标签:shm engine ipv6 libc could global oba 第一个 sys
Docker部署及使用1.安装docker
1.查看系统环境:
[root@bogon ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@bogon ~]# uname -r
3.10.0-514.el7.x86_64
[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# systemctl disable firewalld
[root@bogon ~]# setenforce 0
2.安装docker
[root@bogon ~]# yum install -y docker
3.docker和OpenStack对比表
4.启动docker并设置开机自启
[root@bogon ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
5.更改docker镜像源(默认会去国外官方站点下载,可能会慢也有被拦截的风险,所以改成国内的)
[root@bogon ~]# docker deamon –help
上述命令可以查看到下面文件中需要添加参数的帮助信息。
[root@bogon ~]# vim /usr/lib/systemd/system/docker.service
#在文件里添加×××部分,×××部分地址需要登录阿里云获取
ExecStart=/usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
6.加载下文件
[root@bogon ~]# systemctl daemon-reload
7.启动docker
[root@bogon ~]# systemctl start docker
Docker启动报错解决方案:
启动不成功会提示去哪里看报错,如下:
[root@bogon ~]# systemctl start docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
[root@bogon ~]# journalctl -xe
#仔细看报错文件,如果是如下报错:
-- Unit docker.service has begun starting up.
8月 28 16:42:20 bogon dockerd-current[3316]: time="2018-08-28T16:42:20.529170789+08:00" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
8月 28 16:42:20 bogon dockerd-current[3316]: time="2018-08-28T16:42:20.542715409+08:00" level=info msg="libcontainerd: new containerd process, pid: 3321"
8月 28 16:42:22 bogon dockerd-current[3316]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or disable selinux in docker (--selin
8月 28 16:42:22 bogon systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
8月 28 16:42:22 bogon systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
解决方法:
修改下面配置文件内容
[root@bogon ~]# vim /etc/sysconfig/docker
#下面内容中添加×××部分
OPTIONS=‘--selinux-enabled=false --log-driver=journald --signature-verification=false‘
修改后再次启动就可以了
8.docker启动后查看下状态:
[root@bogon ~]# systemctl status docker
#下面绿色部分说明启动没有问题
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2018-08-28 16:46:06 CST; 5min ago
Docs: http://docs.docker.com
Main PID: 3390 (dockerd-current)
CGroup: /system.slice/docker.service
├─3390 /usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com --ad...
└─3395 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-co...
8月 28 16:46:05 bogon dockerd-current[3390]: time="2018-08-28T16:46:05.866842623+08:00" level=info...ds"
8月 28 16:46:05 bogon dockerd-current[3390]: time="2018-08-28T16:46:05.868038662+08:00" level=info...t."
8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:05.999481830+08:00" level=info...se"
8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.180906259+08:00" level=info...ss"
8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.281198675+08:00" level=info...e."
8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.285045777+08:00" level=warn...ix"
8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.334406287+08:00" level=info...on"
8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.334428391+08:00" level=info...3.1
8月 28 16:46:06 bogon systemd[1]: Started Docker Application Container Engine.
8月 28 16:46:06 bogon dockerd-current[3390]: time="2018-08-28T16:46:06.370242046+08:00" level=info...ck"
Hint: Some lines were ellipsized, use -l to show in full.
2.docker简单操作
镜像的下载
[root@bogon ~]# docker pull alpine
Using default tag: latest
Trying to pull repository docker.io/library/alpine ...
latest: Pulling from docker.io/library/alpine
8e3ba11ec2a2: Pull complete
Digest: sha256:7043076348bf5040220df6ad703798fd8593a0918d06d3ce30c6c93be117e430
Status: Downloaded newer image for docker.io/alpine:latest
镜像的搜索,如下搜索一个nginx镜像
[root@bogon ~]# docker search nginx
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/nginx Official build of Nginx. 9370 [OK]
docker.io docker.io/jwilder/nginx-proxy Automated Nginx reverse proxy for docker c... 1388 [OK]
docker.io docker.io/richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable ... 609 [OK]
docker.io docker.io/jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as... 396 [OK]
docker.io docker.io/kong Open-source Microservice & API Management ... 219 [OK]
docker.io docker.io/webdevops/php-nginx Nginx with PHP-FPM 111 [OK]
docker.io docker.io/kitematic/hello-world-nginx A light-weight nginx container that demons... 108
docker.io docker.io/zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server ... 63 [OK]
docker.io docker.io/bitnami/nginx Bitnami nginx Docker Image 57 [OK]
docker.io docker.io/1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 43 [OK]
docker.io docker.io/linuxserver/nginx An Nginx container, brought to you by Linu... 38
docker.io docker.io/tobi312/rpi-nginx NGINX on Raspberry Pi / armhf 20 [OK]
docker.io docker.io/blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 12 [OK]
docker.io docker.io/nginxdemos/nginx-ingress NGINX Ingress Controller for Kubernetes . ... 11
docker.io docker.io/wodby/drupal-nginx Nginx for Drupal container image 10 [OK]
docker.io docker.io/nginxdemos/hello NGINX webserver that serves a simple page ... 8 [OK]
docker.io docker.io/webdevops/nginx Nginx container 8 [OK]
下载nginx镜像:
[root@bogon ~]# docker pull nginx
查看本地镜像:
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest c82521676580 4 weeks ago 109 MB
docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB
镜像的导出:
[root@bogon ~]# docker save nginx >/tmp/nginx.tar.gz
[root@bogon ~]# ls /tmp/
nginx.tar.gz
镜像删除操作
[root@bogon ~]# docker rmi nginx
Untagged: nginx:latest
Untagged: docker.io/nginx@sha256:d85914d547a6c92faa39ce7058bd7529baacab7e0cd4255442b04577c4d1f424
Deleted: sha256:c82521676580c4850bb8f0d72e47390a50d60c8ffe44d623ce57be521bca9869
Deleted: sha256:2c1f65d17acf8759019a5eb86cc20fb8f8a7e84d2b541b795c1579c4f202a458
Deleted: sha256:8f222b457ca67d7e68c3a8101d6509ab89d1aad6d399bf5b3c93494bbf876407
Deleted: sha256:cdb3f9544e4c61d45da1ea44f7d92386639a052c620d1550376f22f5b46981af
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB
导入镜像导入:
[root@bogon ~]# docker load < /tmp/nginx.tar.gz
cdb3f9544e4c: Loading layer 58.44 MB/58.44 MB
a8c4aeeaa045: Loading layer 54.24 MB/54.24 MB
08d25fa0442e: Loading layer 3.584 kB/3.584 kB
Loaded image: docker.io/nginx:latest
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest c82521676580 4 weeks ago 109 MB
docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB
docker镜像启动:(run其实是两个命令的结合,一个是create,创建容器,一个是run运行容器)
[root@bogon ~]# docker run alpine sh
上述这样启动是免交互的相当于后台运行。
[root@bogon ~]# docker run -it alpine sh
/ #
#加上-it后会启动镜像并进入到镜像内。
/ # cd /tmp/
/tmp # ls
/tmp # mkdir abc
/tmp # touch 111
/tmp # ls
111 abc
/tmp # exit
#可以在容器里进行操作,exit退出,容器退出即关闭,想退出不关闭,按住ctrl按下p按下q就可以退出不关闭。
查看正在运行的容器:
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
显示所有的容器,不管是否在运行。
[root@bogon ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
212334d5b4e6 alpine "sh" 21 minutes ago Exited (0) 18 minutes ago stupefied_mclean
939f8d7c326a alpine "sh" 22 minutes ago Exited (0) 22 minutes ago keen_ramanujan
删除容器:
[root@bogon ~]# docker rm 212334d5b4e6 939f8d7c326a
#rm后面加上容器的ID,运行中的容器删除时会报错,需要在rm后面加上-f强制删除
212334d5b4e6
939f8d7c326a
运行nginx容器:
[root@bogon ~]# docker run -it --name mynginx nginx
#--name:给运行的容器指定个名称,默认会随机起个名,不好识别
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c39a0d44943 nginx "nginx -g ‘daemon ..." 56 seconds ago Up 55 seconds 80/tcp mynginx
显示容器的详细信息:
[root@bogon ~]# docker inspect mynginx (可以指定容器的ID号)
[
{
"Id": "8c39a0d449436812f7384cdad68dbb7cf303a20cf2e04f4360754e4941575c5d",
"Created": "2018-08-28T10:12:27.182865131Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
。。。。。。。。。。
最后几行信息
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "44fcef1e4efb63b10dc5742f09d18848e25b235f5c2f7c38ad6d1a05d00946ba",
"EndpointID": "2b6d3969bfaffbbbbd166f694f7bf3e1fc5945195849cf12c45ee0906a010275",
"Gateway": "172.17.0.1", #网关
"IPAddress": "172.17.0.2", #Ip地址
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
Curl 下ip地址看能否访问:
[root@bogon ~]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
进入已经运行的容器中
[root@bogon ~]# docker attach mynginx
这种方法进入没有bash终端,并且输入信息其他终端也可以看见且无法直接退出,只有ctrl+p+q退出
[root@bogon ~]# docker exec -it mynginx sh
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
#
[root@bogon ~]# docker run -it -d --name mynginx nginx
#-d:后台运行,-d和-rm是冲突参数,只能
81a545910b0d1215fedc279ec38ff65a4a7ddbc7be1b8f37ed7b87fa8a6c244a
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
81a545910b0d nginx "nginx -g ‘daemon ..." 7 seconds ago Up 6 seconds 80/tcp mynginx
查看docker里面服务的访问日志:
[root@bogon ~]# docker logs mynginx
172.17.0.1 - - [28/Aug/2018:11:43:16 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
[root@bogon ~]# docker logs -f mynginx
172.17.0.1 - - [28/Aug/2018:11:43:16 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
172.17.0.1 - - [28/Aug/2018:11:44:50 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
172.17.0.1 - - [28/Aug/2018:11:44:51 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
172.17.0.1 - - [28/Aug/2018:11:44:52 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
#docker logs -f 类似于tailf日志追踪
3.Docker镜像制作
1.下载centos镜像:
[root@bogon ~]# docker pull centos
2.运行容器并进入容器里:
[root@bogon ~]# docker run -it centos bash
[root@0fca23e3d80d /]#
3.默认没有wget,先yum一个wget:
[root@0fca23e3d80d /]# yum install -y wget
4.切换成阿里云源
[root@0fca23e3d80d /]# cd /etc/yum
yum/ yum.conf yum.repos.d/
[root@0fca23e3d80d /]# cd /etc/yum
yum/ yum.conf yum.repos.d/
[root@0fca23e3d80d /]# cd /etc/yum.repos.d/
[root@0fca23e3d80d yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-fasttrack.repo
CentOS-CR.repo CentOS-Media.repo CentOS-Vault.repo
[root@0fca23e3d80d yum.repos.d]# rm -f *
[root@0fca23e3d80d yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
阿里云epel源;
[root@0fca23e3d80d yum.repos.d]# yum install -y epel-release
[root@0fca23e3d80d yum.repos.d]# ls
CentOS-Base.repo epel-testing.repo epel.repo
5.安装nginx:
[root@0fca23e3d80d yum.repos.d]# yum install -y nginx
配置nginx
[root@0fca23e3d80d yum.repos.d]# vi /etc/nginx/nginx.conf
#添加×××部分
user nginx;
daemon off;
查看下docker commit帮助
[root@bogon ~]# docker commit --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container‘s changes
Options:
-a, --author string Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-c, --change list Apply Dockerfile instruction to the created image (default [])
--help Print usage
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
[root@bogon ~]# docker commit -m "add nginx images" mynginx liyongli/my_nginx
语法:-m后面是描述
Mynginx:运行的容器名
liyongli/my_nginx:镜像名
查看本地镜像会发现多一个×××部分的镜像
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
liyongli/my_nginx latest 66ff70d8a103 22 seconds ago 408 MB
docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB
docker.io/nginx latest c82521676580 5 weeks ago 109 MB
docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB
tag号默认是latest,在上述镜像名后面加上×××部分tag就是你指定的liyongli/my_nginx:v1
[root@bogon ~]# docker commit -m "add nginx images" happy_perlman liyongli/my_nginx:v1
sha256:e6cdb103b333963c17a7ef185e0ec040b3f25c93e3aabaa152040b569cfbe804
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
liyongli/my_nginx v1 e6cdb103b333 4 seconds ago 408 MB
liyongli/my_nginx latest 66ff70d8a103 4 minutes ago 408 MB
docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB
docker.io/nginx latest c82521676580 5 weeks ago 109 MB
docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB
启动自己做的镜像:
[root@bogon ~]# docker run -d --name mnginx liyongli/my_nginx nginx
--name:运行容器的描述
liyongli/my_nginx:镜像名
nginx:运行的服务名
5a15d9986e8f460ff047ab716f809309a7e828218986d95df7749b1115b33953
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5a15d9986e8f liyongli/my_nginx "nginx" 11 seconds ago Up 10 seconds mnginx
0fca23e3d80d centos "bash" About an hour ago Up About an hour happy_perlman
Docker网络
Docker端口映射:
[root@bogon ~]# docker run -d --name mnginx -P nginx
#-P:端口映射
dc1c5779e7b9f0146376da4bcad1827fe2f80c1fac39c21b7076ce65e4446d51
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc1c5779e7b9 nginx "nginx -g ‘daemon ..." 7 seconds ago Up 6 seconds 0.0.0.0:32768->80/tcp mnginx
将随机产生一个端口映射到容器里的80
访问验证:
[root@bogon ~]# docker run --name my_nginx -d -p 80:80 liyongli/my_nginx nginx
#-p:指定80端口去映射docker上的80
c826a3ea327a0f2957c9f4181af8d4408e8d7de1ebee645def8e07891afc2757
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c826a3ea327a liyongli/my_nginx "nginx" 12 seconds ago Up 11 seconds 0.0.0.0:80->80/tcp my_nginx
访问测试:
注:默认采用tcp,想换成UDP,需要在端口后面加上协议(如下×××部分)
[root@bogon ~]# docker run --name my_nginx -d -p 80:80/udp liyongli/my_nginx nginx
46f6b91ed321ed0fd0cf2e638a68d859207e7ff4dc33c02d7d299e258200496f
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
46f6b91ed321 liyongli/my_nginx "nginx" 2 seconds ago Up 2 seconds 0.0.0.0:80->80/udp my_nginx
指定端口和IP映射:
[root@bogon ~]# docker run --name my_nginx -d -p 127.0.0.1:80:80 liyongli/my_nginx nginx
7266e28a7f4b7a1a38f41b55ccf33136f3f7867081e0d1369f662a6292d9fc0a
[root@bogon ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7266e28a7f4b liyongli/my_nginx "nginx" 21 seconds ago Up 21 seconds 127.0.0.1:80->80/tcp my_nginx
访问测试,外面的浏览器访问不到了:
本地curl访问:
[root@bogon ~]# curl 127.0.0.1:80
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Test Page for the Nginx HTTP Server on Fedora</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
/<![CDATA[/
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
第二种制作镜像的方法:
此方法快速方便,但不规范,可用于测试环境
[root@bogon ~]# docker commit c6907664eaa6 mysqlserver
语法:docker commit 运行停止的容器ID 镜像名
sha256:5fa23cedfee037c1645f446b8d5e11d67419c93e89c73cf81a28386a403e8407
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysqlserver latest 5fa23cedfee0 9 seconds ago 484 MB
127.0.0.1:6000/zhouhao/nginx latest a8ddb97e410c 3 days ago 429 MB
<none> <none> 6ebd2e131385 3 days ago 429 MB
liyongli/my_nginx v1 e6cdb103b333 4 days ago 408 MB
liyongli/my_nginx latest 66ff70d8a103 4 days ago 408 MB
docker.io/mysql latest 29e0ae3b69b9 2 weeks ago 484 MB
docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB
docker.io/nginx latest c82521676580 5 weeks ago 109 MB
docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB
4.docker之间互相通信:
2.进入web2查看下host文件:
[root@bogon ~]# docker exec -it web2 sh
sh-4.2# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 web1 e79fa7dd7157
172.17.0.3 27a7ebdb7f74
会发现多出web1 的解析
3.ping测试:
sh-4.2# ping web1
PING web1 (172.17.0.2) 56(84) bytes of data.
64 bytes from web1 (172.17.0.2): icmp_seq=1 ttl=64 time=0.142 ms
64 bytes from web1 (172.17.0.2): icmp_seq=2 ttl=64 time=0.091 ms
64 bytes from web1 (172.17.0.2): icmp_seq=3 ttl=64 time=0.091 ms
也能拼通,访问没有问题
sh-4.2# curl 172.17.0.2:80
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Test Page for the Nginx HTTP Server on Fedora</ti
上述的操作,连接互通是单向性的,web2可以连通web1但是web1连不上web2:
[root@bogon ~]# docker exec -it web1 sh
sh-4.2# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 e79fa7dd7157
Web1 的host文件并没有解析。
解决容器名被更改如何还能连通:
[root@bogon ~]# docker run -d --name web2 --link web1:shop_nginx -p 8080:80 liyongli/my_nginx nginx
#增加×××部分相当于起个别名,这样前面的web1可以随意改动,只要后面不变就可以
d8f650859edd7d516f098a342931833ef3fe790531e02a05e29dbe1b567d383c
[root@bogon ~]# docker exec -it web2 bash
[root@d8f650859edd /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 shop_nginx e79fa7dd7157 web1
172.17.0.3 d8f650859edd
查看docker支持的网络类型:
[root@bogon ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9d714af60380 bridge bridge local
fb92c872341e host host local
0901c10db04a none null local
Host:走的是物理机本地内网IP,默认使用本地IP,相对来说网络稳定,只要同一网段,可以跨主机。但端口不能重复,
[root@bogon ~]# docker run -it --rm --net=host nginx
2018/08/30 07:25:56 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
#提示80端口被占用
None:需要通过程序或者其他方法给容器配置IP,默认只有本地回环地址。
[root@bogon ~]# docker run -it --rm --net=none alpine sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
docker实现跨主机互联:
1.修改下docker.service文件使其docker网段不同:
[root@bogon ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com --bip=172.18.42.1/16 \
在配置文件中添加×××部分,指定IP地址段,×××部分改的是网关地址
2.重新加载配置文件并重启docker
[root@bogon ~]# systemctl daemon-reload
[root@bogon ~]# systemctl restart docker
3.查看docker状态是否正常
[root@bogon ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2018-08-30 15:52:34 CST; 11s ago
Docs: http://docs.docker.com
Main PID: 4145 (dockerd-current)
CGroup: /system.slice/docker.service
├─4145 /usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirror.aliyuncs.com --bi...
└─4149 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-co...
8月 30 15:52:33 bogon dockerd-current[4145]: time="2018-08-30T15:52:33.400672397+08:00" level=info...49"
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.586152872+08:00" level=info...ds"
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.587277463+08:00" level=info...t."
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.623423404+08:00" level=info...se"
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.860582020+08:00" level=info...e."
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.879169723+08:00" level=warn...ix"
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.976361022+08:00" level=info...on"
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.976387296+08:00" level=info...3.1
8月 30 15:52:34 bogon dockerd-current[4145]: time="2018-08-30T15:52:34.997355105+08:00" level=info...ck"
8月 30 15:52:34 bogon systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
4.查看ip,×××部分为上方改的,和改的一样说明没有问题
[root@bogon ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:29:85:5b brd ff:ff:ff:ff:ff:ff
inet 192.168.200.200/24 brd 192.168.200.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe29:855b/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:57:0e:e5:98 brd ff:ff:ff:ff:ff:ff
inet 172.18.43.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:57ff:fe0e:e598/64 scope link
valid_lft forever preferred_lft forever
第二台的机器和上述一样。
Node2的ip
[root@bogon ~]# ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:0f:6b:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.200.201/24 brd 192.168.200.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe0f:6b3a/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:0b:ba:3a:99 brd ff:ff:ff:ff:ff:ff
inet 172.17.42.1/24 scope global docker0
valid_lft forever preferred_lft forever
5.保证两台机器能够互相通信:
[root@bogon ~]# ping 192.168.200.201
PING 192.168.200.201 (192.168.200.201) 56(84) bytes of data.
64 bytes from 192.168.200.201: icmp_seq=1 ttl=64 time=0.338 ms
64 bytes from 192.168.200.201: icmp_seq=2 ttl=64 time=0.403 ms
^C
--- 192.168.200.201 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.338/0.370/0.403/0.037 ms
[root@bogon ~]# ping 192.168.200.200
PING 192.168.200.200 (192.168.200.200) 56(84) bytes of data.
64 bytes from 192.168.200.200: icmp_seq=1 ttl=64 time=0.244 ms
^C
--- 192.168.200.200 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.244/0.244/0.244/0.000 ms
6.两台机器分别运行容器:
[root@bogon ~]# docker run -it --name node1 centos bash
#安装相关网络工具,默认没有
[root@1af63485012b /]# yum install net-tools -y
第二台机器也是一样
[root@bogon ~]# docker run -it --name node2 centos bash
[root@3f346455006b /]# yum install -y net-tools
7.测试两台容器能否通信:
[root@1af63485012b /]# ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
[root@3f346455006b /]# ping 172.18.0.1
PING 172.18.0.1 (172.18.0.1) 56(84) bytes of data.
默认两台之间无法通信
5.Docker数据管理:
1.数据卷:
[root@bogon ~]# docker run -it --name node1 --rm -v /data centos bash
#--rm :退出容器即删除
#-v :指定容器卷显示在容器里面的名字,默认是真机的/目录
[root@f96cadd91776 /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 17G 2.4G 15G 14% /
tmpfs 489M 0 489M 0% /dev
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/mapper/cl-root 17G 2.4G 15G 14% /data
shm 64M 0 64M 0% /dev/shm
tmpfs 489M 0 489M 0% /proc/acpi
tmpfs 489M 0 489M 0% /proc/scsi
tmpfs 489M 0 489M 0% /sys/firmware
正确的用法:
[root@bogon ~]# mkdir /home/opt
[root@bogon ~]# docker run -it --name node1 --rm -v /home/opt:/opt centos bash
[root@a5dce0b1320d /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 17G 2.4G 15G 14% /
tmpfs 489M 0 489M 0% /dev
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/mapper/cl-root 17G 2.4G 15G 14% /opt
shm 64M 0 64M 0% /dev/shm
tmpfs 489M 0 489M 0% /proc/acpi
tmpfs 489M 0 489M 0% /proc/scsi
tmpfs 489M 0 489M 0% /sys/firmware
[root@a5dce0b1320d /]# cd /opt/
[root@a5dce0b1320d opt]# touch a
[root@a5dce0b1320d opt]# ls
a
[root@a5dce0b1320d opt]# exit
exit
[root@bogon ~]# ls /home/opt/
a
挂载真机的指定目录(默认都是可读写的)
文件的挂载:(真机上的host文件被挂载上了,建议如果有需要,挂载文件挂载不常被改动的文件。)
[root@bogon ~]# docker run -it --name node1 --rm -v /etc/hosts:/opt/hosts centos bash
[root@e96915900ad9 /]# ls /opt/hosts
/opt/hosts
[root@e96915900ad9 /]# cat /opt/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
给挂载点设置成只读权限:
[root@bogon ~]# docker run -it --name node1 --rm -v /etc/hosts:/opt/hosts:ro centos bash
[root@ac01a4cc01ee /]# echo "1111" >>/opt/hosts
bash: /opt/hosts: Read-only file system
这样会比较安全。
2.数据卷容器:
创建第一个容器:
[root@bogon ~]# docker run -it -v /opt:/opt --name node1 centos bash
[root@680e78302bb6 /]# ls /opt/
[root@680e78302bb6 opt]# mkdir ppp
[root@680e78302bb6 opt]# ls
ppp
创建第二个容器:
[root@bogon ~]# docker run -it --name node2 --volumes-from node1 centos bash
#--volumes-from ;数据卷容器来自哪里,后面跟上容器名
[root@37a43f150d4d /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 17G 2.4G 15G 14% /
tmpfs 489M 0 489M 0% /dev
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/mapper/cl-root 17G 2.4G 15G 14% /opt
shm 64M 0 64M 0% /dev/shm
tmpfs 489M 0 489M 0% /proc/acpi
tmpfs 489M 0 489M 0% /proc/scsi
tmpfs 489M 0 489M 0% /sys/firmware
[root@37a43f150d4d /]# cd /opt/
[root@37a43f150d4d opt]# ls
ppp
注:即使将容器卷那个容器删除或者关闭,容器卷依然有效
[root@bogon ~]# docker rm -fv 680e78302bb6
#-v :删除容器的数据卷,不加-v只是将容器删除,容器产生的数据还在硬盘里。
6.Docker_file编写:
注:dockerfile的文件名D必须大写
[root@bogon ~]# mkdir docker
[root@bogon ~]# cd docker
[root@bogon docker]# vim Dockerfile
#This is dockerfile for nginx
#基于的镜像是什么,这里采用centos,可以是本地也可以是官网的,本地没有会从官网下载,若官网没有会失败。
FROM centos
#维护者信息
MAINTAINER zhouhao zhouhao@123.com
#相关操作,默认镜像没有epel源的,这里给安装epel
RUN rpm -ivh https://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
RUN yum install -y nginx
#ENV:增加环境变量,比如JAVA,TOMCAT,都会用到此项
#添加文件,index.html要和Dockerfile在同一目录下
ADD index.html /usr/share/nginx/html/index.html
#配置文件中添加参数
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
#设置开放端口
EXPOSE 80
#执行命令
CMD ["nginx"]
[root@bogon docker]# vim index.html
<h1>This is ngnix<h1>
[root@bogon docker]# docker build -t zhouhao/nginx /root/docker/
查看镜像
[root@bogon docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zhouhao/nginx latest a8ddb97e410c About an hour ago 429 MB
<none> <none> 6ebd2e131385 About an hour ago 429 MB
liyongli/my_nginx v1 e6cdb103b333 30 hours ago 408 MB
liyongli/my_nginx latest 66ff70d8a103 30 hours ago 408 MB
docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB
docker.io/nginx latest c82521676580 5 weeks ago 109 MB
docker.io/alpine latest 11cd0b38bc3c 7 weeks ago 4.41 MB
运行下制作出来的nginx镜像
[root@bogon docker]# docker run -it -d --name mnginx zhouhao/nginx
9b6d3bd599df08588ec0d77c2596932c28baaf47a9538e627f6a2e42bbcd264b
查看下容器的详细信息
[root@bogon docker]# docker inspect mnginx
。。。。。。。。。。。。。。。
"EndpointID": "14e1914c63a667e098e17ae03a2613c5df0620efceb09bf58706da89ffdeea8a",
"Gateway": "172.18.42.1",
"IPAddress": "172.18.42.2",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:2a:02"
}
}
}
}
]
访问测试下:
[root@bogon docker]# curl 172.18.42.2
<h1>This is ngnix<h1>
7.docker私有仓库:
生成一个认证文件
[root@localhost opt]# mkdir auth
[root@localhost opt]# cd auth/
[root@localhost auth]# cd ../
[root@localhost opt]# docker run --entrypoint htpasswd registry:2 -Bbn zhouhao 123456 > auth/htpasswd
[root@localhost opt]# cat auth/htpasswd
zhouhao:$2y$05$GZ3y3GPCmp6anequ4TYh2OrJGmrnMBOmInuR1JrrxIDHf0E6myVqG
搭建仓库:
[root@localhost opt]# docker run -d -p 6000:5000 --restart=always --name registry1 -v pwd
/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
查看下仓库是否在运行:
[root@localhost opt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
559c4b6283b0 registry "/entrypoint.sh /e..." 23 minutes ago Up 22 minutes 0.0.0.0:6000->5000/tcp registry1
将镜像上传的仓库中
#先要登录
[root@localhost opt]# docker login 127.0.0.1:6000
Username: zhouhao
Password:
Login Succeeded
#登录成功后才能上传:
#打个标签
[root@localhost opt]# docker tag a8ddb97e410c 127.0.0.1:6000/zhouhao/nginx
#a8ddb97e410c:镜像的ID号
#上传
[root@localhost opt]# docker push 127.0.0.1:6000/zhouhao/nginx
验证:
#先删除上传的镜像
[root@localhost opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
127.0.0.1:6000/zhouhao/nginx latest a8ddb97e410c 26 hours ago 429 MB
zhouhao/nginx latest a8ddb97e410c 26 hours ago 429 MB
<none> <none> 6ebd2e131385 26 hours ago 429 MB
liyongli/my_nginx v1 e6cdb103b333 2 days ago 408 MB
liyongli/my_nginx latest 66ff70d8a103 2 days ago 408 MB
docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB
docker.io/nginx latest c82521676580 5 weeks ago 109 MB
docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB
[root@localhost opt]# docker rmi -f a8ddb97e410c a8ddb97e410c
Untagged: 127.0.0.1:6000/zhouhao/nginx:latest
Untagged: 127.0.0.1:6000/zhouhao/nginx@sha256:2a1cad070e6076f26211cf421f4e602535ad2c1c9178356e5849da79f9bb9cfd
Untagged: zhouhao/nginx:latest
Deleted: sha256:a8ddb97e410ca1aa9e1a5302fcbc759da4c23175b11fe1837ccda1cc633d40f3
Deleted: sha256:f2e0a6f60b465336517be0b0a2698d208fa09162b4f3e6777efe271b4180cc72
Deleted: sha256:55525487441930ca00294e416a5ead6982b6e3e10b8c79132fe8a1cdc354fbba
Deleted: sha256:66e4a5bd55c9378bdf4ceae514f37d581e416df74853808cbf9a45b7018aafcd
Deleted: sha256:186e9eb4fe8f6df36b525a2dbe1e1141c3e2eec3a908543a685e13e6c9096b6e
Deleted: sha256:2da5317e2754c6af07a8ef8ab0bae487032abb5f204da8358cbfca4a6d9fddb1
Error response from daemon: No such image: a8ddb97e410c:latest
[root@localhost opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 6ebd2e131385 26 hours ago 429 MB
liyongli/my_nginx v1 e6cdb103b333 2 days ago 408 MB
liyongli/my_nginx latest 66ff70d8a103 2 days ago 408 MB
docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB
docker.io/nginx latest c82521676580 5 weeks ago 109 MB
docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB
#将仓库中的镜像下载下来:
[root@localhost opt]# docker pull 127.0.0.1:6000/zhouhao/nginx
Using default tag: latest
Trying to pull repository 127.0.0.1:6000/zhouhao/nginx ...
latest: Pulling from 127.0.0.1:6000/zhouhao/nginx
256b176beaff: Already exists
77b0a013ec06: Already exists
f9b1980a6dd6: Already exists
a5a9ce092668: Already exists
a24ee7e77c51: Already exists
Digest: sha256:2a1cad070e6076f26211cf421f4e602535ad2c1c9178356e5849da79f9bb9cfd
Status: Downloaded newer image for 127.0.0.1:6000/zhouhao/nginx:latest
[root@localhost opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
127.0.0.1:6000/zhouhao/nginx latest a8ddb97e410c 26 hours ago 429 MB
<none> <none> 6ebd2e131385 26 hours ago 429 MB
liyongli/my_nginx v1 e6cdb103b333 2 days ago 408 MB
liyongli/my_nginx latest 66ff70d8a103 2 days ago 408 MB
docker.io/centos latest 5182e96772bf 3 weeks ago 200 MB
docker.io/nginx latest c82521676580 5 weeks ago 109 MB
docker.io/registry 2 b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/registry latest b2b03e9146e1 8 weeks ago 33.3 MB
docker.io/alpine latest 11cd0b38bc3c 8 weeks ago 4.41 MB
注意:其他docker主要要下载的话,docker要映射443端口
8Docker容器编排:
#先安装epel源:
[root@localhost ~]# yum install -y epel-release
#安装pip:
[root@localhost ~]# yum install -y python-pip
#安装编排工具
[root@localhost ~]# pip install docker-compose
#编辑docker-compose.yml文件
[root@localhost compose]# vim docker-compose.yml
web1:
image: nginx
expose:
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MySQL [(none)]>
[root@bogon ~]# yum install -y openvswitch
[root@bogon ~]# yum install -y bridge-utils
[root@bogon ~]# systemctl start openvswitch
[root@bogon ~]# systemctl status openvswitch
● openvswitch.service - Open vSwitch
Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled)
Active: active (exited) since 二 2018-09-04 14:00:50 CST; 38s ago
Process: 3330 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3330 (code=exited, status=0/SUCCESS)
9月 04 14:00:50 bogon systemd[1]: Starting Open vSwitch...
9月 04 14:00:50 bogon systemd[1]: Started Open vSwitch.
[root@bogon ~]# ovs-vsctl add-br br0
[root@bogon ~]# ovs-vsctl add-port br0 gre1 -- set interface gre1 type=gre option:remove_ip=192.168.200.200
[root@bogon ~]# brctl addif docker0 br0
[root@bogon ~]# ip link set dev br0 up
[root@bogon ~]# ip link set dev docker0 up
[root@bogon ~]# iptables -F
[root@bogon ~]# ip route add 172.18.0.0/16 dev docker0
标签:shm engine ipv6 libc could global oba 第一个 sys
原文地址:http://blog.51cto.com/qingfeng00/2329181