基础配置
操作系统:CentOS 7
docker-ce版本:18.09.0
步骤
(1)启动Docker
打开一个已安装Docker的虚拟机或云主机的终端,输入以下命令启动Docker服务:
# service docker start
(2)获取镜像
可以直接从镜像仓库获取镜像,也可以通过下载后使用import的方式导入镜像。
下面以下载并import一个Ubuntu镜像为例演示使用import方式导入镜像的过程:
# wget https://download.openvz.org/template/precreated/ubuntu-14.04-x86_64-minimal.tar.gz
--2018-11-23 12:46:04-- https://download.openvz.org/template/precreated/ubuntu-14.04-x86_64-minimal.tar.gz
Resolving download.openvz.org (download.openvz.org)... 185.231.241.69
Connecting to download.openvz.org (download.openvz.org)|185.231.241.69|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 78421150 (75M) [application/x-gzip]
Saving to: ‘ubuntu-14.04-x86_64-minimal.tar.gz’
100%[===================================================================================>] 78,421,150 5.69MB/s in 27s
2018-11-23 12:46:33 (2.73 MB/s) - ‘ubuntu-14.04-x86_64-minimal.tar.gz’ saved [78421150/78421150]
# docker import ubuntu-14.04-x86_64-minimal.tar.gz ubuntu:14.04
sha256:6a3d39fa5b768e4f4a9f144a61fc457de691d759277e4419e71b10e52a0e0815
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 14.04 6a3d39fa5b76 15 seconds ago 215MB
(3)实现sshd,在base镜像的基础上生成一个新的镜像
创建一个基于ubuntu:14.04的容器:
# docker run -it ubuntu:14.04 /bin/bash
修改ubuntu的软件源为163镜像站(也可使用其他国内知名镜像站):
# vim /etc/apt/sources.list
deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
更新软件源:
# apt-get update
安装supervisor服务:
# apt-get install supervisor
配置supervisor(添加nodaemon=true和[program:sshd]配置):
# cd /etc/supervisor
# cp supervisord.conf ./conf.d/
# cd conf.d/
# vim supervisord.conf
; supervisor config file
[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
chmod=0700 ; sockef file mode (default 0700)
[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
nodaemon=true ;
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf
[program:sshd]
command=/usr/sbin/sshd -D ;
退出容器
# exit
退出后将该容器commit生成封装了sshd的镜像:
先查看并记下容器的ID(只用记下前4位就行了):
# docker ps -a
然后使用commit命令打包容器:
# docker commit <容器ID> ubuntu:sshd
查看镜像:
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu sshd 3c3be5304fbb 46 seconds ago 546MB
ubuntu 14.04 6a3d39fa5b76 25 minutes ago 215MB
(4)分配容器
容器打包完成后,就可以通过以下命令向主机部署自己的容器了:
# docker run -p 301:22 -d --name test ubuntu:sshd /usr/bin/supervisord
# docker run -p 302:22 -d --name dev ubuntu:sshd /usr/bin/supervisord
# docker run -p 303:22 -d --name client ubuntu:sshd /usr/bin/supervisord
...
# docker run -p xxxx:22 -d --name clientN ubuntu:sshd /usr/bin/supervisord
这样就顺利隔离了N个容器,且每一个都是以CentOS为中心的纯净的Ubuntu系统,按这种分配方式,所有容器性能将和宿主机一样。
(5)搭建自己的私有仓库
我们可以搭建自己的私有的仓库,然后使用类似GitHub的方式,将封装好的镜像push到仓库,其他主机装好docker后,pull下来即可。
Docker Hub容器仓库:https://hub.docker.com/
阿里云容器镜像服务:https://www.aliyun.com/product/acr?spm=5176.54417.developerService.13.2ce324592PbWQs
网易云镜像仓库:https://www.163yun.com/product/repo