标签:虚拟化 云计算 openstack kvm docker
1、docker简介
docker通过内核虚拟化技术(namespace及cgroups等)来提供容器的资源隔离与安全保障等,由于docker通过操作系统层的虚拟化实现隔离,所以docker容器在运行时,不需要类似虚拟机额外的操作系统开销,提供资源利用率
2、docker vs kvm
3、docker组件
镜像、容器、仓库
4、docker安装
[root@docker ~]#tee /etc/yum.repos.d/docker.repo <<-‘EOF‘ [dockerrepo] name=Docker Repository baseurl=https://yum.dockerproject.org/repo/main/centos/7/ enabled=1 gpgcheck=1 gpgkey=https://yum.dockerproject.org/gpg EOF [root@docker ~]# yum install docker-engine -y
5、docker基础操作
[root@docker ~]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker ~]# systemctl start docker.service
[root@docker ~]#
[root@docker ~]# docker pull centos #拉取镜像
[root@docker ~]# docker pull daocloud.io/library/nginx
有时候拉取速度很慢,采用国内源加速
root@docker ~]# vim /usr/lib/systemd/system/docker.service 增加下面这行
EnvironmentFile=/etc/sysconfig/docker
新建配置文件[root@docker ~]# vim /etc/sysconfig/docker
在https://dashboard.daocloud.io/ 注册,然后点击加速器生成加速链接
OPTIONS=--registry-mirror=curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s
[root@docker ~]# docker search nginx #搜索镜像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0584b3d2cf6d 2 weeks ago 196.5 MB
导出镜像
[root@docker ~]# docker save -o nginx.tar daocloud.io/library/nginx
[root@docker ~]# docker save -o cnetos.tar centos
导入镜像
[root@docker ~]# docker load --input cnetos.tar 或者 [root@docker ~]# docker load < cnetos.tar
删除镜像
[root@docker ~]# docker rmi 0584b3d2cf6d (镜像ID)
[root@docker ~]# docker run centos /bin/echo "Hello world"
Hello world
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e381e68a385 centos "/bin/echo ‘Hello wor" 6 seconds ago Exited (0) 5 seconds ago clever_lamarr
[root@docker ~]# docker run --name mydocker -t -i centos /bin/bash
[root@1a67f4c92b6e /]#
[root@1a67f4c92b6e /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 18:56 ? 00:00:00 /bin/bash
root 14 1 0 18:56 ? 00:00:00 ps -ef
[root@1a67f4c92b6e /]# exit
exit
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1a67f4c92b6e centos "/bin/bash" 12 minutes ago Exited (0) 6 seconds ago mydocker
5e381e68a385 centos "/bin/echo ‘Hello wor" 16 minutes ago Exited (0) 16 minutes ago clever_lamarr
[root@docker ~]# docker run --name docker-demo -d centos /bin/bash -d代表放入后台执行
6c5a777467b9552714f9cd3322e677750e2b8b5b0bd2d81e79094ad560828a5e
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6c5a777467b9 centos "/bin/bash" 11 seconds ago Exited (0) 11 seconds ago docker-demo
1a67f4c92b6e centos "/bin/bash" 17 minutes ago Exited (0) 4 minutes ago mydocker
5e381e68a385 centos "/bin/echo ‘Hello wor" 21 minutes ago Exited (0) 21 minutes ago clever_lamarr
[root@docker ~]# docker stop mydocker 停止容器
[root@docker ~]# docker start 1a67f4c92b6e 启动容器
[root@docker ~]# docker run -d --name mynginx daocloud.io/library/nginx
225a9b0459630c62dcf2199d6244b16a74ad9412471abf0be03755768df3ae63
[root@docker ~]#
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
225a9b045963 daocloud.io/library/nginx "nginx -g ‘daemon off" 6 seconds ago
Up 5 seconds 80/tcp, 443/tcp mynginx
进入容器脚步
[root@docker ~]# cat docker_in.sh
#!/bin/bash
docker_in(){
NAME_ID=$1
PID=$(docker inspect --format "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $16、docker网络
root@docker ~]# docker run -d -P --name nginx-test1 daocloud.io/library/nginx 9b1d36d40127fe2c84bbe7750802e435a817a15b4159b24fc49bfb1107a2cb74 [root@docker ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9b1d36d40127 daocloud.io/library/nginx "nginx -g ‘daemon off" 2 minutes ago Up 2 minutes 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp nginx-test1 [root@docker ~]# netstat -lntup|grep 32768 tcp6 0 0 :::32768 :::* LISTEN 11213/docker-proxy [root@docker ~]# curl -I http://172.16.80.132:32769 HTTP/1.1 200 OK Server: nginx/1.11.5 Date: Thu, 24 Nov 2016 05:58:47 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 11 Oct 2016 15:03:01 GMT Connection: keep-alive ETag: "57fcff25-264" Accept-Ranges: bytes 转换前 [root@docker ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0 DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 转换后 [root@docker ~]# docker run -d -P --name nginx-test1 daocloud.io/library/nginx 42783cf5053639383004f82b9e72fe0223c7c028d2754b2d0f74429824715f05 [root@docker ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 42783cf50536 daocloud.io/library/nginx "nginx -g ‘daemon off" 9 seconds ago Up 7 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp nginx-test1 [root@docker ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0 DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:80 Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 [root@docker ~]# sh docker_in.sh nginx-test1 root@42783cf50536:/# root@42783cf50536:/# root@42783cf50536:/# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:2/64 scope link valid_lft forever preferred_lft forever
7、docker数据存储
[root@docker ~]# docker run -d --name nginx-volume-test1 -v /data daocloud.io/library/nginx 88b24d79a4f3b021325592ceac20e86291166d675b213d60db017548c4d9d960 [root@docker ~]# sh docker_in.sh nginx-volume-test1 root@88b24d79a4f3:/# cd /data/ root@88b24d79a4f3:/data# ls root@88b24d79a4f3:/data# touch hehe root@88b24d79a4f3:/data# ls -l total 0 -rw-r--r-- 1 root root 0 Nov 24 06:30 hehe [root@docker ~]# cd /var/lib/docker/ [root@docker docker]# ll total 32 drwx------ 6 root root 4096 Nov 24 14:28 containers drwx------ 5 root root 4096 Nov 24 02:05 devicemapper drwx------ 3 root root 4096 Nov 24 01:20 image drwxr-x--- 3 root root 4096 Nov 24 01:20 network drwx------ 2 root root 4096 Nov 24 01:20 swarm drwx------ 2 root root 4096 Nov 24 10:09 tmp drwx------ 2 root root 4096 Nov 24 01:20 trust drwx------ 3 root root 4096 Nov 24 14:28 volumes [root@docker docker]# cd volumes/ [root@docker volumes]# ls 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60 metadata.db [root@docker volumes]# cd 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60/ [root@docker 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# ls _data [root@docker 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# cd _data/ 容器内的文件实际在物理机上面的的保存目录 [root@docker _data]# ls hehe [root@docker ~]# docker run -d --name nginx-volume-test2 -v /data/mysql:/mysql daocloud.io/library/nginx f7278ce9bd88c26a0c5aaefcb2b39f1f9df0066bc94edb7a530213815e166f5e #-v /data/mysql:/mysql 表示把物理机的/data/mysql目录挂载到容器内的/mysql目录下面 [root@docker ~]# docker run -d --name nginx-volumes -v /data/mysql:/mysql daocloud.io/library/nginx 28c616e44352fc4eafeb2f87dbbb7b6eb9df447235afe027034efa96df1c5071 [root@docker ~]# [root@docker ~]# docker run -d --name web-node1 --volumes-from nginx-volumes daocloud.io/library/nginx 0f022ce56e8b800cb1a4ac76bb8a326d42e198093146e8661ad3ac8925ad317d [root@docker ~]# [root@docker ~]# docker run -d --name web-node2 --volumes-from nginx-volumes daocloud.io/library/nginx 03d5e88c15f6604eeee2b8af500b8f356ba69adc34710f3c19b813530f19dc3d
本文出自 “厚德载物” 博客,谢绝转载!
标签:虚拟化 云计算 openstack kvm docker
原文地址:http://huaxin.blog.51cto.com/903026/1876681
