CentOS7配置和管理Docker
Docker是操作系統級別的虛擬化工具,它能自動化布署在容器中的應用
1. 安裝Docker
1.1. 安裝Docker相關軟件
[root@server1 ~]# yum install -y docker
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/4): extras/7/x86_64/primary_db | 129 kB 00:00
(2/4): base/7/x86_64/group_gz | 156 kB 00:00
1.2. 打開docker服務
[root@server1 ~]# systemctl start docker
[root@server1 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
1.3. 下載官方鏡像
[root@server1 ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
d9aaf4d82f24: Pull complete
Digest: sha256:4565fe2dd7f4770e825d4bd9c761a81b26e49cc9e3c9631c58cfc3188be9505a
1.4. 創建並運行容器
[root@server1 ~]# docker run -i -t centos /bin/bash
[root@258b34675ce6 /]# uname -a
Linux 258b34675ce6 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@258b34675ce6 /]# exit
exit
[root@server1 ~]#
1.5. 容器與主機之前切換
1.5.1. 從容器切后主機
先按CTRL+P,再按CTRL+Q
1.5.2. 從主機進入容器
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
adc43441388d centos "/bin/bash" 12 seconds ago Up 11 seconds distracted_kowalevski
[root@server1 ~]# docker attach adc43441388d
[root@adc43441388d /]# [root@server1 ~]#
[root@server1 ~]# docker kill adc43441388d
adc43441388d
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server1 ~]#
1.6. 關閉運行的容器
[root@server1 ~]# docker kill adc43441388d
1.7. 刪除容器
[root@server1 ~]# docker rm adc43441388d
2. 添加鏡像
2.1. 顯示鏡像
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest d123f4e55e12 10 days ago 196.6 MB
2.2. 啟動鏡像
[root@server1 ~]# docker run centos /bin/bash -c "yum -y update; yum -y install httpd"
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.sohu.com
* extras: mirrors.sohu.com
* updates: mirrors.sohu.com
Resolving Dependencies
--> Running transaction check
[root@server1 ~]# docker ps -a | head -2
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03e86d110a95 centos "/bin/bash -c 'yum -y" 5 minutes ago Exited (0) 4 minutes ago sad_ardinghelli
2.3. 添加鏡像到本地倉庫
[root@server1 ~]# docker commit 03e86d110a95 my_image/centos_httpd
sha256:dde621fda8a6b47045e2c10417735d4c6dc24eb0f8061bd9482d2357c28814f8
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
my_image/centos_httpd latest dde621fda8a6 15 seconds ago 344.7 MB
docker.io/centos latest d123f4e55e12 10 days ago 196.6 MB
[root@server1 ~]#
2.4. 運行本地倉庫中的鏡像
[root@server1 ~]# docker run -it -p 8081:80 my_image/centos_httpd /bin/bash
[root@1872640e59a4 /]# /usr/sbin/httpd &
[1] 13
[root@1872640e59a4 /]# AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[1]+ Done /usr/sbin/httpd
[root@1872640e59a4 /]# echo "httpd on Docker Container" > /var/www/html/index.html
[root@1872640e59a4 /]# [root@server1 ~]#
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1872640e59a4 my_image/centos_httpd "/bin/bash" 57 seconds ago Up 56 seconds 0.0.0.0:8081->80/tcp happy_hawking
[root@server1 ~]#
2.5. 刪除鏡像
[root@server1 ~]# docker rmi dde621fda8a6
3. 應用Dockerfile
應用Dockerfile來自動創建鏡像,它對於配置管理非常有用。
3.1. Dockerfile指令
Dockerfile的格式是指令參數,其指令如下:
INSTRUCTION |
Description |
FROM |
iIt sets the Base Image for subsequent instructions. |
MAINTAINER |
It sets the Author field of the generated images. |
RUN |
It will execute any commands when Docker image will be created. |
CMD |
It will execute any commands when Docker container will be executed. |
ENTRYPOINT |
It will execute any commands when Docker container will be executed. |
LABEL |
It adds metadata to an image. |
EXPOSE |
It informs Docker that the container will listen on the specified network ports at runtime. |
ENV |
It sets the environment variable. |
ADD |
It copies new files, directories or remote file URLs. |
COPY |
It copies new files or directories. |
VOLUME |
It creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers |
USER |
It sets the user name or UID. |
WORKDIR |
It sets the working directory. |
3.2. 應用Dockerfile創建鏡像
3.2.1. 編輯Dockerfile文件
[root@server1 ~]# vi Dockerfile
FROM centos
MAINTAINER serverworld <admin@smartmap.com>
RUN yum -y install httpd
RUN echo "Hello Dockerfile" > /var/www/html/index.html
EXPOSE 80
CMD ["-D", "FOREGROUND"]
ENTRYPOINT ["/usr/sbin/httpd"]
3.2.2. 創建鏡像
[root@server1 ~]# docker build -t web_server:lastest .
Sending build context to Docker daemon 11.78 kB
Step 1 : FROM centos
---> d123f4e55e12
Step 2 : MAINTAINER serverworld <admin@smartmap.com>
---> Running in 926c430cb553
---> 53c5a75f541e
Removing intermediate container 926c430cb553
Step 3 : RUN yum -y install httpd
---> Running in 1803a687dc71
3.2.3. 查看創建結果
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
web_server lastest e3f3917f4eb0 57 seconds ago 309.1 MB
my_image/centos_httpd latest dd26378537ea 21 hours ago 344.7 MB
docker.io/centos latest d123f4e55e12 11 days ago 196.6 MB
3.2.4. 在后台運行容器
[root@server1 ~]# docker run -d -p 80:80 web_server:lastest
2492d92d5d828510c1b01bbc8d1b2e55b33fc9399902553264191da52a4d4c71
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2492d92d5d82 web_server:lastest "/usr/sbin/httpd -D F" 51 seconds ago Up 49 seconds 0.0.0.0:80->80/tcp modest_aryabhata
4. 應用Docker-Registry
4.1. Docker-Registry服務器
安裝Docker-Registry來構建私有Docker鏡像的Registry
https://hub.docker.com/_/registry/
4.1.1. 安裝Docker-Registry相關軟件
[root@server2 ~]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
49388a8c9c86: Pull complete
e4d43608dd22: Pull complete
3a41740f900c: Pull complete
e16ef4b76684: Pull complete
65f212f7c778: Pull complete
Digest: sha256:d837de65fd9bdb81d74055f1dc9cc9154ad5d8d5328f42f57f273000c402c76d
[root@server2 ~]#
4.1.2. 運行Registry的Docker鏡像作為一個分離的容器
[root@server2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest a07e3f32a779 3 weeks ago 33.25 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server2 ~]# docker run -d -p 5000:5000 docker.io/registry
0aa3593554049742955ffb20755c846bfcfb8ee09aeb4a16f3e83c05e4945e2a
[root@server2 ~]#
[root@server2 ~]# curl -i http://localhost:5000/v2
HTTP/1.1 301 Moved Permanently
Docker-Distribution-Api-Version: registry/2.0
Location: /v2/
Date: Sat, 25 Nov 2017 03:58:00 GMT
Content-Length: 39
Content-Type: text/html; charset=utf-8
<a href="/v2/">Moved Permanently</a>.
4.2. Docker-Registry客戶端
4.2.1. 修改配置文件以指定registry地址
面registry雖然已經運行起來了,但是如果想用push命令上傳鏡像是會報錯的,需要在配置文件中指定registry的地址。在/etc/sysconfig/docker文件中添加一下配置
4.2.2. 重啟docker服務
[root@server1 ~]# systemctl restart docker
4.2.3. 上傳鏡像
4.2.3.1. 修改鏡像tag
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker tag docker.io/busybox:latest 192.168.1.102:5000/mybusybox:1.1.1
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
4.2.3.2. 上傳鏡像
[root@server1 ~]# docker push 192.168.1.102:5000/mybusybox:1.1.1
The push refers to a repository [192.168.1.102:5000/mybusybox]
0271b8eebde3: Pushed
1.1.1: digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465 size: 527
[root@server1 ~]#
4.2.3.3. 查看上傳鏡像信息
[root@server1 ~]# curl http://192.168.1.102:5000/v2/_catalog
{"repositories":["mybusybox"]}
[root@server1 ~]#
[root@server1 ~]# curl http://192.168.1.102:5000/v2/mybusybox/tags/list
{"name":"mybusybox","tags":["1.1.1"]}
4.2.3.4. 下載私有庫中的鏡像
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker rmi docker.io/busybox
Untagged: docker.io/busybox:latest
Untagged: docker.io/busybox@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker rmi 192.168.1.102:5000/mybusybox
Error response from daemon: No such image: 192.168.1.102:5000/mybusybox:latest
[root@server1 ~]# docker rmi 192.168.1.102:5000/mybusybox:1.1.1
Untagged: 192.168.1.102:5000/mybusybox:1.1.1
Untagged: 192.168.1.102:5000/mybusybox@sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465
Deleted: sha256:6ad733544a6317992a6fac4eb19fe1df577d4dec7529efec28a5bd0edad0fd30
Deleted: sha256:0271b8eebde3fa9a6126b1f2335e170f902731ab4942f9f1914e77016540c7bb
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker search 192.168.1.102:5000/mybusybox
Error response from daemon: Unexpected status code 404
[root@server1 ~]# curl http://192.168.1.102:5000/v2/_catalog
{"repositories":["mybusybox"]}
[root@server1 ~]# curl http://192.168.1.102:5000/v2/mybusybox/tags/list
{"name":"mybusybox","tags":["1.1.1"]}
[root@server1 ~]# docker pull 192.168.1.102:5000/mybusybox:1.1.1
Trying to pull repository 192.168.1.102:5000/mybusybox ...
1.1.1: Pulling from 192.168.1.102:5000/mybusybox
0ffadd58f2a6: Pull complete
Digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]#
4.3. 配置HTTPS訪問的Docker-Registry服務器
如果你擁有一個域名,域名下主機提供Registry服務,並且你擁有某知名CA簽署的證書文件,那么你可以建立起一個Secure Registry。不過我這里沒有現成的證書,只能使用自簽署的證書。嚴格來講,使用自簽署的證書在Docker官方眼中依舊屬於Insecure,不過這里只是借助自簽署的證書來說明一下Secure Registry的部署步驟罷了。
4.3.1. 創建自簽署SSL證書
4.3.1.1. 生成key
[root@server2 ~]# cd /etc/pki/tls/certs
[root@server2 certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
..........................................................................................................................................+++
..............................................................................................+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@server2 certs]#
4.3.1.2. 刪除key中的密碼
[root@server2 certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@server2 certs]# cat server.key
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzXXS/QNksz0mFVk95pdLJO2YHymWv4jr8aoWYjH6rz93UEeU
Mvp9ncOlggREiG2TZhhnM/phQETldkUjp3OT8uR8xfEVfZEbI9nMS666rIdkh4sQ
XoBA75hYipsCxZ5QKuK9gVj4G9Q6fbcrHksIxiIpaIR9Tw694lRlihOMUVyHy1hT
AsSm5eEHvhLq/gz4+aRS3eY36A8+gLZrVlzbLn9Gwf1PEMYbUEUxLPIN9byvKVQU
7OqZJPMY9gFD2Zp9gXqDbEcmoHywyMM9QIyJezMMyGCie1Gu5kUkf5uLk0fkgJPQ
GWctS9D6sxy5VQzZrwgwXR+sodmyRYTrhfrWkQIDAQABAoIBAQCPXi9bFBoZpIrF
jN9P37S00QI8hIXHo2CY4on5/UwjK5MzNq9oHzi2dMYyAo5b8LJRJKgnMgjYkvrX
W4l0mIbdj6itavwHAdFBZAJVsVhbeaKhnl1OxAoL5m+qUF5PzZe9RTjdYFrI+H/U
J5Nz8QHvV/kzEHhsSSohG6k6/0cDod+kolKccuLX/8xiL0yej7aym34L1m0mQwwM
2gtQhKeRa4N0zU7TlpQUlh9BfNOeqhce7WLp7hQv6YAiF4FoLTDxQrw8zjT1HZLq
+fw4ZsRSSUjahJOxEaUv+GXWpbU7iDlVPJiH9iF32YhE9PF2//4oIFhMi7tqTjHn
dQ23da5RAoGBAPga+eB2Fuuctt5LWLKxalj1sbEev1bMVbJSeTP9yuZhTCIr4h3M
8Qe/jMEl/RgVwoac3POKHGKi+N0JKJ8fEWZgkZ+Dss+tOU4yvx96NPKCXMMaAB3f
8yFnYWi949/mmjdyFzNlyKUVVt9QNN5/humLDa5snfImzInAOtep2Fs9AoGBANP/
d9xdAmBoxdJx4kesD8t+MHDV5Mo7MJYYXJ6qDGwVE7job8eTgXed2iTN1yrj78Iz
gtNPPZ9rRLE0X5Lg6WcH/Uwwk+0+Bsl9dsifRLzE4+gnnAdWgF5XNUB74rJ4FrSf
WGwypmDFDR6ojeHU8xvDxPGoj8psZeyBx5l5fa3lAoGBAL/BObc+DeD0MnIEkf0q
GiO/YSKfvQp8yw8TpxGD6bm9IXaXrB+UMgXnCgaOMdrXlo0r16ly6RVjGCzd00OI
Y45YvLQouZ7BJzVFC2psrVdxYfh4s/ZjDCqZGDQ371Mxi6emyj+zPyw4HfhiqTn+
HmuKSXyx/jEVw6gDpnbgkpORAoGANt8h5AzC57dWtLC7c/eqIu6nlR0X2exWGBN4
La0wB+2wrCSlgg/A6/gUlYAd2EElNqvkidMxzQiTwBYhQsAqSXu86TKNp1NtqEts
KmNnBEEmCFnwPcn68fA6nVUziSQiJGA2H9NAUz3NtojEKJbY0e/rEu2hQjCqdPvm
cOgMSq0CgYEA67zIYZN0JfxAovndcwODBRZm/ONvyleFjdfK/3ZFDMDkc/IcVdC+
NnCjmt6ESxU0s9Voe3/mJ3cBOaZCw2yJ0QmFZDLKtDsOCfE3+PspsSZKYCS5q2SO
dwm6zFafM9UYnGPIzlS4Rk+qRMGKu9/z+N9XvBH98lFn4wbKTurBRgA=
-----END RSA PRIVATE KEY-----
[root@server2 certs]#
[root@server2 certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Xian
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:server2.smartmap.com
Email Address []:zyxgis@hotmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //不用輸入密碼,直接Enter
An optional company name []: //不用輸入密碼,直接Enter
4.3.1.3. 生成自簽署證書
[root@server2 certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=Xian/L=Default City/O=Default Company Ltd/CN=server2.smartmap.com/emailAddress=zyxgis@hotmail.com
Getting Private key
[root@server2 certs]#
4.3.2. 關掉正在運行的Registery的Docker容器
[root@server2 certs]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0aa359355404 docker.io/registry "/entrypoint.sh /etc/" 5 hours ago Up 5 hours 0.0.0.0:5000->5000/tcp loving_volhard
[root@server2 certs]# docker kill 0aa359355404
0aa359355404
[root@server2 certs]#
4.3.3. 將證書復制到本地
[root@server2 certs]# pwd
/etc/pki/tls/certs
[root@server2 certs]# cd /
[root@server2 /]# mkdir -p certs
[root@server2 /]# cd certs/
[root@server2 certs]# cp /etc/pki/tls/certs/server.crt domain.crt
[root@server2 certs]# cp /etc/pki/tls/certs/server.key domain.key
[root@server2 certs]# ll
total 8
-rw-r--r-- 1 root root 1322 Nov 25 17:08 domain.crt
-rw------- 1 root root 1679 Nov 25 17:08 domain.key
4.3.4. 指定TLS參數的方式啟動Registery
[root@server2 /]# docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`/certs:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
> -p 443:443 \
> registry
7418bcbdef2f8d158befabf647ece935cb1a1d211734bd3b076423eb6038bf20
[root@server2 /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7418bcbdef2f registry "/entrypoint.sh /etc/" 13 seconds ago Up 12 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@server2 /]# docker logs 7418bcbdef2f
time="2017-11-25T11:07:27Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=aa0c0d0c-7213-4dd3-b52a-76e7c4561d04 version=v2.6.2
[root@server2 /]# curl https://192.168.1.102:443/v2
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
[root@server2 /]#
4.3.5. 修改客戶端的hosts文件
[root@server1 ~]# vi /etc/hosts
192.168.1.101 server1.smartmap.com
192.168.1.102 server2.smartmap.com
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
4.3.6. 客戶端服務證書
[root@server1 ~]# mkdir /etc/docker/certs.d/server2.smartmap.com
[root@server1 ~]# scp root@192.168.1.102:/certs/domain.crt /etc/docker/certs.d/server2.smartmap.com/ca.crt
The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:lgN0eOtdLR2eqHh+fabe54DGpV08ZiWo9oWVS60aGzw.
ECDSA key fingerprint is MD5:28:c0:cf:21:35:29:3d:23:d3:62:ca:0e:82:7a:4b:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts.
root@192.168.1.102's password:
domain.crt 100% 1322 289.6KB/s 00:00
[root@server1 ~]#
4.3.7. 客戶端上傳鏡像
[root@server1 certs]# docker tag 192.168.1.102:5000/mybusybox:1.1.1 server2.smartmap.com/busy:latest
[root@server1 certs]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker push server2.smartmap.com/busy:latest
The push refers to a repository [server2.smartmap.com/busy]
0271b8eebde3: Pushed
latest: digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465 size: 527
[root@server1 ~]#
5. 存貯持久化
5.1. 將一個容器作為另一個容器的存貯
創建一個容器僅僅作為保存數據的存貯服務。
5.1.1. 創建一個新的Dockerfile
[root@server1 ~]# vi Dockerfile
FROM busybox
MAINTAINER SmartMap <zyxgis@hotmail.com>
VOLUME /storage
CMD /bin/sh
5.1.2. 構建鏡像
[root@server1 ~]# docker build -t storage .
Sending build context to Docker daemon 11.78 kB
Step 1 : FROM busybox
Trying to pull repository docker.io/library/busybox ...
latest: Pulling from docker.io/library/busybox
Digest: sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0
---> 6ad733544a63
Step 2 : MAINTAINER SmartMap <zyxgis@hotmail.com>
---> Running in ee7efda4c3ba
---> 31e1db61db6d
Removing intermediate container ee7efda4c3ba
Step 3 : VOLUME /storage
---> Running in b39fb411b876
---> ad9c75ff5177
Removing intermediate container b39fb411b876
Step 4 : CMD /bin/sh
---> Running in 665049285a97
---> 23ec71268f5b
Removing intermediate container 665049285a97
Successfully built 23ec71268f5b
[root@server1 ~]#
5.1.3. 顯示鏡像列表
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
storage latest 23ec71268f5b 48 seconds ago 1.129 MB
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]#
5.1.4. 生成存貯服務的容器
[root@server1 ~]# docker run -i -t --name storage_server storage
/ # exit
[root@server1 ~]#
5.1.5. 在其它容器中利用"--volumes-from"參數來應用存貯服務容器
[root@server1 ~]# docker run -i -t --name centos_server --volumes-from storage_server centos /bin/bash
[root@6c2ab2b2efa9 /]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/docker-8:3-8388702-2cb60545fe290371fffd2e4fc935b86b2503f21d0c7edb5366c145c42325ff48 xfs 10G 242M 9.8G 3% /
tmpfs tmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda3 xfs 10G 383M 9.7G 4% /storage
shm tmpfs 64M 0 64M 0% /dev/shm
5.1.6. 寫入文件
[root@6c2ab2b2efa9 /]# echo "persistent storage" >> /storage/testfile.txt
[root@6c2ab2b2efa9 /]# ll /storage
total 4
-rw-r--r-- 1 root root 19 Nov 25 16:04 testfile.txt
5.1.7. 啟動存貯服務容器查看數據保存在其中
[root@server1 ~]# docker start storage_server
storage_server
[root@server1 ~]# docker attach storage_server
/ # cat /storage/testfile.txt
persistent storage
/ #
5.2. 掛載外部文件系統作為容器的存貯
5.2.1. 創建一個掛載的目錄
[root@server1 ~]# mkdir -p /var/docker/disk01
[root@server1 ~]# echo "persistent storage" >> /var/docker/disk01/testfile.txt
[root@server1 ~]#
5.2.2. 通過掛載目錄作為容器的存貯
[root@server1 ~]# docker run -i -t -v /var/docker/disk01:/mnt centos /bin/bash
[root@6ad40e4b8df4 /]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/docker-8:3-8388702-2dd829d9ea85f3c39ae5dac1283dc7919cf8576250046246f1921a89091fec38 xfs 10G 242M 9.8G 3% /
tmpfs tmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda3 xfs 10G 378M 9.7G 4% /mnt
shm tmpfs 64M 0 64M 0% /dev/shm
[root@6ad40e4b8df4 /]# cat /mnt/testfile.txt
persistent storage
[root@6ad40e4b8df4 /]#
6. Docker Swarm創建多機容器集群模式
在Swarm集群模式中有兩種角色:Manager nodes 和 Worker nodes
6.1. 在所有節點上安裝並運行Docker服務
[root@server1 ~]# docker -v
Docker version 1.12.6, build 85d7426/1.12.6
[root@server1 ~]#
6.2. 在所有節點上關掉live-restore選項
[root@server1 ~]# vi /etc/docker/daemon.json
{
"live-restore": false
}
6.3. 在Manager Node上配置Swarm集群
[root@server1 ~]# docker swarm init
Swarm initialized: current node (33pmecwb84ye601p4w0vdqfts) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \
192.168.1.101:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
[root@server1 ~]#
6.4. 每一個Worker Nodes都加入Swarm集群中
對於server2.smartmap.com
[root@server2 ~]# docker swarm join \
> --token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \
> 192.168.1.101:2377
This node joined a swarm as a worker.
[root@server2 ~]#
對於server3.smartmap.com
[root@server3 ~]# docker swarm join \
> --token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \
> 192.168.1.101:2377
This node joined a swarm as a worker.
[root@server3 ~]#
6.5. Manager Node上查看Swarm集群列表狀態
[root@server1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
2keiipiaol4m6avgrfx1npsis server3.smartmap.com Ready Active
33pmecwb84ye601p4w0vdqfts * server1.smartmap.com Ready Active Leader
6l4rbnivq6liq434y1vy4437i server2.smartmap.com Ready Active
[root@server1 ~]#
6.6. 在所有節點上創建相同的容器鏡像
[root@server1 ~]# vi Dockerfile
# create new
FROM centos
MAINTAINER serverworld <admin@srv.world>
RUN yum -y install httpd
RUN echo "Hello DockerFile" > /var/www/html/index.html
EXPOSE 80
CMD ["-D", "FOREGROUND"]
ENTRYPOINT ["/usr/sbin/httpd"]
[root@server1 ~]# docker build -t web_server:latest .
Sending build context to Docker daemon 11.78 kB
Step 1 : FROM centos
---> d123f4e55e12
Step 2 : MAINTAINER serverworld <admin@srv.world>
---> Running in 4dd83b30837d
---> b376afc38f12
Removing intermediate container 4dd83b30837d
Step 3 : RUN yum -y install httpd
6.7. 在Manager Node上配置服務
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
web_server latest 2ff383b9765a 11 minutes ago 309.3 MB
storage latest 23ec71268f5b About an hour ago 1.129 MB
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker service create --name swarm_cluster --replicas=2 -p 80:80 web_server:latest
7h0zjf4f1cap82xwvpx4tum5i
[root@server1 ~]# docker service ls
ID NAME REPLICAS IMAGE COMMAND
7h0zjf4f1cap swarm_cluster 0/2 web_server:latest
[root@server1 ~]# docker service ls
ID NAME REPLICAS IMAGE COMMAND
7h0zjf4f1cap swarm_cluster 2/2 web_server:latest
[root@server1 ~]#
6.8. 在Manager Node上查看服務狀態
[root@server1 ~]# docker service inspect swarm_cluster --pretty
ID: 7h0zjf4f1cap82xwvpx4tum5i
Name: swarm_cluster
Mode: Replicated
Replicas: 2
Placement:
UpdateConfig:
Parallelism: 1
On failure: pause
ContainerSpec:
Image: web_server:latest
Resources:
Ports:
Protocol = tcp
TargetPort = 80
PublishedPort = 80
[root@server1 ~]#
[root@server1 ~]# docker service ps swarm_cluster
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR
8n3fe4esq73efmirfqorc10oj swarm_cluster.1 web_server:latest server1.smartmap.com Running Running 4 minutes ago
4uxwurwojjlm284khjgiugg1s swarm_cluster.2 web_server:latest server3.smartmap.com Running Running 3 minutes ago
[root@server1 ~]#
6.9. 在Manager Node上更改集群數
[root@server1 ~]# docker service scale swarm_cluster=3
swarm_cluster scaled to 3
[root@server1 ~]# docker service ps swarm_cluster
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR
76j6zs9kueije6fdvihufaqk7 swarm_cluster.1 web_server:latest server2.smartmap.com Running Running 2 minutes ago
4uxwurwojjlm284khjgiugg1s swarm_cluster.2 web_server:latest server3.smartmap.com Running Running 10 minutes ago
7a6rzum5piilypxsyilxzrim4 swarm_cluster.3 web_server:latest server1.smartmap.com Running Running 17 seconds ago