环境:
centOS内核版本, 3.10以上支持最新docker
CentOS系统版本
安装:
1. 卸载旧版本
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
2. 安装包
yum install -y yum-utils
3.设置镜像仓库 (国内阿里云镜像)
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
4.更新yum软件索引
yum makecache fast
5.安装docker(ce社区办,ee企业版,)
yum install docker-ce docker-ce-cli containerd.io
6. 启动docker
systemctl start docker
7, 运行hello world
docker run hello-world
8. 查看下载的hello wolrd镜像
9. 卸载docker
a) 卸载docker
yum remove docker-ce docker-ce-cli containerd.io
b) 删除目录
// /var/lib/docker工作的默认路径
rm -rf /var/lib/docker
rm -rf /var/lib/containerd
阿里云镜像加速
Hello World执行流程
1. 本机寻找镜像
2.有镜像则使用这个运行, 没有则去docker hub上下载(找不到则返回错误, 能找到则下载到本地运行)
docker底层原理
Doker是一个Client-Server结构的系统, Docker的守护进程运行在主机上, 通过socket从客户端访问
DockerServer接收到Docker-client的指令, 就会执行这个命令
docker常用命令
帮助命令
docker version # 显示docker的版本
docker info # docker的详细系统信息,包括镜像和容器
docker 命令 --help # docker的万能命令
镜像命令
docker images # 查看所有本地主机上的镜像
# 解释
REPOSITORY # 仓库源
TAG # 镜像标签
IMAGE ID # 镜像id
CREATED # 创建时间
SIZE # 镜像的大小
# 可选项
-a, --all # 显示所有镜像
-f, --filter filter # 按条件过滤镜像
-q, --quiet # 只显示镜像id
docker search # 搜索镜像
# 可选项
-f, --filter filter # 过滤搜索条件
# 样例
docker search mysql -f=STARS=3000
docker pull 镜像名:[tag] # 下载镜像
# 如果不写tag, 则默认显示最后一个
# 如果写tag, 则默认指定版本下载
# docker 默认分层下载(涉及联合文件系统)
-a, --all-tags Download all tagged images in the repository
--disable-content-trust Skip image verification (default true)
--platform string Set platform if server is multi-platform capable
-q, --quiet Suppress verbose output
docker rmi [镜像名]|[镜像id]# 删除镜像 镜像之间加空格可以删除多个
# 可选项
-f, --force 强制删除
--no-prune Do not delete untagged parents
# 样例
docker rmi -f $(docker images -aq) # 递归删除全部镜像
容器命令
有了镜像才能创建容器, 下载一个centos镜像连接
# 1. 下载centos镜像
docker pull centos
# 2. 创建容器
docker run [可选参数] image
# 3. 退出容器
exit
# 参数说明
--name="Name" # 容器名字,用来区分容器
-d # 后台方式运行 ja nohoop
-it # 使用交互方式运行,进入容器查看内容(不输入这个进不去容器)
-p # 指定容器的端口
-p ip:主机端口:容器端口 (常用)
-p 主机端口:容器端口
-p 容器端口
-P # 随机指定端口
# 样例
docker run --name="CentOS" -it centos /bin/bash
docker ps # 列出所有正在运行的容器
# 可选项
-a # 曾经运行的命令
-n=7 # 显示最近几次的容器
-q # 只显示容器的编号
exit # 直接容器停止并退出
ctrl + p + q # 容器不停止并退出
docker rm [容器id] # 删除容器
# 可选项
-f 强制删除
# 样例
docker rm -f $(docker ps -aq) # 删除所有容器
docker rm -a -q | xargs docker rm # 删除所有容器
# 注意
不能删除正在运行的容器, 如果要强制需要加-f
docker start [容器id] # 启动容器
docker restart [容器id] # 重新启动容器
docker stop [容器id] # 停止容器
docker kill [容器id] # 强制停止容器
常用的其他命令
# 后台启动docker
docker run -d [镜像名]
# 执行docker ps时发现上面的命令启动的容器停止了
# 原因: docker 容器使用后台运行, 就必须有一个前台进行, docker发现没有前台应用, 就会自动停止后台容器
# ngix容器启动后, 发现自己没有提供服务,就会自动停止
# 查看日志
docker logs
# 可选项
--details Show extra details provided to logs
-f, --follow Follow log output
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m
for 42 minutes)
-n, --tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g.
42m for 42 minutes)
# 样例
docker logs -f -t --tail 10 [容器id] # 以字符串形式输出10条log
# 查看容器中的进程信息
docker top [容器id]
# 查看镜像的元数据
docker inspect
# 进入当前正在运行的容器
docker exec -it [容器id] bashShell
# 方法2
docker attach 容器id
区别,方法2进入时是正在执行的终端
# 从容器内copy文件到文件外
docker cp [容器id:容器内路径] 目的主机路径
# 拷贝是一个手动的过程, 以后使用时会使用-v卷的技术,进行同步
练习:
1. 用docker安装nginx
# 搜索镜像
docker search nginx
# 下载镜像
docker pull nginx
# 启动nginx
docker run -d --name="nginx1" -p 3344:80 nginx
# 测试nginx连接
[root@com ~]# curl localhost:3344
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@com ~]#
# 进入容器查看
[root@com ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffc6bf7742c7 nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 0.0.0.0:3344->80/tcp nginx1
[root@com ~]# docker exec -it nginx1 /bin/bash
root@ffc6bf7742c7:/# whereis nginx
nginx: /usr/sbin/nginx /usr/lib/nginx /etc/nginx /usr/share/nginx
root@ffc6bf7742c7:/# cd /etc/nginx
root@ffc6bf7742c7:/etc/nginx#
# 思考, 每次修改nginx配置都得进入容器,很麻烦. -v卷技术可以直接在容器外修改
2. docker安装一个tomcat
# 官方的命令-(用完即删除)
$ docker run -it --rm tomcat:9.0
# 之前的操作都是后台, 停止容器后, 还可以查询到
# 下载镜像
docker pull tomcat:9.0
# 运行容器
docker run -d -p 8080 --name="tomcat1" tomcat
[root@com ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat 9.0 e81ee1ac2b97 6 days ago 680MB
mysql 5.7 8a8a506ccfdc 6 days ago 448MB
nginx latest 87a94228f133 7 days ago 133MB
hello-world latest feb5d9fea6a5 3 weeks ago 13.3kB
centos latest 5d0da3dc9764 4 weeks ago 231MB
[root@com ~]# docker run -d --name="tomcat1" -p 8080 e81ee1ac2b97
8933741e2409249ad791b821be82b71f4f61a33242f42f349de3489a65a423f6
[root@com ~]# docker exec -it tomcat1 /bin/bash
root@8933741e2409:/usr/local/tomcat# ls
BUILDING.txt LICENSE README.md RUNNING.txt conf logs temp webapps.dist
CONTRIBUTING.md NOTICE RELEASE-NOTES bin lib native-jni-lib webapps work
root@8933741e2409:/usr/local/tomcat# ll
bash: ll: command not found
root@8933741e2409:/usr/local/tomcat# ls -all
total 172
drwxr-xr-x 1 root root 4096 Oct 13 14:23 .
drwxr-xr-x 1 root root 4096 Oct 19 14:35 ..
-rw-r--r-- 1 root root 18970 Sep 28 13:51 BUILDING.txt
-rw-r--r-- 1 root root 6210 Sep 28 13:51 CONTRIBUTING.md
-rw-r--r-- 1 root root 57092 Sep 28 13:51 LICENSE
-rw-r--r-- 1 root root 2333 Sep 28 13:51 NOTICE
-rw-r--r-- 1 root root 3372 Sep 28 13:51 README.md
-rw-r--r-- 1 root root 6898 Sep 28 13:51 RELEASE-NOTES
-rw-r--r-- 1 root root 16507 Sep 28 13:51 RUNNING.txt
drwxr-xr-x 2 root root 4096 Oct 13 14:23 bin
drwxr-xr-x 1 root root 4096 Oct 19 14:34 conf
drwxr-xr-x 2 root root 4096 Oct 13 14:23 lib
drwxrwxrwx 1 root root 4096 Oct 19 14:34 logs
drwxr-xr-x 2 root root 4096 Oct 13 14:23 native-jni-lib
drwxrwxrwx 2 root root 4096 Oct 13 14:23 temp
drwxr-xr-x 2 root root 4096 Oct 13 14:23 webapps
drwxr-xr-x 7 root root 4096 Sep 28 13:51 webapps.dist
drwxrwxrwx 2 root root 4096 Sep 28 13:51 work
root@8933741e2409:/usr/local/tomcat# cd webapps
root@8933741e2409:/usr/local/tomcat/webapps# ls
root@8933741e2409:/usr/local/tomcat/webapps#
# 注意
1. linux命令少了
2. 没有webapps
阿里云镜像默认是最小镜像, 所有不必要的都被删除了
3. 部署ES + kibana
# ES暴露的接口多
# ES十分耗内存
# ES的数据一般需要放置到安全目录挂载
# 官网命令
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.2
# 启动之后服务器就卡了
docker status查看cpu状态
[root@com ~]# curl localhost:9200
{
"name" : "abbe2556b31e",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "FQGAgY21QWOrxPa49-Okiw",
"version" : {
"number" : "7.6.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
"build_date" : "2020-03-26T06:34:37.794943Z",
"build_snapshot" : false,
"lucene_version" : "8.4.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
# ES十分耗内存
# 停止docker
# 增加内存的限制 -e 环境配置修改
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" elasticsearch:7.6.2
可视化
portainer(先用)
docker的图形化界面!提供一个后台面板供我们操作
docker run -d -p 8088:9200 --restart=always -v /var/run/docer.sock:/var/run/docker.sock --privileged=true portainer/portainer
# 访问测试: 外网:8088
Rancher(CI/CD再用)
UnionFS联合文件系统是一种分层,轻量级并且高性能的文件系统
commit 镜像(提交自定义镜像)
# 提交容器成为新的副本
docker commit -m="提交的信息" -a="作者" [容器id] [目标镜像名]:[tag]
# 测试
1.启动默认tomcat, 默认官方镜像中没有webapps, 我们可以手动copy文件进去
2.commit提交为新的镜像
[root@com ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3d19dc9036d e81ee1ac2b97 "catalina.sh run" 6 minutes ago Up 6 minutes 0.0.0.0:8080->8080/tcp nervous_swanson
[root@com ~]# docker commit -a="qyy" -m "add webapps" e3d19dc9036d tomcat2:1.0
sha256:2443929ce23b97248fc69ac6e085e7f83385cb26c0ba839234be6e61cd1f752d
[root@com ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat2 1.0 2443929ce23b 7 seconds ago 685MB
tomcat 9.0 e81ee1ac2b97 9 days ago 680MB
mysql 5.7 8a8a506ccfdc 10 days ago 448MB
nginx latest 87a94228f133 11 days ago 133MB
hello-world latest feb5d9fea6a5 4 weeks ago 13.3kB
centos latest 5d0da3dc9764 5 weeks ago 231MB
portainer/portainer latest 580c0e4e98b0 7 months ago 79.1MB
elasticsearch 7.6.2 f29a1ee41030 19 months ago 791MB
[root@com ~]#
到这里算是入门docker
容器数据卷
什么是容器数据卷?
将应用和环境打包成镜像,然后运行为一个容器.如果数据都在容器中,那么容器删除后就会丢失.
数据可以持久化?
容器之间可以有一个数据共享的技术.Docker容器中产生的数据会同步到本地, 将容器内的目录挂载到虚拟机上.
总结: 容器的持久化和同步操作, 荣期间也可以数据共享
# 方式一(直接使用命令挂载)
docker run -it -v 主句目录:容器内目录
实战:安装MYSQL
# 注意:安装运行mysql需要配置密码
docker run -d -p 3344:3306 -v /home/mysql/conf:/etc/mysql/conf.d -v /home/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=qyy123321 --name="mysqlqyy1" 8a8a506ccfdc
具名和匿名挂载
# 查看所有的卷
docker volume ls
[root@com conf]# docker volume ls
DRIVER VOLUME NAME
local 3ca9cdd4de7d48c497cc9cab4824569bb8801593e5bab3a4e60aaf9252b47c1d
local 10eed9981558a5869038696f944efe75f5653f7946b018f1221c1384c1c6dae2
# 上面的这些就是匿名挂载, run时只给了容器内的路径,没给容器外的路径
# 具名 -v 卷名:容器内路径
docker run -d -P --name="nginx2" -v juming-mginx:/etc/nginx nginx
# 查看具名卷的目录
docker volume inspect [卷名]
# 卷分类
-v 容器内路径 # 匿名挂载
-v 具名:容器内路径 # 具名挂载
-v /宿主机路径:/容器内路径 # 指定路径挂载
# docker run -d -P --name="nginx2" -v juming-mginx:/etc/nginx:ro nginx
# docker run -d -P --name="nginx2" -v juming-mginx:/etc/nginx:rw nginx
# 一旦设置了容器权限, 容器对挂载出来的内容就有限定了
# 通过ro和rw改变读写权限, ro (read only说明只能通过宿主机改变), rw (可读可写-默认)
通过脚本生成镜像, 镜像是一层一层的, 脚本是一个个的命令, 每个命令是一层
# 第二种
docker build -f dockerfile -t /qyy/centos .
[root@com home]# pwd
/home
[root@com home]# cd docker-test-volume
[root@com docker-test-volume]# vim dockerfile
[root@com docker-test-volume]# cat dockerfile
FROM centos
VOLUME ['volume01', 'volume2']
CMD echo "---end---"
CMD /bin/bash
[root@com docker-test-volume]# docker build -f dockerfile -t qyy/centos .
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM centos
---> 5d0da3dc9764
Step 2/4 : VOLUME ['volume01', 'volume2']
---> Running in 4677d299ca97
Removing intermediate container 4677d299ca97
---> 56d58c90b3f8
Step 3/4 : CMD echo "---end---"
---> Running in 76cb29095f9d
Removing intermediate container 76cb29095f9d
---> 07279ed65980
Step 4/4 : CMD /bin/bash
---> Running in f21a5f9fafcd
Removing intermediate container f21a5f9fafcd
---> 45d3fceaece3
Successfully built 45d3fceaece3
Successfully tagged qyy/centos:latest
[root@com docker-test-volume]#
# 同步卷 --volumes-from
docker run -it --name docker02 --volumes-from ad5000da0c7d qyy/centos:1.0
# 如果停止或者删除第一个容器, 关联容器的卷还在
DockerFile
就是用来构建docker镜像的构建文件
构建步骤
1.编写一个dockerfile文件
2.docker build构建成为一个镜像
3.docker run 运行镜像
4.docker push发布镜像
官方镜像都是基础包, 很多功能都需要自己进行搭建
基础知识
1. 每个保留关键字都是大写
2.从上向下执行
3. # 表示注释
4. 每个指令都会创建提交一个新的镜像层
DockerFile: 构建文件
DockerImages:通过DockerFilke构建生成的镜像
Docker容器是镜像运行起来提供服务的
命令
FROM | 基础镜像 - 一切从这开始centos |
MAINTAINER | 镜像是谁写的: 姓名+邮箱 |
RUN | Docker镜像构件时运行的命令 |
ADD | 步骤, tomcat镜像, 这个tomcat压缩包, 添加内容 |
WORKDIR | 工作目录 |
VOLUME | 挂载卷 |
EXPOSE | 指定暴露的端口 |
CND | 指定容器启东时要运行的命令, 只有最后一个会生效 |
ENTRYPOINT | 指定容器启东时要运行的命令, 可以追加命令 |
ONBUILD | 当构建一个被继承的镜像时, 就会运行这个指令 |
COPY | 类似add命令,将文件copy到镜像中 |
ENV | 构建时设置环境变量 |
实战测试
dockerhub中99%镜像都是从基础镜像scratch开始的, 然后配置需要的软件和配置进行构建
创建一个自己的centos
# 1.编写文件
FROM centos
MAINTAINER qyy<461748791@qq.com>
ENV MYPATH /usr/local
WORKDIR $MYPATH
RUN yum -y install vim
RUN yum -y install net-tools
EXPOSE 80
CMD echo $MYPATH
CMD echo "-----end-----"
cmd /bin/bash
# 2.构建命令
docker build -f myDockerFile -t mycentos:1.0 .
# 3.测试运行
实战2, tomcat镜像
1.猪呢比tomcat压缩包
2. 编写DockerFile文件, 官方命名Dockerfile, build时自动寻找这个文件
FROM centos
MAINTAINER qyy<461748791@qq.com>
COPY readme.txt /usr/local/readme.txt
ADD jdk-8u311-linux-x64.tar.gz /usr/local
ADD apache-tomcat-9.0.54.tar.gz /usr/local
RUN yum -y install vim
RUN MYPATH /usr/local
WORKDIR $MYPATH
ENV JAVA_HOME /usr/local/jdk1.8.0_311
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.54
ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.54
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
EXPOSE 8080
CMD /usr/local/apache-tomcat-9.0.54/bin/startup.sh && tail -F /usr/local/usr/local/apache-tomcat-9.0.54/bin
/logs/catalina.out
3. 创建容器
docker run -d -p 8080:8080 --name mytomcat -v /home/qyy/tomcat/webs:/usr/local/apache-tomcat-9.0.54/webapps -v /home/qyy/tomcat/logs:/usr/local/apache-tomcat-9.0.54/logs qyy/mytomcat
4.提交镜像
# 登陆
docker login -u [用户名] -p [密码]
# 查看登陆参数
docker login --help
# push
docker push [作者名]/[镜像名]:tag
# 修改镜像名
docker tag [镜像id] [新的镜像名]:tag
注意推送前需要通过docker tag改镜像名
docker save
docker load
Docker网络
理解Docker0网络
[root@com qyy]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:2b:e4:2d brd ff:ff:ff:ff:ff:ff
inet 172.26.8.132/20 brd 172.26.15.255 scope global dynamic eth0
valid_lft 315337209sec preferred_lft 315337209sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:42:f1:93:b1 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@com qyy]#
# lo 本机回环地址
# eth0 阿里云内网地址
# docker0 docker地址
问题:
docker0是如何处理容器的访问
[root@com .docker]# docker run --name tomcat01 tomcat
我们每启动一个docker容器,docker就会给docker容器分配一个ip, 我们只要安装了docker, 就会有一个网卡docker0
桥接模式: 使用的技术是evth-pair技术
容器带来的网卡都是一对一对的
evtrh-pair就是一对虚拟设备的接口, 他们都是成对出现, 一段连着协议,一段彼此相连
正因为有这个特性, evth-pair充当一个桥梁, 连接各种虚拟网络设备
容器之间也可以ping通
--link
docker run -d -P --name tomcat03 --link tomcat02 tomcat
docker exec -it tomcat03 ping tomcat02
# 可以ping通
# docker network --help
# docker network ls
# docker network inspect [网络ID/容器id]
link是通过在/etc/hosts中增加了了tomcat02的映射, 不建议使用
# 自定义网络不舍用docker0, docker0
# 查看所有docker网络
[root@com ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
b13145d4e949 bridge bridge local
207b7dc1a0fe host host local
1b6f8e881be1 none null local
网络模式
bridge桥接模式:在docker上搭桥(默认)
none: 不配置网络
host: 和宿主机共享网络
container: 容器内网络连通
# 下面的操作是默认通过--net bridge
[root@com ~]# docker run -d -P --name tomcat01 --net bridge tomcat
# docker0 - 默认的 -域名不可访问, --link可以打通连接(不推荐)
# 自定义网络
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
# 测试
[root@com ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
b13145d4e949 bridge bridge local
207b7dc1a0fe host host local
aefc765cdd71 mynet bridge local
1b6f8e881be1 none null local
[root@com ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "aefc765cdd7167bcb41a7d90dc8e7b40309753c1281352be58b30e7f462eb5b6",
"Created": "2021-10-24T20:25:09.309251358+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
docker run -d -P --name tomcat-net-01 --net mynet tomcat
docker run -d -P --name tomcat-net-02 --net mynet tomcat
# 测试
[root@com ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "aefc765cdd7167bcb41a7d90dc8e7b40309753c1281352be58b30e7f462eb5b6",
"Created": "2021-10-24T20:25:09.309251358+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"4496b0986456b77c94fb928600cce181f814382e5370cce481437148872c4b56": {
"Name": "tomcat-net-02",
"EndpointID": "36b6f1749d8520aa5e933984710464e9c951d311ec0c1bac5af6c2df988a96af",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"e9be7c549b8b264e555dad73a957d2b818ab4796bb200979dcc7d6a062172810": {
"Name": "tomcat-net-01",
"EndpointID": "f6c9121ccbd19547316455eba5eff493af5f44ed5144f5016bf2f089947a5aaf",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@com ~]# docker exec -it tomcat-net-01 ping 192.168.0.3
# 自定义网络修复了docker0的问题
# 不同集群使用不同的网络, 保证几圈是安全健康的
# 容器连通一个网络
docker network connect [网络名] [容器名]
实战, 部署redis集群
# 1.新建redis网卡
docker network create redis --subnet 172.38.0.0/16
# 2.运行脚本创建6个redis
for port in $(seq 1 6); \
do \
mkdir -p /mydata/redis/node-${port}/conf
touch /mydata/redis/node-${port}/conf/redis.conf
cat << EOF >/mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done
# 3.运行redis容器
for idx in $(seq 1 6); \
do \
docker run -p 637${idx}:6379 -p 1637${idx}:16379 --name redis-${idx} -v /mydata/redis/node-${idx}/data:/data -v /mydata/redis/node-${idx}/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.1${idx} redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
done
# 4.创建集群
docker exec -it redis-1 /bin/sh # 随便进入一个容器
redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379 --cluster-replicas 1
# 结果
/data # redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379
172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379 --cluster-replicas 1
>>> Performing hash slots allocation on 6 nodes...
Master[0] -> Slots 0 - 5460
Master[1] -> Slots 5461 - 10922
Master[2] -> Slots 10923 - 16383
Adding replica 172.38.0.15:6379 to 172.38.0.11:6379
Adding replica 172.38.0.16:6379 to 172.38.0.12:6379
Adding replica 172.38.0.14:6379 to 172.38.0.13:6379
M: 8e2334cecb9dd6f6efad71b3c6cd692857213e47 172.38.0.11:6379
slots:[0-5460] (5461 slots) master
M: 26e915db028e9aef6b2fdd13aa8ec99c88d5908a 172.38.0.12:6379
slots:[5461-10922] (5462 slots) master
M: e927d8ad53029a82cb2a642e05cbf061c248e313 172.38.0.13:6379
slots:[10923-16383] (5461 slots) master
S: 4a20688ad5c5891a2319df69458b76d26b6a57b5 172.38.0.14:6379
replicates e927d8ad53029a82cb2a642e05cbf061c248e313
S: e2c7ab7854d6baf0691437d14bf3b5a335b900f8 172.38.0.15:6379
replicates 8e2334cecb9dd6f6efad71b3c6cd692857213e47
S: 3af8d7ec0cebf840511d9b2797c8260f592455ee 172.38.0.16:6379
replicates 26e915db028e9aef6b2fdd13aa8ec99c88d5908a
Can I set the above configuration? (type 'yes' to accept): yes
>>> Nodes configuration updated
>>> Assign a different config epoch to each node
>>> Sending CLUSTER MEET messages to join the cluster
Waiting for the cluster to join
...
>>> Performing Cluster Check (using node 172.38.0.11:6379)
M: 8e2334cecb9dd6f6efad71b3c6cd692857213e47 172.38.0.11:6379
slots:[0-5460] (5461 slots) master
1 additional replica(s)
S: e2c7ab7854d6baf0691437d14bf3b5a335b900f8 172.38.0.15:6379
slots: (0 slots) slave
replicates 8e2334cecb9dd6f6efad71b3c6cd692857213e47
S: 4a20688ad5c5891a2319df69458b76d26b6a57b5 172.38.0.14:6379
slots: (0 slots) slave
replicates e927d8ad53029a82cb2a642e05cbf061c248e313
M: 26e915db028e9aef6b2fdd13aa8ec99c88d5908a 172.38.0.12:6379
slots:[5461-10922] (5462 slots) master
1 additional replica(s)
M: e927d8ad53029a82cb2a642e05cbf061c248e313 172.38.0.13:6379
slots:[10923-16383] (5461 slots) master
1 additional replica(s)
S: 3af8d7ec0cebf840511d9b2797c8260f592455ee 172.38.0.16:6379
slots: (0 slots) slave
replicates 26e915db028e9aef6b2fdd13aa8ec99c88d5908a
[OK] All nodes agree about slots configuration.
>>> Check for open slots...
>>> Check slots coverage...
[OK] All 16384 slots covered.
# 测试集群
/data # redis-cli -c
127.0.0.1:6379> cluster info
cluster_state:ok
cluster_slots_assigned:16384
cluster_slots_ok:16384
cluster_slots_pfail:0
cluster_slots_fail:0
cluster_known_nodes:6
cluster_size:3
cluster_current_epoch:6
cluster_my_epoch:1
cluster_stats_messages_ping_sent:134
cluster_stats_messages_pong_sent:139
cluster_stats_messages_sent:273
cluster_stats_messages_ping_received:134
cluster_stats_messages_pong_received:134
cluster_stats_messages_meet_received:5
cluster_stats_messages_received:273
127.0.0.1:6379> cluster nodes
e2c7ab7854d6baf0691437d14bf3b5a335b900f8 172.38.0.15:6379@16379 slave 8e2334cecb9dd6f6efad71b3c6cd692857213e47 0 1635089044729 5 connected
4a20688ad5c5891a2319df69458b76d26b6a57b5 172.38.0.14:6379@16379 slave e927d8ad53029a82cb2a642e05cbf061c248e313 0 1635089045231 4 connected
8e2334cecb9dd6f6efad71b3c6cd692857213e47 172.38.0.11:6379@16379 myself,master - 0 1635089043000 1 connected 0-5460
26e915db028e9aef6b2fdd13aa8ec99c88d5908a 172.38.0.12:6379@16379 master - 0 1635089044230 2 connected 5461-10922
e927d8ad53029a82cb2a642e05cbf061c248e313 172.38.0.13:6379@16379 master - 0 1635089045000 3 connected 10923-16383
3af8d7ec0cebf840511d9b2797c8260f592455ee 172.38.0.16:6379@16379 slave 26e915db028e9aef6b2fdd13aa8ec99c88d5908a 0 1635089045000 6 connected
127.0.0.1:6379> set a b
-> Redirected to slot [15495] located at 172.38.0.13:6379
OK
# 断开redis-3的容器(172.38.0.13)
127.0.0.1:6379> get a
-> Redirected to slot [15495] located at 172.38.0.14:6379
"b"
172.38.0.14:6379> cluster nodes
3af8d7ec0cebf840511d9b2797c8260f592455ee 172.38.0.16:6379@16379 slave 26e915db028e9aef6b2fdd13aa8ec99c88d5908a 0 1635089236553 6 connected
e2c7ab7854d6baf0691437d14bf3b5a335b900f8 172.38.0.15:6379@16379 slave 8e2334cecb9dd6f6efad71b3c6cd692857213e47 0 1635089236000 5 connected
4a20688ad5c5891a2319df69458b76d26b6a57b5 172.38.0.14:6379@16379 myself,master - 0 1635089237000 7 connected 10923-16383
8e2334cecb9dd6f6efad71b3c6cd692857213e47 172.38.0.11:6379@16379 master - 0 1635089236954 1 connected 0-5460
e927d8ad53029a82cb2a642e05cbf061c248e313 172.38.0.13:6379@16379 master,fail - 1635089143278 1635089142576 3 connected
26e915db028e9aef6b2fdd13aa8ec99c88d5908a 172.38.0.12:6379@16379 master - 0 1635089237956 2 connected 5461-10922
SpringBoot微服务打包Docker镜像
# 1.构建springboot项目
# 2.打包应用
# 3.编写dockerfile
# 4.构建镜像
# 5.发布运行
问题
nginx部署问题
# 问题1, nginx挂载目录时不生效报错
步骤
# 1.先开启一个测试用nginx
docker run --name test -d nginx
# 2.复制出nginx.conf
docker cp test:/etc/nginx/nginx.conf /home/nginx/conf/
# 3.夫指出default.conf
docker cp test:/etc/nginx/conf.d/default.conf /home/nginx/conf/conf.d
# 此时宿主机本地已经有nginx.conf, default.conf
# 4.运行你要挂载的真正的nginx
docker run --privileged -it -p 3344:80 \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /home/nginx/conf/conf.d:/etc/nginx/conf.d:ro \
-v /home/nginx/html:/usr/share/nginx/html:rw \
-v /home/nginx/logs:/var/log/nginx -d nginx
2022-5-8更改: docker中启用ssl的nginx
## 1.在/home/nginx下保存nginx的conf html logs(这三个文件夹安装了nginx就有)
## 2.创建cert文件夹, 里面放阿里云上申请的ssl证书
## 3.开启docker容器
docker run --name myNginx -it -p 443:443 -p 80:80 \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /home/nginx/conf/conf.d:/etc/nginx/conf.d:ro \
-v /home/nginx/html:/usr/share/nginx/html:rw \
-v /home/nginx/cert:/etc/nginx/cert:rw \
-v /home/nginx/logs:/var/log/nginx --privileged=true -d --restart=always nginx
jdk1.8 Dockerfile
FROM centos:centos7
MAINTAINER qyy<461748791@qq.com>
RUN mkdir /usr/local/jdk
WORKDIR /usr/local/jdk
ADD jdk-8u311-linux-x64.tar.gz /usr/local/jdk
ENV JAVA_HOME /usr/local/jdk/jdk1.8.0_311
ENV JRE_HOME /usr/local/jdk/jdk1.8.0_311/jre
ENV PATH $JAVA_HOME/bin:$PATH
企业实战
Docker Compose
Docker Swarm
CI/CD jenkins持续部署