keemozhang blog
0%

docker的安装配置

Posted on Edited on

容器是linux支持的

容器的隔离

chroot:隔离分区
cgroup:隔离资源(CPU、内存)
netns:隔离网络
namespace
ipc

docker安装前提

3.0以后版本的内核

1
2
[root@master ~]# uname -r
3.10.0-229.el7.x86_64

实验环境

docker节点 机器域名
控制节点 master.pod0.example.com
计算节点 node.pod0.example.com

master节点安装docker

1
2
[root@foundation0 ~]# ssh root@master.pod0.example.com
[root@master ~]# yum -y install docker

启动docker服务

1
2
[root@master ~]# systemctl enable docker
[root@master ~]# systemctl start docker

docker子命令不能tab补齐,安装bash命令补齐工具

1
2
3
4
5
[root@master ~]# yum -y install bash-completion
[root@master ~]# su -
[root@master ~]# docker 
attach   commit   create   events   export   history  import   inspect  load     logout   pause    ps       push     restart  rmi      save     start    stop     top      version  
build    cp       diff     exec     help     images   info     kill     login    logs     port     pull     rename   rm       run      search   stats    tag      unpause  wait

查看docker版本,docker是使用go语言写的

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@master ~]# docker version
Client version: 1.7.1
Client API version: 1.19
Package Version (client): docker-1.7.1-108.el7.x86_64
Go version (client): go1.4.2
Git commit (client): 3043001/1.7.1
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Package Version (server): docker-1.7.1-108.el7.x86_64
Go version (server): go1.4.2
Git commit (server): 3043001/1.7.1
OS/Arch (server): linux/amd64

容器和镜像

需要先有镜像,docker所有的镜像都是分层的tar包,分层利于二次修改,底层镜像尽量使用厂商的镜像

镜像启动之后就是容器

docker的配置文件中修改docker仓库的地址

1
2
[root@master ~]# vim /etc/sysconfig/docker
ADD_REGISTRY='--add-registry workstation.pod0.example.com:5000'

在不使用证书加密的情况下,加入信任的地址

1
INSECURE_REGISTRY='--insecure-registry workstation.pod0.example.com:5000'

把docker官网加入黑名单,不到docker官网搜索镜像

1
BLOCK_REGISTRY='--block-registry docker.io'

修改配置文件后重启生效

1
[root@master ~]# systemctl restart docker

docker搜索镜像

1
2
3
4
5
6
7
[root@master ~]# docker search rhel7
INDEX         NAME                                                            DESCRIPTION   STARS     OFFICIAL   AUTOMATED
example.com   workstation.pod0.example.com:5000/library/rhel7                               0                    
example.com   workstation.pod0.example.com:5000/openshift3/mysql-55-rhel7                   0                    
example.com   workstation.pod0.example.com:5000/openshift3/nodejs-010-rhel7                 0                    
example.com   workstation.pod0.example.com:5000/openshift3/php-55-rhel7                     0                    
example.com   workstation.pod0.example.com:5000/openshift3/ruby-20-rhel7                    0

下载rhel7镜像

1
[root@master ~]# docker pull rhel7

查看本地镜像

1
2
3
[root@master ~]# docker images
REPOSITORY                                TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
workstation.pod0.example.com:5000/rhel7   latest              275be1d3d070        22 months ago       158.3 MB

docker的工作目录

1
2
3
[root@master ~]# cd /var/lib/docker/
[root@master docker]# ls
containers  devicemapper  graph  init  linkgraph.db  repositories-devicemapper  tmp  trust  volumes

docker启动后的临时文件在containers目录中

运行rhel7镜像,打开bash服务

1
2
3
4
5
[root@master ~]# docker run -it rhel7 bash
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or u
se `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
[root@48632bcb1e45 /]# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

-i:交互式界面
-t:打开一个命令行终端
-d:启动后放到后台运行

发现容器是一个独立的系统,有自己的根分区

查看启动的容器任务

1
2
3
[root@master ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
7b34f87319b2        rhel7               "bash"              2 minutes ago       Up About a minute                       adoring_hoover

查看容器的进程列表

1
2
3
[root@master ~]# docker top 7b34f87319b2
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                1044                711                 0                   09:22               pts/2               00:00:00            bash

持久化存储需要挂载外部存储设备

停止和启动docker

1
2
3
4
[root@master ~]# docker stop 7b34f87319b2
7b34f87319b2
[root@master ~]# docker start 7b34f87319b2
7b34f87319b2

下载hello-openshift镜像,镜像里面有一个8080端口的jboss服务

1
2
3
4
[root@master ~]# docker search hello
INDEX         NAME                                                          DESCRIPTION   STARS     OFFICIAL   AUTOMATED
example.com   workstation.pod0.example.com:5000/openshift/hello-openshift                 0 
[root@master ~]# docker pull openshift/hello-openshift

启动hello-openshift镜像,把容器的8080端口映射到物理机的18080端口

1
2
3
4
5
[root@master ~]# docker run -p 18080:8080 openshift/hello-openshift
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_
on_loop_devices=true` to suppress this warning.
serving on 8080
serving on 8888

查看容器启动的进程,可以看到状况映射的状态

1
2
3
[root@master ~]# docker ps
CONTAINER ID        IMAGE                       COMMAND              CREATED             STATUS              PORTS                               NAMES
7ed43f0360a5        openshift/hello-openshift   "/hello-openshift"   3 minutes ago       Up 3 minutes        8888/tcp, 0.0.0.0:18080->8080/tcp   clever_sinoussi

查看容器的所有信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
[root@master ~]# docker inspect 7ed43f0360a5
[
{
"Id": "7ed43f0360a5dd09d2541e12d934569157ddec0754359cac592f1cc3adb5a4e4",
"Created": "2017-06-12T02:37:32.33856856Z",
"Path": "/hello-openshift",
"Args": [],
"State": {
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1414,
"ExitCode": 0,
"Error": "",
"StartedAt": "2017-06-12T02:37:33.008916483Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "0f7a086fa28fd211eb84e4b88c3aadca2eabb3dc02eba94bd4e5efaf2ba65ee5",
"NetworkSettings": {
"Bridge": "",
"EndpointID": "dfb34bb05f5e8b49a339e7403d210910ecef129c9962421fda1d48eb0c548c37",
"Gateway": "172.17.42.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"HairpinMode": false,
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"NetworkID": "ad45105bbd0e776c6770a2c3587049f033ed0bb7c05c9eacf6fddafa230478e7",
"PortMapping": null,
"Ports": {
"8080/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "18080"
}
],
"8888/tcp": null
},
"SandboxKey": "/var/run/docker/netns/7ed43f0360a5",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null
},
"ResolvConfPath": "/var/lib/docker/containers/7ed43f0360a5dd09d2541e12d934569157ddec0754359cac592f1cc3adb5a4e4/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/7ed43f0360a5dd09d2541e12d934569157ddec0754359cac592f1cc3adb5a4e4/hostname",
"HostsPath": "/var/lib/docker/containers/7ed43f0360a5dd09d2541e12d934569157ddec0754359cac592f1cc3adb5a4e4/hosts",
"LogPath": "/var/lib/docker/containers/7ed43f0360a5dd09d2541e12d934569157ddec0754359cac592f1cc3adb5a4e4/7ed43f0360a5dd09d2541e12d934569157ddec0754359cac592f1
cc3adb5a4e4-json.log",    "Name": "/clever_sinoussi",
"RestartCount": 0,
"Driver": "devicemapper",
"ExecDriver": "native-0.2",
"MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c882,c888",
"ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c882,c888",
"Volumes": {},
"VolumesRW": {},
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LxcConf": [],
"Memory": 0,
"MemorySwap": 0,
"CpuShares": 0,
"CpuPeriod": 0,
"CpusetCpus": "",
"CpusetMems": "",
"CpuQuota": 0,
"BlkioWeight": 0,
"OomKillDisable": false,
"Privileged": false,
"PortBindings": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "18080"
}
]
},
"Links": null,
"PublishAllPorts": false,
"Dns": null,
"DnsSearch": null,
"ExtraHosts": null,
"VolumesFrom": null,
"Devices": [],
"NetworkMode": "bridge",
"IpcMode": "",
"PidMode": "",
"UTSMode": "",
"CapAdd": null,
"CapDrop": null,
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"SecurityOpt": null,
"ReadonlyRootfs": false,
"Ulimits": null,
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"CgroupParent": ""
},
"Config": {
"Hostname": "7ed43f0360a5",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"PortSpecs": null,
"ExposedPorts": {
"8080/tcp": {},
"8888/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": null,
"Image": "openshift/hello-openshift",
"Volumes": null,
"VolumeDriver": "",
"WorkingDir": "",
"Entrypoint": [
"/hello-openshift"
],
"NetworkDisabled": false,
"MacAddress": "",
"OnBuild": null,
"Labels": {},
"Init": ""
}
}
]

从容器的信息中查找容器的ip地址

1
2
[root@master ~]# docker inspect 7ed43f0360a5 |grep -iw ipaddress
"IPAddress": "172.17.0.3",

访问容器里面的服务

1
2
[root@master ~]# curl http://172.17.0.3:8080
Hello OpenShift!

安装完docker后自动生成一个docker的虚拟网卡,相当于一个虚拟交换机

1
2
3
4
5
6
7
8
9
[root@master ~]# ifconfig docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 172.17.42.1  netmask 255.255.0.0  broadcast 0.0.0.0
inet6 fe80::5484:7aff:fefe:9799  prefixlen 64  scopeid 0x20<link>
ether 56:84:7a:fe:97:99  txqueuelen 0  (Ethernet)
RX packets 27  bytes 1810 (1.7 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 16  bytes 1247 (1.2 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

访问本机的18080端口效果是一样的,这就是docker端口映射

1
2
[root@master ~]# curl http://master.pod0.example.com:18080
Hello OpenShift!

查看所有的容器,包含停止运行的容器

1
2
3
[root@master ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
7b34f87319b2        rhel7               "bash"              14 hours ago        Exited (137) 12 hours ago                       adoring_hoover

删除容器

1
2
3
4
[root@master ~]# docker stop 16cf4aa41625
16cf4aa41625
[root@master ~]# docker rm 16cf4aa41625
16cf4aa41625

删除镜像

1
2
3
4
5
6
7
8
9
REPOSITORY                                                    TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
workstation.pod0.example.com:5000/openshift/hello-openshift   latest              0f7a086fa28f        22 months ago       5.77 MB
workstation.pod0.example.com:5000/rhel7                       latest              275be1d3d070        22 months ago       158.3 MB
[root@master ~]# docker rmi 0f7a086fa28f
Untagged: workstation.pod0.example.com:5000/openshift/hello-openshift:latest
Deleted: 0f7a086fa28fd211eb84e4b88c3aadca2eabb3dc02eba94bd4e5efaf2ba65ee5
Deleted: 0b3f61faa394f34f8444abf70ffc3ffe52fd913bd58cdc2a3de7366b007e7d73
Deleted: 77bb0f21469da7badd05d18664260c33d7e2fc81766715c3aac3f2d0e5e93ad0
Deleted: 66849f7009a5237fb9651fa489555256b15a0df0415d9927fe828345804bbe2c

把下载的镜像标准输出到tar包

1
[root@master ~]# docker save 0f7a086fa28f > hello-openshift.tar