一、简介
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口(类似 iPhone 的 app)。几乎没有性能开销,可以很容易地在机器和数据中心中运行。
Docker的理念:一个容器只运行一个服务
Docker官网口号包含了Build,Shipand Run Any App,Anywhere,即任何应用,都可以构建、发布、运行于任何环境,将环境的影响因素降至最低,统一地掌控整个应用的生命周期。
Docker的官方文档:http://docs.docker.com/
二、安装
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
1
、安装epel源
注释:默认CentOS6.x提供的yum源里没有docker的安装包,在这里我们借助EPEL源。
# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# sed -i 's@^#@@' /etc/yum.repos.d/epel.repo
# sed -i 's@mirrorlist@#mirrorlist@' /etc/yum.repos.d/epel.repo
2
、安装docker
# yum -y remove docker
# yum install docker-io
3
、启动docker守护进程
# service docker start
# chkconfig docker on
4
、检查docker是否已经正确安装并运行
# docker info
5
、查看docker的版本
# docker -v
|
三、命令参数
1、docker命令帮助参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[root@localhost ~]
# docker
Usage: docker [OPTIONS] COMMAND [arg...]
Commands:
attach Attach to a running container
build Build an image
from
a Dockerfile
commit Create a new image
from
a container's changes
cp Copy files
/
folders
from
a container's filesystem to the host path
create Create a new container
diff Inspect changes on a container's filesystem
events Get real time events
from
the server
exec
Run a command
in
a running container
export Stream the contents of a container as a tar archive
history Show the history of an image
images
List
images
import
Create a new filesystem image
from
the contents of a tarball
info Display system
-
wide information
inspect Return low
-
level information on a container
kill Kill a running container
load Load an image
from
a tar archive
login Register
or
log
in
to a Docker registry server
logout Log out
from
a Docker registry server
logs Fetch the logs of a container
port Lookup the public
-
facing port that
is
NAT
-
ed to PRIVATE_PORT
pause Pause
all
processes within a container
ps
List
containers
pull Pull an image
or
a repository
from
a Docker registry server
push Push an image
or
a repository to a Docker registry server
restart Restart a running container
rm Remove one
or
more containers
rmi Remove one
or
more images
run Run a command
in
a new container
save Save an image to a tar archive
search Search
for
an image on the Docker Hub
start Start a stopped container
stop Stop a running container
tag Tag an image into a repository
top Lookup the running processes of a container
unpause Unpause a paused container
version Show the Docker version information
wait Block until a container stops, then
print
its exit code
|
2、比较常用命令参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
查看Docker的版本信息
# docker version
在Docker Hub上搜索一个指定镜像
# docker search
在Docker Hub上搜索一个指定镜像并至少有10颗星
# docker search -s 10 ubuntu
从一个Docker的注册服务器上拉取一个镜像或一个私有仓库
# docker pull ubuntu
查看镜像列表
# docker images
在一个新的容器中运行一个命令
# docker run
移除一个或多个镜像
# docker rmi
移除一个或多个容器
# docker rm
附着一个运行的容器
# docker attach
运行一个命令在一个运行的容器中
# docker exec
从一个Dockerfile文件中构建一个镜像
# docker build
查看镜像构建历史
# docker history
查看容器更为详细的配置信息
# docker inspect
保存一个镜像对归档
tar
中
# docker save
从一个归档
tar
中加载一个镜像
# docker load
启动、停止、重启一个运行的容器
# docker start| stop| restart
杀掉一个正在运行的容器
# docker kill
额外补充
进入容器命令:
docker attach:登陆到运行的容器中
docker
exec
:在宿主机上运行命令到容器内部,类似在打开一个容器的终端
docker nsenter:连接到容器,需要容器PID
|
四、创建ssh镜像和镜像打包
1、从Docker Hub上下载ubuntu镜像
1
2
3
4
|
[root@localhost ~]
# docker pull ubuntu:14.04
[root@localhost ~]
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu 14.04 b7cf8f0d9e82 3 days ago 188.3 MB
|
2、基于镜像创建一个容器
1
2
3
4
|
[root@localhost ~]
# docker run -it ubuntu:14.04 /bin/bash
[root@localhost ~]
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88b6a8dfae4e ubuntu:14.04
"/bin/bash"
3 minutes ago Up 3 minutes modest_yalow
|
3、进入容器安装ssh服务
1
2
3
4
5
6
7
8
9
|
root@88b6a8dfae4e:/
# apt-get update && apt-get install -y openssh-server
root@0af7ccfd906e:/
# echo 'root:redhat' | chpasswd
root@10dbbd22172d:/
# mkdir /var/run/sshd
root@10dbbd22172d:/
# sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
root@10dbbd22172d:/
# sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
root@10dbbd22172d:/
# exit
[root@localhost ~]
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88b6a8dfae4e ubuntu:14.04
"/bin/bash"
10 minutes ago Exited (130) 18 seconds ago modest_yalow
|
4、构建一个ssh的镜像
1
2
3
4
5
6
|
[root@localhost ~]
# docker commit 88b6a8dfae4e zhengyas/ubuntu:sshd
3f2225df36ff67cbda098318e83128f3965758eba3e4609a094c172b0c3b03c4
[root@localhost ~]
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
zhengyas
/ubuntu
sshd 3f2225df36ff 21 seconds ago 251.1 MB
ubuntu 14.04 b7cf8f0d9e82 3 days ago 188.3 MB
|
5、基于新镜像运行一个ssh容器
1
2
3
4
5
|
[root@localhost ~]
# docker run -d -p 2222:22 zhengyas/ubuntu:sshd /usr/sbin/sshd -D
7ef47903cdb77ad9d98fd0dd3b102473d10ad3abea5311c030177db9ea9984c1
[root@localhost ~]
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7ef47903cdb7 zhengyas
/ubuntu
:sshd
"/usr/sbin/sshd -D"
4 seconds ago Up 4 seconds 0.0.0.0:2222->22
/tcp
hungry_ritchie
|
6、测试ssh容器是否能够正常连接
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@localhost ~]
# ssh root192.168.0.104 -p 2222
ssh
: Could not resolve
hostname
root192.168.0.104: Name or service not known
[root@localhost ~]
# ssh root@192.168.0.104 -p 2222
The authenticity of host
'[192.168.0.104]:2222 ([192.168.0.104]:2222)'
can't be established.
RSA key fingerprint is 0e:1e:4e:67:f3:4b:5a:c4:c2:f5:7b:e7:f0:2e:14:72.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
Warning: Permanently added
'[192.168.0.104]:2222'
(RSA) to the list of known hosts.
root@192.168.0.104's password:
Welcome to Ubuntu 14.04 LTS (GNU
/Linux
3.2.0-61-generic x86_64)
* Documentation: https:
//help
.ubuntu.com/
The programs included with the Ubuntu system are
free
software;
the exact distribution terms
for
each program are described
in
the
individual files
in
/usr/share/doc/
*
/copyright
.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@7ef47903cdb7:~
# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3
/64
Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:47 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5638 (5.6 KB) TX bytes:6521 (6.5 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1
/128
Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
|
7、镜像持久化,俗称镜像打包
镜像打包(Save)
1
|
[root@localhost ~]
# docker save zhengyas/ubuntu > /root/sshd.tar
|
镜像导入(Load)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
实验模拟
1、删除此sshd容器
[root@localhost ~]
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7ef47903cdb7 zhengyas
/ubuntu
:sshd
"/usr/sbin/sshd -D"
14 minutes ago Up 14 minutes 0.0.0.0:2222->22
/tcp
hungry_ritchie
[root@localhost ~]
# docker stop 7ef47903cdb7
7ef47903cdb7
[root@localhost ~]
# docker rm 7ef47903cdb7
7ef47903cdb7
2、删除sshd镜像
[root@localhost ~]
# docker rmi zhengyas/ubuntu:sshd
Untagged: zhengyas
/ubuntu
:sshd
Deleted: 3f2225df36ff67cbda098318e83128f3965758eba3e4609a094c172b0c3b03c4
[root@localhost ~]
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu 14.04 b7cf8f0d9e82 3 days ago 188.3 MB
3、导入打包的镜像
[root@localhost ~]
# docker load < /root/sshd.tar
[root@localhost ~]
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
zhengyas
/ubuntu
sshd 3f2225df36ff 18 minutes ago 251.1 MB
ubuntu 14.04 b7cf8f0d9e82 3 days ago 188.3 MB
|
五、基于Dockerfile来创建mysql镜像
1、创建Dockerfile文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@localhost ~]
# mkdir mysql_ubuntu
[root@localhost ~]
# cd mysql_ubuntu/
[root@localhost mysql_ubuntu]
# cat Dockerfile
FROM ubuntu:14.04
RUN apt-get update
RUN apt-get -y
install
mysql-client mysql-server
RUN
sed
-i -e
"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/"
/etc/mysql/my
.cnf
ADD .
/startup
.sh
/opt/startup
.sh
EXPOSE 3306
CMD [
"/bin/bash"
,
"/opt/startup.sh"
]
|
2、创建mysql服务启动脚本文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@localhost mysql_ubuntu]
# cat startup.sh
#!/bin/bash
if
[ ! -f
/var/lib/mysql/ibdata1
];
then
mysql_install_db
/usr/bin/mysqld_safe
&
sleep
10s
echo
"GRANT ALL ON *.* TO admin@'%' IDENTIFIED BY 'changeme' WITH GRANT OPTION; FLUSH PRIVILEGES"
| mysql
killall mysqld
sleep
10s
fi
/usr/bin/mysqld_safe
|
3、构建mysql镜像
1
|
# docker build -t zhengys/mysql .
|
4、查看镜像
1
2
3
|
[root@localhost ~]
# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
zhengys
/mysql
latest f58add96ecb7 About a minute ago 338.9 MB
|
6、基于新镜像创建mysql容器
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@localhost ~]
# mkdir /data/mysql -p
[root@localhost ~]
# docker run -d -p 3306:3306 -v /data/mysql:/var/lib/mysql zhengys/mysql
0112ba90e4a30a13e4f3af26f4a5bcd73e91ae3afa881a36fadd34cd953d0ada
[root@localhost ~]
# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112ba90e4a3 zhengys
/mysql
:latest "
/bin/bash
/opt/star
4 seconds ago Up 3 seconds 0.0.0.0:3306->3306
/tcp
reverent_hawking
[root@localhost ~]
# ll /data/mysql/
total 28680
-rw-rw----. 1 103 106 18874368 Apr 25 17:46 ibdata1
-rw-rw----. 1 103 106 5242880 Apr 25 19:09 ib_logfile0
-rw-rw----. 1 103 106 5242880 Apr 25 17:45 ib_logfile1
drwx------. 2 103 root 4096 Apr 25 17:45 mysql
drwx------. 2 103 106 4096 Apr 25 17:45 performance_schema
|
7、测试mysql容器
1
2
3
4
5
6
7
8
|
[root@localhost ~]
# mysql -uadmin -p123456 -h192.168.0.104 -P 3306 -e 'show databases'
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
|
或者提供一个登陆mysql客户端脚本
run-client.sh
1
2
3
4
5
6
7
8
9
|
#!/bin/sh
TAG=
"mysql"
CONTAINER_ID=$(docker
ps
|
grep
$TAG |
awk
'{print $1}'
)
IP=$(docker inspect $CONTAINER_ID | python -c
'import json,sys;obj=json.load(sys.stdin);print obj[0]["NetworkSettings"]["IPAddress"]'
)
mysql -u admin -p -h $IP
|
六、简化Docker和lxc
1、Lxc和Docker结构图
Linux = linux内核 + 用户空间(Lxc)
Lxc(Linux Container):linux容器 = Cgroup + Namespaces
Docker集装箱 = Lxc + images
lxc功能包括资源管理和隔离机制。
资源管理:通过cgroup限制cpu和内存的使用
隔离机制:用户空间namespace都是独立的
LXC包集成了这些linux内核机制提供了一个用户空间容器对象,即是针对某一应用提供资源隔离和控制轻量级虚拟系统。
Docker对container的使用基本是建立在lxc基础之上的,然而lxc存在的问题是难以移动-难以通过标准化模板制作、重建、复制和移动container。
LXC依赖namespace来实现隔离性的。
让每个容器都有自已的命名空间,确保不同容器之间不会相互影响,让每个容器成为拥有自已进程和网络空间的虚拟环境,都成为一个独立运行的单位。
此外,lxc由内核cgroup来对各个容器(进程)使用的系统资源做严格的限制。
-
算算时间,学习Docker也有半个月时间了,到现在为止给我的第一感觉仍然是不习惯,或许是用传统虚拟化用习惯了,或许是自已对Docker研究过于肤浅,或许自已根本没有入门等等一些原因,在没有接触到Docker之前自已玩过lxc,使用起来特别顺手,网上都说Docker自动化了lxc的管理过程,能够自动在线下载相应的发行版本rootfs
-
Docker的火热程度,使我们做IT的不得不去深入研究、学习
好吧!今天就先到这里,后续会继续更大家聊聊Docker技术.
本文转自zys467754239 51CTO博客,原文链接:http://blog.51cto.com/467754239/1638301,如需转载请自行联系原作者