds ago Up 15 seconds 80/tcp, 443/tcp focused_bose
b21ca4b2a1db nginx "nginx -g 'daemon off" 20 seconds ago Up 18 seconds 80/tcp, 443/tcp suspicious_euclid
fcd49a3a6972 nginx "nginx -g 'daemon off" 22 seconds ago Up 19 seconds 80/tcp, 443/tcp nostalgic_einstein
f5eb50433612 nginx "nginx -g 'daemon off" About a minute ago Up About a minute 80/tcp, 443/tcp pedantic_curie
查看正在运行的容器,仅显示容器ip
[root@foundation62 docker]# docker ps -q
27fa29d25bbc
1bf2e223679d
2c79273479d4
b21ca4b2a1db
fcd49a3a6972
f5eb50433612
停止正在运行的所有容器
[root@foundation62 docker]# docker stop `docker ps -q`
27fa29d25bbc
1bf2e223679d
2c79273479d4
b21ca4b2a1db
fcd49a3a6972
f5eb50433612
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27fa29d25bbc nginx "nginx -g 'daemon off" About a minute ago Exited (0) 19 seconds ago loving_colden
1bf2e223679d nginx "nginx -g 'daemon off" About a minute ago Exited (0) 18 seconds ago cocky_poitras
2c79273479d4 nginx "nginx -g 'daemon off" About a minute ago Exited (0) 18 seconds ago focused_bose
b21ca4b2a1db nginx "nginx -g 'daemon off" About a minute ago Exited (0) 17 seconds ago suspicious_euclid
fcd49a3a6972 nginx "nginx -g 'daemon off" About a minute ago Exited (0) 16 seconds ago nostalgic_einstein
f5eb50433612 nginx "nginx -g 'daemon off" 2 minutes ago Exited (0) 15 seconds ago pedantic_curie
删除所有容器
[root@foundation62 docker]# docker rm `docker ps -aq`
27fa29d25bbc
1bf2e223679d
2c79273479d4
b21ca4b2a1db
fcd49a3a6972
f5eb50433612
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
创建容器docker1,并在容器内部建立文件
[root@foundation62 docker]# docker run -it --name docker1 ubuntu
root@bc97ea2347a2:/# mkdir /docker
root@bc97ea2347a2:/# cd docker/
root@bc97ea2347a2:/docker# touch file{1..5}
root@bc97ea2347a2:/docker# ls
file1 file2 file3 file4 file5
root@bc97ea2347a2:/docker# [root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc97ea2347a2 ubuntu "/bin/bash" About a minute ago Up 58 seconds docker1
将容器docker1的内容更新到镜像Ubuntu:v1
[root@foundation62 docker]# docker commit docker1 ubuntu:v1
sha256:ec2f819155c7ad8cfbcc6fa6b8a0889da1a5ac505a275369c25c65abd4f3cf66
[root@foundation62 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 ec2f819155c7 8 seconds ago 187.9 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[root@foundation62 docker]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#s*(deb.*universe)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
镜像加一层
[root@foundation62 docker]# docker history ubuntu:v1
IMAGE CREATED CREATED BY SIZE COMMENT
ec2f819155c7 24 seconds ago /bin/bash 0 B
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#s*(deb.*universe)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@foundation62 docker]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 ec2f819155c7 About a minute ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
通过镜像Ubuntu:v1创建的容器docker2有之前的数据
[root@foundation62 docker]# docker run -it --name docker2 ubuntu:v1
root@13c0cded1323:/# cd /docker/
root@13c0cded1323:/docker# ls
file1 file2 file3 file4 file5
root@13c0cded1323:/docker# exit
exit
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc97ea2347a2 ubuntu "/bin/bash" 5 minutes ago Up 5 minutes docker1
[root@foundation62 docker]# docker stop docker1
docker1
[root@foundation62 docker]# docker rm docker1
docker1
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
13c0cded1323 ubuntu:v1 "/bin/bash" About a minute ago Exited (0) About a minute ago docker2
[root@foundation62 docker]# docker history ubuntu:v1
IMAGE CREATED CREATED BY SIZE COMMENT
ec2f819155c7 4 minutes ago /bin/bash 0 B
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#s*(deb.*universe)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@foundation62 docker]# ls
docker-engine-1.10.3-1.el7.centos.x86_64.rpm docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm nginx.tar ubuntu.tar
将nginx.tar这个文件拷贝到docker2容器的/docker目录下
[root@foundation62 docker]# docker cp nginx.tar docker2:/docker/
容器没开启时,无法连接
[root@foundation62 docker]# docker attach docker2
You cannot attach to a stopped container, start it first
[root@foundation62 docker]# docker start docker2
docker2
[root@foundation62 docker]# docker attach docker2
root@13c0cded1323:/#
root@13c0cded1323:/# cd /docker/
root@13c0cded1323:/docker# ls
file1 file2 file3 file4 file5 nginx.tar
root@13c0cded1323:/docker# rm -fr nginx.tar
root@13c0cded1323:/docker# [root@foundation62 docker]# docker logs docker2
root@13c0cded1323:/# cd /docker/
root@13c0cded1323:/docker# ls
file1 file2 file3 file4 file5
root@13c0cded1323:/docker# exit
exit
root@13c0cded1323:/#
root@13c0cded1323:/# cd /docker/
root@13c0cded1323:/docker# ls
file1 file2 file3 file4 file5 nginx.tar
root@13c0cded1323:/docker# rm -fr nginx.tar
Docker logs docker2可以显示docker2上所做的操作,和docker diff docker2命令类似
[root@foundation62 docker]# docker diff docker2
C /root
A /root/.bash_history
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
13c0cded1323 ubuntu:v1 "/bin/bash" 7 minutes ago Up 3 minutes docker2
[root@foundation62 docker]# docker stop docker2
docker2
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
将容器docker2的内容导入文件docker2.tar
[root@foundation62 docker]# docker export -o docker2.tar docker2
[root@foundation62 docker]# ll docker2.tar
-rw-r--r-- 1 root root 196858880 May 9 15:54 docker2.tar
将镜像Ubuntu:v1导入文件Ubuntu2.tar
[root@foundation62 docker]# docker save -o ubuntu2.tar ubuntu:v1
[root@foundation62 docker]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 ec2f819155c7 12 minutes ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
删除镜像Ubuntu:v1,镜像正在被占用,无法删除
[root@foundation62 docker]# docker rmi ubuntu:v1
Failed to remove image (ubuntu:v1): Error response from daemon: conflict: unable to remove repository reference "ubuntu:v1" (must force) - container 13c0cded1323 is using its referenced image ec2f819155c7
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
13c0cded1323 ubuntu:v1 "/bin/bash" 11 minutes ago Exited (0) 3 minutes ago docker2
删除使用镜像Ubuntu:v1创建的容器docker2,解除被占用的镜像,才能删除镜像
[root@foundation62 docker]# docker rm docker2
docker2
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
删除镜像成功
[root@foundation62 docker]# docker rmi ubuntu:v1
Untagged: ubuntu:v1
Deleted: sha256:ec2f819155c7ad8cfbcc6fa6b8a0889da1a5ac505a275369c25c65abd4f3cf66
Deleted: sha256:1318ce88c13b4ac8e336202217886c8ec7d354790678efa27a3c240a867011d8
[root@foundation62 docker]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
使用之前导出的镜像文件,导入镜像
[root@foundation62 docker]# docker load -i ubuntu2.tar
镜像导入成功
[root@foundation62 docker]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 ec2f819155c7 14 minutes ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
根据导入的镜像创建容器,之前的数据都在,创建的文件都存在
[root@foundation62 docker]# docker run -it --name docker1 ubuntu:v1
root@264862a22064:/# cd /docker/
root@264862a22064:/docker# ls
file1 file2 file3 file4 file5
root@264862a22064:/docker# exit
exit
[root@foundation62 docker]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#s*(deb.*universe)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@foundation62 docker]# docker history ubuntu:v1
IMAGE CREATED CREATED BY SIZE COMMENT
ec2f819155c7 16 minutes ago /bin/bash 0 B
<missing> 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
<missing> 14 months ago /bin/sh -c sed -i 's/^#s*(deb.*universe)$/ 1.895 kB
<missing> 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
<missing> 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
显示容器信息
[root@foundation62 docker]# docker info
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 13
Server Version: 1.10.3
Storage Driver: devicemapper
Pool Name: docker-8:9-26884788-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop2
Metadata file: /dev/loop3
Data Space Used: 510.3 MB
Data Space Total: 107.4 GB
Data Space Available: 106.9 GB
Metadata Space Used: 1.18 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.146 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2015-10-14)
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
Volume: local
Network: null host bridge
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.606 GiB
Name: foundation62.ilt.example.com
ID: ZJLH:GO2L:YEUS:IXXS:ZSOC:OE3M:4GSZ:OGEA:RWOH:7MCC:VIB6:7UMB
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
[root@foundation62 docker]# docker start docker1
docker1
[root@foundation62 docker]# docker attach docker1
root@264862a22064:/#
root@264862a22064:/# ping 172.25.254.62
PING 172.25.254.62 (172.25.254.62) 56(84) bytes of data.
64 bytes from 172.25.254.62: icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from 172.25.254.62: icmp_seq=2 ttl=64 time=0.080 ms
^C
--- 172.25.254.62 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.080/0.089/0.099/0.013 ms
root@264862a22064:/# exit
exit
[root@foundation62 docker]# ip addr show docker0
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:4a:13:8e:3f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:4aff:fe13:8e3f/64 scope link
valid_lft forever preferred_lft forever
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.02424a138e3f no
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
[root@foundation62 docker]# netstat -antlp | grep :8000
[root@foundation62 docker]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain POSTROUTING_ZONES (1 references)
target prot opt source destination
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain POSTROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain POSTROUTING_direct (1 references)
target prot opt source destination
Chain POST_public (3 references)
target prot opt source destination
POST_public_log all -- 0.0.0.0/0 0.0.0.0/0
POST_public_deny all -- 0.0.0.0/0 0.0.0.0/0
POST_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain POST_public_allow (1 references)
target prot opt source destination
Chain POST_public_deny (1 references)
target prot opt source destination
Chain POST_public_log (1 references)
target prot opt source destination
Chain PREROUTING_ZONES (1 references)
target prot opt source destination
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain PREROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain PREROUTING_direct (1 references)
target prot opt source destination
Chain PRE_public (3 references)
target prot opt source destination
PRE_public_log all -- 0.0.0.0/0 0.0.0.0/0
PRE_public_deny all -- 0.0.0.0/0 0.0.0.0/0
PRE_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain PRE_public_allow (1 references)
target prot opt source destination
Chain PRE_public_deny (1 references)
target prot opt source destination
Chain PRE_public_log (1 references)
target prot opt source destination
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
264862a22064 ubuntu:v1 "/bin/bash" 14 minutes ago Exited (0) 11 minutes ago docker1
[root@foundation62 docker]# docker start docker1
docker1
[root@foundation62 docker]# docker attach docker1
root@264862a22064:/#
root@264862a22064:/# cd /docker/
root@264862a22064:/docker# ls
file1 file2 file3 file4 file5
root@264862a22064:/docker# rm -fr file1
root@264862a22064:/docker# rm -fr file2
root@264862a22064:/docker# rm -fr file2
root@264862a22064:/docker# rm -fr file3
root@264862a22064:/docker# ls
file4 file5
root@264862a22064:/docker# [root@foundation62 docker]# docker diff docker1
C /docker
D /docker/file3
D /docker/file1
D /docker/file2
C /root
A /root/.bash_history
[root@foundation62 docker]# docker logs docker1
root@264862a22064:/# cd /docker/
root@264862a22064:/docker# ls
file1 file2 file3 file4 file5
root@264862a22064:/docker# exit
exit
root@264862a22064:/#
root@264862a22064:/# ping 172.25.254.62
PING 172.25.254.62 (172.25.254.62) 56(84) bytes of data.
64 bytes from 172.25.254.62: icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from 172.25.254.62: icmp_seq=2 ttl=64 time=0.080 ms
^C
--- 172.25.254.62 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.080/0.089/0.099/0.013 ms
root@264862a22064:/# exit
exit
root@264862a22064:/#
root@264862a22064:/# cd /docker/
root@264862a22064:/docker# ls
file1 file2 file3 file4 file5
root@264862a22064:/docker# rm -fr file1
root@264862a22064:/docker# rm -fr file2
root@264862a22064:/docker# rm -fr file2
root@264862a22064:/docker# rm -fr file3
root@264862a22064:/docker# ls
file4 file5
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.02424a138e3f no veth0c84755
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
[root@foundation62 docker]# docker run -it --name docker2 ubuntu
root@0547bc01402e:/# [root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0547bc01402e ubuntu "/bin/bash" 13 seconds ago Up 10 seconds docker2
264862a22064 ubuntu:v1 "/bin/bash" 18 minutes ago Up 3 minutes docker1
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.02424a138e3f no veth0083704
veth0c84755
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
[root@foundation62 docker]# vim /usr/lib/systemd/system/docker.service
[root@foundation62 docker]# vim /lib/systemd/system/docker.service
[root@foundation62 docker]# cp /lib/systemd/system/docker.service /etc/systemd/system/docker.service
[root@foundation62 docker]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#s*(deb.*universe)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@foundation62 docker]# systemctl daemon-reload ^C
[root@foundation62 docker]# systemctl restart docker.service ^C
[root@foundation62 docker]# docker network ls
NETWORK ID NAME DRIVER
27317aeb260b none null
037fe16dedeb host host
6eb762562a1c bridge bridge
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0547bc01402e ubuntu "/bin/bash" 10 minutes ago Up 10 minutes docker2
264862a22064 ubuntu:v1 "/bin/bash" 28 minutes ago Up 13 minutes docker1
Kill,强制停止
[root@foundation62 docker]# docker kill 0547bc01402e
0547bc01402e
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
264862a22064 ubuntu:v1 "/bin/bash" 28 minutes ago Up 13 minutes docker1
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0547bc01402e ubuntu "/bin/bash" 11 minutes ago Exited (137) 22 seconds ago docker2
264862a22064 ubuntu:v1 "/bin/bash" 29 minutes ago Up 14 minutes docker1
[root@foundation62 docker]# docker rename docker1 docker3
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0547bc01402e ubuntu "/bin/bash" 12 minutes ago Exited (137) About a minute ago docker2
264862a22064 ubuntu:v1 "/bin/bash" 30 minutes ago Up 15 minutes docker3
给容器重命名
[root@foundation62 docker]# docker rename docker2 docker4
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0547bc01402e ubuntu "/bin/bash" 12 minutes ago Exited (137) About a minute ago docker4
264862a22064 ubuntu:v1 "/bin/bash" 30 minutes ago Up 15 minutes docker3
[root@foundation62 docker]# docker top docker3
UID PID PPID C STIME TTY TIME CMD
root 16119 8697 0 16:14 pts/2 00:00:00 /bin/bash
没有在运行的容器,无法使用top命令
[root@foundation62 docker]# docker top docker4
Error response from daemon: Container docker4 is not running
[root@foundation62 docker]# docker start docker4
docker4
[root@foundation62 docker]# docker top docker4
UID PID PPID C STIME TTY TIME CMD
root 18209 8697 2 16:31 pts/3 00:00:00 /bin/bash
显示容器docker3信息
[root@foundation62 docker]# docker inspect docker3
[
{
"Id": "264862a220640e1915ee2f8271625e47878a2f25cb982c497573ebda2c060a5c",
"Created": "2017-05-09T07:59:15.350158812Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 16119,
"ExitCode": 0,
"Error": "",
"StartedAt": "2017-05-09T08:14:17.494384517Z",
"FinishedAt": "2017-05-09T08:02:48.201541409Z"
},
"Image": "sha256:ec2f819155c7ad8cfbcc6fa6b8a0889da1a5ac505a275369c25c65abd4f3cf66",
"ResolvConfPath": "/var/lib/docker/containers/264862a220640e1915ee2f8271625e47878a2f25cb982c497573ebda2c060a5c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/264862a220640e1915ee2f8271625e47878a2f25cb982c497573ebda2c060a5c/hostname",
"HostsPath": "/var/lib/docker/containers/264862a220640e1915ee2f8271625e47878a2f25cb982c497573ebda2c060a5c/hosts",
"LogPath": "/var/lib/docker/containers/264862a220640e1915ee2f8271625e47878a2f25cb982c497573ebda2c060a5c/264862a220640e1915ee2f8271625e47878a2f25cb982c497573ebda2c060a5c-json.log",
"Name": "/docker3",
"RestartCount": 0,
"Driver": "devicemapper",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"ShmSize": 67108864,
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"KernelMemory": 0,
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null
},
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "85",
"DeviceName": "docker-8:9-26884788-edb4944a181777997b2989cbbed31c50f414d3c8c35e56186a13962b4883a206",
"DeviceSize": "10737418240"
}
},
"Mounts": [],
"Config": {
"Hostname": "264862a22064",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": [],
"Cmd": [
"/bin/bash"
],
"Image": "ubuntu:v1",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {},
"StopSignal": "SIGTERM"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "cc4567f6dac3c3c318a98e5f22616d76f535889a38ceb92489b4728918036f06",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/cc4567f6dac3",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "2dbe467ed4f85222d5f88d0915741f746462525c960ea9e1f7978a655f493f5d",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "6eb762562a1ce18c2cebf8b8bb89ba68e6044aeb2afa7248f5c6280115d8cf25",
"EndpointID": "2dbe467ed4f85222d5f88d0915741f746462525c960ea9e1f7978a655f493f5d",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
[root@foundation62 docker]# docker stop docker3
docker3
[root@foundation62 docker]# docker rm docker3
docker3
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0547bc01402e ubuntu "/bin/bash" 18 minutes ago Up 3 minutes docker4
[root@foundation62 docker]# docker stop docker4
docker4
[root@foundation62 docker]# docker rm docker4
docker4
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
-v,将宿主机目录/tmp/data1挂在容器/data1目录下
[root@foundation62 docker]# docker run -it --name docker1 -v /tmp/data1:/data1 ubuntu
root@d5b97a8493ce:/# cd /data1/
root@d5b97a8493ce:/data1# ls
root@d5b97a8493ce:/data1# touch file1
root@d5b97a8493ce:/data1# ls
file1
root@d5b97a8493ce:/data1# [root@foundation62 docker]# cd /tmp/data1/
[root@foundation62 data1]# ls
file1
[root@foundation62 data1]# touch file2
[root@foundation62 data1]# ls
file1 file2
[root@foundation62 data1]# docker attach docker1
root@d5b97a8493ce:/data1# ls
file1 file2
root@d5b97a8493ce:/data1# exit
exit
[root@foundation62 data1]# touch file3
[root@foundation62 data1]# ls
file1 file2 file3
[root@foundation62 data1]# docker start docker1
docker1
[root@foundation62 data1]# docker attach docker1
root@d5b97a8493ce:/#
root@d5b97a8493ce:/# ls
bin boot data1 dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@d5b97a8493ce:/# cd /data1/
root@d5b97a8493ce:/data1# ls
file1 file2 file3
root@d5b97a8493ce:/data1# exit
exit
[root@foundation62 data1]# cp /etc/passwd .
[root@foundation62 data1]# ls
file1 file2 file3 passwd
[root@foundation62 data1]# cp /etc/fstab .
[root@foundation62 data1]# ls
file1 file2 file3 fstab passwd
-v可多次使用
[root@foundation62 data1]# docker run -it --name docker2 -v /tmp/data1:/data1 -v /tmp/data2:/data2 ubuntu
root@c747291d1f50:/# cd /data2
root@c747291d1f50:/data2# cp /data1/passwd .
root@c747291d1f50:/data2# ls
passwd
root@c747291d1f50:/data2# exit
exit
[root@foundation62 data1]# cd /tmp/data2
[root@foundation62 data2]# ls
passwd
[root@foundation62 data2]# touch file3
[root@foundation62 data2]# ls
file3 passwd
-v /tmp/data3:/data3:ro只读挂载
[root@foundation62 data2]# docker run -it --name docker3 -v /tmp/data1:/data1 -v /tmp/data2:/data2:ro -v /tmp/data3:/data3:ro ubuntu
root@014a70b62d0c:/# cd /data2
root@014a70b62d0c:/data2# ls
file3 passwd
root@014a70b62d0c:/data2# rm -fr file3
rm: cannot remove 'file3': Read-only file system
root@014a70b62d0c:/data2# cd /data3
root@014a70b62d0c:/data3# ls
root@014a70b62d0c:/data3# touch file
touch: cannot touch 'file': Read-only file system
root@014a70b62d0c:/data3# exit
exit
[root@foundation62 data2]# cd /tmp/data1
[root@foundation62 data1]# ls
file1 file2 file3 fstab passwd
[root@foundation62 data1]# rm -fr file2
[root@foundation62 data1]# cd /tmp/data2
[root@foundation62 data2]# ls
file3 passwd
[root@foundation62 data2]# touch file
[root@foundation62 data2]# ls
file file3 passwd
[root@foundation62 data2]# cd /tmp/data3
[root@foundation62 data3]# ls
[root@foundation62 data3]# touch file
[root@foundation62 data3]# ls
file
[root@foundation62 data3]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 data3]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
014a70b62d0c ubuntu "/bin/bash" About a minute ago Exited (1) About a minute ago docker3
c747291d1f50 ubuntu "/bin/bash" 19 minutes ago Exited (0) 18 minutes ago docker2
d5b97a8493ce ubuntu "/bin/bash" 23 minutes ago Exited (0) 21 minutes ago docker1
[root@foundation62 data3]# docker start docker1
docker1
[root@foundation62 data3]# docker start docker2
docker2
[root@foundation62 data3]# docker start docker3
docker3
[root@foundation62 data3]# docker attach docker1
root@d5b97a8493ce:/#
root@d5b97a8493ce:/# cd /data1/
root@d5b97a8493ce:/data1# ls
file1 file3 fstab passwd
root@d5b97a8493ce:/data1# [root@foundation62 data3]# docker attach docker2
root@c747291d1f50:/#
root@c747291d1f50:/# cd /data2
root@c747291d1f50:/data2# ls
file file3 passwd
root@c747291d1f50:/data2# [root@foundation62 data3]# docker attach docker3
root@014a70b62d0c:/#
root@014a70b62d0c:/# cd /data2
root@014a70b62d0c:/data2# ls
file file3 passwd
root@014a70b62d0c:/data2# rm -fr file
rm: cannot remove 'file': Read-only file system
root@014a70b62d0c:/data2# cd /data3
root@014a70b62d0c:/data3# ls
file
root@014a70b62d0c:/data3# rm -fr file
rm: cannot remove 'file': Read-only file system
root@014a70b62d0c:/data3# [root@foundation62 data3]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
014a70b62d0c ubuntu "/bin/bash" 5 minutes ago Up 3 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 22 minutes ago Up 3 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 26 minutes ago Up 3 minutes docker1
创建数据卷
[root@foundation62 data3]# docker create --name datavol -v /tmp/data1:/data1 -v /tmp/data2:/data2 -v /tmp/data3:/data3:ro -v /etc/yum.repos.d:/etc/yum.repo.d:ro ubuntu
fa04aa88619142106235d97e2bdaae22b5076549c1b32a719d68aa047631f663
[root@foundation62 data3]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa04aa886191 ubuntu "/bin/bash" 43 seconds ago Created datavol
014a70b62d0c ubuntu "/bin/bash" 14 minutes ago Up 12 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 31 minutes ago Up 12 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 36 minutes ago Up 12 minutes docker1
挂载数据卷
[root@foundation62 data3]# docker run -it --name docker4 --volumes-from datavol ubuntu
root@ee6e065d8af5:/# cd /data1
root@ee6e065d8af5:/data1# ls
file1 file3 fstab passwd
root@ee6e065d8af5:/data1# cd /data2
root@ee6e065d8af5:/data2# ls
file file3 passwd
root@ee6e065d8af5:/data2# cd /data3
root@ee6e065d8af5:/data3# ls
file
root@ee6e065d8af5:/data3# rm -fr file
rm: cannot remove 'file': Read-only file system
root@ee6e065d8af5:/data3# cd /etc/yum.repo.d/
root@ee6e065d8af5:/etc/yum.repo.d# ls
redhat.repo rhel.repo
root@ee6e065d8af5:/etc/yum.repo.d# echo 1 >rhel.repo
bash: rhel.repo: Read-only file system
root@ee6e065d8af5:/etc/yum.
[root@foundation62 data3]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee6e065d8af5 ubuntu "/bin/bash" About a minute ago Up About a minute docker4
fa04aa886191 ubuntu "/bin/bash" 2 minutes ago Created datavol
014a70b62d0c ubuntu "/bin/bash" 17 minutes ago Up 14 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 34 minutes ago Up 14 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 38 minutes ago Up 14 minutes docker1
[root@foundation62 data3]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee6e065d8af5 ubuntu "/bin/bash" About a minute ago Up About a minute docker4
014a70b62d0c ubuntu "/bin/bash" 17 minutes ago Up 14 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 34 minutes ago Up 14 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 38 minutes ago Up 14 minutes docker1
创建容器,使用容器输出westos,之后释放容器
[root@foundation62 data3]# docker run --rm ubuntu echo westos
westos
[root@foundation62 data3]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee6e065d8af5 ubuntu "/bin/bash" 3 minutes ago Up 3 minutes docker4
fa04aa886191 ubuntu "/bin/bash" 5 minutes ago Created datavol
014a70b62d0c ubuntu "/bin/bash" 19 minutes ago Up 17 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 36 minutes ago Up 17 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 40 minutes ago Up 17 minutes docker1
[root@foundation62 data3]# cd /docker/
[root@foundation62 docker]# ls
docker2.tar docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm ubuntu2.tar
docker-engine-1.10.3-1.el7.centos.x86_64.rpm nginx.tar ubuntu.tar
将docker4的/data/filefu复制到当前目录
[root@foundation62 docker]# docker cp docker4:/data2/file .
[root@foundation62 docker]# ls
docker2.tar docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm nginx.tar ubuntu.tar
docker-engine-1.10.3-1.el7.centos.x86_64.rpm file ubuntu2.tar
[root@foundation62 docker]# ll file
-rw-r--r-- 1 root root 0 May 9 17:00 file
[root@foundation62 docker]# rm -fr file
使用容器将/etc目录打包到/backup/etc.tar,并导出宿主机的/tmp/backup下后,释放容器
[root@foundation62 docker]# docker run --rm -v /tmp/backup:/backup ubuntu tar cf /backup/etc.tar /etc
tar: Removing leading `/' from member names
[root@foundation62 docker]# cd /tmp/backup/
[root@foundation62 backup]# ls
etc.tar
[root@foundation62 backup]# tar tf etc.tar | less
[root@foundation62 backup]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee6e065d8af5 ubuntu "/bin/bash" 8 minutes ago Up 8 minutes docker4
fa04aa886191 ubuntu "/bin/bash" 9 minutes ago Created datavol
014a70b62d0c ubuntu "/bin/bash" 23 minutes ago Up 21 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 41 minutes ago Up 21 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 45 minutes ago Up 21 minutes docker1
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee6e065d8af5 ubuntu "/bin/bash" 11 minutes ago Up 11 minutes docker4
014a70b62d0c ubuntu "/bin/bash" 27 minutes ago Up 25 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 44 minutes ago Up 25 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 48 minutes ago Up 25 minutes docker1
将容器的800端口连接到宿主机的8000端口
[root@foundation62 docker]# docker run -d --name docker5 -p 8000:800 nginx
786ba451b2ee8e74c62028997369eb0337a728a25270d12e0508940b4b91c019
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
786ba451b2ee nginx "nginx -g 'daemon off" 13 seconds ago Up 9 seconds 80/tcp, 443/tcp, 0.0.0.0:8000->800/tcp docker5
ee6e065d8af5 ubuntu "/bin/bash" 12 minutes ago Up 12 minutes docker4
014a70b62d0c ubuntu "/bin/bash" 28 minutes ago Up 25 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 45 minutes ago Up 26 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 49 minutes ago Up 26 minutes docker1
[root@foundation62 docker]# netstat -antlp | grep :8000
tcp6 0 0 :::8000 :::* LISTEN 22997/docker-proxy
[root@foundation62 docker]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.6 172.17.0.6 tcp dpt:800
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.17.0.6:800
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain POSTROUTING_ZONES (1 references)
target prot opt source destination
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain POSTROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain POSTROUTING_direct (1 references)
target prot opt source destination
Chain POST_public (3 references)
target prot opt source destination
POST_public_log all -- 0.0.0.0/0 0.0.0.0/0
POST_public_deny all -- 0.0.0.0/0 0.0.0.0/0
POST_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain POST_public_allow (1 references)
target prot opt source destination
Chain POST_public_deny (1 references)
target prot opt source destination
Chain POST_public_log (1 references)
target prot opt source destination
Chain PREROUTING_ZONES (1 references)
target prot opt source destination
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain PREROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain PREROUTING_direct (1 references)
target prot opt source destination
Chain PRE_public (3 references)
target prot opt source destination
PRE_public_log all -- 0.0.0.0/0 0.0.0.0/0
PRE_public_deny all -- 0.0.0.0/0 0.0.0.0/0
PRE_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain PRE_public_allow (1 references)
target prot opt source destination
Chain PRE_public_deny (1 references)
target prot opt source destination
Chain PRE_public_log (1 references)
target prot opt source destination
[root@foundation62 docker]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
^C
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
786ba451b2ee nginx "nginx -g 'daemon off" 3 minutes ago Up 3 minutes 80/tcp, 443/tcp, 0.0.0.0:8000->800/tcp docker5
ee6e065d8af5 ubuntu "/bin/bash" 15 minutes ago Up 15 minutes docker4
014a70b62d0c ubuntu "/bin/bash" 31 minutes ago Up 28 minutes docker3
c747291d1f50 ubuntu "/bin/bash" 48 minutes ago Up 28 minutes docker2
d5b97a8493ce ubuntu "/bin/bash" 52 minutes ago Up 29 minutes docker1
[root@foundation62 docker]# docker stop docker{1..5}
docker1
docker2
docker3
docker4
docker5
[root@foundation62 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
786ba451b2ee nginx "nginx -g 'daemon off" 5 minutes ago Exited (0) 10 seconds ago docker5
ee6e065d8af5 ubuntu "/bin/bash" 17 minutes ago Exited (1) 11 seconds ago docker4
fa04aa886191 ubuntu "/bin/bash" 19 minutes ago Created datavol
014a70b62d0c ubuntu "/bin/bash" 33 minutes ago Exited (1) 12 seconds ago docker3
c747291d1f50 ubuntu "/bin/bash" 50 minutes ago Exited (0) 13 seconds ago docker2
d5b97a8493ce ubuntu "/bin/bash" 54 minutes ago Exited (0) 14 seconds ago docker1
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 docker]#
四、网络管理
修改docker的默认网络配置:
查看docker状态,以及配置文件所在路径
[root@foundation62 docker]# systemctl status docker.service
docker.service - Docker Application Container Engine
Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2017-05-10 08:58:38 CST; 26min ago
Docs: https://docs.docker.com
Main PID: 4252 (docker)
CGroup: /system.slice/docker.service
└─4252 /usr/bin/docker daemon -H fd://
May 10 08:58:36 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:36.742762720+08:00" level=info msg="Graph migratio...conds"
May 10 08:58:36 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:36.747703768+08:00" level=info msg="Firewalld runn... true"
May 10 08:58:37 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:37.447633880+08:00" level=info msg="Default bridge...dress"
May 10 08:58:38 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:38.131526507+08:00" level=info msg="Loading contai...tart."
May 10 08:58:38 foundation62.ilt.example.com docker[4252]: ......
May 10 08:58:38 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:38.285028331+08:00" level=info msg="Loading contai...done."
May 10 08:58:38 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:38.285059599+08:00" level=info msg="Daemon has com...ation"
May 10 08:58:38 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:38.285109689+08:00" level=info msg="Docker daemon"...1.10.3
May 10 08:58:38 foundation62.ilt.example.com systemd[1]: Started Docker Application Container Engine.
May 10 08:58:38 foundation62.ilt.example.com docker[4252]: time="2017-05-10T08:58:38.292865928+08:00" level=info msg="API listen on ....sock"
Hint: Some lines were ellipsized, use -l to show in full.
[root@foundation62 docker]# ip addr show docker0
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
编辑配置文件
[root@foundation62 docker]# vim /etc/systemd/system/docker.service
修改bridgeip,修改的ip不能与已有网段冲突
[root@foundation62 docker]# cat /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/docker daemon -H fd:// --bip 172.17.10.1/24
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
[root@foundation62 docker]# systemctl daemon-reload
重启docker
[root@foundation62 docker]# systemctl restart docker.service
配置的ip被分配给虚拟网桥docker0
[root@foundation62 docker]# ip addr show docker0
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.1/24 scope global docker0
valid_lft forever preferred_lft forever
也可通过命令修改ip,先关闭虚拟网桥docker0
[root@foundation62 docker]# ip link set dev docker0 down
删除之前的设备docker0上的ip
[root@foundation62 docker]# ip addr del 172.17.10.1/24 dev docker0
给docker0添加新的ip
[root@foundation62 docker]# ip addr add 172.17.20.1/24 dev docker0
开启虚拟网桥docker0,相当于一个重启网桥的过程
[root@foundation62 docker]# ip link set dev docker0 up
网桥ip已被修改,以后创建的容器,默认桥接到docker0上,并自动分配一个ip,在docker0ip的基础上加1
[root@foundation62 docker]# ip addr show docker0
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.20.1/24 scope global docker0
valid_lft forever preferred_lft forever
[root@foundation62 docker]#
容器的四种网络模式:
bridge桥接模式:
[root@foundation62 docker]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 20:1a:06:41:a6:7b brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::221a:6ff:fe41:a67b/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 62:27:cf:96:fc:cc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.62.250/24 brd 172.25.62.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6027:cfff:fe96:fccc/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.20.1/24 scope global docker0
valid_lft forever preferred_lft forever
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
启动容器时可以使用--net参数指定网络模式,默认是桥接模式
[root@foundation62 docker]# docker run -it --name docker1 ubuntu
root@7003bcba1b3f:/# [root@foundation62 docker]#
自动创建两个虚拟的网络接口设备vethb543537@if9、eth0@if10
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no vethb543537
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
将vethb543537@if9附加到docker0网桥上
[root@foundation62 docker]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 20:1a:06:41:a6:7b brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::221a:6ff:fe41:a67b/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 62:27:cf:96:fc:cc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.62.250/24 brd 172.25.62.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6027:cfff:fe96:fccc/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
8: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.20.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:76ff:feb3:7062/64 scope link
valid_lft forever preferred_lft forever
10: vethb543537@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 5e:b0:be:6e:21:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::5cb0:beff:fe6e:2185/64 scope link
valid_lft forever preferred_lft forever
将eth0@if10附加到容器所属的namespace下
[root@foundation62 docker]# docker attach docker1
root@7003bcba1b3f:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:0a:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:a02/64 scope link
valid_lft forever preferred_lft forever
root@7003bcba1b3f:/# [root@foundation62 docker]#
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no vethb543537
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
host模式:
启动容器时,指定参数--net host,host模式,和宿主机共用一个ip,直接使用宿主机ip和外界通信。
[root@foundation62 docker]# docker run -it --name docker --net host ubuntu
root@foundation62:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 20:1a:06:41:a6:7b brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::221a:6ff:fe41:a67b/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 62:27:cf:96:fc:cc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.62.250/24 brd 172.25.62.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6027:cfff:fe96:fccc/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN group default qlen 500
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 500
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
8: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.20.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:76ff:feb3:7062/64 scope link
valid_lft forever preferred_lft forever
10: vethb543537@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 5e:b0:be:6e:21:85 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5cb0:beff:fe6e:2185/64 scope link
valid_lft forever preferred_lft forever
root@foundation62:/# [root@foundation62 docker]#
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no vethb543537
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
[root@foundation62 docker]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 20:1a:06:41:a6:7b brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::221a:6ff:fe41:a67b/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 62:27:cf:96:fc:cc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.62.250/24 brd 172.25.62.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6027:cfff:fe96:fccc/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
8: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.20.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:76ff:feb3:7062/64 scope link
valid_lft forever preferred_lft forever
10: vethb543537@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 5e:b0:be:6e:21:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::5cb0:beff:fe6e:2185/64 scope link
valid_lft forever preferred_lft forever
container网络模式:
启动容器时,指定参数--net container:docker1,container模式
[root@foundation62 docker]# docker run -it --name docker3 --net container:docker1 ubuntu
root@7003bcba1b3f:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:0a:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:a02/64 scope link
valid_lft forever preferred_lft forever
root@7003bcba1b3f:/# [root@foundation62 docker]#
新创建的容器docker3和被共享网络环境的容器docker1使用同一个网络namespace
[root@foundation62 docker]# docker attach docker1
root@7003bcba1b3f:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:0a:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:a02/64 scope link
valid_lft forever preferred_lft forever
root@7003bcba1b3f:/# [root@foundation62 docker]#
[root@foundation62 docker]# docker stop docker1
docker1
容器停止运行,相应的虚拟网络设备接口也会被down
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
此时,共享docker1网络环境的docker3失去网络环境
[root@foundation62 docker]# docker attach docker3
root@7003bcba1b3f:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@7003bcba1b3f:/# [root@foundation62 docker]#
[root@foundation62 docker]# docker start docker1
docker1
[root@foundation62 docker]# docker attach docker3
root@7003bcba1b3f:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@7003bcba1b3f:/# [root@foundation62 docker]#
docker1重启后,需要重启docker3,docker3才能共享docker1的网络环境
[root@foundation62 docker]# docker restart docker3
docker3
[root@foundation62 docker]# docker attach docker3
root@7003bcba1b3f:/#
root@7003bcba1b3f:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:0a:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:a02/64 scope link
valid_lft forever preferred_lft forever
root@7003bcba1b3f:/# [root@foundation62 docker]#
none网络模式:
启动容器时,指定参数--net none,none模式,没有其他网络资源,只能使用lookback网络设备
[root@foundation62 docker]# docker run -it --name docker4 --net none ubuntu
root@3fb4765994cc:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@3fb4765994cc:/# [root@foundation62 docker]#
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3fb4765994cc ubuntu "/bin/bash" 18 seconds ago Up 16 seconds docker4
cd08fa4ddc7f ubuntu "/bin/bash" 3 minutes ago Up 59 seconds docker3
73dd127048cf ubuntu "/bin/bash" 4 minutes ago Up 4 minutes docker
7003bcba1b3f ubuntu "/bin/bash" 7 minutes ago Up About a minute docker1
[root@foundation62 docker]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 20:1a:06:41:a6:7b brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::221a:6ff:fe41:a67b/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 62:27:cf:96:fc:cc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.62.250/24 brd 172.25.62.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6027:cfff:fe96:fccc/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
8: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.20.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:76ff:feb3:7062/64 scope link
valid_lft forever preferred_lft forever
12: vetha46d7c5@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 3a:bd:f8:08:1e:27 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::38bd:f8ff:fe08:1e27/64 scope link
valid_lft forever preferred_lft forever
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no vetha46d7c5
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
在none网络模式下分配固定ip:
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
[root@foundation62 docker]# docker run -it --name docker1 --net none ubuntu
root@13ec74825c72:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@13ec74825c72:/# [root@foundation62 docker]#
查看所有的network namespace
[root@foundation62 docker]# ip netns ls
过滤容器的pid
[root@foundation62 docker]# docker inspect docker1 | grep Pid
"Pid": 11573,
"PidMode": "",
"PidsLimit": 0,
[root@foundation62 docker]# cd /proc/11573
[root@foundation62 11573]# cd ns/
[root@foundation62 ns]# ll
total 0
lrwxrwxrwx 1 root root 0 May 10 10:48 ipc -> ipc:[4026532368]
lrwxrwxrwx 1 root root 0 May 10 10:48 mnt -> mnt:[4026532366]
lrwxrwxrwx 1 root root 0 May 10 10:45 net -> net:[4026532371]
lrwxrwxrwx 1 root root 0 May 10 10:48 pid -> pid:[4026532369]
lrwxrwxrwx 1 root root 0 May 10 10:48 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 May 10 10:48 uts -> uts:[4026532367]
添加一个namespace
[root@foundation62 ns]# ip netns add test
[root@foundation62 ns]# cd /var/run/netns/
[root@foundation62 netns]# ls
Test
必须使用ip netns del test删除一个namespace
[root@foundation62 netns]# rm -fr test
rm: cannot remove ‘test’: Device or resource busy
使用连接方式添加一个namespace
[root@foundation62 ns]# ln -s /proc/11573/ns/net /var/run/netns/11573
[root@foundation62 ns]# ip netns ls
11573
test
[root@foundation62 ns]# ip netns del test
[root@foundation62 ns]# ip netns ls
11573
[root@foundation62 ns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
添加两块虚拟网卡设备接口
[root@foundation62 ns]# ip link add name veth0 type veth peer name veth1
[root@foundation62 ns]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 20:1a:06:41:a6:7b brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::221a:6ff:fe41:a67b/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 62:27:cf:96:fc:cc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.62.250/24 brd 172.25.62.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6027:cfff:fe96:fccc/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:76ff:feb3:7062/64 scope link
valid_lft forever preferred_lft forever
17: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether d6:6e:b2:34:8a:b2 brd ff:ff:ff:ff:ff:ff
18: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 7e:d4:e8:da:70:04 brd ff:ff:ff:ff:ff:ff
开启两块网卡
[root@foundation62 ns]# ip link set up dev veth0
[root@foundation62 ns]# ip link set up dev veth1
将veth0连接到docker0上
[root@foundation62 ns]# brctl addif docker0 veth0
[root@foundation62 ns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no veth0
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
将veth1添加到容器上
[root@foundation62 ns]# ip link set veth1 netns 11573
[root@foundation62 ns]# docker attach docker1
root@13ec74825c72:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
17: veth1@if18: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether d6:6e:b2:34:8a:b2 brd ff:ff:ff:ff:ff:ff
root@13ec74825c72:/# [root@foundation62 ns]#
[root@foundation62 ns]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 20:1a:06:41:a6:7b brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::221a:6ff:fe41:a67b/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 62:27:cf:96:fc:cc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.62/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.62.250/24 brd 172.25.62.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6027:cfff:fe96:fccc/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:a7:5b:84 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:31:4d:69 brd ff:ff:ff:ff:ff:ff
8: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:76:b3:70:62 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:76ff:feb3:7062/64 scope link
valid_lft forever preferred_lft forever
18: veth0@if17: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master docker0 state LOWERLAYERDOWN qlen 1000
link/ether 7e:d4:e8:da:70:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::7cd4:e8ff:feda:7004/64 scope link
valid_lft forever preferred_lft forever
宿主机不能直接set up 容器上的网卡
[root@foundation62 ns]# ip link set up dev veth1
Cannot find device "veth1"
必须使用命令ip netns exec 11573连接上容器
[root@foundation62 ns]# ip netns exec 11573 ip link set up veth1
开启的网卡不能重命名,必须先down掉
[root@foundation62 ns]# ip netns exec 11573 ip link set veth1 name eth0
RTNETLINK answers: Device or resource busy
[root@foundation62 ns]# ip netns exec 11573 ip link set down veth1
[root@foundation62 ns]# ip netns exec 11573 ip link set veth1 name eth0
开启时,不需使用新名称,旧名称在重命名后已失效
[root@foundation62 ns]# ip netns exec 11573 ip link set up eth0
分配一个ip
[root@foundation62 ns]# ip netns exec 11573 ip addr add 172.17.10.10/24 dev eth0
分配一个路由
[root@foundation62 ns]# ip netns exec 11573 ip route add default via 172.17.10.1
[root@foundation62 ns]# docker attach docker1
root@13ec74825c72:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d6:6e:b2:34:8a:b2 brd ff:ff:ff:ff:ff:ff
inet 172.17.10.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::d46e:b2ff:fe34:8ab2/64 scope link
valid_lft forever preferred_lft forever
root@13ec74825c72:/# ping 172.17.10.1
PING 172.17.10.1 (172.17.10.1) 56(84) bytes of data.
64 bytes from 172.17.10.1: icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from 172.17.10.1: icmp_seq=2 ttl=64 time=0.060 ms
^C
--- 172.17.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.060/0.069/0.079/0.012 ms
root@13ec74825c72:/# ping 172.25.254.62
PING 172.25.254.62 (172.25.254.62) 56(84) bytes of data.
64 bytes from 172.25.254.62: icmp_seq=1 ttl=64 time=0.072 ms
64 bytes from 172.25.254.62: icmp_seq=2 ttl=64 time=0.074 ms
^C
--- 172.25.254.62 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.072/0.073/0.074/0.001 ms
root@13ec74825c72:/# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.10.1 0.0.0.0 UG 0 0 0 eth0
172.17.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@13ec74825c72:/# [root@foundation62 ns]#
[root@foundation62 ns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no veth0
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
[root@foundation62 ns]#
五、容器互连
[root@foundation62 docker]# docker run -d nginx
578d2b6014def95813b3f698b9ba896ff4f2010afb647415b3bc8d504fa05a75
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
578d2b6014de nginx "nginx -g 'daemon off" 7 seconds ago Up 4 seconds 80/tcp, 443/tcp determined_meninsky
[root@foundation62 docker]# docker run -it --link determined_meninsky:db ubuntu
root@59b037ba01a9:/# env
DB_PORT_80_TCP_PORT=80
HOSTNAME=59b037ba01a9
DB_NAME=/pensive_wescoff/db
TERM=xterm
DB_PORT_443_TCP_ADDR=172.17.10.2
DB_PORT=tcp://172.17.10.2:80
DB_PORT_443_TCP_PROTO=tcp
DB_PORT_80_TCP_ADDR=172.17.10.2
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:
DB_ENV_NGINX_VERSION=1.9.12-1~jessie
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DB_PORT_443_TCP=tcp://172.17.10.2:443
PWD=/
DB_PORT_80_TCP_PROTO=tcp
SHLVL=1
HOME=/root
LESSOPEN=| /usr/bin/lesspipe %s
DB_PORT_80_TCP=tcp://172.17.10.2:80
DB_PORT_443_TCP_PORT=443
LESSCLOSE=/usr/bin/lesspipe %s %s
_=/usr/bin/env
root@59b037ba01a9:/# env | grep DB
DB_PORT_80_TCP_PORT=80
DB_NAME=/pensive_wescoff/db
DB_PORT_443_TCP_ADDR=172.17.10.2
DB_PORT=tcp://172.17.10.2:80
DB_PORT_443_TCP_PROTO=tcp
DB_PORT_80_TCP_ADDR=172.17.10.2
DB_ENV_NGINX_VERSION=1.9.12-1~jessie
DB_PORT_443_TCP=tcp://172.17.10.2:443
DB_PORT_80_TCP_PROTO=tcp
DB_PORT_80_TCP=tcp://172.17.10.2:80
DB_PORT_443_TCP_PORT=443
root@59b037ba01a9:/# [root@foundation62 docker]#
[root@foundation62 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
59b037ba01a9 ubuntu "/bin/bash" About a minute ago Up About a minute pensive_wescoff
578d2b6014de nginx "nginx -g 'daemon off" 2 minutes ago Up 2 minutes 80/tcp, 443/tcp determined_meninsky
[root@foundation62 docker]#
六、Dockerfile
查看命令ip的存放路径
[root@foundation62 docker]# which ip
/usr/sbin/ip
查询ip的安装包
[root@foundation62 docker]# rpm -qf /usr/sbin/ip
iproute-3.10.0-54.el7.x86_64
[root@foundation62 docker]# which netstat
/usr/bin/netstat
[root@foundation62 docker]# rpm -qf /usr/bin/netstat
net-tools-2.0-0.17.20131004git.el7.x86_64
[root@foundation62 docker]# ls
docker2.tar game2048.tar ubuntu2.tar
docker-engine-1.10.3-1.el7.centos.x86_64.rpm nginx.tar ubuntu.tar
docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm rhel7.tar 腾讯运维岗面试总结.pdf
[root@foundation62 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 ec2f819155c7 20 hours ago 187.9 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation62 docker]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
docker0 8000.024276b37062 no
virbr0 8000.525400314d69 yes virbr0-nic
virbr1 8000.525400a75b84 yes virbr1-nic
使用镜像rhel7闯将一个容器,这是一个特别纯净的镜像
[root@foundation62 docker]# docker run -it --name docker1 rhel7 bash
bash-4.2# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
bash-4.2# cd /etc/yum.repos.d/
bash-4.2# ls
rhel7.repo
bash-4.2# ls -l rhel7.repo
lrwxrwxrwx 1 root root 23 Jun 5 2014 rhel7.repo -> /run/secrets/rhel7.repo
bash-4.2# cd /run
bash-4.2# ls
bash-4.2# cd /etc/yum.repos.d/
bash-4.2# ls
rhel7.repo
bash-4.2# vi rhel7.2.repo
bash-4.2# yum clean all
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: rhel7.2
Cleaning up everything
bash-4.2# cat rhel7.2.repo
[rhel7.2]
name=rhel7.2
baseurl=http://172.25.254.62/rhel7.2
gpgcheck=0
bash-4.2# yum repolist
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
rhel7.2 | 4.1 kB 00:00:00
(1/2): rhel7.2/group_gz | 136 kB 00:00:00
(2/2): rhel7.2/primary_db | 3.6 MB 00:00:00
repo id repo name status
rhel7.2 rhel7.2 4620
repolist: 4620
bash-4.2# yum install -y iproute-3.10.0-54.el7.x86_64
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:3.10.0-54.el7 will be installed
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-3.10.0-54.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-16.el7 will be installed
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-16.el7.x86_64
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-16.el7.x86_64
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.4-2.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: libnetfilter_conntrack-1.0.4-2.el7.x86_64
--> Processing Dependency: libmnl.so.0(LIBMNL_1.1)(64bit) for package: libnetfilter_conntrack-1.0.4-2.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: libnetfilter_conntrack-1.0.4-2.el7.x86_64
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Running transaction check
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================
Installing:
iproute x86_64 3.10.0-54.el7 rhel7.2 527 k
Installing for dependencies:
iptables x86_64 1.4.21-16.el7 rhel7.2 424 k
libmnl x86_64 1.0.3-7.el7 rhel7.2 23 k
libnetfilter_conntrack x86_64 1.0.4-2.el7 rhel7.2 53 k
libnfnetlink x86_64 1.0.1-4.el7 rhel7.2 26 k
Transaction Summary
=============================================================================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.0 M
Installed size: 3.0 M
Downloading packages:
(1/5): iptables-1.4.21-16.el7.x86_64.rpm | 424 kB 00:00:00
(2/5): iproute-3.10.0-54.el7.x86_64.rpm | 527 kB 00:00:00
(3/5): libmnl-1.0.3-7.el7.x86_64.rpm | 23 kB 00:00:00
(4/5): libnetfilter_conntrack-1.0.4-2.el7.x86_64.rpm | 53 kB 00:00:00
(5/5): libnfnetlink-1.0.1-4.el7.x86_64.rpm | 26 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------
Total 5.4 MB/s | 1.0 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libnfnetlink-1.0.1-4.el7.x86_64 1/5
Installing : libmnl-1.0.3-7.el7.x86_64 2/5
Installing : libnetfilter_conntrack-1.0.4-2.el7.x86_64 3/5
Installing : iptables-1.4.21-16.el7.x86_64 4/5
Installing : iproute-3.10.0-54.el7.x86_64 5/5
Verifying : iptables-1.4.21-16.el7.x86_64 1/5
Verifying : libnetfilter_conntrack-1.0.4-2.el7.x86_64 2/5
Verifying : libnfnetlink-1.0.1-4.el7.x86_64 3/5
Verifying : iproute-3.10.0-54.el7.x86_64 4/5
Verifying : libmnl-1.0.3-7.el7.x86_64 5/5
Installed:
iproute.x86_64 0:3.10.0-54.el7
Dependency Installed:
iptables.x86_64 0:1.4.21-16.el7 libmnl.x86_64 0:1.0.3-7.el7 libnetfilter_conntrack.x86_64 0:1.0.4-2.el7 libnfnetlink.x86_64 0:1.0.1-4.el7
Complete!
bash-4.2# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:0a:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.10.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:a02/64 scope link
valid_lft forever preferred_lft forever
bash-4.2# yum install -y net-tools-2.0-0.17.20131004git.el7.x86_64
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================
Installing:
net-tools x86_64 2.0-0.17.20131004git.el7 rhel7.2 304 k
Transaction Summary
=============================================================================================================================================
Install 1 Package
Total download size: 304 k
Installed size: 917 k
Downloading packages:
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm | 304 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.17.20131004git.el7.x86_64 1/1
Verifying : net-tools-2.0-0.17.20131004git.el7.x86_64 1/1
Installed:
net-tools.x86_64 0:2.0-0.17.20131004git.el7
Complete!
bash-4.2# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.17.10.2:60046 172.25.254.62:80 TIME_WAIT -
bash-4.2# exit
Exit
自己配置yum源,下载命令ip和命令netstat
将这个配置了yun源的容器导出镜像rhel7:v1
[root@foundation62 docker]# docker commit docker1 rhel7:v1
sha256:429f78e41cc8497926fc29665ed2f6a956e7180a07898c615751f4f2b7410ce5
[root@foundation62 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v1 429f78e41cc8 5 seconds ago 174.4 MB
ubuntu v1 ec2f819155c7 21 hours ago 187.9 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation62 docker]# ls
docker2.tar game2048.tar ubuntu2.tar
docker-engine-1.10.3-1.el7.centos.x86_64.rpm nginx.tar ubuntu.tar
docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm rhel7.tar 腾讯运维岗面试总结.pdf
[root@foundation62 docker]# mkdir apache
[root@foundation62 docker]# cd apache/
[root@foundation62 apache]# ls
[root@foundation62 apache]# vim Dockerfile
Bianxiedockerfile,以镜像rhel7:v1为起点
[root@foundation62 apache]# cat Dockerfile
FROM rhel7:v1
MAINTAINER 105720057@qq.com
ENV HOSTNAME virgo62
EXPOSE 80
RUN yum install -y httpd && yum clean all
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
端口:80,下载httpd
创建镜像rhel7:v2,这个镜像有80端口和httpd服务
[root@foundation62 apache]# docker build -t rhel7:v2 .
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM rhel7:v1
---> 429f78e41cc8
Step 2 : MAINTAINER 105720057@qq.com
---> Running in e289a7b756dd
---> 3f7554e2c8e7
Removing intermediate container e289a7b756dd
Step 3 : ENV HOSTNAME virgo62
---> Running in fa6631fae0fe
---> c4fdb5bad249
Removing intermediate container fa6631fae0fe
Step 4 : EXPOSE 80
---> Running in 12f17ed081c1
---> c2aff5876325
Removing intermediate container 12f17ed081c1
Step 5 : RUN yum install -y httpd && yum clean all
---> Running in ab2c2b23eea1
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-40.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-40.el7 for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libsystemd-daemon.so.0(LIBSYSTEMD_DAEMON_31)(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libsystemd-daemon.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-40.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
---> Package redhat-logos.noarch 0:70.0.3-4.el7 will be installed
---> Package systemd-libs.x86_64 0:219-19.el7 will be installed
--> Processing Dependency: libdw.so.1()(64bit) for package: systemd-libs-219-19.el7.x86_64
--> Running transaction check
---> Package elfutils-libs.x86_64 0:0.163-3.el7 will be installed
--> Processing Dependency: elfutils-libelf(x86-64) = 0.163-3.el7 for package: elfutils-libs-0.163-3.el7.x86_64
--> Running transaction check
---> Package elfutils-libelf.x86_64 0:0.158-3.el7 will be updated
---> Package elfutils-libelf.x86_64 0:0.163-3.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-40.el7 rhel7.2 1.2 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 rhel7.2 103 k
apr-util x86_64 1.5.2-6.el7 rhel7.2 92 k
elfutils-libs x86_64 0.163-3.el7 rhel7.2 260 k
httpd-tools x86_64 2.4.6-40.el7 rhel7.2 82 k
mailcap noarch 2.1.41-2.el7 rhel7.2 31 k
redhat-logos noarch 70.0.3-4.el7 rhel7.2 13 M
systemd-libs x86_64 219-19.el7 rhel7.2 356 k
Updating for dependencies:
elfutils-libelf x86_64 0.163-3.el7 rhel7.2 200 k
Transaction Summary
================================================================================
Install 1 Package (+7 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 15 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total 37 MB/s | 15 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64 1/10
Installing : apr-util-1.5.2-6.el7.x86_64 2/10
Installing : httpd-tools-2.4.6-40.el7.x86_64 3/10
Updating : elfutils-libelf-0.163-3.el7.x86_64 4/10
Installing : elfutils-libs-0.163-3.el7.x86_64 5/10
Installing : systemd-libs-219-19.el7.x86_64 6/10
Installing : mailcap-2.1.41-2.el7.noarch 7/10
Installing : redhat-logos-70.0.3-4.el7.noarch 8/10
Installing : httpd-2.4.6-40.el7.x86_64 9/10
Cleanup : elfutils-libelf-0.158-3.el7.x86_64 10/10
Verifying : elfutils-libs-0.163-3.el7.x86_64 1/10
Verifying : redhat-logos-70.0.3-4.el7.noarch 2/10
Verifying : apr-1.4.8-3.el7.x86_64 3/10
Verifying : mailcap-2.1.41-2.el7.noarch 4/10
Verifying : httpd-tools-2.4.6-40.el7.x86_64 5/10
Verifying : apr-util-1.5.2-6.el7.x86_64 6/10
Verifying : httpd-2.4.6-40.el7.x86_64 7/10
Verifying : elfutils-libelf-0.163-3.el7.x86_64 8/10
Verifying : systemd-libs-219-19.el7.x86_64 9/10
Verifying : elfutils-libelf-0.158-3.el7.x86_64 10/10
Installed:
httpd.x86_64 0:2.4.6-40.el7
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7
elfutils-libs.x86_64 0:0.163-3.el7 httpd-tools.x86_64 0:2.4.6-40.el7
mailcap.noarch 0:2.1.41-2.el7 redhat-logos.noarch 0:70.0.3-4.el7
systemd-libs.x86_64 0:219-19.el7
Dependency Updated:
elfutils-libelf.x86_64 0:0.163-3.el7
Complete!
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: rhel7.2
Cleaning up everything
---> be2dc7b157a1
Removing intermediate container ab2c2b23eea1
Step 6 : CMD /usr/sbin/httpd -D FOREGROUND
---> Running in d40c868f0fac
---> 65ae2cc8b78c
Removing intermediate container d40c868f0fac
Successfully built 65ae2cc8b78c
[root@foundation62 apache]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v2 65ae2cc8b78c 28 seconds ago 203.7 MB
rhel7 v1 429f78e41cc8 10 minutes ago 174.4 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation62 apache]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea6169858de8 rhel7 "bash" 37 minutes ago Exited (0) 12 minutes ago docker1
创建一个容器,以rhel7:v2镜像,对外接口连接8000:80,外界可以通过宿主机的8000端口连接容器的httpd服务
[root@foundation62 apache]# docker run -d -p 8000:80 --name apache rhel7:v2
cd0d46d83fdb986dcb0728fe00fdfa68f9e7da2a736817691fd6044fd2b4570b
[root@foundation62 apache]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.10.0/24 0.0.0.0/0
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE tcp -- 172.17.10.2 172.17.10.2 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.17.10.2:80
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain POSTROUTING_ZONES (1 references)
target prot opt source destination
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain POSTROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain POSTROUTING_direct (1 references)
target prot opt source destination
Chain POST_public (3 references)
target prot opt source destination
POST_public_log all -- 0.0.0.0/0 0.0.0.0/0
POST_public_deny all -- 0.0.0.0/0 0.0.0.0/0
POST_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain POST_public_allow (1 references)
target prot opt source destination
Chain POST_public_deny (1 references)
target prot opt source destination
Chain POST_public_log (1 references)
target prot opt source destination
Chain PREROUTING_ZONES (1 references)
target prot opt source destination
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain PREROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain PREROUTING_direct (1 references)
target prot opt source destination
Chain PRE_public (3 references)
target prot opt source destination
PRE_public_log all -- 0.0.0.0/0 0.0.0.0/0
PRE_public_deny all -- 0.0.0.0/0 0.0.0.0/0
PRE_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain PRE_public_allow (1 references)
target prot opt source destination
Chain PRE_public_deny (1 references)
target prot opt source destination
Chain PRE_public_log (1 references)
target prot opt source destination
[root@foundation62 apache]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cd0d46d83fdb rhel7:v2 "/usr/sbin/httpd -D F" About a minute ago Up About a minute 0.0.0.0:8000->80/tcp apache
[root@foundation62 apache]# docker kill apache
apache
[root@foundation62 apache]# docker rm apache
apache
[root@foundation62 apache]# docker run -d -p 8000:80 --name apache -v /docker/apache:/var/www/html rhel7:v2
9002022c7cd34f3b1f69bf6afe4115235ebbc7efab705006af47b76a47ed5406
[root@foundation62 apache]# vim index.html
[root@foundation62 apache]#
安装sshd服务
[root@foundation62 docker]# docker run -it --name docker2 rhel7:v1 bash
bash-4.2# [root@foundation62 docker]#
[root@foundation62 docker]# which ssh
/usr/bin/ssh
[root@foundation62 docker]# rpm -ql /usr/bin/ssh
package /usr/bin/ssh is not installed
[root@foundation62 docker]# which sshd
/usr/sbin/sshd
[root@foundation62 docker]# rpm -ql /usr/bin/sshd
package /usr/bin/sshd is not installed
[root@foundation62 docker]# which openssh
/usr/bin/which: no openssh in (/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/home/kiosk/.local/bin:/home/kiosk/bin)
[root@foundation62 docker]# docker attach docker2
bash-4.2# yum install -y openssh-server openssh-clients
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================
Installing:
openssh-clients x86_64 6.6.1p1-22.el7 rhel7.2 638 k
openssh-server x86_64 6.6.1p1-22.el7 rhel7.2 436 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 rhel7.2 21 k
fipscheck-lib x86_64 1.4.1-5.el7 rhel7.2 11 k
libedit x86_64 3.0-12.20121213cvs.el7 rhel7.2 92 k
openssh x86_64 6.6.1p1-22.el7 rhel7.2 435 k
tcp_wrappers-libs x86_64 7.6-77.el7 rhel7.2 66 k
Transaction Summary
=============================================================================================================================================
Install 2 Packages (+5 Dependent packages)
Total download size: 1.7 M
Installed size: 4.9 M
Downloading packages:
(1/7): fipscheck-1.4.1-5.el7.x86_64.rpm | 21 kB 00:00:00
(2/7): fipscheck-lib-1.4.1-5.el7.x86_64.rpm | 11 kB 00:00:00
(3/7): libedit-3.0-12.20121213cvs.el7.x86_64.rpm | 92 kB 00:00:00
(4/7): openssh-6.6.1p1-22.el7.x86_64.rpm | 435 kB 00:00:00
(5/7): openssh-clients-6.6.1p1-22.el7.x86_64.rpm | 638 kB 00:00:00
(6/7): openssh-server-6.6.1p1-22.el7.x86_64.rpm | 436 kB 00:00:00
(7/7): tcp_wrappers-libs-7.6-77.el7.x86_64.rpm | 66 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------
Total 7.6 MB/s | 1.7 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/7
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/7
Installing : openssh-6.6.1p1-22.el7.x86_64 3/7
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 5/7
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 6/7
Installing : openssh-server-6.6.1p1-22.el7.x86_64 7/7
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/7
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 2/7
Verifying : openssh-6.6.1p1-22.el7.x86_64 3/7
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 5/7
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 6/7
Verifying : fipscheck-1.4.1-5.el7.x86_64 7/7
Installed:
openssh-clients.x86_64 0:6.6.1p1-22.el7 openssh-server.x86_64 0:6.6.1p1-22.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7 libedit.x86_64 0:3.0-12.20121213cvs.el7
openssh.x86_64 0:6.6.1p1-22.el7 tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
bash-4.2# rpm -ql openssh-server
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/sysconfig/sshd
/usr/lib/systemd/system/sshd-keygen.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd.socket
/usr/lib/systemd/system/sshd@.service
/usr/lib64/fipscheck/sshd.hmac
/usr/libexec/openssh/sftp-server
/usr/sbin/sshd
/usr/sbin/sshd-keygen
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd
bash-4.2# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
bash-4.2# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N ""
bash-4.2# cd /etc/ssh
bash-4.2# ls
moduli ssh_config ssh_host_rsa_key ssh_host_rsa_key.pub sshd_config
bash-4.2# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""
bash-4.2# ls
moduli ssh_config ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub sshd_config
bash-4.2# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""
bash-4.2# ls
moduli ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key sshd_config
ssh_config ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
bash-4.2# /usr/sbin/sshd
bash-4.2# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 37/sshd
tcp6 0 0 :::22 :::* LISTEN 37/sshd
bash-4.2# echo root:redhat | chpasswd
bash-4.2# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 15:10:9b:df:fa:69:8f:f2:fa:51:99:6a:8d:6b:3b:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
-bash-4.2# exit
logout
Connection to localhost closed.
bash-4.2# exit
exit
[root@foundation62 docker]#
编写dockerfile文件,创建有sshd服务的镜像
[root@foundation62 docker]# mkdir ssh
[root@foundation62 docker]# cd ssh
[root@foundation62 ssh]# ls
[root@foundation62 ssh]# cp /docker/apache/Dockerfile .
[root@foundation62 ssh]# ls
Dockerfile
[root@foundation62 ssh]# vim Dockerfile
[root@foundation62 ssh]# cat Dockerfile
FROM rhel7:v1
MAINTAINER 105720057@qq.com
ENV HOSTNAME virgo62
EXPOSE 22
RUN yum install -y openssh-server openssh-clients && yum clean all
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N "" && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N "" && echo root:redhat | chpasswd
CMD ["/usr/sbin/sshd","-D"]
[root@foundation62 ssh]# docker build -t rhel7:v3
docker: "build" requires 1 argument.
See 'docker build --help'.
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
[root@foundation62 ssh]# docker build -t rhel7:v3 .
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM rhel7:v1
---> 429f78e41cc8
Step 2 : MAINTAINER 105720057@qq.com
---> Using cache
---> 3f7554e2c8e7
Step 3 : ENV HOSTNAME virgo62
---> Using cache
---> c4fdb5bad249
Step 4 : EXPOSE 22
---> Running in c9f61dd6b98f
---> 7d55ea3d4671
Removing intermediate container c9f61dd6b98f
Step 5 : RUN yum install -y openssh-server openssh-clients && yum clean all
---> Running in 45ae8c0bf74b
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-clients x86_64 6.6.1p1-22.el7 rhel7.2 638 k
openssh-server x86_64 6.6.1p1-22.el7 rhel7.2 436 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 rhel7.2 21 k
fipscheck-lib x86_64 1.4.1-5.el7 rhel7.2 11 k
libedit x86_64 3.0-12.20121213cvs.el7 rhel7.2 92 k
openssh x86_64 6.6.1p1-22.el7 rhel7.2 435 k
tcp_wrappers-libs x86_64 7.6-77.el7 rhel7.2 66 k
Transaction Summary
================================================================================
Install 2 Packages (+5 Dependent packages)
Total download size: 1.7 M
Installed size: 4.9 M
Downloading packages:
--------------------------------------------------------------------------------
Total 24 MB/s | 1.7 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/7
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/7
Installing : openssh-6.6.1p1-22.el7.x86_64 3/7
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 5/7
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 6/7
Installing : openssh-server-6.6.1p1-22.el7.x86_64 7/7
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/7
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 2/7
Verifying : openssh-6.6.1p1-22.el7.x86_64 3/7
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 5/7
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 6/7
Verifying : fipscheck-1.4.1-5.el7.x86_64 7/7
Installed:
openssh-clients.x86_64 0:6.6.1p1-22.el7
openssh-server.x86_64 0:6.6.1p1-22.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7 openssh.x86_64 0:6.6.1p1-22.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: rhel7.2
Cleaning up everything
---> 45bb78441437
Removing intermediate container 45ae8c0bf74b
Step 6 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N "" && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N "" && echo root:redhat | chpasswd
---> Running in f767c43744b1
---> e08b12210695
Removing intermediate container f767c43744b1
Step 7 : CMD /usr/sbin/sshd -D
---> Running in 4812b4e26146
---> 4e5b01d13fcc
Removing intermediate container 4812b4e26146
Successfully built 4e5b01d13fcc
[root@foundation62 ssh]# docker history rhel7:v3
IMAGE CREATED CREATED BY SIZE COMMENT
4e5b01d13fcc 13 seconds ago /bin/sh -c #(nop) CMD ["/usr/sbin/sshd" "-D"] 0 B
e08b12210695 17 seconds ago /bin/sh -c ssh-keygen -t rsa -f /etc/ssh/ssh_ 3.897 kB
45bb78441437 23 seconds ago /bin/sh -c yum install -y openssh-server open 13.73 MB
7d55ea3d4671 48 seconds ago /bin/sh -c #(nop) EXPOSE 22/tcp 0 B
c4fdb5bad249 About an hour ago /bin/sh -c #(nop) ENV HOSTNAME=virgo62 0 B
3f7554e2c8e7 About an hour ago /bin/sh -c #(nop) MAINTAINER 105720057@qq.com 0 B
429f78e41cc8 About an hour ago bash 34.16 MB
0a3eb3fde7fd 2 years ago 140.2 MB Imported from -
[root@foundation62 ssh]# docker run -d --name ssh -p 2222:22 rhel7:v3
1b10e2d969abd732190c526f479b2b33bd88d453065ec807d2a36fbac510b061
[root@foundation62 ssh]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1b10e2d969ab rhel7:v3 "/usr/sbin/sshd -D" 11 seconds ago Up 8 seconds 0.0.0.0:2222->22/tcp ssh
9002022c7cd3 rhel7:v2 "/usr/sbin/httpd -D F" 53 minutes ago Up 53 minutes 0.0.0.0:8000->80/tcp apache
[root@foundation62 ssh]# ssh localhost
ssh: connect to host localhost port 22: Connection refused
[root@foundation62 ssh]# ssh localhost -p 2222
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ECDSA key fingerprint is 01:99:63:44:02:14:a8:00:bd:7f:05:d9:40:7d:bd:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.
root@localhost's password:
-bash-4.2# exit
logout
Connection to localhost closed.
[root@foundation62 ssh]#
Dockerfile多服务启动
[root@foundation62 docker]# mkdir supervisor
[root@foundation62 docker]# cd supervisor/
[root@foundation62 supervisor]# ls
[root@foundation62 supervisor]# mv ../supervisor-3.1.3-3.el7.noarch.rpm .
[root@foundation62 supervisor]# ls
supervisor-3.1.3-3.el7.noarch.rpm
[root@foundation62 supervisor]# cp ../ssh/Dockerfile .
[root@foundation62 supervisor]# ls
Dockerfile supervisor-3.1.3-3.el7.noarch.rpm
[root@foundation62 supervisor]# vim Dockerfile
[root@foundation62 supervisor]# vim supervisord.conf
[root@foundation62 supervisor]# cat supervisord.conf
[supervisord]
nodaemon=true
[program:httpd]
command=/usr/sbin/httpd
[program:sshd]
command=/usr/sbin/sshd -D
[root@foundation62 supervisor]# vim Dockerfile
[root@foundation62 supervisor]# vim Dockerfile
[root@foundation62 supervisor]# docker build -t rhel7:v4 .
Sending build context to Docker daemon 536.1 kB
Step 1 : FROM rhel7:v1
---> 429f78e41cc8
Step 2 : MAINTAINER 105720057@qq.com
---> Using cache
---> 3f7554e2c8e7
Step 3 : ENV HOSTNAME virgo62
---> Using cache
---> c4fdb5bad249
Step 4 : EXPOSE 22 80
---> Running in ac195090bad3
---> 72245f4df8b5
Removing intermediate container ac195090bad3
Step 5 : COPY /docker/supervisor/rpm/ /rpm/
lstat docker/supervisor/rpm/: no such file or directory
[root@foundation62 supervisor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 72245f4df8b5 27 seconds ago 174.4 MB
rhel7 v3 4e5b01d13fcc 2 hours ago 188.1 MB
rhel7 v2 65ae2cc8b78c 3 hours ago 203.7 MB
rhel7 v1 429f78e41cc8 3 hours ago 174.4 MB
ubuntu v1 ec2f819155c7 24 hours ago 187.9 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation62 supervisor]# docker rmi 72245f4df8b5
Deleted: sha256:72245f4df8b5d5de0750fa3168b21367b421c15d28493fe1eac71e407d8147b9
[root@foundation62 supervisor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 4e5b01d13fcc 2 hours ago 188.1 MB
rhel7 v2 65ae2cc8b78c 3 hours ago 203.7 MB
rhel7 v1 429f78e41cc8 3 hours ago 174.4 MB
ubuntu v1 ec2f819155c7 24 hours ago 187.9 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation62 supervisor]# vim Dockerfile
[root@foundation62 supervisor]# docker build -t rhel7:v4 .
Sending build context to Docker daemon 536.1 kB
Step 1 : FROM rhel7:v1
---> 429f78e41cc8
Step 2 : MAINTAINER 105720057@qq.com
---> Using cache
---> 3f7554e2c8e7
Step 3 : ENV HOSTNAME virgo62
---> Using cache
---> c4fdb5bad249
Step 4 : EXPOSE 22 80
---> Running in 0fd7439f0859
---> b65396498065
Removing intermediate container 0fd7439f0859
Step 5 : COPY /rpm/ /rpm/
---> 4f34502c4a14
Removing intermediate container ddbc99032220
Step 6 : RUN rpm -ivh /rpm/python-meld3-0.6.10-1.el7.x86_64.rpm
---> Running in fd4bd956acb2
warning: /rpm/python-meld3-0.6.10-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ########################################
Updating / installing...
python-meld3-0.6.10-1.el7 ########################################
---> b98ba8a7ff4c
Removing intermediate container fd4bd956acb2
Step 7 : RUN yum install -y openssh-server openssh-clients httpd python-setuptools && yum clean all
---> Running in 7eea398bd4d1
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-40.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-40.el7 for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libsystemd-daemon.so.0(LIBSYSTEMD_DAEMON_31)(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libsystemd-daemon.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
---> Package python-setuptools.noarch 0:0.9.8-4.el7 will be installed
--> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-4.el7.noarch
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package httpd-tools.x86_64 0:2.4.6-40.el7 will be installed
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7 will be installed
--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
---> Package redhat-logos.noarch 0:70.0.3-4.el7 will be installed
---> Package systemd-libs.x86_64 0:219-19.el7 will be installed
--> Processing Dependency: libdw.so.1()(64bit) for package: systemd-libs-219-19.el7.x86_64
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package elfutils-libs.x86_64 0:0.163-3.el7 will be installed
--> Processing Dependency: elfutils-libelf(x86-64) = 0.163-3.el7 for package: elfutils-libs-0.163-3.el7.x86_64
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
--> Running transaction check
---> Package elfutils-libelf.x86_64 0:0.158-3.el7 will be updated
---> Package elfutils-libelf.x86_64 0:0.163-3.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
httpd x86_64 2.4.6-40.el7 rhel7.2 1.2 M
openssh-clients x86_64 6.6.1p1-22.el7 rhel7.2 638 k
openssh-server x86_64 6.6.1p1-22.el7 rhel7.2 436 k
python-setuptools noarch 0.9.8-4.el7 rhel7.2 397 k
Installing for dependencies:
apr x86_64 1.4.8-3.el7 rhel7.2 103 k
apr-util x86_64 1.5.2-6.el7 rhel7.2 92 k
elfutils-libs x86_64 0.163-3.el7 rhel7.2 260 k
fipscheck x86_64 1.4.1-5.el7 rhel7.2 21 k
fipscheck-lib x86_64 1.4.1-5.el7 rhel7.2 11 k
httpd-tools x86_64 2.4.6-40.el7 rhel7.2 82 k
libedit x86_64 3.0-12.20121213cvs.el7 rhel7.2 92 k
mailcap noarch 2.1.41-2.el7 rhel7.2 31 k
openssh x86_64 6.6.1p1-22.el7 rhel7.2 435 k
python-backports x86_64 1.0-8.el7 rhel7.2 5.8 k
python-backports-ssl_match_hostname
noarch 3.4.0.2-4.el7 rhel7.2 12 k
redhat-logos noarch 70.0.3-4.el7 rhel7.2 13 M
systemd-libs x86_64 219-19.el7 rhel7.2 356 k
tcp_wrappers-libs x86_64 7.6-77.el7 rhel7.2 66 k
Updating for dependencies:
elfutils-libelf x86_64 0.163-3.el7 rhel7.2 200 k
Transaction Summary
================================================================================
Install 4 Packages (+14 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 17 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total 92 MB/s | 17 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : fipscheck-1.4.1-5.el7.x86_64 1/20
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/20
Installing : apr-1.4.8-3.el7.x86_64 3/20
Installing : apr-util-1.5.2-6.el7.x86_64 4/20
Installing : openssh-6.6.1p1-22.el7.x86_64 5/20
Installing : httpd-tools-2.4.6-40.el7.x86_64 6/20
Updating : elfutils-libelf-0.163-3.el7.x86_64 7/20
Installing : elfutils-libs-0.163-3.el7.x86_64 8/20
Installing : systemd-libs-219-19.el7.x86_64 9/20
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 10/20
Installing : python-backports-1.0-8.el7.x86_64 11/20
Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 12/20
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 13/20
Installing : mailcap-2.1.41-2.el7.noarch 14/20
Installing : redhat-logos-70.0.3-4.el7.noarch 15/20
Installing : httpd-2.4.6-40.el7.x86_64 16/20
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 17/20
Installing : python-setuptools-0.9.8-4.el7.noarch 18/20
Installing : openssh-server-6.6.1p1-22.el7.x86_64 19/20
Cleanup : elfutils-libelf-0.158-3.el7.x86_64 20/20
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/20
Verifying : python-setuptools-0.9.8-4.el7.noarch 2/20
Verifying : redhat-logos-70.0.3-4.el7.noarch 3/20
Verifying : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 4/20
Verifying : apr-1.4.8-3.el7.x86_64 5/20
Verifying : mailcap-2.1.41-2.el7.noarch 6/20
Verifying : httpd-tools-2.4.6-40.el7.x86_64 7/20
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 8/20
Verifying : apr-util-1.5.2-6.el7.x86_64 9/20
Verifying : python-backports-1.0-8.el7.x86_64 10/20
Verifying : httpd-2.4.6-40.el7.x86_64 11/20
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 12/20
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 13/20
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 14/20
Verifying : elfutils-libs-0.163-3.el7.x86_64 15/20
Verifying : openssh-6.6.1p1-22.el7.x86_64 16/20
Verifying : elfutils-libelf-0.163-3.el7.x86_64 17/20
Verifying : systemd-libs-219-19.el7.x86_64 18/20
Verifying : fipscheck-1.4.1-5.el7.x86_64 19/20
Verifying : elfutils-libelf-0.158-3.el7.x86_64 20/20
Installed:
httpd.x86_64 0:2.4.6-40.el7
openssh-clients.x86_64 0:6.6.1p1-22.el7
openssh-server.x86_64 0:6.6.1p1-22.el7
python-setuptools.noarch 0:0.9.8-4.el7
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7
apr-util.x86_64 0:1.5.2-6.el7
elfutils-libs.x86_64 0:0.163-3.el7
fipscheck.x86_64 0:1.4.1-5.el7
fipscheck-lib.x86_64 0:1.4.1-5.el7
httpd-tools.x86_64 0:2.4.6-40.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7
mailcap.noarch 0:2.1.41-2.el7
openssh.x86_64 0:6.6.1p1-22.el7
python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7
redhat-logos.noarch 0:70.0.3-4.el7
systemd-libs.x86_64 0:219-19.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Dependency Updated:
elfutils-libelf.x86_64 0:0.163-3.el7
Complete!
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: rhel7.2
Cleaning up everything
---> 525eb0164fa2
Removing intermediate container 7eea398bd4d1
Step 8 : RUN rpm -ivh /rpm/supervisor-3.1.3-3.el7.noarch.rpm
---> Running in 15bb29964688
warning: /rpm/supervisor-3.1.3-3.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ########################################
Updating / installing...
supervisor-3.1.3-3.el7 ########################################
---> 5b97e575225d
Removing intermediate container 15bb29964688
Step 9 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N "" && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N "" && echo root:redhat | chpasswd
---> Running in e2c3b89085d8
---> 7009f6eb5057
Removing intermediate container e2c3b89085d8
Step 10 : COPY supervisord.conf /etc/supervisord.conf
---> e72e6e28ce0c
Removing intermediate container f41d2695171a
Step 11 : CMD /usr/bin/supervisord
---> Running in b874605bcf4a
---> becc1096e4f7
Removing intermediate container b874605bcf4a
Successfully built becc1096e4f7
[root@foundation62 supervisor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation62 supervisor]# docker inspect rhel7:v4
[
{
"Id": "sha256:becc1096e4f7bdf21be31935c498441a0766a94bb64634ae4e56ced74fc630dd",
"RepoTags": [
"rhel7:v4"
],
"RepoDigests": [],
"Parent": "sha256:e72e6e28ce0c7c0055fd7537da80828f0faa63b623d99d671b135cd19001ca85",
"Comment": "",
"Created": "2017-05-10T08:18:32.825865287Z",
"Container": "b874605bcf4a5e436296526a8968491dbe60fdd914d2985328c5ac6b95d1400f",
"ContainerConfig": {
"Hostname": "0fd7439f0859",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"22/tcp": {},
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HOSTNAME=virgo62"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) CMD ["/usr/bin/supervisord"]"
],
"ArgsEscaped": true,
"Image": "sha256:e72e6e28ce0c7c0055fd7537da80828f0faa63b623d99d671b135cd19001ca85",
"Volumes": {},
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": [],
"Labels": {}
},
"DockerVersion": "1.10.3",
"Author": "105720057@qq.com",
"Config": {
"Hostname": "0fd7439f0859",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"22/tcp": {},
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HOSTNAME=virgo62"
],
"Cmd": [
"/usr/bin/supervisord"
],
"ArgsEscaped": true,
"Image": "sha256:e72e6e28ce0c7c0055fd7537da80828f0faa63b623d99d671b135cd19001ca85",
"Volumes": {},
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": [],
"Labels": {}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 230904916,
"VirtualSize": 230904916,
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "186",
"DeviceName": "docker-8:9-26884788-95465087d6d9fa118b818aa9bb8c1d45c43c0a31edcc90883b6071d69db20e81",
"DeviceSize": "10737418240"
}
}
}
]
-p可多次使用
[root@foundation62 supervisor]# docker run -d --name supervisor -p 2222:22 -p 8000:80 rhel7:v4
609c5f19625f4a64506b6ff93a7ce3671d733f937b60800d89ac151c87e2f249
[root@foundation62 supervisor]# docker stop supervisor
supervisor
[root@foundation62 supervisor]# docker rm supervisor
supervisor
[root@foundation62 supervisor]# docker run -d --name supervisor -p 2222:22 -p 8000:80 -v /docker/apache/:/var/www/html rhel7:v4
4557c5a55efb4d110c6beeaf741aed404ceabd643d03cd3bced2cd967f18ee40
[root@foundation62 supervisor]# ssh localhost -p 2222
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
a0:f1:8b:2b:bc:91:12:8d:f2:36:c0:8d:f8:19:5b:24.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:7
ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.
Host key verification failed.
[root@foundation62 supervisor]# rm -fr /root/.ssh/known_hosts
[root@foundation62 supervisor]# ssh localhost -p 2222
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ECDSA key fingerprint is a0:f1:8b:2b:bc:91:12:8d:f2:36:c0:8d:f8:19:5b:24.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.
root@localhost's password:
-bash-4.2# exit
logout
Connection to localhost closed.
[root@foundation62 supervisor]# curl localhost:8000
<h1>HELLO WORLD!</h1>
[root@foundation62 supervisor]#