一、Docker 基本操作 (環境:Centos7.2)
(1) 安裝啓動docker
yum -y install docker
systemctl start docker.service
systemctl enable docker.service
systemctl grep docker查看docker進程的狀態
systemctl disable firewalld
[root@node1 ~]# docker version
Client:
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64
Go version: go1.7.4
Git commit: 88a4867/1.12.6
Built: Mon Jul 3 16:02:02 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64
Go version: go1.7.4
Git commit: 88a4867/1.12.6
Built: Mon Jul 3 16:02:02 2017
OS/Arch: linux/amd64
[root@node1 ~]#
[root@node1 ~]# docker info
docker create/start/stop/pause/unpause(2) 拉取鏡像
docker pull docker.io/registry
docker images 查看當前導入的鏡像文件(3) 運行容器
docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...]
docker run --name container_name -itd image_name 'command'
-it 表示交互模式
-d 後臺進程模式
-rm 當容器運行完畢後就會自動刪除
docker run -itd --name=n2 -p 80:80 docker.io/nginx '/bin/bash'
docker ps [-a](4) 容器數據持久化
docker run -itd --name c1 -p 80:80 -v /tmp/web:/var/www/html docker.io/ansible/centos7-ansible '/bin/bash'
docker exec來進入到到該容器中,或者attach重新連接容器的會話 (docker exec -it container_name command)
[root@localhost ~]# docker attach c1
[root@67cb25bb92be ansible]# ls /var/www/html/
ls: cannot open directory /var/www/html/: Permission denied
[root@67cb25bb92be ansible]#
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# docker attach c1
[root@67cb25bb92be ansible]# ls /var/www/html/
index.html
[root@67cb25bb92be ansible]#
[root@localhost ~]#(5) 容器間的連接
docker run --name test1 --link myweb:web -it ubuntu /bin/bash
上面命令創建了一個新的容器test1。 這裏引入了一個新的標記 --link,其參數部分的myweb表示要連接的容器,web是要連接的容器的別名。
例:--link name:alias
[root@localhost ~]# docker run -it --name n1 --link c1:centos docker.io/nginx '/bin/bash'
root@80dbefc24db7:/# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 centos 67cb25bb92be c1
172.17.0.3 80dbefc24db7
root@80dbefc24db7:/# ping centos
[root@localhost ~]# docker inspect --format '{{ .NetworkSettings.IPAddress }}' n1
172.17.0.3(6) 容器間數據共享
[root@localhost ~]# docker run -it --name n2 --volumes-from c1 docker.io/ansible/centos7-ansible '/bin/bash'
[root@64f9e61cc100 ansible]# ls /var/www/html/
index.html
[root@64f9e61cc100 ansible]# echo "n2" > /var/www/html/n2.html
[root@64f9e61cc100 ansible]# ls /var/www/html/
index.html n2.html
[root@64f9e61cc100 ansible]# [root@localhost ~]#
[root@localhost ~]# docker attach c1
[root@67cb25bb92be ansible]# ls /var/www/html/
index.html n2.html
[root@67cb25bb92be ansible]# [root@localhost ~]#
[root@localhost ~]# ls /tmp/web/
index.html n2.html
[root@localhost ~]# cat /tmp/web/n2.html
n2
[root@localhost ~]#(7) 端口映射
[root@localhost ~]# docker create -it --name=web03 -p 80:80 nginx
3e28f52bfd9a5156b9656a99adb3005e8f026555f95c705167977e1b4703cc72
[root@localhost ~]# docker start web03
web03
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e28f52bfd9a nginx "nginx -g 'daemon off" 19 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 443/tcp web03
49c788b78b75 nginx "nginx -g 'daemon off" 3 minutes ago Up 2 minutes 80/tcp, 443/tcp web02
[root@localhost ~]# netstat -tnlp
-P 隨機端口映射
[root@docker ~]# docker run -d -P -v /web2/html:/usr/share/nginx/html --name web6 nginx
006d1043652b1fb002a627767ab5a5aa0bade98f17639fb5d1f17dfa9d77cea5
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
006d1043652b nginx:latest "nginx -g 'daemon of 15 seconds ago Up 15 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp web6
[root@docker ~]# elinks 192.168.100.100:32769 --dump
web2(8) 標記鏡像
docker tag old-image[:old-tag] new-image[:new-tag](9) 將容器設置爲自動啓動
[root@localhost ~]# docker run -itd --name n3 --restart always docker.io/nginx '/bin/bash'
56b582d9aa257d297d9fb40bb2b6a8373f6549480f7ed95f0408a51501e56c6b
[root@localhost ~]#(10) 停止並刪除容器
docker stop container_id
docker rm container_id(11) 輸出容器日誌
docker logs <CONTAINER_ID>
(12) 技巧用法
docker rm `docker ps -a -q`:刪除所有容器
docker kill `docker ps -q`
docker rmi `docker images -q -a`
docker top <CONTAINER_ID>:查看容器中運行的進程
docker diff <CONTAINER_ID>:查看容器中的變化
docker inspect <CONTAINER_ID>:查看容器詳細信息(輸出爲Json)
-f:查找特定信息,如docker inspect -f '{{ .NetworkSettings.IPAddress }}'
sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID
列出所有綁定的端口:
docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
找出特殊的端口映射:
sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
獲取配置信息:
sudo docker inspect --format='{{json .config}}' $INSTANCE_ID
docker inspect -f '{{.Id}}' cranky_pare
cp file.txt /var/lib/docker/aufs/mnt/**d8e703d7e3039a6df6d01bd7fb58d1882e592a85059eb16c4b83cf91847f88e5
ip addr 可以看到docker與真機聯接的橋Docker0的IP
docker的日誌文件寫入到/var/log/message裏
docker search image_name 命令可以搜索指定的鏡像
docker pull image_name也可以下載並導入指定的鏡像
docker load < local_image_file 導入本地鏡像文件二、docker 配置文件
docker配置文件/etc/sysconfig/docker
重要參數解釋:
OPTIONS 用來控制Docker Daemon進程參數
-H 表示Docker Daemon綁定的地址, -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375
--registry-mirror表示Docker Registry的鏡像地址--registry-mirror=http://4bc5abeb.m.daocloud.io
--insecure-registry表示(本地)私有Docker Registry的地址, --insecure-registry ${pivateRegistyHost}:5000
--selinux-enabled是否開啓SELinux,默認開啓 --selinux-enabled=true
-b 表示採用已經創建好的網橋, -b=xxx
OPTIONS=-H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375 --registry-mirror=http://4bc5abeb.m.daocloud.io --selinux-enabled=true
下面是代理的設置
http_proxy=xxxxx:8080
https_proxy=xxxxxx:8080
vi /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/docker daemon -H fd:// -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2375 --registry-mirror=http://4bc5abeb.m.daocloud.io --selinux-enabled=true
[Service]
Environment="HTTP_PROXY=..."
Environment="HTTPS_PROXY=..."
Type=notify
ExecStart=/usr/bin/docker daemo
Docker有自動化的需求時,你可以將containerID輸出到指定的文件中(PIDfile): --cidfile=""
Docker的容器是沒有特權的,例如不能在容器中再啓動一個容器。這是因爲默認情況下容器是不能訪問任何其它設備的。但是通過"privileged",容器就擁有了訪問任何其它設備的權限。
三、網絡管理
可參考:http://blog.chinaunix.net/uid-522675-id-4861366.html
Docker 默認指定了docker0接口的IP/netmask,讓主機和容器之間可以通過網橋相互通信,它還給出了MTU(接口允許接收的最大傳輸單元1500 Bytes),或宿主機網絡路由上支持的默認MTU。這些值都可以在服務啓動的時候進行配置。
[root@master ~]# cat /etc/sysconfig/docker-network
# /etc/sysconfig/docker-network
DOCKER_NETWORK_OPTIONS="-b=bridge0"修改文件 /etc/docker/daemon.json 添加內容 "bip": "ip/netmask" (切勿與宿主機同網段)
[root@node1 ~]# cat /etc/docker/daemon.json
{
"bip" : "192.168.2.1/24"
}
[root@node1 ~]# systemctl restart docker.service利用OVS 實現多容器間通迅
(1) Openvswitch 的下載與安裝 :
yum install -y bridge-utils wget
yum install -y python-six selinux-policy-devel gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool
wget http://openvswitch.org/releases/openvswitch-2.7.2.tar.gz
mkdir -p ~/rpmbuild/SOURCES
tar -zxvf openvswitch-2.7.2.tar.gz
cp openvswitch-2.7.2.tar.gz ~/rpmbuild/SOURCES/
ls /lib/modules/$(uname -r) -ln
rpmbuild -bb --without check openvswitch-2.7.2/rhel/openvswitch.spec
cd rpmbuild/RPMS/x86_64/
yum -y localinstall openvswitch-*拓撲如下:
Master 172.16.170.10 docker 192.168.1.0/24
Node 172.16.170.20 docker 192.168.2.0/24
(2) docker master端配置如下
[root@master ~]# systemctl start openvswitch.service && systemctl enable openvswitch.service
[root@master ~]# ovs-vsctl add-br br0
[root@master ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP qlen 1000
link/ether 00:0c:29:97:92:e8 brd ff:ff:ff:ff:ff:ff
inet 172.16.170.10/24 brd 172.16.170.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe97:92e8/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:45:b7:c2:fd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:45ff:feb7:c2fd/64 scope link
valid_lft forever preferred_lft forever
5: vethcff8026@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 32:4a:f5:b7:33:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::304a:f5ff:feb7:33f7/64 scope link
valid_lft forever preferred_lft forever
6: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:ac:8e:a1:68:2b brd ff:ff:ff:ff:ff:ff
7: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:ae:47:8e:30:4d brd ff:ff:ff:ff:ff:ff
[root@master ~]# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre option:remote_ip=172.16.170.20
[root@master ~]# ovs-vsctl show
4fe9a5b3-46ec-432c-a990-bb8e8fee96fe
Bridge "br0"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="172.16.170.20"}
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.7.2"
[root@master ~]# brctl addif docker0 br0
[root@master ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024245b7c2fd no br0
[root@master ~]# ip link set dev br0 up
[root@master ~]# ip link set dev docker0 up
[root@master ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP qlen 1000
link/ether 00:0c:29:97:92:e8 brd ff:ff:ff:ff:ff:ff
inet 172.16.170.10/24 brd 172.16.170.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe97:92e8/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:45:b7:c2:fd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:45ff:feb7:c2fd/64 scope link
valid_lft forever preferred_lft forever
5: vethcff8026@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 32:4a:f5:b7:33:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::304a:f5ff:feb7:33f7/64 scope link
valid_lft forever preferred_lft forever
6: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:ac:8e:a1:68:2b brd ff:ff:ff:ff:ff:ff
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UNKNOWN qlen 1000
link/ether 82:ae:47:8e:30:4d brd ff:ff:ff:ff:ff:ff
inet6 fe80::80ae:47ff:fe8e:304d/64 scope link
valid_lft forever preferred_lft forever
8: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
9: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: gre_sys@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65490 qdisc fq master ovs-system state UNKNOWN qlen 1000
link/ether aa:3a:19:78:48:89 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a83a:19ff:fe78:4889/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]#
[root@master ~]# ip route add 192.168.2.0/24 dev docker0
[root@master ~]# docker run -itd --name c1 docker.io/centos '/bin/bash'
WARNING: IPv4 forwarding is disabled. Networking will not work.
a326fb2eae1ecf1c0b1a26b4b947f20eb44864fc5232e253b582c8c7bb50522a
[root@master ~]# vim /etc/sysctl.conf
[root@master ~]# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv4.ip_forward = 1
[root@master ~]#(3) docker node端配置如下
[root@node1 ~]# systemctl start openvswitch.service && systemctl enable openvswitch.service
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no
[root@node1 ~]# ovs-vsctl add-br br0
[root@node1 ~]# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre option:remote_ip=172.16.170.10
[root@node1 ~]# brctl addif docker0 br0
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no br0
[root@node1 ~]#
[root@node1 ~]# ip link set dev br0 up
[root@node1 ~]# ip link set dev docker0 up
[root@node1 ~]# ip route add 192.168.1.0/24 dev docker0
[root@node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429f5f947d no br0
[root@node1 ~]# ovs-vsctl show
f0be12f7-1aa7-4b93-8d4f-5511b56efec7
Bridge "br0"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="172.16.170.10"}
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.7.2"
[root@node1 ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@node1 ~]# sysctl -p
[root@node1 ~]# docker run -itd --name c2 docker.io/centos '/bin/bash'
c9414017f86e6c362b9481ceffc658275b3557cf0991e84853066d4eccb37b0f
[root@node1 ~]#(4) 測試
[root@node1 ~]# docker attach c941
[root@c9414017f86e /]# ping -c1 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=5.19 ms
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.194/5.194/5.194/0.000 ms
[root@c9414017f86e /]# ping -c1 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=63 time=2.74 ms
--- 192.168.1.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.742/2.742/2.742/0.000 ms
[root@c9414017f86e /]# ping -c1 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.051 ms
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms
[root@c9414017f86e /]# [root@node1 ~]#四、私有倉庫
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 751f286bc25e 3 weeks ago 33.19 MB
[root@master ~]# ls /registry/
[root@master ~]# docker run -d -p 5000:5000 -v /registry:/var/lib/registry --name registry_server registry
4eaa8bb4447641560e7445ca709a2a6e198adc183dcf7f4700fcca5fe5b50d2f
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4eaa8bb44476 registry "/entrypoint.sh /etc/" 6 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp registry_server
[root@master ~]#
[root@master ~]# curl http://172.16.170.10:5000/v2/search
404 page not found
[root@master ~]# curl http://172.16.170.10:5000/v2/_catalog
{"repositories":[]}
[root@master ~]#
[root@master ~]# vim /etc/sysconfig/docker
[root@master ~]# grep ^ADD /etc/sysconfig/docker
ADD_REGISTRY='--insecure-registry 172.16.170.10:5000'
[root@master ~]# systemctl restart docker.service
[root@master ~]# docker run -d -p 5000:5000 -v /registry:/var/lib/registry --name registry_server --restart=always registry
47b4df1618a35d19788994fff4054b7e998995f9903c197ef45e63aac447f750
[root@master ~]#
[root@node1 ~]# grep ^ADD /etc/sysconfig/docker
ADD_REGISTRY='--insecure-registry 172.16.170.10:5000'
[root@node1 ~]# systemctl restart docker.service
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Pushed
6bc90c4dba69: Pushed
latest: digest: sha256:4aa012b1460b1c5a025eb7c7e56c4035f66516e38c5c3b57f0e489cb663b28e4 size: 1147
格式必須是: docker push new-repo:tagName
[root@node1 ~]# curl http://172.16.170.10:5000/v2/_catalog
{"repositories":["kubernets-dashboard"]}
[root@node1 ~]#
[root@node1 ~]# docker search 172.16.170.10:5000/kubernets-dashboard:latest
Error response from daemon: Unexpected status code 404
[root@node1 ~]#帶有認證功能的私有倉庫:
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47b4df1618a3 registry "/entrypoint.sh /etc/" 17 hours ago Up 8 minutes 0.0.0.0:5000->5000/tcp registry_server
[root@master ~]# docker stop registry_server
registry_server
[root@master ~]# docker rm registry_server
registry_server
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 751f286bc25e 3 weeks ago 33.19 MB
[root@master ~]# mkdir -p /opt/data/auth
[root@master ~]# docker run --entrypoint htpasswd registry:latest -Bbn dockerUser dockerPwd >> /opt/data/auth/htpasswd
[root@master ~]# ls /opt/data/auth/
htpasswd
[root@master ~]# cat /opt/data/auth/htpasswd
dockerUser:$2y$05$uT/PA/TpWvLYIlSYV.3JjufAd/HtcYKSlGNA0hkm5Vs2brgUG.1Aa
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@master ~]#
[root@master ~]# docker run -d -p 5000:5000 --restart=always -v /opt/data/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" -v /registry:/var/lib/registry registry:latest
995c98405ae2192b645350a853f15038081b421258bf7937101b43098df6b450
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
995c98405ae2 registry:latest "/entrypoint.sh /etc/" 4 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp angry_kalam
[root@master ~]#
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Preparing
6bc90c4dba69: Preparing
no basic auth credentials
[root@node1 ~]# docker login 172.16.170.10:5000
Username: dockerUser
Password:
Login Succeeded
[root@node1 ~]# docker push 172.16.170.10:5000/kubernets-dashboard:latest
The push refers to a repository [172.16.170.10:5000/kubernets-dashboard]
5f70bf18a086: Pushed
6bc90c4dba69: Pushed
latest: digest: sha256:4aa012b1460b1c5a025eb7c7e56c4035f66516e38c5c3b57f0e489cb663b28e4 size: 1147
[root@node1 ~]# curl http://172.16.170.10:5000/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
[root@node1 ~]#五、Images 管理
安裝最小化系統,然後將系統製作成image
tar --numeric-owner --exclude=/proc --exclude=/sys -cvf centos7-base.tar
導入image並標記tag
docker import centos7-base.tar 172.16.170.10:5000/centos7-base:latest
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest b8efb18f159b 2 weeks ago 107.5 MB
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker run -itd --name c1 docker.io/nginx '/bin/bash'
4d30aca011ec38380fc1cfba23582127c8d336f33eda116fa05b963bddd9755a
[root@node1 ~]# docker attach 4d30
root@4d30aca011ec:/# ls /usr/share/nginx/html/
50x.html index.html
root@4d30aca011ec:/# echo "Welcome to Yeecall company" > /usr/share/nginx/html/index.html
root@4d30aca011ec:/# nginx
root@4d30aca011ec:/# [root@node1 ~]#
[root@node1 ~]# docker inspect -f '{{ .NetworkSettings.IPAddress }}' c1
172.17.0.2
[root@node1 ~]# curl http://172.17.0.2
Welcome to Yeecall company提交image
[root@node1 ~]# docker commit 4d30 172.16.170.10:5000/nginx:latest
sha256:7d5bf2507db41007d09cf491259aae0d947fd2c739bc4c40156b29b1ee5c28a7
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.170.10:5000/nginx latest 7d5bf2507db4 3 seconds ago 107.5 MB
docker.io/nginx latest b8efb18f159b 2 weeks ago 107.5 MB
172.16.170.10:5000/kubernets-dashboard latest 75f167b703e6 10 months ago 86.27 MB
[root@node1 ~]# docker push 172.16.170.10:5000/nginx
The push refers to a repository [172.16.170.10:5000/nginx]
3109d2b079eb: Pushed
af5bd3938f60: Pushed
29f11c413898: Pushed
eb78099fbf7f: Pushed
latest: digest: sha256:0ce18ab5e00b1cc12258e77e79626771666705381dad05cde597130509ea1e32 size: 1155
[root@node1 ~]#客戶端使用images:
[root@docker ~]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache100 /bin/bash -c "exec /usr/sbin/httpd -D FOREGROUND"
[root@docker ~]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache100 /bin/bash -c "/etc/init.d/httpd start; tail -f /var/log/messages"六、Dockerfile創建自定義鏡像
原理:按照Dockerfile定義創建一個臨時容器,最後把容器commit,產生新的image
dockerfile關鍵字解釋
FROM(指定基礎image)
該指令有兩種格式:FROM <image> 指定基礎image爲該image的最後修改的版本。
FROM <image>:<tag> 指定基礎image爲該image的一個tag版本。
MAINTAINER(用來指定鏡像創建者信息)
格式:MAINTAINER <name>
RUN(安裝軟件用)
該指令有兩種格式:RUN <command> (the command is run in a shell - /bin/sh -c)
RUN ["executable", "param1", "param2" ... ] (exec form)
CMD(設置container啓動時執行的操作)
該指令有三種格式:CMD ["executable","param1","param2"]
CMD command param1 param2 (as a shell)
當Dockerfile指定了ENTRYPOINT,那麼使用下面的格式:
CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
ENTRYPOINT(設置container啓動時執行的操作)
兩種格式:ENTRYPOINT ["executable", "param1", "param2"] (like an exec, the preferred form)
ENTRYPOINT command param1 param2 (as a shell)
USER(設置container容器的用戶)
格式:USER daemon
EXPOSE(指定容器需要映射到宿主機器的端口)
格式:EXPOSE <port> [<port>...]
ENV(用於設置環境變量)
格式: ENV <key> <value>
ADD(從src複製文件到container的dest路徑)
格式: ADD <src> <dest>
VOLUME(指定掛載點))
格式: VOLUME ["<mountpoint>"]
WORKDIR(切換目錄)
格式: WORKDIR /path/to/workdir
ONBUILD(在子鏡像中執行)
格式: ONBUILD <Dockerfile關鍵字>
說明:Dockfile並不需要所有的關鍵字
實例:
[root@docker ~]# tree sshd_dockfile/
/root/sshd_dockfile/
├── authorized_keys
└── Dockerfile
[root@docker ~]# cd sshd_dockfile/
[root@docker sshd_dockfile]# cat Dockerfile
FROM centos6:latest
MAINTAINER docker sshd v1.0
RUN mkdir /root/.ssh
RUN chmod 700 /root/.ssh
RUN rm -rf /etc/yum.repos.d/*
RUN wget -P /etc/yum.repos.d/ http://192.168.100.100/yum.repo
RUN yum install -y openssh-server
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN mkdir /var/run/sshd
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
ADD authorized_keys /root/.ssh/authorized_keys
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
[root@docker sshd_dockfile]# docker build -t rhel-sshd .
........
[root@docker sshd_dockfile]# docker run -d -p 2222:22 --name web1 rhel-sshd
[root@docker sshd_dockfile]# netstat -anplt | grep :2222
tcp 0 0 :::2222 :::* LISTEN 10200/docker-proxy 測試登錄
[root@docker sshd_dockfile]# ssh 192.168.100.100 -p 2222實例2:apache
[root@docker apache_docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest 49f7960eb7e4 5 weeks ago 200 MB
[root@docker apache_dockfile]# pwd
/root/apache_dockfile
[root@docker apache_docker]# cat Dockerfile
# base image
FROM docker.io/centos
# MAINTAINER
MAINTAINER [email protected]
RUN yum install -y httpd
CMD ["systemctl start httpd"]
EXPOSE 80
[root@docker apache_docker]# docker build -t 192.168.20.79:5000/apache:v1 .
Sending build context to Docker daemon 2.048 kB
Step 1/5 : FROM docker.io/centos
---> 49f7960eb7e4
Step 2/5 : MAINTAINER [email protected]
---> Using cache
---> 064edac0b581
Step 3/5 : RUN yum install -y httpd
---> Running in c71b442a3ea7
.............
Complete!
---> 3e7f656fdb5b
Removing intermediate container c71b442a3ea7
Step 4/5 : CMD systemctl start httpd
---> Running in c45a6fcd91bd
---> b3729588fe62
Removing intermediate container c45a6fcd91bd
Step 5/5 : EXPOSE 80
---> Running in 6508fef6e199
---> c5fb48c808d4
Removing intermediate container 6508fef6e199
Successfully built c5fb48c808d4
[root@docker apache_docker]#
[root@docker apache_docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.20.79:5000/apache v1 c5fb48c808d4 2 minutes ago 314 MB
docker.io/centos latest 49f7960eb7e4 5 weeks ago 200 MB
[root@docker apache_dockfile]# docker run -d -p 80:80 -v /web2/html:/var/www/html apache /bin/bash -c "exec /usr/sbin/httpd -D FOREGROUND"測試:
[root@docker apache_dockfile]# elinks 192.168.100.100 --dump
web2