码迷,mamicode.com
首页 > 其他好文 > 详细

docker1-1

时间:2017-05-11 00:15:15      阅读:560      评论:0      收藏:0      [点我收藏+]

标签:脚本   地址   with   bytes   作用   ping   fips   man   exp   

1).查看内核

[kiosk@miaomiao yum.repos.d]$ uname -r

3.10.0-327.el7.x86_64

 

[kiosk@miaomiao yum.repos.d]$ cat /etc/os-release   ##

NAME="Red Hat Enterprise Linux Server"

VERSION="7.2 (Maipo)"   ##rhel7.2版本

ID="rhel"

ID_LIKE="fedora"

VERSION_ID="7.2"

PRETTY_NAME="Red Hat Enterprise Linux Server 7.2 (Maipo)"

ANSI_COLOR="0;31"

CPE_NAME="cpe:/o:redhat:enterprise_linux:7.2:GA:server"

HOME_URL="https://www.redhat.com/"

BUG_REPORT_URL="https://bugzilla.redhat.com/"

 

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"

REDHAT_BUGZILLA_PRODUCT_VERSION=7.2

REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"

REDHAT_SUPPORT_PRODUCT_VERSION="7.2"

2).docker 容器管理

# docker run -it --name vm1 ubuntu bash  创建容器

# docker ps -a  查看容器状态

# docker attach vm1  连接容器

# docker top vm1  查看容器进程

 

# docker logs vm1 查看容器指令输出 -f 参数可以实时查看

# docker inspect vm1 查看容器详情

# docker stats vm1 查看容器资源使用率

# docker diff vm1 查看容器修改# docker run -d --name vm1 ubuntu bash -c "while true; do echo westos; sleep 1; done"  后台运行

# docker stop vm1 停止容器

# docker start vm1 启动容器

# docker kill vm1 强制干掉容器

# docker restart vm1 重启容器

# docker pause/unpause vm1  暂停/恢复容器

# docker rm vm1  删除容器

# docker export vm1 > vm1.tar  导出容器

# docker import vm1.tar image  导入容器为镜像 image

 

[root@miaomiao Desktop]# docker load -i nginx.tar  ##导入镜像

[root@miaomiao Desktop]# systemctl status docker  ##查看docker状态

● docker.service - Docker Application Container Engine

   Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)

   Active: active (running) since Tue 2017-05-09 10:07:51 CST; 3h 14min ago

     Docs: https://docs.docker.com

 Main PID: 9896 (docker)

   CGroup: /system.slice/docker.service

           └─9896 /usr/bin/docker daemon -H fd:// --bip 192.168.0.222/24 --in...

 

May 09 11:15:40 miaomiao docker[9896]: time="2017-05-09T11:15:40.390826087+...d"

May 09 11:16:06 miaomiao docker[9896]: time="2017-05-09T11:16:06.564389245+...f"

May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.229044064+...0"

May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.275173249+...0"

May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988404710+...]"

May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988436872+...]"

May 09 11:29:58 miaomiao docker[9896]: time="2017-05-09T11:29:58.156325714+08...

May 09 11:31:20 miaomiao docker[9896]: time="2017-05-09T11:31:20.821704586+08...

May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206451035+...]"

May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206484521+...]"

Hint: Some lines were ellipsized, use -l to show in full.

21).docker 参数

[root@miaomiao Desktop]# docker version  ##版本

Client:

 Version:      1.10.3

 API version:  1.22

 Go version:   go1.5.3

 Git commit:   20f81dd

 Built:        Thu Mar 10 15:39:25 2016

 OS/Arch:      linux/amd64

 

Server:

 Version:      1.10.3

 API version:  1.22

 Go version:   go1.5.3

 Git commit:   20f81dd

 Built:        Thu Mar 10 15:39:25 2016

 OS/Arch:      linux/amd64

 

[root@miaomiao Desktop]# docker images  ##查看本地镜像

[root@miaomiao Desktop]# docker run -it --name vm0 ubuntu  ##创建容器vm0

 

root@2f0275b71c7b:/#

root@2f0275b71c7b:/# [root@miaomiao Desktop]#docker attach vm0  ##‘Ctrl + p +q‘在后台运行,attach 连接容器

[root@miaomiao Desktop]# docker run -it ubuntu

root@b2e45a701946:/# [root@miaomiao Desktop]# docker ps -a  ##查看容器状态

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

b2e45a701946        ubuntu              "/bin/bash"         17 seconds ago      Up 14 seconds                           serene_ride

2f0275b71c7b        ubuntu              "/bin/bash"         10 minutes ago      Up 58 seconds                            vm0

[root@miaomiao Desktop]# docker stop serene_ride

serene_ride

[root@miaomiao Desktop]# docker rm serene_ride

serene_ride

##commit  ##更新镜像

[root@miaomiao backup]# docker run -it --name vm1 ubuntu

root@424c3479a001:/#

root@424c3479a001:/# ls

bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

root@424c3479a001:/# touch file{1..10}

root@424c3479a001:/# ls

bin   dev  file1   file2  file4  file6  file8  home  lib64  mnt  proc  run  ubuntu:v1 srv  tmp  var

boot  etc  file10  file3  file5  file7  file9  lib   media  opt  root  sbin  sys  usr

root@424c3479a001:/# [root@miaomiao backup]# docker commit vm1 ubuntu:v1  ##在ubuntu的v1版本上更新容器vm1

sha256:6d42725a81105bd6265b5d1d0e5e29cb64988c558f4566cafc5c0752c25015bc

[root@miaomiao backup]# docker history ubuntu  ##查看ubuntu历史修改

IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT

07c86167cdc4        14 months ago       /bin/sh -c #(nop) CMD ["/bin/bash"]             0 B                 

220d2912ab1d        14 months ago       /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/   1.895 kB            

cc77a2e3d72c        14 months ago       /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic   194.5 kB            

c8fa7cdceff3        14 months ago       /bin/sh -c #(nop) ADD file:b9504126dc55908988   187.7 MB            

[root@miaomiao backup]# docker history ubuntu:v1  ##查看ubuntu的v1版本历史修改

IMAGE               CREATED              CREATED BY                                      SIZE                COMMENT

6d42725a8110        About a minute ago   /bin/bash                                       0 B   ##原本4层,新加了一层,最多127层              

07c86167cdc4        14 months ago        /bin/sh -c #(nop) CMD ["/bin/bash"]             0 B                 

220d2912ab1d        14 months ago        /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/   1.895 kB            

cc77a2e3d72c        14 months ago        /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic   194.5 kB            

c8fa7cdceff3        14 months ago        /bin/sh -c #(nop) ADD file:b9504126dc55908988   187.7 MB            

[root@miaomiao backup]# docker images ubuntu

REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE

ubuntu              v1                  6d42725a8110        About a minute ago   187.9 MB

ubuntu              latest              07c86167cdc4        14 months ago        187.9 MB

[root@miaomiao backup]# docker stop vm1

vm1

[root@miaomiao backup]# docker rm vm1

vm1

[root@miaomiao backup]# docker run -it --name vm2 ubuntu:v1 ##在ubuntu的v1版本上创建容器vm2,v1版本的数据会保存

 

root@005818c2d392:/#

root@005818c2d392:/# ls

bin   dev  file1   file2  file4  file6  file8  home  lib64  mnt  proc  run   srv  tmp  var

boot  etc  file10  file3  file5  file7  file9  lib   media  opt  root  sbin  sys  usr

root@005818c2d392:/#

 

 

[root@miaomiao Desktop]# docker attach vm0

root@2f0275b71c7b:/#

root@2f0275b71c7b:/# ls

bin   dev  home  lib64  mnt  proc  run   srv  tmp  var

boot  etc  lib   media  opt  root  sbin  sys  usr

root@2f0275b71c7b:/# exit

exit

[root@miaomiao Desktop]# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES

2f0275b71c7b        ubuntu              "/bin/bash"         14 minutes ago      Exited (0) 10 seconds ago

 

[root@miaomiao Desktop]# docker history ubuntu

IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT

07c86167cdc4        14 months ago       /bin/sh -c #(nop) CMD ["/bin/bash"]             0 B                 

220d2912ab1d        14 months ago       /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/   1.895 kB            

cc77a2e3d72c        14 months ago       /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic   194.5 kB            

c8fa7cdceff3        14 months ago       /bin/sh -c #(nop) ADD file:b9504126dc55908988   187.7 MB            

[root@miaomiao Desktop]# docker commit vm0 ubuntu:v0  ##更新镜像ubuntu

sha256:1990c428381bc97798ff8a561a4948e185fe6678b7ec642041299a6e9dfb4e3d

[root@miaomiao Desktop]# docker images ubuntu

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

ubuntu              v0                  1990c428381b        29 seconds ago      187.9 MB

ubuntu              v6                  c106646cac34        3 hours ago         187.9 MB

ubuntu              vm1                 e152ab232884        3 hours ago         187.9 MB

ubuntu              latest              07c86167cdc4        14 months ago       187.9 MB

[root@miaomiao Desktop]# docker history ubuntu:v0

IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT

1990c428381b        5 minutes ago       /bin/bash                                       13 B                

07c86167cdc4        14 months ago       /bin/sh -c #(nop) CMD ["/bin/bash"]             0 B                 

220d2912ab1d        14 months ago       /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/   1.895 kB            

cc77a2e3d72c        14 months ago       /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic   194.5 kB            

c8fa7cdceff3        14 months ago       /bin/sh -c #(nop) ADD file:b9504126dc55908988   187.7 MB        

[root@miaomiao Desktop]# docker run -it --name vm0 ubuntu:v0

[root@miaomiao Desktop]# docker run -d nginx  ##-d后台运行

dc0256224c5e0d439dbfcf07d1b5ab5eb636f550b7d46a4432e527b43ffb1a35

[root@miaomiao Desktop]# docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES

dc0256224c5e        nginx               "nginx -g ‘daemon off"   18 seconds ago      Up 16 seconds       80/tcp, 443/tcp     drunk_franklin

2f0275b71c7b        ubuntu              "/bin/bash"              44 minutes ago      Up 29 minutes                           vm0

[root@miaomiao Desktop]# for i in {1..5};do docker run -d nginx;done

a576e9dc0943342646c79188e4ac226fd8fc761ca573390ebb4fbb451754340a

ef2c0d97aef90d231c43e2f6b474e43565be694b777f205333a99e93f0af9501

6ffa5fd9abd3282a88c8c1f7d6e7c41a20067d73915ea81900dc31118d4ff92d

fe530950f5fb6f678291658bcd404e1a8aca095c53de6126b16d605d90d6717c

80664f333a75f83c1f8c4144a55ec6a98ef1dc4eeca031966e2b8e0d52955bf6

[root@miaomiao Desktop]# docker stop `docker ps -aq`

80664f333a75

fe530950f5fb

6ffa5fd9abd3

ef2c0d97aef9

a576e9dc0943

dc0256224c5e

2f0275b71c7b

[root@miaomiao Desktop]# docker rm `docker ps -aq`

80664f333a75

fe530950f5fb

 

[root@miaomiao Desktop]# docker cp ml vm0:/ ##复制本地文件ml到容器vm0的/目录下

[root@miaomiao Desktop]# docker attach vm0

 

root@fb7a26874f00:/# ls

bin   dev  home  lib64  ml   opt   root  sbin  sys  usr

boot  etc  lib   media  mnt  proc  run   srv   tmp  var

root@fb7a26874f00:/# rm -fr ml

root@fb7a26874f00:/# [root@miaomiao Desktop]# docker attach v^C

[root@miaomiao Desktop]# docker logs vm0  ##查看容器指令输出 -f 参数可以实时查看,进入容器有所修改才会显示

root@fb7a26874f00:/#

root@fb7a26874f00:/# ls

bin   dev  home  lib64  ml   opt   root  sbin  sys  usr

boot  etc  lib   media  mnt  proc  run   srv   tmp  var

root@fb7a26874f00:/# rm -fr ml

[root@miaomiao Desktop]# docker export -o vm0.tar vm0 ##将vm0容器输出为vm0.tar到当前目录

[root@miaomiao Desktop]# ll vm0.tar

-rw-r--r-- 1 root root 196854784 May  9 15:08 vm0.tar

[root@miaomiao Desktop]# docker save -o ubuntu.tar ubuntu:v0  ##将ubuntu:v0镜像输出为ubuntu.tar到当前目录

[root@miaomiao Desktop]# docker load -i ubuntu.tar ##容器输入ubuntu。tar镜像

[root@miaomiao Desktop]# save load  export  import^C

[root@miaomiao Desktop]# evince Docker学习笔记.pdf &   ##evince 查看  &后台

 

 

[root@miaomiao Desktop]# docker run -d --name web -p 8000:80 nginx  ##进来dnat,出去snat

  在本地nginx镜像中将http的80端口伪装(映射)成8000端口

1bd84acbf617b572510cd6d102a38011052c6c70cc4cff5ea837c7d1959fac04

[root@miaomiao Desktop]# docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                           NAMES

1bd84acbf617        nginx               "nginx -g ‘daemon off"   16 seconds ago      Up 12 seconds       443/tcp, 0.0.0.0:8000->80/tcp   web

fb7a26874f00        ubuntu              "/bin/bash"              12 minutes ago      Up 12 minutes                                       vm0

[root@miaomiao Desktop]# netstat -antlp |grep :8000  ##查看8000端口

tcp6       0      0 :::8000                 :::*                    LISTEN      28822/docker-proxy  

[root@miaomiao Desktop]# iptables -t nat -nL

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

 

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

 

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination         

RETURN     all  --  192.168.122.0/24     224.0.0.0/24        

RETURN     all  --  192.168.122.0/24     255.255.255.255     

MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535

MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535

MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    

MASQUERADE  all  --  192.168.0.0/24       0.0.0.0/0           

MASQUERADE  tcp  --  192.168.0.2          192.168.0.2          tcp dpt:80

 

Chain DOCKER (2 references)

target     prot opt source               destination         

RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000 to:192.168.0.2:80

[root@miaomiao Desktop]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain

ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain

ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED

ACCEPT     all  --  192.168.122.0/24     anywhere            

ACCEPT     all  --  anywhere             anywhere            

REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

ACCEPT     all  --  anywhere             anywhere            

REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

DOCKER-ISOLATION  all  --  anywhere             anywhere            

DOCKER     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc

ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc

 

Chain DOCKER (1 references)

target     prot opt source               destination         

ACCEPT     tcp  --  anywhere             192.168.0.2          tcp dpt:http

 

Chain DOCKER-ISOLATION (1 references)

target     prot opt source               destination         

RETURN     all  --  anywhere             anywhere   

 

[root@miaomiao lib]# docker start web  ##输入网址http://172.25.254.4:8000/ 或 localhost:8000 查看

[root@miaomiao Desktop]# docker attach vm0

 

root@fb7a26874f00:/# ls

bin   dev  home  lib64  mnt  proc  run   srv  tmp  var

boot  etc  lib   media  opt  root  sbin  sys  usr

root@fb7a26874f00:/# cp /etc/passwd .

root@fb7a26874f00:/# [root@miaomiao Desktop]# docker diff vm0

A /passwd    ##A 为add

22).修改docker的ip

[root@miaomiao system]# cd /usr/lib

[root@miaomiao lib]# cp /usr/lib^C

[root@miaomiao lib]# cp /lib/systemd/system/docker.service /etc/systemd/system^C

[root@miaomiao lib]# systemctl daemon-reload ^C

[root@miaomiao lib]# systemctl restart docker  ##重启docker

 

[root@miaomiao lib]# docker network ls

NETWORK ID          NAME                DRIVER

a3d8431a63f6        bridge              bridge              

3fd2c5b5e9c8        none                null                

fcff84aa1644        host                host   

 

[root@miaomiao lib]# ssh -X instructor@172.25.254.4 firefox ##连接172.25.254.4的firefox

3).数据卷管理

docker run 在创建容器时使用 -v 参数可以挂载一个或多个数据卷到当前运行的容器中,-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中,使宿主机和容器之间可以共享一个目录。

挂载数据卷到新创建的容器上:

# docker run -it --name westos -v /tmp/data1:/data1 -v /tmp/data2:/data2 rhel7 /bin/bash

-v 参数可以重复使用,挂载多个数据卷到容器中,冒号前面的是宿主机的目录(本地目录不存在 docker 会自动创建),冒号后面的是容器中的挂载目录。

:docker commit 时卷的数据不会被保存。

默认挂载可以读写数据卷,也可以只读挂载:

# docker run -it --name westos2 -v /tmp/data2:/data2:ro rhel /bin/bash

挂载宿主机文件:

#docker run -it --name westos3 -v /etc/yum.repos.d/rhel-dvd.repo:/etc/yum.repos.d/rhel-dvd.repo:ro rhel7 /bin/bash

数据卷容器:

# docker create --name data -v /tmp/sharedata:/sharedata rhel7 /bin/true

# docker run -it --name vm1 --volumes-from data rhel7 /bin/bash

# docker run -it --name vm2 --volumes-from data rhel7 /bin/bash

# docker attach vm1

bash-4.2# cd /sharedata/

bash-4.2# touch vm1file

# docker attach vm2

bash-4.2# cd /sharedata/

bash-4.2# ls

passwd vm1file

bash-4.2# touch vm2file

[root@foundation0 ~]# ls /tmp/sharedata/

passwd vm1file vm2file

备份数据卷:

# docker run --rm --volumes-from data -v /tmp/backup:/backup rhel7 tar cf /sharedata /backup/test.tar

eg:

[root@miaomiao lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu  ##-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中  本地目录不存在 docker 会自动创建

root@0a71b1c6ee76:/# cd data1/

root@0a71b1c6ee76:/data1# ls

passwd

 

[root@miaomiao lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu

root@0a71b1c6ee76:/# cd data1/

root@0a71b1c6ee76:/data1# ls

passwd

root@0a71b1c6ee76:~# [root@miaomiao lib]#

[root@miaomiao lib]# cd /tmp/data1

[root@miaomiao data1]# ls

[root@miaomiao data1]# docker run -it --name vm2 -v /tmp/data2:/data2 ubuntu

root@b2a25f80b0e0:/# cd /data2/

root@b2a25f80b0e0:/data2# ls

root@b2a25f80b0e0:/data2# [root@miaomiao data1]#

[root@miaomiao data1]# docker run -it --name vm3 -v /tmp/data1:/data1 -v /tmp/data2:/data2:ro -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat.repo:ro ubuntu

root@4adc953b1fb8:/# cd /etc/yum.repos.d/

root@4adc953b1fb8:/etc/yum.repos.d# ls

redhat.repo

root@4adc953b1fb8:/etc/yum.repos.d# echo 1 > redhat.repo

bash: redhat.repo: Read-only file system

root@4adc953b1fb8:/etc/yum.repos.d# [root@miaomiao data1]#

[root@miaomiao data1]# docker ps

CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES

4adc953b1fb8        ubuntu              "/bin/bash"         About a minute ago   Up About a minute                       vm3

b2a25f80b0e0        ubuntu              "/bin/bash"         5 minutes ago        Up 5 minutes                            vm2

0a71b1c6ee76        ubuntu              "/bin/bash"         8 minutes ago        Up 8 minutes                            vm1

[root@miaomiao data1]# docker create --name datavol -v /tmp/data1:/data1 -v /tmp/data2:/data2 -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat:ro ubuntu

83c9e4ce93a3d47326a33d6693214c0d8e2b36d26f0700702d10f960027feb5c

[root@miaomiao data1]# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

83c9e4ce93a3        ubuntu              "/bin/bash"         21 seconds ago      Created                                 datavol

4adc953b1fb8        ubuntu              "/bin/bash"         7 minutes ago       Up 7 minutes                            vm3

b2a25f80b0e0        ubuntu              "/bin/bash"         11 minutes ago      Up 11 minutes                           vm2

0a71b1c6ee76        ubuntu              "/bin/bash"         14 minutes ago      Up 14 minutes                           vm1

[root@miaomiao data1]# docker run -it --name vm4 --volumes-from datavol ubuntu

root@67ae4c3067b1:/# cd /data1

root@67ae4c3067b1:/data1# ls

root@67ae4c3067b1:/data1# cd /etc/yum.repos.d/

root@67ae4c3067b1:/etc/yum.repos.d# ls

redhat

root@67ae4c3067b1:/etc/yum.repos.d#cd /data1

root@67ae4c3067b1:/data1# ls

passwd

  

[root@miaomiao ~]# docker cp vm4:/data1/passwd .

[root@miaomiao ~]# ll passwd

-rw-r--r-- 1 root root 956 May  9 16:06 passwd

 

[root@miaomiao data1]# docker run --rm -v /tmp/backup:/backup ubuntu tar cf /backup/vm4.tar /etc

tar: Removing leading `/‘ from member names

[root@miaomiao data1]# cd /tmp/backup/

[root@miaomiao backup]# ls

etc.tar  vm4.tar

[root@miaomiao backup]# ll vm4.tar

-rw-r--r-- 1 root root 798720 May  9 16:12 vm4.tar

[root@miaomiao backup]# tar tf vm4.tar |less

 

(4).设置docker的ip

[root@foundation60 Desktop]# docker network ls  ##

NETWORK ID          NAME                DRIVER

a6086676733c        host                host                

c69c955d85a6        bridge              bridge              

b2fe5e31a343        none                null

[root@foundation60 Desktop]# brctl show ##显示桥接

bridge name bridge id STP enabled interfaces

br0 8000.28d24434e123 no enp2s0   ##本机br0

docker0 8000.02423c7d609f no   ##容器通过docker0(桥接)与物理机(宿主机|本机)通信

virbr0 8000.525400c63db4 yes virbr0-nic  ##虚拟机通过virbr0(桥接)与物理机(宿主机|本机)通信

virbr1 8000.5254002538eb yes virbr1-nic

[root@foundation60 Desktop]# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

[root@foundation60 Desktop]# docker run -it --name vm1 ubuntu

root@33293f33ace2:/# [root@foundation60 Desktop]#

[root@foundation60 Desktop]# brctl show

bridge name bridge id STP enabled interfaces

br0 8000.28d24434e123 no enp2s0

docker0 8000.02423c7d609f no veth67f57bf

virbr0 8000.525400c63db4 yes virbr0-nic

virbr1 8000.5254002538eb yes virbr1-nic

[root@foundation60 Desktop]# ll /usr/lib/systemd/system/docker.service

-rw-r--r-- 1 root root 347 2月  11 2016 /usr/lib/systemd/system/docker.service

[root@foundation60 Desktop]# cp /usr/lib/systemd/system/docker.service /etc/systemd/system/docker.service

[root@foundation60 Desktop]# vim /etc/systemd/system/docker.service 改docker0的ip方式二:修改配置文件

ExecStart=/usr/bin/docker daemon -H fd:// --bip 192.168.60.1/24  ##设置docker0的ip为192.168.60.1/24

[root@foundation60 Desktop]# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff

    inet 192.168.253.4/24 brd 192.168.253.255 scope global dynamic wlp3s0

       valid_lft 35968sec preferred_lft 35968sec

    inet6 fe80::a6db:30ff:fe7a:f8c5/64 scope link

       valid_lft forever preferred_lft forever

4: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

    inet 172.25.254.60/24 brd 172.25.254.255 scope global br0

       valid_lft forever preferred_lft forever

    inet 172.25.60.250/24 brd 172.25.60.255 scope global br0

       valid_lft forever preferred_lft forever

    inet6 fe80::2ad2:44ff:fe34:e123/64 scope link

       valid_lft forever preferred_lft forever

5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff

6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500

    link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff

7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

       valid_lft forever preferred_lft forever

8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500

    link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff

9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

    link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/16 scope global docker0

       valid_lft forever preferred_lft forever

    inet6 fe80::42:3cff:fe7d:609f/64 scope link

       valid_lft forever preferred_lft forever

11: veth67f57bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP

    link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0

    inet6 fe80::b854:d0ff:febc:523c/64 scope link

       valid_lft forever preferred_lft forever

[root@foundation60 Desktop]# systemctl daemon-reload

[root@foundation60 Desktop]# systemctl restart network

[root@foundation60 Desktop]# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000

    link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff

5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff

6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500

    link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff

7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

       valid_lft forever preferred_lft forever

8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500

    link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff

9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

    link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/16 scope global docker0

       valid_lft forever preferred_lft forever

    inet6 fe80::42:3cff:fe7d:609f/64 scope link

       valid_lft forever preferred_lft forever

11: veth67f57bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP

    link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0

    inet6 fe80::b854:d0ff:febc:523c/64 scope link

       valid_lft forever preferred_lft forever

12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

    inet 172.25.254.60/24 brd 172.25.254.255 scope global br0

       valid_lft forever preferred_lft forever

    inet 172.25.60.250/24 brd 172.25.60.255 scope global br0

       valid_lft forever preferred_lft forever

[root@foundation60 Desktop]# ip link set down dev docker0  ##改docker0的ip方式二:link

[root@foundation60 Desktop]# ip addr del 172.17.0.1/16 dev docker0

[root@foundation60 Desktop]# ip addr add 192.168.60.1/24 dev docker0

[root@foundation60 Desktop]# ip link set up dev docker0

[root@foundation60 Desktop]# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000

    link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff

5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff

6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500

    link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff

7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

       valid_lft forever preferred_lft forever

8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500

    link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff

9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

    link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff

    inet 192.168.60.1/24 scope global docker0   ##改后的ip:192.168.60.1/24

       valid_lft forever preferred_lft forever

    inet6 fe80::42:3cff:fe7d:609f/64 scope link

       valid_lft forever preferred_lft forever

11: veth67f57bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP

    link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0

    inet6 fe80::b854:d0ff:febc:523c/64 scope link

       valid_lft forever preferred_lft forever

12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

    inet 172.25.254.60/24 brd 172.25.254.255 scope global br0

       valid_lft forever preferred_lft forever

    inet 172.25.60.250/24 brd 172.25.60.255 scope global br0

       valid_lft forever preferred_lft forever

[root@foundation60 Desktop]#

[root@foundation60 Desktop]# docker attach vm1

 

root@33293f33ace2:/# uname -r

3.10.0-327.el7.x86_64

root@33293f33ace2:/# ip addr show    ##创建一个容器vm1 ,默认ip????????

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

(5).四种模式

[root@foundation60 Desktop]# docker run -it --name web --net host nginx  ##host模式   和物理机bro的ip相同

WARNING: IPv4 forwarding is disabled. Networking will not work.

2017/05/10 11:48:52 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)    ##80端口正在占用

nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

2017/05/10 11:48:52 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)

[root@foundation60 Desktop]# ^C

[root@foundation60 Desktop]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES

f7ce6e4f9b27        nginx               "nginx -g ‘daemon off"   34 seconds ago      Exited (1) 28 seconds ago                       web

33293f33ace2        ubuntu              "/bin/bash"              19 minutes ago      Up 18 minutes                                   vm1

[root@foundation60 Desktop]# systemctl stop httpd.service ##关闭httpd服务

[root@foundation60 Desktop]# docker start web

web

[root@foundation60 Desktop]# netstat -antlp |grep :80 ##80端口正在被占用

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6687/nginx: master  

[root@foundation60 Desktop]# curl 172.25.254.60

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

    body {

        width: 35em;

        margin: 0 auto;

        font-family: Tahoma, Verdana, Arial, sans-serif;

    }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

 

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

 

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

[root@foundation60 Desktop]# docker stop web

web

[root@foundation60 Desktop]# curl 172.25.254.60

curl: (7) Failed connect to 172.25.254.60:80; 拒绝连接

[root@foundation60 Desktop]# netstat -antlp |grep :80

tcp        0      0 172.25.254.60:46343     172.25.254.60:80        TIME_WAIT   -  

 

[root@foundation4 pub]# docker run -it --name vm1 --net host ubuntu  ##vm1为host模式

 

 

root@foundation4:/#

root@foundation4:/# [root@foundation4 pub]#

[root@foundation4 pub]# docker run -it --name vm2 --net container:vm1 ubuntu  ##vm1为container模式,同vm1 与物理机ip相同

 

 

root@foundation4:/#

root@foundation4:/# ip addr show

 

9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default

    link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff

    inet 192.168.60.1/24 scope global docker0

       valid_lft forever preferred_lft forever

    inet6 fe80::42:3cff:fe7d:609f/64 scope link

       valid_lft forever preferred_lft forever

12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

    inet 172.25.254.60/24 brd 172.25.254.255 scope global br0

       valid_lft forever preferred_lft forever

    inet 172.25.60.250/24 brd 172.25.60.255 scope global br0

       valid_lft forever preferred_lft forever

 

root@foundation4:/# [root@foundation4 pub]# docker attach vm1

 

root@foundation4:/# ip addr show

 

9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default

    link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff

    inet 192.168.60.1/24 scope global docker0

       valid_lft forever preferred_lft forever

    inet6 fe80::42:3cff:fe7d:609f/64 scope link

       valid_lft forever preferred_lft forever

12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

    link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff

    inet 172.25.254.60/24 brd 172.25.254.255 scope global br0

       valid_lft forever preferred_lft forever

    inet 172.25.60.250/24 brd 172.25.60.255 scope global br0

       valid_lft forever preferred_lft forever

 

root@foundation4:/#   ##关机vm1,vm2的ip不再存在,开启vm1,vm2的ip存在

 

 

[root@foundation60 Desktop]# docker attach vm2

 

root@33293f33ace2:/# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

root@33293f33ace2:/# [root@foundation60 Desktop]#

 

(6).禁用模式 自己设ip

[root@foundation15 netns]# docker run -it --name vm3 --net  none ubuntu

root@e8bf0b4bce45:/# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

root@e8bf0b4bce45:/# [root@foundation15 netns]#

[root@foundation15 netns]# brctl show

bridge name bridge id STP enabled interfaces

br0 8000.0021cc5dee66 no enp0s25

docker0 8000.024241e13709 no

virbr0 8000.525400c2e396 yes virbr0-nic

virbr1 8000.52540005d6c1 yes virbr1-nic

[root@foundation15 netns]# docker inspect vm3 |grep Pid  ##每次开机Pid 都会改变,所以最好写脚本

            "Pid": 4648,

            "PidMode": "",

            "PidsLimit": 0,

[root@foundation15 netns]# cd /proc/4648  ##/proc存放内核的信息,存放在内存上,关机所有信息消失,开机所有信息自动出现

[root@foundation15 4648]# ls

attr             cpuset   limits      net            projid_map  statm

autogroup        cwd      loginuid    ns             root        status

auxv             environ  map_files   numa_maps      sched       syscall

cgroup           exe      maps        oom_adj        sessionid   task

clear_refs       fd       mem         oom_score      setgroups   timers

cmdline          fdinfo   mountinfo   oom_score_adj  smaps       uid_map

comm             gid_map  mounts      pagemap        stack       wchan

coredump_filter  io       mountstats  personality    stat

[root@foundation15 4648]# cd ns

[root@foundation15 ns]# ls

ipc  mnt  net  pid  user  uts

[root@foundation15 ns]# ll

total 0

lrwxrwxrwx 1 root root 0 May 10 10:51 ipc -> ipc:[4026532409]

lrwxrwxrwx 1 root root 0 May 10 10:51 mnt -> mnt:[4026532407]

lrwxrwxrwx 1 root root 0 May 10 10:49 net -> net:[4026532412]

lrwxrwxrwx 1 root root 0 May 10 10:51 pid -> pid:[4026532410]

lrwxrwxrwx 1 root root 0 May 10 10:51 user -> user:[4026531837]

lrwxrwxrwx 1 root root 0 May 10 10:51 uts -> uts:[4026532408]

[root@foundation15 ns]# ln -s /proc/4648/ns/net /var/run/netns/4648

[root@foundation15 ns]# ip netns ls

4648

[root@foundation15 ns]# ll

total 0

lrwxrwxrwx 1 root root 0 May 10 10:51 ipc -> ipc:[4026532409]

lrwxrwxrwx 1 root root 0 May 10 10:51 mnt -> mnt:[4026532407]

lrwxrwxrwx 1 root root 0 May 10 10:49 net -> net:[4026532412]

lrwxrwxrwx 1 root root 0 May 10 10:51 pid -> pid:[4026532410]

lrwxrwxrwx 1 root root 0 May 10 10:51 user -> user:[4026531837]

lrwxrwxrwx 1 root root 0 May 10 10:51 uts -> uts:[4026532408]

[root@foundation15 ns]# cd /var/run/netns/

[root@foundation15 netns]# ls

4648

[root@foundation15 netns]# ll

total 0

lrwxrwxrwx 1 root root 17 May 10 10:53 4648 -> /proc/4648/ns/net

[root@foundation15 netns]# ip link add name veth0 type veth peer name veth1  

[root@foundation15 netns]# ip link set up dev veth0   ##在 namespace 中启用一个设备veth0

[root@foundation15 netns]# ip link set up dev veth1

[root@foundation15 netns]# ip addr show

。。。

4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

    link/ether 00:21:cc:5d:ee:66 brd ff:ff:ff:ff:ff:ff

    inet 172.25.254.15/24 brd 172.25.254.255 scope global br0

       valid_lft forever preferred_lft forever

    inet 172.25.15.250/24 brd 172.25.15.255 scope global br0

       valid_lft forever preferred_lft forever

    inet6 fe80::221:ccff:fe5d:ee66/64 scope link

       valid_lft forever preferred_lft forever

9: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN ##Docker 在启动时会创建一个虚拟网桥 docker0,默认地址为 。。。, 容器启动后都会

被桥接到 docker0 上,并自动分配到一个 IP 地址

    link/ether 02:42:41:e1:37:09 brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.1/24 scope global docker0

       valid_lft forever preferred_lft forever

10: veth1@veth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff

    inet6 fe80::947e:83ff:feec:4cfc/64 scope link

       valid_lft forever preferred_lft forever

11: veth0@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether ca:bc:43:25:e7:91 brd ff:ff:ff:ff:ff:ff

    inet6 fe80::c8bc:43ff:fe25:e791/64 scope link

       valid_lft forever preferred_lft forever

[root@foundation15 netns]# brctl show

bridge name bridge id STP enabled interfaces

br0 8000.0021cc5dee66 no enp0s25

docker0 8000.024241e13709 no

virbr0 8000.525400c2e396 yes virbr0-nic

virbr1 8000.52540005d6c1 yes virbr1-nic

[root@foundation15 netns]# brctl addif docker0 veth0

[root@foundation15 netns]# brctl show

bridge name bridge id STP enabled interfaces

br0 8000.0021cc5dee66 no enp0s25

docker0 8000.024241e13709 no veth0

virbr0 8000.525400c2e396 yes virbr0-nic

virbr1 8000.52540005d6c1 yes virbr1-nic

[root@foundation15 netns]# ip link set veth1 netns 4648

[root@foundation15 netns]# docker attach vm3

 

root@e8bf0b4bce45:/# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

10: veth1@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000

    link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff

[root@foundation15 netns]# ip netns exec 4648 ip link set veth1 name eth0

[root@foundation15 netns]# ip netns exec 4648 ip link set up eth0

[root@foundation15 netns]# ip netns exec 4648 ip addr add 192.168.15.115/24 dev eth0

[root@foundation15 netns]# ip netns exec 4648 ip route add default via 192.168.15.1

[root@foundation15 netns]# docker attach vm3

root@e8bf0b4bce45:/#

root@e8bf0b4bce45:/# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff

    inet 192.168.15.115/24 scope global eth0

       valid_lft forever preferred_lft forever

    inet6 fe80::947e:83ff:feec:4cfc/64 scope link

       valid_lft forever preferred_lft forever

root@e8bf0b4bce45:/# ip route show

default via 192.168.15.1 dev eth0

192.168.15.0/24 dev eth0  proto kernel  scope link  src 192.168.15.115

root@e8bf0b4bce45:/# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.15.1    0.0.0.0         UG    0      0        0 eth0

192.168.15.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0

root@e8bf0b4bce45:/# ping 192.168.15.1

PING 192.168.15.1 (192.168.15.1) 56(84) bytes of data.

--- 192.168.15.1 ping statistics ---

5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

pipe 4

root@e8bf0b4bce45:/# ping 172.25.254.251

PING 172.25.254.251 (172.25.254.251) 56(84) bytes of data.

 

--- 172.25.254.251 ping statistics ---

5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

pipe 4

root@e8bf0b4bce45:/# ping 172.25.254.15

PING 172.25.254.15 (172.25.254.15) 56(84) bytes of data.

 

^C

--- 172.25.254.15 ping statistics ---

5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

pipe 4

7)容器间互联

[root@foundation60 Desktop]# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

game2048            latest              19299002fdbe        4 months ago        55.5 MB

nginx               latest              af4b3d7d5401        14 months ago       190.5 MB

ubuntu              latest              07c86167cdc4        14 months ago       187.9 MB

[root@foundation60 Desktop]# docker run -d game2048

25c89dfe2e6fa670613e0386de8f05284dd74c017426dc7087e897df44284135

[root@foundation60 Desktop]# docker ps

CONTAINER ID        IMAGE               COMMAND                   CREATED             STATUS              PORTS               NAMES

25c89dfe2e6f        game2048            "/bin/sh -c ‘sed -i \""   32 seconds ago      Up 30 seconds       80/tcp, 443/tcp     boring_newton

[root@foundation60 Desktop]# docker run -it --link boring_newton:WQ ubuntu  ##两个容器间建立安全连接, --link 参数可以连接一个

或多个容器到将要创建的容器

 

 

root@000a7f3d3283:/#

root@000a7f3d3283:/# env |grep WQ

WQ_PORT_443_TCP_ADDR=192.168.60.2

WQ_ENV_NGINX_VERSION=1.11.7

WQ_NAME=/prickly_poincare/WQ

WQ_PORT_80_TCP_PROTO=tcp

WQ_PORT_80_TCP=tcp://192.168.60.2:80

WQ_PORT_443_TCP_PORT=443

WQ_PORT_80_TCP_PORT=80

WQ_PORT_443_TCP=tcp://192.168.60.2:443

WQ_PORT_443_TCP_PROTO=tcp

WQ_PORT_80_TCP_ADDR=192.168.60.2

WQ_PORT=tcp://192.168.60.2:80

 

(8)基于rhel7镜像,搭建自己的镜像  搭建appache

[root@foundation4 Desktop]$ cd /tmp/docker/

[root@foundation4 docker]$ cd apache/

[root@foundation4 apache]# vim Dockerfile

[root@foundation4 apache]# docker build -t rhel7:v1 .

[root@foundation4 apache]# ls

Dockerfile

[root@foundation4 apache]# du -h Dockerfile

4.0K Dockerfile

[root@foundation4 apache]# docker run -d -p 8000:80 --name apache rhel7:v1

410b97e65f58d824bad92b7824d01c7cc11a3aafe5614133bcddb4bb8c6f6159

                          vm1

[root@foundation4 apache]# docker kill apache

apache

[root@foundation4 apache]# docker rm apache

apache

[root@foundation4 apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v1

a8248ed115240b4d840c586402ced465477e3893f95c330b9b4365f5a120c3aa

[root@foundation4 apache]# vim index.html

[root@foundation4 apache]# ls

Dockerfile  index.html

[root@foundation4 apache]# docker kill apache

apache

[root@foundation4 apache]# docker rm apache

apache

[root@foundation4 apache]# docker run -d -p 8000:80 --name apache rhel7:v2

Unable to find image ‘rhel7:v2‘ locally

Pulling repository docker.io/library/rhel7

^C[root@foundation4 apache]# docker build -t rhel7:v2 .

Sending build context to Docker daemon 3.072 kB

Step 1 : FROM rhel7:v1

 ---> c7728e4708e3

Step 2 : MAINTAINER yy@163.com

 ---> Running in c433f5e76e66

 ---> 573359cb1d1f

Removing intermediate container c433f5e76e66

Step 3 : ENV hostname ll

 ---> Running in 440673aa5929

 ---> d3a6eb82360a

Removing intermediate container 440673aa5929

Step 4 : EXPOSE 80

 ---> Running in 59142267cc63

 ---> 54f13e0b05b1

Removing intermediate container 59142267cc63

Step 5 : RUN yum install -y httpd && yum clean all

 ---> Running in 84ce816c5092

Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘

Package httpd-2.4.6-40.el7.x86_64 already installed and latest version

Nothing to do

Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘

Cleaning repos: rhel7.2

Cleaning up everything

 ---> 8d81b8881a9f

Removing intermediate container 84ce816c5092

Step 6 : CMD /usr/sbin/httpd -D FOREGROUND

 ---> Running in c9a98b333e16

 ---> 5ab0460229f8

Removing intermediate container c9a98b333e16

Successfully built 5ab0460229f8

[root@foundation4 apache]# docker run -d -p 8000:80 --name apache rhel7:v2

43ecdd284a6a5a51c1186c0849c9d16f70d05e128806be36bfdacce48997641a

 

[root@foundation4 apache]#

[root@foundation4 apache]# curl localhost:8000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

..........

[root@foundation4 apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v2

docker: Error response from daemon: Conflict. The name "/apache" is already in use by container 43ecdd284a6a5a51c1186c0849c9d16f70d05e128806be36bfdacce48997641a. You have to remove (or rename) that container to be able to reuse that name..

See ‘docker run --help‘.

[root@foundation4 apache]# docker kill apache

apache

[root@foundation4 apache]# docker rm apache

apache

[root@foundation4 apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v2

ce6b701984229e411ca8dcb07fef754106d9118a22000078b4655fb5f4f08e63

[root@foundation4 apache]# curl localhost:8000

<h1>hello world</h1>

[root@foundation4 apache]# netstat -antlp |grep :80

tcp6       0      0 :::80                   :::*                    LISTEN      1204/httpd          

[root@foundation4 apache]# which ip

/usr/sbin/ip

[root@foundation4 apache]# rpm -qf /usr/sbin/ip   ##查看/usr/sbin/ip属于哪个安装包

iproute-3.10.0-54.el7.x86_64

 

9)搭建ssh镜像

[root@foundation4 docker]#mkdir ssh

[root@foundation4 docker]#cd ssh/

[root@foundation4 ssh]#cp ../apache/Dockerfile .

bash-4.2# yum install -y openssh-clients

bash-4.2# /usr/sbin/sshd

Could not load host key: /etc/ssh/ssh_host_rsa_key

Could not load host key: /etc/ssh/ssh_host_ecdsa_key

Could not load host key: /etc/ssh/ssh_host_ed25519_key

bash-4.2# cd /etc/ssh/

bash-4.2# ls

moduli ssh_config  sshd_config

bash-4.2# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N ""

bash-4.2# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""

bash-4.2# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""

bash-4.2# ls

moduli     ssh_host_ecdsa_key.pub    ssh_host_rsa_key

ssh_config     ssh_host_ed25519_key      ssh_host_rsa_key.pub

ssh_host_ecdsa_key  ssh_host_ed25519_key.pub  sshd_config

bash-4.2# netstat -antlp | grep :22

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      39/sshd             

tcp6       0      0 :::22                   :::*                    LISTEN      39/sshd             

bash-4.2# ssh localhost

The authenticity of host ‘localhost (::1)‘ can‘t be established.

ECDSA key fingerprint is 32:79:e7:50:20:0e:0d:c8:e5:ab:55:17:5a:b3:61:f1.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘localhost‘ (ECDSA) to the list of known hosts.

root@localhost‘s password:

 

bash-4.2# echo root:westos |chpasswd

bash-4.2# ssh localhost

root@localhost‘s password:

-bash-4.2# [root@foundation4 ssh]#

[root@foundation4 ssh]# vim Dockerfile

[root@foundation4 ssh]# cat Dockerfile

FROM rhel7:v1  ##指定基础镜像

MAINTAINER yy@163.com  ##作者信息(可不写)

ENV hostname lll   ##设置容器主机名(可不写)

EXPOSE 22   ##暴露容器端口

RUN yum install -y openssh-server openssh-clients && yum clean all

RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd   ##镜像操作命令

CMD ["/usr/sbin/sshd", "-D"]  ##镜像启动命令,默认只能启动一条

[root@foundation4 ssh]# docker build -t rhel7:v6 . ##创建镜像 rhel7:v6

Sending build context to Docker daemon 2.048 kB

Step 1 : FROM rhel7:v1

 ---> c7728e4708e3

Step 2 : MAINTAINER yy@163.com

 ---> Using cache

 ---> 573359cb1d1f

Step 3 : ENV hostname lll

 ---> Using cache

 ---> 0445caf75265

Step 4 : EXPOSE 22

 ---> Using cache

 ---> c31fe7ee8a78

Step 5 : RUN yum install -y openssh-server openssh-clients && yum clean all

 ---> Using cache

 ---> 9ec68f83787d

Step 6 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd

 ---> Using cache

 ---> 66d55ef13f55

Step 7 : CMD /usr/sbin/sshd -D

 ---> Running in c1da2a758664

 ---> 0df474967f24

Removing intermediate container c1da2a758664

Successfully built 0df474967f24

[root@foundation4 ssh]# docker run -d --name ssh -p 2222:22 rhel7:v6

9e9b9180bdf7eb7029dccafa22a88c4ba14ec10b36ea0a40a15961ea718c6f47

[root@foundation4 ssh]# ssh localhost -p 2222

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

74:5d:6e:b3:fa:e7:80:6b:8a:e8:13:d2:85:cc:f5:c2.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /root/.ssh/known_hosts:11

ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.

Host key verification failed.

[root@foundation4 ssh]# vim /root/.ssh/known_hosts

[root@foundation4 ssh]# rm -fr /root/.ssh/known_hosts

[root@foundation4 ssh]# ssh localhost -p 2222  ##连接物理机2222端口

The authenticity of host ‘[localhost]:2222 ([::1]:2222)‘ can‘t be established.

ECDSA key fingerprint is 74:5d:6e:b3:fa:e7:80:6b:8a:e8:13:d2:85:cc:f5:c2.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘[localhost]:2222‘ (ECDSA) to the list of known hosts.

root@localhost‘s password:

-bash-4.2# exit                                       

logout

Connection to localhost closed.

(10)多服务

bash-4.2# yum install supervisor -y

bash-4.2# cat dvd.repo

[rhel7.2]

name=rhel7.2

baseurl=http://172.25.254.250/rhel7.2

gpgcheck=0

 

 

[update]

name=update

baseurl=ftp://172.25.254.250/pub/docker

gpgcheck=0

bash-4.2# vi /etc/supervisord.conf

 

 

 

[root@foundation4 ssh]# cd ..

[root@foundation4 docker]# mkdir super

[root@foundation4 docker]# cd super/

[root@foundation4 super]# cp ../ssh/Dockerfile .

[root@foundation4 super]# ls

Dockerfile

[root@foundation4 super]# vim update.repo

[root@foundation4 super]# ls

Dockerfile  update.repo

[root@foundation4 super]# vim Dockerfile

[root@foundation4 super]# vim supervisord.conf

[root@foundation4 super]# docker build -t rhel7:v7 .

Sending build context to Docker daemon 4.096 kB

Step 1 : FROM rhel7:v1

 ---> c7728e4708e3

Step 2 : MAINTAINER yy@163.com

 ---> Using cache

 ---> 573359cb1d1f

Step 3 : ENV hostname llll

 ---> Running in 2bcc58c208a6

 ---> c52c29905899

Removing intermediate container 2bcc58c208a6

Step 4 : EXPOSE 22 80

 ---> Running in b0f255eee335

 ---> ad02a414cb33

Removing intermediate container b0f255eee335

Step 5 : COPY update.repo /etc/yum.repos.d

 ---> 96ecee8435d0

Removing intermediate container 95bde59e0de3

Step 6 : RUN yum install -y openssh-server openssh-clients httpd supervisor&& yum clean all

 ---> Running in f50c57b7f861

Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘

Package httpd-2.4.6-40.el7.x86_64 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed

--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64

--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64

--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64

--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64

---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed

--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64

---> Package supervisor.noarch 0:3.1.3-3.el7 will be installed

--> Processing Dependency: python-meld3 >= 0.6.5 for package: supervisor-3.1.3-3.el7.noarch

--> Processing Dependency: python-setuptools for package: supervisor-3.1.3-3.el7.noarch

--> Running transaction check

---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed

--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64

---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed

---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed

---> Package python-meld3.x86_64 0:0.6.10-1.el7 will be installed

---> Package python-setuptools.noarch 0:0.9.8-4.el7 will be installed

--> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-4.el7.noarch

---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed

--> Running transaction check

---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed

---> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7 will be installed

--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch

--> Running transaction check

---> Package python-backports.x86_64 0:1.0-8.el7 will be installed

--> Finished Dependency Resolution

 

Dependencies Resolved

 

================================================================================

 Package                            Arch   Version                Repository

                                                                           Size

================================================================================

Installing:

 openssh-clients                    x86_64 6.6.1p1-22.el7         rhel7.2 638 k

 openssh-server                     x86_64 6.6.1p1-22.el7         rhel7.2 436 k

 supervisor                         noarch 3.1.3-3.el7            update  445 k

Installing for dependencies:

 fipscheck                          x86_64 1.4.1-5.el7            rhel7.2  21 k

 fipscheck-lib                      x86_64 1.4.1-5.el7            rhel7.2  11 k

 libedit                            x86_64 3.0-12.20121213cvs.el7 rhel7.2  92 k

 openssh                            x86_64 6.6.1p1-22.el7         rhel7.2 435 k

 python-backports                   x86_64 1.0-8.el7              rhel7.2 5.8 k

 python-backports-ssl_match_hostname

                                    noarch 3.4.0.2-4.el7          rhel7.2  12 k

 python-meld3                       x86_64 0.6.10-1.el7           update   73 k

 python-setuptools                  noarch 0.9.8-4.el7            rhel7.2 397 k

 tcp_wrappers-libs                  x86_64 7.6-77.el7             rhel7.2  66 k

 

Transaction Summary

================================================================================

Install  3 Packages (+9 Dependent packages)

 

Total download size: 2.6 M

Installed size: 9.3 M

Downloading packages:

--------------------------------------------------------------------------------

Total                                              2.2 MB/s | 2.6 MB  00:01     

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : fipscheck-1.4.1-5.el7.x86_64                                1/12

  Installing : fipscheck-lib-1.4.1-5.el7.x86_64                            2/12

  Installing : openssh-6.6.1p1-22.el7.x86_64                               3/12

  Installing : python-meld3-0.6.10-1.el7.x86_64                            4/12

  Installing : tcp_wrappers-libs-7.6-77.el7.x86_64                         5/12

  Installing : python-backports-1.0-8.el7.x86_64                           6/12

  Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch    7/12

  Installing : python-setuptools-0.9.8-4.el7.noarch                        8/12

  Installing : libedit-3.0-12.20121213cvs.el7.x86_64                       9/12

  Installing : openssh-clients-6.6.1p1-22.el7.x86_64                      10/12

  Installing : supervisor-3.1.3-3.el7.noarch                              11/12

  Installing : openssh-server-6.6.1p1-22.el7.x86_64                       12/12

  Verifying  : openssh-clients-6.6.1p1-22.el7.x86_64                       1/12

  Verifying  : python-setuptools-0.9.8-4.el7.noarch                        2/12

  Verifying  : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch    3/12

  Verifying  : libedit-3.0-12.20121213cvs.el7.x86_64                       4/12

  Verifying  : openssh-6.6.1p1-22.el7.x86_64                               5/12

  Verifying  : python-backports-1.0-8.el7.x86_64                           6/12

  Verifying  : tcp_wrappers-libs-7.6-77.el7.x86_64                         7/12

  Verifying  : python-meld3-0.6.10-1.el7.x86_64                            8/12

  Verifying  : openssh-server-6.6.1p1-22.el7.x86_64                        9/12

  Verifying  : supervisor-3.1.3-3.el7.noarch                              10/12

  Verifying  : fipscheck-lib-1.4.1-5.el7.x86_64                           11/12

  Verifying  : fipscheck-1.4.1-5.el7.x86_64                               12/12

 

Installed:

  openssh-clients.x86_64 0:6.6.1p1-22.el7                                       

  openssh-server.x86_64 0:6.6.1p1-22.el7                                        

  supervisor.noarch 0:3.1.3-3.el7                                               

 

Dependency Installed:

  fipscheck.x86_64 0:1.4.1-5.el7                                                

  fipscheck-lib.x86_64 0:1.4.1-5.el7                                            

  libedit.x86_64 0:3.0-12.20121213cvs.el7                                       

  openssh.x86_64 0:6.6.1p1-22.el7                                               

  python-backports.x86_64 0:1.0-8.el7                                           

  python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7                    

  python-meld3.x86_64 0:0.6.10-1.el7                                            

  python-setuptools.noarch 0:0.9.8-4.el7                                        

  tcp_wrappers-libs.x86_64 0:7.6-77.el7                                         

 

Complete!

Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘

Cleaning repos: rhel7.2 update

Cleaning up everything

 ---> 1f29557e45b4

Removing intermediate container f50c57b7f861

Step 7 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd

 ---> Running in b6eaedc8e112

 ---> ea220bf69ab3

Removing intermediate container b6eaedc8e112

Step 8 : COPY supervisord.conf /etc/supervisord.conf

 ---> 68350609a0b1

Removing intermediate container ff06da275cf9

Step 9 : CMD /usr/bin/supervisord

 ---> Running in aa6a51911b44

 ---> cb4316476c0c

Removing intermediate container aa6a51911b44

Successfully built cb4316476c0c                                             vm1

[root@foundation4 super]# docker kill `docker ps -aq`

9e9b9180bdf7

ce6b70198422

52bbe0b717f2

Failed to kill container (239358aff01d): Error response from daemon: Cannot kill container 239358aff01d: Container 239358aff01d676cfaccece93e631e7530fdab787920e37c74490c8d1bd4df6b is not running

[root@foundation4 super]# docker rm `docker ps -aq`

 

9e9b9180bdf7

 

 

239358aff01d

 

 

 

ce6b70198422

 

 

52bbe0b717f2

[root@foundation4 super]#

[root@foundation4 super]# docker run -d --name super -p 2222:22 -p 8000:80 -v /tmp/docker/apache:/var/www/html rhel7:v7

e23cc1d8c9faeb569c30fdca824c9609a7cd5cf2f4bbf02452991293de96344d

[root@foundation4 super]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                        NAMES

e23cc1d8c9fa        rhel7:v7            "/usr/bin/supervisord"   14 seconds ago      Up 11 seconds       0.0.0.0:2222->22/tcp, 0.0.0.0:8000->80/tcp   super

[root@foundation4 super]# iptables -t nat -nL

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

 

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

 

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination         

MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           

RETURN     all  --  192.168.122.0/24     224.0.0.0/24        

RETURN     all  --  192.168.122.0/24     255.255.255.255     

MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535

MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535

MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    

MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:80

MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:22

 

Chain DOCKER (2 references)

target     prot opt source               destination         

RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000 to:172.17.0.2:80

DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2222 to:172.17.0.2:22

[root@foundation4 super]# ssh localhost -p 2222 -l root

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

e0:5a:77:37:14:bf:ac:58:1f:8c:e2:a8:ab:1b:6f:58.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /root/.ssh/known_hosts:1

ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.

Host key verification failed.

[root@foundation4 super]# rm -fr /root/.ssh/known_hosts

[root@foundation4 super]# ssh localhost -p 2222 -l root

The authenticity of host ‘[localhost]:2222 ([::1]:2222)‘ can‘t be established.

ECDSA key fingerprint is e0:5a:77:37:14:bf:ac:58:1f:8c:e2:a8:ab:1b:6f:58.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘[localhost]:2222‘ (ECDSA) to the list of known hosts.

root@localhost‘s password:

-bash-4.2# ls

anaconda-ks.cfg

-bash-4.2# logout

Connection to localhost closed.

[root@foundation4 super]# curl localhost:8000

<h1>hello world</h1>

[root@foundation4 super]# ls

Dockerfile  supervisord.conf  update.repo

[root@foundation4 super]# cat Dockerfile

FROM rhel7:v1

MAINTAINER yy@163.com

ENV hostname llll

EXPOSE 22 80

COPY update.repo /etc/yum.repos.d

RUN yum install -y openssh-server openssh-clients httpd supervisor&& yum clean all

RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd

COPY supervisord.conf /etc/supervisord.conf

CMD ["/usr/bin/supervisord"]

[root@foundation4 super]# cat update.repo

[update]

name=update

baseurl=ftp://172.25.254.250/pub/docker

gpgcheck=0

[root@foundation4 super]# cat supervisord.conf

[supervisord]

nodaemon=true

 

[program:httpd]

command=/usr/sbin/httpd

 

[program:sshd]

command=/usr/sbin/sshd -D

[root@foundation4 super]# docker inspect rhel7:v7  ##查看暴露的端口

  "ExposedPorts": {

                "22/tcp": {},

                "80/tcp": {}

 

docker1-1

标签:脚本   地址   with   bytes   作用   ping   fips   man   exp   

原文地址:http://www.cnblogs.com/yangying2017/p/6838794.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!