Docker继续学习
一、Docker简介
Docker与虚拟机的对比
二、安装Docker
阿里云安装教程:
https://developer.aliyun.com/article/110806
查看历史版本
root@localhost data]# yum list docker-ce --showduplicates | sort -r
配置个人镜像加速器
https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
https://j75wwuc0.mirror.aliyuncs.com
cat > /etc/docker/daemon.json << EOF { "registry-mirrors": ["https://j75wwuc0.mirror.aliyuncs.com"] } EOF
三、Docker命令
Apline镜像
什么是Alpine镜像
1、Alpine Linux是一个基于musl libc和busybox的小型Linux发行版。它最初由Alpine Linux社区开发,可以在x86、x86-64、ARMv6、ARMv7、ARMv8架构上运行。
2、Alpine镜像是使用Alpine Linux制作的Docker镜像,具有小巧、安全、高效等特点,被广泛用于构建Docker容器进行应用程序开发和部署。
为什么要使用Alpine镜像
1、体积小:Alpine镜像是最小的Linux发行版之一,镜像体积仅为5MB左右,这意味着每当我们启动一个Alpine镜像时,Docker引擎只需要下载非常少的数据就能快速启动容器。
2、高效:Alpine使用musl libc作为C标准库,相比glibc更小、更快、更安全,使用Alpine镜像能够显著减少机器资源的使用,提高应用程序的性能。
3、安全:Alpine Linux的设计简洁,只包含最基本的包,镜像中不包含冗余文件和库,因此减少了系统被攻击的潜在漏洞和风险。
3.1 Pull命令
root@localhost docker]# docker pull alpine:3.12 3.12: Pulling from library/alpine 1b7ca6aea1dd: Pull complete Digest: sha256:c75ac27b49326926b803b9ed43bf088bc220d22556de1bc5f72d742c91398f69 Status: Downloaded newer image for alpine:3.12 docker.io/library/alpine:3.12
3.2 Save命令
[root@localhost data]# docker save alpine:3.12 -o alpine:3.12.tar
或者
[root@localhost data]# docker save alpine>alpine.tar
多个镜像同时打包
[root@localhost data]# docker save alpine openjdk -o all.tar
3.3 Load命令
[root@localhost data]# docker load -i alpine.tar 1ad27bdd166b: Loading layer [==================================================>] 5.865MB/5.865MB Loaded image: alpine:3.12 78a822fe2a2d: Loading layer [==================================================>] 7.622MB/7.622MB Loaded image: alpine:latest
3.3 Inspect命令
查看镜像的详细信息
[root@localhost data]# docker inspect alpine [ { "Id": "sha256:c1aabb73d2339c5ebaa3681de2e9d9c18d57485045a4e311d9f8004bec208d67", "RepoTags": [ "alpine:latest" ], "RepoDigests": [], "Parent": "", "Comment": "", "Created": "2023-06-14T20:41:59.079795125Z", "Container": "bfc8078c169637d70e40ce591b5c2fe8d26329918dafcb96ebc9304ddff162ea", "ContainerConfig": { "Hostname": "bfc8078c1696",
3.4 tag 命令
标记本地镜像,将其归入某一仓库
[root@localhost data]# docker tag alpine zzs/alpine:9
四、Docker容器(Container)
启动镜像
--rm 容器停止后自动删除
[root@localhost data]# docker run -it --rm alpine
启动加端口
[root@localhost ~]# docker run -it --rm -p 8888:8080 tomcat
查看日志
[root@localhost ~]# docker logs -f mytomcat
创建容器但是不运行
[root@localhost ~]# docker create -it --name mytomcat2 -p 8899:8080 tomcat
五、安装软件
5.1、安装nginx
下载镜像
[root@localhost ~]# docker pull nginx:1.19.3-alpine
备份镜像
root@localhost ~]# docker save nginx:1.19.3-alpine -o nginx:1.19.3-alpine.tar
启动
[root@localhost ~]# docker run -dit --name nginx -p 80:80 nginx:1.19.3-alpine 94f853acad4f65747047240e1b2e8e91e3a70db11478492029aa240cc368acdd
查看日志
[root@localhost ~]# docker logs -f nginx /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Configuration complete; ready for start up
进入容器
[root@localhost ~]# docker exec -it nginx sh
/ #
访问
5.2、安装MySQL
下载镜像
[root@localhost ~]# docker pull mysql:5.7.31 5.7.31: Pulling from library/mysql bb79b6b2107f: Pull complete 49e22f6fb9f7: Pull complete 842b1255668c: Pull complete 9f48d1f43000: Pull complete c693f0615bce: Pull complete 8a621b9dbed2: Pull complete 0807d32aef13: Pull complete 6d2fc69dfa35: Pull complete 56153548dd2c: Pull complete 3bb6ba940303: Pull complete 3e1888da91a7: Pull complete Digest: sha256:b3dc8d10307ab7b9ca1a7981b1601a67e176408be618fc4216d137be37dae10b Status: Downloaded newer image for mysql:5.7.31 docker.io/library/mysql:5.7.31
启动容器
[root@localhost ~]# docker run -dit --name mysql --restart always -p 3306:3306 -e MYSQL_ROOT_PASSWORD=admin mysql:5.7.31 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci 89deda3b3c344d7a2bdf103c9df37c1f6df904610ee0d052c8df28af277a39f5
进入容器并登陆数据库
[root@localhost ~]# docker exec -it mysql bash root@89deda3b3c34:/# root@89deda3b3c34:/# root@89deda3b3c34:/# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.7.31 MySQL Community Server (GPL) Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> mysql>
5.3、安装Zookeeper
下载镜像
[root@localhost ~]# docker pull zookeeper:3.6.2
启动镜像
[root@localhost ~]# docker run -dit --name zookeeper --restart always -p 2181:2181 zookeeper:3.6.2 d08ee517bb1b75fe40a9514028d471caa24d7718e327660a9bcab0c18b9f8e70
5.4、安装activeMQ
下载镜像
[root@localhost ~]# docker pull webcenter/activemq:5.14.3 5.14.3: Pulling from webcenter/activemq 7dcf5a444392: Pull complete 9eebba75a87f: Pull complete 1f0440d87cc7: Pull complete dacd0555c1b4: Pull complete b0f19aa05a94: Pull complete 9fa6897f5432: Pull complete 0f986ed9e7e7: Pull complete 75a8f61a71ca: Pull complete 50db804f83a0: Pull complete e3d0ff839c33: Pull complete 8e3cb309021f: Pull complete 9a1585ec1312: Pull complete a242633f1554: Pull complete Digest: sha256:da7b1ee5cf6ac6cbed6c74b5aef08999cb71e6162ee9a100a9a4a10d6bee1f13 Status: Downloaded newer image for webcenter/activemq:5.14.3 docker.io/webcenter/activemq:5.14.3
启动镜像
[root@localhost ~]# docker run -dit --name activemq --restart always -p 61616:61616 -p 8161:8161 webcenter/activemq:5.14.3 d31ce96ed7320eb67100ae8795a3330bab6f3546877834683f59f858c14bbbc9
访问测试
六、Docker核心原理
6.1、什么是容器
6.2、容器和虚拟化的区别
容器是将代码和环境打包在一起的一个集合,而虚拟机是在物理机层面分离出一个操作系统,多个容器可以运行在一个物理机上,并且共享一个操作系统的内核资源,多个虚拟机也可以运行在一台物理机上,每个虚拟机都需要一个操作系统。
6.3 Docker网络
查看docker网络
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 2c30e7524893 bridge bridge local 8762d3c74886 host host local d7bc05b237f2 none null local
6.4 Docker网络的原理
查看容器的内部网络地址
[root@localhost ~]# docker inspect mysql "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:02",
6.5、Docker的网络模式
- brige模式:默认的网络模式,没有一个公有的ip,只有宿主机可以访问,外部主机不可见,可以通过宿主机的NAT规则后可以访问。
- host模式:与宿主机在同一个网络中,但是没有独立的IP,使用宿主机的IP和端口,网络性能好,但是使用过的端口就不能使用了,会占用端口
- none模式:使用这种模式,Docker拥有自己的Network Namespace
- overlay模式:也称为覆盖网络,主要用于集群部署
查看bridge网络详细信息
[root@localhost ~]# docker network inspect bridge
[root@localhost ~]# docker network inspect bridge "ConfigOnly": false, "Containers": { "61ad975d8dfeb94fa678e7b07ae28bb525e11556ecfc2d7681fabb036fd23f6e": { "Name": "nginx1", "EndpointID": "dad791b53b5a968d72e7fb6c18c3cb8d96b0d7cf21df3defe1a2c0009fb8dff4", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" }
容器创建的过程
安装一个查看网络的插件
[root@localhost ~]# yum install -y bridge-utils
查看网卡绑定情况
[root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces docker0 8000.02424aa327bb no veth8ca0c65
宿主机和容器内的网络是互通的;
容器内的IP地址是动态变化的,容器的停止后重新启动,重新分配IP地址;
6.6、新建Bridge网络
[root@localhost ~]# docker network create -d bridge ziguang
dcfbaddea3c42548b6812f4d9ab4599269a475abaf3e6f83e5a253f11871c9e1
查看新建的网络
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 2c30e7524893 bridge bridge local 8762d3c74886 host host local d7bc05b237f2 none null local dcfbaddea3c4 ziguang bridge local
查看新建网络的详细信息
[root@localhost ~]# docker network inspect ziguang [ { "Name": "ziguang", "Id": "dcfbaddea3c42548b6812f4d9ab4599269a475abaf3e6f83e5a253f11871c9e1", "Created": "2023-06-25T04:36:35.270779899-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ]
brctl查看
[root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces br-dcfbaddea3c4 8000.0242036c5d9b no docker0 8000.02424aa327bb no veth0d14930 veth8ca0c65
启动新的容器,使用新的网络
[root@localhost ~]# docker run -dit --name nginx3 --network ziguang nginx:1.19.3-alpine d6a83a502304790d64e07b1b46b61761f2db77b0f4e3efc2c9964cdcbe164fc6
6.7 none网络
创建none网络的容器
[root@localhost ~]# docker run -dit --name nginx1 --network none nginx:1.19.3-alpine 9481b5ae85d7b0e6994b345f492d406482a33ce4ff7da9e3bdbe3063f720251b
查看网络发现,没有任何网卡
[root@localhost ~]# docker exec -it nginx1 sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever
6.8 host网络
[root@localhost ~]# docker run -dit --name nginx2 --network host nginx:1.19.3-alpine c226e602fdbb97d8a791453a243bf88996c68c9246344fc966c7ad2197fac5db
进入容器查看网络
[root@localhost ~]# docker exec -it nginx2 sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:5b:22:f0 brd ff:ff:ff:ff:ff:ff inet 192.168.43.5/24 brd 192.168.43.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f862:b51:9f6:adf6/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:63:83:5e:4b brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:63ff:fe83:5e4b/64 scope link valid_lft forever preferred_lft forever
6.9、Docker网络常用命令
查看帮助
[root@localhost ~]# docker network --help Usage: docker network COMMAND Manage networks Commands: connect Connect a container to a network create Create a network disconnect Disconnect a container from a network inspect Display detailed information on one or more networks ls List networks prune Remove all unused networks rm Remove one or more networks Run 'docker network COMMAND --help' for more information on a command.
查看网络
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 56cfa6f8e2ef bridge bridge local 8762d3c74886 host host local d7bc05b237f2 none null local
新建网络
[root@localhost ~]# docker network create -d bridge newnetwork
6e1a3a4b32340f1667178a7eee38495729257338993da4e9922298fc45ea1a75
查看网络的详细情况:
[root@localhost ~]# docker network inspect newnetwork
创建指定IP网段的网络
[root@localhost ~]# docker network create -d bridge --subnet=172.172.0.0/24 --gateway 172.172.0.1 zig 09fc9d10573bc9ab3d5267fe5a911146261499faed7e4b210eaacc3d2ae424bb
查看新建的网络
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 56cfa6f8e2ef bridge bridge local 8762d3c74886 host host local 6e1a3a4b3234 newnetwork bridge local d7bc05b237f2 none null local 09fc9d10573b zig bridge local
创建个容器,指定ip地址
[root@localhost ~]# docker run -dit --name nginx3 --network zig --ip 172.172.0.10 nginx:1.19.3-alpine fc458d7523a4c82280a2fbc4b3aabe19027070ab0c91c85e2d7a92d86d49e587
停止启动容器测试ip地址,发现地址没有变化
[root@localhost ~]# docker start nginx3 nginx3 [root@localhost ~]# docker exec -it nginx3 sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:ac:00:0a brd ff:ff:ff:ff:ff:ff inet 172.172.0.10/24 brd 172.172.0.255 scope global eth0 valid_lft forever preferred_lft forever / #
七、数据卷
- 数据卷特点:
- 数据卷可以在容器间共享或者重用数据;
- 数据卷中的更改可以立即生效;
- 数据卷中的更改不会包含在镜像的更新中;
- 数据卷默认一致存在,即使容器被删除;
- 数据卷的生命周期一直持续到没有容器使用他为止;
7.1、容器中数据管理的两种方式
- 数据卷:Data Volumes容器内数据直接映射到本地主机环境;
- 数据卷容器:Data Volumes Containers使用特定的容器维护数据卷
7.2、CP命令
[root@localhost ~]# docker run -dit --name nginx1 -p 80:80 nginx:1.19.3-alpine c6b975b2a12d672e93981918395640e441b7db3bf3743aaeae80ac0b216e0038
准备文件
[root@localhost data]# echo "Hello Docker">index.html
将本地文件拷贝到容器中
[root@localhost data]# docker cp /root/data/index.html nginx1:/usr/share/nginx/html Successfully copied 2.05kB to nginx1:/usr/share/nginx/html
7.3、数据卷
- 将主机的目录直接映射到容器内
- 最好通过run命令挂载
- 最好挂载目录,而不是文件
创建mysql容器,并映射目录
[root@localhost data]# docker run -dit --name mysql --restart always -v /mysql:/var/lib/mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=admin mysql:5.7.31 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci 9025eddf31fd2abc1db8bfacf25d1ef18a67444a5b4b84799a3ffba9203d60e6
查看映射的目录
[root@localhost data]# cd /mysql [root@localhost mysql]# ls auto.cnf client-cert.pem ibdata1 ibtmp1 private_key.pem server-key.pem ca-key.pem client-key.pem ib_logfile0 mysql public_key.pem sys ca.pem ib_buffer_pool ib_logfile1 performance_schema server-cert.pem
创建数据库
[root@localhost mysql]# docker exec -it mysql sh # mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.31 MySQL Community Server (GPL) Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> create database zig; Query OK, 1 row affected (0.00 sec)
查看本地磁盘
[root@localhost mysql]# ls auto.cnf client-cert.pem ibdata1 ibtmp1 private_key.pem server-key.pem ca-key.pem client-key.pem ib_logfile0 mysql public_key.pem sys ca.pem ib_buffer_pool ib_logfile1 performance_schema server-cert.pem zig
7.4、挂载目录权限问题
创建目录,并授权
[root@localhost ~]# mkdir /nexus3 [root@localhost ~]# chown -R 200 /nexus3
启动容器
[root@localhost ~]# docker run -dit --name nexus3 -p 8081:8081 -v /nexus3:/nexus-data sonatype/nexus3:3.28.14cc98f4810522dfb1f088ece1e10f280f4d353fb11d092cf375135b0117174b1
7.5、命名数据卷的挂载
[root@localhost ~]# docker run -idt --name nginx6 -v mydocker:/etc/nginx nginx:1.19.3-alpine 8405acef067d5e4a9c1e4250f233951e6c8926dc8c79158400c5031af5dcd5e2
mydocker是随便给的磁盘名称,接下来查看磁盘的位置
[root@localhost ~]# docker volume ls
DRIVER VOLUME NAME
local mydocker
使用命令查看磁盘的具体位置
[root@localhost ~]# docker volume inspect mydocker [ { "CreatedAt": "2023-06-27T02:22:10-04:00", "Driver": "local", "Labels": null, "Mountpoint": "/var/lib/docker/volumes/mydocker/_data", "Name": "mydocker", "Options": null, "Scope": "local" } ]
7.6、匿名卷的挂载
只写容器内的目录
[root@localhost ~]# docker run -idt --name nginx7 -v /etc/nginx nginx:1.19.3-alpine e90c9a3e31ce23db85d049bb36f5ff657ea3f739b62e6d785c603e55099bc8a8
7.7、清理没有使用的数据卷
[root@localhost ~]# docker volume prune WARNING! This will remove anonymous local volumes not used by at least one container. Are you sure you want to continue? [y/N] y Deleted Volumes: b5b1117f6060e389314b4b3decf7306574cc1889f645f8937c485a261b651cb0 6be79c6b62489f32be9edb6e2ebbbc7b098d7bdd13a9a0efb850f56e548601a9 70d9817274f0266e414291102bab30f32225618cab4d6ad39ecaf0848c6d6b55 7703a9f46f02375705c9e1c61954a5f36b1f8d3dee94163347df91b2b9ce0f87 a8a6a5a445730aa31ea40578de46dfd1600808c1b3705c51fd05bca7135bdaad f6bed813de0f6b0b8469b831e8899d5e99a6da0d6e27346b23406182522e9034 a02c7c622b057e50de8d3acbe740275e26729abbef9fd630403913379963cfda 38b0503699a74c8e695292910c8e88b3492626bfddceb8b840230137fca9b2ad Total reclaimed space: 402.7MB
7.8、数据卷容器
如果多个容器需要共享数据,可以使用数据卷容器。
数据卷容器处于停止状态
准备镜像
[root@localhost ~]# docker pull centos:7.8.2003 7.8.2003: Pulling from library/centos 9b4ebb48de8d: Pull complete Digest: sha256:8540a199ad51c6b7b51492fa9fee27549fd11b3bb913e888ab2ccf77cbb72cc1 Status: Downloaded newer image for centos:7.8.2003 docker.io/library/centos:7.8.2003
启动数据卷容器
[root@localhost ~]# docker run -d --name data-volume -v /data/nginx:/usr/share/nginx/html -v /data/mysql:/var/lib/mysql centos:7.8.2003 5cac40a1689e7e0ea8d388bc74a7fd1c60f2dd22d140735d59d38972f186c1b1
查看容器状态
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5cac40a1689e centos:7.8.2003 "/bin/bash" 4 minutes ago Exited (0) 4 minutes ago data-volume
启动nginx容器使用创建好的数据卷容器
[root@localhost ~]# docker run -dit --name nginx01 -p 80:80 --volumes-from data-volume nginx:1.19.3-alpine 62342d4f6ecdc740a6ff4ff645e21732d5f5e6c6e518017e5f8d93f5e5382ead
在目录写入东西
[root@localhost data]# cd nginx/ [root@localhost nginx]# ls [root@localhost nginx]# echo "Hello docker">index.html
查看
启动另外一个容器,共享这个卷
[root@localhost nginx]# docker run -dit --name nginx02 -p 81:80 --volumes-from data-volume nginx:1.19.3-alpine 80bf733dd5aea674cf3fc0830c31440bbab9f7522c3ce6eeeb998425769c492f
访问这个容器, 两个容器共享同一个目录
另外一个mysql实验
[root@localhost ~]# docker run -dit --name mysql01 --restart always --volumes-from data-volume -p 3306:3306 -e MYSQL_ROOT_PASSWORD=admin mysql:5.7.31 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci 4385addc56e284ac27a43f51dfa7d0621b62aa1ae0842e34de6223f7fb04778c
启动另外一个容器创建mysql报错
7.9、Docker compose
compose、machine、swarm是原生提供的三大编排工具,简称docker三剑客
下载: https://github.com/docker/compose/releases
授权,如果是删除docker-compose,删除这个文件就可以
[root@localhost data]# mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
[root@localhost data]# chmod +x /usr/local/bin/docker-compose
查看docker-compose版本
[root@localhost data]# docker-compose -v Docker Compose version v2.3.3
常用的命令,命令在有docker-compose.yaml文件目录下执行
启动服务:
[root@localhost data]# docker compose up -d
停止服务
[root@localhost data]# docker compose down
列出所有运行的容器
[root@localhost data]# docker compose ps
查看日志
[root@localhost data]# docker compose logs
7.10、搭建私服harbor
这里准备了一个新的服务器,我们先按照docker
下载Centos的yum文件,到/etc.yum.repo.d/
http://mirrors.aliyun.com/repo/Centos-7.repo
这里我们可以参考一下阿里云的教程,先要登陆后访问
https://developer.aliyun.com/article/110806
按照教程执行依赖包的安装
[root@localhost yum.repos.d]# sudo yum install -y yum-utils device-mapper-persistent-data lvm2
添加信息源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看历史版本
[root@localhost yum.repos.d]# yum list docker-ce --showduplicates | sort -r
更新并安装docker-ce
sudo yum makecache fast
[root@localhost yum.repos.d]# sudo yum -y install docker-ce-18.03.1.ce-1.el7.centos
查看版本
[root@localhost yum.repos.d]# docker version Client: Version: 18.03.1-ce API version: 1.37 Go version: go1.9.5 Git commit: 9ee9f40 Built: Thu Apr 26 07:20:16 2018 OS/Arch: linux/amd64 Experimental: false Orchestrator: swarm Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
设置开机启动
[root@localhost yum.repos.d]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@localhost yum.repos.d]# systemctl start docker
安装docker-compose
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
查看版本
[root@localhost ~]# docker-compose -v Docker Compose version v2.3.3
下载harbor
https://github.com/goharbor/harbor/releases/tag/v1.9.4
上传解压
[root@localhost data]# tar -zxvf harbor-offline-installer-v1.9.4.tgz harbor/harbor.v1.9.4.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/harbor.yml [root@localhost data]# ls harbor harbor-offline-installer-v1.9.4.tgz [root@localhost data]# cd harbor [root@localhost harbor]# ls harbor.v1.9.4.tar.gz harbor.yml install.sh LICENSE prepare
修改配置文件harbor.yml ,修改四个地方
hostname: 192.168.43.12 # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 5000 harbor_admin_password: admin
data_volume: /root/data/harbor-volume
执行安装:
[root@localhost harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.03.1 Note: docker-compose version: 2.3.3 [Step 1]: loading Harbor images ...
测试页面 admin admin
在另外一台主机上配置harbor地址,这样可以让镜像上传到镜像服务器,实验主机是192.168.43.5
[root@localhost ~]# vi /etc/docker/daemon.json { "registry-mirrors": ["https://j75wwuc0.mirror.aliyuncs.com"], "insecure-registries":["192.168.43.12:5000"] }
重启docker服务
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
在上登陆192.168.43.5
[root@localhost ~]# docker login -u admin -p admin 192.168.43.12:5000 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
在镜像服务器新建一个项目
在192.168.43.5上给需要上传的镜像打标
[root@localhost ~]# docker tag nginx:1.19.3-alpine 192.168.43.12:5000/edu/mynginx
上传镜像
[root@localhost ~]# docker push 192.168.43.12:5000/edu/mynginx:latest The push refers to repository [192.168.43.12:5000/edu/mynginx] 8d6d1951ab0a: Pushed d0e26daf1f58: Pushed 835f5b67679c: Pushed 4daeb7840e4d: Pushed ace0eda3e3be: Pushed latest: digest: sha256:a411d06ab4f5347ac9652357ac35600555aeff0b910326cc7adc36d471e0b36f size: 1360
到镜像服务器查看
八、Dockerfile
8.1 commit命令创建镜像
先创建个容器
[root@localhost ~]# docker run -dit --name nginx -p 80:80 192.168.43.12:5000/edu/mynginx:latest 0a49eb34f67409319ddf5291ef373472a4971687ee1b3aea31e92e33b6f674c1
写个首页
[root@localhost ~]# echo "Hello chenning">index.html
拷贝到docker里边
[root@localhost ~]# docker cp index.html nginx:/usr/share/nginx/html/index.html Successfully copied 2.05kB to nginx:/usr/share/nginx/html/index.html
测试
将现有的容器制作成镜像
[root@localhost ~]# docker container commit -m "Update index.html" -a "zs" nginx 192.168.43.12:5000/edu/nginx:v2 sha256:c412c93ceb4bc0e3a3036f228a7562b20bd52ebd115e9b9e1b5a125e11cf4c74
把新的镜像上传上去
[root@localhost ~]# docker push 192.168.43.12:5000/edu/nginx:v2 The push refers to repository [192.168.43.12:5000/edu/nginx] 40034eaa7caa: Pushed 8d6d1951ab0a: Mounted from edu/mynginx d0e26daf1f58: Mounted from edu/mynginx 835f5b67679c: Mounted from edu/mynginx 4daeb7840e4d: Mounted from edu/mynginx ace0eda3e3be: Mounted from edu/mynginx v2: digest: sha256:380ad0bfab5945a4ed3cbe40c878e45b60bae0f8899e19cee4fa7f1057c59ad1 size: 1568
8.2、dockerfile
dockerfile是构建docker镜像的源码
Dockerfile主要包括:基础镜像信息、维护者信息、镜像操作指令和容器启动时候的指令。
制作一个简单的dockerfile
vi dockerfile FROM mysql:5.7.31 MAINTAINER mysql from date UTC ENV TZ Asia/Shanghai
使用命令制作
[root@localhost mysql]# docker build --rm -t 192.168.43.12:5000/edu/mysql:5.7 . [+] Building 0.4s (5/5) FINISHED => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load build definition from dockerfile 0.0s => => transferring dockerfile: 107B 0.0s => [internal] load metadata for docker.io/library/mysql:5.7.31 0.0s => [1/1] FROM docker.io/library/mysql:5.7.31 0.2s => exporting to image 0.0s => => exporting layers 0.0s => => writing image sha256:2cbf53af1d93cdad6b4583fce4683c2f9837aca397964678c70e2c2bd0aa2cc2 0.0s => => naming to 192.168.43.12:5000/edu/mysql:5.7 0.0s
上传harbor
[root@localhost mysql]# docker push 192.168.43.12:5000/edu/mysql:5.7 The push refers to repository [192.168.43.12:5000/edu/mysql] bdda49371b83: Pushed 78a9edf56b5f: Pushed 2e19acd09cf6: Pushed 30f9c7764a3f: Pushed 15b463db445c: Pushed c21e35e55228: Pushed 36b89ee4c647: Pushed 9dae2565e824: Pushed ec8c80284c72: Pushed 329fe06a30f0: Pushed d0fe97fa8b8c: Pushed 5.7: digest: sha256:e7a00f8838c996e7070580a93672cb4200e78bf49b4d081bff20c911a68652e4 size: 2621
九、Docker的运维管理
9.1、Mysql集群的搭建
主机准备:
主节点:192.168.43.4
备节点:192.168.43.5
192.168.43.4 主节点创建镜像
[root@localhost ~]# mkdir -p /data/mysql/master [root@localhost ~]# cd /data/mysql/master/ [root@localhost master]# vi my.cnf
创建配置文件
[mysqld] log-bin=mysql-bin server_id=4
创建dockerfile
FROM mysql:5.7.31 MAINTAINER mysql from data UTC ENV TZ Asia/Shanghai COPY my.cnf /etc/mysql
构建镜像
[root@localhost master]# docker build --rm -t zs/mysqlmaster:5.7.31 .
启动镜像
[root@localhost master]# docker run -dit --name mysql --restart always -p 3306:3306 -e MYSQL_ROOT_PASSWORD=admin zs/mysqlmaster:5.7.31 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci e527bd9abfc131972575f8ae9e65faa2ab59da5b3d3796ff3a30f154d7b452b5
192.158.43.5 从节点执行
[root@localhost ~]# mkdir -p /data/mysql/agent
[root@localhost ~]# cd /data/mysql/agent/
创建配置文件
[root@localhost agent]# vi my.cnf [mysqld] log-bin=mysql-bin server_id=5
创建dockerfile
FROM mysql:5.7.31 MAINTAINER mysql from data UTC ENV TZ Asia/Shanghai COPY my.cnf /etc/mysql
制作镜像
[root@localhost agent]# docker build --rm -t zs/mysqlmaster:5.7.31 .
启动容器
docker run -dit --name mysql --restart always -p 3306:3306 -e MYSQL_ROOT_PASSWORD=admin zs/mysqlmaster:5.7.31 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
192.168.43.4 主节点创建用户
create user 'zs'@'%' identified by 'zs'; grant replication slave on *.* to 'zs'@'%'; flush privileges;
192.168.43.5 从节点运行
change master to master_host='192.168.43.4', master_user='zs', master_password='zs', master_port=3306, master_log_file='mysql-bin.000003', master_log_pos=735;
启动从节点
start slave;
查看从节点状态
9.2、Gitlab搭建
[root@localhost ~]# docker pull gitlab/gitlab-ce:12.7.6-ce.0
查看镜像
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE gitlab/gitlab-ce 12.7.6-ce.0 b9923370e7ce 3 years ago 1.85GB
启动容器
[root@localhost ~]# docker run -dit --name gitlab -p 443:443 -p 80:80 -p 222:22 --restart always -v /data/gitlab/config:/etc/gitlab -v /data/gitlab/logs:/var/log/gitlab -v /data/gitlab/data:/var/opt/gitlab -e TZ=Asia/Shanghai gitlab/gitlab-ce:12.7.6-ce.0 8e9c70c5f8543979048e38b7722a1300c6f5d21c6d60afb2110ebb2e5133274e
修改gitlab.rb这个文件
[root@localhost config]# ls gitlab.rb ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key trusted-certs gitlab-secrets.json ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
修改访问地址
external_url 'http://192.168.43.12'
修改ssh地址
gitlab_rails['gitlab_ssh_host'] = '192.168.43.12'
修改时区
gitlab_rails['time_zone'] = 'Asia/Shanghai'
修改端口
gitlab_rails['gitlab_shell_ssh_port'] = 222
访问
更改密码 12345678
登陆 root 12345678
创建组
创建项目
创建用户
组关联用户
、
