2022-09-12Docker基础

最新推荐文章于 2024-06-28 16:14:41 发布
最新推荐文章于 2024-06-28 16:14:41 发布
阅读量814 收藏
点赞数
文章标签: docker
原文链接:https://www.yuque.com/mrlinxi/pxvr4g/polyyw
版权

1.1 是什么

1. 为什么会有docker的出现

                一款产品从开发到上线,从操作系统,到运行环境,再到应用配置。作为开发+运维之间的协作我们需要关心很多东西,这也是很多互联网公司都不得不面对的问题,特别是各种版本的迭代之后,不同版本环境的兼容,对运维人员都是考验

                Docker之所以发展如此迅速,也是因为它对此给出了一个标准化的解决方案。

环境配置如此麻烦,换一台机器,就要重来一次,费力费时。很多人想到,能不能从根本上解决问题,软件可以带环境安装?也就是说,安装的时候,把原始环境一模一样地复制过来。开发人员利用 Docker 可以消除协作编码时“在我的机器上可正常工作”的问题。

                之前在服务器配置一个应用的运行环境,要安装各种软件,Java/Tomcat/MySQL/JDBC驱动包等。安装和配置这些东西有多麻烦就不说了,它还不能跨平台。假如我们是在 Windows 上安装的这些环境,到了 Linux 又得重新装。况且就算不跨操作系统,换另一台同样操作系统的服务器,要移植应用也是非常麻烦的。

                传统上认为,软件编码开发/测试结束后,所产出的成果即是程序或是能够编译执行的二进制字节码等(java为例)。而为了让这些程序可以顺利执行,开发团队也得准备完整的部署文件,让维运团队得以部署应用程式,开发需要清楚的告诉运维部署团队,用的全部配置文件+所有软件环境。不过,即便如此,仍然常常发生部署失败的状况。Docker镜像的设计,使得Docker得以打破过去「程序即应用」的观念。透过镜像(images)将作业系统核心除外,运作应用程式所需要的系统环境,由下而上打包,达到应用程式跨平台间的无缝接轨运作。

2. docker理念

        Docker是基于Go语言实现的云开源项目。

        Docker的主要目标是“Build,Ship and Run Any App,Anywhere”,也就是通过对应用组件的封装、分发、部署、运行等生命周期的管理,使用户的APP(可以是一个WEB应用或数据库应用等等)及其运行环境能够做到“一次封装,到处运行”

                Linux 容器技术的出现就解决了这样一个问题,而 Docker 就是在它的基础上发展过来的。将应用运行在 Docker 容器上面,而 Docker 容器在任何操作系统上都是一致的,这就实现了跨平台、跨服务器。只需要一次配置好环境,换到别的机子上就可以一键部署好,大大简化了操作。

                一句话:解决了运行环境和配置问题软件容器,方便做持续集成并有助于整体发布的容器虚拟化技术

                docker三要素:仓库、镜像、容器

1.2 能干嘛

1. 之前的虚拟机技术

虚拟机(virtual machine)就是带环境安装的一种解决方案。

它可以在一种操作系统里面运行另一种操作系统,比如在Windows 系统里面运行Linux 系统。应用程序对此毫无感知,因为虚拟机看上去跟真实系统一模一样,而对于底层系统来说,虚拟机就是一个普通文件,不需要了就删掉,对其他部分毫无影响。这类虚拟机完美的运行了另一套系统,能够使应用程序,操作系统和硬件三者之间的逻辑不变。

虚拟机的缺点:占用资源多、冗余步骤多、启动慢

2. 容器虚拟化技术

        由于前面虚拟机存在这些缺点,Linux 发展出了另一种虚拟化技术:Linux 容器(Linux Containers,缩写为 LXC)。

        Linux 容器不是模拟一个完整的操作系统,而是对进程进行隔离。有了容器,就可以将软件运行所需的所有资源打包到一个隔离的容器中。容器与虚拟机不同,不需要捆绑一整套操作系统,只需要软件工作所需的库资源和设置。系统因此而变得高效轻量并保证部署在任何环境中的软件都能始终如一地运行

比较了 Docker 和传统虚拟化方式的不同之处:

  • 传统虚拟机技术是虚拟出一套硬件后,在其上运行一个完整操作系统,在该系统上再运行所需应用进程;
  • 而容器内的应用进程直接运行于宿主的内核,容器内没有自己的内核,而且也没有进行硬件虚拟。因此容器要比传统虚拟机更为轻便。
  • 每个容器之间互相隔离,每个容器有自己的文件系统 ,容器之间进程不会相互影响,能区分计算资源

3. 开发/运维(DevOps)

Development(开发)和Operations(运维)的组合词。开发自运

1.3 去哪下

官网:Install Docker Engine on CentOS | Docker Documentation 仓库:Docker Hub

centos centos-8-isos-x86_64安装包下载_开源镜像站-阿里云

二、Docker安装

CentOS Docker 安装

Docker支持以下的CentOS版本:

CentOS 7 (64-bit)

CentOS 6.5 (64-bit) 或更高的版本

前提条件

目前,CentOS 仅发行版本中的内核支持 Docker。

Docker 运行在 CentOS 7 上,要求系统为64位、系统内核版本为 3.10 以上

Docker 运行在 CentOS-6.5 或更高的版本的 CentOS 上,要求系统为64位、系统内核版本为 2.6.32-431 或者更高版本

查看内核版本:uname -r

2.1 Docker的基本组成

1. 镜像、容器&仓库

  • 镜像(image):Docker 镜像(Image)就是一个只读的模板。镜像可以用来创建 Docker 容器,一个镜像可以创建很多容器。

  • 容器(container):Docker 利用容器(Container)独立运行的一个或一组应用。容器是用镜像创建的运行实例。它可以被启动、开始、停止、删除。每个容器都是相互隔离的、保证安全的平台。可以把容器看做是一个简易版的 Linux 环境(包括root用户权限、进程空间、用户空间和网络空间等)和运行在其中的应用程序。容器的定义和镜像几乎一模一样,也是一堆层的统一视角,唯一区别在于容器的最上面那一层是可读可写的。
  • 仓库(repository):仓库(Repository)是集中存放镜像文件的场所。仓库(Repository)和仓库注册服务器(Registry)是有区别的。仓库注册服务器上往往存放着多个仓库,每个仓库中又包含了多个镜像,每个镜像有不同的标签(tag)

 2. 总结

需要正确的理解仓储/镜像/容器这几个概念:

Docker 本身是一个容器运行载体或称之为管理引擎。我们把应用程序和配置依赖打包好形成一个可交付的运行环境,这个打包好的运行环境就似乎 image镜像文件。只有通过这个镜像文件才能生成 Docker 容器。image 文件可以看作是容器的模板。Docker 根据 image 文件生成容器的实例。同一个 image 文件,可以生成多个同时运行的容器实例。

  • image 文件生成的容器实例,本身也是一个文件,称为镜像文件;
  • 一个容器运行一种服务,当我们需要的时候,就可以通过docker客户端创建一个对应的运行实例,也就是我们的容器;
  • 至于仓储,就是放了一堆镜像的地方,我们可以把镜像发布到仓储中,需要的时候从仓储中拉下来就可以了。

2.2 Docker的安装

1. CentOS6.8安装Docker

yum install -y epel-release   # docker依赖库
yum install -y docker-io

安装后的配置文件:/etc/sysconfig/docker

启动docker后台服务:service docker start

查看docker版本信息:docker version

2. CentOS7安装Docker

安装官方文档:Install Docker Engine on CentOS | Docker Documentation

安装docker

yum -y install gcc gcc-c++   #安装gcc相关依赖
# 卸载旧版本 没有装的可以直接跳过
sudo yum remove docker docker-client docker-client-latest docker-common \
docker-latest docker-latest-logrotate docker-logrotate docker-engine

# 安装yum-utils包并设置稳定存储库
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo \
  https://download.docker.com/linux/centos/docker-ce.repo
    
# 安装docker
sudo yum install docker-ce docker-ce-cli containerd.io

# 启动docker
systemctl start docker

配置国内镜像加速

docker默认是从docker hub中下载镜像的,但是速度很慢,所以我们需要将镜像仓库切换到国内。这里我们使用阿里云的镜像加速

登陆阿里云,进入控制台-产品与服务-容器镜像服务,复制对应系统的镜像加速语句即可。阿里云镜像加速器

# 在etc下创建docker文件夹
sudo mkdir -p /etc/docker
# 修改配置,设置镜像
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://hbxyofct.mirror.aliyuncs.com"]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker

3. 卸载

systemctl stop docker 
sudo yum remove docker docker-client docker-client-latest docker-common \
docker-latest docker-latest-logrotate docker-logrotate docker-engine
rm -rf /var/lib/docker

4 测试运行hello-world

run干了什么:

2.3 底层原理

1. docker是怎么工作的

Docker是一个Client-Server结构的系统,Docker守护进程运行在主机上, 然后通过Socket连接从客户端访问,守护进程从客户端接受命令并管理运行在主机上的容器。 容器,是一个运行时环境,就是我们前面说到的集装箱。

2. 为什么Docker比VM快

(1)docker有着比虚拟机更少的抽象层。由亍docker不需要Hypervisor实现硬件资源虚拟化,运行在docker容器上的程序直接使用的都是实际物理机的硬件资源。因此在CPU、内存利用率上docker将会在效率上有明显优势。

(2)docker利用的是宿主机的内核,而不需要Guest OS。因此,当新建一个容器时,docker不需要和虚拟机一样重新加载一个操作系统内核。仍而避免引寻、加载操作系统内核返个比较费时费资源的过程,当新建一个虚拟机时,虚拟机软件需要加载Guest OS,返个新建过程是分钟级别的。而docker由于直接利用宿主机的操作系统,则省略了返个过程,因此新建一个docker容器只需要几秒钟。 

Docker容器

操作系统

与宿主机共享OS

宿主机OS上运行虚拟机OS

存储大小

镜像小,便于存储与传输

镜像庞大(vmdk、vdi等)

运行新跟你给

几乎无额外性能损失

操作系统额外的CPU、内存消耗

移植性

轻便、灵活、适应于Linux

笨重,与虚拟化技术耦合度高

硬件亲和性

面向软件开发者

面向硬件运维者

部署速度

快速,秒级

较慢,10s以上

三、Docker常用命令

3.1 帮助命令

docker version:详细版本信息 docker -v:简略版本信息

docker info:对docker镜像、容器、宿主机情况等描述

docker --help:类似于Linux的man,列举所有命令及其含义解释。

3.2 镜像命令

docker images [OPTIONS] [ARGS]:列出本地主机上的镜像

OPTIONS说明:可以通过docker iamges --help查看OPTIONS

  • -a :a表示all,列出本地所有的镜像(含中间映像层)
  • -q :只显示镜像ID。
  • --digests :显示镜像的摘要信息
  • --no-trunc::显示完整的镜像信息

ARGS说明:可以直接写镜像名,比如centos,mysql等等,就是直接查对应的镜像信息。

docker search [OPTIONS] 某个个xxx镜像名字:查镜像

OPTIONS说明: 可以通过docker search --help查看OPTIONS

  • --no-trunc : 显示完整的镜像描述
  • --limit int : 显示最多int条信息。

docker pull 某个个xxx镜像名字[:TAG]:下载镜像

不写版本号默认下载最新版

docker rmi 某个个xxx镜像ID:删除镜像

我们来删一下hello-world

报错了,因为我们正在使用hello-world需要加-f强制删除,docker rmi -f hello-world

  • 删除单个:docker rmi -f 镜像ID/镜像名[:TAG]
  • 删除多个:docker rmi -f 镜像名1:TAG 镜像名2:TAG
  • 删除全部:docker rmi -f $(docker images -qa)

3.3 容器命令

1. 下载镜像,新建并启动容

有镜像才能创建容器,这是根本前提(下载一个CentOS镜像演示) docker pull centos

新建并启动容器,docker run [options] imageID/imageName[:TAG] [command] [arg..]

options说明:

  • --name="容器新名字": 为容器指定一个名称;
  • -d: 后台运行容器,并返回容器ID,也即启动守护式容器;
  • -i:以交互模式运行容器,通常与 -t 同时使用;
  • -t:为容器重新分配一个伪输入终端,通常与 -i 同时使用;
  • -P: 随机端口映射;
  • -p: 指定端口映射,有以下四种格式
    • ip:hostPort:containerPort
    • ip::containerPort
    • hostPort:containerPort
    • containerPort

现在我们进入了,centos容器。(-i -t可以合在一起写成-it)

2. 列出当前所有正在运行的容器

docker ps [OPTIONS]

OPTIONS说明:

  • -a :列出当前所有正在运行的容器+历史上运行过的
  • -l :显示最近创建的容器。
  • -n:显示最近n个创建的容器。
  • -q :静默模式,只显示容器编号。
  • --no-trunc :不截断输出。

可以看到正在运行的容器ID,跟我们启动的centos容器一致。这表示我们通过docker在centos上运行了一个centos容器。

3. 退出容器

exit:容器停止退出;

ctrl+P+Q:容器不停止退出

先exit退出我们运行的centos容器实例。然后,我们以centosByDocker为名字,生成一个centos的容器实例:

docker run -it --name centosByDocker centos

然后按ctrl+P+Q,(按了之后还要按一下回车)回到我们的宿主机:

,然后执行docker ps可以看到容器没有关闭。

4. 启动容器(start 与 run区分开) & 重启容器(restart)

docker start是启动已有容器,docker run是新建并启动容器,这里需要区分开。

启动容器:docker start 容器ID/容器Names即可启动容器。

重启容器:docker restart 容器ID/容器Names

5. 停止容器 & 强制停止容器

停止容器:docker stop 容器ID/容器name

强制停止容器:docker kill 容器ID/容器name

6. 删除已停止的容器

docker rm 容器ID:删除之前需要停止容器。

docker rm -f 容器ID:强制删除,容器运行时可以直接删除。

一次性删除多个容器:

  • docker rm -f $(docker ps -a -q)
  • docker ps -a -q | xargs docker rm
  • docker rm 容器ID1 容器ID2 ..

注:删除的时候不需要吧容器ID写全,写两位就可以,删除前请核对,防止误删

3.4 重要容器命令

1. 启动守护式容器

命令:docker run -d 镜像名[:TAG]/镜像ID

(后台启动)启动守护容器centos:docker run -d --name centosde centos

问题:然后docker ps进行查看, 会发现容器已经退出,并没有处于运行状态。

很重要的要说明的一点: Docker容器后台运行,就必须有一个前台进程。容器运行的命令如果不是那些一直挂起的命令(比如运行top,tail),就是会自动退出的。

这个是docker的机制问题,比如你的web容器,我们以nginx为例,正常情况下,我们配置启动服务只需要启动相应的service即可。例如service nginx start但是,这样做,nginx为后台进程模式运行,就导致docker前台没有运行的应用,,这样的容器后台启动后,会立即自杀因为他觉得他没事可做了。所以,最佳的解决方案是,将你要运行的程序以前台进程的形式运行。

2. 查看容器日志

命令:docker logs -f -t --tail 数字 容器ID

  • -t:表示加入时间戳
  • -f:表示跟随最新的日志打印
  • --tail 数字:表示显示最后多少条

后台运行centos,循环打印一句话:

docker run -d centos /bin/sh -c "while true;do echo hello zzyy;sleep 2;done"

查询一下容器日志:docker logs -f -t --tail 10 容器ID/容器NAME

这里加了-f会不停的追加,如果不加就只会打印--tail指定数目的记录。

3. 查看容器内的进程 & 查看容器内部细节

查看容器内进程命令:docker top 容器ID/容器名

查看容器内细节命名:docker inspect 容器ID/容器名,输出形式为json字符串。

4. 进入正在运行的容器并以命令行交互

docker run -it centos 创建并启动一个centos容器,然后ctrl+p+q退出容器但不关闭。

那么如何再次进入这个容器呢?

  • 使用docker attach 容器ID/容器name命令即可再次进入容器。
  • 使用docker exec -it 容器ID/容器name /bin/bash

注:exec可以不进入容器,直接返回容器中执行的结果,例如:

docker exec -it 容器ID/容器name ls -l

exec与attach的区别:

attach 直接进入容器启动命令的终端,不会启动新的进程;

exec 是在容器中打开新的终端,并且可以启动新的进程;

通过exec进入的容器,使用exit退出时,容器不会关闭。

关于-i -t 与 -it的区别:i是创建标准io接口,t是伪造tty终端;如果光一个i的话,虽然也可以输入命令得到输出,但结果很不友好,自己可以试试;如果光一个t,就只有一个tty,你输入什么都没有反应,因为你没有开放对应的输入接口;正确的应该是-it,开放接口并创建伪tty。

5. 从容器内拷贝文件到主机上

命令:docker cp 容器ID:容器内路径 目的主机路径

3.5 总结

attach Attach to a running container # 当前 shell 下 attach 连接指定运行镜像

build Build an image from a Dockerfile # 通过 Dockerfile 定制镜像

commit Create a new image from a container changes # 提交当前容器为新的镜像

cp Copy files/folders from the containers filesystem to the host path #从容器中拷贝指定文件或者目录到宿主机中

create Create a new container # 创建一个新的容器,同 run,但不启动容器

diff Inspect changes on a container's filesystem # 查看 docker 容器变化

events Get real time events from the server # 从 docker 服务获取容器实时事件

exec Run a command in an existing container # 在已存在的容器上运行命令

export Stream the contents of a container as a tar archive # 导出容器的内容流作为一个 tar 归档文件[对应 import ]

history Show the history of an image # 展示一个镜像形成历史

images List images # 列出系统当前镜像

import Create a new filesystem image from the contents of a tarball # 从tar包中的内容创建一个新的文件系统映像[对应export]

info Display system-wide information # 显示系统相关信息

inspect Return low-level information on a container # 查看容器详细信息

kill Kill a running container # kill 指定 docker 容器

load Load an image from a tar archive # 从一个 tar 包中加载一个镜像[对应 save]

login Register or Login to the docker registry server # 注册或者登陆一个 docker 源服务器

logout Log out from a Docker registry server # 从当前 Docker registry 退出

logs Fetch the logs of a container # 输出当前容器日志信息

port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT # 查看映射端口对应的容器内部源端口

pause Pause all processes within a container # 暂停容器

ps List containers # 列出容器列表

pull Pull an image or a repository from the docker registry server # 从docker镜像源服务器拉取指定镜像或者库镜像

push Push an image or a repository to the docker registry server # 推送指定镜像或者库镜像至docker源服务器

restart Restart a running container # 重启运行的容器

rm Remove one or more containers # 移除一个或者多个容器

rmi Remove one or more images # 移除一个或多个镜像[无容器使用该镜像才可删除,否则需删除相关容器才可继续或 -f 强制删除]

run Run a command in a new container # 创建一个新的容器并运行一个命令

save Save an image to a tar archive # 保存一个镜像为一个 tar 包[对应 load]

search Search for an image on the Docker Hub # 在 docker hub 中搜索镜像

start Start a stopped containers # 启动容器

stop Stop a running containers # 停止容器

tag Tag an image into a repository # 给源中镜像打标签

top Lookup the running processes of a container # 查看容器中运行的进程信息

unpause Unpause a paused container # 取消暂停容器

version Show the docker version information # 查看 docker 版本号

wait Block until a container stops, then print its exit code # 截取容器停止时的退出状态值

四、Docker镜像

4.1 镜像是什么 & 镜像的特点

镜像是一种轻量级、可执行的独立软件包,用来打包软件运行环境和基于运行环境开发的软件,它包含运行某个软件所需的所有内容,包括代码、运行时、库、环境变量和配置文件。

1. UnionFS(联合文件系统)

UnionFS(联合文件系统):Union文件系统(UnionFS)是一种分层、轻量级并且高性能的文件系统,它支持对文件系统的修改作为一次提交来一层层的叠加,同时可以将不同目录挂载到同一个虚拟文件系统下(unite several directories into a single virtual filesystem)。Union 文件系统是 Docker 镜像的基础。镜像可以通过分层来进行继承,基于基础镜像(没有父镜像),可以制作各种具体的应用镜像。

特性:一次同时加载多个文件系统,但从外面看起来,只能看到一个文件系统,联合加载会把各层文件系统叠加起来,这样最终的文件系统会包含所有底层的文件和目录

2. Docker镜像加载原理

docker的镜像实际上由一层一层的文件系统组成,这种层级的文件系统称为UnionFS。

bootfs(boot file system)主要包含bootloader和kernel, bootloader主要是引导加载kernel, Linux刚启动时会加载bootfs文件系统,在Docker镜像的最底层是bootfs。这一层与我们典型的Linux/Unix系统是一样的,包含boot加载器和内核。当boot加载完成之后整个内核就都在内存中了,此时内存的使用权已由bootfs转交给内核,此时系统也会卸载bootfs。

rootfs (root file system) ,在bootfs之上。包含的就是典型 Linux 系统中的 /dev, /proc, /bin, /etc 等标准目录和文件。rootfs就是各种不同的操作系统发行版,比如Ubuntu,Centos等等。

思考:平时我们安装进虚拟机的CentOS都是好几个G,为什么docker这里才200M??

对于一个精简的OS,rootfs可以很小,只需要包括最基本的命令、工具和程序库就可以了,因为底层直接用Host的kernel,自己只需要提供 rootfs 就行了。由此可见对于不同的linux发行版, bootfs基本是一致的, rootfs会有差别, 因此不同的发行版可以公用bootfs。

3. 镜像分层

我们在pull镜像的时候,可以看到docker的镜像好像是一层一层的在下载。

拿tomcat为例,一个单独的tomcat一般只有100多M,但是docker拉取的镜像有400多M,这是为什么?

因为tomcat的运行不仅仅只需要tomcat,还需要java、centos等等依赖,所以docker的tomcat镜像中会包含有java、centos等等,所以会很大。

为什么docker镜像要采用这种分层结构?

最大的一个好处就是 - 共享资源。

比如:有多个镜像都从相同的 base 镜像构建而来,那么宿主机只需在磁盘上保存一份base镜像,同时内存中也只需加载一份 base 镜像,就可以为所有容器服务了。而且镜像的每一层都可以被共享。

4. 镜像的特点

Docker镜像都是只读的,当容器启动时,一个新的可写层被加载到镜像的顶部。这一层通常被称作“容器层”,“容器层”之下的都叫“镜像层”。

4.2 Docker镜像commit操作补充

docker commit提交容器副本使之成为一个新的镜像

docker commit -m=“提交的描述信息” -a=“作者” 容器ID 要创建的目标镜像名:[标签名]

案例演示

① 拉取tomcat镜像并运行

从Hub上下载tomcat镜像到本地并成功运行:

docker pull tomcat
# 这里将host的8888端口映射到容器的8080端口
docker run -it -p 8888:8080 tomcat

我这里虚拟机没有GUI,所以需要通过windows的浏览器来访问tomcat,先看看防火墙是否开启以及是否开放了8888端口的访问权限。

firewall-cmd --permanent --zone=public --add-port=8888/tcp
firewall-cmd --reload

然后访问还是404。搜了一圈,解决办法:Docker方式启动tomcat,访问首页出现404错误

是因为docker的tomcat中/usr/local/tomcat下的webapps文件夹是空的,而原本应该在webapps文件夹下的内容都在旁边的webapps.dist文件夹中。

# 进入正在运行的容器目录
docer exec -it tomcat容器ID /bin/bash
# 将webapps.dist命名为webapps即可,在此之前可以吧webapps重命名成别的名字
mv webapps webapps2
mv webapps.dist webapps

访问成功:

退出(停止)tomcat:ctrl+c

如果使用docker run -it -P tomcat命令:随机分配一个端口号,映射给8080

② 使用commit提交我们修改过的tomcat

docker commit -m "rename webapps.dist to webapps" -a "mrlinxi" 85fc7f7c0182 mrlinxi/tomcat:0.1

 

新建并运行一个我们自己修改过的tomcat容器

docker run -it -p 3333:8080 mrlinxi/tomcat:0.1 注意版本号不要掉了不然docker会到仓库中找latest版本的mrlinxi/tomcat,显然是找不到的。

访问成功

③ 后台运行-d

docker run -d -p 8888:8080 mrlinxi/tomcat:0.1 后台启动tomcat。

可以通过docker attach 容器ID 或者 docker exec -it 容器ID 进入交互页面。

五、Docker容器数据卷

5.1 容器数据卷简述

先来看看Docker的理念:

  • 将运用与运行的环境打包形成容器运行 ,运行可以伴随着容器,但是我们对数据的要求希望是持久化的
  • 容器之间希望有可能共享数据

Docker容器产生的数据,如果不通过docker commit生成新的镜像,使得数据做为镜像的一部分保存下来,那么当容器删除后,数据自然也就没有了。为了能保存数据在docker中我们使用卷。

一句话:有点类似我们Redis里面的rdb和aof文件。

                卷就是目录或文件,存在于一个或多个容器中,由docker挂载到容器,但不属于联合文件系统,因此能够绕过Union File System提供一些用于持续存储或共享数据的特性:卷的设计目的就是数据的持久化,完全独立于容器的生存周期,因此Docker不会在容器删除时删除其挂载的数据卷。

特点:

  1. 数据卷可在容器之间共享或重用数据
  2. 卷中的更改可以直接生效
  3. 数据卷中的更改不会包含在镜像的更新中
  4. 数据卷的生命周期一直持续到没有容器使用它为止
  5. 容器卷也可以完成主机到容器、容器到主机的数据共享(类似于 docker cp)

5.2 容器数据卷案例

1. 命令添加

命令:docker run -it -v /宿主机绝对路径目录:/容器内目录 镜像名

添加之前:

执行docker run -it -v /myDataVolume:/dataVolumeContainer centos

可以看到宿主机跟容器中都生成了对应文件夹:

备注:Docker挂载主机目录Docker访问出现cannot open directory .: Permission denied

解决办法:在挂载目录后多加一个--privileged=true参数即可

检查是否挂载成功docker inspect 容器ID

① 容器和宿主机之间数据共享

可以看到实现了宿主机跟容器之间的双向同步。

② 容器停止退出后,主机修改后数据是否同步

容器先停止退出、主机修改host.txt、容器重启进入、查看主机修改过的host.log

③ 命令(带权限)

带权限的命令:docker run -it -v /宿主机绝对路径目录:/容器内目录:ro 镜像名

ro表示read only只读。

执行:docker run -it -v /myDataVolume:/dataVolumeContainer:ro centos

2. DockerFile添加

具体描述放到后面讲,这里先使用。

主机根目录下新建mydocker文件夹并进入mkdir mydocker

可在Dockerfile中使用VOLUME指令来给镜像添加一个或多个数据卷

VOLUME["/dataVolumeContainer","/dataVolumeContainer2","/dataVolumeContainer3"]

说明:

出于可移植和分享的考虑,用-v 主机目录:容器目录这种方法不能够直接在Dockerfile中实现。

由于宿主机目录是依赖于特定宿主机的,并不能够保证在所有的宿主机上都存在这样的特定目录。

File构建

创建一个文件Dockerfile,然后添加以下内容:

vim Dockerfile

# volume test
FROM centos   
VOLUME ["/dataVolumeContainer1","/dataVolumeContainer2"]
CMD echo "finished,--------success1"
CMD /bin/bash

build后生成镜像:获得一个新的镜像

 

docker build -f /mydocker/Dockerfile -t mrlinxi/centos .

run我们设置好的容器

docker run -it 27ffb21c539d /bin/bash

可以看到容器内已经创建好了卷地址。

 

通过上述步骤,容器内的卷目录地址已经知道,对应的主机目录地址哪??

通过docker inspect 容器ID查看:

 

5.3 数据卷容器

1. 总体介绍

命名的容器挂载数据卷,其它容器通过挂载这个(父容器)实现数据共享,挂载数据卷的容器,称之为数据卷容器。实际上就是通过父容器传递数据卷的配置,通过传递数据卷的配置,将不同容器挂载到宿主机的相同目录下,从而实现各容器之间的数据传递

以上一步新建的镜像mrlinxi/centos为模板并运行容器dc01/dc02/dc03,他们已经具有容器卷/dataVolumeContainer1和/dataVolumeContainer2

2. 容器间传递共享(--volumes-from)

先启动一个父容器dc01,在dataVolumeContainer2中新增内容

docker run -it --name dc01 mrlinxi/centos
cd dataVolumeContainer2
touch doc1.txt

然后ctrl+p+q退出

dc02/dc03继承自dc01,通过--volumes-from继承

docker run -it --name dc02 --volumes-from dc01 mrlinxi/centos

然后在dc02和dc03的dataVolumeContainer2中分别添加各自的内容

docker run -it --name dc02 --volumes-from dc01 mrlinxi/centos
cd dataVolumeContainer2
touch doc2.txt

docker run -it --name dc03 --volumes-from dc01 mrlinxi/centos
cd dataVolumeContainer2
touch doc3.txt

回到dc01可以看到02/03各自添加的都能共享了

同理,dc02跟dc03里面都有其他容器的数据

删除dc01,dc02修改后dc03可否访问

删除dc01后,dc02和dc03之间的数据共享并不受影响。

结论:容器之间配置信息的传递,数据卷的生命周期一直持续到没有容器使用它为止

六、DockerFile解析

6.1 DockerFile简介

Dockerfile是用来构建Docker镜像的构建文件,是由一系列命令和参数构成的脚本。

构建三步骤:

  • 编写Dockerfile文件:必须符合file规范
  • docker build:docker build -f /mydocker/Dockerfile -t mrlinxi/centos . 通过docker build获得一个自定义的镜像
  • docker run

文件长什么样?下面就是我们使用的centos的Dockerfile

FROM scratch
ADD centos-7-x86_64-docker.tar.xz /

LABEL \
    org.label-schema.schema-version="1.0" \
    org.label-schema.name="CentOS Base Image" \
    org.label-schema.vendor="CentOS" \
    org.label-schema.license="GPLv2" \
    org.label-schema.build-date="20201113" \
    org.opencontainers.image.title="CentOS Base Image" \
    org.opencontainers.image.vendor="CentOS" \
    org.opencontainers.image.licenses="GPL-2.0-only" \
    org.opencontainers.image.created="2020-11-13 00:00:00+00:00"
# default cmd
CMD ["/bin/bash"]

6.2 DockerFile构建过程解析

Dockerfile内容基础知识:

  • 每条保留字指令都必须为大写字母且后面要跟随至少一个参数
  • 指令按照从上到下,顺序执行
  • #表示注释
  • 每条指令都会创建一个新的镜像层,并对镜像进行提交

Docker执行Dockerfile的大致流程:

  • (1)docker从基础镜像运行一个容器
  • (2)执行一条指令并对容器作出修改
  • (3)执行类似docker commit的操作提交一个新的镜像层
  • (4)docker再基于刚提交的镜像运行一个新容器
  • (5)执行dockerfile中的下一条指令直到所有指令都执行完成

总结:

从应用软件的角度来看,Dockerfile、Docker镜像与Docker容器分别代表软件的三个不同阶段,

  • Dockerfile是软件的原材料
  • Docker镜像是软件的交付品
  • Docker容器则可以认为是软件的运行态。

Dockerfile面向开发,Docker镜像成为交付标准,Docker容器则涉及部署与运维,三者缺一不可,合力充当Docker体系的基石。

  1. Dockerfile,需要定义一个Dockerfile,Dockerfile定义了进程需要的一切东西。Dockerfile涉及的内容包括执行代码或者是文件、环境变量、依赖包、运行时环境、动态链接库、操作系统的发行版、服务进程和内核进程(当应用进程需要和系统服务和内核进程打交道,这时需要考虑如何设计namespace的权限控制)等等;
  2. Docker镜像,在用Dockerfile定义一个文件之后,docker build时会产生一个Docker镜像,当运行 Docker镜像时,会真正开始提供服务;
  3. Docker容器,容器是直接提供服务的。

6.3 DockerFile体系结构(保留字指令)

FROM:基础镜像,当前新镜像是基于哪个镜像的。基于什么镜像进行修改;

MAINTAINER:镜像维护者的姓名和邮箱地址;

RUN:容器构建时需要运行的命令;

EXPOSE:当前容器对外暴露出的端口;

WORKDIR:指定在创建容器后,终端默认登陆的进来工作目录,一个落脚点,没写默认根目录/

ENV:用来在构建镜像过程中设置环境变量;

例如:ENV MY_PATH /usr/mytest 这个环境变量可以在后续的任何RUN指令中使用,这就如同在命令前面指定了环境变量前缀一样;也可以在其它指令中直接使用这些环境变量。

比如:WORKDIR $MY_PATH

ADD:将宿主机目录下的文件拷贝进镜像且ADD命令会自动处理URL和解压tar压缩包;

COPY:类似ADD,拷贝文件和目录到镜像中。将从构建上下文目录中 <源路径> 的文件/目录复制到新的一层的镜像内的 <目标路径> 位置; COPY src dest COPY ["src", "dest"]

ADDCOPY的区别在于ADD在复制后会自动解压缩和处理URL,而COPY仅仅进行复制。

VOLUME:容器数据卷,用于数据保存和持久化工作;

CMD:指定一个容器启动时要运行的命令;Dockerfile 中可以有多个 CMD 指令,但只有最后一个生效,CMD 会被 docker run 之后的参数替换(后面案例会具体说明);

ENTRYPOINT:指定一个容器启动时要运行的命令;ENTRYPOINT 的目的和 CMD 一样,都是在指定容器启动程序及参数;

CMDENTRYPOINT的区别是CMD存在多个时只有最后一个生效以及CMD会被docker run之后的参数替换;而ENTRYPOINT是追加命令。

ONBUILD:当构建一个被继承的Dockerfile时运行命令,父镜像在被子继承后父镜像的onbuild被触发

 

6.4 案例

1. Base镜像(scratch)

Docker Hub 中 99% 的镜像都是通过在 base 镜像中安装和配置需要的软件构建出来的。

2. 自定义镜像mycentos

Hub默认CentOS镜像什么情况:

自定义mycentos目的使我们自己的镜像具备如下:

登陆后的默认路径、vim编辑器、查看网络配置ifconfig支持

 

① 编写自定义镜像的Dockerfile

我们在宿主机的/mydocker文件夹下,新建一个Dockerfile:vim Dockerfile2,写入下面的内容

FROM centos
MAINTAINER mrlinxi<mrzhme@vip.qq.com>
 
ENV MYPATH /usr/local
WORKDIR $MYPATH
 
RUN yum -y install vim
RUN yum -y install net-tools
 
EXPOSE 80
 
CMD echo $MYPATH
CMD echo "success--------------ok"
CMD /bin/bash

② 构建自定义镜像——docker build

docker build -f /mydocker/Dockerfile2 -t mycentos:0.1 .

build语句最后面一个.表示当前目录。

③ 运行自定义镜像——docker run

docker run -it mycentos:0.1

默认目录是/usr/locl,可以看到我们自己的新镜像已经支持vim/ifconfig命令,拓展成功。

④ 列出镜像的变更历史

docker history 镜像名

3. CMD/ENTRYPOINT 镜像案例

CMD/ENTRYPOINT都是指定一个容器启动时要运行的命令

① CMD镜像案例

Dockerfile 中可以有多个 CMD 指令,但只有最后一个生效,CMD 会被 docker run 之后的参数替换。

这里以tomcat为例,tomcat的dockerfile最后一句是

正常我们启动tomcat的命令是:docker run -it -p 主机端口:8080 tomcat

现在我们执行这样一句命令:docker run -it -p 8888:8080 tomcat ls -l

这样就相当于在tomcat的dockerfile后面又加了一句CMD ls -l,因此会覆盖掉之前的语句

 

此时tomcat并没有运行,只是查看了默认路径下的文件。

② ENTRYPOINT镜像案例

docker run 之后的参数会被当做参数传递给 ENTRYPOINT,之后形成新的命令组合。

制作CMD版可以查询IP信息的容器:

FROM centos
RUN yum install -y curl
CMD [ "curl", "-s", "https://ip.cn" ]

crul命令解释:curl命令可以用来执行下载、发送各种HTTP请求,指定HTTP头部等操作。curl是将下载文件输出到stdout。

使用命令:curl 百度一下,你就知道,执行后,www.baidu.com的html就会显示在屏幕上了。这是最简单的使用方法。用这个命令获得了curl指向的页面,同样,如果这里的URL指向的是一个文件或者一幅图都可以直接下载到本地。如果下载的是HTML文档,那么缺省的将只显示文件头部,即HTML文档的header。要全部显示,请加参数 -i

构建镜像:docker build -f /mydocker/Dockerfile3 -t myip .

创建并启动容器:docker run myip

现在返回的是网页的html文件。

如果我们希望显示 HTTP 头信息,就需要加上 -i 参数:

加上-i后报错了。我们可以看到可执行文件找不到的报错,executable file not found。

之前我们说过,跟在镜像名后面的是 command,运行时会替换 CMD 的默认值。因此这里的 -i 替换了原来的 CMD,而不是添加在原来的 curl -s https://ip.cn 后面。而 -i 根本不是命令,所以自然找不到。那么如果我们希望加入 -i 这参数,我们就必须重新完整的输入这个命令:

docker run myip curl -s https://ip.cn -i

为了解决上述问题,制作ENTROYPOINT版查询IP信息的容器

 FROM centos
RUN yum install -y curl
ENTRYPOINT [ "curl", "-s", "http://ip.cn" ]

docker build -f /mydocker/Dockerfile4 -t myip2
docker run myip2 -i

现在只用追加一个-i即可打印请求头跟html文件。

 

③ ONBUILD案例

直接在Dockerfile4上修改,追加一句ONBUILD RUN echo "father onbuild-----------10086"

然后使用Dockerfile4构建镜像:docker build -f /mydocker/Dockerfile4 -t myip_father .

复制Dockerfile3命名为Dockerfile5,修改Dockerfile5,直接继承自Dockerfile4

FROM myip_father
RUN yum install -y curl
CMD [ "curl", "-s", "https://ip.cn" ]

使用Dockerfile5构建镜像:docker build -f /mydocker/Dockerfile5 -t myip_son .

 

6.5 自定义镜像Tomcat9

1. 创建目录

mkdir /mydocker/tomcat9

2. 将jdk和tomcat安装的压缩包拷贝进上述目录

 

3. 在tomcat9目录下新建Dockerfile文件

注意一下,Dockerfile文件里面涉及到jdk跟tomcat版本的地方一定要确定跟你放在tomcat9文件夹下的一致(别复制粘贴了就是build,到时候run运行不出来)

FROM         centos
MAINTAINER    mrzhme<mrzhme@vip.qq.com>
#把宿主机当前上下文的c.txt拷贝到容器/usr/local/路径下
COPY c.txt /usr/local/cincontainer.txt
#把java与tomcat添加到容器中
ADD jdk-8u301-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-9.0.55.tar.gz /usr/local/
#安装vim编辑器
RUN yum -y install vim
#设置工作访问时候的WORKDIR路径,登录落脚点
ENV MYPATH /usr/local
WORKDIR $MYPATH
#配置java与tomcat环境变量
ENV JAVA_HOME /usr/local/jdk1.8.0_301
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.55
ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.55
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
#容器运行时监听的端口
EXPOSE  8080
#启动时运行tomcat
# ENTRYPOINT ["/usr/local/apache-tomcat-9.0.55/bin/startup.sh" ]
# CMD ["/usr/local/apache-tomcat-9.0.55/bin/catalina.sh","run"]
CMD /usr/local/apache-tomcat-9.0.55/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.55/bin/logs/catalina.out

4. 构建镜像:docker build -t mrlinxitomcat9 .

注意:这里为什么没有加 -f 和Dockerfile的路径?Dockerfile的标准文件名就是Dockerfile,当当前目录下用于构建镜像的Dockerfile的文件名是标准文件名时,可以省略-f+路径。这时Docker会直接读取当前目录下名为Dockerfile的文件进行镜像的构建。

5. 创建容器并启动

docker run -d -p 8888:8080 --name myt9 -v /mydocker/tomcat9/test:/usr/local/apache-tomcat-9.0.55/webapps/test -v /mydocker/tomcat9/tomcat9logs/:/usr/local/apache-tomcat-9.0.55/logs --privileged=true mrlinxitomcat9

6. 测试

记得防火墙开放对应的端口(直接关闭防火墙也可以,但是不推荐):

firewall-cmd --permanent --zone=public --add-port=8888/tcp

访问成功。

 7. 结合前述的容器卷将测试的web服务test发布

cd /mydocker/tomcat9/test
mkdir WEB-INF

在test目录下创建a.jsp文件,在WEB-INF下创建web.xml文件

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://java.sun.com/xml/ns/javaee"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  id="WebApp_ID" version="2.5">
  
  <display-name>test</display-name>
 
</web-app>

a.jsp:

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
  </head>
  <body>
    -----------welcome------------
    <%="i am in docker tomcat self "%>
    <br>
    <br>
    <% System.out.println("=============docker tomcat self");%>
  </body>
</html>

宿主机创建的文件已经同步过去了

重启一下容器:docker restart myt9,访问我们刚才发布的test

6.6 总结

七、Docker常用安装

7.1 总体步骤

搜索镜像->拉取镜像->查看镜像->启动镜像->停止容器->移除容器

docker search xxx

-> docker pull xxx:TAG

-> docker images xxx

-> docker run [-itd -p port:port] [--name yyy] xxx:TAG

-> docker stop 容器ID/yyy

-> docker rm [-f] yyy

7.2 安装mysql

docker pull mysql:5.7

docker run -p 3306:3306 --name mysql \
-v /mydata/mysql/log:/var/log/mysql \
-v /mydata/mysql/data:/var/lib/mysql \
-v /mydata/mysql/conf:/etc/mysql \
-e MYSQL_ROOT_PASSWORD=10086 \
-d mysql:5.7

命令说明:

-p 12345:3306:将主机的3306端口映射到docker容器的3306端口。

--name mysql:运行服务名字

-v /mydata/mysql/conf:/etc/mysql :将主机/mydata/mysql/conf目录,挂载到容器的/etc/mysql目录

-v /mydata/mysql/data:/var/lib/mysql:将主机的/mydata/mysql/data目录,挂载到容器的/var/lib/mysql目录

-v /mydata/mysql/log:/var/log/mysql:将主机的/mydata/mysql/log目录,挂载到容器的/var/log/mysql目录

-e MYSQL_ROOT_PASSWORD=10086:初始化 root 用户的密码。

-d mysql:5.7 : 后台程序运行mysql5.7

使用windows上的sqlyog进行远程连接:

记得关闭宿主机防火墙或者开启3306端口

# 查看防火墙信息,看哪些端口可以访问
firewall-cmd --list-all
# 关闭防火墙
systemctl stop firewalld

# 或者开启3306端口访问(推荐)
firewall-cmd --permanent --zone=public --add-port=3306/tcp
systemctl restart firewalld

mysql8

docker pull mysql:8.0.22

docker run -p 3333:3306 --name mysql8 \
-v /mydata/mysql8/log:/var/log/mysql \
-v /mydata/mysql8/data:/var/lib/mysql \
-v /mydata/mysql8/conf:/etc/mysql \
-v /mydata/mysql8/mysql-files:/var/lib/mysql-files \
-e MYSQL_ROOT_PASSWORD=10086 \
-d mysql:8.0.22

mysql8 需要多加一个-v /mydata/mysql8/mysql-files:/var/lib/mysql-files 不然启动报错。我们尝试使用windows上的sqlyog远程连接docker启动的mysql8容器,发现报错

这是因为mysql8默认使用caching_sha2_password加密方式,而sqlyog不支持,所以需要修改加密规则为mysql_native_password

 

# 通过/bin/bash 进入mysql8容器
docker exec -it mysql8 /bin/bash

# 登陆数据库
mysql -u root -p

随后我们需要查看是否有不受ip限制的用户,以及修改加密方式

# 切换到mysql数据库
use mysql

# 查看user表中的用户和host信息
select user, host from user;

可以看到,root已经有一个%,现在修改root@%的加密规则(如果你想新建一个不受访问ip限制的用户也可以mysql高级篇有详细记录:远程访问授权

 

# 修改'root'@'%'用户的密码规则和密码
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '10086';

# 设置密码永不过期
ALTER USER 'root'@'%' IDENTIFIED BY '10086' PASSWORD EXPIRE NEVER;

#刷新权限
FLUSH PRIVILEGES;

再次测试远程连接:

连接成功!

 

使用docker对mysql容器中的数据进行备份

将docker mysql容器中的所有数据库导出到宿主机的/mydata/mysql8/all-databases.sql文件中

docker exec myql服务容器ID sh -c ' exec mysqldump --all-databases -uroot -p"10086" ' > /mydata/mysql8/all-databases.sql

# 如果使用UTF-16编码 用--result-file= 替换>
docker exec myql服务容器ID sh -c ' exec mysqldump --all-databases -uroot -p"10086" ' --result-file=/mydata/mysql8/all-databases.sql

mysqldump是mysql自带的逻辑备份工具。命令格式:官网mysqldump

mysqldump [选项] 数据库名 [表名] > /路径/filename.sql

mysqldump [选项] --数据库名 [选项 表名] > /路径/filename.sql

mysqldump [选项] --all-databases [选项] > /路径/filename.sql

常用选项说明:

参数名

缩写

含义

--host

-h

服务器IP地址

--port

-P

服务器端口号

--user

-u

mysql用户名

--password

-p

mysql密码

--database

指定要备份的数据库

--all-databases

备份mysql上的所有数据库

--compact

压缩模式,产生更少的输出

--comments

添加注释信息

7.3 安装redis

docker pull redis

docker run -p 6379:6379 -v /mydata/redis/data:/data -v /mydata/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf  -d redis redis-server /usr/local/etc/redis/redis.conf --appendonly yes

--appendonly yes 表示使用AOF进行持久化 (redis默认使用rdb进行持久化)

redis.conf是个文件夹,不是个文件 (小声BB:这个redis.conf文件夹是不是太容易引起歧义了?还有redis-server启动的时候,后面跟的那串不是指定的配置文件的路径吗,讲道理redis.conf应该就是个配置文件才对);

在主机/mydata/redis/conf/redis.conf目录下新建redis.conf文件

vim /mydata/redis/conf/redis.conf 📎redis.conf.txt

# Redis configuration file example.
#
# Note that in order to read the configuration file, Redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf
 
# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.
################################## INCLUDES ###################################
 
# Include one or more other config files here.  This is useful if you
# have a standard template that goes to all Redis servers but also need
# to customize a few per-server settings.  Include files can include
# other files, so use this wisely.
#
# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include /path/to/local.conf
# include /path/to/other.conf
 
################################## NETWORK #####################################
 
# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#bind 127.0.0.1
 
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
#    "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
 
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
 
# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
# to avoid slow clients connections issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
 
# Unix socket.
#
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700
 
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
 
# TCP keepalive.
#
# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful for two reasons:
#
# 1) Detect dead peers.
# 2) Take the connection alive from the point of view of network
#    equipment in the middle.
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
# On other kernels the period depends on the kernel configuration.
#
# A reasonable value for this option is 300 seconds, which is the new
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
 
################################# GENERAL #####################################
 
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
#daemonize no
 
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
#   supervised no      - no supervision interaction
#   supervised upstart - signal upstart by putting Redis into SIGSTOP mode
#   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
#   supervised auto    - detect upstart or systemd method based on
#                        UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
#       They do not enable continuous liveness pings back to your supervisor.
supervised no
 
# If a pid file is specified, Redis writes it where specified at startup
# and removes it at exit.
#
# When the server runs non daemonized, no pid file is created if none is
# specified in the configuration. When the server is daemonized, the pid file
# is used even if not specified, defaulting to "/var/run/redis.pid".
#
# Creating a pid file is best effort: if Redis is not able to create it
# nothing bad happens, the server will start and run normally.
pidfile /var/run/redis_6379.pid
 
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel notice
 
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile ""
 
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
 
# Specify the syslog identity.
# syslog-ident redis
 
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# syslog-facility local0
 
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16
 
################################ SNAPSHOTTING  ################################
#
# Save the DB on disk:
#
#   save <seconds> <changes>
#
#   Will save the DB if both the given number of seconds and the given
#   number of write operations against the DB occurred.
#
#   In the example below the behaviour will be to save:
#   after 900 sec (15 min) if at least 1 key changed
#   after 300 sec (5 min) if at least 10 keys changed
#   after 60 sec if at least 10000 keys changed
#
#   Note: you can disable saving completely by commenting out all "save" lines.
#
#   It is also possible to remove all the previously configured save
#   points by adding a save directive with a single empty string argument
#   like in the following example:
#
#   save ""
 
save 120 1
save 300 10
save 60 10000
 
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
 
# Compress string objects using LZF when dump .rdb databases?
# For default that's set to 'yes' as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
 
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
 
# The filename where to dump the DB
dbfilename dump.rdb
 
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir ./
 
################################# REPLICATION #################################
 
# Master-Slave replication. Use slaveof to make a Redis instance a copy of
# another Redis server. A few things to understand ASAP about Redis replication.
#
# 1) Redis replication is asynchronous, but you can configure a master to
#    stop accepting writes if it appears to be not connected with at least
#    a given number of slaves.
# 2) Redis slaves are able to perform a partial resynchronization with the
#    master if the replication link is lost for a relatively small amount of
#    time. You may want to configure the replication backlog size (see the next
#    sections of this file) with a sensible value depending on your needs.
# 3) Replication is automatic and does not need user intervention. After a
#    network partition slaves automatically try to reconnect to masters
#    and resynchronize with them.
#
# slaveof <masterip> <masterport>
 
# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>
 
# When a slave loses its connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
#    still reply to client requests, possibly with out of date data, or the
#    data set may just be empty if this is the first synchronization.
#
# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
#    an error "SYNC with master in progress" to all the kind of commands
#    but to INFO and SLAVEOF.
#
slave-serve-stale-data yes
 
# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default slaves are read-only.
#
# Note: read only slaves are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only slave exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only slaves using 'rename-command' to shadow all the
# administrative / dangerous commands.
slave-read-only yes
 
# Replication SYNC strategy: disk or socket.
#
# -------------------------------------------------------
# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
# -------------------------------------------------------
#
# New slaves and reconnecting slaves that are not able to continue the replication
# process just receiving differences, need to do what is called a "full
# synchronization". An RDB file is transmitted from the master to the slaves.
# The transmission can happen in two different ways:
#
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
#                 file on disk. Later the file is transferred by the parent
#                 process to the slaves incrementally.
# 2) Diskless: The Redis master creates a new process that directly writes the
#              RDB file to slave sockets, without touching the disk at all.
#
# With disk-backed replication, while the RDB file is generated, more slaves
# can be queued and served with the RDB file as soon as the current child producing
# the RDB file finishes its work. With diskless replication instead once
# the transfer starts, new slaves arriving will be queued and a new transfer
# will start when the current one terminates.
#
# When diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple slaves
# will arrive and the transfer can be parallelized.
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync no
 
# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
# to the slaves.
#
# This is important since once the transfer starts, it is not possible to serve
# new slaves arriving, that will be queued for the next RDB transfer, so the server
# waits a delay in order to let more slaves arrive.
#
# The delay is specified in seconds, and by default is 5 seconds. To disable
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5
 
# Slaves send PINGs to server in a predefined interval. It's possible to change
# this interval with the repl_ping_slave_period option. The default value is 10
# seconds.
#
# repl-ping-slave-period 10
 
# The following option sets the replication timeout for:
#
# 1) Bulk transfer I/O during SYNC, from the point of view of slave.
# 2) Master timeout from the point of view of slaves (data, pings).
# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-slave-period otherwise a timeout will be detected
# every time there is low traffic between the master and the slave.
#
# repl-timeout 60
 
# Disable TCP_NODELAY on the slave socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to slaves. But this can add a delay for
# the data to appear on the slave side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the slave side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and slaves are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
 
# Set the replication backlog size. The backlog is a buffer that accumulates
# slave data when slaves are disconnected for some time, so that when a slave
# wants to reconnect again, often a full resync is not needed, but a partial
# resync is enough, just passing the portion of data the slave missed while
# disconnected.
#
# The bigger the replication backlog, the longer the time the slave can be
# disconnected and later be able to perform a partial resynchronization.
#
# The backlog is only allocated once there is at least a slave connected.
#
# repl-backlog-size 1mb
 
# After a master has no longer connected slaves for some time, the backlog
# will be freed. The following option configures the amount of seconds that
# need to elapse, starting from the time the last slave disconnected, for
# the backlog buffer to be freed.
#
# A value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600
 
# The slave priority is an integer number published by Redis in the INFO output.
# It is used by Redis Sentinel in order to select a slave to promote into a
# master if the master is no longer working correctly.
#
# A slave with a low priority number is considered better for promotion, so
# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
# pick the one with priority 10, that is the lowest.
#
# However a special priority of 0 marks the slave as not able to perform the
# role of master, so a slave with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
slave-priority 100
 
# It is possible for a master to stop accepting writes if there are less than
# N slaves connected, having a lag less or equal than M seconds.
#
# The N slaves need to be in "online" state.
#
# The lag in seconds, that must be <= the specified value, is calculated from
# the last ping received from the slave, that is usually sent every second.
#
# This option does not GUARANTEE that N replicas will accept the write, but
# will limit the window of exposure for lost writes in case not enough slaves
# are available, to the specified number of seconds.
#
# For example to require at least 3 slaves with a lag <= 10 seconds use:
#
# min-slaves-to-write 3
# min-slaves-max-lag 10
#
# Setting one or the other to 0 disables the feature.
#
# By default min-slaves-to-write is set to 0 (feature disabled) and
# min-slaves-max-lag is set to 10.
 
# A Redis master is able to list the address and port of the attached
# slaves in different ways. For example the "INFO replication" section
# offers this information, which is used, among other tools, by
# Redis Sentinel in order to discover slave instances.
# Another place where this info is available is in the output of the
# "ROLE" command of a masteer.
#
# The listed IP and address normally reported by a slave is obtained
# in the following way:
#
#   IP: The address is auto detected by checking the peer address
#   of the socket used by the slave to connect with the master.
#
#   Port: The port is communicated by the slave during the replication
#   handshake, and is normally the port that the slave is using to
#   list for connections.
#
# However when port forwarding or Network Address Translation (NAT) is
# used, the slave may be actually reachable via different IP and port
# pairs. The following two options can be used by a slave in order to
# report to its master a specific set of IP and port, so that both INFO
# and ROLE will report those values.
#
# There is no need to use both the options if you need to override just
# the port or the IP address.
#
# slave-announce-ip 5.5.5.5
# slave-announce-port 1234
 
################################## SECURITY ###################################
 
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
 
# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.
 
################################### LIMITS ####################################
 
# Set the max number of connected clients at the same time. By default
# this limit is set to 10000 clients, however if the Redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as Redis reserves a few file descriptors for internal uses).
#
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# maxclients 10000
 
# Don't use more memory than the specified amount of bytes.
# When the memory limit is reached Redis will try to remove keys
# according to the eviction policy selected (see maxmemory-policy).
#
# If Redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will start to reply with errors to commands
# that would use more memory, like SET, LPUSH, and so on, and will continue
# to reply to read-only commands like GET.
#
# This option is usually useful when using Redis as an LRU cache, or to set
# a hard memory limit for an instance (using the 'noeviction' policy).
#
# WARNING: If you have slaves attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the slaves are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of slaves is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# In short... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there is some free RAM on the system for slave
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory <bytes>
 
# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
# is reached. You can select among five behaviors:
#
# volatile-lru -> remove the key with an expire set using an LRU algorithm
# allkeys-lru -> remove any key according to the LRU algorithm
# volatile-random -> remove a random key with an expire set
# allkeys-random -> remove a random key, any key
# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
# noeviction -> don't expire at all, just return an error on write operations
#
# Note: with any of the above policies, Redis will return an error on write
#       operations, when there are no suitable keys for eviction.
#
#       At the date of writing these commands are: set setnx setex append
#       incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
#       sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
#       zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
#       getset mset msetnx exec sort
#
# The default is:
#
# maxmemory-policy noeviction
 
# LRU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can tune it for speed or
# accuracy. For default Redis will check five keys and pick the one that was
# used less recently, you can change the sample size using the following
# configuration directive.
#
# The default of 5 produces good enough results. 10 Approximates very closely
# true LRU but costs a bit more CPU. 3 is very fast but not very accurate.
#
# maxmemory-samples 5
 
############################## APPEND ONLY MODE ###############################
 
# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check http://redis.io/topics/persistence for more information.
 
appendonly no
 
# The name of the append only file (default: "appendonly.aof")
 
appendfilename "appendonly.aof"
 
# The fsync() call tells the Operating System to actually write data on disk
# instead of waiting for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
#
# Redis supports three different modes:
#
# no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to the append only log. Slow, Safest.
# everysec: fsync only one time every second. Compromise.
#
# The default is "everysec", as that's usually the right compromise between
# speed and data safety. It's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# More details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# If unsure, use "everysec".
 
# appendfsync always
appendfsync everysec
# appendfsync no
 
# When the AOF fsync policy is set to always or everysec, and a background
# saving process (a background save or AOF log background rewriting) is
# performing a lot of I/O against the disk, in some Linux configurations
# Redis may block too long on the fsync() call. Note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving, the durability of Redis is
# the same as "appendfsync none". In practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
# If you have latency problems turn this to "yes". Otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
 
no-appendfsync-on-rewrite no
 
# Automatic rewrite of the append only file.
# Redis is able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log size grows by the specified percentage.
#
# This is how it works: Redis remembers the size of the AOF file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the AOF at startup is used).
#
# This base size is compared to the current size. If the current size is
# bigger than the specified percentage, the rewrite is triggered. Also
# you need to specify a minimal size for the AOF file to be rewritten, this
# is useful to avoid rewriting the AOF file even if the percentage increase
# is reached but it is still pretty small.
#
# Specify a percentage of zero in order to disable the automatic AOF
# rewrite feature.
 
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
 
# An AOF file may be found to be truncated at the end during the Redis
# startup process, when the AOF data gets loaded back into memory.
# This may happen when the system where Redis is running
# crashes, especially when an ext4 filesystem is mounted without the
# data=ordered option (however this can't happen when Redis itself
# crashes or aborts but the operating system still works correctly).
#
# Redis can either exit with an error when this happens, or load as much
# data as possible (the default now) and start if the AOF file is found
# to be truncated at the end. The following option controls this behavior.
#
# If aof-load-truncated is set to yes, a truncated AOF file is loaded and
# the Redis server starts emitting a log to inform the user of the event.
# Otherwise if the option is set to no, the server aborts with an error
# and refuses to start. When the option is set to no, the user requires
# to fix the AOF file using the "redis-check-aof" utility before to restart
# the server.
#
# Note that if the AOF file will be found to be corrupted in the middle
# the server will still exit with an error. This option only applies when
# Redis will try to read more data from the AOF file but not enough bytes
# will be found.
aof-load-truncated yes
 
################################ LUA SCRIPTING  ###############################
 
# Max execution time of a Lua script in milliseconds.
#
# If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# When a long running script exceeds the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
# used to stop a script that did not yet called write commands. The second
# is the only way to shut down the server in the case a write command was
# already issued by the script but the user doesn't want to wait for the natural
# termination of the script.
#
# Set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000
 
################################ REDIS CLUSTER  ###############################
#
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
# in order to mark it as "mature" we need to wait for a non trivial percentage
# of users to deploy it in production.
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
# Normal Redis instances can't be part of a Redis Cluster; only nodes that are
# started as cluster nodes can. In order to start a Redis instance as a
# cluster node enable the cluster support uncommenting the following:
#
# cluster-enabled yes
 
# Every cluster node has a cluster configuration file. This file is not
# intended to be edited by hand. It is created and updated by Redis nodes.
# Every Redis Cluster node requires a different cluster configuration file.
# Make sure that instances running in the same system do not have
# overlapping cluster configuration file names.
#
# cluster-config-file nodes-6379.conf
 
# Cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failure state.
# Most other internal time limits are multiple of the node timeout.
#
# cluster-node-timeout 15000
 
# A slave of a failing master will avoid to start a failover if its data
# looks too old.
#
# There is no simple way for a slave to actually have a exact measure of
# its "data age", so the following two checks are performed:
#
# 1) If there are multiple slaves able to failover, they exchange messages
#    in order to try to give an advantage to the slave with the best
#    replication offset (more data from the master processed).
#    Slaves will try to get their rank by offset, and apply to the start
#    of the failover a delay proportional to their rank.
#
# 2) Every single slave computes the time of the last interaction with
#    its master. This can be the last ping or command received (if the master
#    is still in the "connected" state), or the time that elapsed since the
#    disconnection with the master (if the replication link is currently down).
#    If the last interaction is too old, the slave will not try to failover
#    at all.
#
# The point "2" can be tuned by user. Specifically a slave will not perform
# the failover if, since the last interaction with the master, the time
# elapsed is greater than:
#
#   (node-timeout * slave-validity-factor) + repl-ping-slave-period
#
# So for example if node-timeout is 30 seconds, and the slave-validity-factor
# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the
# slave will not try to failover if it was not able to talk with the master
# for longer than 310 seconds.
#
# A large slave-validity-factor may allow slaves with too old data to failover
# a master, while a too small value may prevent the cluster from being able to
# elect a slave at all.
#
# For maximum availability, it is possible to set the slave-validity-factor
# to a value of 0, which means, that slaves will always try to failover the
# master regardless of the last time they interacted with the master.
# (However they'll always try to apply a delay proportional to their
# offset rank).
#
# Zero is the only value able to guarantee that when all the partitions heal
# the cluster will always be able to continue.
#
# cluster-slave-validity-factor 10
 
# Cluster slaves are able to migrate to orphaned masters, that are masters
# that are left without working slaves. This improves the cluster ability
# to resist to failures as otherwise an orphaned master can't be failed over
# in case of failure if it has no working slaves.
#
# Slaves migrate to orphaned masters only if there are still at least a
# given number of other working slaves for their old master. This number
# is the "migration barrier". A migration barrier of 1 means that a slave
# will migrate only if there is at least 1 other working slave for its master
# and so forth. It usually reflects the number of slaves you want for every
# master in your cluster.
#
# Default is 1 (slaves migrate only if their masters remain with at least
# one slave). To disable migration just set it to a very large value.
# A value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1
 
# By default Redis Cluster nodes stop accepting queries if they detect there
# is at least an hash slot uncovered (no available node is serving it).
# This way if the cluster is partially down (for example a range of hash slots
# are no longer covered) all the cluster becomes, eventually, unavailable.
# It automatically returns available as soon as all the slots are covered again.
#
# However sometimes you want the subset of the cluster which is working,
# to continue to accept queries for the part of the key space that is still
# covered. In order to do so, just set the cluster-require-full-coverage
# option to no.
#
# cluster-require-full-coverage yes
 
# In order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.
 
################################## SLOW LOG ###################################
 
# The Redis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time does not include the I/O operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# You can configure the slow log with two parameters: one tells Redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. When a new command is logged the oldest one is removed from the
# queue of logged commands.
 
# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
 
# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128
 
################################ LATENCY MONITOR ##############################
 
# The Redis latency monitoring subsystem samples different operations
# at runtime in order to collect data related to possible sources of
# latency of a Redis instance.
#
# Via the LATENCY command this information is available to the user that can
# print graphs and obtain reports.
#
# The system only logs operations that were performed in a time equal or
# greater than the amount of milliseconds specified via the
# latency-monitor-threshold configuration directive. When its value is set
# to zero, the latency monitor is turned off.
#
# By default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. Latency
# monitoring can easily be enabled at runtime using the command
# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0
 
############################# EVENT NOTIFICATION ##############################
 
# Redis can notify Pub/Sub clients about events happening in the key space.
# This feature is documented at http://redis.io/topics/notifications
#
# For instance if keyspace events notification is enabled, and a client
# performs a DEL operation on key "foo" stored in the Database 0, two
# messages will be published via Pub/Sub:
#
# PUBLISH __keyspace@0__:foo del
# PUBLISH __keyevent@0__:del foo
#
# It is possible to select the events that Redis will notify among a set
# of classes. Every class is identified by a single character:
#
#  K     Keyspace events, published with __keyspace@<db>__ prefix.
#  E     Keyevent events, published with __keyevent@<db>__ prefix.
#  g     Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
#  $     String commands
#  l     List commands
#  s     Set commands
#  h     Hash commands
#  z     Sorted set commands
#  x     Expired events (events generated every time a key expires)
#  e     Evicted events (events generated when a key is evicted for maxmemory)
#  A     Alias for g$lshzxe, so that the "AKE" string means all the events.
#
#  The "notify-keyspace-events" takes as argument a string that is composed
#  of zero or multiple characters. The empty string means that notifications
#  are disabled.
#
#  Example: to enable list and generic events, from the point of view of the
#           event name, use:
#
#  notify-keyspace-events Elg
#
#  Example 2: to get the stream of the expired keys subscribing to channel
#             name __keyevent@0__:expired use:
#
#  notify-keyspace-events Ex
#
#  By default all notifications are disabled because most users don't need
#  this feature and the feature has some overhead. Note that if you don't
#  specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""
 
############################### ADVANCED CONFIG ###############################
 
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
 
# Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# For a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 Kb  <-- not recommended for normal workloads
# -4: max size: 32 Kb  <-- not recommended
# -3: max size: 16 Kb  <-- probably not recommended
# -2: max size: 8 Kb   <-- good
# -1: max size: 4 Kb   <-- good
# Positive numbers mean store up to _exactly_ that number of elements
# per list node.
# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjust the settings as necessary.
list-max-ziplist-size -2
 
# Lists may also be compressed.
# Compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression.  The head and tail of the list
# are always uncompressed for fast push/pop operations.  Settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
#    going from either the head or tail"
#    So: [head]->node->node->...->node->[tail]
#    [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
#    2 here means: don't compress head or head->next or tail->prev or tail,
#    but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0
 
# Sets have a special encoding in just one case: when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
 
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
 
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# A value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# The suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much PFADD,
# which is O(N) with the sparse encoding. The value can be raised to
# ~ 10000 when CPU is not a concern, but space is, and the data set is
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
 
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
 
# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including MONITOR clients
# slave  -> slave clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# So for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# By default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# Instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
 
# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are performed with the same frequency, but Redis checks for
# tasks to perform according to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
 
# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes

测试redis-cli连接:docker exec -it redis容器ID redis-cli

测试生成持久化文件:

八、本地镜像发布到阿里云

8.1 镜像的生成方法 

  • 前面讲过的DockerFile
  • 从容器创建一个新的镜像:docker commit [OPTIONS] 容器ID [REPOSITORY[:TAG]]
    • OPTIONS选项说明:-a:提交的镜像作者、-m:提交时的说明文字

我们之前自己做了一个包含vim和ifconfig的centos——mycentos:0.1,现在我们把它更新到0.2,并生成一个0.2的镜像。

先看看mycentos:0.1有没有容器docker ps -a,没有就创建一个容器,docker run -itd mycentos:0.1

docker commit -a mrlinxi -m "new contos 0.2 from 0.1" 容器ID mycentos:0.2

这样就得到了mycentos:0.2的镜像

 

8.2 将本地镜像推送到阿里云

登陆阿里云,进入控制台

左上角菜单,点开搜索容器镜像服务:

实例列表—>个人/企业(要钱) 没有的需要创建一下,创建需要设置一个repository密码

然后创建一个镜像仓库

然后下一步,选择本地仓库创建:

创建好仓库后,会有相应的操作指南:

# 登陆仓库 首次登陆需要输入之前我们设置的仓库密码
docker login --username=阿里云账户 registry.cn-hangzhou.aliyuncs.com

docker tag [ImageId] registry.cn-hangzhou.aliyuncs.com/mrlinxi/mycentos:[镜像版本号]
docker push registry.cn-hangzhou.aliyuncs.com/mrlinxi/mycentos:[镜像版本号]

提交后,本地也会有一份提交的镜像。

我们尝试从阿里云拉取我们刚才push的镜像。

# 删除本地提交的镜像
docker rmi -f registry.cn-hangzhou.aliyuncs.com/mrlinxi/mycentos:0.2.1

dokcer pull registry.cn-hangzhou.aliyuncs.com/mrlinxi/mycentos:0.2.1

阿锐丫
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Linux下 安装Docker
Laputa_Castle的博客
06-09 2万+
Linux下 安装Docker
安装docker
lucylily11的博客
10-30 7045
参考阿里云的镜像加速文档:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors。docker save 镜像名/镜像ID -o 镜像保存的名字 镜像保存的tag。systemctl status docker # 查看docker启动状态。systemctl start docker # 启动docker服务。docker rmi -f 镜像名/镜像ID。启动docker前,一定要关闭防火墙后!docker -v 查看docker版本。
Docker在linux上的安装与使用(亲测)
最新发布
风雨无阻学习之路
06-28 1256
Docker在linux安装和使用,利用Docker启动tomcat
docker 国内镜像源
m0_46471328的博客
04-21 7555
修改docker站内配置,达到快速拉取镜像。
docker配置国内镜像源
weixin_43031220的博客
03-30 4708
在Linux上,该文件通常位于/etc/docker/目录下。在Windows上,该文件通常位于C:\ProgramData\Docker\config\目录下。在Windows上,可以在系统托盘中右键单击Docker图标,然后选择“退出Docker Desktop”选项。当您使用docker pull命令下载镜像时,Docker将从您配置的镜像源中获取镜像。在中国,由于网络限制,从Docker Hub下载镜像可能会很慢或不可用。这里使用了Docker中国官方镜像源,您也可以使用其他可用的镜像源。
docker国内镜像源配置
qq_39497653的博客
12-09 778
配置docker 为加快拉取镜像速度,建议设置docker国内镜像源 # 创建或修改 /etc/docker/daemon.json 文件,修改为如下形式 { "registry-mirrors" : [ "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn", "http://hub-mirror.c.163.com", "https://cr.console.ali...
docker-compose-ui:Docker Compose的Web界面
02-02
它是什么Docker Compose UI是Docker Compose的Web...compose-ui \-p 5000:5000 \-w /opt/docker-compose-projects/ \-v /var/run/docker.sock:/var/run/docker.sock \francescou/docker-compose-ui:1.13.0您必须等待Doc
centos7.6离线安装docker-ce-19.03、nvidia-docker2
08-03
离线环境下,在centos7.6系统上安装docker-ce-19.03,nvidia-docker2.4版本,其中docker-ce-19.03在docker-local.tar压缩文件里面,nvidia-docker2在nvidia-docker2.zip文件中。 具体安装流程如下: 1.安装docker ...
seaweedfs-docker:seaweedfs的docker环境
05-12
2.使用docker-compose 执行新建容器组 docker-compose up 3.启动容器组 docker-compose start 4.停止容器组 docker-compose stop 5.查询容器组所有容器状态 docker-compose ps 6.删除容器组 docker-compose down ...
docker-build-push:Docker Build&Push GitHub操作
05-08
Docker构建和推送操作 构建一个Docker映像并将其推送到您选择的私有注册表中。 支持的Docker注册表 Docker集线器 Google Container Registry(GCR) ... - uses : mr-smithers-excellent/docker-buil
canal-adapter-v1.1.7的docker镜像
01-08
canal-adapter-v1.1.7,docker镜像,参考的制作流程:https://blog.csdn.net/qiaodaima0/article/details/125561823?spm=1001.2014.3001.5501
Docker容器的官方镜像仓库
热门推荐
小郑
04-12 1万+
镜像仓库分类公有仓库私有仓库官方镜像仓库属于公有仓库网址: hub.docker.com 网站名称:dockerhub注册邮箱创建仓库创建自己的仓库登录仓库web界面登录linux命令行登录直接docker login 输入用户名和密码这个自己创建的存储库一般只有pull时才会登录。
Linux安装Docker(图文解说详细版)
编码人生
03-24 9287
第一步,下载docker 下载地址: https://download.docker.com/linux/static/stable/x86_64/ 这次的演示我们使用docker-18.06.3-ce.tgz 这个版本 第二步,上传到云服务器上面 使用rz命令上传或者fltp工具进行上传 第三步,解压文件 第四步,将解压出来的docker文件复制到 /usr/bin/ 目录下 这么做的目的是将docker交给linux自己去管理,类似spring中的ioc(猜测,非正经知识) cp docker
Linux中安装部署docker
九仞山的专栏
06-26 4795
介绍了linux下安装部署docker的方法
docker镜像仓库详解(Docker Registry)
weixin_67596609的博客
01-04 6492
本片文章主要是对docker的镜像仓库进行了详解。其中包含了一些常用了 docker 指令,通过举例进行详解。也详细解释了镜像仓库的工作机制和常见的镜像仓库。也实际拉去和运行了一些镜像。希望本篇文章会对你有所帮助!
docker】设置 docker 国内镜像仓库报错,解决方案
ladymorgana的博客
08-07 4438
一、报错: 二、原因: 三、解决方案    1. 删除 daemon.json 或者 重命名成 daemon.conf (不推荐,效果相同)    2. 复制标准的 daemon.json 文件格式    3. 针对配置冲突问题 四、生效配置
电子邮件写信页面开发代码
weixin_30512043的博客
07-25 703
页面代码 <!DOCTYPE> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8;application/xml"> <title>sendMessage</title&...
linux内核编程笔记【原创】
weixin_34087307的博客
03-15 734
以下为本人学习笔记,如有转载请注明出处,谢谢   1. service用法 oneshot DEFINE_MUTEX(buzzer_mutex);   mutex_lock(&amp;buzzer_mutex); mutex_unlock(&amp;buzzer_mutex);   static void WriteNumber(const char *fileName, int ...
Ceph-Docker 部署指南
gogo199779的博客
10-25 2722
Ceph-Docker 部署指南 USTC OSH-2021-x-DisGraFS小组 HurryPeng 本指南参考第一篇:用Docker搭建Ceph集群(nautilus版本)_码农飞哥-CSDN博客_ceph docker,部署了一个三节点的简单Ceph集群。相比原文,在功能上有所删减,但对于安装过程中可能出现的问题做了一些细节补充。阅读时,不妨将本问文为原文的一份“注”。在一些“你为什么不自己搜”的问题上,本指南尽量提供了有效的参考链接,以求对读者友好。 在阅读本文前,最好先对Ceph的整体.
- docker images: - docker rmi - docker pull - docker push - docker save - docker load
02-23
Docker images是Docker中的一个重要概念它是用于创建Docker容器的基础。一个Dock image是一个只读的模板,包含了运行一个容器所需的所有文件系统、代码和依赖项。 下是对于您提到的几个D命令的介绍1. docker rmi:...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值