赛题答案

Docker运维之端口、进程、资源使用、日志管理

1.端口

在registry节点使用netstat命令查询仓库监听端口号，查询完毕后通过lsof命令（如命令不存在则手工安装）查询使用此端口号的进程。将以上所有操作命令和输出结果以文本形式提交到命令行界面。

[root@registry ~]# netstat -ntpl

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      724/sshd           

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      802/master         

tcp6       0      0 :::5000                 :::*                    LISTEN      21423/docker-proxy 

tcp6       0      0 :::22                   :::*                    LISTEN      724/sshd           

tcp6       0      0 ::1:25                  :::*                    LISTEN      802/master 

[root@registry ~]# lsof  -i:5000

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

exe     21423 root    7u  IPv6 267372      0t0  TCP *:commplex-main (LISTEN)

2.进程

在Registry节点通过lsof命令（如命令不存在则手工安装）查询/usr/bin/docker-current相关进程，并根据查询出来的进程号查询该进程所执行程序。将以上所有操作命令和输出结果以文本形式提交到命令行界面。

[root@registry ~]# lsof  /usr/bin/docker-current

COMMAND     PID USER  FD   TYPE DEVICE SIZE/OFF     NODE NAME

docker-cu  1492 root txt    REG  253,1 45797613 16903916 /usr/bin/docker-current

exe       21423 root txt    REG  253,1 45797613 16903916 /usr/bin/docker-current

[root@registry ~]# ps aux |grep 1492

root      1492  0.0  1.9 790336 40752 ?        Ssl  Feb13  31:08 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --add-registry 192.168.200.12:5000 --insecure-registry 192.168.200.12:5000

root     32269  0.0  0.0 112640   956 pts/0    S+   02:34   0:00 grep --color=auto 1492

[root@registry ~]# ps aux |grep 21423

root     21423  0.0  0.8 253880 16520 ?        Sl   Mar03   2:55 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5000 -container-ip 172.17.0.2 -container-port 5000

root     32271  0.0  0.0 112640   960 pts/0    S+   02:34   0:00 grep --color=auto 21423

3.资源使用

在registry节点通过netstat命令（如命令不存在则手工安装）查询docker镜像仓库PID，使用top命令查询上一步查询的的PID的资源使用情况。将以上所有操作命令和输出结果以文本形式提交到命令行界面。

[root@registry ~]# netstat -ntpl

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      724/sshd           

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      802/master         

tcp6       0      0 :::5000                 :::*                    LISTEN      21423/docker-proxy 

tcp6       0      0 :::22                   :::*                    LISTEN      724/sshd           

tcp6       0      0 ::1:25                  :::*                    LISTEN      802/master 

[root@registry ~]# top -p 21423

top - 07:26:24 up 35 days,  3:06,  1 user,  load average: 0.00, 0.01, 0.05

Tasks:   1 total,   0 running,   1 sleeping,   0 stopped,   0 zombie

%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st

KiB Mem :  2049396 total,   118648 free,   127892 used,  1802856 buff/cache

KiB Swap:        0 total,        0 free,        0 used.  1721968 avail Mem

PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND                                    

21423 root      20   0  253880  16520   7592 S  0.0  0.8   2:57.51 exe                                         

4.日志

在registry节点通过docker命令查询dockerregistry容器最后20条日志，将以上所有操作命令和输出结果以文本形式提交到命令行界面。

# docker logs --tail=20 940568599bb2

192.168.200.12 - - [29/Mar/2017:05:35:37 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"

192.168.200.12 - - [29/Mar/2017:05:35:37 +0000] "GET /v1/search?q=swarm HTTP/1.1" 404 19 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"

time="2017-03-29T05:35:49Z" level=info msg="response completed" go.version=go1.6.3 http.request.host="192.168.200.12:5000" http.request.id=7bc96c9d-e3a4-43fe-9f6f-1be0ad4e8fe3 http.request.method=GET http.request.remoteaddr="192.168.200.12:50872" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.946567ms http.response.status=200 http.response.written=2 instance.id=a5140eb2-63c4-40b1-8c88-24aff334bb6a version=v2.5.1

192.168.200.12 - - [29/Mar/2017:05:35:49 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"

time="2017-03-29T05:35:49Z" level=error msg="response completed with error" err.code="manifest unknown" err.detail="unknown tag=latest" err.message="manifest unknown" go.version=go1.6.3 http.request.host="192.168.200.12:5000" http.request.id=466b5691-ea02-4b27-af3b-340fc69767a4 http.request.method=GET http.request.remoteaddr="192.168.200.12:50873" http.request.uri="/v2/swarm/manifests/latest" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.057137ms http.response.status=404 http.response.written=96 instance.id=a5140eb2-63c4-40b1-8c88-24aff334bb6a vars.name=swarm vars.reference=latest version=v2.5.1

192.168.200.12 - - [29/Mar/2017:05:35:49 +0000] "GET /v2/swarm/manifests/latest HTTP/1.1" 404 96 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"

192.168.200.12 - - [29/Mar/2017:05:35:49 +0000] "GET /v1/repositories/swarm/images HTTP/1.1" 404 19 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"

time="2017-03-29T06:10:09Z" level=info msg="PurgeUploads starting: olderThan=2017-03-22 06:10:09.06177115 +0000 UTC, actuallyDelete=true"

time="2017-03-29T06:10:09Z" level=info msg="Purge uploads finished.  Num deleted=0, num errors=0"

time="2017-03-29T06:10:09Z" level=info msg="Starting upload purge in 24h0m0s" go.version=go1.6.3 instance.id=a5140eb2-63c4-40b1-8c88-24aff334bb6a version=v2.5.1

Docker之API操作

1、容器-6

（1）查询docker系统信息

在registry节点通过docker api 查询docker的系统信息，将以上操作命令及检查结果填入命令行界面。

# curl -X GET http://localhost:2375/info

{"ID":"NLPH:KG5J:I3GD:RXLO:MPXS:CP3J:PXBP:MFQY:AUBM:YN3V:3EL6:HXEA","Containers":4,"ContainersRunning":3,"ContainersPaused":0,"ContainersStopped":1,"Images":38,"Driver":"devicemapper","DriverStatus":[["Pool Name","docker-253:1-771752128-pool"],["Pool Blocksize","65.54 kB"],["Base Device Size","10.74 GB"],["Backing Filesystem","xfs"],["Data file","/dev/loop1"],["Metadata file","/dev/loop2"],["Data Space Used","8.406 GB"],["Data Space Total","107.4 GB"],["Data Space Available","98.97 GB"],["Metadata Space Used","14.93 MB"],["Metadata Space Total","2.147 GB"],["Metadata Space Available","2.133 GB"],["Udev Sync Supported","true"],["Deferred Removal Enabled","false"],["Deferred Deletion Enabled","false"],["Deferred Deleted Device Count","0"],["Data loop file","/var/lib/docker/devicemapper/devicemapper/data"],["Metadata loop file","/var/lib/docker/devicemapper/devicemapper/metadata"],["Library Version","1.02.107-RHEL7 (2016-06-09)"]],"SystemStatus":null,"Plugins":{"Volume":["local"],"Network":["bridge","null","host"],"Authorization":null},"MemoryLimit":true,"SwapLimit":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"IPv4Forwarding":true,"BridgeNfIptables":false,"BridgeNfIp6tables":false,"Debug":false,"NFd":32,"OomKillDisable":true,"NGoroutines":49,"SystemTime":"2017-03-21T08:53:54.577574371Z","ExecutionDriver":"native-0.2","LoggingDriver":"journald","NEventsListener":0,"KernelVersion":"3.10.0-229.el7.x86_64","PkgVersion":"docker-common-1.10.3-46.el7.centos.14.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://192.168.200.12:5000/v1/","IndexServerName":"192.168.200.12:5000","RegistryConfig":{"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"192.168.200.12:5000":{"Name":"192.168.200.12:5000","Mirrors":[],"Secure":false,"Official":false},"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"InitSha1":"171e8156748ca6b9e07d03098803bd7cee05e945","InitPath":"","NCPU":1,"MemTotal":2098581504,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"registry","Labels":null,"ExperimentalBuild":false,"ServerVersion":"1.10.3","ClusterStore":"","ClusterAdvertise":"","Registries":[{"Name":"192.168.200.12:5000","Secure":false},{"Name":"docker.io","Secure":true}]}

（2）查询docker版本信息

在registry节点通过docker api 查询docker的版本，将以上操作命令及检查结果填入命令行界面。

# curl -X GET http://localhost:2375/version

{"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"cb079f6-unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd64","KernelVersion":"3.10.0-229.el7.x86_64","BuildTime":"2016-09-16T13:24:25.999281648+00:00","PkgVersion":"docker-common-1.10.3-46.el7.centos.14.x86_64"}

（3）列举docker容器

在registry节点通过docker api 查询docker内所有容器，将以上操作命令及检查结果填入命令行界面。

# curl -X GET http://localhost:2375/containers/json

[{"Id":"49cb289d6e7331650e75a253383bae15cfb88747b583230e8b618937cc08af45","Names":["/nginxweb"],"Image":"nginx:latest","ImageID":"sha256:01f818af747d88b4ebca7cdabd0c581e406e0e790be72678d257735fad84a15f","Command":"/bin/bash","Created":1490085333,"Ports":[{"IP":"0.0.0.0","PrivatePort":443,"PublicPort":32771,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":80,"PublicPort":32772,"Type":"tcp"}],"Labels":{},"Status":"Up 8 minutes","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"9c9c6a870d284715eeab46ceb2b7d2dc368ad08fc5b50507a5ac4724d352dbdd","Gateway":"172.17.0.1","IPAddress":"172.17.0.4","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:04"}}}},{"Id":"0fa6b8c9ff49157f6c203dd918d7c27396e598022bc51f31be96b9a553579d44","Names":["/mysqldb","/nginxweb/db"],"Image":"mysql:latest","ImageID":"sha256:d9124e6c552f0e739ef130add0e215af6abfc6efc0b43cc26e5a16b15df6c1ff","Command":"docker-entrypoint.sh /bin/bash","Created":1490084698,"Ports":[{"IP":"0.0.0.0","PrivatePort":3306,"PublicPort":32770,"Type":"tcp"}],"Labels":{},"Status":"Up 8 minutes","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"b7aa4ac3e259272b5405dfd9cc3443b394d155c409f2a06d5a33953b6fd6cfa1","Gateway":"172.17.0.1","IPAddress":"172.17.0.3","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:03"}}}},{"Id":"940568599bb2864b5b88768a5a87202b4786ba123ba2647a97106d43aeebcd6b","Names":["/registry"],"Image":"192.168.200.12:5000/registry:latest","ImageID":"sha256:c9bd19d022f6613fa0e3d73b2fe2b2cffe19ed629a426db9a652b597fccf07d4","Command":"/entrypoint.sh /etc/docker/registry/config.yml","Created":1486963059,"Ports":[{"IP":"0.0.0.0","PrivatePort":5000,"PublicPort":5000,"Type":"tcp"}],"Labels":{},"Status":"Up 9 minutes","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"2a5ef2c24eac60ae86f90faa50c271a6a6bc375a501127c6b0f8824cc77915c6","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]

（4）创建容器

在registry节点使用docker api 通过mariadb镜像创建docker容器，设置数据库密码为0000000，暴露3306端口，监听的地址为0.0.0.0，将以上操作命令及检查结果填入命令行界面。

# curl -X POST -H "Content-Type: application/json" -d '{

    "Image": "mariadb",

    "Env": ["MYSQL_ROOT_PASSWORD=000000"],

    "ExposedPorts": {

        "3306/tcp": {}

    "HostConfig": {

        "PortBindings": {

            "3306/tcp": [{"HostIp": "","HostPort": "3306"}]

        }

    "NetworkSettings": {

        "Ports": {

            "5000/tcp": [{"HostIp": "0.0.0.0","HostPort": "3306"}]

        }

}' http://localhost:2375/containers/create

{"Id":"b20699b782bbb87702e72d046820b6c3558da86b50ff4b60714f8af33ed860db","Warnings":null}

（5）启动

在registry节点利用docker api将上题创建的容器启动，将以上操作命令及检查结果填入命令行界面。

# curl -X  POST -H "Content-Type: application/json" http://localhost:2375/containers/b20699b782bb/start

（6）删除

在registry节点利用docker api将上题创建的容器停止，待容器停止运行后删除该容器，将以上操作命令及检查结果填入命令行界面。

# curl -X  POST -H "Content-Type: application/json" http://localhost:2375/containers/b20699b782bb/stop

# curl -X  DELETE http://localhost:2375/containers/b20699b782bb

2、镜像

（1）列举docker镜像

在registry节点通过docker api 查询docker内所有镜像，将以上操作命令及检查结果填入命令行界面。

# curl -X GET http://localhost:2375/images/json   

（2）查询镜像详细信息

在registry节点通过docker api相关命令查询rancher/server镜像的具体信息，将以上操作命令及检查结果填入命令行界面。

# curl -X GET http://localhost:2375/images/271f7878a277/json

{"Id":"sha256:271f7878a277b2270d23c399d3890c2aa22b19392a9fcdaadf1a6376bade5633","RepoTags":["192.168.200.12:5000/rancher/server:v1.1.4-xd"],"RepoDigests":[],"Parent":"","Comment":"","Created":"2017-01-06T08:08:24.763808016Z","Container":"0de0eec98d56b02ef71f720d9d2da1dc34e29fc1c9a437f1cbd10f1da0f17fce","ContainerConfig":{"Hostname":"0de0eec98d56","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"3306/tcp":{},"8080/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","DEBIAN_FRONTEND=noninteractive","CATTLE_HOME=/var/lib/cattle","DEFAULT_CATTLE_API_UI_INDEX=//releases.rancher.com/ui/1.1.14","CATTLE_DB_CATTLE_DATABASE=mysql","CATTLE_USE_LOCAL_ARTIFACTS=true","no_proxy=localhost,127.0.0.1,localaddress,.localdomain.com","S6_SERVICE_DIR=/service","CATTLE_HOST_API_PROXY_MODE=embedded","CATTLE_RANCHER_SERVER_VERSION=v1.1.4","CATTLE_RANCHER_COMPOSE_VERSION=v0.8.6","DEFAULT_CATTLE_RANCHER_COMPOSE_LINUX_URL=http://10.0.0.254/openstack/rancher-compose-linux-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_DARWIN_URL=http://10.0.0.254/openstack/rancher-compose-darwin-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_WINDOWS_URL=http://10.0.0.254/openstack/rancher-compose-windows-386-v0.8.6.zip","DEFAULT_CATTLE_CATALOG_URL=library=https://git.oschina.net/onlytaicai/rancher-catalog.git,community=https://git.oschina.net/onlytaicai/community-catalog.git","CATTLE_CATTLE_VERSION=v0.165.8.4","DEFAULT_CATTLE_MACHINE_EXECUTE=true","DEFAULT_CATTLE_COMPOSE_EXECUTOR_EXECUTE=true","DEFAULT_CATTLE_CATALOG_EXECUTE=true","CATTLE_RANCHER_SERVER_IMAGE=rancher/server"],"Cmd":["/usr/bin/s6-svscan","/service"],"Image":"rancher/server:v1.1.4-xd","Volumes":{"/var/lib/cattle":{},"/var/lib/mysql":{},"/var/log/mysql":{}},"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"DockerVersion":"1.10.3","Author":"","Config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"3306/tcp":{},"8080/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","DEBIAN_FRONTEND=noninteractive","CATTLE_HOME=/var/lib/cattle","DEFAULT_CATTLE_API_UI_INDEX=//releases.rancher.com/ui/1.1.14","CATTLE_DB_CATTLE_DATABASE=mysql","CATTLE_USE_LOCAL_ARTIFACTS=true","no_proxy=localhost,127.0.0.1,localaddress,.localdomain.com","S6_SERVICE_DIR=/service","CATTLE_HOST_API_PROXY_MODE=embedded","CATTLE_RANCHER_SERVER_VERSION=v1.1.4","CATTLE_RANCHER_COMPOSE_VERSION=v0.8.6","DEFAULT_CATTLE_RANCHER_COMPOSE_LINUX_URL=http://10.0.0.254/openstack/rancher-compose-linux-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_DARWIN_URL=http://10.0.0.254/openstack/rancher-compose-darwin-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_WINDOWS_URL=http://10.0.0.254/openstack/rancher-compose-windows-386-v0.8.6.zip","DEFAULT_CATTLE_CATALOG_URL=library=https://git.oschina.net/onlytaicai/rancher-catalog.git,community=https://git.oschina.net/onlytaicai/community-catalog.git","CATTLE_CATTLE_VERSION=v0.165.8.4","DEFAULT_CATTLE_MACHINE_EXECUTE=true","DEFAULT_CATTLE_COMPOSE_EXECUTOR_EXECUTE=true","DEFAULT_CATTLE_CATALOG_EXECUTE=true","CATTLE_RANCHER_SERVER_IMAGE=rancher/server"],"Cmd":["/usr/bin/s6-svscan","/service"],"Image":"","Volumes":{"/var/lib/cattle":{},"/var/lib/mysql":{},"/var/log/mysql":{}},"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"Architecture":"amd64","Os":"linux","Size":877175326,"VirtualSize":877175326,"GraphDriver":{"Name":"devicemapper","Data":{"DeviceId":"166","DeviceName":"docker-253:1-771752128-1348916a13f1dc44fb619cecde1f1691b1926bda5a08a8ed6b80578b45895aca","DeviceSize":"10737418240"}}}

（3）容器提交镜像

在registry节点利用docker api查询运行的docker仓库的容器系统文件的变更,将以上操作命令及检查结果填入命令行界面。

# curl  -X GET http://localhost:2375/containers/940568599bb2/changes

[{"Path":"/run","Kind":0},{"Path":"/run/secrets","Kind":1},{"Path":"/var","Kind":0},{"Path":"/var/lib","Kind":0},{"Path":"/var/lib/registry","Kind":1},{"Path":"/root","Kind":0},{"Path":"/root/.ash_history","Kind":1}]

Docker底层服务之NameSpace、Cgroup、存储、网络

1.NameSpace

在server节点，查询rancher/server容器的进程号，建立命名空间/var/run/netns并与rancher/server容器进行连接，通过ip netns相关命令查询该容器的ip，将以上操作命令及检查结果填入命令行界面。

# docker inspect -f '{{.State.Pid}}' 5feca07aad20

# mkdir /var/lib/netns

# ln -s /proc/3473/ns/net /var/lib/netns/rancher-server (ln -s /proc/11649/ns/net /var/run/netns/11649)

# ip netns list

rancher-server

# ip netns exec rancher-server ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.2/16 scope global eth0

       valid_lft forever preferred_lft forever

    inet6 fe80::42:acff:fe11:2/64 scope link

       valid_lft forever preferred_lft forever

2.Cgroup

（1）cgroup操作

在registry节点查询当前cgroup的挂载情况，将以上操作命令及检查结果填入命令行界面。

[root@registry ~]# mount -t cgroup

cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)

cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)

cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)

cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)

cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)

cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)

cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)

cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)

cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)

cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)

（2）添加移动进程

在registry节点创建memory控制的cgroup，名称为：xiandian，创建完成后将当前进程移动到这个cgroup中，通过cat相关命令查询cgroup中的进程ID,将以上操作命令及检查结果填入命令行界面。

# mkdir /sys/fs/cgroup/memory/xiandian

# echo $$

5759

# sudo sh -c "echo $$ >> /sys/fs/cgroup/memory/xiandian/tasks"

# cat /proc/5759/cgroup

10:hugetlb:/

9:perf_event:/

8:blkio:/system.slice/sshd.service

7:net_cls:/

6:freezer:/

5:devices:/system.slice/sshd.service

4:memory:/xiandian

3:cpuacct,cpu:/system.slice/sshd.service

2:cpuset:/

1:name=systemd:/system.slice/sshd.service

（3）限制进程配额

在registry节点创建cpu控制的cgroup，名称为：xiandian。假设存在进程号为8888一直占用CPU使用率，并且达到100%，严重影响系统的正常运行。使用cgroup相关知识在创建的cgroup中将此进程操作CPU配额调整为30%。将以上操作命令及检查结果填入命令行界面。

# mkdir /sys/fs/cgroup/cpu/xiandian

# echo 30000 > /sys/fs/cgroup/cpu/xiandian/cpu.cfs_quota_us

# echo 8888 > /sys/fs/cgroup/cpu/xiandian/tasks

（4）cgroup查询

在仓库节点创建一个cgroup，名称为：xiandian，位置在cgroup目录下的子系统cpuset中，并向cpuset.cpus，cpuset.mems两个文件中分别写入数字123, 通过cat相关命令查询写入文件的内容, 将以上操作命令及检查结果填入命令行界面

# mkdir /sys/fs/cgroup/cpuset/xiandian

# cd /sys/fs/cgroup/cpuset/xiandian/

# echo 1-3 > cpuset.cpus

# cat cpuset.cpus

1-3

# echo 1-3 > cpuset.mems

# cat cpuset.mems

1-3

（5）cgroup指定创建

在registry节点使用ubuntu镜像创建一个名为1daoyun的容器，只能使用0,1这两个内核，镜像使用ubuntu/14.04.3，并通过查看Cgroup相关文件查看内核使用情况，将以上操作命令及检查结果填入命令行界面

# docker run -dit --name 1daoyun --cpuset-cpus="0,1" ubuntu:14.04.3 /bin/bash

Unable to find image 'ubuntu:14.04.3' locally

Trying to pull repository 192.168.200.106:5000/ubuntu ...

14.04.3: Pulling from 192.168.200.106:5000/ubuntu

8387d9ff0016: Pull complete

3b52deaaf0ed: Pull complete

4bd501fad6de: Pull complete

a3ed95caeb02: Pull complete

Digest: sha256:e69833eaf929c10b20fd413daed3c93188fe6ed4b617bce20799cf516270d217

Status: Downloaded newer image for 192.168.200.106:5000/ubuntu:14.04.3

41a71f67d8d01a6a64a65d1109770e772738e948d4afb278418b1198fd21da47

# cat /sys/fs/cgroup/cpuset/system.slice/docker-41a71f67d8d01a6a64a65d1109770e772738e948d4afb278418b1198fd21da47.scope/cpuset.cpus

0-1

3.存储

（1）挂载主机目录

在registry节点创建/opt/xiandian目录，创建完成后启动名为xiandian-dir，镜像为ubuntu：14.04.3的容器，并指定此目录为容器启动的数据卷，创建完成后通过inspect命令指定查看数据卷和查看容器挂载的情况。将以上操作命令及检查结果填入命令行界面。

# mkdir /opt/xiandian

# docker run -d -it  -P --name xiandian-dir -v /opt/xiandian 192.168.200.12:5000/ubuntu:14.04.3  /bin/bash

# docker inspect -f {{.Config.Volumes}}   xiandian-dir  

map[/opt/xiandian:{}]

# docker inspect -f {{.Mounts}}   xiandian-dir             

[{eaa3ec0d276dbf01b29ae98138fc6440853b991e5dd0107599eecb473ecf6729 /var/lib/docker/volumes/eaa3ec0d276dbf01b29ae98138fc6440853b991e5dd0107599eecb473ecf6729/_data /opt/xiandian local  true }]

（2）挂载主机只读目录

在registry节点创建/opt/xiandian目录，创建完成后启动名为xiandian-dir，镜像为ubuntu：14.04.3的容器，并指定此目录为容器启动的数据卷挂载目录为/opt，设置该数据卷为只读模式，创建完成后通过inspect命令指定查看HostConfig内的Binds情况。将以上操作命令及检查结果填入命令行界面。

#  docker run -d -it  -P --name xiandian-dir -v /opt/xiandian:/opt:ro 192.168.200.12:5000/ubuntu:14.04.3  /bin/bash

# docker inspect -f '{{.HostConfig.Binds}}' 6e4a623cc618

[/opt/xiandian:/opt:ro]

（3）挂载主机文件

在registry节点启动名为xiandian-file，镜像为ubuntu：14.04.3的容器，并指定rancher平台安装脚本“install.sh”为容器启动的数据卷，挂载到容器的/opt目录下，创建完成后通过inspect命令指定查看容器挂载的情况。将以上操作命令及检查结果填入命令行界面。

# mkdir /opt/xiandian

# docker run -d -it  -P --name xiandian-file -v  /opt/install.sh:/opt/install.sh 192.168.200.12:5000/ubuntu:14.04.3  /bin/bash

#  docker inspect -f {{.Mounts}}   xiandian-file

[{ /opt/install.sh /opt/install.sh   true rslave}]

（4）数据备份和恢复

使用一条命令将上题创建的数据卷容器进行数据备份，要求创建一个新的ubuntu:14.04.3容器并引用上题的数据卷，同时创建一个数据卷映射，将本地文件系统的当前工作目录映射到容器的/backup的目录，最后通过tar命令将容器的数据卷打包到/backup数据卷中，将备份的数据卷保存到本地，名称为backup.tar, 将以上操作命令及检查结果填入命令行界面。

# docker run --volumes-from 69bdcf9f3627   -v $(pwd):/backup ubuntu:14.04.3 tar cvf /backup/backup.tar /opt/xiandian

（5）容器连接

在registry节点使用docker相关命令使用mysql:latest镜像创建名为mysqldb的容器，使用镜像nginx:latest创建名为nginxweb容器，容器连接mysqldb容器内数据库，操作完成后使用inspect查看有关链接内容的字段，将以上操作命令及检查结果填入命令行界面。

# docker run -d -it  --name mysqldb  -P  mysql:latest  /bin/bash

# docker run -d -it  --name nginxweb  -P --link mysqldb:db  nginx:latest  /bin/bash

# docker inspect --format {{.HostConfig.Links}} 49cb289d6e73

[/mysqldb:/nginxweb/db]

4.网络

（1）查询网桥

在registry节点通过bridge命令（如果不存在则安装该命令）查看网桥列表，将以上操作命令及检查结果填入命令行界面。

# brctl  show

bridge name     bridge id               STP enabled     interfaces

docker0      8000.02421af76ad0       no               veth35b7a00

                                                            veth643076f

                                                            vethde11f52

（2）定制网桥

在registry节点创建xd_br网桥，设立网络的网络地址和掩码为192.168.2.1/24，创建完成后启动该网桥，完成后查看xd_br网卡和网桥详细信息，将以上操作命令及检查结果填入命令行界面。

# brctl  addbr xd_br

# ip addr add  192.168.2.1/24 dev xd_b

Ip link set xd_b up

# brctl  show

bridge name     bridge id               STP enabled     interfaces

docker0         8000.02421af76ad0       no               veth35b7a00

                                                            veth643076f

                                                            vethde11f52

xd_br           8000.000000000000        no

# ifconfig xd_br

xd_br: flags=4098<BROADCAST,MULTICAST>  mtu 1500

        inet 192.168.2.1  netmask 255.255.255.0  broadcast 0.0.0.0

        ether 7e:cb:e4:ca:78:54  txqueuelen 0  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

（3）docker网络

在registry节点利用ubuntu:14.04.3镜像运行一个无网络环境的容器，进入容器后使用ifconfig查看网络信息，将以上操作命令及检查结果填入命令行界面。

# docker run -it -d  --net=none ubuntu:14.04.3 /bin/bash

# docker exec -it 83f831907439 /bin/bash

root@83f831907439:/# ifconfig

lo        Link encap:Local Loopback 

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:65536  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

在registry节点利用ubuntu:14.04.3镜像启动ubuntu容器，创建完成后为该容器创建独立的网络命名空间并创建虚拟网络接口设备A，为A创建一个映射端设备B；将设备A接入到创建的网桥xd_br中，完成后启动设备A，将B设备放入刚刚创建好的网络空间中；完成后查询宿主机的网桥信息和该容器的网络信息，将以上操作命令及检查结果填入命令行界面。

# docker inspect --format '{{.State.Pid}}' 1319914566c4

4730

# mkdir -p /var/run/netns

# ln -s /proc/4730/ns/net /var/run/netns/4730

# ip link add A type veth peer name B

# brctl  addif xd_br A

# ip link set A up

# ip link set B netns 4730

# ip netns exec 7841 ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

316: B: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

    link/ether 66:02:89:6d:42:5e brd ff:ff:ff:ff:ff:ff

# brctl  show

bridge name     bridge id               STP enabled     interfaces

br-830cec4ae8fc         8000.0242f1e942e2       no

docker0         8000.02421af76ad0       no              veth6e9372e

                                                        veth7a36e10

                                                        veth9ab1aae

                                                        vetha1913ed

                                                        vethce676b5

                                                        vethd659bfa

xd_br           8000.ee4e4274f4a3       no              A

在ubuntu容器中将将设备B重命名为通用的网络设备名eth0,并分配MAC地址为1A:2B:3C:4D:5E:6F；根据xd_br网桥的地址将该网段的最后一位分配给该网络设备，设置路由地址到xd_br；完成后查询该容器的eth0网卡和路由信息，将以上操作命令及检查结果填入命令行界面。

# ip netns exec 4730 ip link set dev B name eth0

# ip netns exec 4730 ip link set eth0 address 1A:2B:3C:4D:5E:6F

# ip netns exec 4730 ip link set eth0 up

# ip netns exec 4730 ip addr add 192.168.2.254/24 dev eth0

# ip netns exec 4730 ip route add default via 192.168.2.1

# docker exec 1319914566c4 ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 1a:2b:3c:4d:5e:6f 

          inet addr:192.168.2.254  Bcast:0.0.0.0  Mask:255.255.255.0

          inet6 addr: fe80::182b:3cff:fe4d:5e6f/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:8 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:648 (648.0 B)  TX bytes:648 (648.0 B)

# docker exec 1319914566c4 ip route

default via 192.168.2.1 dev eth0

192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.254

Docker之集群服务

1.Compose

在registry节点利用compose相关知识编写WordPress的创建文件，使用compose版本为2，创建名为xd_db的服务，引用镜像为mysql:latest,设置容器自动启动运行，设置数据卷db_data与数据库存储路径实现映射，设置数据库密码为wp_xiandian；创建服务为xd_wp，引用镜像为wordpress:latest，此服务依赖xd_db服务，开放端口8888为wrodpress的80映射端口，最后设置wordpress的数据库连接地址和密码。完成后运行并查看docker-compose.yml文件，待容器运行完成后查询docker的容器运行状态，将以上操作命令及执行结果填入命令行界面。

# docker-compose up -d

Creating opt_xd_db_1

Creating opt_xd_wp_1

# cat docker-compose.yml

version: '2'

services:

   xd_db:

     image: mysql:latest

     volumes:

       - db_data:/var/lib/mysql

     restart: always

     environment:

       MYSQL_ROOT_PASSWORD: wp_xiandian

   xd_wp:

     depends_on:

       - xd_db

     image: wordpress:latest

     ports:

       - "8888:80"

     restart: always

     environment:

       WORDPRESS_DB_HOST: xd_db:3306

       WORDPRESS_DB_PASSWORD: wp_xiandian

volumes:

    db_data:

# docker ps -a

CONTAINER ID        IMAGE                            COMMAND                  CREATED             STATUS              PORTS                                           NAMES

e955e781ac41        wordpress:latest                 "docker-entrypoint.sh"   5 minutes ago       Up 5 minutes        0.0.0.0:8888->80/tcp                            opt_xd_wp_1

12a3d98cbd9d        mysql:latest                     "docker-entrypoint.sh"   5 minutes ago       Up 5 minutes        3306/tcp                                        opt_xd_db_1

52745024501e        ubuntu:14.04.3                   "/bin/bash"              3 hours ago         Up 3 hours                                                          reverent_bassi

49cb289d6e73        nginx:latest                     "/bin/bash"              23 hours ago        Up 23 hours         0.0.0.0:32772->80/tcp, 0.0.0.0:32771->443/tcp   nginxweb

0fa6b8c9ff49        mysql:latest                     "docker-entrypoint.sh"   24 hours ago        Up 23 hours         0.0.0.0:32770->3306/tcp                         mysqldb

940568599bb2        192.168.200.12:5000/registry:latest   "/entrypoint.sh /etc/"   5 weeks ago         Up 23 hours         0.0.0.0:5000->5000/tcp                          registry

2.Consult发现

（1）创建

在registry节点利用consul相关知识创建配置 consul 集群，设置registry节点为cluster leader，将server和client节点加入该集群身份为server，集群名称为xd_center，registry节点名称为cluster_server,server节点名称为cluster_client1，client节点为cluster_client2,完成后查询该集群列表，将以上操作命令及执行结果填入命令行界面。

# consul agent -server -bootstrap -data-dir /home/data_consul -client 0.0.0.0 -bind=192.168.200.12 -node=cluster_server  -dc=xd_center &

# consul agent -server -data-dir /home/data_consul -client 0.0.0.0 -bind=192.168.200.10 -node=cluster_client1 -dc=xd_center &

# consul agent -server -data-dir /home/data_consul -client 0.0.0.0 -bind=192.168.200.11 -node=cluster_client2 -dc=xd_center &

# consul join 192.168.200.10

# consul join 192.168.200.11

# consul  members

2017/03/29 11:24:33 [INFO] agent.rpc: Accepted client: 127.0.0.1:48197

Node             Address         Status  Type    Build  Protocol  DC

cluster_client1  192.168.200.10:8301  alive   server  0.6.3  2         xd_center

cluster_client2  192.168.200.11:8301  alive   server  0.6.3  2         xd_center

cluster_server   192.168.200.12:8301  alive   server  0.6.3  2         xd_center

（2）查询

在registry完成后查询consul集群列表，将以上操作命令及执行结果填入命令行界面。

# consul  members

2017/03/29 11:24:33 [INFO] agent.rpc: Accepted client: 127.0.0.1:48197

Node             Address         Status  Type    Build  Protocol  DC

cluster_client1  192.168.200.10:8301  alive   server  0.6.3  2         xd_center

cluster_client2  192.168.200.11:8301  alive   server  0.6.3  2         xd_center

cluster_server   192.168.200.12:8301  alive   server  0.6.3  2         xd_center

posted @ 2020-08-18 22:05 接近风的地方coc 阅读(585) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

接近风的地方coc

赛题答案

公告