docker创建/启动容器方式
Docker给我们提供创建容器的方式也有好几种,包括
1.docker run命令、
2.Dockerfile文件、
3.docker-compose
4.使用runC创建容器
本机情况环境采集:
[root@ht5 ~]# docker version Client: Version: 18.03.0-ce API version: 1.37 Go version: go1.9.4 Git commit: 0520e24 Built: Wed Mar 21 23:09:15 2018 OS/Arch: linux/amd64 //安装平台,默认时出错.应该是x86 Experimental: false Orchestrator: swarm //docker集群工具 Server: Engine: Version: 18.03.0-ce API version: 1.37 (minimum version 1.12) Go version: go1.9.4 Git commit: 0520e24 Built: Wed Mar 21 23:13:03 2018 OS/Arch: linux/amd64 Experimental: false [root@ht5 ~]# docker info Containers: 27 Running: 16 Paused: 0 Stopped: 11 Images: 69 Server Version: 18.03.0-ce Storage Driver: overlay2 Backing Filesystem: xfs //这里是可以变更的 Supports d_type: false //ftype设置 Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs //隔离资源结合namespace使用 Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c runc version: 4fc53a81fb7c994640722ac585fa9ca548971871 init version: 949e6fa Security Options: seccomp Profile: default Kernel Version: 3.10.0-1160.42.2.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 15.65GiB Name: ht5.node ID: BGK3:6SSW:KQ56:JJTE:FUYP:RQKJ:37C5:AIXY:UEQM:FJIV:ZUFY:5527 Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: overlay2: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior. Reformat the filesystem with ftype=1 to enable d_type support. Running without d_type support will not be supported in future releases. 本机有几个问题: 1.ftype没有设置 2.amd64架构选择错误
本机的docker-ce(开源版本)安装之后的docker工具
docker docker-containerd docker-containerd-ctr docker-containerd-shim dockerd docker-init docker-proxy docker-runc container-storage-setup
方式一:docker run命令方式
$docker run --name mycreate-nginx -p 1080:80 -v /usr/local/src/nginxcon:/usr/share/nginx/html -d nginx
参数说明: --name:定义容器名。 -p:宿主机与容器的端口挂载,格式:宿主机端口:容器内部端口 -v:宿主机目录与容器内目录映射,格式:宿主机目录:容器内部目录 -d:后台执行
这里把容器名取名为mycreate-nginx,把容器的80端口映射到宿主机的1080端口,
容器内的/usr/share/nginx/html目录映射到宿主机的/user/local/src/nginxcon目录,
使用的是nginx最新的镜像,镜像部分也可以写成 “nginx:版本”比如“nginx:1.15.1”。
我们来实际运行下,从下面可以清晰的看到,如果本地仓库即docker images列出的本地镜像没有,则从远程拉取
[root@ht5 src]# docker run --name mycreate-nginx -p 1080:80 -v /usr/local/src/nginxcon:/usr/share/nginx/html -d nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
1fe172e4850f: Pull complete
35c195f487df: Pull complete
213b9b16f495: Pull complete
a8172d9e19b9: Pull complete
f5eee2cb2150: Pull complete
93e404ba8667: Pull complete
Digest: sha256:859ab6768a6f26a79bc42b231664111317d095a4f04e4b6fe79ce37b3d199097
Status: Downloaded newer image for nginx:latest
222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76
[root@ht5 src]# netstat -anlp | grep 1080
tcp6 0 0 :::1080 :::* LISTEN 79275/docker-proxy
[root@ht5 src]# ps -ef | grep docker
root 79275 1384 0 23:13 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 1080 -container-ip 172.17.0.3 -container-port 80
//上面即创建一个容器,同时对外暴露端口,通过docker-proxy代理,提供1080访问,宿主机上执行 curl http://localhost:1080/ 访问容器内的80端口
增加参数可以改变容器分配的cpu和内存,io等资源的设置
-cpu-shares 数字 //如果想为cpu制定不同的权重
--cpuset-cpus 设置容器使用的cpu内核 --cpu-period是用来指定容器对于cpu的使用要在多长时间内重新分配一次(1000000(1秒)) --cpu-quota是用来指定在这个周期内,最多可以有多少时间跑这个容器(200000(0.2秒)) 与--cpu-shares(权重)不同的是,这种配置指定一个绝对值,容器对cpu资源使用绝对不会超过配置的值。 当然,在多核情况下,如果允许容器进程完全占用两个cpu,则可以将cpu-period设置为100000(0.1秒),cpu-quota设置为200000(0.2秒) -cpuset-cpus 0-7#执行以下命令需要宿主机为8核,表示创建的容器只能使用0-7 8个内核,最终生成cgroup的cpu内核配置如下: //如果不设置,默认就是0-7 [root@ht5 ~]# cat /sys/fs/cgroup/cpuset/cpuset.cpus 0-7
-m或–memory设置内存的使用限额 例如:-m 100M --memory-swap=200M
--vm 1 ,代表启动一个内存工作线程
--vm-bytes 100M ,代表每个线程可以分配100M内存
–blkio-weight参数可以改变容器block IO的优先级。例如:--blkio-weight 300
docker cgroup 开启启动的查看(比较两台机器的开启启动情况)
[root@ht5 ~]# cat /var/log/dmesg | grep cg [ 0.000000] Initializing cgroup subsys cpuset [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Initializing cgroup subsys cpuacct [ 0.000000] allocated 134217728 bytes of page_cgroup [ 0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups //有时候可能这里会出现内存泄漏的情况 [ 0.193565] Initializing cgroup subsys memory [ 0.193579] Initializing cgroup subsys devices [ 0.193580] Initializing cgroup subsys freezer [ 0.193581] Initializing cgroup subsys net_cls [ 0.193583] Initializing cgroup subsys blkio //Cgroup中的blkio子系统的主要功能是实现对磁盘i/o带宽的定制化控制 [ 0.193584] Initializing cgroup subsys perf_event [ 0.193594] Initializing cgroup subsys hugetlb [ 0.193598] Initializing cgroup subsys pids [ 0.193605] Initializing cgroup subsys net_prio
//这里采集一台没有安装docker的机器,所以cgroup是系统的特性.
[root@fp-mysql-13 fs]# cat /var/log/dmesg | grep cg
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] allocated 536870912 bytes of page_cgroup
[ 0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups
[ 0.037518] Initializing cgroup subsys memory
[ 0.037539] Initializing cgroup subsys devices
[ 0.037540] Initializing cgroup subsys freezer
[ 0.037541] Initializing cgroup subsys net_cls
[ 0.037543] Initializing cgroup subsys blkio
[ 0.037544] Initializing cgroup subsys perf_event
[ 0.037548] Initializing cgroup subsys hugetlb
docker cgroup目录下的变化(安装docker使用cgroups和没有使用cgroups机器的比较)
//cgroups工作目录 /sys/fs/cgroup
[root@ht5 ~]# cd /sys/fs/cgroup/ [root@ht5 cgroup]# ll total 0 drwxr-xr-x 7 root root 0 Feb 18 17:26 blkio lrwxrwxrwx 1 root root 11 Feb 18 17:26 cpu -> cpu,cpuacct lrwxrwxrwx 1 root root 11 Feb 18 17:26 cpuacct -> cpu,cpuacct drwxr-xr-x 7 root root 0 Feb 18 17:26 cpu,cpuacct drwxr-xr-x 5 root root 0 Feb 18 17:26 cpuset drwxr-xr-x 7 root root 0 Feb 18 17:26 devices drwxr-xr-x 5 root root 0 Feb 18 17:26 freezer drwxr-xr-x 5 root root 0 Feb 18 17:26 hugetlb drwxr-xr-x 7 root root 0 Feb 18 17:26 memory lrwxrwxrwx 1 root root 16 Feb 18 17:26 net_cls -> net_cls,net_prio drwxr-xr-x 5 root root 0 Feb 18 17:26 net_cls,net_prio lrwxrwxrwx 1 root root 16 Feb 18 17:26 net_prio -> net_cls,net_prio drwxr-xr-x 5 root root 0 Feb 18 17:26 perf_event drwxr-xr-x 7 root root 0 Feb 18 17:26 pids //这里 drwxr-xr-x 7 root root 0 Feb 18 17:26 systemd //和下面最大的不同就是pids目录的出现和memory目录下的变化 [root@fp-mysql-13 fs]# cd /sys/fs/cgroup/ [root@fp-mysql-13 cgroup]# ll total 0 drwxr-xr-x 2 root root 0 Nov 23 15:45 blkio lrwxrwxrwx 1 root root 11 Nov 23 15:45 cpu -> cpu,cpuacct lrwxrwxrwx 1 root root 11 Nov 23 15:45 cpuacct -> cpu,cpuacct drwxr-xr-x 2 root root 0 Nov 23 15:45 cpu,cpuacct drwxr-xr-x 2 root root 0 Nov 23 15:45 cpuset drwxr-xr-x 2 root root 0 Nov 23 15:45 devices drwxr-xr-x 2 root root 0 Nov 23 15:45 freezer drwxr-xr-x 2 root root 0 Nov 23 15:45 hugetlb drwxr-xr-x 2 root root 0 Nov 23 15:45 memory drwxr-xr-x 2 root root 0 Nov 23 15:45 net_cls drwxr-xr-x 2 root root 0 Nov 23 15:45 perf_event drwxr-xr-x 4 root root 0 Nov 23 15:45 systemd
我们查看下上面容器启动的变化:
[root@ht5 docker]# docker ps | grep nginx 222e67a09d9a nginx "/docker-entrypoint.…" 10 hours ago Up 10 hours 0.0.0.0:1080->80/tcp mycreate-nginx
[root@ht5 /sys/fs/cgroup/memory/docker]# ll
total 0
drwxr-xr-x 2 root root 0 Apr 24 23:13 222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76
//有变化的地方
[root@ht5 memory]# ll //当前目录为/sys/fs/cgroup/memory
...
drwxr-xr-x 6 root root 0 Apr 24 21:25 docker
drwxr-xr-x 4 root root 0 Feb 22 10:28 kubepods
drwxr-xr-x 2 root root 0 Feb 21 21:56 kube-proxy
drwxr-xr-x 111 root root 0 Apr 24 18:12 system.slice
drwxr-xr-x 2 root root 0 Feb 18 17:26 user.slice
....
//该容器对应的资源
[root@ht5 222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76]# ls
cgroup.clone_children memory.kmem.limit_in_bytes memory.kmem.tcp.usage_in_bytes memory.memsw.max_usage_in_bytes memory.soft_limit_in_bytes tasks
cgroup.event_control memory.kmem.max_usage_in_bytes memory.kmem.usage_in_bytes memory.memsw.usage_in_bytes memory.stat
cgroup.procs memory.kmem.slabinfo memory.limit_in_bytes memory.move_charge_at_immigrate memory.swappiness
memory.failcnt memory.kmem.tcp.failcnt memory.max_usage_in_bytes memory.numa_stat memory.usage_in_bytes
memory.force_empty memory.kmem.tcp.limit_in_bytes memory.memsw.failcnt memory.oom_control memory.use_hierarchy
memory.kmem.failcnt memory.kmem.tcp.max_usage_in_bytes memory.memsw.limit_in_bytes memory.pressure_level notify_on_release
//看下/var/lib/docker下
[root@ht5 222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76]# pwd //当前目录
/var/lib/docker/containers/222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76
[root@ht5 222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76]# ll
total 28
-rw-r----- 1 root root 3081 Apr 24 23:13 222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76-json.log
drwx------ 2 root root 6 Apr 24 23:13 checkpoints
-rw------- 1 root root 3195 Apr 24 23:13 config.v2.json
-rw-r--r-- 1 root root 1240 Apr 24 23:13 hostconfig.json
-rw-r--r-- 1 root root 13 Apr 24 23:13 hostname
-rw-r--r-- 1 root root 174 Apr 24 23:13 hosts
drwx------ 3 root root 16 Apr 24 23:13 mounts
-rw-r--r-- 1 root root 290 Apr 24 23:13 resolv.conf
-rw-r--r-- 1 root root 71 Apr 24 23:13 resolv.conf.hash
查看比较详细的信息
[root@ht5 overlay2]# docker inspect 222e67a09d9a [ { "Id": "222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76", "Created": "2022-04-24T15:13:19.716327281Z", "Path": "/docker-entrypoint.sh", "Args": [ "nginx", "-g", "daemon off;" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 79297, "ExitCode": 0, "Error": "", "StartedAt": "2022-04-24T15:13:20.365642406Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:fa5269854a5e615e51a72b17ad3fd1e01268f278a6684c8ed3c5f0cdce3f230b", "ResolvConfPath": "/var/lib/docker/containers/222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76/resolv.conf", "HostnamePath": "/var/lib/docker/containers/222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76/hostname", "HostsPath": "/var/lib/docker/containers/222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76/hosts", "LogPath": "/var/lib/docker/containers/222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76/222e67a09d9a83e9649fbe07bb0e54258b1b52a1d355aed74694ead5c758cd76-json.log", "Name": "/mycreate-nginx", "RestartCount": 0, "Driver": "overlay2", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": [ "/usr/local/src/nginxcon:/usr/share/nginx/html" ], "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "default", "PortBindings": { "80/tcp": [ { "HostIp": "", "HostPort": "1080" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Data": {
//只读层 "LowerDir": "/var/lib/docker/overlay2/e5a85b04886cea66fdebbd420153b29599f4a18b753c9db7edf53bdb3d42de72-init/diff:/var/lib/docker/overlay2/29f10b82508ba9c336b1a04b59e56e8fa02e16c41331108618232965a5500e7e/diff:/var/lib/docker/overlay2/e18f942e47c0de76700f07e4f466a1ea61533251da88af883d44a53cc0911aab/diff:/var/lib/docker/overlay2/4b812095ef67178fea715b49f85a3049a7cc0b7ac4d64b1f356bdbf148e16700/diff:/var/lib/docker/overlay2/c341cf40a78d977bdeed820586fddeeb40eb7509a2d5f966a59ed48239a4827f/diff:/var/lib/docker/overlay2/34dd7d91e749216183020cbbd8b1c6ca5a8502e5242f02c4547d1518e495e1f6/diff:/var/lib/docker/overlay2/230e6fbe9e9c2828da0ae965d6607fb55215bd3977b5af3991a9001bf0f300c4/diff", //联合层
"MergedDir": "/var/lib/docker/overlay2/e5a85b04886cea66fdebbd420153b29599f4a18b753c9db7edf53bdb3d42de72/merged", //可读写层
"UpperDir": "/var/lib/docker/overlay2/e5a85b04886cea66fdebbd420153b29599f4a18b753c9db7edf53bdb3d42de72/diff", //diff是差异的地方 "WorkDir": "/var/lib/docker/overlay2/e5a85b04886cea66fdebbd420153b29599f4a18b753c9db7edf53bdb3d42de72/work" }, "Name": "overlay2" }, "Mounts": [ { "Type": "bind", "Source": "/usr/local/src/nginxcon", "Destination": "/usr/share/nginx/html", "Mode": "", "RW": true, "Propagation": "rprivate" } ], "Config": { "Hostname": "222e67a09d9a", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.21.6", "NJS_VERSION=0.7.2", "PKG_RELEASE=1~bullseye" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "Image": "nginx", "Volumes": null, "WorkingDir": "", "Entrypoint": [ "/docker-entrypoint.sh" ], "OnBuild": null, "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGQUIT" }, "NetworkSettings": { "Bridge": "", "SandboxID": "af6ab3988204245873fe9d3022da38d6919659508e9b9087b4e036bce6d1a270", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "1080" } ] }, "SandboxKey": "/var/run/docker/netns/af6ab3988204", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "06c3b917475a61e1805035bbf41c50ed0eb7486a96891b593bbec90e84f5482d", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:03", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "1caead2ab69fd0c57f3a39c4ed39cc2fd5859677e822ee682f742181083b93b1", "EndpointID": "06c3b917475a61e1805035bbf41c50ed0eb7486a96891b593bbec90e84f5482d", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03", "DriverOpts": null } } } } ]
https://docs.docker.com/engine/reference/commandline/inspect/
容器的网络命名空间名称
[root@ht5 overlay2]# docker network ls NETWORK ID NAME DRIVER SCOPE 1caead2ab69f bridge bridge local 3cf5406d55f0 host host local bf2d13101b37 none null local
[root@ht5 overlay2]# docker inspect -f '{{.NetworkSettings.SandboxKey}}' 222e67a09d9a //容器id
/var/run/docker/netns/af6ab3988204
方式二:Dockerfile配置文件构建镜像方式
1.创建一个文件,命名为Dockerfile,输入以下内容。 FROM nginx COPY html /usr/share/nginx/html 解释: FROM nginx 代表以nginx 镜像为基础构建我们的镜像。 注意需要先在Dockerfile同目录创建html目录,不然会报错。 Dockerfile文件内可以自定义镜像内容,有很多指令可以用 2.在Dockerfile同目录下运行命令创建镜像 [root@ht5 bin]# docker build -t my-nginx-image .
3.运行容器
docker run --name aozhejin-nginx -p 1080:80 -d my-nginx-image
//Dockerfile一般用于自定义镜像
方式三:docker -compose方式
1.创建一个docker-compose.yml文件,输入以下内容 version: "3"services: nginx: image: nginx container_name: aozhejin-nginx ports: - "1080:80" volumes: - /data/html:/usr/share/nginx/html 在/data/html创建一个index.html,随便输入个内容,等会访问测试。 2.执行启动命令 docker-compose up -d
