docker学习
docker官方文档
docker仓库
docker通过隔离机制,可以将服务器发挥到极致
docker十分的轻巧
docker基于go语言开发!开源项目!
docker不是模拟一个完整的系统
docker安装与启动
# 卸载旧版本
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# 安装依赖和docker插件
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 返回的列表取决于启用了哪些存储库,并且特定于您的 CentOS 版本(.el7在本例中由后缀表示)
yum list docker-ce --showduplicates | sort -r
sudo yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io docker-compose-plugin
# 启动 Docker
sudo systemctl start docker
# hello-world 通过运行映像来验证 Docker 引擎是否已正确安装。
sudo docker run hello-world
docker常用操作
[root@instance-6fuvnygy ~]# docker --help
Commands:
attach Attach to a running Container # 当前 shell下 attach 连接指定运行镜像
`build` Build an image from a Dockerfile # 通过 Dockerfile 定制镜像
commit Create a new image from a container changes # 提交当前容器为新的镜像
cp Copy files/folders from containers filesystem to the host path # 从容器中拷贝指定文件或目录到宿主机中
create Create a new container # 创建一个新的容器,同run,但不启动容器
diff Inspect changes on a container's filesystem # 查看 docker 容器变化
events Get real time events form the server # 从 docker 服务获取容器实时事件
`exec` Run a command in an existing container # 在已存在的容器上运行命令
export Stream the containers of container as a tar archive# 导出容器的内容流作为一个tar 归档文件【对应import】
`history` show the history of an image # 展示一个镜像形成历史
`images` list images # 列出系统当前镜像
import create a new filesystem image from the contents # 从tar 包中的内容创建一个新的文件系统映像【对应export】
info display system-wide infomation # 显示系统相关信息
`inspect` return low-level infomation on a container # 查看容器详细信息 ***
kill kill a running container # kill 指定 docker 容器
`load` load an image from a tar archive # 从一个 tar 包中加载一个镜像【对应 save】
login register or login to the docker registry server # 注册或者登陆一个 docker 源服务器
logout log out from a docker registry server # 从当前 docker registry退出
`logs` fetch the logs of a container # 输出当前容器日志信息
port lookup the public-facing port which is NAT-ed to PRIVATE_PORT # 查看映射端口对应的容器内部源端口
pause pause all processes within a container # 暂停容器
`ps` list containers # 列出容器列表
pull pull an image or a repository from the docker # 从docker镜像源服务器拉取指定镜像或者库镜像 ***
`push` push an image or a repository to the docker registry server # 推送指定镜像或者库镜像至docker源服务器
restart restart a running container # 重启运行的服务器
`rm` remove one or more containers # 移除一个或者多个容器
`rmi` remove more images# 移除多个镜像(无容器使用该镜像才可以删除,否则需删除相关容器才可继续或 -f 强制删除)
`run` run a command in a new container # 创建一个新的容器并运行一个命令
`save` save an image to a tar archive # 保存一个镜像为一个tar包【对应 load】
search search for an image on the docker hub # 在 docker hub 中搜索镜像
start start a stopped container # 启动容器
stop stop a running container # 启动容器
`tag` tag an image into a repository # 给源镜像搭标签
`top` lookup the running processes of a container # 查看容器中运行的进程信息
unpause unpause a paused container # 取消暂停容器
version show the docker version infomation # 查看 docker 版本号
wait block until a container stops,then print its exit code # 截取容器停止时间的退出状态值
Container
docker run 运行一个容器
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
# 常用参数
--name="name" 容器名字 nginx01 nginx02 用来区分容器
-d 后台方式运行
-it 使用交互方式运行,进入容器查看内容
-p 指定容器的端口, -P 8080:8080
-P 随机指定端口
- 容器相关操作命令
# 创建容器交互式
docker run -it --name:c1 -v /root/data:/root/data redis:5.0 /bin/bash
# 后台创建
docker run -id --name:c1 -v /root/data:/root/data redis:5.0 /bin/bash
# 查看容器
docker ps -a
# 删除容器
docker rm c1
# 进入容器
docker exec -it name /bin/bash
# 启动容器停止
docker start c1
docker stop c1
docker ps 列出容器
[root@instance-6fuvnygy ~]# docker ps -a
# -a 查看所有容器
# -q 显示容器id
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
79405a6a0a9e nginx "/docker-ent" 4 days ago Up 4 days 0.0.0.0:8090->80/tcp nginx
cd3a825fedeb nginx "/docker-ent" 30 seconds ago Exited (0) 2... mystifying_leakey
docker rm 删除容器
-
批量操作方式
-
docker rm
...
$ docker rm cd3 269 34b 751 -
docker rm $(docker ps -aq )
$ docker rm $(docker ps -aq) cd3a825fedeb 269494fe89fa 34b68af9deef 7513949674fc
-
docker start|stop|restart 容器启动|停止|重启
docker start 容器id # 启动容器
docker restart 容器id # 重启容器
docker stop 容器id # 停止当前正在运行的容器
docker kill 容器id # 强制停止当前的容器
docker attach | exec 进入容器
-
attatch 进入容器正在执行的终端,不会启动新的进程
[root@instance-6fuvnygy ~]# docker attach --help Usage: docker attach [OPTIONS] CONTAINER -
docker exec -it 进入容器后开启一个新的终端,可以进行操作(常用)
[root@instance-6fuvnygy ~]# docker exec -it aea360f5104a bash
退出容器 exit | ctrl+P+Q
# exit 推出容器,容器直接结束
# ctrl+P+Q 推出容器,容器继续执行 类似于 sreen ctrl+a+d
docker top 查看容器中进程信息
[root@instance-6fuvnygy ~]# docker top 8e5
UID PID PPID C STIME TTY TIME CMD
polkitd 33752 33731 0 16:38 ? 00:00:46 redis-server 0.0.0.0:6379 [cluster]
root 41947 33731 0 18:41 ? 00:00:00 /bin/bash
root 42069 33731 0 18:43 ? 00:00:00 /bin/bash
docker log 查看容器日志
# 常用命令
[root@instance-6fuvnygy ~]# docker logs --help
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
Options:
--details Show extra details provided to logs
-f, --follow Follow log output
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
-n, --tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
[root@instance-6fuvnygy ~]# docker logs -tf --tail=10 8e5
2022-06-18T08:57:08.084547332Z 23:C 18 Jun 2022 08:57:08.084 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
2022-06-18T08:57:08.084555353Z 1:M 18 Jun 2022 08:57:08.084 # Diskless rdb transfer, done reading from pipe, 1 replicas still up.
2022-06-18T08:57:08.087452719Z 1:M 18 Jun 2022 08:57:08.087 * Background RDB transfer terminated with success
2022-06-18T08:57:08.087464993Z 1:M 18 Jun 2022 08:57:08.087 * Streamed RDB transfer with replica 172.38.0.12:6379 succeeded (socket). Waiting for REPLCONF ACK from slave to enable streaming
2022-06-18T08:57:08.087469902Z 1:M 18 Jun 2022 08:57:08.087 * Synchronization with replica 172.38.0.12:6379 succeeded
docker cp 从容器中复制文件到宿主机
[root@instance-6fuvnygy ~]# docker cp --help
Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
Options:
-a, --archive Archive mode (copy all uid/gid information)
-L, --follow-link Always follow symbol link in SRC_PATH
docker commit 将容器重新提交成一个镜像
[root@instance-6fuvnygy ~]# docker commit --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
Options:
-a, --author string Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
Volume
卷技术:目录的挂载,将我们容器内的目录,挂载到Linux上面!
容器之间可以有一个数据共享的技术!Docker容器中产生的数据,同步到本地!
容器的持久化和同步操作!容器间也是可以数据共享的!
容器停止后,挂载的文件在修改后依然会同步
好处:我们以后修改只需要在本地修改即可,容器内会自动同步!
1. 直接使用命令挂载 -v
docker run -it -v 主机目录:容器内目录 -p 主机端口:容器内端口
# 以交互模式创建centos容器 , 将容器内/yisa_oe目录挂载到宿主机/yisa_Oe/docker_test目录
[root@instance-6fuvnygy yisa_oe]# docker run -it --name centos -v /yisa_oe/docker_test/:/yisa_oe/ centos /bin/bash
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
# 进入容器
[root@60fef606d081 /]# cd /yisa_oe/
# 创建readme.txt 并写入hello docker
[root@60fef606d081 yisa_oe]# touch readme.txt
# 退出dokcer 查看宿主机对应挂载目录
[root@instance-6fuvnygy yisa_oe]# cd docker_test/
[root@instance-6fuvnygy docker_test]# ls
readme.txt
[root@instance-6fuvnygy docker_test]# cat readme.txt
hello docker!!!!
# 查看容器挂载情况
[root@instance-6fuvnygy docker_test]# docker inspect 60fe
"Mounts": [
{
"Type": "bind",
"Source": "/yisa_oe/docker_test",
"Destination": "/yisa_oe",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
# 容器停止后,修改的文件依然会同步
1、停止容器
[root@instance-6fuvnygy docker_test]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
60fef606d081 centos "/bin/bash" 8 minutes ago Up 8 minutes centos
9c011cf7270e 791d "/bin/sh ..." 12 hours ago Up 12 hours 9523/tcp dreamy_yonath
79405a6a0a9e nginx "/docker-…" 4 days ago Up 4 days :8090->80/tcp nginx
[root@instance-6fuvnygy docker_test]# docker stop 60fe
60fe
2、宿主机修改文件
[root@instance-6fuvnygy docker_test]# vim readme.txt
3、启动容器
[root@instance-6fuvnygy docker_test]# docker start 60fe
60fe
4.进入容器并查看容器内对应的文件内容
[root@instance-6fuvnygy docker_test]# docker exec -it 60fe /bin/bash
[root@60fef606d081 /]# cd /yisa_oe/ && ls
readme.txt
[root@60fef606d081 yisa_oe]# cat readme.txt
hello docker!!!!
hello linux!!!!
5、容器内的数据同步成功
卷挂载三种方式:
-v 容器内路径 # 匿名挂载
-v 卷名:容器内路径 # 具名挂载
-v /宿主机路径:容器内路径 # 指定路径挂载 docker volume ls 是查看不到的
# 举例
1. 匿名挂载
[root@instance-6fuvnygy docker_test]# docker run -d --name nginx_nm -v /etc/nginx nginx
2a5d10488fddfac92496fd585d1c21a2fe1267695f7c59162827b8aca292b23f
2. 具名挂载
[root@instance-6fuvnygy docker_test]# docker run -d --name nginx_jm -v nginx:/etc/nginx nginx
1784258d9e50e49de38b7a685a39927e8fb87e6cffa333fdb886658cccb65cc6
3.指定路径挂载
*** 需要先在docker_test中生成一份nginx配置文件 , 否则nginx启动会失败
[root@instance yisa_oe]# docker run -it --name nginx_test02 -v/yisa_oe/docker_test/nginx:/etc/nginx nginx
4.查看启动的容器
[root@instance-6fuvnygy docker_test]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
81ae53635aaa nginx "/docker-en" 2 minutes ago Up 2 minutes 80/tcp nginx_test02
1784258d9e50 nginx "/docker-en" 51 minutes ago Up 51 minutes 80/tcp nginx_jm
2a5d10488fdd nginx "/docker-en" 52 minutes ago Up 51 minutes 80/tcp nginx_nm
5.查看卷挂载
[root@instance-6fuvnygy docker_test]# docker volume ls
DRIVER VOLUME NAME
local 2cd615685bb20784d0343b17262d6db261f914baf7b1f239b2e7f534476ea91e
local 3b963b4cba2230bf09036c24c16da265df60013eeef6f92ffbee0bd06fba9d1c
local 0480ba76fe7431810fa84b107a5627992e517018553de62049be72797bafd82e
local d4bb18884e7be0df22f3a7c6c83de932c008789b5902659c4e44001fafc43e11
local nginx
6. 查看卷详细情况
[root@instance-6fuvnygy docker_test]# docker volume inspect nginx
[
{
"CreatedAt": "2022-06-18T11:39:44+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/nginx/_data",
"Name": "nginx",
"Options": null,
"Scope": "local"
}
]
[root@instance-6fuvnygy docker_test]# docker inspect 1784
"Mounts": [
{
"Type": "volume",
"Name": "nginx",
"Source": "/var/lib/docker/volumes/nginx/_data",
"Destination": "/etc/nginx",
"Driver": "local",
"Mode": "z",
"RW": true,
"Propagation": ""
}
],
总结:docker容器内的卷,没有指定目录的情况下都是在/var/lib/docker/volumes/自定义的卷名/_data下,如果指定了目录,docker volume ls 是查看不到的。
ro #readonly 只读
rw #readwrite 可读可写
$ docker run -d -P --name nginx05 -v juming:/etc/nginx:ro nginx
$ docker run -d -P --name nginx05 -v juming:/etc/nginx:rw nginx
# ro 只要看到ro就说明这个路径只能通过宿主机来操作,容器内部是无法操作
2.容器间数据同步 --volumes-from
# 构建dockerfile
1 FROM centos
2
3 VOLUME ["/yisa_oe"]
4
5 WORKDIR /yisa_oe
6
7 CMD echo "--------------------get started------------------------"
8
9 CMD /bin/bash
# 生成镜像
[root@instance-6fuvnygy docker]# docker build -f Docekerfile_test -t demo:1.0 .
# 运行容器
# 生成第一个容器 挂载卷到宿主机 /yisa_oe/docker_test/demo_test
[root@instance demo_test]# docker run -it --name demo1 -v /yisa_oe/docker_test/demo_test:/yisa_oe demo:1.0
# 生成第二个容器 , 卷同步至第一个容器
[root@instance-6fuvnygy demo_test]# docker run -it --name demo3 --volumes-from demo2 demo:1.0
# 进入demo3容器下的index.html 写入内容 , 内容同步至demo2 和 宿主机挂载的目录
[root@instance-6fuvnygy demo_test]# cat index.html
<h1>hello world!</h1>
<h1>hello world!</h1>
<h1>hello world!</h1>
<h1>hello world!</h1>
<h1>hello world!</h1>
# 停止demo2 宿主机文件写入内容 查看demo3中对应文件
[root@instance-6fuvnygy demo_test]# docker exec -it demo3 /bin/bash
[root@3679baf66d57 yisa_oe]#
[root@3679baf66d57 yisa_oe]#
[root@3679baf66d57 yisa_oe]# cat index.html
<h1>hello world!</h1>
<h1>hello world!</h1>
<h1>hello world!</h1>
<h1>hello world!</h1>
<h1>hello world!</h1>
<h6>hello world!</h6>
<h6>hello world!</h6>
<h6>hello world!</h6>
<h6>hello world!</h6>
<h6>hello world!</h6>
<h6>hello world!</h6>
<h6>hello world!</h6>
结论:
容器之间的配置信息的传递,数据卷容器的生命周期一直持续到没有容器使用为止。
但是一旦你持久化到了本地,这个时候,本地的数据是不会删除的!
拓展:
多个mysql实现数据共享
# 第一个mysql容器和宿主机目录实现挂载
# 其余开启的mysql容器和第一个容器完成挂载
$ docker run -d -p 3306:3306 -v /home/mysql/conf:/etc/mysql/conf.d -v /home/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7
$ docker run -d -p 3310:3306 -e MYSQL_ROOT_PASSWORD=123456 --name mysql02 --volumes-from mysql01 mysql:5.7
Image
镜像常用命令
[root@instance-6fuvnygy ~]# docker image help
Commands:
build Build an image from a Dockerfile
history Show the history of an image
import Import the contents from a tarball to create a filesystem image
inspect Display detailed information on one or more images
load Load an image from a tar archive or STDIN
ls List images
prune Remove unused images
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rm Remove one or more images
save Save one or more images to a tar archive (streamed to STDOUT by default)
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
docker images 显示镜像
[root@instance-6fuvnygy ~]# docker images -a
# -a 显示所有
# -q 显示imageid
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 53aa81e8adfa 3 weeks ago 117MB
nginx latest 0e901e68141f 3 weeks ago 142MB
hello-world latest feb5d9fea6a5 8 months ago 13.3kB
docker search 去dockerhub上面搜索镜像
[root@instance-6fuvnygy ~]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 16963 [OK]
linuxserver/nginx An Nginx container,bro … 169
bitnami/nginx Bitnami nginx Docker Image 131 [OK]
ubuntu/nginx Nginx, a high-performance… 52
docker pull 去dockerhub上面拉取镜像
[root@instance-6fuvnygy ~]# docker pull php
Using default tag: latest
latest: Pulling from library/php
Digest: sha256:85b8803c19474a807ac3c814f1894b37ee34cd4d6a6e34d728bbc6f8292b44d4
Status: Downloaded newer image for php:latest
docker.io/library/php:latest
docker rmi 删除本地镜像
[root@instance-6fuvnygy ~]# docker rmi feb
Untagged: hello-world:latest
Untagged: hello-world@sha256:80f31da1ac7b312ba29d65080fddf797dd76acfb870e677f390d5acba9741b17
Deleted: sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
Deleted: sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359
docker tag 镜像重新打标签
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] # SOURCE_IMAGE 原始镜像 TARGET_IMAGE 目标镜像
镜像的获取三种方式
- pull from registry (online) 从registry拉取
# 默认从Docker Hub拉取,如果不指定版本,会拉取最新版
# 不指定版本
$ docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
# 指定版本
$ docker pull nginx:1.20.0
1.20.0: Pulling from library/nginx
Status: Downloaded newer image for nginx:1.20.0
docker.io/library/nginx:1.20.0
- build from
Dockerfile(online) 从Dockerfile构建(常用)
docker build -f dockerfole -t demo:tag . # 从当前目录通过dockerfiel文件生成tag版本demo镜像
- load from
file(offline) 文件导入 (离线)
[root@yangy docker_file]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
demo 1.0 e5d627e73e64 6 months ago 231MB
nginx latest 0e901e68141f 7 months ago 142MB
centos centos7 eeb6ee3f44bd 16 months ago 204MB
centos latest 5d0da3dc9764 16 months ago 231MB
# 将镜像保存成tar文件
[root@yangy docker_file]# docker save -o nginx_latest.tar 0e901e68141f
[root@yangy docker_file]# ls
nginx_latest.tar
# 从本地文件导入镜像
[root@yangy docker_file]# docker load -i nginx_latest.tar
Loaded image ID: sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d
Dockerfile
构建步骤:
-
编写一个dockerfile文件
-
docker build 构建称为一个镜像
-
docker run运行镜像
-
docker push发布镜像DockerHub
1、每个保留关键字(指令)都是必须是大写字母
2、执行从上到下顺序
3、#表示注释
4、每一个指令都会创建提交一个新的镜像曾,并提交!
DockerFile的指令:
FROM # from:基础镜像,一切从这里开始构建
MAINTAINER # maintainer:镜像是谁写的, 姓名+邮箱
RUN # run:镜像构建的时候需要运行的命令
ADD # add:步骤,tomcat镜像,这个tomcat压缩包!添加内容 添加同目录
WORKDIR # workdir:镜像的工作目录
VOLUME # volume:挂载的目录
EXPOSE # expose:保留端口配置
CMD # cmd:指定这个容器启动的时候要运行的命令,只有最后一个会生效,可被替代
ENTRYPOINT # entrypoint:指定这个容器启动的时候要运行的命令,可以追加命令
ONBUILD # onbuild:当构建一个被继承DockerFile这个时候就会运行onbuild的指令,触发指令
COPY # copy:类似ADD,将我们文件拷贝到镜像中
ENV # env:构建的时候设置环境变量!
# CMD 和 ENTRYPOINT区别
CMD # 指定这个容器启动的时候要运行的命令,只有最后一个会生效,可被替代。
ENTRYPOINT # 指定这个容器启动的时候要运行的命令,可以追加命令
#查看DockerFile内容
1 FROM centos:centos7
2
3 ADD api-zd /yisa_oe/api-zd/api-zd
4 ADD config.yaml /yisa_oe/api-zd/config.yaml
5
6 WORKDIR /yisa_oe/api-zd
7 RUN chmod -R 0777 api-zd
8 EXPOSE 9523
9 CMD ./api-zd
# 构建镜像
[root@instance-6fuvnygy docker]# docker build -t go_demo:1.1 .
# -f 如果文件名为Dockerfile 可不加
# -t image生成的版本
Sending build context to Docker daemon 24.86MB
Step 1/7 : FROM centos:centos7
---> eeb6ee3f44bd
Step 2/7 : ADD api-zd /yisa_oe/api-zd/api-zd
---> Using cache
---> f7f52f52f185
Step 3/7 : ADD config.yaml /yisa_oe/api-zd/config.yaml
---> Using cache
---> df2b916842dc
Step 4/7 : WORKDIR /yisa_oe/api-zd
---> Using cache
---> 395106517174
Step 5/7 : RUN chmod -R 0777 api-zd
---> Using cache
---> 9290d9b0d653
Step 6/7 : EXPOSE 9523
---> Using cache
---> 46d8978d9129
Step 7/7 : CMD ./api-zd
---> Using cache
---> 791d97bc214f
Successfully built 791d97bc214f
Successfully tagged go_demo:1.1
# 查看生成的镜像
[root@instance-6fuvnygy docker]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
go_demo 1.1 791d97bc214f 12 days ago 230MB
docker history 查看镜像构建历史步骤
[root@instance-6fuvnygy demo_test]# docker history 791d
IMAGE CREATED CREATED BY SIZE COMMENT
791d97bc214f 12 days ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "./ap… 0B
46d8978d9129 12 days ago /bin/sh -c #(nop) EXPOSE 9523 0B
9290d9b0d653 12 days ago /bin/sh -c chmod -R 0777 api-zd 12.8MB
395106517174 12 days ago /bin/sh -c #(nop) WORKDIR /yisa_oe/api-zd 0B
df2b916842dc 12 days ago /bin/sh -c #(nop) ADD file:12df5f52543fefe5d… 465B
f7f52f52f185 12 days ago /bin/sh -c #(nop) ADD file:e28ac3340607e0c45… 12.8MB
eeb6ee3f44bd 9 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 9 months ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 9 months ago /bin/sh -c #(nop) ADD file:b3ebbe8bd304723d4… 204MB
推送镜像到dockerhub
# 登录
[root@instance-6fuvnygy demo_test]# docker login --help
Usage: docker login [OPTIONS] [SERVER]
Log in to a Docker registry.
If no server is specified, the default is defined by the daemon.
Options:
-p, --password string Password
--password-stdin Take the password from stdin
-u, --username string Username
# 推送镜像至dockerhub
[root@instance-6fuvnygy demo_test]# docker push XXX/XXX
The push refers to repository [docker.io/XXX/XXX]
13ba2d8fa2c7: Pushed
310e4cc23683: Pushed
63d02f9bd28b: Pushed
174f56854903: Mounted from library/centos
1.0: digest: sha256:ac5abf87f3cf9290aa24f6ad8b566d329be7dd904e5e4e7c252826f29ce9f046 size: 1158
Network
三个网络
[root@instance-6fuvnygy demo_test]# ip addr
# 本机回环地址
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
# 云内网地址
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether fa:28:00:10:ae:1f brd ff:ff:ff:ff:ff:ff
inet 172.16.16.4/20 brd 172.16.31.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f828:ff:fe10:ae1f/64 scope link
valid_lft forever preferred_lft forever
# docker0地址
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:5b:2c:de:58 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:5bff:fe2c:de58/64 scope link
valid_lft forever preferred_lft forever
问题: docker 是如果处理容器网络访问的?
原理:1、我们每启动一个docker容器,docker就会给docker容器分配一个ip,我们只要安装了docker,就会有一个docker0桥接模式,使用的技术是veth-pair技术 ; 2 、再启动一个容器测试,发现又多了一对网络
我们发现这个容器带来网卡,都是一对对的
veth-pair 就是一对的虚拟设备接口,他们都是成对出现的,一端连着协议,一端彼此相连
正因为有这个特性 veth-pair 充当一个桥梁,连接各种虚拟网络设备的
OpenStac,Docker容器之间的连接,OVS的连接,都是使用evth-pair技术
结论:容器和容器之间是可以互相ping通
网络模型图
小结
Docker使用的是Linux的桥接,宿主机是一个Docker容器的网桥 docker0
Docker中所有网络接口都是虚拟的,虚拟的转发效率高(内网传递文件)
只要容器删除,对应的网桥一对就没了!
所有的容器不指定网络的情况下,都是docker0路由的,docker会给我们的容器分配一个默认的可用ip
docker0问题:不支持容器名连接访问!
自定义网络
[root@instance-6fuvnygy ~]# docker network
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
网络模式
[root@instance-6fuvnygy ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3efc54cdf895 bridge bridge local # 桥接 docker(默认,自己创建也是用bridge模式)
166927324fa7 host host local # 和所主机共享网络
31eb0c88879d none null local # 不配置网络,一般不用
116c56f2b39e redis bridge local
我们直接启动的命令 --net bridge,而这个就是我们得docker0 , bridge就是docker0
$ docker run -d -P --name nginx tomcat <=> docker run -d -P --name nginx --net bridge tomcat
创建网络
$ docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
查看网络
[root@instance-6fuvnygy ~]# docker network inspect 116
[
{
"Name": "redis",
"Id": "116c56f2b39e5f245df872a9f0b68ee7cd66f3dbd1c4b51ed65a08f1c442df63",
"Created": "2022-06-18T16:25:48.469105478+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.38.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"f06f2f1d44072efc176f700e84520c1a042de4312600dc3bae3aad23d6a48273": {
"Name": "redis-5",
"EndpointID": "e757824a2e7ad3ac10676bcc0dd00430bef723e9fe4b954586e6f11ff4d2c792",
"MacAddress": "02:42:ac:26:00:0f",
"IPv4Address": "172.38.0.15/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
容器连接到网络
[root@instance-6fuvnygy ~]# docker network connect --help
Usage: docker network connect [OPTIONS] NETWORK CONTAINER
# 假设要跨网络操作别人,就需要使用docker network connect 连通!
实战
1. 部署Redis集群
- 创建网卡
docker network create redis --subnet 172.38.0.0/16 # 创建一个redis网卡 172.38.0.0 - 172.38.255.255
[root@instance-6fuvnygy docker]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3efc54cdf895 bridge bridge local
166927324fa7 host host local
31eb0c88879d none null local
116c56f2b39e redis bridge local
- 创建redis配置相关目录
# 通过脚本创建六个redis配置 准备工作
for port in $(seq 1 6); \
do \
mkdir -p $PWD/node-${port}/conf
touch $PWD/node-${port}/conf/redis.conf
cat << EOF > $PWD/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done
# redis配置相关介绍
cluster-enabled yes # 开启集群模式
cluster-config-file nodes.conf # 设定节点配置文件名
cluster-node-timeout 5000 # 设定节点失联时间,超过该时间(毫秒),集群自动进行主从切换
cluster-announce-ip 172.38.0.1${port} # 实际为各节点网卡分配ip 先用一个ip代替
cluster-announce-port 6379 ##节点映射端口
cluster-announce-bus-port 16379 # 集群总线端口
appendonly yes #持久化模式
- 运行redis容器
for port in $(seq 1 6);\
docker run -p 600${port}:6379 -p 1667${port}:16379 --name redis-1 \
-v $PWD/node-${port}/data:/data \
-v $PWD/node-${port}/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.1${port} redis redis-server /etc/redis/redis.conf
# redis-1
docker run -p 6001:6379 -p 16671:16379 --name redis-1 -v $PWD/node-1/data:/data -v $PWD/node-1/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.11 redis redis-server /etc/redis/redis.conf
# redis-2
docker run -p 6002:6379 -p 16672:16379 --name redis-2 -v $PWD/node-2/data:/data -v $PWD/node-2/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.12 redis redis-server /etc/redis/redis.conf
# redis-3
docker run -p 6003:6379 -p 16673:16379 --name redis-3 -v $PWD/node-3/data:/data -v $PWD/node-3/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.13 redis redis-server /etc/redis/redis.conf
# redis-4
docker run -p 6004:6379 -p 16674:16379 --name redis-4 -v $PWD/node-4/data:/data -v $PWD/node-4/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.14 redis redis-server /etc/redis/redis.conf
# redis-5
docker run -p 6005:6379 -p 16675:16379 --name redis-5 -v $PWD/node-5/data:/data -v $PWD/node-5/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.15 redis redis-server /etc/redis/redis.conf
# redis-6
docker run -p 6006:6379 -p 16676:16379 --name redis-6 -v $PWD/node-6/data:/data -v $PWD/node-6/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.16 redis redis-server /etc/redis/redis.conf
- 进入容器,完成redis集群配置
# 进入redis容器
[root@instance-6fuvnygy docker]# docker exec -it 90d /bin/bash
root@90d9f3423b94:/data#
# redis-cli 连接redis 并配置集群
# --cluster-replicas 1 数字表示主节点对应的从节点
root@90d9f3423b94:/etc/redis# redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379 --cluster-replicas 1
>>> Performing hash slots allocation on 6 nodes...
Master[0] -> Slots 0 - 5460
Master[1] -> Slots 5461 - 10922
Master[2] -> Slots 10923 - 16383
Adding replica 172.38.0.15:6379 to 172.38.0.11:6379
Adding replica 172.38.0.16:6379 to 172.38.0.12:6379
Adding replica 172.38.0.14:6379 to 172.38.0.13:6379
M: 3c7978360203b50d7e6269d619d3929838b6c43c 172.38.0.11:6379
slots:[0-5460] (5461 slots) master
M: 306fd6cbe116159e02e1b73c85cabfba3fce3026 172.38.0.12:6379
slots:[5461-10922] (5462 slots) master
M: 026a47644b7997b560426fca6de46bff68159c0d 172.38.0.13:6379
slots:[10923-16383] (5461 slots) master
S: 60290da62f04de060f1c3ae88f63f2da060a2786 172.38.0.14:6379
replicates 026a47644b7997b560426fca6de46bff68159c0d
S: b4189d59bd303b9b58ec6e8e9c5ae235edab6cdd 172.38.0.15:6379
replicates 3c7978360203b50d7e6269d619d3929838b6c43c
S: 5aae196eb52afd886f2dbec24154a1adfae865a2 172.38.0.16:6379
replicates 306fd6cbe116159e02e1b73c85cabfba3fce3026
Can I set the above configuration? (type 'yes' to accept): yes
>>> Nodes configuration updated
>>> Assign a different config epoch to each node
>>> Sending CLUSTER MEET messages to join the cluster
Waiting for the cluster to join
.
>>> Performing Cluster Check (using node 172.38.0.11:6379)
M: 3c7978360203b50d7e6269d619d3929838b6c43c 172.38.0.11:6379
slots:[0-5460] (5461 slots) master
1 additional replica(s)
S: b4189d59bd303b9b58ec6e8e9c5ae235edab6cdd 172.38.0.15:6379
slots: (0 slots) slave
replicates 3c7978360203b50d7e6269d619d3929838b6c43c
S: 60290da62f04de060f1c3ae88f63f2da060a2786 172.38.0.14:6379
slots: (0 slots) slave
replicates 026a47644b7997b560426fca6de46bff68159c0d
S: 5aae196eb52afd886f2dbec24154a1adfae865a2 172.38.0.16:6379
slots: (0 slots) slave
replicates 306fd6cbe116159e02e1b73c85cabfba3fce3026
M: 026a47644b7997b560426fca6de46bff68159c0d 172.38.0.13:6379
slots:[10923-16383] (5461 slots) master
1 additional replica(s)
M: 306fd6cbe116159e02e1b73c85cabfba3fce3026 172.38.0.12:6379
slots:[5461-10922] (5462 slots) master
1 additional replica(s)
[OK] All nodes agree about slots configuration.
>>> Check for open slots...
>>> Check slots coverage...
[OK] All 16384 slots covered.
# 进入redis
root@90d9f3423b94:/etc/redis# redis-cli -c
# 查看集群转态
127.0.0.1:6379> cluster nodes
b4189d59bd3 172.38.0.15:6379@16379 slave 3c7978360203b50d7e6269d619d 0 1655541767503 1 connected
60290da62f0 172.38.0.14:6379@16379 slave 026a47644b7997b560426fca6de 0 1655541767302 3 connected
5aae196eb52 172.38.0.16:6379@16379 slave 306fd6cbe116159e02e1b73c85c 0 1655541768507 2 connected
3c797836020 172.38.0.11:6379@16379 myself,master - 0 1655541767000 1 connected 0-5460
026a47644b7 172.38.0.13:6379@16379 master - 0 1655541768306 3 connected 10923-16383
306fd6cbe11 172.38.0.12:6379@16379 master - 0 1655541768000 2 connected 5461-10922
# 设置key
127.0.0.1:6379> set name redis
-> Redirected to slot [5798] located at 172.38.0.12:6379
OK
# 查看key
172.38.0.12:6379> get name
"redis"
# 停止redis-2容器
[root@instance-6fuvnygy yisa_oe]# docker stop e73
e73
# 查看集群状态
127.0.0.1:6379> cluster nodes
b4189d59bd303b9b 172.38.0.15:6379@16379 slave 3c7978360203b50d7e626 0 1655542526544 1 connected
60290da62f04de06 172.38.0.14:6379@16379 slave 026a47644b7997b560426 0 1655542526000 3 connected
5aae196eb52afd88 172.38.0.16:6379@16379 master - 0 1655542526544 7 connected 5461-10922
3c7978360203b50d 172.38.0.11:6379@16379 myself,master - 0 1655542526000 1 connected 0-5460
026a47644b7997b5 172.38.0.13:6379@16379 master - 0 1655542526845 3 connected 10923-16383
306fd6cbe116159e 172.38.0.12:6379@16379 master,fail - 1655542290027 1655542288000 2 connected
# 查看key
127.0.0.1:6379> get name
-> Redirected to slot [5798] located at 172.38.0.16:6379
"redis"
# 重启redis-2容器
[root@instance-6fuvnygy yisa_oe]# docker start e73
e73
# 查看集群状态
127.0.0.1:6379> cluster nodes
b4189d59bd303b9b5 172.38.0.15:6379@16379 slave 3c7978360203b50d7e6269d619 0 1655542625186 1 connected
60290da62f04de060 172.38.0.14:6379@16379 slave 026a47644b7997b560426fca6d 0 1655542625000 3 connected
5aae196eb52afd886 172.38.0.16:6379@16379 master - 0 1655542625086 7 connected 5461-10922
3c7978360203b50d7 172.38.0.11:6379@16379 myself,master - 0 1655542624000 1 connected 0-5460
026a47644b7997b56 172.38.0.13:6379@16379 master - 0 1655542624181 3 connected 10923-16383
306fd6cbe116159e0 172.38.0.12:6379@16379 slave 5aae196eb52afd886f2dbec241 0 1655542626189 7 connected
