随笔- 79 文章- 0 评论- 2 阅读- 35622

docker是个啥？

docker

第一问：什么是容器

容器就是在一个隔离的环境中运行的一个进程。注意关键词，隔离和进程。如果进程停止，那么容器就销毁。因为具有隔离的特点，所以每个容器都拥有自己的文件系统：包括IP地址、主机名等。什么是进程呢？简单理解就是一个程序。一条命令就是一个程序，比如ls,df -h

既然是隔离的环境，那docker容器和虚拟化有啥区别呢？？

第二问：容器和虚拟化的区别

Linux容器技术，容器虚拟化和KVM虚拟化的区别

KVM虚拟化：需要硬件的支持，需要模拟硬件（qemu），可以运行不同的操作系统，启动时间分钟级，需要一个正常的开机流程（1、BIOS开机硬件自检；2、根据BIOS设置的开机启动顺序；3、读取MBR引导（分区、内核）。。。。）

容器：容器属于Linux内核的一个技术，不需要硬件支持，公用宿主机内核，所以容器内的系统只能是Linux，启动时间秒级（公用宿主机的内核，不用前面BIOS自检的过程）

容器和虚拟化的优缺点总结：

容器：性能好，轻量化，启动快，只能运行在Linux上；

虚拟机：性能损耗多，启动慢，能够运行多个操作系统平台；

3、容器的发展

其实容器的早期雏形是chroot技术，新建一个子系统，改变根目录来运行多个系统，并实现一定程度隔离；

Linux container（LXC）

然后发展出了Linux container（LXC），Lxc是最接近虚拟机的容器技术，基于ubantu，对centos的支持不是特别友好：

1、拥有独立的namespace命名空间，可提供隔离环境；

2、cgroup，用来用限制一个进程能使用的系统资源或计算资源；

LXC容器创建过程：

1、修改base yum源，wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

2、添加epel源，wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

3、安装LXC需要的软件，yum install lxc-* -y && yum install libcgroup* -y && yum install bridge-utils.x86_64 -y 因为是centos系统，所以后面两个包是需要安装的；

4、创建桥接网卡，这是因为在lxc的初始配置文件中要求的网卡信息有规定：

[root@LXC-10 yum.repos.d]# cat /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
[root@LXC-10 yum.repos.d]#

其实在ubantu系统里面，安装完LXC后，自己就会建立相应的桥接网卡，只不过在centos系统中，需要自己去创建

echo 'TYPE=Ethernet
BOOTPROTO=none
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=virbr0' > /etc/sysconfig/network-scripts/ifcfg-ens32

echo 'TYPE=Bridge
BOOTPROTO=none
NAME=virbr0
DEVICE=virbr0
ONBOOT=yes
IPADDR=10.0.0.16
NETMASK=255.255.255.0
GATEWAY=10.0.0.2
DNS=114.114.114.114' >/etc/sysconfig/network-scripts/ifcfg-virbr0

5、启动cgroup、lxc服务，systemctl start cgconfig.service && systemctl start lxc.service && systemctl enable cgconfig.service && systemctl enable lxc.service

6、创建LXC容器，可参见https://mirror.tuna.tsinghua.edu.cn/help/lxc-images/，lxc-create -t download -n my-container -- --server mirrors.tuna.tsinghua.edu.cn/lxc-images -d centos -r 6 -a amd64这几个参数用来指定发行版、版本号和架构三个参数

Downloading the image index 会在/tmp下生成临时目录

[root@LXC-10 ~]# cd /tmp/
[root@LXC-10 tmp]# ll
total 0
drwx------. 2 root root 24 Sep  6 05:06 ssh-3rTdYpl9wI
drwx------. 3 root root 17 Sep  6 06:29 systemd-private-f3a031d2b1c24651a394c24d0e6fae8c-vmtoolsd.service-nKQxYw
drwx------. 3 root root 47 Sep  6 06:59 tmp.MDcEY1DJq4
[root@LXC-10 tmp]# cd tmp.MDcEY1DJq4/
[root@LXC-10 tmp.MDcEY1DJq4]# ll
total 32
drwx------. 2 root root    83 Sep  6 06:59 gpg
-rw-r--r--. 1 root root 28139 Aug 26 18:16 index
-rw-r--r--. 1 root root   833 Aug 26 18:16 index.asc

Downloading the rootfs 下载文件系统，并保存在临时目录下

[root@LXC-10 tmp.MDcEY1DJq4]# ll
total 44
drwx------. 2 root root    83 Sep  6 07:06 gpg
-rw-r--r--. 1 root root 28139 Aug 26 18:16 index
-rw-r--r--. 1 root root   833 Aug 26 18:16 index.asc
-rw-r--r--. 1 root root   924 Aug 25 15:30 meta.tar.xz
-rw-r--r--. 1 root root   833 Aug 25 15:30 meta.tar.xz.asc
-rw-r--r--. 1 root root   833 Aug 25 15:30 rootfs.tar.xz.asc

Downloading the metadata
The image cache is now ready
Unpacking the rootfs #解压，缓存在缓存目录中 /var/cashe，解压后存放在/var/lib/lxc

---
You just created a Centos 6 x86_64 (20200825_07:08) container.

下载完成后就会删除/tmp下的目录

[root@LXC-10 default]# pwd
/var/cache/lxc/download/centos/6/amd64/default
[root@LXC-10 default]# ls
build_id  config.2  config-user    config-user.3   excludes-user  templates
config    config.3  config-user.1  config-user.4   expiry
config.1  config.4  config-user.2  create-message  rootfs.tar.xz

[root@LXC-10 rootfs]# pwd
/var/lib/lxc/my-container/rootfs
[root@LXC-10 rootfs]# ls
bin   dev  home  lib64  mnt  proc  run   selinux  sys  usr
boot  etc  lib   media  opt  root  sbin  srv      tmp  var
[root@LXC-10 rootfs]#

[root@LXC-10 tmp]# ll
total 0
drwx------. 2 root root 24 Sep  6 05:06 ssh-3rTdYpl9wI
drwx------. 3 root root 17 Sep  6 06:29 systemd-private-f3a031d2b1c24651a394c24d0e6fae8c-vmtoolsd.service-nKQxYw
[root@LXC-10 tmp]#

这样一个容器就创建完成了！

常用命令可通过table补全

[root@LXC-10 yum.repos.d]# lxc-
lxc-attach           lxc-config           lxc-execute          lxc-snapshot         lxc-unfreeze
lxc-autostart        lxc-console          lxc-freeze           lxc-start            lxc-unshare
lxc-cgroup           lxc-create           lxc-info             lxc-start-ephemeral  lxc-usernsexec
lxc-checkconfig      lxc-destroy          lxc-ls               lxc-stop             lxc-wait
lxc-clone            lxc-device           lxc-monitor          lxc-top
[root@LXC-10 yum.repos.d]# lxc-ls
centos7       my-container
[root@LXC-10 yum.repos.d]# lxc-ls --help
usage: lxc-ls [-h] [-1] [-P PATH] [--active] [--frozen] [--running]
              [--stopped] [-f] [-F FANCY_FORMAT] [--nesting] [--version]
              [FILTER]

LXC: List containers

由于lxc容器连用户名和密码都没配置，需要手动进行配置

[root@LXC-10 ~]# cd /var/lib/lxc/centos7/
[root@LXC-10 centos7]# ll
total 4
-rw-r--r--.  1 root root 560 Sep  5 23:26 config
drwxr-xr-x. 18 root root 259 Sep  5 23:37 rootfs
lrwxrwxrwx.  1 root root  34 Sep  5 23:37 rootfs.dev -> /dev/.lxc/centos7.f29e3af285394b5f
[root@LXC-10 centos7]# cd rootfs
[root@LXC-10 rootfs]# chroot . passwd
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
Sorry, passwords do not match.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

[root@LXC-10 ~]# lxc-start -n centos7
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!

Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice System Slice.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Reached target Paths.
[  OK  ] Reached target Swap.
[  OK  ] Reached target Local Encrypted Volumes.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Reached target Slices.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Listening on Journal Socket.
[  OK  ] Reached target Local File Systems (Pre).
         Starting Configure read-only root support...
         Starting Read and set NIS domainname from /etc/sysconfig/network...
         Starting Journal Service...
         Mounting Huge Pages File System...
         Mounting POSIX Message Queue File System...
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Started Read and set NIS domainname from /etc/sysconfig/network.
[  OK  ] Mounted Huge Pages File System.
[  OK  ] Started Journal Service.
         Starting Flush Journal to Persistent Storage...
[  OK  ] Started Configure read-only root support.
         Starting Load/Save Random Seed...
[  OK  ] Reached target Local File Systems.
[  OK  ] Started Load/Save Random Seed.
<46>systemd-journald[16]: Received request to flush runtime journal from PID 1
[  OK  ] Started Flush Journal to Persistent Storage.
         Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[  OK  ] Reached target System Initialization.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Reached target Timers.
[  OK  ] Reached target Basic System.
[  OK  ] Started D-Bus System Message Bus.
         Starting Turn off network device...
         Starting LSB: Bring up/down networking...
         Starting Permit User Sessions...
         Starting Login Service...
         Starting Cleanup of Temporary Directories...
[  OK  ] Started Turn off network device.
[  OK  ] Started Permit User Sessions.
[  OK  ] Started Cleanup of Temporary Directories.
[  OK  ] Started Console Getty.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Command Scheduler.
[  OK  ] Started Login Service.

CentOS Linux 7 (Core)
Kernel 3.10.0-514.el7.x86_64 on an x86_64

centos7 login: