CentOS7系列--5.2CentOS7中配置和管理Docker
CentOS7配置和管理Docker
Docker是操作系统级别的虚拟化工具,它能自动化布署在容器中的应用
1. 安装Docker
1.1. 安装Docker相关软件
[root@server1 ~]# yum install -y docker
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/4): extras/7/x86_64/primary_db | 129 kB 00:00
(2/4): base/7/x86_64/group_gz | 156 kB 00:00
1.2. 打开docker服务
[root@server1 ~]# systemctl start docker
[root@server1 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
1.3. 下载官方镜像
[root@server1 ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
d9aaf4d82f24: Pull complete
Digest: sha256:4565fe2dd7f4770e825d4bd9c761a81b26e49cc9e3c9631c58cfc3188be9505a
1.4. 创建并运行容器
[root@server1 ~]# docker run -i -t centos /bin/bash
[root@258b34675ce6 /]# uname -a
Linux 258b34675ce6 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@258b34675ce6 /]# exit
exit
[root@server1 ~]#
1.5. 容器与主机之前切换
1.5.1. 从容器切后主机
先按CTRL+P,再按CTRL+Q
1.5.2. 从主机进入容器
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
adc43441388d centos "/bin/bash" 12 seconds ago Up 11 seconds distracted_kowalevski
[root@server1 ~]# docker attach adc43441388d
[root@adc43441388d /]# [root@server1 ~]#
[root@server1 ~]# docker kill adc43441388d
adc43441388d
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server1 ~]#
1.6. 关闭运行的容器
[root@server1 ~]# docker kill adc43441388d
1.7. 删除容器
[root@server1 ~]# docker rm adc43441388d
2. 添加镜像
2.1. 显示镜像
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest d123f4e55e12 10 days ago 196.6 MB
2.2. 启动镜像
[root@server1 ~]# docker run centos /bin/bash -c "yum -y update; yum -y install httpd"
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.sohu.com
* extras: mirrors.sohu.com
* updates: mirrors.sohu.com
Resolving Dependencies
--> Running transaction check
[root@server1 ~]# docker ps -a | head -2
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03e86d110a95 centos "/bin/bash -c 'yum -y" 5 minutes ago Exited (0) 4 minutes ago sad_ardinghelli
2.3. 添加镜像到本地仓库
[root@server1 ~]# docker commit 03e86d110a95 my_image/centos_httpd
sha256:dde621fda8a6b47045e2c10417735d4c6dc24eb0f8061bd9482d2357c28814f8
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
my_image/centos_httpd latest dde621fda8a6 15 seconds ago 344.7 MB
docker.io/centos latest d123f4e55e12 10 days ago 196.6 MB
[root@server1 ~]#
2.4. 运行本地仓库中的镜像
[root@server1 ~]# docker run -it -p 8081:80 my_image/centos_httpd /bin/bash
[root@1872640e59a4 /]# /usr/sbin/httpd &
[1] 13
[root@1872640e59a4 /]# AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[1]+ Done /usr/sbin/httpd
[root@1872640e59a4 /]# echo "httpd on Docker Container" > /var/www/html/index.html
[root@1872640e59a4 /]# [root@server1 ~]#
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1872640e59a4 my_image/centos_httpd "/bin/bash" 57 seconds ago Up 56 seconds 0.0.0.0:8081->80/tcp happy_hawking
[root@server1 ~]#
2.5. 删除镜像
[root@server1 ~]# docker rmi dde621fda8a6
3. 应用Dockerfile
应用Dockerfile来自动创建镜像,它对于配置管理非常有用。
3.1. Dockerfile指令
Dockerfile的格式是指令参数,其指令如下:
INSTRUCTION |
Description |
FROM |
iIt sets the Base Image for subsequent instructions. |
MAINTAINER |
It sets the Author field of the generated images. |
RUN |
It will execute any commands when Docker image will be created. |
CMD |
It will execute any commands when Docker container will be executed. |
ENTRYPOINT |
It will execute any commands when Docker container will be executed. |
LABEL |
It adds metadata to an image. |
EXPOSE |
It informs Docker that the container will listen on the specified network ports at runtime. |
ENV |
It sets the environment variable. |
ADD |
It copies new files, directories or remote file URLs. |
COPY |
It copies new files or directories. |
VOLUME |
It creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers |
USER |
It sets the user name or UID. |
WORKDIR |
It sets the working directory. |
3.2. 应用Dockerfile创建镜像
3.2.1. 编辑Dockerfile文件
[root@server1 ~]# vi Dockerfile
FROM centos
MAINTAINER serverworld <admin@smartmap.com>
RUN yum -y install httpd
RUN echo "Hello Dockerfile" > /var/www/html/index.html
EXPOSE 80
CMD ["-D", "FOREGROUND"]
ENTRYPOINT ["/usr/sbin/httpd"]
3.2.2. 创建镜像
[root@server1 ~]# docker build -t web_server:lastest .
Sending build context to Docker daemon 11.78 kB
Step 1 : FROM centos
---> d123f4e55e12
Step 2 : MAINTAINER serverworld <admin@smartmap.com>
---> Running in 926c430cb553
---> 53c5a75f541e
Removing intermediate container 926c430cb553
Step 3 : RUN yum -y install httpd
---> Running in 1803a687dc71
3.2.3. 查看创建结果
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
web_server lastest e3f3917f4eb0 57 seconds ago 309.1 MB
my_image/centos_httpd latest dd26378537ea 21 hours ago 344.7 MB
docker.io/centos latest d123f4e55e12 11 days ago 196.6 MB
3.2.4. 在后台运行容器
[root@server1 ~]# docker run -d -p 80:80 web_server:lastest
2492d92d5d828510c1b01bbc8d1b2e55b33fc9399902553264191da52a4d4c71
[root@server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2492d92d5d82 web_server:lastest "/usr/sbin/httpd -D F" 51 seconds ago Up 49 seconds 0.0.0.0:80->80/tcp modest_aryabhata
4. 应用Docker-Registry
4.1. Docker-Registry服务器
安装Docker-Registry来构建私有Docker镜像的Registry
https://hub.docker.com/_/registry/
4.1.1. 安装Docker-Registry相关软件
[root@server2 ~]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
49388a8c9c86: Pull complete
e4d43608dd22: Pull complete
3a41740f900c: Pull complete
e16ef4b76684: Pull complete
65f212f7c778: Pull complete
Digest: sha256:d837de65fd9bdb81d74055f1dc9cc9154ad5d8d5328f42f57f273000c402c76d
[root@server2 ~]#
4.1.2. 运行Registry的Docker镜像作为一个分离的容器
[root@server2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest a07e3f32a779 3 weeks ago 33.25 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server2 ~]# docker run -d -p 5000:5000 docker.io/registry
0aa3593554049742955ffb20755c846bfcfb8ee09aeb4a16f3e83c05e4945e2a
[root@server2 ~]#
[root@server2 ~]# curl -i http://localhost:5000/v2
HTTP/1.1 301 Moved Permanently
Docker-Distribution-Api-Version: registry/2.0
Location: /v2/
Date: Sat, 25 Nov 2017 03:58:00 GMT
Content-Length: 39
Content-Type: text/html; charset=utf-8
<a href="/v2/">Moved Permanently</a>.
4.2. Docker-Registry客户端
4.2.1. 修改配置文件以指定registry地址
面registry虽然已经运行起来了,但是如果想用push命令上传镜像是会报错的,需要在配置文件中指定registry的地址。在/etc/sysconfig/docker文件中添加一下配置
4.2.2. 重启docker服务
[root@server1 ~]# systemctl restart docker
4.2.3. 上传镜像
4.2.3.1. 修改镜像tag
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker tag docker.io/busybox:latest 192.168.1.102:5000/mybusybox:1.1.1
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
4.2.3.2. 上传镜像
[root@server1 ~]# docker push 192.168.1.102:5000/mybusybox:1.1.1
The push refers to a repository [192.168.1.102:5000/mybusybox]
0271b8eebde3: Pushed
1.1.1: digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465 size: 527
[root@server1 ~]#
4.2.3.3. 查看上传镜像信息
[root@server1 ~]# curl http://192.168.1.102:5000/v2/_catalog
{"repositories":["mybusybox"]}
[root@server1 ~]#
[root@server1 ~]# curl http://192.168.1.102:5000/v2/mybusybox/tags/list
{"name":"mybusybox","tags":["1.1.1"]}
4.2.3.4. 下载私有库中的镜像
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker rmi docker.io/busybox
Untagged: docker.io/busybox:latest
Untagged: docker.io/busybox@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker rmi 192.168.1.102:5000/mybusybox
Error response from daemon: No such image: 192.168.1.102:5000/mybusybox:latest
[root@server1 ~]# docker rmi 192.168.1.102:5000/mybusybox:1.1.1
Untagged: 192.168.1.102:5000/mybusybox:1.1.1
Untagged: 192.168.1.102:5000/mybusybox@sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465
Deleted: sha256:6ad733544a6317992a6fac4eb19fe1df577d4dec7529efec28a5bd0edad0fd30
Deleted: sha256:0271b8eebde3fa9a6126b1f2335e170f902731ab4942f9f1914e77016540c7bb
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker search 192.168.1.102:5000/mybusybox
Error response from daemon: Unexpected status code 404
[root@server1 ~]# curl http://192.168.1.102:5000/v2/_catalog
{"repositories":["mybusybox"]}
[root@server1 ~]# curl http://192.168.1.102:5000/v2/mybusybox/tags/list
{"name":"mybusybox","tags":["1.1.1"]}
[root@server1 ~]# docker pull 192.168.1.102:5000/mybusybox:1.1.1
Trying to pull repository 192.168.1.102:5000/mybusybox ...
1.1.1: Pulling from 192.168.1.102:5000/mybusybox
0ffadd58f2a6: Pull complete
Digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]#
4.3. 配置HTTPS访问的Docker-Registry服务器
如果你拥有一个域名,域名下主机提供Registry服务,并且你拥有某知名CA签署的证书文件,那么你可以建立起一个Secure Registry。不过我这里没有现成的证书,只能使用自签署的证书。严格来讲,使用自签署的证书在Docker官方眼中依旧属于Insecure,不过这里只是借助自签署的证书来说明一下Secure Registry的部署步骤罢了。
4.3.1. 创建自签署SSL证书
4.3.1.1. 生成key
[root@server2 ~]# cd /etc/pki/tls/certs
[root@server2 certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
..........................................................................................................................................+++
..............................................................................................+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@server2 certs]#
4.3.1.2. 删除key中的密码
[root@server2 certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@server2 certs]# cat server.key
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzXXS/QNksz0mFVk95pdLJO2YHymWv4jr8aoWYjH6rz93UEeU
Mvp9ncOlggREiG2TZhhnM/phQETldkUjp3OT8uR8xfEVfZEbI9nMS666rIdkh4sQ
XoBA75hYipsCxZ5QKuK9gVj4G9Q6fbcrHksIxiIpaIR9Tw694lRlihOMUVyHy1hT
AsSm5eEHvhLq/gz4+aRS3eY36A8+gLZrVlzbLn9Gwf1PEMYbUEUxLPIN9byvKVQU
7OqZJPMY9gFD2Zp9gXqDbEcmoHywyMM9QIyJezMMyGCie1Gu5kUkf5uLk0fkgJPQ
GWctS9D6sxy5VQzZrwgwXR+sodmyRYTrhfrWkQIDAQABAoIBAQCPXi9bFBoZpIrF
jN9P37S00QI8hIXHo2CY4on5/UwjK5MzNq9oHzi2dMYyAo5b8LJRJKgnMgjYkvrX
W4l0mIbdj6itavwHAdFBZAJVsVhbeaKhnl1OxAoL5m+qUF5PzZe9RTjdYFrI+H/U
J5Nz8QHvV/kzEHhsSSohG6k6/0cDod+kolKccuLX/8xiL0yej7aym34L1m0mQwwM
2gtQhKeRa4N0zU7TlpQUlh9BfNOeqhce7WLp7hQv6YAiF4FoLTDxQrw8zjT1HZLq
+fw4ZsRSSUjahJOxEaUv+GXWpbU7iDlVPJiH9iF32YhE9PF2//4oIFhMi7tqTjHn
dQ23da5RAoGBAPga+eB2Fuuctt5LWLKxalj1sbEev1bMVbJSeTP9yuZhTCIr4h3M
8Qe/jMEl/RgVwoac3POKHGKi+N0JKJ8fEWZgkZ+Dss+tOU4yvx96NPKCXMMaAB3f
8yFnYWi949/mmjdyFzNlyKUVVt9QNN5/humLDa5snfImzInAOtep2Fs9AoGBANP/
d9xdAmBoxdJx4kesD8t+MHDV5Mo7MJYYXJ6qDGwVE7job8eTgXed2iTN1yrj78Iz
gtNPPZ9rRLE0X5Lg6WcH/Uwwk+0+Bsl9dsifRLzE4+gnnAdWgF5XNUB74rJ4FrSf
WGwypmDFDR6ojeHU8xvDxPGoj8psZeyBx5l5fa3lAoGBAL/BObc+DeD0MnIEkf0q
GiO/YSKfvQp8yw8TpxGD6bm9IXaXrB+UMgXnCgaOMdrXlo0r16ly6RVjGCzd00OI
Y45YvLQouZ7BJzVFC2psrVdxYfh4s/ZjDCqZGDQ371Mxi6emyj+zPyw4HfhiqTn+
HmuKSXyx/jEVw6gDpnbgkpORAoGANt8h5AzC57dWtLC7c/eqIu6nlR0X2exWGBN4
La0wB+2wrCSlgg/A6/gUlYAd2EElNqvkidMxzQiTwBYhQsAqSXu86TKNp1NtqEts
KmNnBEEmCFnwPcn68fA6nVUziSQiJGA2H9NAUz3NtojEKJbY0e/rEu2hQjCqdPvm
cOgMSq0CgYEA67zIYZN0JfxAovndcwODBRZm/ONvyleFjdfK/3ZFDMDkc/IcVdC+
NnCjmt6ESxU0s9Voe3/mJ3cBOaZCw2yJ0QmFZDLKtDsOCfE3+PspsSZKYCS5q2SO
dwm6zFafM9UYnGPIzlS4Rk+qRMGKu9/z+N9XvBH98lFn4wbKTurBRgA=
-----END RSA PRIVATE KEY-----
[root@server2 certs]#
[root@server2 certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Xian
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:server2.smartmap.com
Email Address []:zyxgis@hotmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //不用输入密码,直接Enter
An optional company name []: //不用输入密码,直接Enter
4.3.1.3. 生成自签署证书
[root@server2 certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=Xian/L=Default City/O=Default Company Ltd/CN=server2.smartmap.com/emailAddress=zyxgis@hotmail.com
Getting Private key
[root@server2 certs]#
4.3.2. 关掉正在运行的Registery的Docker容器
[root@server2 certs]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0aa359355404 docker.io/registry "/entrypoint.sh /etc/" 5 hours ago Up 5 hours 0.0.0.0:5000->5000/tcp loving_volhard
[root@server2 certs]# docker kill 0aa359355404
0aa359355404
[root@server2 certs]#
4.3.3. 将证书复制到本地
[root@server2 certs]# pwd
/etc/pki/tls/certs
[root@server2 certs]# cd /
[root@server2 /]# mkdir -p certs
[root@server2 /]# cd certs/
[root@server2 certs]# cp /etc/pki/tls/certs/server.crt domain.crt
[root@server2 certs]# cp /etc/pki/tls/certs/server.key domain.key
[root@server2 certs]# ll
total 8
-rw-r--r-- 1 root root 1322 Nov 25 17:08 domain.crt
-rw------- 1 root root 1679 Nov 25 17:08 domain.key
4.3.4. 指定TLS参数的方式启动Registery
[root@server2 /]# docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`/certs:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
> -p 443:443 \
> registry
7418bcbdef2f8d158befabf647ece935cb1a1d211734bd3b076423eb6038bf20
[root@server2 /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7418bcbdef2f registry "/entrypoint.sh /etc/" 13 seconds ago Up 12 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@server2 /]# docker logs 7418bcbdef2f
time="2017-11-25T11:07:27Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=aa0c0d0c-7213-4dd3-b52a-76e7c4561d04 version=v2.6.2
[root@server2 /]# curl https://192.168.1.102:443/v2
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
[root@server2 /]#
4.3.5. 修改客户端的hosts文件
[root@server1 ~]# vi /etc/hosts
192.168.1.101 server1.smartmap.com
192.168.1.102 server2.smartmap.com
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
4.3.6. 客户端服务证书
[root@server1 ~]# mkdir /etc/docker/certs.d/server2.smartmap.com
[root@server1 ~]# scp root@192.168.1.102:/certs/domain.crt /etc/docker/certs.d/server2.smartmap.com/ca.crt
The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:lgN0eOtdLR2eqHh+fabe54DGpV08ZiWo9oWVS60aGzw.
ECDSA key fingerprint is MD5:28:c0:cf:21:35:29:3d:23:d3:62:ca:0e:82:7a:4b:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts.
root@192.168.1.102's password:
domain.crt 100% 1322 289.6KB/s 00:00
[root@server1 ~]#
4.3.7. 客户端上传镜像
[root@server1 certs]# docker tag 192.168.1.102:5000/mybusybox:1.1.1 server2.smartmap.com/busy:latest
[root@server1 certs]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker push server2.smartmap.com/busy:latest
The push refers to a repository [server2.smartmap.com/busy]
0271b8eebde3: Pushed
latest: digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465 size: 527
[root@server1 ~]#
5. 存贮持久化
5.1. 将一个容器作为另一个容器的存贮
创建一个容器仅仅作为保存数据的存贮服务。
5.1.1. 创建一个新的Dockerfile
[root@server1 ~]# vi Dockerfile
FROM busybox
MAINTAINER SmartMap <zyxgis@hotmail.com>
VOLUME /storage
CMD /bin/sh
5.1.2. 构建镜像
[root@server1 ~]# docker build -t storage .
Sending build context to Docker daemon 11.78 kB
Step 1 : FROM busybox
Trying to pull repository docker.io/library/busybox ...
latest: Pulling from docker.io/library/busybox
Digest: sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0
---> 6ad733544a63
Step 2 : MAINTAINER SmartMap <zyxgis@hotmail.com>
---> Running in ee7efda4c3ba
---> 31e1db61db6d
Removing intermediate container ee7efda4c3ba
Step 3 : VOLUME /storage
---> Running in b39fb411b876
---> ad9c75ff5177
Removing intermediate container b39fb411b876
Step 4 : CMD /bin/sh
---> Running in 665049285a97
---> 23ec71268f5b
Removing intermediate container 665049285a97
Successfully built 23ec71268f5b
[root@server1 ~]#
5.1.3. 显示镜像列表
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
storage latest 23ec71268f5b 48 seconds ago 1.129 MB
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]#
5.1.4. 生成存贮服务的容器
[root@server1 ~]# docker run -i -t --name storage_server storage
/ # exit
[root@server1 ~]#
5.1.5. 在其它容器中利用"--volumes-from"参数来应用存贮服务容器
[root@server1 ~]# docker run -i -t --name centos_server --volumes-from storage_server centos /bin/bash
[root@6c2ab2b2efa9 /]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/docker-8:3-8388702-2cb60545fe290371fffd2e4fc935b86b2503f21d0c7edb5366c145c42325ff48 xfs 10G 242M 9.8G 3% /
tmpfs tmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda3 xfs 10G 383M 9.7G 4% /storage
shm tmpfs 64M 0 64M 0% /dev/shm
5.1.6. 写入文件
[root@6c2ab2b2efa9 /]# echo "persistent storage" >> /storage/testfile.txt
[root@6c2ab2b2efa9 /]# ll /storage
total 4
-rw-r--r-- 1 root root 19 Nov 25 16:04 testfile.txt
5.1.7. 启动存贮服务容器查看数据保存在其中
[root@server1 ~]# docker start storage_server
storage_server
[root@server1 ~]# docker attach storage_server
/ # cat /storage/testfile.txt
persistent storage
/ #
5.2. 挂载外部文件系统作为容器的存贮
5.2.1. 创建一个挂载的目录
[root@server1 ~]# mkdir -p /var/docker/disk01
[root@server1 ~]# echo "persistent storage" >> /var/docker/disk01/testfile.txt
[root@server1 ~]#
5.2.2. 通过挂载目录作为容器的存贮
[root@server1 ~]# docker run -i -t -v /var/docker/disk01:/mnt centos /bin/bash
[root@6ad40e4b8df4 /]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/docker-8:3-8388702-2dd829d9ea85f3c39ae5dac1283dc7919cf8576250046246f1921a89091fec38 xfs 10G 242M 9.8G 3% /
tmpfs tmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda3 xfs 10G 378M 9.7G 4% /mnt
shm tmpfs 64M 0 64M 0% /dev/shm
[root@6ad40e4b8df4 /]# cat /mnt/testfile.txt
persistent storage
[root@6ad40e4b8df4 /]#
6. Docker Swarm创建多机容器集群模式
在Swarm集群模式中有两种角色:Manager nodes 和 Worker nodes
6.1. 在所有节点上安装并运行Docker服务
[root@server1 ~]# docker -v
Docker version 1.12.6, build 85d7426/1.12.6
[root@server1 ~]#
6.2. 在所有节点上关掉live-restore选项
[root@server1 ~]# vi /etc/docker/daemon.json
{
"live-restore": false
}
6.3. 在Manager Node上配置Swarm集群
[root@server1 ~]# docker swarm init
Swarm initialized: current node (33pmecwb84ye601p4w0vdqfts) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \
192.168.1.101:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
[root@server1 ~]#
6.4. 每一个Worker Nodes都加入Swarm集群中
对于server2.smartmap.com
[root@server2 ~]# docker swarm join \
> --token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \
> 192.168.1.101:2377
This node joined a swarm as a worker.
[root@server2 ~]#
对于server3.smartmap.com
[root@server3 ~]# docker swarm join \
> --token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \
> 192.168.1.101:2377
This node joined a swarm as a worker.
[root@server3 ~]#
6.5. Manager Node上查看Swarm集群列表状态
[root@server1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
2keiipiaol4m6avgrfx1npsis server3.smartmap.com Ready Active
33pmecwb84ye601p4w0vdqfts * server1.smartmap.com Ready Active Leader
6l4rbnivq6liq434y1vy4437i server2.smartmap.com Ready Active
[root@server1 ~]#
6.6. 在所有节点上创建相同的容器镜像
[root@server1 ~]# vi Dockerfile
# create new
FROM centos
MAINTAINER serverworld <admin@srv.world>
RUN yum -y install httpd
RUN echo "Hello DockerFile" > /var/www/html/index.html
EXPOSE 80
CMD ["-D", "FOREGROUND"]
ENTRYPOINT ["/usr/sbin/httpd"]
[root@server1 ~]# docker build -t web_server:latest .
Sending build context to Docker daemon 11.78 kB
Step 1 : FROM centos
---> d123f4e55e12
Step 2 : MAINTAINER serverworld <admin@srv.world>
---> Running in 4dd83b30837d
---> b376afc38f12
Removing intermediate container 4dd83b30837d
Step 3 : RUN yum -y install httpd
6.7. 在Manager Node上配置服务
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
web_server latest 2ff383b9765a 11 minutes ago 309.3 MB
storage latest 23ec71268f5b About an hour ago 1.129 MB
192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB
docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB
server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB
docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB
[root@server1 ~]# docker service create --name swarm_cluster --replicas=2 -p 80:80 web_server:latest
7h0zjf4f1cap82xwvpx4tum5i
[root@server1 ~]# docker service ls
ID NAME REPLICAS IMAGE COMMAND
7h0zjf4f1cap swarm_cluster 0/2 web_server:latest
[root@server1 ~]# docker service ls
ID NAME REPLICAS IMAGE COMMAND
7h0zjf4f1cap swarm_cluster 2/2 web_server:latest
[root@server1 ~]#
6.8. 在Manager Node上查看服务状态
[root@server1 ~]# docker service inspect swarm_cluster --pretty
ID: 7h0zjf4f1cap82xwvpx4tum5i
Name: swarm_cluster
Mode: Replicated
Replicas: 2
Placement:
UpdateConfig:
Parallelism: 1
On failure: pause
ContainerSpec:
Image: web_server:latest
Resources:
Ports:
Protocol = tcp
TargetPort = 80
PublishedPort = 80
[root@server1 ~]#
[root@server1 ~]# docker service ps swarm_cluster
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR
8n3fe4esq73efmirfqorc10oj swarm_cluster.1 web_server:latest server1.smartmap.com Running Running 4 minutes ago
4uxwurwojjlm284khjgiugg1s swarm_cluster.2 web_server:latest server3.smartmap.com Running Running 3 minutes ago
[root@server1 ~]#
6.9. 在Manager Node上更改集群数
[root@server1 ~]# docker service scale swarm_cluster=3
swarm_cluster scaled to 3
[root@server1 ~]# docker service ps swarm_cluster
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR
76j6zs9kueije6fdvihufaqk7 swarm_cluster.1 web_server:latest server2.smartmap.com Running Running 2 minutes ago
4uxwurwojjlm284khjgiugg1s swarm_cluster.2 web_server:latest server3.smartmap.com Running Running 10 minutes ago
7a6rzum5piilypxsyilxzrim4 swarm_cluster.3 web_server:latest server1.smartmap.com Running Running 17 seconds ago
转载于:https://www.cnblogs.com/gispathfinder/p/8833997.html
CentOS7系列--5.2CentOS7中配置和管理Docker相关推荐
- redhat 7中配置与管理WEB服务器
配置与管理WEB服务器 [实例1] 某公司新购一台服务器,服务器上已安装Linux操作系统,现要求将服务器配置成Apache服务器,IP地址为:192.168.1.100,给公司员工提供基本Web服务 ...
- 手把手实操系列|信贷风控中的额度管理和额度模型设计
序言: 如今的个人信贷行业步入合规发展阶段后,额度管理和差异化定价成为金融机构是否能最大化盈利的核心竞争力,其中额度管理包括贷前阶段的授信额度,贷中阶段的提额,降额等,本文将着重讲解这两个阶段的额度设 ...
- IDEA中配置及使用Docker
前提是已经安装配置好了Docker for Windows: 文章目录 一.插件的安装及配置 二.插件的基本操作 一.插件的安装及配置 安装插件 Docker integration: Docker ...
- SpringCloud工作笔记055---SpringBoot中配置事物管理
JAVA技术交流QQ群:170933152 事务的配置,就是在mybatis的基础上加上两个注解. 1.需要的注解为@EnableTransactionManagement 和@Transactio ...
- 【SpringBoot系列】 Spring中自定义Session管理,Spring Session源码解析
系列文章:Spring Boot学习大纲,可以留言自己想了解的技术点 目录 系列文章:Spring Boot学习大纲,可以留言自己想了解的技术
- docker mysql 蜂巢_在网易蜂巢中创建和管理Docker容器的教程
创建容器点击左侧的导航菜单「容器管理」,进入容器管理列表页,通过点击容器列表左上角的「创建容器」按钮可进入创建容器页面,如下图所示: 其中带 * 为必填项. 选择镜像可选择的镜像分为「我的镜像」和「官 ...
- Spring中进行事务管理的两种方式
1.Spring中事务管理的API 事务是指逻辑上要么全部成功.要么全部失败的一组操作.例如用户A给用户B转账,则用户A账户余额减少.用户B账户增加这两个操作就是一组事务,必须全部成功或失败撤回操作, ...
- Community Server系列之九:CS2中的用户管理1(MemberRole)
近期由于身心不适,一直没更新,现又拿起笔,继续这个系列-- CS中的用户及权限管理是比较复杂的,了解其中的用户及权限有关的机制对掌握CS的核心是至关重要的,现就对 ...
- 在Centos7中配置NIS的详细过程
在Centos7中配置NIS的详细过程 原理 NIS(Network Information Service) 在有多台linux服务器的环境中,且一台linux服务器的账号又有很多且可能会相同,所以 ...
最新文章
- 远程管理技巧之二—远程修改客户端注册表
- nginx的反向代理及负载均衡
- Android adb.exe程序启动不起来处理方法
- ubuntu网络配置
- 机器学习实战(用Scikit-learn和TensorFlow进行机器学习)(四)
- grunt入门 出处:http://artwl.cnblogs.com
- 《PPT高手之道:六步变身职场幻灯派》一0.4 PPTology的3大阶段、6个步骤、24个模块...
- 基于微服务架构的门户平台改造的研究
- 爱分享 IE地址栏显示空白?360电脑救援巧修复
- Visualforce 标签(一)
- iOS 当APP接收到推送消息时,对推送消息进行处理
- OpenCV学习笔记(6)基于 VC+OpenCV+DirectShow 的多个摄像头同步工作
- 新版Iconfont-阿里巴巴矢量图标库支持三种引用方式
- 如何查看ORACLE各个表空间的使用情况
- 一个光子的能量是多少?
- ✨ StarRocks 10 月社区动态
- 2019杭州西溪龙舟文化节在西安大明宫举行
- CRC16计算代码(查表法)
- 中级职称计算机考试复习多久,你以为备考中级看书听课就够了吗?电脑答题会输入公式才能得分!...
- Java基础知识【第1期】--简介
热门文章
- CNKI学术趋势与万方数据的知识脉络
- ASP.NET企业开发框架IsLine FrameWork系列之四--DataProvider 数据访问(上)
- C#异步通信概念及应用浅析 .
- 时域补零对于DFT谱的影响
- 药业计算机系统专项内审检查表,2017年最新医疗器械内审检查表 分部门 已填写...
- Spring 事务管理总结
- Linux学习笔记12——配置ftp、squid、Tomcat、Samba、MySQL主从
- QT 012 [深入] Qt setupUi函数的原理和实现
- Android localsocket 的基础和使用实践: 01
- svchost占用内存过高_「电脑常用技巧」电脑卡的原因(占用过高怎么办)?