Docker采用Linux(内核)技术,所以只能运行在linux上,
1. Boot2Docker是一个专为Docker而设计的轻量级linux发型包
docker.repo 1.8 yum源
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
wget http://mirrors.aliyun.com/repo/epel-7.repo
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
wget http://mirrors.aliyun.com/repo/Centos-7.repo
yum安装:
yum install audit-libs-python checkpolicy libcgroup libseccomp libsemanage-python policycoreutils-python python-IPy setools-libs
下载docker
网址: https://yum.dockerproject.org/repo/main/centos/7/Packages/
docker-engine-selinux-1.9.1-1.el7.centos.src.rpm
docker-engine-selinux-1.9.1-1.el7.centos.noarch.rpm
docker-engine-1.9.1-1.el7.centos.x86_64.rpm
设置开机启动docker daemon进程
systemctl start docker.service
systemctl enable docker.service
systemctl grep docker 查看docker进程状态
关闭firewalld.service,使用iptables 进行端口转发
systemctl stop firewalld.service
yum -y install iptables-service
systemctl enable iptables
systemctl start iptables.service
配置 Docker 加速器
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f71f084d.m.daocloud.io
vim /usr/lib/systemd/system/docker.service
[Service]
Type=notify
ExecStart=/usr/bin/docker daemon --registry-mirror=http://f71f084d.m.daocloud.io --registry-mirror=http://f71f084d.m.daocloud.io -H fd:// -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375 --selinux=enab
le=true
查看docker信息
docker info
查看docker 版本号
docker version
查看docker虚拟网桥
ip a 172.17.21.1
Docker配置文件与日志
/etc/sysconfig/docker
docker 基础命令讲解
搜索java image镜像
docker search java
下载java镜像
docker pull java
查看镜像
docker images
启动容器
docker run
docker run -it java java -version
java -version java 镜像是查看java版本号
docker run -it java ps #ps java镜像查看系统进程
docker run -it java uname #
停止容器
docker stop CONTINER_ID
查看容器
docker ps
进入容器 docker exec | docker attach
删除镜像
docker rm
创建一个nginx容器
docker run -d --name docker_test1 nginx
(-d 放置在后台) (起一个名) (镜像)
启动容器
docker start docker_test1
进入镜像
找出容器的pid
pidnumber=`docker inspect --format {{.State.Pid}} docker-test1`
通过nsenter 进入到容器中
nsenter -t $pidnumber -m -u -i -n -p
docker网络访问
创建一个新nginx容器,映射端口,
-P创建随机端口
docker run -d -P --name docker_test1 nginx
-p 创建指定端口 -p 91是物理机的端口,80是容器nginx的80端口
docker run -d -p 91:80 --name docker_test1 nginx
docker数据管理
数据卷
-v /data
-v1 src:dst
例子:-h 指定容器的主机名 ,-v /data指定数据卷
docker run -d --name volume-test1 -h nginx -v /data nginx(镜像名称)
/data目录的位置:
/var/lib/docker/volumes/040716b521d6e1131cff84d6bb39b5d05f083b24650c983f0010385355133d4e/_data
例子:-h 指定容器的主机名 ,-v /opt 挂载到 本地的/opt目录下
docker run -d --name volume-test2 -h nginx -v /opt:/opt nginx
docker run -d --name volume-test2 -h nginx -v /opt:/opt:ro nginx 只读操作
数据卷容器
--volumes-from
docker run -d --name volume-test3 --volumes-from volume-test1(挂载到另一个容器中) nginx
docker 手动构建镜像
docker run -it --name "centos-nginx-image" centos
yum -y install wget vim gcc lrzsz gcc-c++ make openssl-devel net-tools
rz nginx.tar.gz pcre.tar.gz zlib.tar.gz
useradd -s /sbin/nologin -M www
echo "daemon off;" >>/usr/local/nginx/config/nginx.conf
docker commit -m "my nginx" 5be52c11a1cc fengjian/my-nginx:v1
docker images #查看nginx 镜像
查看到新镜像后可以run起来
docker run -d --name "nginx_start-10000" -p 10000:80 fengjian/my-nginx:v1 /usr/local/nginx/sbin/nginx
dockerfile 手动构建镜像
1. 基础镜像信息
2. 维护者信息
3. 镜像操作指令
4. 容器启动时执行指令
mkdir /opt/docker-file
cd /opt/docker-file
mkdir nginx
cd nginx
vim Dockerfile
#This is my first Dockerfile
#version
#Auther: fengjian
#Base image
FROM centos
# MAINTAINER
MAINTAINER fengjian
#ADD
ADD nginx-1.11.2.tar.gz /usr/local/src
ADD pcre-8.39.tar.gz /usr/local/src
ADD zlib-1.2.8.tar.gz /usr/local/src
#RUN
RUN yum -y install wget vim gcc lrzsz gcc-c++ make openssl-devel net-tools
RUN useradd -s /sbin/nologin -M www
#cd
WORKDIR /usr/local/src/nginx-1.11.2
#RUN
RUN ./configure --prefix=/data/nginx --with-http_flv_module --with-http_ssl_module --with-pcre=/root/pcre-8.39 --with-zlib=/root/zlib-1.2.8 --with-http_stub_status_module --with-http_gzip_static_module &&make &&make install
RUN echo "daemon off" >>/usr/local/nginx/config/nginx.conf
ENV PAHT /usr/local/nginx/sbin:$PATH
#映射端口
EXPOSE 80
#CMD
CMD ["nginx"]
构建nginx-file:v1镜像
docker build -t nginx-file:v1 /opt/docker-file/nginx/
启动新容器
docker run -d --name nginx_new2 -p 10001:80 nginx-file:v1 /usr/local/nginx/sbin/nginx
linux路由机制打通网络
linux 192.168.20.2 , docker0 172.16.0.1/16
修改docker0 ip 地址
vim /usr/lib/systemd/system/docker.service
systemctl reload docker.service
systemctl daemon-reload
docker资源隔离 使用linux LXC容器技术,主要是使用namespace(命名空间)
kernel namespace(资源隔离) 分为
1.PID,通过pid 隔离,容器有自己独立的进程表和1号进程
2.net,通过网络隔离,容器有自己独立的network info
3.ipc,进程间的交互方法,在ipc通信时,需要加入额外信息来标识进程
4.mnt, 类似chroot,每个容器有自己唯一的目录挂载
5.uts, 可以让容器拥有自己的hostname 和domain
6.user, 可以拥有不通的用户,组
资源限制 cgroup
1.cpu
2.内存
压力测试工具:
stress
启动2个容器:使用50%的cpu
docker run -it --rm -c 512 stress stress -c 2
docker run -it --rm -c 512 stress stress -c 2
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4788 root 20 0 7264 96 0 R 50.2 0.0 0:43.66 stress
4789 root 20 0 7264 96 0 R 50.2 0.0 0:43.84 stress
4851 root 20 0 7264 96 0 R 49.8 0.0 0:16.63 stress
4852 root 20 0 7264 96 0 R 49.8 0.0 0:16.59 stress
创建一个cpu的容器
docker run -it --rm --cpuset-cpus=0(指的第一个cpu) stress(镜像)
创建一个内存为128M的容器
docker run -it --rm -m 128M stress
docker网络模式
docker 私有仓库
docker pull registry 下载
docker run -d registry 自动私有仓库
docker images
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
stress latest d479eba2ad76 About an hour ago 550.7 MB
nginx-file v1 fb05f5d0259b 2 hours ago 593.6 MB
fengjian/my-nginx v1 475ede051e43 2 hours ago 597.1 MB
centos latest 3adb35bd19ee 2 weeks ago 196.7 MB
registry latest e26bb2bff6c0 2 weeks ago 33.28 MB
nginx latest 17f9cd8d84c5 11 weeks ago 182.7 MB
docker tag nginx 192.168.124.128/test/nx:v1
docker push 192.168.124.128/test/nx:v1
系统版本
[root@bogon ~]# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
docker版本
[root@bogon ~]# docker --version
Docker version 1.7.1, build 446ad9b/1.7.1
错误信息
[root@bogon ~]# docker pull dl.dockerpool.com:5000/ubuntu:12.04
Error response from daemon: invalid registry endpoint https://dl.dockerpool.com:5000/v0/: unable to ping registry endpoint https://dl.dockerpool.com:5000/v0/
v2 ping attempt failed with error: Get https://dl.dockerpool.com:5000/v2/: tls: oversized record received with length 28012
v1 ping attempt failed with error: Get https://dl.dockerpool.com:5000/v1/_ping: tls: oversized record received with length 28012. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry dl.dockerpool.com:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/dl.dockerpool.com:5000/ca.crt
[root@bogon ~]#
解决办法:
修改/etc/sysconfig/docker文件,增加如下信息
OPTIONS='--selinux-enabled --insecure-registry dl.dockerpool.com:5000'
重启docker服务并重新下载
[root@bogon ~]# systemctl restart docker.service
[root@bogon ~]# docker pull dl.dockerpool.com:5000/ubuntu:12.04
Trying to pull repository dl.dockerpool.com:5000/ubuntu ...
0b310e6bf058: Download complete
511136ea3c5a: Download complete
5f18d94c3eca: Download complete
53db23c604fd: Download complete
9f045ea36057: Download complete
d03a1a9d7555: Download complete
30868777f275: Download complete
Status: Downloaded newer image for dl.dockerpool.com:5000/ubuntu:12.04