docker入門
1、Docker 基本操做 (環境:Centos7.2)
(1) 安裝啓動docker html
yum -y install docker systemctl start docker.service systemctl enable docker.service systemctl grep docker查看docker進程的狀態 systemctl disable firewalld [root@node1 ~]# docker version Client: Version: 1.12.6 API version: 1.24 Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64 Go version: go1.7.4 Git commit: 88a4867/1.12.6 Built: Mon Jul 3 16:02:02 2017 OS/Arch: linux/amd64 Server: Version: 1.12.6 API version: 1.24 Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64 Go version: go1.7.4 Git commit: 88a4867/1.12.6 Built: Mon Jul 3 16:02:02 2017 OS/Arch: linux/amd64 [root@node1 ~]# [root@node1 ~]# docker info docker create/start/stop/pause/unpause
(2) 拉取鏡像node
docker pull docker.io/registry docker images 查看當前導入的鏡像文件
(3) 運行容器python
docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] docker run --name container_name -itd image_name 'command' -it 表示交互模式 -d 後臺進程模式 -rm 當容器運行完畢後就會自動刪除 docker run -itd --name=n2 -p 80:80 docker.io/nginx '/bin/bash' docker ps [-a]
(4) 容器數據持久化linux
docker run -itd --name c1 -p 80:80 -v /tmp/web:/var/www/html docker.io/ansible/centos7-ansible '/bin/bash'
docker exec來進入到到該容器中,或者attach從新鏈接容器的會話 (docker exec -it container_name command)nginx
[root@localhost ~]# docker attach c1 [root@67cb25bb92be ansible]# ls /var/www/html/ ls: cannot open directory /var/www/html/: Permission denied [root@67cb25bb92be ansible]# [root@localhost ~]# getenforce Enforcing [root@localhost ~]# setenforce 0 [root@localhost ~]# docker attach c1 [root@67cb25bb92be ansible]# ls /var/www/html/ index.html [root@67cb25bb92be ansible]# [root@localhost ~]#
(5) 容器間的鏈接
docker run --name test1 --link myweb:web -it ubuntu /bin/bash
上面命令建立了一個新的容器test1。 這裏引入了一個新的標記 --link,其參數部分的myweb表示要鏈接的容器,web是要鏈接的容器的別名。
例:--link name:aliasgit
[root@localhost ~]# docker run -it --name n1 --link c1:centos docker.io/nginx '/bin/bash'
root@80dbefc24db7:/# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 centos 67cb25bb92be c1
172.17.0.3 80dbefc24db7
root@80dbefc24db7:/# ping centos
[root@localhost ~]# docker inspect --format '{{ .NetworkSettings.IPAddress }}' n1
172.17.0.3
(6) 容器間數據共享web
[root@localhost ~]# docker run -it --name n2 --volumes-from c1 docker.io/ansible/centos7-ansible '/bin/bash' [root@64f9e61cc100 ansible]# ls /var/www/html/ index.html [root@64f9e61cc100 ansible]# echo "n2" > /var/www/html/n2.html [root@64f9e61cc100 ansible]# ls /var/www/html/ index.html n2.html [root@64f9e61cc100 ansible]# [root@localhost ~]# [root@localhost ~]# docker attach c1 [root@67cb25bb92be ansible]# ls /var/www/html/ index.html n2.html [root@67cb25bb92be ansible]# [root@localhost ~]# [root@localhost ~]# ls /tmp/web/ index.html n2.html [root@localhost ~]# cat /tmp/web/n2.html n2 [root@localhost ~]#
(7) 端口映射docker
[root@localhost ~]# docker create -it --name=web03 -p 80:80 nginx 3e28f52bfd9a5156b9656a99adb3005e8f026555f95c705167977e1b4703cc72 [root@localhost ~]# docker start web03 web03 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3e28f52bfd9a nginx "nginx -g 'daemon off" 19 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 443/tcp web03 49c788b78b75 nginx "nginx -g 'daemon off" 3 minutes ago Up 2 minutes 80/tcp, 443/tcp web02 [root@localhost ~]# netstat -tnlp -P 隨機端口映射 [root@docker ~]# docker run -d -P -v /web2/html:/usr/share/nginx/html --name web6 nginx 006d1043652b1fb002a627767ab5a5aa0bade98f17639fb5d1f17dfa9d77cea5 [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 006d1043652b nginx:latest "nginx -g 'daemon of 15 seconds ago Up 15 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp web6 [root@docker ~]# elinks 192.168.100.100:32769 --dump web2
(8) 標記鏡像shell
docker tag old-image[:old-tag] new-image[:new-tag]
(9) 將容器設置爲自動啓動apache
[root@localhost ~]# docker run -itd --name n3 --restart always docker.io/nginx '/bin/bash' 56b582d9aa257d297d9fb40bb2b6a8373f6549480f7ed95f0408a51501e56c6b [root@localhost ~]#
(10) 中止並刪除容器
docker stop container_id docker rm container_id
(11) 輸出容器日誌
docker logs <CONTAINER_ID>
(12) 技巧用法
docker rm `docker ps -a -q`:刪除全部容器
docker kill `docker ps -q`
docker rmi `docker images -q -a`
docker top <CONTAINER_ID>:查看容器中運行的進程
docker diff <CONTAINER_ID>:查看容器中的變化
docker inspect <CONTAINER_ID>:查看容器詳細信息(輸出爲Json)
-f:查找特定信息,如docker inspect -f '{{ .NetworkSettings.IPAddress }}'
sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID
列出全部綁定的端口:
docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
找出特殊的端口映射:
sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
獲取配置信息:
sudo docker inspect --format='{{json .config}}' $INSTANCE_ID
docker inspect -f '{{.Id}}' cranky_pare
cp file.txt /var/lib/docker/aufs/mnt/**d8e703d7e3039a6df6d01bd7fb58d1882e592a85059eb16c4b83cf91847f88e5
ip addr 能夠看到docker與真機聯接的橋Docker0的IP
docker的日誌文件寫入到/var/log/message裏
docker search image_name 命令能夠搜索指定的鏡像
docker pull image_name也能夠下載並導入指定的鏡像
docker load < local_image_file 導入本地鏡像文件
2、docker 配置文件
docker配置文件/etc/sysconfig/docker
重要參數解釋:
OPTIONS 用來控制Docker Daemon進程參數
-H 表示Docker Daemon綁定的地址, -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375
--registry-mirror表示Docker Registry的鏡像地址--registry-mirror=http://4bc5abeb.m.daocloud.io
--insecure-registry表示(本地)私有Docker Registry的地址, --insecure-registry ${pivateRegistyHost}:5000
--selinux-enabled是否開啓SELinux,默認開啓 --selinux-enabled=true
-b 表示採用已經建立好的網橋, -b=xxx
OPTIONS=-H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375 --registry-mirror=http://4bc5abeb.m.daocloud.io --selinux-enabled=true
下面是代理的設置
http_proxy=xxxxx:8080
https_proxy=xxxxxx:8080
vi /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/docker daemon -H fd:// -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375 --registry-mirror=http://4bc5abeb.m.daocloud.io --selinux-enabled=true
[Service]
Environment="HTTP_PROXY=..."
Environment="HTTPS_PROXY=..."
Type=notify
ExecStart=/usr/bin/docker daemo
Docker有自動化的需求時,你能夠將containerID輸出到指定的文件中(PIDfile): --cidfile=""
Docker的容器是沒有特權的,例如不能在容器中再啓動一個容器。這是由於默認狀況下容器是不能訪問任何其它設備的。可是經過"privileged",容器就擁有了訪問任何其它設備的權限。
3、網絡管理
可參考:http://blog.chinaunix.net/uid-522675-id-4861366.html
Docker 默認指定了docker0接口的IP/netmask,讓主機和容器之間能夠經過網橋相互通訊,它還給出了MTU(接口容許接收的最大傳輸單元1500 Bytes),或宿主機網絡路由上支持的默認MTU。這些值均可以在服務啓動的時候進行配置。
[root@master ~]# cat /etc/sysconfig/docker-network # /etc/sysconfig/docker-network DOCKER_NETWORK_OPTIONS="-b=bridge0"
修改文件 /etc/docker/daemon.json 添加內容 "bip": "ip/netmask" (切勿與宿主機同網段)
[root@node1 ~]# cat /etc/docker/daemon.json
{
"bip" : "192.168.2.1/24"
}
[root@node1 ~]# systemctl restart docker.service
利用OVS 實現多容器間通迅
(1) Openvswitch 的下載與安裝 :
yum install -y bridge-utils wget yum install -y python-six selinux-policy-devel gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool wget http://openvswitch.org/releases/openvswitch-2.7.2.tar.gz mkdir -p ~/rpmbuild/SOURCES tar -zxvf openvswitch-2.7.2.tar.gz cp openvswitch-2.7.2.tar.gz ~/rpmbuild/SOURCES/ ls /lib/modules/$(uname -r) -ln rpmbuild -bb --without check openvswitch-2.7.2/rhel/openvswitch.spec cd rpmbuild/RPMS/x86_64/ yum -y localinstall openvswitch-*
拓撲以下:
Master 172.16.170.10 docker 192.168.1.0/24
Node 172.16.170.20 docker 192.168.2.0/24
(2) docker master端配置以下
[root@master ~]# systemctl start openvswitch.service && systemctl enable openvswitch.service
[root@master ~]# ovs-vsctl add-br br0
[root@master ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP qlen 1000
link/ether 00:0c:29:97:92:e8 brd ff:ff:ff:ff:ff:ff
inet 172.16.170.10/24 brd 172.16.170.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe97:92e8/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:45:b7:c2:fd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:45ff:feb7:c2fd/64 scope link
valid_lft forever preferred_lft forever
5: vethcff8026@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 32:4a:f5:b7:33:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::304a:f5ff:feb7:33f7/64 scope link
valid_lft forever preferred_lft forever
6: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:ac:8e:a1:68:2b brd ff:ff:ff:ff:ff:ff
7: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:ae:47:8e:30:4d brd ff:ff:ff:ff:ff:ff
[root@master ~]# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre option:remote_ip=172.16.170.20
[root@master ~]# ovs-vsctl show
4fe9a5b3-46ec-432c-a990-bb8e8fee96fe
Bridge "br0"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="172.16.170.20"}
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.7.2"
[root@master ~]# brctl addif docker0 br0
[root@master ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024245b7c2fd no br0
[root@master ~]# ip link set dev br0 up
[root@master ~]# ip link set dev docker0 up
[root@master ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP qlen 1000
link/ether 00:0c:29:97:92:e8 brd ff:ff:ff:ff:ff:ff
inet 172.16.170.10/24 brd 172.16.170.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe97:92e8/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:45:b7:c2:fd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:45ff:feb7:c2fd/64 scope link
valid_lft forever preferred_lft forever
5: vethcff8026@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 32:4a:f5:b7:33:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::304a:f5ff:feb7:33f7/64 scope link
valid_lft forever preferred_lft forever
6: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:ac:8e:a1:68:2b brd ff:ff:ff:ff:ff:ff
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UNKNOWN qlen 1000
link/ether 82:ae:47:8e:30:4d brd ff:ff:ff:ff:ff:ff
inet6 fe80::80ae:47ff:fe8e:304d/64 scope link
valid_lft forever preferred_lft forever
8: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
9: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: gre_sys@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65490 qdisc fq master ovs-system state UNKNOWN qlen 1000
link/ether aa:3a:19:78:48:89 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a83a:19ff:fe78:4889/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]#
[root@master ~]# ip route add 192.168.2.0/24 dev docker0
[root@master ~]# docker run -itd --name c1 docker.io/centos '/bin/bash'
WARNING: IPv4 forwarding is disabled. Networking will not work.
a326fb2eae1ecf1c0b1a26b4b947f20eb44864fc5232e253b582c8c7bb50522a
[root@master ~]# vim /etc/sysctl.conf
[root@master ~]# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv4.ip_forward = 1
[root@master ~]#
(3) docker node端配置以下
[root@node1 ~]# systemctl start openvswitch.service && systemctl enable openvswitch.service
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no
[root@node1 ~]# ovs-vsctl add-br br0
[root@node1 ~]# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre option:remote_ip=172.16.170.10
[root@node1 ~]# brctl addif docker0 br0
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no br0
[root@node1 ~]#
[root@node1 ~]# ip link set dev br0 up
[root@node1 ~]# ip link set dev docker0 up
[root@node1 ~]# ip route add 192.168.1.0/24 dev docker0
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no br0
[root@node1 ~]# ovs-vsctl show
f0be12f7-1aa7-4b93-8d4f-5511b56efec7
Bridge "br0"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="172.16.170.10"}
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.7.2"
[root@node1 ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@node1 ~]# sysctl -p
[root@node1 ~]# docker run -itd --name c2 docker.io/centos '/bin/bash'
c9414017f86e6c362b9481ceffc658275b3557cf0991e84853066d4eccb37b0f
[root@node1 ~]#
(4) 測試
[root@node1 ~]# docker attach c941 [root@c9414017f86e /]# ping -c1 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=5.19 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 5.194/5.194/5.194/0.000 ms [root@c9414017f86e /]# ping -c1 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=63 time=2.74 ms --- 192.168.1.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.742/2.742/2.742/0.000 ms [root@c9414017f86e /]# ping -c1 192.168.2.1 PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.051 ms --- 192.168.2.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms [root@c9414017f86e /]# [root@node1 ~]#
4、私有倉庫
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 751f286bc25e 3 weeks ago 33.19 MB
[root@master ~]# ls /registry/
[root@master ~]# docker run -d -p 5000:5000 -v /registry:/var/lib/registry --name registry_server registry
4eaa8bb4447641560e7445ca709a2a6e198adc183dcf7f4700fcca5fe5b50d2f
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4eaa8bb44476 registry "/entrypoint.sh /etc/" 6 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp registry_server
[root@master ~]#
[root@master ~]# curl http://172.16.170.10:5000/v2/search
404 page not found
[root@master ~]# curl http://172.16.170.10:5000/v2/_catalog
{"repositories":[]}
[root@master ~]#
[root@master ~]# vim /etc/sysconfig/docker
[root@master ~]# grep ^ADD /etc/sysconfig/docker
ADD_REGISTRY='--insecure-registry 172.16.170.10:5000'
[root@master ~]# systemctl restart docker.service
[root@master ~]# docker run -d -p 5000:5000 -v /registry:/var/lib/registry --name registry_server --restart=always registry
47b4df1618a35d19788994fff4054b7e998995f9903c197ef45e63aac447f750
[root@master ~]#
[root@node1 ~]# grep ^ADD /etc/sysconfig/docker
ADD_REGISTRY='--insecure-registry 172.16.170.10:5000'
[root@node1 ~]# systemctl restart docker.service
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Pushed
6bc90c4dba69: Pushed
latest: digest: sha256:4aa012b1460b1c5a025eb7c7e56c4035f66516e38c5c3b57f0e489cb663b28e4 size: 1147
格式必須是: docker push new-repo:tagName
[root@node1 ~]# curl http://172.16.170.10:5000/v2/_catalog
{"repositories":["kubernets-dashboard"]}
[root@node1 ~]#
[root@node1 ~]# docker search 172.16.170.10:5000/kubernets-dashboard:latest
Error response from daemon: Unexpected status code 404
[root@node1 ~]#
帶有認證功能的私有倉庫:
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47b4df1618a3 registry "/entrypoint.sh /etc/" 17 hours ago Up 8 minutes 0.0.0.0:5000->5000/tcp registry_server
[root@master ~]# docker stop registry_server
registry_server
[root@master ~]# docker rm registry_server
registry_server
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 751f286bc25e 3 weeks ago 33.19 MB
[root@master ~]# mkdir -p /opt/data/auth
[root@master ~]# docker run --entrypoint htpasswd registry:latest -Bbn dockerUser dockerPwd >> /opt/data/auth/htpasswd
[root@master ~]# ls /opt/data/auth/
htpasswd
[root@master ~]# cat /opt/data/auth/htpasswd
dockerUser:$2y$05$uT/PA/TpWvLYIlSYV.3JjufAd/HtcYKSlGNA0hkm5Vs2brgUG.1Aa
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@master ~]#
[root@master ~]# docker run -d -p 5000:5000 --restart=always -v /opt/data/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" -v /registry:/var/lib/registry registry:latest
995c98405ae2192b645350a853f15038081b421258bf7937101b43098df6b450
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
995c98405ae2 registry:latest "/entrypoint.sh /etc/" 4 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp angry_kalam
[root@master ~]#
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Preparing
6bc90c4dba69: Preparing
no basic auth credentials
[root@node1 ~]# docker login 172.16.170.10:5000
Username: dockerUser
Password:
Login Succeeded
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Pushed
6bc90c4dba69: Pushed
latest: digest: sha256:4aa012b1460b1c5a025eb7c7e56c4035f66516e38c5c3b57f0e489cb663b28e4 size: 1147
[root@node1 ~]# curl http://172.16.170.10:5000/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
[root@node1 ~]#
kubernetes secret的設置以下:
kubectl create secret docker-registry regsecret --docker-server=name.domain.com --docker-username=**** --docker-password=**** --docker-email=xxxx@yyyy.cn
5、Images 管理
安裝最小化系統,而後將系統製做成image
tar --numeric-owner --exclude=/proc --exclude=/sys -cvf centos7-base.tar
導入image並標記tag
docker import centos7-base.tar 172.16.170.10:5000/centos7-base:latest
以下
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest b8efb18f159b 2 weeks ago 107.5 MB
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker run -itd --name c1 docker.io/nginx '/bin/bash'
4d30aca011ec38380fc1cfba23582127c8d336f33eda116fa05b963bddd9755a
[root@node1 ~]# docker attach 4d30
root@4d30aca011ec:/# ls /usr/share/nginx/html/
50x.html index.html
root@4d30aca011ec:/# echo "Welcome to Yeecall company" > /usr/share/nginx/html/index.html
root@4d30aca011ec:/# nginx
root@4d30aca011ec:/# [root@node1 ~]#
[root@node1 ~]# docker inspect -f '{{ .NetworkSettings.IPAddress }}' c1
172.17.0.2
[root@node1 ~]# curl http://172.17.0.2
Welcome to Yeecall company
提交image
[root@node1 ~]# docker commit 4d30 172.16.170.10:5000/nginx:latest sha256:7d5bf2507db41007d09cf491259aae0d947fd2c739bc4c40156b29b1ee5c28a7 [root@node1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.16.170.10:5000/nginx latest 7d5bf2507db4 3 seconds ago 107.5 MB docker.io/nginx latest b8efb18f159b 2 weeks ago 107.5 MB 172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB [root@node1 ~]# docker push 172.16.170.10:5000/nginx The push refers to a repository [172.16.170.10:5000/nginx] 3109d2b079eb: Pushed af5bd3938f60: Pushed 29f11c413898: Pushed eb78099fbf7f: Pushed latest: digest: sha256:0ce18ab5e00b1cc12258e77e79626771666705381dad05cde597130509ea1e32 size: 1155 [root@node1 ~]#
客戶端使用images:
[root@docker ~]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache100 /bin/bash -c "exec /usr/sbin/httpd -D FOREGROUND" [root@docker ~]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache100 /bin/bash -c "/etc/init.d/httpd start; tail -f /var/log/messages"
6、Dockerfile建立自定義鏡像
原理:按照Dockerfile定義建立一個臨時容器,最後把容器commit,產生新的image
dockerfile關鍵字解釋
FROM(指定基礎image)
該指令有兩種格式:FROM <image> 指定基礎image爲該image的最後修改的版本。
FROM <image>:<tag> 指定基礎image爲該image的一個tag版本。
MAINTAINER(用來指定鏡像建立者信息)
格式:MAINTAINER <name>
RUN(安裝軟件用)
該指令有兩種格式:RUN <command> (the command is run in a shell - /bin/sh -c)
RUN ["executable", "param1", "param2" ... ] (exec form)
CMD(設置container啓動時執行的操做)
該指令有三種格式:CMD ["executable","param1","param2"]
CMD command param1 param2 (as a shell)
當Dockerfile指定了ENTRYPOINT,那麼使用下面的格式:
CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
ENTRYPOINT(設置container啓動時執行的操做)
兩種格式:ENTRYPOINT ["executable", "param1", "param2"] (like an exec, the preferred form)
ENTRYPOINT command param1 param2 (as a shell)
USER(設置container容器的用戶)
格式:USER daemon
EXPOSE(指定容器須要映射到宿主機器的端口)
格式:EXPOSE <port> [<port>...]
ENV(用於設置環境變量)
格式: ENV <key> <value>
ADD(從src複製文件到container的dest路徑)
格式: ADD <src> <dest>
VOLUME(指定掛載點))
格式: VOLUME ["<mountpoint>"]
WORKDIR(切換目錄)
格式: WORKDIR /path/to/workdir
ONBUILD(在子鏡像中執行)
格式: ONBUILD <Dockerfile關鍵字>
說明:Dockfile並不須要全部的關鍵字
實例:
[root@docker ~]# tree sshd_dockfile/ /root/sshd_dockfile/ ├── authorized_keys └── Dockerfile [root@docker ~]# cd sshd_dockfile/ [root@docker sshd_dockfile]# cat Dockerfile FROM centos6:latest MAINTAINER docker sshd v1.0 RUN mkdir /root/.ssh RUN chmod 700 /root/.ssh RUN rm -rf /etc/yum.repos.d/* RUN wget -P /etc/yum.repos.d/ http://192.168.100.100/yum.repo RUN yum install -y openssh-server RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key RUN mkdir /var/run/sshd RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config ADD authorized_keys /root/.ssh/authorized_keys EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] [root@docker sshd_dockfile]# docker build -t rhel-sshd . ........ [root@docker sshd_dockfile]# docker run -d -p 2222:22 --name web1 rhel-sshd [root@docker sshd_dockfile]# netstat -anplt | grep :2222 tcp 0 0 :::2222 :::* LISTEN 10200/docker-proxy
測試登陸
[root@docker sshd_dockfile]# ssh 192.168.100.100 -p 2222
實例2:apache
[root@docker apache_docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/centos latest 49f7960eb7e4 5 weeks ago 200 MB [root@docker apache_dockfile]# pwd /root/apache_dockfile [root@docker apache_docker]# cat Dockerfile # base image FROM docker.io/centos # MAINTAINER MAINTAINER Meteor@163.com RUN yum install -y httpd CMD ["systemctl start httpd"] EXPOSE 80 [root@docker apache_docker]# docker build -t 192.168.20.79:5000/apache:v1 . Sending build context to Docker daemon 2.048 kB Step 1/5 : FROM docker.io/centos ---> 49f7960eb7e4 Step 2/5 : MAINTAINER Meteor@163.com ---> Using cache ---> 064edac0b581 Step 3/5 : RUN yum install -y httpd ---> Running in c71b442a3ea7 ............. Complete! ---> 3e7f656fdb5b Removing intermediate container c71b442a3ea7 Step 4/5 : CMD systemctl start httpd ---> Running in c45a6fcd91bd ---> b3729588fe62 Removing intermediate container c45a6fcd91bd Step 5/5 : EXPOSE 80 ---> Running in 6508fef6e199 ---> c5fb48c808d4 Removing intermediate container 6508fef6e199 Successfully built c5fb48c808d4 [root@docker apache_docker]# [root@docker apache_docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.20.79:5000/apache v1 c5fb48c808d4 2 minutes ago 314 MB docker.io/centos latest 49f7960eb7e4 5 weeks ago 200 MB [root@docker apache_dockfile]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache /bin/bash -c "exec /usr/sbin/httpd -D FOREGROUND"
測試:
[root@docker apache_dockfile]# elinks 192.168.100.100 --dump web2
相關文章
- 1. docker(一)---docker入門
- 2. Docker(一):Docker入門
- 3. docker & docker-compose 入門
- 4. Docker入門(一)用hello world入門docker
- 5. Docker入門 docker入門——構建鏡像
- 6. docker入門
- 7. Docker入門
- 8. Docker入門 (一)
- 9. Docker 入門
- 10. docker(一) 入門
- 更多相關文章...
- • Memcached入門教程 - NoSQL教程
- • Neo4j數據庫入門教程 - NoSQL教程
- • YAML 入門教程
- • Java Agent入門實戰(一)-Instrumentation介紹與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. CVPR 2020 論文大盤點-光流篇
- 2. Photoshop教程_ps中怎麼載入圖案?PS圖案如何導入?
- 3. org.pentaho.di.core.exception.KettleDatabaseException:Error occurred while trying to connect to the
- 4. SonarQube Scanner execution execution Error --- Failed to upload report - 500: An error has occurred
- 5. idea 導入源碼包
- 6. python學習 day2——基礎學習
- 7. 3D將是頁遊市場新賽道?
- 8. osg--交互
- 9. OSG-交互
- 10. Idea、spring boot 圖片(pgn顯示、jpg不顯示)解決方案
歡迎關注本站公眾號,獲取更多信息
相關文章