zoukankan      html  css  js  c++  java
  • docker2

    https://github.com/docker/distribution

    daocloud

    数人云

    时速云

    http://jpetazzo.github.io/2014/06/23/docker-ssh-considered-evil/  容器为什么不用ssh去连接

    https://github.com/jpetazzo/nsenter  同上

    https://segmentfault.com/a/1190000002931564  Docker 环境 Storage Pool 用完解决方案:resize-device-mapper

    http://www.oschina.net/news/57894/daocloud

    http://blog.csdn.net/qinyushuang/article/details/43342553  Docker学习笔记(3)-- 如何使用Dockerfile构建镜像

    http://geek.csdn.net/news/detail/35121      docker镜像

    http://www.csdn.net/article/2014-11-18/2822693  镜像与容器分析

    http://www.blogjava.net/yongboy/archive/2013/12/12/407498.html  Docker学习笔记之一,搭建一个JAVA Tomcat运行环境

    DOCKER_STORAGE_OPTIONS=-s devicemapper --storage-opt dm.datadev=/home/dock-data --storage-opt dm.metadatadev=/home/dock-meta

    为了解决报错,要设置以上变量

    结果却明白了字符设备与块设备的区别,以上创建的是一个普通文件,也就是一个字符设备,

    [root@docker1 ~]# docker run busybox /bin/echo Hello Docker
    Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-optl dm.no_warn_on_loop_devices=true` to suppress this warning.



    The warning message occurs because your Docker storage configuration is using a "loopback device" -- a virtual block device such as /dev/loop0 that is actualled backed by a file on your filesystem. This was never meant as anything more than a quick hack to get Docker up and running quickly as a proof of concept.

    You don't want to suppress the warning; you want to fix your storage configuration such that the warning is no longer issued. The easiest way to do this is to assign some local disk space for use by Docker's devicemapper storage driver and use that.

    If you're using LVM and have some free space available on your volume group, this is relatively easy. For example, to give docker 100G of space, first create a data and metadata volume:

    # lvcreate -n docker-data -L 100G /dev/my-vg
    # lvcreate -n docker-metadata -L1G /dev/my-vg

    And then configure Docker to use this space by editing /etc/sysconfig/docker-storage to look like:

    DOCKER_STORAGE_OPTIONS=-s devicemapper --storage-opt dm.datadev=/dev/my-vg/docker-data --storage-opt dm.metadatadev=/dev/my-vg/docker-metadata

    If you're not using LVM or don't have free space available on your VG, you could expose some other block device (e.g., a spare disk or partition) to Docker in a similar fashion.



    DOCKER_STORAGE_OPTIONS=-s devicemapper --storage-opt dm.datadev=/home/dock-data --storage-opt dm.metadatadev=/home/dock-meta

    [root@kvm1 docker]# touch  dock-data
    [root@kvm1 docker]# touch dock-meta
    [root@kvm1 docker]# systemctl start docker
    [root@kvm1 docker]# systemctl status docker -l
    docker.service - Docker Application Container Engine
       Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
       Active: inactive (dead) since Thu 2016-06-16 21:09:37 CST; 7s ago
         Docs: http://docs.docker.com
      Process: 9190 ExecStart=/bin/sh -c /usr/bin/docker-current daemon $OPTIONS            $DOCKER_STORAGE_OPTIONS            $DOCKER_NETWORK_OPTIONS            $ADD_REGISTRY            $BLOCK_REGISTRY            $INSECURE_REGISTRY            2>&1 | /usr/bin/forward-journald -tag docker (code=exited, status=0/SUCCESS)
     Main PID: 9190 (code=exited, status=0/SUCCESS)

    Jun 16 21:09:36 kvm1.zf.com systemd[1]: Starting Docker Application Container Engine...
    Jun 16 21:09:36 kvm1.zf.com forward-journal[9194]: Forwarding stdin to journald using Priority Informational and tag docker
    Jun 16 21:09:37 kvm1.zf.com forward-journal[9194]: time="2016-06-16T21:09:37.023360992+08:00" level=error msg="Error getblockdevicesize: inappropriate ioctl for device"
    Jun 16 21:09:37 kvm1.zf.com forward-journal[9194]: time="2016-06-16T21:09:37.023710458+08:00" level=fatal msg="Error starting daemon: error initializing graphdriver: Can't get data size Can't get block size"
    Jun 16 21:09:37 kvm1.zf.com systemd[1]: Started Docker Application Container Engine.



    Jun 16 21:08:12 kvm1.zf.com forward-journal[9050]: Forwarding stdin to journald using Priority Informational and tag docker
    Jun 16 21:08:12 kvm1.zf.com forward-journal[9050]: time="2016-06-16T21:08:12.586347689+08:00" level=fatal msg="Error starting daemon: error initializing graphdriver: open /home/docker/dock-data: is a directory"

    构建镜像

    构建镜像的两种方法:
        使用docker commit 命令
        使用docker build命令和Dockerfile文件
    Dockerfile更抢到、灵活,推荐使用。
    一般来说不是真的“创建”新镜像,而是基于一个已有的基础镜像,比如Ubuntu、Fedora等,构建新的镜像而已。从零构建一个全新的镜像可参考这篇文章
    https://docs.docker.com/engine/userguide/eng-image/baseimages/  从头构建镜像--create a base image

    运行,修改,保存镜像,然后上传到私服上,就可以作为公共镜像来被下载使用了。
    1261 docker run -it centos bash
    1263 docker ps -l
    1264 docker commit 949 centos-man
    1265 docker images

     镜像地址

    echo “DOCKER_OPTS=”$DOCKER_OPTS –registry-mirror=http://your-id.m.daocloud.io -d”” >> /etc/default/docker



    sudo sed -i 's|other_args="|other_args="--registry-mirror=http://a984be05.m.daocloud.io |g' /etc/sysconfig/docker
    sudo sed -i "s|OPTIONS='|OPTIONS='--registry-mirror=http://a984be05.m.daocloud.io |g" /etc/sysconfig/docker
    sudo sed -i 'N;s|[Service] |[Service] EnvironmentFile=-/etc/sysconfig/docker |g' /usr/lib/systemd/system/docker.service
    sudo sed -i 's|fd://|fd:// $other_args |g' /usr/lib/systemd/system/docker.service

    sudo systemctl daemon-reload
    sudo service docker restart

     搭建私服

    http://lishaofengstar.blog.163.com/blog/static/131972852201411585441354/
    这篇博客讨论了如何部署一个带 SSL 加密、HTTP 验证并有防火墙防护的私有 Docker Registry 。Docker Registry是一个存储和分享 Docker 镜像的服务。本文中我们使用的操作系统是 Ubuntu,任何支持 Upstart 的系统都可以。我们用 Nginx 作为 Docker Registry 的前端代理服务器,同时也用 Nginx 完成 SSL 加密和基本的 HTTP 验证。我们用 Gunicorn 运行 Docker Registry 并用 Upstart 管理 Gunicorn。我们还用 Redis 实现一个 LRU(Least Recently Used,近期最少使用算法) 缓存机制来减少 Docker Registry 和硬盘之间的数据存取。

    https://github.com/docker/distribution/blob/master/docs/deploying.md

    $ docker pull samalba/docker-registry $ docker run -d -p 5000:5000 samalba/docker-registry # 我们先pull下来一个简单的镜像(或者自己做一个也可以) $ docker pull busybox $ docker tag busybox localhost:5000/busybox $ docker push localhost:5000/busybox



    https://segmentfault.com/a/1190000000801162
    docker-registry既然也是软件应用,自然最简单的方法就是使用官方提供的已经部署好的镜像registry。官方文档中也给出了建议,直接运行sudo docker run -p 5000:5000 registry命 令。这样确实能启动一个registry服务器,但是所有上传的镜像其实都是由docker容器管理,放在了/var/lib/docker/....某 个目录下。而且一旦删除容器,镜像也会被删除。因此,我们需要想办法告诉docker容器镜像应该存放在哪里。registry镜像中启动后镜像默认位置 是/tmp/registry,因此直接映射这个位置即可,比如到本机的/opt/data/registry目录下。

    [root@kvm2 mnt]# docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry


    先做一个私服,顺便就启动了。通过下面的docker ps可以看到。 [root@kvm2 mnt]# docker run -d -p 5000:5000 --restart=always --name registry registry:2 Unable to find image 'registry:2' locally Trying to pull repository docker.io/library/registry ... 2: Pulling from library/registry 17bd2058e0c6: Pull complete 3f0d3d140ce1: Pull complete 47339bdfc690: Pull complete 03a7f8ec3d4f: Pull complete d2501a6dc689: Pull complete 9ca18bbd0cd5: Pull complete dd0dda9b2298: Pull complete 79ec4549598b: Pull complete 5d322e774cf2: Pull complete Digest: sha256:c5455f3918e5235e641bb6d8dc8ff0780df197d5df12c589bf0c283e25fc0650 Status: Downloaded newer image for docker.io/registry:2 cf3554af4427c2700fbc2ffecf02332cf4087dd07c8da53ebf0dd54db9d2323a Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning. [root@kvm2 mnt]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cf3554af4427 registry:2 "/bin/registry serve " 10 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp registry 查看镜像,多了个registry:2 [root@kvm2 mnt]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos-man latest 44cc4eec11d1 About an hour ago 282.4 MB docker.io/registry 2 5d322e774cf2 7 days ago 171.5 MB docker.io/httpd latest 6bce6ad2c6a9 9 days ago 198.5 MB docker.io/centos latest a65193109361 2 weeks ago 196.7 MB 将本地的centos-man打标为man
    为需要push到私有registry的image打tag [root@kvm2 mnt]# docker tag centos-man localhost:5000/man [root@kvm2 mnt]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE localhost:5000/man latest 44cc4eec11d1 About an hour ago 282.4 MB centos-man latest 44cc4eec11d1 About an hour ago 282.4 MB docker.io/registry 2 5d322e774cf2 7 days ago 171.5 MB docker.io/httpd latest 6bce6ad2c6a9 9 days ago 198.5 MB docker.io/centos latest a65193109361 2 weeks ago 196.7 MB 然后将本地的man推送到私服里 [root@kvm2 mnt]# docker push localhost:5000/man The push refers to a repository [localhost:5000/man] (len: 1) 44cc4eec11d1: Pushed a65193109361: Pushed df0fc3863fbc: Pushed latest: digest: sha256:9b95cacf2aa3a4fb25ed897dd7233cd135708d527cde54d86119e221a7f8201f size: 4621
    docker1上命令顺序
    存储
    制作本地其他分区存储或VG,而不使用loop设备
    [root@localhost ~]# vi /usr/lib/docker-storage-setup/docker-storage-setup
    [root@localhost ~]# docker-storage-setup

    镜像
    sed -i "s|OPTIONS='|OPTIONS='--registry-mirror=http://a984be05.m.daocloud.io |g" /etc/sysconfig/docker
    systemctl restart docker

    私服
    docker run -d -p 5000:5000 --restart=always --name registry registry:2
    docker pull httpd
       31  docker run -p 8076:80 -d -it httpd
       35  docker exec eb7 ls /usr/local/apache2/htdocs
       37  docker cp index.html eb7:/usr/local/apache2/htdocs
       38  docker commit eb7 httpd-gai
       39  docker images
       40  docker ps
       41  docker tag httpd-gai localhost:5000/gai
       42  docker ps
       43  docker images
       44  docker push localhost:5000/gai
    docker2上命令顺序
    制作本地其他分区存储或VG,而不使用loop设备
    [root@localhost ~]# vi /usr/lib/docker-storage-setup/docker-storage-setup 
    [root@localhost ~]# docker-storage-setup

    以下是在另外一个机器上拉取pull刚才在上面主机上发布push的镜像 先修改下面这个文件,去掉注释,加入ip,因为使用的是https [root@my graph]# vi /etc/sysconfig/docker INSECURE_REGISTRY='--insecure-registry 192.168.1.22:5000' 然后再拉取,运行,修改文件,浏览器测试访问, [root@my graph]# docker pull 192.168.1.22:5000/man
      698  docker run -d -p 7965:80 192.168.10.112:5000/gai
      699  docker ps
      700  ip addr
      701  docker ps
      702  vi index.html
      703  docker cp index.html 8d0:/usr/local/apache2/htdocs

    看json格式文件用cat json |python -mjson.tool

    [root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]# pwd
    /var/lib/docker/graph/1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e
    [root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]# cat json |python -mjson.tool { "container_config": { "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": [ "/bin/sh -c #(nop) MAINTAINER The CentOS Project <cloud-ops@centos.org>" ], "Domainname": "", "Entrypoint": null, "Env": null, "Hostname": "", "Image": "", "Labels": null, "OnBuild": null, "OpenStdin": false, "StdinOnce": false, "Tty": false, "User": "", "Volumes": null, "WorkingDir": "" }, "created": "2015-09-07T19:05:48.678585881Z", "layer_id": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4" } [root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]# cat json {"container_config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh -c #(nop) MAINTAINER The CentOS Project u003ccloud-ops@centos.orgu003e"],"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2015-09-07T19:05:48.678585881Z","layer_id":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"}[root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]#
    [root@kvm2 graph]# docker images -tree
    flag provided but not defined: -tree
    See '/usr/bin/docker-current images --help'.
    
    
    [root@kvm2 graph]# ll
    total 0
    drwx------ 2 root root 93 Jun 17 14:30 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e
    drwx------ 2 root root 93 Jun 17 15:00 a3d54b467fad81f4b33c161c8a227c66cb45733ba5bbfdd971942083e6c666c7
    drwx------ 2 root root 93 Jun 17 15:00 a65193109361c1c55a0baa79c2167ec417b977f284b3358f4d50b81e22f84ec5
    drwx------ 2 root root 93 Jun 17 15:00 df0fc3863fbc60ba8576521b1ecb89133e66941ceef9b57716ccda2454c9e6fc
    drwx------ 2 root root  6 Jun 17 15:00 _tmp

    总共4层,一层依赖于一层 [root@kvm2 graph]# docker images -a REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE docker.io/centos latest a65193109361 2 weeks ago 196.7 MB <none> <none> a3d54b467fad 2 weeks ago 196.7 MB <none> <none> df0fc3863fbc 2 weeks ago 196.7 MB <none> <none> 1544084fad81 9 months ago 0 B

    最后,当从一个镜像启动容器时,Docker会在该镜像的最顶层加载一个读写文件系统。我们想在Docker中运行的程序就是在这个读写层中执行的。
    从上面我们可以知道容器的writable 层是保存在以容器ID为名的长ID目录里的,而ID+init后缀目录是保存容器的初始信息的。
    构建镜像中很重要的一环就是如何共享和发布镜像。可以将镜像推送到Docker Hub或者用户自己的私有Registry中。为了完成这项工作,需要在Docker Hub上创建一个账号

    [root@kvm2 docker]# docker-storage-setup
    ERROR: Docker has been previously configured for use with devicemapper graph driver. Not creating a new thin pool as existing docker metadata will fail to work with it. Manual cleanup is required before this will succeed.
    INFO: Docker state can be reset by stopping docker and by removing /var/lib/docker directory. This will destroy existing docker images and containers and all the docker metadata.
    [root@kvm2 docker]# docker images
    
    [root@kvm2 lib]# systemctl stop docker
    [root@kvm2 lib]# rm -rf /var/lib/docker/
    
    [root@kvm2 lib]# docker-storage-setup
      Rounding up size to full physical extent 956.00 MiB
      Volume group "centos" has insufficient free space (16 extents): 239 required.
    [root@kvm2 lib]# vgdisplayr
      --- Volume group ---
      VG Name               centos
      System ID
      Format                lvm2
      Metadata Areas        1
      Metadata Sequence No  4
      VG Access             read/write
      VG Status             resizable
      MAX LV                0
      Cur LV                3
      Open LV               3
      Max PV                0
      Cur PV                1
      Act PV                1
      VG Size               931.02 GiB
      PE Size               4.00 MiB
      Total PE              238341
      Alloc PE / Size       238325 / 930.96 GiB
      Free  PE / Size       16 / 64.00 MiB
      VG UUID               njw2Ue-6opd-mjxl-7wVW-reJE-wAMf-54yF4t

    所以先要留出一些分区空间,才能使用上面的命令,因为docker-storage-setup这个命令要使用块设备。


    [root@localhost ~]# lvremove -v /dev/docker/docker-data
        Using logical volume(s) on command line.
    Do you really want to remove active logical volume docker-data? [y/n]: y
        Removing docker-docker--data (253:2)
        Archiving volume group "docker" metadata (seqno 2).
        Releasing logical volume "docker-data"
        Creating volume group backup "/etc/lvm/backup/docker" (seqno 3).
      Logical volume "docker-data" successfully removed


    如果不修改/usr/lib/docker-storage-setup/docker-storage-setup这个文件的DEVS和VG行,就会出现下面的报错。
    [root@localhost ~]# docker-storage-setup
      Rounding up size to full physical extent 52.00 MiB
      Volume group "centos" has insufficient free space (11 extents): 13 required.

    一定修改/usr/lib/docker-storage-setup/docker-storage-setup这个文件,修改/etc/sysconfig/docker-storage-setup这个文件会报各种问题
    # cat <<EOF > /etc/sysconfig/docker-storage-setup
    DEVS=/dev/vdb
    VG=docker-vg
    EOF

    下面的是给定的VG容量不够的输出。
    [root@localhost ~]# docker-storage-setup
      Rounding up size to full physical extent 52.00 MiB
      Logical volume "docker-poolmeta" created.
    INFO: DATA_SIZE=40%FREE is smaller than MIN_DATA_SIZE=2G. Will create data volume of size specified by MIN_DATA_SIZE.
      Logical volume "docker-pool" created.
      WARNING: Converting logical volume docker/docker-pool and docker/docker-poolmeta to pool's data and metadata volumes.
      THIS WILL DESTROY CONTENT OF LOGICAL VOLUME (filesystem etc.)
      Converted docker/docker-pool to thin pool.
      Logical volume "docker-pool" changed.


    [root@localhost ~]# vi /usr/lib/docker-storage-setup/docker-storage-setup
    [root@localhost ~]# docker-storage-setup
      Rounding up size to full physical extent 24.00 MiB
      Logical volume "docker-poolmeta" created.
      Logical volume "docker-pool" created.
      WARNING: Converting logical volume docker/docker-pool and docker/docker-poolmeta to pool's data and metadata volumes.
      THIS WILL DESTROY CONTENT OF LOGICAL VOLUME (filesystem etc.)
      Converted docker/docker-pool to thin pool.
      Logical volume "docker-pool" changed.

    上面启动好后,fdisk -l 会发现下面的几个卷,而在/var/lib/docker/devicemapper/下面已没有devicemapper子目录,证明没有用/dev/loop0和/dev/loop1两个回环设备。
    Disk /dev/mapper/docker-docker--pool_tmeta: 25 MB, 25165824 bytes, 49152 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes


    Disk /dev/mapper/docker-docker--pool_tdata: 8577 MB, 8577351680 bytes, 16752640 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes


    Disk /dev/mapper/docker-docker--pool: 8577 MB, 8577351680 bytes, 16752640 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 524288 bytes / 524288 bytes


    Disk /dev/mapper/docker-253:0-34783213-a931702e612b6d6e2c6cb63d93f9ae19a5c309e6eb18443e32bf52f01ebabb21: 107.4 GB, 107374182400 bytes, 209715200 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 524288 bytes / 524288 bytes




    [root@localhost lvm]# docker-storage-setup
    ERROR: Found LVM2_member signature on device /dev/vdb at offset 0x218. Wipe signatures using wipefs or use WIPE_SIGNATURES=true and retry.
    [root@localhost lvm]# vi /etc/sysconfig/docker-storage-setup
    [root@localhost lvm]# docker-storage-setup
    INFO: Wipe Signatures is set to true. Any signatures on /dev/vdb will be wiped.
    wipefs: error: /dev/vdb: probing initialization failed: Device or resource busy
    ERROR: Failed to wipe signatures on device /dev/vdb


    [root@localhost ~]# docker-storage-setup
    Checking that no-one is using this disk right now ...
    OK

    Disk /dev/vdb: 104025 cylinders, 16 heads, 63 sectors/track
    sfdisk:  /dev/vdb: unrecognized partition table type

    Old situation:
    sfdisk: No partitions found

    New situation:
    Units: sectors of 512 bytes, counting from 0

       Device Boot    Start       End   #sectors  Id  System
    /dev/vdb1          2048 104857599  104855552  8e  Linux LVM
    /dev/vdb2             0         -          0   0  Empty
    /dev/vdb3             0         -          0   0  Empty
    /dev/vdb4             0         -          0   0  Empty
    Warning: partition 1 does not start at a cylinder boundary
    Warning: partition 1 does not end at a cylinder boundary
    Warning: no primary partition is marked bootable (active)
    This does not matter for LILO, but the DOS MBR will not boot this disk.
    Successfully wrote the new partition table

    Re-reading the partition table ...

    If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)
    to zero the first 512 bytes:  dd if=/dev/zero of=/dev/foo7 bs=512 count=1
    (See fdisk(8).)
      Physical volume "/dev/vdb1" successfully created
      Volume group "docker1" successfully created
    ERROR: Old mode of passing data and metadata logical volumes to docker is not supported. Exiting.

    aufs:
    AUFS (AnotherUnionFS) 是一种Union FS,简单来说就是支持将不同目录挂载到同一个虚拟文件系统下的文件系统。Aufs driver是Docker最早支持的driver,但是aufs只是Linux内核的一个补丁集,而且不太可能会被加入到Linux内核中。但是由于aufs是唯一一个可以实现容器间共享可执行代码和运行库的storage driver,所以当你跑成千上百个拥有相同程序代码或者运行库的时候,aufs是个相当不错的选择。
    
    device mapper:
    Device mapper是Linux 2.6内核中提供的一种从逻辑设备到物理设备的映射框架机制,在该机制下,用户可以很方便的根据自己的需要制定实现存储资源的管理策略。
    Device mapper driver会创建一个100G的简单文件包含你的镜像和容器。每一个容器被限制在10G大小的卷内, 可以调整。
    你可以在启动Docker daemon时用参数-s 指定driver:docker -d -s devicemapper。
    
    Btrfs:
    Btufs driver 在Docker build时可以很高效。但是跟device mapper一样不支持设备间共享存储。

    在没有aufs支持的Linux发行版本上(CentOS、openSUSE等),安装Docker可能就使用了device mapper driver。
    查看你的Linux发行版有没有aufs支持:lsmod | grep aufs


    最后,当从一个镜像启动容器时,Docker会在该镜像的最顶层加载一个读写文件系统。我们想在Docker中运行的程序就是在这个读写层中执行的。
    从上面我们可以知道容器的writable 层是保存在以容器ID为名的长ID目录里的,而ID+init后缀目录是保存容器的初始信息的。
    构建镜像中很重要的一环就是如何共享和发布镜像。可以将镜像推送到Docker Hub或者用户自己的私有Registry中。为了完成这项工作,需要在Docker Hub上创建一个账号

    docker run -d -p 50001:22 ubuntu/ruby:v2 /usr/sbin/sshd -D
    一般容器不开sshd
    
    容器与主机互传文件两种方法:cp与-v
    docker run -d -p 7965:80 192.168.10.112:5000/gai 将主机的目录挂在容器的/mnt下
    #docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry docker run -d -p 7965:80 -v /home/zf/:/mnt 192.168.10.112:5000/gai ./ent.sh 8d0

    [root@my jj]# docker run -v /tmp/vol1 --name="vol2" -it 45b
    [root@my jj]# docker ps -l
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
    3176547d7062        45b                 "bash"              12 seconds ago      Exited (0) 5 seconds ago                       vol2
    [root@my jj]# docker start 317
    317
    [root@my jj]# docker ps
    CONTAINER ID        IMAGE                       COMMAND              CREATED             STATUS              PORTS                  NAMES
    3176547d7062        45b                         "bash"               28 seconds ago      Up 2 seconds                               vol2
    c949de9826f5        192.168.1.22:5000/httpd-b   "httpd-foreground"   24 hours ago        Up 51 minutes       0.0.0.0:7975->80/tcp   jovial_engelbart
    30b3bd502c74        192.168.1.22:5000/httpd-a   "httpd-foreground"   24 hours ago        Up 51 minutes       0.0.0.0:7965->80/tcp   ecstatic_kare
    [root@my ~]# ./aa.sh 317
    Last login: Tue Jun 21 07:45:04 UTC 2016
    [root@3176547d7062 ~]# df -h
    Filesystem                                                                                          Size  Used Avail Use% Mounted on
    /dev/mapper/docker-253:0-67459471-3176547d70627f3a125f734ea145163eceaa367e45ad31534eef86be91d6ae60  100G  306M  100G   1% /
    tmpfs                                                                                               493M     0  493M   0% /dev
    tmpfs                                                                                               493M     0  493M   0% /sys/fs/cgroup
    tmpfs                                                                                               493M     0  493M   0% /run/secrets
    /dev/mapper/centos-root                                                                              48G  2.7G   45G   6% /tmp/vol1
    shm                                                                                                  64M     0   64M   0% /dev/shm

    与容器交互数据的不同方式
    
    有-v方式本机目录与容器目录之间共享数据,查看对比如下
    
    docker run -v /home/ff:/mnt/ -it 45b
    [root@my ff]# cp /root/RanZhi.3.3.zbox_64.tar.gz ./
    [root@my ff]# /root/aa.sh b7d
    Last login: Tue Jun 21 08:00:31 UTC 2016
    [root@b7d745dac2c4 ~]# cd /mnt/
    [root@b7d745dac2c4 mnt]# ls
    RanZhi.3.3.zbox_64.tar.gz  foef  passwd
    
    
    [root@my ff]# cp /root/aa.sh ./
    [root@my ff]# docker exec b7d ls /mnt
    RanZhi.3.3.zbox_64.tar.gz
    aa.sh
    foef
    passwd
    
    
    有-v方式
    docker run -v /tmp/vol1 --name="vol2" -it 45b
    容器里面的路径是/tmp/vol1
    
    [root@my ~]# docker inspect -f '{{.State.StartedAt}}' 317
    2016-06-21T07:43:44.775004038Z
    
    docker inspect -f '{{.Mounts}}' 317
    获取volume在主机中的路径
    touch /var/lib/docker/volumes/81557ef21a02e117585e41dba692a70eed5a9d7d96195679edc397e6dfecd835/_data/eif
    所以只需要往_data这个目录里复制文件即可
    
    数据卷共享,容器之间共享卷。 docker run -it --volumes-from 317 45b 这样会将上面容器317中的/tmp/vol1挂到新容器之中,因为新容器与317容器使用同一个卷,就是
    /var/lib/docker/volumes/81557ef21a02e117585e41dba692a70eed5a9d7d96195679edc397e6dfecd835/_data

    容器启动时没有-v选项,就用docker cp 来处理 [root@my ff]# docker cp /root/RanZhi.3.3.zbox_64.tar.gz c94:/usr/local/apache2/htdocs/ [root@my ff]# docker exec c94 ls /usr/local/apache2/htdocs RanZhi.3.3.zbox_64.tar.gz anaconda-ks.cfg world.sql
    交互脚本
    主要利用nsenter.
    util-linux包中含有nsenter.

    [root@my ~]# ./aa.sh 30b
    nsenter: failed to execute su: No such file or directory
    如果出现上面的报错,只需要将脚本里的su改为/bin/su.原因是容器中的PATH 路径问题,使用/bin/su 即可。


    #!/bin/sh if [ -e $(dirname "$0")/nsenter ]; then # with boot2docker, nsenter is not in the PATH but it is in the same folder NSENTER=$(dirname "$0")/nsenter else NSENTER=nsenter fi if [ -z "$1" ]; then echo "Usage: `basename "$0"` CONTAINER [COMMAND [ARG]...]" echo "" echo "Enters the Docker CONTAINER and executes the specified COMMAND." echo "If COMMAND is not specified, runs an interactive shell in CONTAINER." else PID=$(docker inspect --format "{{.State.Pid}}" "$1") if [ -z "$PID" ]; then exit 1 fi shift OPTS="--target $PID --mount --uts --ipc --net --pid --" if [ -z "$1" ]; then # No command given. # Use su to clear all host environment variables except for TERM, # initialize the environment variables HOME, SHELL, USER, LOGNAME, PATH, # and start a login shell. "$NSENTER" $OPTS su - root else # Use env to clear all host environment variables. "$NSENTER" $OPTS env --ignore-environment -- "$@" fi fi

    c/s本地与远程访问

    vi /etc/sysconfig/docker
    要使远程可以访问就加入-H 0.0.0.0:5555监听端口,否则就只能本地访问。
    要本地与远程同时可以访问就加入-H 0.0.0.0:5555和-H unix:///var/run/docker.sock。
    OPTIONS='-H 0.0.0.0:5555 --registry-mirror=http://a984be05.m.daocloud.io --registry-mirror=http://a984be05.m.daocloud.io --selinux-enabled'

    docker -H 192.168.1.22:5555 images
    docker -H 192.168.1.22:5555 ps

    默认情况下,Docker守护进程会生成一个socket(/var/run/docker.sock)文件来进行本地进程通信,而不会监听任何端口,因此只能在本地使用docker客户端或者使用Docker API进行操作。 如果想在其他主机上操作Docker主机,就需要让Docker守护进程监听一个端口,这样才能实现远程通信。 修改Docker服务启动配置文件,添加一个未被占用的端口号,重启docker守护进程。 # vim /etc/sysconfig/docker OPTIONS='-H 0.0.0.0:5555' # systemctl restart docker 此时发现docker守护进程已经在监听5555端口,在另一台主机上可以通过该端口访问Docker进程了。 # docker -H IP:5555 images 但是我们却发现在本地操作docker却出现问题。 # docker images FATA[0000] Cannot connect to the Docker daemon. Is 'docker -d' running on this host? 这是因为Docker进程只开启了远程访问,本地套接字访问未开启。我们修改/etc/sysconfig/docker,然后重启即可。 # vim /etc/sysconfig/docker OPTIONS='-H unix:///var/run/docker.sock -H 0.0.0.0:5555' # systemctl restart docker 现在本地和远程均可访问docker进程了。
  • 相关阅读:
    java转换CSV文件生成xml格式数据
    HTTP的Form数据的结构
    使用Filter实现静态HTML缓冲(一种折中方法)
    webwork的interceptor来实现ajax功能(buffalo)
    Delphi中DLL的编写和调用(例子)
    用C#实现BHO(Brower Helper Object)
    基于Delphi的VFW视频捕获程序的开发
    关于WebWork2中的中文问题
    tomcat中的几点配置说明
    用Sitemesh控制页面布局
  • 原文地址:https://www.cnblogs.com/createyuan/p/5592207.html
Copyright © 2011-2022 走看看