赛题答案
Docker运维之端口、进程、资源使用、日志管理
1.端口
在registry节点使用netstat命令查询仓库监听端口号,查询完毕后通过lsof命令(如命令不存在则手工安装)查询使用此端口号的进程。将以上所有操作命令和输出结果以文本形式提交到命令行界面。
[root@registry ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 724/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 802/master
tcp6 0 0 :::5000 :::* LISTEN 21423/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 724/sshd
tcp6 0 0 ::1:25 :::* LISTEN 802/master
[root@registry ~]# lsof -i:5000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
exe 21423 root 7u IPv6 267372 0t0 TCP *:commplex-main (LISTEN)
2.进程
在Registry节点通过lsof命令(如命令不存在则手工安装)查询/usr/bin/docker-current相关进程,并根据查询出来的进程号查询该进程所执行程序。将以上所有操作命令和输出结果以文本形式提交到命令行界面。
[root@registry ~]# lsof /usr/bin/docker-current
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-cu 1492 root txt REG 253,1 45797613 16903916 /usr/bin/docker-current
exe 21423 root txt REG 253,1 45797613 16903916 /usr/bin/docker-current
[root@registry ~]# ps aux |grep 1492
root 1492 0.0 1.9 790336 40752 ? Ssl Feb13 31:08 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --add-registry 192.168.200.12:5000 --insecure-registry 192.168.200.12:5000
root 32269 0.0 0.0 112640 956 pts/0 S+ 02:34 0:00 grep --color=auto 1492
[root@registry ~]# ps aux |grep 21423
root 21423 0.0 0.8 253880 16520 ? Sl Mar03 2:55 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5000 -container-ip 172.17.0.2 -container-port 5000
root 32271 0.0 0.0 112640 960 pts/0 S+ 02:34 0:00 grep --color=auto 21423
3.资源使用
在registry节点通过netstat命令(如命令不存在则手工安装)查询docker镜像仓库PID,使用top命令查询上一步查询的的PID的资源使用情况。将以上所有操作命令和输出结果以文本形式提交到命令行界面。
[root@registry ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 724/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 802/master
tcp6 0 0 :::5000 :::* LISTEN 21423/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 724/sshd
tcp6 0 0 ::1:25 :::* LISTEN 802/master
[root@registry ~]# top -p 21423
top - 07:26:24 up 35 days, 3:06, 1 user, load average: 0.00, 0.01, 0.05
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 2049396 total, 118648 free, 127892 used, 1802856 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 1721968 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
21423 root 20 0 253880 16520 7592 S 0.0 0.8 2:57.51 exe
4.日志
在registry节点通过docker命令查询dockerregistry容器最后20条日志,将以上所有操作命令和输出结果以文本形式提交到命令行界面。
# docker logs --tail=20 940568599bb2
192.168.200.12 - - [29/Mar/2017:05:35:37 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"
192.168.200.12 - - [29/Mar/2017:05:35:37 +0000] "GET /v1/search?q=swarm HTTP/1.1" 404 19 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"
time="2017-03-29T05:35:49Z" level=info msg="response completed" go.version=go1.6.3 http.request.host="192.168.200.12:5000" http.request.id=7bc96c9d-e3a4-43fe-9f6f-1be0ad4e8fe3 http.request.method=GET http.request.remoteaddr="192.168.200.12:50872" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.946567ms http.response.status=200 http.response.written=2 instance.id=a5140eb2-63c4-40b1-8c88-24aff334bb6a version=v2.5.1
192.168.200.12 - - [29/Mar/2017:05:35:49 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"
time="2017-03-29T05:35:49Z" level=error msg="response completed with error" err.code="manifest unknown" err.detail="unknown tag=latest" err.message="manifest unknown" go.version=go1.6.3 http.request.host="192.168.200.12:5000" http.request.id=466b5691-ea02-4b27-af3b-340fc69767a4 http.request.method=GET http.request.remoteaddr="192.168.200.12:50873" http.request.uri="/v2/swarm/manifests/latest" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64" http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.057137ms http.response.status=404 http.response.written=96 instance.id=a5140eb2-63c4-40b1-8c88-24aff334bb6a vars.name=swarm vars.reference=latest version=v2.5.1
192.168.200.12 - - [29/Mar/2017:05:35:49 +0000] "GET /v2/swarm/manifests/latest HTTP/1.1" 404 96 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"
192.168.200.12 - - [29/Mar/2017:05:35:49 +0000] "GET /v1/repositories/swarm/images HTTP/1.1" 404 19 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64"
time="2017-03-29T06:10:09Z" level=info msg="PurgeUploads starting: olderThan=2017-03-22 06:10:09.06177115 +0000 UTC, actuallyDelete=true"
time="2017-03-29T06:10:09Z" level=info msg="Purge uploads finished. Num deleted=0, num errors=0"
time="2017-03-29T06:10:09Z" level=info msg="Starting upload purge in 24h0m0s" go.version=go1.6.3 instance.id=a5140eb2-63c4-40b1-8c88-24aff334bb6a version=v2.5.1
Docker之API操作
1、容器-6
(1)查询docker系统信息
在registry节点通过docker api 查询docker的系统信息,将以上操作命令及检查结果填入命令行界面。
# curl -X GET http://localhost:2375/info
{"ID":"NLPH:KG5J:I3GD:RXLO:MPXS:CP3J:PXBP:MFQY:AUBM:YN3V:3EL6:HXEA","Containers":4,"ContainersRunning":3,"ContainersPaused":0,"ContainersStopped":1,"Images":38,"Driver":"devicemapper","DriverStatus":[["Pool Name","docker-253:1-771752128-pool"],["Pool Blocksize","65.54 kB"],["Base Device Size","10.74 GB"],["Backing Filesystem","xfs"],["Data file","/dev/loop1"],["Metadata file","/dev/loop2"],["Data Space Used","8.406 GB"],["Data Space Total","107.4 GB"],["Data Space Available","98.97 GB"],["Metadata Space Used","14.93 MB"],["Metadata Space Total","2.147 GB"],["Metadata Space Available","2.133 GB"],["Udev Sync Supported","true"],["Deferred Removal Enabled","false"],["Deferred Deletion Enabled","false"],["Deferred Deleted Device Count","0"],["Data loop file","/var/lib/docker/devicemapper/devicemapper/data"],["Metadata loop file","/var/lib/docker/devicemapper/devicemapper/metadata"],["Library Version","1.02.107-RHEL7 (2016-06-09)"]],"SystemStatus":null,"Plugins":{"Volume":["local"],"Network":["bridge","null","host"],"Authorization":null},"MemoryLimit":true,"SwapLimit":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"IPv4Forwarding":true,"BridgeNfIptables":false,"BridgeNfIp6tables":false,"Debug":false,"NFd":32,"OomKillDisable":true,"NGoroutines":49,"SystemTime":"2017-03-21T08:53:54.577574371Z","ExecutionDriver":"native-0.2","LoggingDriver":"journald","NEventsListener":0,"KernelVersion":"3.10.0-229.el7.x86_64","PkgVersion":"docker-common-1.10.3-46.el7.centos.14.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://192.168.200.12:5000/v1/","IndexServerName":"192.168.200.12:5000","RegistryConfig":{"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"192.168.200.12:5000":{"Name":"192.168.200.12:5000","Mirrors":[],"Secure":false,"Official":false},"docker.io":{"Name":"docker.io","Mirrors":null,"Secure":true,"Official":true}},"Mirrors":null},"InitSha1":"171e8156748ca6b9e07d03098803bd7cee05e945","InitPath":"","NCPU":1,"MemTotal":2098581504,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"registry","Labels":null,"ExperimentalBuild":false,"ServerVersion":"1.10.3","ClusterStore":"","ClusterAdvertise":"","Registries":[{"Name":"192.168.200.12:5000","Secure":false},{"Name":"docker.io","Secure":true}]}
(2)查询docker版本信息
在registry节点通过docker api 查询docker的版本,将以上操作命令及检查结果填入命令行界面。
# curl -X GET http://localhost:2375/version
{"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"cb079f6-unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd64","KernelVersion":"3.10.0-229.el7.x86_64","BuildTime":"2016-09-16T13:24:25.999281648+00:00","PkgVersion":"docker-common-1.10.3-46.el7.centos.14.x86_64"}
(3)列举docker容器
在registry节点通过docker api 查询docker内所有容器,将以上操作命令及检查结果填入命令行界面。
# curl -X GET http://localhost:2375/containers/json
[{"Id":"49cb289d6e7331650e75a253383bae15cfb88747b583230e8b618937cc08af45","Names":["/nginxweb"],"Image":"nginx:latest","ImageID":"sha256:01f818af747d88b4ebca7cdabd0c581e406e0e790be72678d257735fad84a15f","Command":"/bin/bash","Created":1490085333,"Ports":[{"IP":"0.0.0.0","PrivatePort":443,"PublicPort":32771,"Type":"tcp"},{"IP":"0.0.0.0","PrivatePort":80,"PublicPort":32772,"Type":"tcp"}],"Labels":{},"Status":"Up 8 minutes","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"9c9c6a870d284715eeab46ceb2b7d2dc368ad08fc5b50507a5ac4724d352dbdd","Gateway":"172.17.0.1","IPAddress":"172.17.0.4","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:04"}}}},{"Id":"0fa6b8c9ff49157f6c203dd918d7c27396e598022bc51f31be96b9a553579d44","Names":["/mysqldb","/nginxweb/db"],"Image":"mysql:latest","ImageID":"sha256:d9124e6c552f0e739ef130add0e215af6abfc6efc0b43cc26e5a16b15df6c1ff","Command":"docker-entrypoint.sh /bin/bash","Created":1490084698,"Ports":[{"IP":"0.0.0.0","PrivatePort":3306,"PublicPort":32770,"Type":"tcp"}],"Labels":{},"Status":"Up 8 minutes","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"b7aa4ac3e259272b5405dfd9cc3443b394d155c409f2a06d5a33953b6fd6cfa1","Gateway":"172.17.0.1","IPAddress":"172.17.0.3","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:03"}}}},{"Id":"940568599bb2864b5b88768a5a87202b4786ba123ba2647a97106d43aeebcd6b","Names":["/registry"],"Image":"192.168.200.12:5000/registry:latest","ImageID":"sha256:c9bd19d022f6613fa0e3d73b2fe2b2cffe19ed629a426db9a652b597fccf07d4","Command":"/entrypoint.sh /etc/docker/registry/config.yml","Created":1486963059,"Ports":[{"IP":"0.0.0.0","PrivatePort":5000,"PublicPort":5000,"Type":"tcp"}],"Labels":{},"Status":"Up 9 minutes","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"","EndpointID":"2a5ef2c24eac60ae86f90faa50c271a6a6bc375a501127c6b0f8824cc77915c6","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}}}]
(4)创建容器
在registry节点使用docker api 通过mariadb镜像创建docker容器,设置数据库密码为0000000,暴露3306端口,监听的地址为0.0.0.0,将以上操作命令及检查结果填入命令行界面。
# curl -X POST -H "Content-Type: application/json" -d '{
"Image": "mariadb",
"Env": ["MYSQL_ROOT_PASSWORD=000000"],
"ExposedPorts": {
"3306/tcp": {}
},
"HostConfig": {
"PortBindings": {
"3306/tcp": [{"HostIp": "","HostPort": "3306"}]
}
},
"NetworkSettings": {
"Ports": {
"5000/tcp": [{"HostIp": "0.0.0.0","HostPort": "3306"}]
}
}
{"Id":"b20699b782bbb87702e72d046820b6c3558da86b50ff4b60714f8af33ed860db","Warnings":null}
(5)启动
在registry节点利用docker api将上题创建的容器启动,将以上操作命令及检查结果填入命令行界面。
# curl -X POST -H "Content-Type: application/json" http://localhost:2375/containers/b20699b782bb/start
(6)删除
在registry节点利用docker api将上题创建的容器停止,待容器停止运行后删除该容器,将以上操作命令及检查结果填入命令行界面。
# curl -X POST -H "Content-Type: application/json" http://localhost:2375/containers/b20699b782bb/stop
# curl -X DELETE http://localhost:2375/containers/b20699b782bb
2、镜像
(1)列举docker镜像
在registry节点通过docker api 查询docker内所有镜像,将以上操作命令及检查结果填入命令行界面。
# curl -X GET http://localhost:2375/images/json
[{"Id":"sha256:271f7878a277b2270d23c399d3890c2aa22b19392a9fcdaadf1a6376bade5633","ParentId":"","RepoTags":["192.168.200.12:5000/rancher/server:v1.1.4-xd"],"RepoDigests":null,"Created":1483690104,"Size":877175326,"VirtualSize":877175326,"Labels":{}},{"Id":"sha256:01f818af747d88b4ebca7cdabd0c581e406e0e790be72678d257735fad84a15f","ParentId":"","RepoTags":["192.168.200.12:5000/nginx:latest"],"RepoDigests":null,"Created":1482861378,"Size":181586402,"VirtualSize":181586402,"Labels":{}},{"Id":"sha256:86e302671af465e21742fb4932322012da8abaff5134a7dd194dc47944461549","ParentId":"","RepoTags":["192.168.200.12:5000/mongo:latest"],"RepoDigests":null,"Created":1480543691,"Size":401895934,"VirtualSize":401895934,"Labels":{}},{"Id":"sha256:01aa08d0dd3ea71795db51148d3f36ff2cbab4f762bae9b88eb571ef2c305e31","ParentId":"","RepoTags":["192.168.200.12:5000/grafana/grafana:latest"],"RepoDigests":null,"Created":1480443048,"Size":266088718,"VirtualSize":266088718,"Labels":{}},{"Id":"sha256:4deeb1bb77d334bbacfb265d991b8b25db97807ee655482825203cb2dff85bf0","ParentId":"","RepoTags":["192.168.200.12:5000/gogs/gogs:latest"],"RepoDigests":null,"Created":1479953640,"Size":90230824,"VirtualSize":90230824,"Labels":{}},{"Id":"sha256:d9124e6c552f0e739ef130add0e215af6abfc6efc0b43cc26e5a16b15df6c1ff","ParentId":"","RepoTags":["192.168.200.12:5000/mysql:latest"],"RepoDigests":null,"Created":1479935271,"Size":383407086,"VirtualSize":383407086,"Labels":{}},{"Id":"sha256:709795b4afb7ae6a6d779d8ec4fd3ebcbd24f19b59013c24c1530ffc97857e85","ParentId":"","RepoTags":["192.168.200.12:5000/ghost:latest"],"RepoDigests":null,"Created":1479931856,"Size":333711465,"VirtualSize":333711465,"Labels":{}},{"Id":"sha256:786192493b9636f621b8b833cbdacbd0926a70a8ebf8fdebc593a772dd1d0015","ParentId":"","RepoTags":["192.168.200.12:5000/rocketchat/rocket.chat:latest"],"RepoDigests":null,"Created":1479757218,"Size":438959709,"VirtualSize":438959709,"Labels":{}},{"Id":"sha256:ee2b371c11fece9c6878ad6fd449b489f5ffd1cadb72f471a8a41159bd5d2a3a","ParentId":"","RepoTags":["192.168.200.12:5000/wordpress:latest"],"RepoDigests":null,"Created":1479236116,"Size":420022954,"VirtualSize":420022954,"Labels":{}},{"Id":"sha256:e6426963df2bd4f815c52c9c3f0e78e32e938ba175eaf1b0057de57d873cc9dd","ParentId":"","RepoTags":["192.168.200.12:5000/owncloud:latest"],"RepoDigests":null,"Created":1479175281,"Size":591198667,"VirtualSize":591198667,"Labels":{}},{"Id":"sha256:66498efd6bd883981c923ebf14bb7ea334862b5154c47dd295eefd3c4ad9e105","ParentId":"","RepoTags":["192.168.200.12:5000/mariadb:latest"],"RepoDigests":null,"Created":1478632829,"Size":389852025,"VirtualSize":389852025,"Labels":{}},{"Id":"sha256:5b9483827da584b75889cfb8e0e70f2d18e0df7fc85c17a46781e781c17ee8c0","ParentId":"","RepoTags":["192.168.200.12:5000/rocketchat/hubot-rocketchat:latest"],"RepoDigests":null,"Created":1477082062,"Size":800347427,"VirtualSize":800347427,"Labels":{}},{"Id":"sha256:c9bd19d022f6613fa0e3d73b2fe2b2cffe19ed629a426db9a652b597fccf07d4","ParentId":"","RepoTags":["192.168.200.12:5000/registry:latest"],"RepoDigests":null,"Created":1476835847,"Size":33274815,"VirtualSize":33274815,"Labels":{}},{"Id":"sha256:e02e811dd08fd49e7f6032625495118e63f597eb150403d02e3238af1df240ba","ParentId":"","RepoTags":["192.168.200.12:5000/busybox:latest"],"RepoDigests":null,"Created":1475874238,"Size":1093484,"VirtualSize":1093484,"Labels":{}},{"Id":"sha256:d5c0410b1b443d3ed805078d498526590ae76fc42a1369bc814eb197f5ee102b","ParentId":"","RepoTags":["192.168.200.12:5000/jenkins:1.651.3"],"RepoDigests":null,"Created":1465943211,"Size":736848020,"VirtualSize":736848020,"Labels":{}},{"Id":"sha256:6dccaa66a75df90dadeff351ad66d7599caa8043cd65417bd24e4a92be4e95d9","ParentId":"sha256:a51341bcd2319e5a8815ba01a3d4bdc25de0ab7f21b059f02e670839b7641a32","RepoTags":["192.168.200.12:5000/rancher/agent-instance:v0.8.3"],"RepoDigests":null,"Created":1465923024,"Size":330911216,"VirtualSize":330911216,"Labels":{}},{"Id":"sha256:deb5c6987c83abbd0f902fc29c0d73a16f1e4272d77bce3952e44961c29e9fdd","ParentId":"sha256:a248a1782a3a3129bb59d802dc73000c8bcf4b9af762769d5a35a1b69d02786f","RepoTags":["192.168.200.12:5000/rancher/agent:v1.0.2"],"RepoDigests":null,"Created":1465918352,"Size":454279633,"VirtualSize":454279633,"Labels":{"io.rancher.container.system":"rancher-agent"}},{"Id":"sha256:5ec859f0de3b8401754488b957856746e6487f2448a528ec482db8103d199104","ParentId":"","RepoTags":["192.168.200.12:5000/opensaas/concrete5:latest"],"RepoDigests":null,"Created":1462627686,"Size":607956816,"VirtualSize":607956816,"Labels":{}},{"Id":"sha256:ebdc8e295a2e1ab288c2a2e42d322c14903235674315ee651a07f080991c5da8","ParentId":"sha256:c63f0c2d4c9a678e08f225dd17e90941ec3fcf8b9923472f90086d48550608eb","RepoTags":["192.168.200.12:5000/ubuntu:14.04.3"],"RepoDigests":null,"Created":1453246284,"Size":187899635,"VirtualSize":187899635,"Labels":null},{"Id":"sha256:5084a1fd8838833143d20e195b3bfdf857f9e0926991fef25b5ab36ece34c789","ParentId":"","RepoTags":["192.168.200.12:5000/rancher/jenkins-plugins:v0.1.1"],"RepoDigests":null,"Created":1445879495,"Size":10524928,"VirtualSize":10524928,"Labels":null}]
(2)查询镜像详细信息
在registry节点通过docker api相关命令查询rancher/server镜像的具体信息,将以上操作命令及检查结果填入命令行界面。
# curl -X GET http://localhost:2375/images/271f7878a277/json
{"Id":"sha256:271f7878a277b2270d23c399d3890c2aa22b19392a9fcdaadf1a6376bade5633","RepoTags":["192.168.200.12:5000/rancher/server:v1.1.4-xd"],"RepoDigests":[],"Parent":"","Comment":"","Created":"2017-01-06T08:08:24.763808016Z","Container":"0de0eec98d56b02ef71f720d9d2da1dc34e29fc1c9a437f1cbd10f1da0f17fce","ContainerConfig":{"Hostname":"0de0eec98d56","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"3306/tcp":{},"8080/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","DEBIAN_FRONTEND=noninteractive","CATTLE_HOME=/var/lib/cattle","DEFAULT_CATTLE_API_UI_INDEX=//releases.rancher.com/ui/1.1.14","CATTLE_DB_CATTLE_DATABASE=mysql","CATTLE_USE_LOCAL_ARTIFACTS=true","no_proxy=localhost,127.0.0.1,localaddress,.localdomain.com","S6_SERVICE_DIR=/service","CATTLE_HOST_API_PROXY_MODE=embedded","CATTLE_RANCHER_SERVER_VERSION=v1.1.4","CATTLE_RANCHER_COMPOSE_VERSION=v0.8.6","DEFAULT_CATTLE_RANCHER_COMPOSE_LINUX_URL=http://10.0.0.254/openstack/rancher-compose-linux-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_DARWIN_URL=http://10.0.0.254/openstack/rancher-compose-darwin-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_WINDOWS_URL=http://10.0.0.254/openstack/rancher-compose-windows-386-v0.8.6.zip","DEFAULT_CATTLE_CATALOG_URL=library=https://git.oschina.net/onlytaicai/rancher-catalog.git,community=https://git.oschina.net/onlytaicai/community-catalog.git","CATTLE_CATTLE_VERSION=v0.165.8.4","DEFAULT_CATTLE_MACHINE_EXECUTE=true","DEFAULT_CATTLE_COMPOSE_EXECUTOR_EXECUTE=true","DEFAULT_CATTLE_CATALOG_EXECUTE=true","CATTLE_RANCHER_SERVER_IMAGE=rancher/server"],"Cmd":["/usr/bin/s6-svscan","/service"],"Image":"rancher/server:v1.1.4-xd","Volumes":{"/var/lib/cattle":{},"/var/lib/mysql":{},"/var/log/mysql":{}},"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"DockerVersion":"1.10.3","Author":"","Config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"3306/tcp":{},"8080/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","DEBIAN_FRONTEND=noninteractive","CATTLE_HOME=/var/lib/cattle","DEFAULT_CATTLE_API_UI_INDEX=//releases.rancher.com/ui/1.1.14","CATTLE_DB_CATTLE_DATABASE=mysql","CATTLE_USE_LOCAL_ARTIFACTS=true","no_proxy=localhost,127.0.0.1,localaddress,.localdomain.com","S6_SERVICE_DIR=/service","CATTLE_HOST_API_PROXY_MODE=embedded","CATTLE_RANCHER_SERVER_VERSION=v1.1.4","CATTLE_RANCHER_COMPOSE_VERSION=v0.8.6","DEFAULT_CATTLE_RANCHER_COMPOSE_LINUX_URL=http://10.0.0.254/openstack/rancher-compose-linux-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_DARWIN_URL=http://10.0.0.254/openstack/rancher-compose-darwin-amd64-v0.8.6.tar.gz","DEFAULT_CATTLE_RANCHER_COMPOSE_WINDOWS_URL=http://10.0.0.254/openstack/rancher-compose-windows-386-v0.8.6.zip","DEFAULT_CATTLE_CATALOG_URL=library=https://git.oschina.net/onlytaicai/rancher-catalog.git,community=https://git.oschina.net/onlytaicai/community-catalog.git","CATTLE_CATTLE_VERSION=v0.165.8.4","DEFAULT_CATTLE_MACHINE_EXECUTE=true","DEFAULT_CATTLE_COMPOSE_EXECUTOR_EXECUTE=true","DEFAULT_CATTLE_CATALOG_EXECUTE=true","CATTLE_RANCHER_SERVER_IMAGE=rancher/server"],"Cmd":["/usr/bin/s6-svscan","/service"],"Image":"","Volumes":{"/var/lib/cattle":{},"/var/lib/mysql":{},"/var/log/mysql":{}},"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"Architecture":"amd64","Os":"linux","Size":877175326,"VirtualSize":877175326,"GraphDriver":{"Name":"devicemapper","Data":{"DeviceId":"166","DeviceName":"docker-253:1-771752128-1348916a13f1dc44fb619cecde1f1691b1926bda5a08a8ed6b80578b45895aca","DeviceSize":"10737418240"}}}
(3)容器提交镜像
在registry节点利用docker api查询运行的docker仓库的容器系统文件的变更,将以上操作命令及检查结果填入命令行界面。
# curl -X GET http://localhost:2375/containers/940568599bb2/changes
[{"Path":"/run","Kind":0},{"Path":"/run/secrets","Kind":1},{"Path":"/var","Kind":0},{"Path":"/var/lib","Kind":0},{"Path":"/var/lib/registry","Kind":1},{"Path":"/root","Kind":0},{"Path":"/root/.ash_history","Kind":1}]
Docker底层服务之NameSpace、Cgroup、存储、网络
1.NameSpace
在server节点,查询rancher/server容器的进程号,建立命名空间/var/run/netns并与rancher/server容器进行连接,通过ip netns相关命令查询该容器的ip,将以上操作命令及检查结果填入命令行界面。
# docker inspect -f '{{.State.Pid}}' 5feca07aad20
# mkdir /var/lib/netns
# ln -s /proc/3473/ns/net /var/lib/netns/rancher-server (ln -s /proc/11649/ns/net /var/run/netns/11649)
# ip netns list
rancher-server
# ip netns exec rancher-server ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
2.Cgroup
(1)cgroup操作
在registry节点查询当前cgroup的挂载情况,将以上操作命令及检查结果填入命令行界面。
[root@registry ~]# mount -t cgroup
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
(2)添加移动进程
在registry节点创建memory控制的cgroup,名称为:xiandian,创建完成后将当前进程移动到这个cgroup中,通过cat相关命令查询cgroup中的进程ID,将以上操作命令及检查结果填入命令行界面。
# mkdir /sys/fs/cgroup/memory/xiandian
# echo $$
5759
# sudo sh -c "echo $$ >> /sys/fs/cgroup/memory/xiandian/tasks"
# cat /proc/5759/cgroup
10:hugetlb:/
9:perf_event:/
8:blkio:/system.slice/sshd.service
7:net_cls:/
6:freezer:/
5:devices:/system.slice/sshd.service
4:memory:/xiandian
3:cpuacct,cpu:/system.slice/sshd.service
2:cpuset:/
1:name=systemd:/system.slice/sshd.service
(3)限制进程配额
在registry节点创建cpu控制的cgroup,名称为:xiandian。假设存在进程号为8888一直占用CPU使用率,并且达到100%,严重影响系统的正常运行。使用cgroup相关知识在创建的cgroup中将此进程操作CPU配额调整为30%。将以上操作命令及检查结果填入命令行界面。
# mkdir /sys/fs/cgroup/cpu/xiandian
# echo 30000 > /sys/fs/cgroup/cpu/xiandian/cpu.cfs_quota_us
# echo 8888 > /sys/fs/cgroup/cpu/xiandian/tasks
(4)cgroup查询
在仓库节点创建一个cgroup,名称为:xiandian,位置在cgroup目录下的子系统cpuset中,并向cpuset.cpus,cpuset.mems两个文件中分别写入数字123, 通过cat相关命令查询写入文件的内容, 将以上操作命令及检查结果填入命令行界面
# mkdir /sys/fs/cgroup/cpuset/xiandian
# cd /sys/fs/cgroup/cpuset/xiandian/
# echo 1-3 > cpuset.cpus
# cat cpuset.cpus
1-3
# echo 1-3 > cpuset.mems
# cat cpuset.mems
1-3
(5)cgroup指定创建
在registry节点使用ubuntu镜像创建一个名为1daoyun的容器,只能使用0,1这两个内核,镜像使用ubuntu/14.04.3,并通过查看Cgroup相关文件查看内核使用情况,将以上操作命令及检查结果填入命令行界面
# docker run -dit --name 1daoyun --cpuset-cpus="0,1" ubuntu:14.04.3 /bin/bash
Unable to find image 'ubuntu:14.04.3' locally
Trying to pull repository 192.168.200.106:5000/ubuntu ...
14.04.3: Pulling from 192.168.200.106:5000/ubuntu
8387d9ff0016: Pull complete
3b52deaaf0ed: Pull complete
4bd501fad6de: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:e69833eaf929c10b20fd413daed3c93188fe6ed4b617bce20799cf516270d217
Status: Downloaded newer image for 192.168.200.106:5000/ubuntu:14.04.3
41a71f67d8d01a6a64a65d1109770e772738e948d4afb278418b1198fd21da47
# cat /sys/fs/cgroup/cpuset/system.slice/docker-41a71f67d8d01a6a64a65d1109770e772738e948d4afb278418b1198fd21da47.scope/cpuset.cpus
0-1
3.存储
(1)挂载主机目录
在registry节点创建/opt/xiandian目录,创建完成后启动名为xiandian-dir,镜像为ubuntu:14.04.3的容器,并指定此目录为容器启动的数据卷,创建完成后通过inspect命令指定查看数据卷和查看容器挂载的情况。将以上操作命令及检查结果填入命令行界面。
# mkdir /opt/xiandian
# docker run -d -it -P --name xiandian-dir -v /opt/xiandian 192.168.200.12:5000/ubuntu:14.04.3 /bin/bash
# docker inspect -f {{.Config.Volumes}} xiandian-dir
map[/opt/xiandian:{}]
# docker inspect -f {{.Mounts}} xiandian-dir
[{eaa3ec0d276dbf01b29ae98138fc6440853b991e5dd0107599eecb473ecf6729 /var/lib/docker/volumes/eaa3ec0d276dbf01b29ae98138fc6440853b991e5dd0107599eecb473ecf6729/_data /opt/xiandian local true }]
(2)挂载主机只读目录
在registry节点创建/opt/xiandian目录,创建完成后启动名为xiandian-dir,镜像为ubuntu:14.04.3的容器,并指定此目录为容器启动的数据卷挂载目录为/opt,设置该数据卷为只读模式,创建完成后通过inspect命令指定查看HostConfig内的Binds情况。将以上操作命令及检查结果填入命令行界面。
# docker run -d -it -P --name xiandian-dir -v /opt/xiandian:/opt:ro 192.168.200.12:5000/ubuntu:14.04.3 /bin/bash
# docker inspect -f '{{.HostConfig.Binds}}' 6e4a623cc618
[/opt/xiandian:/opt:ro]
(3)挂载主机文件
在registry节点启动名为xiandian-file,镜像为ubuntu:14.04.3的容器,并指定rancher平台安装脚本“install.sh”为容器启动的数据卷,挂载到容器的/opt目录下,创建完成后通过inspect命令指定查看容器挂载的情况。将以上操作命令及检查结果填入命令行界面。
# mkdir /opt/xiandian
# docker run -d -it -P --name xiandian-file -v /opt/install.sh:/opt/install.sh 192.168.200.12:5000/ubuntu:14.04.3 /bin/bash
# docker inspect -f {{.Mounts}} xiandian-file
[{ /opt/install.sh /opt/install.sh true rslave}]
(4)数据备份和恢复
使用一条命令将上题创建的数据卷容器进行数据备份,要求创建一个新的ubuntu:14.04.3容器并引用上题的数据卷,同时创建一个数据卷映射,将本地文件系统的当前工作目录映射到容器的/backup的目录,最后通过tar命令将容器的数据卷打包到/backup数据卷中,将备份的数据卷保存到本地,名称为backup.tar, 将以上操作命令及检查结果填入命令行界面。
# docker run --volumes-from 69bdcf9f3627 -v $(pwd):/backup ubuntu:14.04.3 tar cvf /backup/backup.tar /opt/xiandian
(5)容器连接
在registry节点使用docker相关命令使用mysql:latest镜像创建名为mysqldb的容器,使用镜像nginx:latest创建名为nginxweb容器,容器连接mysqldb容器内数据库,操作完成后使用inspect查看有关链接内容的字段,将以上操作命令及检查结果填入命令行界面。
# docker run -d -it --name mysqldb -P mysql:latest /bin/bash
# docker run -d -it --name nginxweb -P --link mysqldb:db nginx:latest /bin/bash
# docker inspect --format {{.HostConfig.Links}} 49cb289d6e73
[/mysqldb:/nginxweb/db]
4.网络
(1)查询网桥
在registry节点通过bridge命令(如果不存在则安装该命令)查看网桥列表,将以上操作命令及检查结果填入命令行界面。
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02421af76ad0 no veth35b7a00
veth643076f
vethde11f52
(2)定制网桥
在registry节点创建xd_br网桥,设立网络的网络地址和掩码为192.168.2.1/24,创建完成后启动该网桥,完成后查看xd_br网卡和网桥详细信息,将以上操作命令及检查结果填入命令行界面。
# brctl addbr xd_br
# ip addr add 192.168.2.1/24 dev xd_b
Ip link set xd_b up
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02421af76ad0 no veth35b7a00
veth643076f
vethde11f52
xd_br 8000.000000000000 no
# ifconfig xd_br
xd_br: flags=4098<BROADCAST,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 7e:cb:e4:ca:78:54 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(3)docker网络
在registry节点利用ubuntu:14.04.3镜像运行一个无网络环境的容器,进入容器后使用ifconfig查看网络信息,将以上操作命令及检查结果填入命令行界面。
# docker run -it -d --net=none ubuntu:14.04.3 /bin/bash
# docker exec -it 83f831907439 /bin/bash
root@83f831907439:/# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
在registry节点利用ubuntu:14.04.3镜像启动ubuntu容器,创建完成后为该容器创建独立的网络命名空间并创建虚拟网络接口设备A,为A创建一个映射端设备B;将设备A接入到创建的网桥xd_br中,完成后启动设备A,将B设备放入刚刚创建好的网络空间中;完成后查询宿主机的网桥信息和该容器的网络信息,将以上操作命令及检查结果填入命令行界面。
# docker inspect --format '{{.State.Pid}}' 1319914566c4
4730
# mkdir -p /var/run/netns
# ln -s /proc/4730/ns/net /var/run/netns/4730
# ip link add A type veth peer name B
# brctl addif xd_br A
# ip link set A up
# ip link set B netns 4730
# ip netns exec 7841 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
316: B: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 66:02:89:6d:42:5e brd ff:ff:ff:ff:ff:ff
# brctl show
bridge name bridge id STP enabled interfaces
br-830cec4ae8fc 8000.0242f1e942e2 no
docker0 8000.02421af76ad0 no veth6e9372e
veth7a36e10
veth9ab1aae
vetha1913ed
vethce676b5
vethd659bfa
xd_br 8000.ee4e4274f4a3 no A
在ubuntu容器中将将设备B重命名为通用的网络设备名eth0,并分配MAC地址为1A:2B:3C:4D:5E:6F;根据xd_br网桥的地址将该网段的最后一位分配给该网络设备,设置路由地址到xd_br;完成后查询该容器的eth0网卡和路由信息,将以上操作命令及检查结果填入命令行界面。
# ip netns exec 4730 ip link set dev B name eth0
# ip netns exec 4730 ip link set eth0 address 1A:2B:3C:4D:5E:6F
# ip netns exec 4730 ip link set eth0 up
# ip netns exec 4730 ip addr add 192.168.2.254/24 dev eth0
# ip netns exec 4730 ip route add default via 192.168.2.1
# docker exec 1319914566c4 ifconfig eth0
eth0 Link encap:Ethernet HWaddr 1a:2b:3c:4d:5e:6f
inet addr:192.168.2.254 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::182b:3cff:fe4d:5e6f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
# docker exec 1319914566c4 ip route
default via 192.168.2.1 dev eth0
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.254
Docker之集群服务
1.Compose
在registry节点利用compose相关知识编写WordPress的创建文件,使用compose版本为2,创建名为xd_db的服务,引用镜像为mysql:latest,设置容器自动启动运行,设置数据卷db_data与数据库存储路径实现映射,设置数据库密码为wp_xiandian;创建服务为xd_wp,引用镜像为wordpress:latest,此服务依赖xd_db服务,开放端口8888为wrodpress的80映射端口,最后设置wordpress的数据库连接地址和密码。完成后运行并查看docker-compose.yml文件,待容器运行完成后查询docker的容器运行状态,将以上操作命令及执行结果填入命令行界面。
# docker-compose up -d
Creating opt_xd_db_1
Creating opt_xd_wp_1
# cat docker-compose.yml
version: '2'
services:
xd_db:
image: mysql:latest
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: wp_xiandian
xd_wp:
depends_on:
- xd_db
image: wordpress:latest
ports:
- "8888:80"
restart: always
environment:
WORDPRESS_DB_HOST: xd_db:3306
WORDPRESS_DB_PASSWORD: wp_xiandian
volumes:
db_data:
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e955e781ac41 wordpress:latest "docker-entrypoint.sh" 5 minutes ago Up 5 minutes 0.0.0.0:8888->80/tcp opt_xd_wp_1
12a3d98cbd9d mysql:latest "docker-entrypoint.sh" 5 minutes ago Up 5 minutes 3306/tcp opt_xd_db_1
52745024501e ubuntu:14.04.3 "/bin/bash" 3 hours ago Up 3 hours reverent_bassi
49cb289d6e73 nginx:latest "/bin/bash" 23 hours ago Up 23 hours 0.0.0.0:32772->80/tcp, 0.0.0.0:32771->443/tcp nginxweb
0fa6b8c9ff49 mysql:latest "docker-entrypoint.sh" 24 hours ago Up 23 hours 0.0.0.0:32770->3306/tcp mysqldb
940568599bb2 192.168.200.12:5000/registry:latest "/entrypoint.sh /etc/" 5 weeks ago Up 23 hours 0.0.0.0:5000->5000/tcp registry
2.Consult发现
(1)创建
在registry节点利用consul相关知识创建配置 consul 集群,设置registry节点为cluster leader,将server和client节点加入该集群身份为server,集群名称为xd_center,registry节点名称为cluster_server,server节点名称为cluster_client1,client节点为cluster_client2,完成后查询该集群列表,将以上操作命令及执行结果填入命令行界面。
# consul agent -server -bootstrap -data-dir /home/data_consul -client 0.0.0.0 -bind=192.168.200.12 -node=cluster_server -dc=xd_center &
# consul agent -server -data-dir /home/data_consul -client 0.0.0.0 -bind=192.168.200.10 -node=cluster_client1 -dc=xd_center &
# consul agent -server -data-dir /home/data_consul -client 0.0.0.0 -bind=192.168.200.11 -node=cluster_client2 -dc=xd_center &
# consul join 192.168.200.10
# consul join 192.168.200.11
# consul members
2017/03/29 11:24:33 [INFO] agent.rpc: Accepted client: 127.0.0.1:48197
Node Address Status Type Build Protocol DC
cluster_client1 192.168.200.10:8301 alive server 0.6.3 2 xd_center
cluster_client2 192.168.200.11:8301 alive server 0.6.3 2 xd_center
cluster_server 192.168.200.12:8301 alive server 0.6.3 2 xd_center
(2)查询
在registry完成后查询consul集群列表,将以上操作命令及执行结果填入命令行界面。
# consul members
2017/03/29 11:24:33 [INFO] agent.rpc: Accepted client: 127.0.0.1:48197
Node Address Status Type Build Protocol DC
cluster_client1 192.168.200.10:8301 alive server 0.6.3 2 xd_center
cluster_client2 192.168.200.11:8301 alive server 0.6.3 2 xd_center
cluster_server 192.168.200.12:8301 alive server 0.6.3 2 xd_center