24.1 Docker
在我们开始了解linux运维开始,我们就听说了docker,非常流行,几乎大多数公司都在使用,但docker具体是什么,有什么作用,我们却不太了解。
docker字面意思就是容器,它是一个开源的容器引擎,能够快速地部署环境和发布代码,可以让开发者打包应用以及依赖的库,然后发布到任何流行的linux发行版上,移植很方便。
由go语言开发,基于apache2.0协议发布,官网:www.docker.com ,GitHub:https://github.com/docker/docker.github.io 。版本分为社区版ce和企业版ee,基于年月的时间线形式,当前最新稳定版为18.06。
docker相对于传统虚拟化的优势:
1. 启动非常快,秒级实现;
2. 资源利用率高,一台高配置服务器可以跑上千个docker容器;
3. 更快的部署和交付,一次创建和配置后,可以在任意地方运行;
4. 内核级别的虚拟化,不需要额外的hypevisor支持,会有更高的性能和效率;
5. 容易迁移,平台依赖性不高。
Docker概念:
- 镜像,是一个只读的模板,类似于安装系统时用到的那个iso文件,我们通过镜像来完成各种应用的部署。
- 容器,镜像类似于操作系统,而容器类似于虚拟机本身,它可以被启动、关闭、删除等操作,每个容器都是相互隔离的。
- 仓库,存放镜像的一个场所,仓库分为公开仓库和私有仓库,最大的公开仓库是Docker hub(hub.docker.com)。
Docker安装
- 安装docker:
# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo #curl -o ,把输入写到该文件中,即把下载下来的文件写入/etc/yum.repos.d/docker.repo中
# yum list |grep docker
docker-ce.x86_64 18.06.1.ce-3.el7 @docker-ce-stable
cockpit-docker.x86_64 172-2.el7.centos extras
containerd.io.x86_64 1.2.0-1.2.beta.2.el7 docker-ce-stable
docker.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-ce-selinux.noarch 17.03.3.ce-1.el7 docker-ce-stable
docker-client.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-client-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-common.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-compose.noarch 1.18.0-1.el7 epel
docker-devel.x86_64 1.3.2-4.el7.centos extras
docker-distribution.x86_64 2.6.2-2.git48294d9.el7 extras
docker-forward-journald.x86_64 1.10.3-44.el7.centos extras
docker-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-logrotate.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-v1.10-migrator.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-logrotate.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-lvm-plugin.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-novolume-plugin.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-python.x86_64 1.4.0-115.el7 extras
docker-registry.x86_64 0.9.1-7.el7 extras
docker-unit-test.x86_64 2:1.13.1-68.gitdded712.el7.centos
docker-v1.10-migrator.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
golang-github-fsouza-go-dockerclient-devel.x86_64
kdocker.x86_64 4.9-1.el7 epel
pcp-pmda-docker.x86_64 3.12.2-5.el7 base
python-docker-py.noarch 1.10.6-4.el7 extras
python-docker-pycreds.noarch 1.10.6-4.el7 extras
python-docker-scripts.noarch 0.4.4-1.el7 epel
python-dockerfile-parse.noarch 0.0.5-1.el7 epel
python2-avocado-plugins-runner-docker.noarch
python2-dockerpty.noarch 0.4.1-9.el7 epel
python34-docker.noarch 2.6.1-1.el7 epel
python34-docker-pycreds.noarch 0.2.1-1.el7 epel
python34-dockerpty.noarch 0.4.1-9.el7 epel
# yum install -y docker-ce
- 启动docker:
# systemctl start docker
# ps aux |grep docker
root 17893 0.5 5.0 598868 50260 ? Ssl 01:46 0:00 /usr/bin/dockerd
root 17899 0.2 2.7 317288 27692 ? Ssl 01:46 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
# iptables -nvL
Chain INPUT (policy ACCEPT 108 packets, 7280 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 59 packets, 5814 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 #每次启动docker都会自动生成iptables规则
镜像管理
- 下载镜像:
# docker pull centos #下载镜像
Using default tag: latest
latest: Pulling from library/centos
256b176beaff: Pull complete
Digest: sha256:6f6d986d425aeabdc3a02cb61c02abb2e78e57357e92417d6d58332856024faf
Status: Downloaded newer image for centos:latest
- 配置docker加速器:
上面下载镜像很慢,所以我们可以配置一个docker加速器。
# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"] #该url为加速器地址,可自行去阿里云申请自己的加速器地址
}
配置完后,重启docker,之后再下载镜像会比之前快很多。
# systemctl restart docker #重启docker
# docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
124c757242f8: Pull complete
9d866f8bde2a: Pull complete
fa3f2f277e67: Pull complete
398d32b153e8: Pull complete
afde35469481: Pull complete
Digest: sha256:de774a3145f7ca4f0bd144c7d4ffb2931e06634f11529653b23eba85aef8e378
Status: Downloaded newer image for ubuntu:latest
- 查看本地镜像:
# docker images #查看本地镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 7 days ago 84.1MB
centos latest 5182e96772bf 5 weeks ago 200MB
- 搜索镜像:
# docker search jumpserver #搜索镜像,可以搜到很多其他人做的镜像
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
jumpserver/jumpserver 10
jiaxiangkong/jumpserver_docker 开源跳板机(堡垒机):认证,授权,审计,自动化运维 10
hhding/jumpserver-docker ssh proxy node 3 [OK]
njqaaa/jumpserver jumpserver 2 [OK]
baselibrary/jumpserver jumpserver 1 [OK]
zhegao/jumpserver Jumpserver 1.4.0 1
jumpserver/allinone jumpserver all in one 1 [OK]
zqiannnn/jumpserver-ansible JumpServer Ansible Addon 1 [OK]
jumpserver/guacamole guacamole for jumpserver 1 [OK]
kubernetesio/sshd-jumpserver sshd-jumpserver 0 [OK]
vikings/jumpserver 0
satoms/jumpserver 0
zsjohny/jumpserver bastion web ui 0 [OK]
jumpserver/python 0
qiwihui/jumpserver jumpserver docker 0 [OK]
jumpserver/coco 0
qq58945591/jumpserver JumpServer集成coco和luna,使用nginx进行反向代… 0 [OK]
jumpserver/luna 0
lc13579443/jumpserver Jumpserver all in one Dockerfile 0 [OK]
ibuler/jumpserver 0
qbtrade/jumpserver 0
jumpserver/core Jumpserver Official Docker Image 0 [OK]
qbtrade/jumpserver_coco 0
jumpserver/base-env-alpine 0
mapsic/jumpserver jumpserver 0 [OK]
- 给镜像打上标签:
# docker tag centos lzx_centos #给镜像打上标签
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 7 days ago 84.1MB
centos latest 5182e96772bf 5 weeks ago 200MB
lzx_centos latest 5182e96772bf 5 weeks ago 200MB
打完标签会重新另生成一份镜像,不过IMAGE ID
不会改变,这表明这两个镜像其实是一样的。
此外还可以这样标识,改变TAG。
# docker tag centos test:123
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 7 days ago 84.1MB
test 123 5182e96772bf 5 weeks ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
lzx_centos latest 5182e96772bf 5 weeks ago 200MB
- 把镜像启动为容器: