筆記
1. 容器知識點回顧
容器是什麼?
容器就是在隔離的環境中運行的一個進程.
容器的優勢: 輕量,損耗少,啓動快,性能高
docker: 軟件的打包技術
#docker鏡像:
docker search
docker pull
docker push
docker image ls == docker images
docker rmi == docker image rm
docker save
docker load
docker import
docker image build
docker image history
docekr tag, docker image tag 1e7f1b941c12 alpine:latest
#docker容器:
docker ps
docker run
docker rm
docker stop
docker start
docker restart
docker kill
docker exec
docker attach
docker cp
docker logs
docker commit
import 導入鏡像
export 把容器導出爲鏡像
#dockerfile指令:
FROM
ADD
RUN
EXPOSE
WORKDIR
CMD
COPY
LABEL version=1.16
2. docker常用指令
docker volume ls
docker run -d -p 88:80 --volumes-from 0017aae5b068 kod:v6
3. docker鏡像的分層(kvm 鏈接克隆,寫時複製的特性)
鏡像分層的好處:複用,節省磁盤空間,相同的內容只需加載一份到內存。
修改dockerfile之後,再次構建速度快
dockerfile 優化:
1:儘可能選擇體積小linux,alpine
2:儘可能合併RUN指令,清理無用的文件(yum緩存,源碼包)
3:修改dockerfile,把變化的內容儘可能放在dockerfile結尾
4: 使用.dockerignore,減少不必要的文件ADD . /html
4. 容器間的互聯(–link 是單方向的!)
hosts解析
[root@docker01 kod]# docker run -d --name nginx centos6.9_nginx:v1 nginx -g 'daemon off;'
[root@docker01 kod]# docker exec -it nginx /bin/bash
[root@fef3cf194be8 /]# hostname -I
172.17.0.2
[root@docker01 kod]# docker run -it --link nginx:web centos6.9_nginx:v1 /bin/bash
[root@969c228864f2 /]# ping web
PING web (172.17.0.2) 56(84) bytes of data.
64 bytes from web (172.17.0.2): icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from web (172.17.0.2): icmp_seq=2 ttl=64 time=0.120 ms
^C
--- web ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1288ms
rtt min/avg/max/mdev = 0.118/0.119/0.120/0.001 ms
[root@969c228864f2 /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 web fef3cf194be8 nginx
4.1 docker部署zabbix監控
上傳需要的tar包
#上傳後校驗md5值
ls *.tar.gz|xargs md5sum
for n in `ls *.tar.gz`;do docker load -i $n ;done
docker run --name mysql-server -it \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-d mysql:5.7 \
--character-set-server=utf8 --collation-server=utf8_bin
docker run --name zabbix-java-gateway -t \
-d zabbix/zabbix-java-gateway:latest
docker run --name zabbix-server-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
-e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
--link mysql-server:mysql \
--link zabbix-java-gateway:zabbix-java-gateway \
-p 10051:10051 \
-d zabbix/zabbix-server-mysql:latest
docker run --name zabbix-web-nginx-mysql -t \
-e DB_SERVER_HOST="mysql-server" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix_pwd" \
-e MYSQL_ROOT_PASSWORD="root_pwd" \
--link mysql-server:mysql \
--link zabbix-server-mysql:zabbix-server \
-p 80:80 \
-d zabbix/zabbix-web-nginx-mysql:latest
#zabbix的默認監控密碼
Admin:zabbix
4.2 監控服務
zabbix-agent客戶端軟件包下載鏈接_提取碼: y7ri
開啓另外一臺docker宿主機 10.0.0.12
上傳zabbix-agent的軟件包:
[root@docker02 ~]# hostname -I
10.0.0.12 172.17.0.1
[root@docker02 ~]# ls zabbix-agent-3.2.0-1.el7.x86_64.rpm
zabbix-agent-3.2.0-1.el7.x86_64.rpm
安裝zabbix-agent客戶端:
[root@docker02 ~]# rpm -ivh zabbix-agent-3.2.0-1.el7.x86_64.rpm
warning: zabbix-agent-3.2.0-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:zabbix-agent-3.2.0-1.el7 ################################# [100%]
修改zabbix-agent.conf配置文件中指定的服務端IP:
[root@docker02 ~]# egrep '^Server' /etc/zabbix/zabbix_agentd.conf
Server=10.0.0.11
ServerActive=127.0.0.1
重啓zabbix-agent服務
[root@docker02 ~]# systemctl restart zabbix-agent.service
在10.0.0.11 上重啓docker的zabbix服務端容器,數據能夠加速被監控上
[root@docker01 ~]# docker restart zabbix-server-mysql
zabbix-server-mysql
5. docker registry(私有倉庫)
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
上傳鏡像到私有倉庫:
a:給鏡像打標籤
docker tag centos6-sshd:v3 10.0.0.11:5000/centos6-sshd:v3
b:上傳鏡像
docker push 10.0.0.11:5000/centos6-sshd:v3
如果遇到報錯:
The push refers to repository [10.0.0.11:5000/centos6.9_ssh]
Get https://10.0.0.11:5000/v2/: http: server gave HTTP response to HTTPS client
解決方法:
vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.11:5000"]
}
systemctl restart docker
5.1普通的registry
在10.0.0.11上導入私有倉庫的配置文件
[root@docker01 opt]# docker load -i registry.tar.gz
[root@docker01 opt]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
a958c7b6817dc8d38ba175c12e8a2452668a9b68b1fe9846e46004ee26646608
#上傳鏡像到私有倉庫
[root@docker02 ~]# docker pull daocloud.io/huangzhichong/alpine-cn:latest
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest be1f31be9a87 11 months ago 109MB
daocloud.io/huangzhichong/alpine-cn latest e8289dcc1d4b 2 years ago 3.98MB
給鏡像打標籤:
[root@docker02 ~]# docker tag e8289dcc1d4b 10.0.0.11:5000/alpine:latest
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest be1f31be9a87 11 months ago 109MB
10.0.0.11:5000/alpine latest e8289dcc1d4b 2 years ago 3.98MB
daocloud.io/huangzhichong/alpine-cn latest e8289dcc1d4b 2 years ago 3.98MB
上傳鏡像:
[root@docker02 ~]# docker push 10.0.0.11:5000/alpine:latest
The push refers to repository [10.0.0.11:5000/alpine]
Get https://10.0.0.11:5000/v2/: dial tcp 10.0.0.11:5000: connect: connection refused
第一次報錯後添加下面的配置:
[root@docker02 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.11:5000"]
}
重啓docker
[root@docker02 ~]# systemctl restart docker
再次上傳鏡像成功
[root@docker02 ~]# docker push 10.0.0.11:5000/alpine:latest
The push refers to repository [10.0.0.11:5000/alpine]
78cd8c87ab42: Pushed
60ab55d3379d: Pushed
latest: digest: sha256:d438c876bc7cbfe7732ca1c9a689cc3c24e15f2492ba6270d55f0a8984f96078 size: 735
#再上傳一個nginx的鏡像
打標籤
[root@docker02 ~]# docker tag be1f31be9a87 10.0.0.11:5000/nginx:latest
上傳鏡像
[root@docker02 ~]# docker push 10.0.0.11:5000/nginx
The push refers to repository [10.0.0.11:5000/nginx]
92b86b4e7957: Pushed
94ad191a291b: Pushed
8b15606a9e3e: Pushed
latest: digest: sha256:204a9a8e65061b10b92ad361dd6f406248404fe60efd5d6a8f2595f18bb37aad size: 948
5.2 帶basic認證的registry
yum install httpd-tools -y
mkdir /opt/registry-var/auth/ -p
htpasswd -Bbn oldboy 123456 >> /opt/registry-var/auth/htpasswd
docker run -d -p 5000:5000 --restart=always -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
#賬號密碼爲oldboy 123456
[root@docker02 ~]# docker login 10.0.0.11:5000
Username: oldboy
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker02 ~]# cat /root/.docker/config.json
{
"auths": {
"10.0.0.11:5000": {
"auth": "b2xkYm95OjEyMzQ1Ng=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.1 (linux)"
}
}[root@docker02 ~]#
刪除倉庫的鏡像
6. docker-compose(單機版的容器編排工具)
ansible劇本
yum install -y docker-compose(需要epel源)
cd my_wordpress/
vi docker-compose.yml
version: '3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- web_data:/var/www/html
ports:
- "80:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
web_data:
#啓動
docker-compose up
#後臺啓動
docker-compose up -d