容器和 VM(虚拟机)的主要区别是,容器提供了基于进程的隔离,而虚拟机提供了资源的完全隔离。虚拟机可能需要一分钟来启动,而容器只需要一秒钟或更短。容器使用宿主操作系统的内核,而虚拟机使用独立的内核。
Docker 的局限性之一是,它只能用在 64 位的操作系统上。
docker 是一个linux 上的LXC 容器项目,是很轻量级的虚拟化技术。
docker虽然基于lxc技术(cgroup、namespace等),但是思路完全和lxc不一样。
lxc看起来更像是一个虚拟机,多用于操作系统级别的虚拟化,背后的哲学是 IAAS;
而docker看起来是一个程序,跑在沙箱里的程序,属于应用程序级别的虚拟化,背后的哲学是 PAAS。
RHEL 6.5 开始提供docker 支持,我们使用 CentOS 6.6 x64 进行实验。
阿里巴巴价值
商业
传统
当下
阿里巴巴这样的电商带来的最大价值在于降低了商品的社会交易成本
docker价值
现在我们把商业发展的逻辑搬到软件交付这里。传统的软件交付面临同传统商业类似的问题:
传统
软件开发者和软件使用者双方信息不对称。尽管开发者对软件的代码编译、参数配置、运行环境等信息了如指掌,但使用者却很可能一知半解。因此,我们会经常看到使用者抱怨,明明按照用户手册一步步操作,却仍然跑不起来。这种情况也时常出现在软件流程中,开发将程序和文档交付给测试或运维,测试或运维却总是无法重现期望的运行状态,几经辗转发现是机器环境 、系统环境、软件依赖版本、参数配置等等原因导致。这样低效的软件流程将使持续集成与持续交付很难真正实施起来,仅仅流于形式。
当下
Docker之所以如此受人瞩目,并不是因为它创造了多么神奇的技术,而是因为它重新定义了软件的交付方式,进而将改变传统“开发-测试-部署”的软件流程。尤其是在云计算和开源软件大行其道的今天,Docker的出现正好顺应了时代的发展,占尽了天时地利人和。
Docker的出现则将软件从开发方到使用方的交付过程变得集中化、标准化、透明化:
集中化:软件使用者可以从Docker仓库找到琳琅满目的软件镜像,一个镜像包含商业软件或开源软件,也可以包含单个软件或任意的软件组合。
标准化:Docker镜像的“构建-发布-存储-下载-运行”是标准化的,统一通过Docker工具来执行,而且所有操作都可以移植到任意的机器或平台。
透明化:Docker镜像是自包含的,包括程序、软件依赖、参数配置等所有运行环境,使用者无需了解细节,只需运行同样的Docker命令就能达到与开发者同样的运行状态。
综上所述,可以说Docker带来的最大价值在于降低了软件的交付成本。
在生产环境中存在的问题
Docker的发展势头一天比一天强劲,它显然在试图解决实际的问题。然而,对如今许多的生产环境用户来说,没有出现优点压倒缺点的局面。在开发、测试和持续性集成等环境下,Docker在让容器吸引广大开发人员方面确实有上佳的表现,不过它还没有颠覆生产环境。
从2013年起,负责Docker开源项目的商业公司Docker, Inc.,开始主导容器虚拟化的市场。最近,包括拥有LXD技术的Canonical以及拥有Rocket技术的CoreOS等其他供应商,也开始进入容器市场。
[root@kvm2 ~]# yum install docker
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Installing:
docker x86_64 1.9.1-40.el7.centos extras 7.8 M
Installing for dependencies:
docker-common x86_64 1.9.1-40.el7.centos extras 55 k
docker-forward-journald x86_64 1.9.1-40.el7.centos extras 827 k
docker-selinux x86_64 1.9.1-40.el7.centos extras 73 k
Transaction Summary
=============================================================================================================================================================================================================================================
Install 1 Package (+3 Dependent packages)
[root@kvm2 ~]# systemctl status docker -l
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2016-06-12 11:01:52 CST; 10s ago
Docs: http://docs.docker.com
Main PID: 5881 (sh)
CGroup: /system.slice/docker.service
├─5881 /bin/sh -c /usr/bin/docker-current daemon $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY 2>&1 | /usr/bin/forward-journald -tag docker
├─5882 /usr/bin/docker-current daemon --selinux-enabled
└─5883 /usr/bin/forward-journald -tag docker
Jun 12 11:01:51 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:51.866493994+08:00" level=warning msg="Docker could not enable SELinux on the host system"
Jun 12 11:01:51 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:51.891206059+08:00" level=info msg="Firewalld running: false"
Jun 12 11:01:52 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:52.010246032+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Jun 12 11:01:52 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:52.847400089+08:00" level=info msg="Loading containers: start."
Jun 12 11:01:52 kvm2.zf.com forward-journal[5883]:
Jun 12 11:01:52 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:52.847530886+08:00" level=info msg="Loading containers: done."
Jun 12 11:01:52 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:52.847625100+08:00" level=info msg="Daemon has completed initialization"
Jun 12 11:01:52 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:52.847640536+08:00" level=info msg="Docker daemon" commit="ab77bde/1.9.1" execdriver=native-0.2 graphdriver=devicemapper version=1.9.1
Jun 12 11:01:52 kvm2.zf.com forward-journal[5883]: time="2016-06-12T11:01:52.856632634+08:00" level=info msg="API listen on /var/run/docker.sock"
Jun 12 11:01:52 kvm2.zf.com systemd[1]: Started Docker Application Container Engine.
[root@kvm2 ~]# docker version
Client:
Version: 1.9.1
API version: 1.21
Package version: docker-common-1.9.1-40.el7.centos.x86_64
Go version: go1.4.2
Git commit: ab77bde/1.9.1
Built:
OS/Arch: linux/amd64
Server:
Version: 1.9.1
API version: 1.21
Package version: docker-common-1.9.1-40.el7.centos.x86_64
Go version: go1.4.2
Git commit: ab77bde/1.9.1
Built:
OS/Arch: linux/amd64
搜索镜像
man docker search
Search Docker Hub for images that match the specified TERM.
https://hub.docker.com/
下载镜像
man docker pull
pulls down an image or a repository from a registry.
docker pull registry.hub.docker.com/fedora:20
If you do not specify a REGISTRY_HOST, the command uses Docker's public registry located at registry-1.docker.io by default.
docker pull centos
默认下载库名为centos,tag为latest的镜像,否则就指定registry/repository:tag
查看镜像
To list the images in a local repository (not the registry) run:
docker images
This command lists the images stored in the local Docker repository.
The title REPOSITORY for the first title may seem confusing. It is essentially the image name
运行镜像
man docker run
docker-run - Run a command in a new container
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
查看容器
man docker ps
加入--no-trunc=true这个选项就不会截断描述列了。
[root@kvm2 ~]# docker history --no-trunc=true d6d IMAGE CREATED CREATED BY SIZE COMMENT d6d9ec2e67f1389197bf61eb8c07ba782dbe480bae1ea775dd1992ee5f632e4b 4 weeks ago /bin/sh -c #(nop) CMD ["supervisord" "-n"] 0 B f818b50199268782cbac6930cda936d3ef4c390f95acd4b8fe2c07cf1fa33ff4 4 weeks ago /bin/sh -c #(nop) EXPOSE 22/tcp 443/tcp 80/tcp 0 B afa600610768c5815a1cb7ad539f58a8d9e218246e31bde380be46636f1d9a9d 4 weeks ago /bin/sh -c #(nop) ADD file:c987af8588740fdd52d1bfbb399323e51fb87f254fce88dc541312d3170307a1 in /etc/ 1.414 kB 1aa4911f40c7d92d33da1ad1431c32a04be94509084ba2bfca5e7efe0b52a091 4 weeks ago /bin/sh -c #(nop) ADD file:77dbd518f0925a02442836e97b8840c54a3e7c1658bf60dac904ee540127c08e in /var/www/html/ 22 B ee207207752fe93d37e59a6a6f583a2996e28ffd057bb40470ca853826c8978a 4 weeks ago /bin/sh -c mkdir -p /root/.ssh && touch /root/.ssh/authorized_keys && chmod 700 /root/.ssh 0 B b03bf16299774b8a0272ecc53d97041d40ba2dc8ac11dc82f9acaf509058afe1 4 weeks ago /bin/sh -c sed -ri 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config && echo 'root:changeme' | chpasswd 5.044 kB 3f97351ce7a954e2a7474d7942a0151723bdc6f0eee450e9ca1c5e3d75854632 4 weeks ago /bin/sh -c ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key && ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key 3.353 kB 341fee58aa0f9fbac5552729659d342d8476e57f2ea03813ba8397e3231c1ce1 4 weeks ago /bin/sh -c yum install -y openssh-server openssh-clients passwd 17.02 MB 4121ea2cc40134f7a06e050977e3ac9f9915076dae488a54f97d1875b6fd1a2e 4 weeks ago /bin/sh -c pip install supervisor 2.707 MB 724c96ad712b19ea281f55b49a6b2dc2cce151babe0e5b595289a6b7cd3ea677 4 weeks ago /bin/sh -c yum install -y python-pip && pip install "pip>=1.4,<1.5" --upgrade 18.18 MB 306cfb3b53df0671704091ed4a3620d08d30cf11bcc8736d474e48443b893cdc 4 weeks ago /bin/sh -c yum install -y php php-mysql php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml 50.27 MB 5c0d565c6fa254516c514a8ad5ec2f370351e516e8fb8f0d33ad7085e583970e 4 weeks ago /bin/sh -c service mysqld start 21.84 MB 4fd77ea1aba2a4dcdfcbffd61a79c50e6b528663213aa6454d3fef80dcd7d82c 4 weeks ago /bin/sh -c echo "NETWORKING=yes" > /etc/sysconfig/network 15 B 205a003e4718da4ddfba7b9595a89274ba3a0c0bd6833e9123d7b80c1c5bbb48 4 weeks ago /bin/sh -c yum install -y mysql mysql-server 47.11 MB 5f5b0aafb036866c5b87fe5c5777698f19f734bdc1520d50cafadfc7d1ecf655 4 weeks ago /bin/sh -c yum -y install httpd vim-enhanced bash-completion unzip 168.3 MB b10e99758b954c268ac3fe6a9b28e148604222155f3d693f8c297583d027c25e 4 weeks ago /bin/sh -c rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm 10.34 MB 4a98883d437e364a6d103abdebfcb88c026af9c09aa43e8cb83c2e6b1a2e746a 4 weeks ago /bin/sh -c #(nop) MAINTAINER Nicholas Istre <nicholas.istre@e-hps.com> 0 B d65a92bab695a23057d02823b5d718822faaa413641f719764dc82bd47e6ea61 8 months ago /bin/sh -c #(nop) ADD file:9ff85de7a936502e83fadeed82d6f11231ce7e842eea23d73f6f5fb7182f1111 in / 202.6 MB 3690474eb5b4b26fdfbd89c6e159e8cc376ca76ef48032a30fa6aafd56337880 14 months ago /bin/sh -c #(nop) MAINTAINER The CentOS Project <cloud-ops@centos.org> - ami_creator 0 B
[root@kvm2 ~]# docker search --no-trunc=true centos
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/centos The official build of CentOS. 2323 [OK]
docker.io docker.io/jdeathe/centos-ssh CentOS-6 6.7 x86_64 / CentOS-7 7.2.1511 x86_64 - SCL/EPEL/IUS Repos / Supervisor / OpenSSH. 25 [OK]
docker.io docker.io/jdeathe/centos-ssh-apache-php CentOS-6 6.7 x86_64 / Apache / PHP / PHP Memcached / PHP APC. 17 [OK]
docker.io docker.io/nimmis/java-centos This is docker images of CentOS 7 with different versions of java 12 [OK]
docker.io docker.io/million12/centos-supervisor Base CentOS-7 with supervisord launcher, highly extensible. 11 [OK]
docker.io docker.io/consol/centos-xfce-vnc Centos container with "headless" VNC session and preinstalled Firefox and Chrome browser 9 [OK]
docker.io docker.io/torusware/speedus-centos Always updated official CentOS docker image with Torusware Speedus acceleration software 8 [OK]
docker.io docker.io/nickistre/centos-lamp LAMP on centos setup 4 [OK]
docker.io docker.io/centos/mariadb55-centos7 3 [OK]
docker.io docker.io/nathonfowlie/centos-jre Latest CentOS image with the JRE pre-installed. 3 [OK]
docker.io docker.io/consol/sakuli-centos-xfce Sakuli end-2-end testing and monitoring container based on CentOS and Xfce4. 2 [OK]
docker.io docker.io/blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK]
docker.io docker.io/darksheer/centos Base Centos Image -- Updated hourly 1 [OK]
docker.io docker.io/lighthopper/orientdb-centos A Dockerfile for creating an OrientDB image on top of the official CentOS distribution. 1 [OK]
docker.io docker.io/timhughes/centos Centos with systemd installed and running 1 [OK]
docker.io docker.io/yajo/centos-epel CentOS with EPEL and fully updated 1 [OK]
docker.io docker.io/ericuni/centos centos dev 0 [OK]
docker.io docker.io/grayzone/centos auto build for centos. 0 [OK]
docker.io docker.io/grossws/centos CentOS 6 and 7 base images with gosu and locales 0 [OK]
docker.io docker.io/januswel/centos yum update-ed CentOS image 0 [OK]
docker.io docker.io/jsmigel/centos-epel Docker base image of CentOS w/ EPEL installed 0 [OK]
docker.io docker.io/kz8s/centos Official CentOS plus epel-release 0 [OK]
docker.io docker.io/labengine/centos Centos image base 0 [OK]
docker.io docker.io/repositoryjp/centos Docker Image for CentOS. 0 [OK]
docker.io docker.io/ustclug/centos USTC centos
上面需要的东西后,就可以用下面的命令开始下载了。
镜像都是按照用户名/镜像名的方式来存储的。有一组比较特殊的镜像,比如ubuntu这类基础镜像,经过官方的验证,值得信任,可以直接用镜像名来检索到。
[root@kvm1 tmp]# docker pull centos/mariadb55-centos7
Using default tag: latest
Trying to pull repository docker.io/centos/mariadb55-centos7 ... latest: Pulling from centos/mariadb55-centos7
1544084fad81: Pull complete
ddca430e683e: Downloading [=============> ] 19.44 MB/70.54 MB
bb35b9816560: Download complete
ddca430e683e: Pull complete
bb35b9816560: Pull complete
000ef0017d51: Pull complete
02b68f50c545: Pull complete
699ae6f1afb0: Pull complete
bb36ed4c0771: Pull complete
509e402b8043: Pull complete
5510bcbd751b: Pull complete
c65b7f76a8c0: Pull complete
d5bf20ab0e00: Pull complete
4e6bcf53b594: Pull complete
d480ffa2a79e: Pull complete
1cca63c752fe: Pull complete
b8476e51b045: Pull complete
b9232fb50895: Pull complete
56aa3ea11826: Pull complete
18fe7a620d97: Pull complete
Digest: sha256:96bf01600a6b0c43eebd435eb863468a42816cb3a08d747d79e3e5d4dfd69df5
Status: Downloaded newer image for docker.io/centos/mariadb55-centos7:latest
[root@kvm1 tmp]#
[root@kvm2 docker]# docker pull httpd
Using default tag: latest
Trying to pull repository docker.io/library/httpd ... latest: Pulling from library/httpd
23286f48d129: Pull complete
cbee5247e891: Pull complete
b88cfb2ab04b: Pull complete
f6f65ab94dc8: Pull complete
622e17bfb07d: Pull complete
c400bf2459b2: Pull complete
8c87d07c0fd8: Pull complete
b02f86f012c3: Pull complete
fade6d358f5e: Pull complete
2882c5b19e6a: Pull complete
9fce1c51710f: Pull complete
6ff460a5471f: Pull complete
6bce6ad2c6a9: Pull complete
Digest: sha256:c89a26acb0edf2f5ef196db39837f3fc2a323ba149f966f7dbb0f0ad659cb4e1
Status: Downloaded newer image for docker.io/httpd:latest
[root@kvm2 ~]# docker run -it httpd bash
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
root@e392fae6a6bd:/usr/local/apache2#
docker run的命令参数,映射容器端口80到主机端口8076,这样以后就可以用浏览器访问宿主机的ip+8076
[root@kvm2 ff]# docker run -p 8076:80 -d -it httpd
27df118645f56d32cef13021150e484bb0737ce12c388414286e621035acb760
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
To mount a host directory(/var/db) as a container volume(/data1)
docker run -v /var/db:/data1 -it httpd bash
镜像只有一个,但是容器有n个,每次启动都会生成一个不同的。
[root@kvm2 ff]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc8d8dce5ad9 httpd "bash" 2 minutes ago Exited (0) About a minute ago clever_sammet
27df118645f5 httpd "httpd-foreground" 14 minutes ago Up 14 minutes 0.0.0.0:8076->80/tcp thirsty_jang
6208f9ef6253 httpd "httpd-foreground" 21 minutes ago Exited (0) 16 minutes ago distracted_varahamihira
48987af82c5a httpd "bash" 24 minutes ago Exited (0) 23 minutes ago reverent_hawking
58769180232c httpd "bash" 24 minutes ago Exited (0) 24 minutes ago cocky_shaw
de3a82a9fddd httpd "httpd-foreground" 38 minutes ago Up 26 minutes 80/tcp condescending_wilson
32101274af20 httpd "bash" 40 minutes ago Exited (127) 39 minutes ago focused_khorana
788c6fa29a70 httpd "/usr/sbin/sshd -D" 40 minutes ago Created compassionate_meitner
e392fae6a6bd httpd "bash" 50 minutes ago Exited (0) 41 minutes ago nostalgic_nobel
110dca752a67 httpd "httpd-foreground" 50 minutes ago Exited (0) 50 minutes ago compassionate_mestorf
7dc69d4edbcc httpd "httpd-foreground" About an hour ago Exited (0) 58 minutes ago gloomy_jang
9cdb405e0e0b httpd "httpd-foreground" About an hour ago Exited (0) About an hour ago adoring_fermi
[root@kvm2 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7dc69d4edbcc httpd "httpd-foreground" 12 minutes ago Exited (0) 11 minutes ago gloomy_jang
[root@kvm2 ~]# docker start 7dc69d4edbcc
7dc69d4edbcc
[root@kvm2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d3eae263c005 d6d9ec2e67f1 "supervisord -n" 17 hours ago Up 3 seconds 22/tcp, 443/tcp, 0.0.0.0:8075->80/tcp backstabbing_booth
[root@kvm2 ~]# docker exec d3e ls /var/www/html
phpinfo.php
[root@kvm2 ~]# cat co.php
<?php
echo "今天是 " . date("Y/m/d") . "<br>";
echo "今天是 " . date("Y.m.d") . "<br>";
echo "今天是 " . date("Y-m-d") . "<br>";
echo "今天是 " . date("l");
?>
[root@kvm2 ~]# docker cp co.php d3eae263c005cb34c74b4bceb834eb1e08a341a8c56d3563e026400ac0eb3764:/var/www/html/
[root@kvm2 ~]# docker exec d3e ls /var/www/html
co.php
phpinfo.php
只要复制进去,即刻生效,即使docker stop d3e,然后再docker start d3e也还是生效的
然后浏览器访问下面的地址返回是正常的。
http://192.168.1.22:8075/co.php
提交的作用是以刚才修改后的容器为蓝本,重新生成一个本地镜像
[root@kvm2 ~]# docker commit d3eae263c005cb34c74b4bceb834eb1e08a341a8c56d3563e026400ac0eb3764 lamp
c11ac41e64b6bdc85edac4ce57d786d3622d7d75b5d36651a7c0120d8ced3e54
[root@kvm2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
lamp latest c11ac41e64b6 7 seconds ago 554.1 MB
nickistre/centos-lamp latest 4f5630df2cde 22 minutes ago 554.1 MB
<none> <none> 241befbcd605 26 minutes ago 554.1 MB
<none> <none> 915e007c5e90 17 hours ago 554.1 MB
docker.io/httpd latest 6bce6ad2c6a9 8 days ago 198.5 MB
docker.io/nickistre/centos-lamp latest d6d9ec2e67f1 4 weeks ago 538.4 MB
<none> <none> 39843ad887c7 14 months ago 0 B
1091 docker run -d -p 8654:80 lamp
1092 docker ps
1093 docker port 0bc
1094 docker exec 0bc ls /var/www/html
[root@kvm2 ~]# docker run -it lamp bash
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
[root@60b5f3dd1074 /]# passwd
Changing password for user root.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@60b5f3dd1074 /]# exit
exit
[root@kvm2 ~]# docker run httpd
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
[Wed Jun 15 08:22:23.630259 2016] [mpm_event:notice] [pid 1:tid 140015674001280] AH00489: Apache/2.4.20 (Unix) configured -- resuming normal operations
[Wed Jun 15 08:22:23.630341 2016] [core:notice] [pid 1:tid 140015674001280] AH00094: Command line: 'httpd -D FOREGROUND'
运行一次run,就会生成一个新的容器,然后就可以对这个容器进行start,stop等操作
[root@kvm2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
588dd2b3b8a1 httpd "httpd-foreground" 2 minutes ago Up 2 minutes 80/tcp fervent_brown
63deabe2d1a8 httpd "httpd-foreground" 7 minutes ago Up 2 minutes 80/tcp angry_bohr