【原創】運維基礎之Docker（1）簡介、安裝、使用

docker 18.09

官方：https://docs.docker.com/

 

一 簡介

 

Docker is a platform for developers and sysadmins to develop, deploy, and run applications with containers. The use of Linux containers to deploy applications is called containerization. Containers are not new, but their use for easily deploying applications is.

docker是一個開發人員和系統管理人員經過容器來開發、部署和運行應用的平臺；經過容器來部署應用也被成爲容器化；

 

Containerization is increasingly popular because containers are:

• Flexible: Even the most complex applications can be containerized.
• Lightweight: Containers leverage and share the host kernel.
• Interchangeable: You can deploy updates and upgrades on-the-fly.
• Portable: You can build locally, deploy to the cloud, and run anywhere.
• Scalable: You can increase and automatically distribute container replicas.
• Stackable: You can stack services vertically and on-the-fly.

容器化：靈活、輕量級、可替換、可移植、可擴展、可疊加；

 

一個image是一個包含全部依賴的可執行包，一個image運行起來的一個instance稱爲一個container，一個（或多個）機器上運行同一個image的一個或多個container稱爲service；在多個機器上進行容器化部署稱爲swarm；

1 Container、Image

A container is launched by running an image. An image is an executable package that includes everything needed to run an application--the code, a runtime, libraries, environment variables, and configuration files.

運行一個image時會啓動一個container，一個image是包含運行所需全部信息（包括代碼、庫、環境變量、配置文件等）的可執行包；

A container is a runtime instance of an image--what the image becomes in memory when executed (that is, an image with state, or a user process). You can see a list of your running containers with the command, docker ps, just as you would in Linux.

一個container是一個image的運行時實例，能夠經過docker ps命令查看全部正在運行的container；

A container runs natively on Linux and shares the kernel of the host machine with other containers. It runs a discrete process, taking no more memory than any other executable, making it lightweight.

一個container在linux上以原生進程的方式運行，不會佔用其餘內存，因此很是輕量級；

2 Dockerfile

Dockerfile defines what goes on in the environment inside your container. Access to resources like networking interfaces and disk drives is virtualized inside this environment, which is isolated from the rest of your system, so you need to map ports to the outside world, and be specific about what files you want to 「copy in」 to that environment. However, after doing that, you can expect that the build of your app defined in this Dockerfile behaves exactly the same wherever it runs.

dockerfile定義一個容器內部的運行環境，在這個環境中，對外部資源的訪問（好比網絡、接口和磁盤）都被虛擬化，從而實現與外部系統的隔離，因此你須要作端口映射、指定哪些文件須要在環境中能夠訪問等；

3 Registry

A registry is a collection of repositories, and a repository is a collection of images—sort of like a GitHub repository, except the code is already built. An account on a registry can create many repositories. The docker CLI uses Docker’s public registry by default.

一個registry是多個倉庫的集合，一個倉庫是多個image的集合；docker命令行默認使用的是docker公共registry；

4 Service

Services are really just 「containers in production.」 A service only runs one image, but it codifies the way that image runs—what ports it should use, how many replicas of the container should run so the service has the capacity it needs, and so on. Scaling a service changes the number of container instances running that piece of software, assigning more computing resources to the service in the process.

Luckily it’s very easy to define, run, and scale services with the Docker platform -- just write a docker-compose.yml file.

service只運行一個image，service是運行同一個image的多個container的集合，service能夠配置端口、資源、container數量等，經過docker-compose.yml來定義service；

A single container running in a service is called a task. Tasks are given unique IDs that numerically increment, up to the number of replicas you defined in docker-compose.yml.

service中的一個continer也被稱爲一個task，每一個task都有一個惟一自增id；

5 Swarm

A swarm is a group of machines that are running Docker and joined into a cluster. After that has happened, you continue to run the Docker commands you’re used to, but now they are executed on a cluster by a swarm manager. The machines in a swarm can be physical or virtual. After joining a swarm, they are referred to as nodes.

Swarm managers are the only machines in a swarm that can execute your commands, or authorize other machines to join the swarm as workers. Workers are just there to provide capacity and do not have the authority to tell any other machine what it can and cannot do.

一個swarm是一組運行docker的機器；swarm集羣中分爲swarm manager和worker；

 

二 安裝

支持平臺

windows安裝

https://hub.docker.com/editions/community/docker-ce-desktop-windows

win10以前的版本直接下載：

https://download.docker.com/win/stable/DockerToolbox.exe

linux安裝

1 安裝docker

yum安裝

添加repo

# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

安裝

# yum install docker-ce docker-ce-cli containerd.io

手動安裝

下載

http://mirror.centos.org/centos/7/os/x86_64/Packages/
libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm

http://mirror.centos.org/centos/7/extras/x86_64/Packages/
container-selinux-2.74-1.el7.noarch.rpm

https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
containerd.io-1.2.2-3.el7.x86_64.rpm
docker-ce-cli-18.09.1-3.el7.x86_64.rpm
docker-ce-18.09.1-3.el7.x86_64.rpm

根據須要安裝

# yum install libcgroup selinux-policy policycoreutils-python

2 安裝docker machine

$ base=https://github.com/docker/machine/releases/download/v0.16.0 &&
curl -L $base/docker-machine-$(uname -s)-$(uname -m) >/tmp/docker-machine &&
sudo install /tmp/docker-machine /usr/local/bin/docker-machine

Get Docker Machine, which is pre-installed with Docker Desktop for Mac and Docker Desktop for Windows, but on Linux systems you need to install it directly. On pre Windows 10 systems without Hyper-V, as well as Windows 10 Home, use Docker Toolbox.

3 啓動

# service docker start

or

# systemctl start docker

4 開機啓動

# systemctl enable docker

三 使用

1 命令

查看版本和系統信息

# docker --version
Docker version 18.09.1, build 4c52b90

# docker info

經常使用命令

## List Docker CLI commands
docker
docker container --help

## Display Docker version and info
docker --version
docker version
docker info

## Execute Docker image
docker run hello-world

## List Docker images
docker image ls

## List Docker containers (running, all, all in quiet mode)
docker container ls
docker container ls --all
docker container ls -aq

注意：docker ps = docker container ls 

2 運行image示例

1）根據名字搜索image（以nginx爲例）

$ docker search nginx

2）查看一個image的全部版本（以nginx爲例）

$ curl https://hub.docker.com/_/nginx

3）查看一個image或container的詳細信息，包括配置（以nginx爲例）

$ docker inspect nginx

4）啓動ubuntu，啓動前會自動pull image

$ docker run --interactive --tty ubuntu bash

5）啓動nginx，啓動前會自動pull image

# docker run --detach --publish 80:80 --name webserver nginx
# curl http://localhost:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8ce03aa7ebc nginx "nginx -g 'daemon of鈥 12 minutes ago Up 12 minutes 0.0.0.0:80->80/tcp webserver

其中：-p = --publish （端口映射），-d = --detach （後臺運行）

Run the app, mapping your machine’s port 80 to the container’s published port 80 using -p (--publish)

注意：端口映射以後，在linux上能夠直接經過 localhost:port 來訪問對應的端口，可是windows不行，由於docker在不一樣平臺上的實現方式不一樣，在windows上須要先經過

$ docker-machine ip default

找到virtualbox的虛擬機ip，一般爲192.168.99.100，而後再訪問 192.168.99.100:port

The reason you’re having this, is because on Linux, the docker daemon (and your containers) run on the Linux machine itself, so 「localhost」 is also the host that the container is running on, and the ports are mapped to.
On Windows (and OS X), the docker daemon, and your containers cannot run natively, so only the docker client is running on your Windows machine, but the daemon (and your containers) run in a VirtualBox Virtual Machine, that runs Linux.

6）在容器內執行命令，好比reload nginx

# docker exec d727449d221f service nginx reload

7）登錄到正在運行的容器中（其中$container_id能夠從docker container ls中看到），登錄以後能夠執行reload等操做

$ docker exec -it $container_id bash

8）中止正在運行的容器

$ docker container stop <Container NAME or ID>
$ docker stop <Container NAME or ID>

9）啓動容器

$ docker start <Container NAME or ID>

10）查看容器日誌

$ docker logs <Container NAME or ID>

前提是容器還在running，若是容器啓動失敗，有兩種方式看日誌：1）掛載日誌目錄；2）使用export以下：

11）導出容器文件系統

$ docker export $container_id -o save.zip

12）刪除容器

$ docker rm <Container NAME or ID>

13）查看當前全部的image

$ docker images

14）刪除image

$ docker rmi $image_id

15）容器和宿主機之間拷貝文件

$ docker cp $container_id:/container/path/to/file.txt /host/path/dir/

16）限制容器使用內存

$ docker run --memory 300M --memory-swap=1G nginx

--memory=-m 限制容器使用的最大物理內存，--memory-swap 限制容器使用的最大物理內存+swap

17）查看container ip

$ docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $container_id_or_name

3 導出導入image

1）從官方倉庫（https://hub.docker.com/）拉取鏡像，能夠指定版本

$ docker pull nginx

2）將image保存爲文件

$ docker save -o nginx.zip nginx

3）從文件加載image

$ docker load < nginx.zip
$ docker load --input nginx.zip

還有一種方式是搭建docker私有倉庫

4 製做並運行image

1）登陸registry
docker login

2）製做local image
docker build --tag=

3）tag image
docker tag image username/repository:tag
The notation for associating a local image with a repository on a registry is username/repository:tag

4）上傳image
docker push username/repository:tag

5）運行image
docker run -p 4000:80 username/repository:tag

5 Service命令

$ docker stack deploy -c docker-compose.yml getstartedlab
$ docker service ls
$ docker service ps getstartedlab_web
$ docker container ls -q

6 Swarm命令

swarm集羣

1）swarm manager 啓動和中止

$ docker swarm init
$ docker swarm leave --force

2）worker 啓動和中止

$ docker swarm join
$ docker swarm leave

run docker swarm init to enable swarm mode and make your current machine a swarm manager, then run docker swarm join on other machines to have them join the swarm as workers.

在vm上安裝swarm集羣

1）建立vm

$ docker-machine create --driver virtualbox myvm1
$ docker-machine create --driver virtualbox myvm2
$ docker-machine ls
$ docker-machine start <machine-name>
$ docker-machine ssh myvm1
$ docker-machine env myvm1

要先安裝VirtualBox

# yum install opus
# yum install libvpx
# wget http://download.virtualbox.org/virtualbox/rpm/rhel/7/x86_64/VirtualBox-5.2-5.2.8_121009_el7-1.x86_64.rpm
# rpm -ivh VirtualBox-5.2-5.2.8_121009_el7-1.x86_64.rpm
# usermod -G vboxusers $user

注意必定要安裝版本5（最新的是6），不然會報錯：

Error with pre-create check: "We support Virtualbox starting with version 5. Your VirtualBox install is \"WARNING: The vboxdrv kernel module is not loaded. Either there is no module\\n available for the current kernel (3.10.0-693.el7.x86_64) or it failed to\\n load. Please recompile the kernel module and install it by\\n\\n sudo /sbin/vboxconfig\\n\\n You will not be able to start VMs until this problem is fixed.\\n6.0.4r128413\". Please upgrade at https://www.virtualbox.org"

2）在vm上啓動swarm集羣

$ docker-machine ssh myvm1 "docker swarm init --advertise-addr <myvm1 ip>"
$ docker-machine ssh myvm2 "docker swarm join --token <token> <ip>:2377"

3）在vm上的swarm集羣部署應用

$ docker stack deploy -c docker-compose.yml getstartedlab
$ docker stack ps getstartedlab
$ docker stack rm getstartedlab

4）在vm上中止swarm集羣

$ docker-machine ssh myvm2 "docker swarm leave"
$ docker-machine ssh myvm1 "docker swarm leave --force"

 

參考：https://docs.docker.com/get-started/