version: '2'
services:
web:
image: dockercloud/hello-world
ports:
- 8080
networks:
- front-tier
- back-tier
redis:
image: redis
links:
- web
networks:
- back-tier
lb:
image: dockercloud/haproxy
ports:
- 80:80
links:
- web
networks:
- front-tier
- back-tier
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
front-tier:
driver: bridge
back-tier:
driver: bridge
1、image
services:
web:
image: hello-world
# 镜像可用格式
image: redis
image: ubuntu:14.04
image: tutum/influxdb
image: example-registry.com:4000/postgresql
image: a4bc65fd
2、build
服务除了可以基于指定的镜像,还可以基于一份 Dockerfile,在使用 up 启动之时执行构建任务,这个构建标签就是 build,它可以指定 Dockerfile 所在文件夹的路径。Compose 将会利用它自动构建这个镜像,然后使用这个镜像启动服务容器
build: /path/to/build/dir
也可以是相对路径,只要上下文确定就可以读取到 Dockerfile
build: ./dir
build:
context: ../
dockerfile: path/of/Dockerfile
args:
buildno: 1
password: secret
image: webapp:tag
3、command
command: bundle exec thin -p 3000
# ==
command: [bundle, exec, thin, -p, 3000]
4、container_name:<项目名称><服务名称><序号>
给当前运行的容器起一个名字
container_name: app
5、depends_on
确定启动顺序
version: '2'
services:
web:
build: .
depends_on:
- db
- redis
redis:
image: redis
db:
image: postgres
6、dns
dns: 8.8.8.8
dns:
- 8.8.8.8
- 9.9.9.9
7、tmpfs
在容器启动时临时创建一个目录
tmpfs: /run
tmpfs:
- /run
- /tmp
8、 entrypoint
替换系统的启动命令
entrypoint: /code/entrypoint.sh
9、env_file
向这个容器中注入环境变量--可以修改镜像的运行状态
env_file: .env
.env
aa=bb
cc=dd
env_file:
- ./common.env
- ./apps/web.env
- /opt/secrets.env
10、environment:镜像变量
少量的环境变量用此,大量的环境变量用↑env_file
environment:
RACK_ENV: development
SHOW: 'true'
SESSION_SECRET: aa
environment:
- RACK_ENV=development
- SHOW=true
- SESSION_SECRET=123
11、expose
告诉管理员当前有哪些端口比较重要
expose:
- "3000"
- "8000"
12、 external_links:链接外部容器
external_links:
- redis_1
- project_db_1:mysql
- project_db_1:postgresql
13、extra_hosts
添加一个外部的解析域名
extra_hosts:
- "somehost:162.242.195.82"
- "otherhost:50.31.209.229"
14、labels - docker-swarm
labels:
com.example.description: "Accounting webapp"
com.example.department: "Finance"
com.example.label-with-empty-value: ""
labels:
- "com.example.description=Accounting webapp"
- "com.example.department=Finance"
- "com.example.label-with-empty-value"
15、links:与 Docker client 的 --link 一样效果,会连接到其它服务中的容器
links:
- db
- db:database
- redis
16、 logging
指定当前的日志
logging:
driver: syslog
options:
syslog-address: "tcp://192.168.0.42:123"
17、pid
pid: "host"
18、port
端口的暴露
ports:
- "3000" 会在物理机的所有网卡的某一个随机端口映射至容器的 3000
- "8000:8000" docker run -p
- "49100:22"
- "127.0.0.1:8001:8001"
19、security_opt
代表放行的安全组的选项
# 为每个容器覆盖默认的标签。简单说来就是管理全部服务的标签。比如设置全部服务的user标签值为USER。
:
- label:user:USER
- label:role:ROLE
20、 stop_signal
关闭信号
stop_signal: SIGUSR1 #默认9 kill -QUIT
21、volumes
volumes:
// 只是指定一个路径,Docker 会自动在创建一个数据卷(这个路径是容器内部的)。
- /var/lib/mysql
// 使用绝对路径挂载数据卷
- /opt/data:/var/lib/mysql
// 以 Compose 配置文件为中心的相对路径作为数据卷挂载到容器。
- ./cache:/tmp/cache
// 使用用户的相对路径(~/ 表示的目录是 /home/<用户目录>/ 或者 /root/)。
- ~/configs:/etc/configs/:ro
// 已经存在的命名的数据卷。
- datavolume:/var/lib/mysql
22、volumes_from:从其它容器或者服务挂载数据卷,可选的参数是 :ro或者 :rw,前者表示容器只读,后者表示容器对数据卷是可读可写的。默认情况下是可读可写的
volumes_from:
- service_name
- service_name:ro
- container:container_name
- container:container_name:rw
23、cap_add, cap_drop
给这个容器添加/移除特殊权限
如:docker run --name test2 --cap-add NET_ADMIN -d wordpress
cap_add:
- ALL
cap_drop:
- NET_ADMIN
- SYS_ADMIN
--cap-add Add Linux capabilities
--cap-drop Drop Linux capabilities
--privileged Give extended privileges to this container
--device=[] Allows you to run devices inside the container without the --privileged flag.
SYS_MODULE Load and unload kernel modules.
SYS_RAWIO Perform I/O port operations (iopl(2) and ioperm(2)).
SYS_PACCT Use acct(2), switch process accounting on or off.
SYS_ADMIN Perform a range of system administration operations.
SYS_NICE Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.
SYS_RESOURCE Override resource Limits.
SYS_TIME Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.
SYS_TTY_CONFIG Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.
AUDIT_CONTROL Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.
MAC_ADMIN Allow MAC configuration or state changes. Implemented for the Smack LSM.
MAC_OVERRIDE Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).
NET_ADMIN Perform various network-related operations.
SYSLOG Perform privileged syslog(2) operations.
DAC_READ_SEARCH Bypass file read permission checks and directory read and execute permission checks.
LINUX_IMMUTABLE Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.
NET_BROADCAST Make socket broadcasts, and listen to multicasts.
IPC_LOCK Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).
IPC_OWNER Bypass permission checks for operations on System V IPC objects.
SYS_PTRACE Trace arbitrary processes using ptrace(2).
SYS_BOOT Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.
LEASE Establish leases on arbitrary files (see fcntl(2)).
WAKE_ALARM Trigger something that will wake up the system.
BLOCK_SUSPEND Employ features that can block system suspend.
24、extends
引用文件服务
extends:
file: common.yml
service: webapp
25、network_mode
network_mode: "bridge"
network_mode: "host"
network_mode: "none"
network_mode: "service:[service name]"
network_mode: "container:[container name/id]"
26、 networks
services:
some-service:
networks:
- some-network
- other-network
Example
version: '2'
services:
db:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
restart: always
ports:
- "8000:80"
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
[root@localhost ~]# docker-compose version
docker-compose version 1.23.1, build b02f1306
docker-py version: 3.5.0
CPython version: 3.6.7
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
[root@localhost ~]# mkdir /usr/local/wordpress
[root@localhost ~]# cd /usr/local/wordpress/
[root@localhost wordpress]# vim docker-compose.yaml
[root@localhost wordpress]# docker-compose up -d