CentOS7系列--5.2CentOS7中配置和管理Docker

CentOS7配置和管理Docker

Docker是操作系统级别的虚拟化工具，它能自动化布署在容器中的应用

1. 安装Docker

1.1. 安装Docker相关软件

[root@server1 ~]# yum install -y docker

Loaded plugins: fastestmirror

base | 3.6 kB 00:00

extras | 3.4 kB 00:00

updates | 3.4 kB 00:00

(1/4): extras/7/x86_64/primary_db | 129 kB 00:00

(2/4): base/7/x86_64/group_gz | 156 kB 00:00

1.2. 打开docker服务

[root@server1 ~]# systemctl start docker

[root@server1 ~]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

1.3. 下载官方镜像

[root@server1 ~]# docker pull centos

Using default tag: latest

Trying to pull repository docker.io/library/centos ...

latest: Pulling from docker.io/library/centos

d9aaf4d82f24: Pull complete

Digest: sha256:4565fe2dd7f4770e825d4bd9c761a81b26e49cc9e3c9631c58cfc3188be9505a

1.4. 创建并运行容器

[root@server1 ~]# docker run -i -t centos /bin/bash

[root@258b34675ce6 /]# uname -a

Linux 258b34675ce6 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

[root@258b34675ce6 /]# exit

exit

[root@server1 ~]#

1.5. 容器与主机之前切换

1.5.1. 从容器切后主机

先按CTRL+P，再按CTRL+Q

1.5.2. 从主机进入容器

[root@server1 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

adc43441388d centos "/bin/bash" 12 seconds ago Up 11 seconds distracted_kowalevski

[root@server1 ~]# docker attach adc43441388d

[root@adc43441388d /]# [root@server1 ~]#

[root@server1 ~]# docker kill adc43441388d

adc43441388d

[root@server1 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

[root@server1 ~]#

1.6. 关闭运行的容器

[root@server1 ~]# docker kill adc43441388d

1.7. 删除容器

[root@server1 ~]# docker rm adc43441388d

2. 添加镜像

2.1. 显示镜像

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

docker.io/centos latest d123f4e55e12 10 days ago 196.6 MB

2.2. 启动镜像

[root@server1 ~]# docker run centos /bin/bash -c "yum -y update; yum -y install httpd"

Loaded plugins: fastestmirror, ovl

Determining fastest mirrors

* base: mirrors.sohu.com

* extras: mirrors.sohu.com

* updates: mirrors.sohu.com

Resolving Dependencies

--> Running transaction check

[root@server1 ~]# docker ps -a | head -2

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

03e86d110a95 centos "/bin/bash -c 'yum -y" 5 minutes ago Exited (0) 4 minutes ago sad_ardinghelli

2.3. 添加镜像到本地仓库

[root@server1 ~]# docker commit 03e86d110a95 my_image/centos_httpd

sha256:dde621fda8a6b47045e2c10417735d4c6dc24eb0f8061bd9482d2357c28814f8

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

my_image/centos_httpd latest dde621fda8a6 15 seconds ago 344.7 MB

docker.io/centos latest d123f4e55e12 10 days ago 196.6 MB

[root@server1 ~]#

2.4. 运行本地仓库中的镜像

[root@server1 ~]# docker run -it -p 8081:80 my_image/centos_httpd /bin/bash

[root@1872640e59a4 /]# /usr/sbin/httpd &

[1] 13

[root@1872640e59a4 /]# AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message

[1]+ Done /usr/sbin/httpd

[root@1872640e59a4 /]# echo "httpd on Docker Container" > /var/www/html/index.html

[root@1872640e59a4 /]# [root@server1 ~]#

[root@server1 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

1872640e59a4 my_image/centos_httpd "/bin/bash" 57 seconds ago Up 56 seconds 0.0.0.0:8081->80/tcp happy_hawking

[root@server1 ~]#

2.5. 删除镜像

[root@server1 ~]# docker rmi dde621fda8a6

3. 应用Dockerfile

应用Dockerfile来自动创建镜像，它对于配置管理非常有用。

3.1. Dockerfile指令

Dockerfile的格式是指令参数，其指令如下：

INSTRUCTION	Description
FROM	iIt sets the Base Image for subsequent instructions.
MAINTAINER	It sets the Author field of the generated images.
RUN	It will execute any commands when Docker image will be created.
CMD	It will execute any commands when Docker container will be executed.
ENTRYPOINT	It will execute any commands when Docker container will be executed.
LABEL	It adds metadata to an image.
EXPOSE	It informs Docker that the container will listen on the specified network ports at runtime.
ENV	It sets the environment variable.
ADD	It copies new files, directories or remote file URLs.
COPY	It copies new files or directories. The differences of [ADD] are that it's impossible to specify remore URL and also it will not extract archive files automatically.
VOLUME	It creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers
USER	It sets the user name or UID.
WORKDIR	It sets the working directory.

3.2. 应用Dockerfile创建镜像

3.2.1. 编辑Dockerfile文件

[root@server1 ~]# vi Dockerfile

FROM centos

MAINTAINER serverworld <admin@smartmap.com>

RUN yum -y install httpd

RUN echo "Hello Dockerfile" > /var/www/html/index.html

EXPOSE 80

CMD ["-D", "FOREGROUND"]

ENTRYPOINT ["/usr/sbin/httpd"]

3.2.2. 创建镜像

[root@server1 ~]# docker build -t web_server:lastest .

Sending build context to Docker daemon 11.78 kB

Step 1 : FROM centos

---> d123f4e55e12

Step 2 : MAINTAINER serverworld <admin@smartmap.com>

---> Running in 926c430cb553

---> 53c5a75f541e

Removing intermediate container 926c430cb553

Step 3 : RUN yum -y install httpd

---> Running in 1803a687dc71

3.2.3. 查看创建结果

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

web_server lastest e3f3917f4eb0 57 seconds ago 309.1 MB

my_image/centos_httpd latest dd26378537ea 21 hours ago 344.7 MB

docker.io/centos latest d123f4e55e12 11 days ago 196.6 MB

3.2.4. 在后台运行容器

[root@server1 ~]# docker run -d -p 80:80 web_server:lastest

2492d92d5d828510c1b01bbc8d1b2e55b33fc9399902553264191da52a4d4c71

[root@server1 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

2492d92d5d82 web_server:lastest "/usr/sbin/httpd -D F" 51 seconds ago Up 49 seconds 0.0.0.0:80->80/tcp modest_aryabhata

4. 应用Docker-Registry

4.1. Docker-Registry服务器

安装Docker-Registry来构建私有Docker镜像的Registry

https://hub.docker.com/_/registry/

4.1.1. 安装Docker-Registry相关软件

[root@server2 ~]# docker pull registry

Using default tag: latest

Trying to pull repository docker.io/library/registry ...

latest: Pulling from docker.io/library/registry

49388a8c9c86: Pull complete

e4d43608dd22: Pull complete

3a41740f900c: Pull complete

e16ef4b76684: Pull complete

65f212f7c778: Pull complete

Digest: sha256:d837de65fd9bdb81d74055f1dc9cc9154ad5d8d5328f42f57f273000c402c76d

[root@server2 ~]#

4.1.2. 运行Registry的Docker镜像作为一个分离的容器

[root@server2 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

docker.io/registry latest a07e3f32a779 3 weeks ago 33.25 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server2 ~]# docker run -d -p 5000:5000 docker.io/registry

0aa3593554049742955ffb20755c846bfcfb8ee09aeb4a16f3e83c05e4945e2a

[root@server2 ~]#

[root@server2 ~]# curl -i http://localhost:5000/v2

HTTP/1.1 301 Moved Permanently

Docker-Distribution-Api-Version: registry/2.0

Location: /v2/

Date: Sat, 25 Nov 2017 03:58:00 GMT

Content-Length: 39

Content-Type: text/html; charset=utf-8

<a href="/v2/">Moved Permanently</a>.

4.2. Docker-Registry客户端

4.2.1. 修改配置文件以指定registry地址

面registry虽然已经运行起来了，但是如果想用push命令上传镜像是会报错的，需要在配置文件中指定registry的地址。在/etc/sysconfig/docker文件中添加一下配置

4.2.2. 重启docker服务

[root@server1 ~]# systemctl restart docker

4.2.3. 上传镜像

4.2.3.1. 修改镜像tag

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]# docker tag docker.io/busybox:latest 192.168.1.102:5000/mybusybox:1.1.1

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB

docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

4.2.3.2. 上传镜像

[root@server1 ~]# docker push 192.168.1.102:5000/mybusybox:1.1.1

The push refers to a repository [192.168.1.102:5000/mybusybox]

0271b8eebde3: Pushed

1.1.1: digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465 size: 527

[root@server1 ~]#

4.2.3.3. 查看上传镜像信息

[root@server1 ~]# curl http://192.168.1.102:5000/v2/_catalog

{"repositories":["mybusybox"]}

[root@server1 ~]#

[root@server1 ~]# curl http://192.168.1.102:5000/v2/mybusybox/tags/list

{"name":"mybusybox","tags":["1.1.1"]}

4.2.3.4. 下载私有库中的镜像

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB

192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]# docker rmi docker.io/busybox

Untagged: docker.io/busybox:latest

Untagged: docker.io/busybox@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]# docker rmi 192.168.1.102:5000/mybusybox

Error response from daemon: No such image: 192.168.1.102:5000/mybusybox:latest

[root@server1 ~]# docker rmi 192.168.1.102:5000/mybusybox:1.1.1

Untagged: 192.168.1.102:5000/mybusybox:1.1.1

Untagged: 192.168.1.102:5000/mybusybox@sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465

Deleted: sha256:6ad733544a6317992a6fac4eb19fe1df577d4dec7529efec28a5bd0edad0fd30

Deleted: sha256:0271b8eebde3fa9a6126b1f2335e170f902731ab4942f9f1914e77016540c7bb

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]# docker search 192.168.1.102:5000/mybusybox

Error response from daemon: Unexpected status code 404

[root@server1 ~]# curl http://192.168.1.102:5000/v2/_catalog

{"repositories":["mybusybox"]}

[root@server1 ~]# curl http://192.168.1.102:5000/v2/mybusybox/tags/list

{"name":"mybusybox","tags":["1.1.1"]}

[root@server1 ~]# docker pull 192.168.1.102:5000/mybusybox:1.1.1

Trying to pull repository 192.168.1.102:5000/mybusybox ...

1.1.1: Pulling from 192.168.1.102:5000/mybusybox

0ffadd58f2a6: Pull complete

Digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]#

4.3. 配置HTTPS访问的Docker-Registry服务器

如果你拥有一个域名，域名下主机提供Registry服务，并且你拥有某知名CA签署的证书文件，那么你可以建立起一个Secure Registry。不过我这里没有现成的证书，只能使用自签署的证书。严格来讲，使用自签署的证书在Docker官方眼中依旧属于Insecure，不过这里只是借助自签署的证书来说明一下Secure Registry的部署步骤罢了。

4.3.1. 创建自签署SSL证书

4.3.1.1. 生成key

[root@server2 ~]# cd /etc/pki/tls/certs

[root@server2 certs]# make server.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus

..........................................................................................................................................+++

..............................................................................................+++

e is 65537 (0x10001)

Enter pass phrase:

Verifying - Enter pass phrase:

[root@server2 certs]#

4.3.1.2. 删除key中的密码

[root@server2 certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:

writing RSA key

[root@server2 certs]# cat server.key

-----BEGIN RSA PRIVATE KEY-----

MIIEpQIBAAKCAQEAzXXS/QNksz0mFVk95pdLJO2YHymWv4jr8aoWYjH6rz93UEeU

Mvp9ncOlggREiG2TZhhnM/phQETldkUjp3OT8uR8xfEVfZEbI9nMS666rIdkh4sQ

XoBA75hYipsCxZ5QKuK9gVj4G9Q6fbcrHksIxiIpaIR9Tw694lRlihOMUVyHy1hT

AsSm5eEHvhLq/gz4+aRS3eY36A8+gLZrVlzbLn9Gwf1PEMYbUEUxLPIN9byvKVQU

7OqZJPMY9gFD2Zp9gXqDbEcmoHywyMM9QIyJezMMyGCie1Gu5kUkf5uLk0fkgJPQ

GWctS9D6sxy5VQzZrwgwXR+sodmyRYTrhfrWkQIDAQABAoIBAQCPXi9bFBoZpIrF

jN9P37S00QI8hIXHo2CY4on5/UwjK5MzNq9oHzi2dMYyAo5b8LJRJKgnMgjYkvrX

W4l0mIbdj6itavwHAdFBZAJVsVhbeaKhnl1OxAoL5m+qUF5PzZe9RTjdYFrI+H/U

J5Nz8QHvV/kzEHhsSSohG6k6/0cDod+kolKccuLX/8xiL0yej7aym34L1m0mQwwM

2gtQhKeRa4N0zU7TlpQUlh9BfNOeqhce7WLp7hQv6YAiF4FoLTDxQrw8zjT1HZLq

+fw4ZsRSSUjahJOxEaUv+GXWpbU7iDlVPJiH9iF32YhE9PF2//4oIFhMi7tqTjHn

dQ23da5RAoGBAPga+eB2Fuuctt5LWLKxalj1sbEev1bMVbJSeTP9yuZhTCIr4h3M

8Qe/jMEl/RgVwoac3POKHGKi+N0JKJ8fEWZgkZ+Dss+tOU4yvx96NPKCXMMaAB3f

8yFnYWi949/mmjdyFzNlyKUVVt9QNN5/humLDa5snfImzInAOtep2Fs9AoGBANP/

d9xdAmBoxdJx4kesD8t+MHDV5Mo7MJYYXJ6qDGwVE7job8eTgXed2iTN1yrj78Iz

gtNPPZ9rRLE0X5Lg6WcH/Uwwk+0+Bsl9dsifRLzE4+gnnAdWgF5XNUB74rJ4FrSf

WGwypmDFDR6ojeHU8xvDxPGoj8psZeyBx5l5fa3lAoGBAL/BObc+DeD0MnIEkf0q

GiO/YSKfvQp8yw8TpxGD6bm9IXaXrB+UMgXnCgaOMdrXlo0r16ly6RVjGCzd00OI

Y45YvLQouZ7BJzVFC2psrVdxYfh4s/ZjDCqZGDQ371Mxi6emyj+zPyw4HfhiqTn+

HmuKSXyx/jEVw6gDpnbgkpORAoGANt8h5AzC57dWtLC7c/eqIu6nlR0X2exWGBN4

La0wB+2wrCSlgg/A6/gUlYAd2EElNqvkidMxzQiTwBYhQsAqSXu86TKNp1NtqEts

KmNnBEEmCFnwPcn68fA6nVUziSQiJGA2H9NAUz3NtojEKJbY0e/rEu2hQjCqdPvm

cOgMSq0CgYEA67zIYZN0JfxAovndcwODBRZm/ONvyleFjdfK/3ZFDMDkc/IcVdC+

NnCjmt6ESxU0s9Voe3/mJ3cBOaZCw2yJ0QmFZDLKtDsOCfE3+PspsSZKYCS5q2SO

dwm6zFafM9UYnGPIzlS4Rk+qRMGKu9/z+N9XvBH98lFn4wbKTurBRgA=

-----END RSA PRIVATE KEY-----

[root@server2 certs]#

[root@server2 certs]# make server.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Xian

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:server2.smartmap.com

Email Address []:zyxgis@hotmail.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []: //不用输入密码，直接Enter

An optional company name []: //不用输入密码，直接Enter

4.3.1.3. 生成自签署证书

[root@server2 certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=CN/ST=Xian/L=Default City/O=Default Company Ltd/CN=server2.smartmap.com/emailAddress=zyxgis@hotmail.com

Getting Private key

[root@server2 certs]#

4.3.2. 关掉正在运行的Registery的Docker容器

[root@server2 certs]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

0aa359355404 docker.io/registry "/entrypoint.sh /etc/" 5 hours ago Up 5 hours 0.0.0.0:5000->5000/tcp loving_volhard

[root@server2 certs]# docker kill 0aa359355404

0aa359355404

[root@server2 certs]#

4.3.3. 将证书复制到本地

[root@server2 certs]# pwd

/etc/pki/tls/certs

[root@server2 certs]# cd /

[root@server2 /]# mkdir -p certs

[root@server2 /]# cd certs/

[root@server2 certs]# cp /etc/pki/tls/certs/server.crt domain.crt

[root@server2 certs]# cp /etc/pki/tls/certs/server.key domain.key

[root@server2 certs]# ll

total 8

-rw-r--r-- 1 root root 1322 Nov 25 17:08 domain.crt

-rw------- 1 root root 1679 Nov 25 17:08 domain.key

4.3.4. 指定TLS参数的方式启动Registery

[root@server2 /]# docker run -d \

> --restart=always \

> --name registry \

> -v `pwd`/certs:/certs \

> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \

> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \

> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

> -p 443:443 \

> registry

7418bcbdef2f8d158befabf647ece935cb1a1d211734bd3b076423eb6038bf20

[root@server2 /]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

7418bcbdef2f registry "/entrypoint.sh /etc/" 13 seconds ago Up 12 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry

[root@server2 /]# docker logs 7418bcbdef2f

time="2017-11-25T11:07:27Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=aa0c0d0c-7213-4dd3-b52a-76e7c4561d04 version=v2.6.2

[root@server2 /]# curl https://192.168.1.102:443/v2

curl: (60) Peer's certificate issuer has been marked as not trusted by the user.

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"

of Certificate Authority (CA) public keys (CA certs). If the default

bundle file isn't adequate, you can specify an alternate file

using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

the bundle, the certificate verification probably failed due to a

problem with the certificate (it might be expired, or the name might

not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

the -k (or --insecure) option.

[root@server2 /]#

4.3.5. 修改客户端的hosts文件

[root@server1 ~]# vi /etc/hosts

192.168.1.101 server1.smartmap.com

192.168.1.102 server2.smartmap.com

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

4.3.6. 客户端服务证书

[root@server1 ~]# mkdir /etc/docker/certs.d/server2.smartmap.com

[root@server1 ~]# scp root@192.168.1.102:/certs/domain.crt /etc/docker/certs.d/server2.smartmap.com/ca.crt

The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.

ECDSA key fingerprint is SHA256:lgN0eOtdLR2eqHh+fabe54DGpV08ZiWo9oWVS60aGzw.

ECDSA key fingerprint is MD5:28:c0:cf:21:35:29:3d:23:d3:62:ca:0e:82:7a:4b:af.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts.

root@192.168.1.102's password:

domain.crt 100% 1322 289.6KB/s 00:00

[root@server1 ~]#

4.3.7. 客户端上传镜像

[root@server1 certs]# docker tag 192.168.1.102:5000/mybusybox:1.1.1 server2.smartmap.com/busy:latest

[root@server1 certs]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB

server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]# docker push server2.smartmap.com/busy:latest

The push refers to a repository [server2.smartmap.com/busy]

0271b8eebde3: Pushed

latest: digest: sha256:91ef6c1c52b166be02645b8efee30d1ee65362024f7da41c404681561734c465 size: 527

[root@server1 ~]#

5. 存贮持久化

5.1. 将一个容器作为另一个容器的存贮

创建一个容器仅仅作为保存数据的存贮服务。

5.1.1. 创建一个新的Dockerfile

[root@server1 ~]# vi Dockerfile

FROM busybox

MAINTAINER SmartMap <zyxgis@hotmail.com>

VOLUME /storage

CMD /bin/sh

5.1.2. 构建镜像

[root@server1 ~]# docker build -t storage .

Sending build context to Docker daemon 11.78 kB

Step 1 : FROM busybox

Trying to pull repository docker.io/library/busybox ...

latest: Pulling from docker.io/library/busybox

Digest: sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0

---> 6ad733544a63

Step 2 : MAINTAINER SmartMap <zyxgis@hotmail.com>

---> Running in ee7efda4c3ba

---> 31e1db61db6d

Removing intermediate container ee7efda4c3ba

Step 3 : VOLUME /storage

---> Running in b39fb411b876

---> ad9c75ff5177

Removing intermediate container b39fb411b876

Step 4 : CMD /bin/sh

---> Running in 665049285a97

---> 23ec71268f5b

Removing intermediate container 665049285a97

Successfully built 23ec71268f5b

[root@server1 ~]#

5.1.3. 显示镜像列表

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

storage latest 23ec71268f5b 48 seconds ago 1.129 MB

192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB

docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB

server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]#

5.1.4. 生成存贮服务的容器

[root@server1 ~]# docker run -i -t --name storage_server storage

/ # exit

[root@server1 ~]#

5.1.5. 在其它容器中利用"--volumes-from"参数来应用存贮服务容器

[root@server1 ~]# docker run -i -t --name centos_server --volumes-from storage_server centos /bin/bash

[root@6c2ab2b2efa9 /]# df -hT

Filesystem Type Size Used Avail Use% Mounted on

/dev/mapper/docker-8:3-8388702-2cb60545fe290371fffd2e4fc935b86b2503f21d0c7edb5366c145c42325ff48 xfs 10G 242M 9.8G 3% /

tmpfs tmpfs 2.0G 0 2.0G 0% /dev

tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup

/dev/sda3 xfs 10G 383M 9.7G 4% /storage

shm tmpfs 64M 0 64M 0% /dev/shm

5.1.6. 写入文件

[root@6c2ab2b2efa9 /]# echo "persistent storage" >> /storage/testfile.txt

[root@6c2ab2b2efa9 /]# ll /storage

total 4

-rw-r--r-- 1 root root 19 Nov 25 16:04 testfile.txt

5.1.7. 启动存贮服务容器查看数据保存在其中

[root@server1 ~]# docker start storage_server

storage_server

[root@server1 ~]# docker attach storage_server

/ # cat /storage/testfile.txt

persistent storage

/ #

5.2. 挂载外部文件系统作为容器的存贮

5.2.1. 创建一个挂载的目录

[root@server1 ~]# mkdir -p /var/docker/disk01

[root@server1 ~]# echo "persistent storage" >> /var/docker/disk01/testfile.txt

[root@server1 ~]#

5.2.2. 通过挂载目录作为容器的存贮

[root@server1 ~]# docker run -i -t -v /var/docker/disk01:/mnt centos /bin/bash

[root@6ad40e4b8df4 /]# df -hT

Filesystem Type Size Used Avail Use% Mounted on

/dev/mapper/docker-8:3-8388702-2dd829d9ea85f3c39ae5dac1283dc7919cf8576250046246f1921a89091fec38 xfs 10G 242M 9.8G 3% /

tmpfs tmpfs 2.0G 0 2.0G 0% /dev

tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup

/dev/sda3 xfs 10G 378M 9.7G 4% /mnt

shm tmpfs 64M 0 64M 0% /dev/shm

[root@6ad40e4b8df4 /]# cat /mnt/testfile.txt

persistent storage

[root@6ad40e4b8df4 /]#

6. Docker Swarm创建多机容器集群模式

在Swarm集群模式中有两种角色：Manager nodes 和 Worker nodes

6.1. 在所有节点上安装并运行Docker服务

[root@server1 ~]# docker -v

Docker version 1.12.6, build 85d7426/1.12.6

[root@server1 ~]#

6.2. 在所有节点上关掉live-restore选项

[root@server1 ~]# vi /etc/docker/daemon.json

{

"live-restore": false

}

6.3. 在Manager Node上配置Swarm集群

[root@server1 ~]# docker swarm init

Swarm initialized: current node (33pmecwb84ye601p4w0vdqfts) is now a manager.

To add a worker to this swarm, run the following command:

docker swarm join \

--token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \

192.168.1.101:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

[root@server1 ~]#

6.4. 每一个Worker Nodes都加入Swarm集群中

对于server2.smartmap.com

[root@server2 ~]# docker swarm join \

> --token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \

> 192.168.1.101:2377

This node joined a swarm as a worker.

[root@server2 ~]#

对于server3.smartmap.com

[root@server3 ~]# docker swarm join \

> --token SWMTKN-1-59gon9zn1z0zgwrh5j6z50avigyeif9dz7brfhyn7x45v9rr3o-2pkcpglwiyrjguk4asjqiwpfm \

> 192.168.1.101:2377

This node joined a swarm as a worker.

[root@server3 ~]#

6.5. Manager Node上查看Swarm集群列表状态

[root@server1 ~]# docker node ls

ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS

2keiipiaol4m6avgrfx1npsis server3.smartmap.com Ready Active

33pmecwb84ye601p4w0vdqfts * server1.smartmap.com Ready Active Leader

6l4rbnivq6liq434y1vy4437i server2.smartmap.com Ready Active

[root@server1 ~]#

6.6. 在所有节点上创建相同的容器镜像

[root@server1 ~]# vi Dockerfile

# create new

FROM centos

MAINTAINER serverworld <admin@srv.world>

RUN yum -y install httpd

RUN echo "Hello DockerFile" > /var/www/html/index.html

EXPOSE 80

CMD ["-D", "FOREGROUND"]

ENTRYPOINT ["/usr/sbin/httpd"]

[root@server1 ~]# docker build -t web_server:latest .

Sending build context to Docker daemon 11.78 kB

Step 1 : FROM centos

---> d123f4e55e12

Step 2 : MAINTAINER serverworld <admin@srv.world>

---> Running in 4dd83b30837d

---> b376afc38f12

Removing intermediate container 4dd83b30837d

Step 3 : RUN yum -y install httpd

6.7. 在Manager Node上配置服务

[root@server1 ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

web_server latest 2ff383b9765a 11 minutes ago 309.3 MB

storage latest 23ec71268f5b About an hour ago 1.129 MB

192.168.1.102:5000/mybusybox 1.1.1 6ad733544a63 3 weeks ago 1.129 MB

docker.io/busybox latest 6ad733544a63 3 weeks ago 1.129 MB

server2.smartmap.com/busy latest 6ad733544a63 3 weeks ago 1.129 MB

docker.io/centos latest d123f4e55e12 3 weeks ago 196.6 MB

[root@server1 ~]# docker service create --name swarm_cluster --replicas=2 -p 80:80 web_server:latest

7h0zjf4f1cap82xwvpx4tum5i

[root@server1 ~]# docker service ls

ID NAME REPLICAS IMAGE COMMAND

7h0zjf4f1cap swarm_cluster 0/2 web_server:latest

[root@server1 ~]# docker service ls

ID NAME REPLICAS IMAGE COMMAND

7h0zjf4f1cap swarm_cluster 2/2 web_server:latest

[root@server1 ~]#

6.8. 在Manager Node上查看服务状态

[root@server1 ~]# docker service inspect swarm_cluster --pretty

ID: 7h0zjf4f1cap82xwvpx4tum5i

Name: swarm_cluster

Mode: Replicated

Replicas: 2

Placement:

UpdateConfig:

Parallelism: 1

On failure: pause

ContainerSpec:

Image: web_server:latest

Resources:

Ports:

Protocol = tcp

TargetPort = 80

PublishedPort = 80

[root@server1 ~]#

[root@server1 ~]# docker service ps swarm_cluster

ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR

8n3fe4esq73efmirfqorc10oj swarm_cluster.1 web_server:latest server1.smartmap.com Running Running 4 minutes ago

4uxwurwojjlm284khjgiugg1s swarm_cluster.2 web_server:latest server3.smartmap.com Running Running 3 minutes ago

[root@server1 ~]#

6.9. 在Manager Node上更改集群数

[root@server1 ~]# docker service scale swarm_cluster=3

swarm_cluster scaled to 3

[root@server1 ~]# docker service ps swarm_cluster

ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR

76j6zs9kueije6fdvihufaqk7 swarm_cluster.1 web_server:latest server2.smartmap.com Running Running 2 minutes ago

4uxwurwojjlm284khjgiugg1s swarm_cluster.2 web_server:latest server3.smartmap.com Running Running 10 minutes ago

7a6rzum5piilypxsyilxzrim4 swarm_cluster.3 web_server:latest server1.smartmap.com Running Running 17 seconds ago

转载于:https://www.cnblogs.com/gispathfinder/p/8833997.html