20170531
1.Docker数据卷
1027 mkdir /b2b
1028 docker run -d --name=tomcat -v /b2b:/test -it centos /bin/bash
1029 docker exec -it tomcat /bin/bash
1030 ls /b2b
1031 docker run -it -v /dbdata:/dbdata --name dbdata centos
1032 docker run it --volumes-from dbdata --name db1 centos
1033 docker run -it --volumes-from dbdata --name db1 centos
1034 docker run -it --volumes-from dbdata --name db2 centos
1035 docker exec -it db1 /bin/bash
1036 docker ps
1037 docker ps -a
1038 docker start fce43a9ea1cb
1039 docker ps -a
1040 docker start 1c3cf1406ff3
1041 docker ps -a
1042 docker start dbdata
1043 docker ps -a
1044 docker run --volumes-from dbdata -v $(pwd):/backup --name worker centos tar zcf /backup/backup.tar.gz /dbdata
1045 ls /
1046 mkdir backup
1047 mkdir /backup
1048 docker run --volumes-from dbdata -v $(pwd):/backup --name worker centos tar zcf /backup/backup.tar.gz /dbdata
1049 ls
1050 docker ps -a
1051 docker start worker
1052 docker ps -a
1053 ls /backup/
1054 docker exec -it worker /bin/bas
1055 docker exec -it worker /bin/bash
1056 docker ps -a
1057 ls /dbdata/
1058 docker run --volumes-from dbdata -v $(pwd):/backup --name worker1 centos tar zcf /backup/backup.tar.gz /dbdata
1059 ls /backup/
1060 ls /dbdata/
1061 history
2.docker swarm集群
1002 vi Dockerfile
1003 docker build -t web_server:latest .
1004 docker images
1005 docker images
1006 docker run -d -p 80:80 web_server
1007 docker run -d -p 8081:8081 web_server
1008 docker ps
1009 curl http://localhost/
1010 curl http://localhost:8081
1011 docker service create --name swarm_cluster --replicas=2 -p 80:80 web_server:latest
1012 docker service ls
1013 docker service inspect swarm_cluster --pretty
1014 docker service ps swarm_cluster
1015 docker service scale swarm_cluster=3
1016 docker service ps swarm_cluster
1017 curldocker node ls
1018 docker node ls
1019 docker service ls
1020 curl http://node01.srv.world/
1021 curl http://node.srv.world/
1022 curl http://192.168.36.141/
1023 curl http://192.168.36.150/
1024 curl http://192.168.36.151/
3,配置ip
docker inspect a6b9ac086d2f
[root@node ~]# docker inspect a6b9ac086d2f | grep IPAddress | cut -d '"' -f 4
172.17.0.2
172.17.0.2
[root@node ~]# docker inspect -format '{{ .NetworkSettings.IPAddress }}' ${CID}
flag provided but not defined: -format
See '/usr/bin/docker-current inspect --help'.
[root@node ~]# docker inspect -format '{{ .NetworkSettings.IPAddress }}' a6b9ac086d2f
flag provided but not defined: -format
See '/usr/bin/docker-current inspect --help'.
[root@node ~]# docker inspect --format '{{ .NetworkSettings.IPAddress }}' a6b9ac086d2f
172.17.0.2
[root@node ~]# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' a6b9ac086d2f
172.17.0.2
[root@node ~]# docker inspect -f '{{.Name}} - {{.NetworkSettings.IPAddress }}' $(docker ps -aq)
/java - 172.17.0.2
/desperate_sinoussi - 172.17.0.6
/pedantic_dijkstra -
/adoring_wescoff -
/centos_server -
/storage_server -
/nostalgic_shirley - 172.17.0.5
/elated_lalande -
/naughty_archimedes - 172.17.0.5
/node3 - 172.17.0.4
/node2 - 172.17.0.3
/node1 - 172.17.0.2
[root@node ~]# docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)
/java - 172.17.0.2
/desperate_sinoussi - 172.17.0.6
/pedantic_dijkstra -
/adoring_wescoff -
/centos_server -
/storage_server -
/nostalgic_shirley - 172.17.0.5
/elated_lalande -
/naughty_archimedes - 172.17.0.5
/node3 - 172.17.0.4
/node2 - 172.17.0.3
/node1 - 172.17.0.2
[root@node ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "a0e4ccdbe3a7e4b33ea6590a7d44b2feae02995941705a22e7be100fdfe8e1c5",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Containers": {
"a6b9ac086d2f7b3792fb0c10aadd681d89b69b754c6ec20ac1c381c452075779": {
"Name": "java",
"EndpointID": "2d0a1c46f23d60631f3c601ad54c2d898bd346fadb01ed18d1cbf2d229cc3540",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@node ~]# docker network create --subnet 192.168.36.0/24 --gateway 192.168.36.2 iptastic
4.pipwork:
5.
down vote
accepted
My guess is that you're running a non-privileged container. systemd requires CAP_SYS_ADMIN capability but Docker drops that capability in the non privileged containers, in order to add more security.
systemd also requires RO access to the cgroup file system within a container. You can add it with –v /sys/fs/cgroup:/sys/fs/cgroup:ro
So, here a few steps on how to run CentOS with systemd inside a Docker container:
Pull centos image
Set up a docker file like the one below:
FROM centos
MAINTAINER “Yourname" <youremail@address.com>
ENV container docker
RUN yum -y update; yum clean all
RUN yum -y install systemd; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ “/sys/fs/cgroup” ]
CMD [“/usr/sbin/init”]
Build it - docker build --rm -t centos7-systemd - < mydockerfile
Run a container with docker run --privileged -ti -e container=docker -v /sys/fs/cgroup:/sys/fs/cgroup centos7-systemd /usr/sbin/init
You should have systemd in your container
6.sshd
启动容器
启动容器有两种方式,一种是基于镜像新建一个容器并启动,另外一个是将在终止状态(stopped)的容器重新启动。
因为 Docker 的容器实在太轻量级了,很多时候用户都是随时删除和新创建容器。
下面的命令则启动一个 bash 终端,允许用户进行交互。
$ docker run -t -i docker.io/tcbenkhard/centos6-jdk7 /bin/bash
[root@ffe81683c404 /]#
1
2
1
2
Alt text
其中,-t 选项让Docker分配一个伪终端(pseudo-tty)并绑定到容器的标准输入上,-i 则让容器的标准输入保持打开。
当利用 docker run 来创建容器时,Docker 在后台运行的标准操作包括:
(1)检查本地是否存在指定的镜像,不存在就从公有仓库下载
(2)利用镜像创建并启动一个容器
(3)分配一个文件系统,并在只读的镜像层外面挂载一层可读写层
(4)从宿主主机配置的网桥接口中桥接一个虚拟接口到容器中去
(5)从地址池配置一个 ip 地址给容器
(6)执行用户指定的应用程序
(7)执行完毕后容器被终止
可以使用下面命令来查看CentOS版本信息:
$ cat /etc/redhat-release
1
1
修改root密码
使用passwd密码来修改密码(如提示没有这个命令行使用yum install passwd安装):
$ passwd
xxx密码
xxx确认密码
1
2
3
1
2
3
安装Openssh
使用下面命令安装ssh server/ssh client:
$ sudo yum -y install openssh-server
$ sudo yum -y install openssh-clients
1
2
1
2
修改SSH配置文件以下选项,去掉#注释,将四个选项启用:
$ vi /etc/ssh/sshd_config
RSAAuthentication yes #启用 RSA 认证
PubkeyAuthentication yes #启用公钥私钥配对认证方式
AuthorizedKeysFile .ssh/authorized_keys #公钥文件路径(和上面生成的文件同)
PermitRootLogin yes #root能使用ssh登录
1
2
3
4
5
6
1
2
3
4
5
6
Alt text
重启ssh服务,并设置开机启动:
$ service sshd restart
$ chkconfig sshd on
1
2
1
2
退出容器并保存更改
使用exit命令或者ctrl+C来退出当前运行的容器:
[root@ffe81683c404 /]# exit
1
1
注意:上面ffe81683c404是容器的ID,退出后用于保存的唯一ID。
当结束后,我们使用 exit 来退出,现在我们的容器已经被我们改变了,使用 docker commit 命令来提交更新后的副本。
$ sudo docker commit -m 'install openssh' -a 'Docker Newbee' ffe81683c404 centos6-jdk7:ssh
4f177bd27a9ff0f6dc2a830403925b5360bfe0b93d476f7fc3231110e7f71b1c
1
2
1
2
其中,-m 来指定提交的说明信息,跟我们使用的版本控制工具一样;-a 可以指定更新的用户信息;之后是用来创建镜像的容器的ID;最后指定目标镜像的仓库名和 tag 信息。创建成功后会返回这个镜像的 ID 信息。
提交后docker中就会多出一个centos6-jdk7:ssh的一个镜像。
Alt text
启动新的容器并打通22端口
将新的镜像启动,并将docker服务器的50001端口映射到容器的22端口上:
$ docker run -d -p 50001:22 centos6-jdk7:ssh /usr/sbin/sshd -D
1
1
ssh连接容器: