docker介绍
Docker是Docker.Inc公司开源的一个机遇lxc技术之上构建的Container容器引擎,源代码托管在GitHub上,基于Go语言并遵从Apache2.0协议开源。
Docker是通过内核虚拟化技术(namespaces及cgroups等)来提供容器服务的资源隔离与安全保障等。由于Docker通过操作系统层的虚拟化实现隔离,所以Docker容器在运行时,不需要类似虚拟机(VM)额外的操作系统开销,提高资源利用率。
docker与OpenStack对比
类别 | Docker | OpenStack |
---|---|---|
部署难度 | 非常简单 | 组件多,部署复杂 |
启动速度 | 秒级 | 分钟级 |
执行性能 | 和物理系统几乎一致 | VM会占用一些资源 |
镜像体积 | MB级别 | GB级别 |
管理效率 | 管理简单 | 组件相互依赖,管理复杂 |
隔离性 | 隔离性高 | 彻底隔离 |
可管理性 | 单进程、不建议启动SSH | 完整的系统管理 |
网络连接 | 比较弱 | 借助Neutron可以灵活组件各类网络架构 |
Docker安装
安装前准备
Docker的容器默认是可以直接访问外网,但是外网访问不了Docker的容器,所以需要通过端口映射或者桥接到物理网络的方式来访问容器的服务
- 修改eth0网卡配置文件
[root@root ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
BRIDGE=br0
- 编写br0配置文件(默认不存在)
[root@root ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
TYPE="Bridge"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="br0"
DEVICE="br0"
ONBOOT="yes"
IPADDR="10.0.0.200"
PREFIX="24"
GATEWAY="10.0.0.254"
DNS1="1.2.4.8"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
- 重启网络
systectl restart network
安装
yum install -y docker
systemctl enable docker
下载完之后先不要启动docker,因为docker默认的镜像源是在国外,下载的慢也容易被墙,所以要把镜像源改为国内的
- 使用阿里的镜像源
https://cr.console.aliyun.com
[root@root ~]# vim /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --registry-mirror=https://a14c78qe.mirror.aliyuncs.com
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
- 启动
[root@root ~]# systemctl daemon-reload
[root@root ~]# systemctl start docker
[root@root ~]# systemctl status docker
docker简单操作
- 搜索镜像
[root@root ~]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 11049 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1555 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 688 [OK]
jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as p… 492 [OK]
webdevops/php-nginx Nginx with PHP-FPM 123 [OK]
zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server wi… 91 [OK]
bitnami/nginx Bitnami nginx Docker Image 64 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 56
- 下载镜像
[root@root ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
f7e2b70d04ae: Pull complete
08dd01e3f3ac: Pull complete
d9ef3a1eb792: Pull complete
Digest: sha256:98efe605f61725fd817ea69521b0eeb32bef007af0e3d0aeb6258c6e6fe7fc1a
Status: Downloaded newer image for nginx:latest
- 查看镜像
[root@root ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 881bd08c0b08 8 days ago 109MB
- 导出镜像
[root@root ~]# docker save nginx >/tmp/nginx.tar.gz
[root@root ~]# ls /tmp/
nginx.tar.gz
- 删除docker本地镜像
[root@root tmp]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 881bd08c0b08 8 days ago 109MB
[root@root tmp]# docker rmi nginx
Untagged: nginx:latest
Untagged: nginx@sha256:98efe605f61725fd817ea69521b0eeb32bef007af0e3d0aeb6258c6e6fe7fc1a
Deleted: sha256:881bd08c0b08234bd19136957f15e4301097f4646c1e700f7fea26e41fc40069
Deleted: sha256:39d647657f07356aed647e68914109c3098d4bb8ace1bc1d3a09bb40c8766971
Deleted: sha256:798ab02dcf5760bbb0f5885cbaf22bac887e7c1cf3c64fc8864e98630e426aea
Deleted: sha256:6744ca1b11903f4db4d5e26145f6dd20f9a6d321a7f725f1a0a7a45a4174c579
[root@root tmp]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
- 将本地导入docker
[root@root tmp]# docker load < /tmp/nginx.tar.gz
6744ca1b1190: Loading layer [==================================================>] 58.45MB/58.45MB
c59b3ca455e3: Loading layer [==================================================>] 54.51MB/54.51MB
3e9eb35b1c23: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: nginx:latest
[root@root tmp]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 881bd08c0b08 8 days ago 109MB
- 启动一个容器
[root@root overlay2]# docker run -it nginx sh
# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
- 制作一个NGINX容器
[root@root ~]# docker pull centos
[root@root ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 9f38484d220f 11 days ago 202MB
[root@root ~]# docker run -it --name nginx centos
[root@472f3b54e7b4 ~]# yum install -y nginx
[root@472f3b54e7b4 ~]# vi /etc/nginx/nginx.conf
user nginx;
daemon off;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
nginx会hang住,然后另开一个窗口
[root@root ~]# docker commit -m "first nginx image" nginx first_nginx
sha256:6d726b010b28aa943e43d98364ecf5559131b408eeb97d76ad00f36b0eb93166
[root@root ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
first_nginx latest 6d726b010b28 23 seconds ago 570MB
centos latest 9f38484d220f 11 days ago 202MB
docker端口映射
[root@root ~]# docker run --name my_nginx -d -p 90:80 nginx
188fd947869a07c7625d12475b497aea1e71ed2c3d115fe791e533129036eb68
[root@root ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
188fd947869a nginx "nginx -g 'daemon of…" 11 seconds ago Up 10 seconds 0.0.0.0:90->80/tcp my_nginx
[root@root ~]#
注:此次是将本地的90端口映射到容器的80端口
docker容器互连
[root@root ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
874946eb0b6f nginx "nginx -g 'daemon of…" About an hour ago Up About an hour 0.0.0.0:92->80/tcp index_nginx
[root@root ~]# docker run --name link_nginx --link index_nginx -d -p 93:80 nginx
e0a5b4acff8b21ac00619b1775edb8f2a6f02525bc18f6043f0b6b965c1a06ed
[root@root ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0a5b4acff8b nginx "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 0.0.0.0:93->80/tcp link_nginx
874946eb0b6f nginx "nginx -g 'daemon of…" About an hour ago Up About an hour 0.0.0.0:92->80/tcp index_nginx
- 验证
[root@root ~]# docker exec -it link_nginx sh
# cat /etc/hosts
docker ip映射
[root@root ~]# docker run --name ip_nginx -d -p 172.16.1.200:91:80 nginx
ed7bc223449159053c83213631ea46e56f910da31ca989394abcd95a169c91b1
[root@root ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ed7bc2234491 nginx "nginx -g 'daemon of…" 41 seconds ago Up 40 seconds 172.16.1.200:91->80/tcp ip_nginx
188fd947869a nginx "nginx -g 'daemon of…" 32 minutes ago Up 32 minutes 0.0.0.0:90->80/tcp my_nginx
此时通过浏览器访问172.16.1.200:91是访问不了的,在本机访问是可以的
如果在进行ip映射的时候提示WARNING: IPv4 forwarding is disabled. Networking will not work.
- 修改/etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/systcl.conf
systemctl restart network
docker文件映射
- 首先在本机创建主页文件
vim index.html
hello
index
[root@root ~]# ll index.html
-rw-r--r--. 1 root root 12 4月 15 00:31 index.html
[root@root ~]# docker run --name index_nginx -v ~/index.html:/usr/share/nginx/html/index.html -d -p 92:80 nginx
874946eb0b6f73b7e536eb2b3d07739803b4d31f027bdd8372c2e60956f2de53
[root@root ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
874946eb0b6f nginx "nginx -g 'daemon of…" 7 seconds ago Up 6 seconds 0.0.0.0:92->80/tcp index_nginx
浏览器访问10.0.0.200:92
docker跨主机互连
- IP地址规划
主机名 | IP地址 |
---|---|
docker1 | 10.0.0.200 |
docker2 | 10.0.0.201 |
- 修改docker默认ip,两台都要修改
vim /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
- 两台主机个起一个容器
[root@docker1 ~]# docker run -it --name node1 centos sh
[root@docker2 ~]# docker run -it --name node2 centos sh
- 首先互ping一下发现ping不通
- 添加路由信息
[root@docker1 ~]# route add -net 192.168.10.0/24 gw 10.0.0.201
[root@docker2 ~]# route add -net 192.168.100.0/24 gw 10.0.0.200
注意分清主机名称
- 从容器里互相ping