Volume和Bind Mount
Docker提供三种不同方式将数据从宿主机挂载到容器中:volumes,bind mounts和tmpfs
volumes:Docker管理宿主机文件系统的一部分(/var/lib/docker/volumes)
bind mounts:可以存储在宿主机系统的任意位置
tmpfs:挂载存储在宿主机系统的内存中,而不会写入宿主机的文件系统
Volume #可以多个进程公用一个volume
#创建一个卷 docker volume create nginx-vol nginx-vol docker volume ls DRIVER VOLUME NAME local nginx-vol docker volume inspect nginx-vol [ { "CreatedAt": "2018-09-04T21:33:33-04:00", #创建时间 "Driver": "local", #驱动 "Labels": {}, "Mountpoint": "/var/lib/docker/volumes/nginx-vol/_data", #挂载点 "Name": "nginx-vol", #卷名 "Options": {}, "Scope": "local" } ]
#下载一个nginx官方镜像 docker pull nginx Using default tag: latest latest: Pulling from library/nginx be8881be8156: Pull complete 65206e5c5e2d: Pull complete 8e029c3e2376: Pull complete Digest: sha256:1b109555ad28bb5ec429422ee136c5f5ab5ee6faaeb518836a5c9a3b6436a1bd Status: Downloaded newer image for nginx:latest docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 71c43202b8ac 6 days ago 109MB centos 7 5182e96772bf 4 weeks ago 200MB docker run -dit --name=nginx-test --mount src=nginx-vol,dst=/usr/share/nginx/html nginx --name:容器的名字 --mount:挂载 src原卷的名字 dst 挂在到容器中的路径 docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3d86928ac689 nginx "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 80/tcp nginx-test 02e7612375e7 518 "/bin/bash" 22 minutes ago Up 22 minutes distracted_vil
#向容器中的挂载目录创建文件,查看是否挂载成功 docker exec nginx-test touch /usr/share/nginx/html/wk.html #向容器创建文件wk.html docker exec nginx-test ls /usr/share/nginx/html/ #查看文件是否创建成功 50x.html index.html wk.html ls /var/lib/docker/volumes/nginx-vol/_data/ #查看本地卷 50x.html index.html wk.html #如果把容器删除,本地的volumes的数据仍然存在,不清空
Bind Mounts
docker run -dit --name nginx-test3 -p 90:80 --mount type=bind,src=/var/lib/docker/volumes/nginx-vol/_data,dst=/usr/share/nginx/html nginx
#指定类型,将本地自己创建的目录挂载上去
容器部署LNMP网站平台
首先下载一个wordpress博客
wget https://cn.wordpress.org/wordpress-4.7.4-zh_CN.tar.gz
创建MySQL数据库容器
docker pull mysql:5.6 docker images REPOSITORY TAG IMAGE ID CREATED SIZE mysql 5.6 1f47fade220d 2 hours ago 256MB nginx latest 71c43202b8ac 6 days ago 109MB centos 7 5182e96772bf 4 weeks ago 200MB #创建一个自定义网络 docker network create lnmp b59ca0e58388b0857e79781de00dc8d81fba77d9d9969afd06496f087c86f7ea docker network ls NETWORK ID NAME DRIVER SCOPE f136adf5eb39 bridge bridge local b68e9da0b1e6 host host local b59ca0e58388 lnmp bridge local cf4b2d0b4394 none null local #启动MySQL数据库容器 docker run -dit --name lnmp_mysql --network lnmp -p 3306:3306 --mount src=mysql-vol,dst=/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 mysql:5.6 --character-set-server=utf8 71e98322f4c2c12772d36a841b5951e8d01c77205f6d4a13d510b3a1e24cc375 自定义网络lnmp如果不提前创建的话,在启动容器进程时会报错 如果没有提前pull好mysql:5.6那么容器在启动时会自动下载对应镜像 如果没有提前docker volume create mysql-vol,那么容器启动时会自动创建
#查看容器lnmp_mysql的日志输出
docker logs lnmp_mysql
#查看容器里启动的进程
docker top lnmp_mysql
向容器里的Mysql创建一个库
docker exec lnmp_mysql sh -c 'exec mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -e"create database wp"' Warning: Using a password on the command line interface can be insecure.
在docker宿主机上安装mysql的客户端通过端口映射访问容器内的mysql
#安装mysql客户端 yum -y install mysql #远程方式连接docker宿主机的3306端口 mysql -h192.168.200.142 -P3306 -uroot -p123456
创建nginx+PHP环境容器
#创建一个网页目录 mkdir -p /www #下载richarvey/nginx-php-fpm镜像 docker pull richarvey/nginx-php-fpm
docker images REPOSITORY TAG IMAGE ID CREATED SIZE mysql 5.6 1f47fade220d 3 hours ago 256MB nginx latest 71c43202b8ac 6 days ago 109MB centos 7 5182e96772bf 4 weeks ago 200MB richarvey/nginx-php-fpm latest af61232ce682 5 weeks ago 297MB
#启动richarvey/nginx-php-fpm镜像的容器 docker run -dit --name lnmp_web --network lnmp -p 888:80 --mount type=bind,src=/www,dst=/var/www/html richarvey/nginx-php-fpm docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ba41b324a1cd richarvey/nginx-php-fpm "docker-php-entrypoi…" 13 seconds ago Up 13 seconds 443/tcp, 9000/tcp, 0.0.0.0:888->80/tcp lnmp_web 71e98322f4c2 mysql:5.6 "docker-entrypoint.s…" 26 minutes ago Up 26 minutes 0.0.0.0:3306->3306/tcp lnmp_mysql 7c62aad40cab nginx "nginx -g 'daemon of…" 2 hours ago Up 2 hours 0.0.0.0:88->80/tcp nginx-test 02e7612375e7 518 "/bin/bash" 2 hours ago Up 2 hours distracted_villani
解压wordpress到网页目录/app/wwwroot下
tar xf wordpress-4.7.4-zh_CN.tar.gz -C /www/
博客wordpress访问测试
192.168.50.169:888/wordpress
如果打不开
按顺序执行以下命令一遍 systemctl stop firewalld systemctl stop iptables.service iptables -F iptables -P FORWARD ACCEPT iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT
网络管理
容器网络模式
Docker支持5种网络模式
bridge ; 默认网络,Docker启动后默认创建一个docker0网桥,默认创建的容器也是添加到这个网桥中
host : 容器不会获得一个独立的network namespace,而是与宿主机共用一个
none : 获取独立的network namespace,但不为容器进行任何网络配置
container :与指定的容器使用同一个network namespace,网卡配置也都是相同的
自定义 :自定义网桥,默认与bridge网络一样
bridge网络类型
#安装bridge管理工具 yum -y install bridge-utils #查看网桥状态 brctl show bridge name bridge id STP enabled interfaces br-b59ca0e58388 8000.02427e8ae48b no veth34fc3ac docker0 8000.0242e96ffd31 no vethbc1ab07 vethccc7741 #查看网络类型 docker network ls NETWORK ID NAME DRIVER SCOPE 78188ea3507b bridge bridge local b68e9da0b1e6 host host local b59ca0e58388 lnmp bridge local cf4b2d0b4394 none null #查看容器进程 docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 71e98322f4c2 mysql:5.6 "docker-entrypoint.s…" 3 hours ago Up 2 minutes 0.0.0.0:3306->3306/tcp lnmp_mysql 7c62aad40cab nginx "nginx -g 'daemon of…" 4 hours ago Up 2 minutes 0.0.0.0:88->80/tcp nginx-test 02e7612375e7 518 "/bin/bash" 5 hours ago Up 2 minutes distracted_villani #查看容器lnmp_mysql的网络信息 docker inspect lnmp_mysql | grep -A 15 "Networks" "Networks": { "lnmp": { #网络类型lnmp "IPAMConfig": null, "Links": null, "Aliases": [ "71e98322f4c2" ], "NetworkID": "b59ca0e58388b0857e79781de00dc8d81fba77d9d9969afd06496f087c86f7ea", "EndpointID": "c1b8bf54ada9f7d9bb53943b2adcfdab81e33505adaff579f7357307a19dbf37", "Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥 br-b59ca0e58388 "IPAddress": "172.18.0.2", #容器IP172.18.0.2 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:00:02", #查看容器lnmp_web的网络信息 docker inspect lnmp_web | grep -A 15 "Networks" "Networks": { "lnmp": { #网络类型lnmp "IPAMConfig": null, "Links": null, "Aliases": [ "ba41b324a1cd" ], "NetworkID": "b59ca0e58388b0857e79781de00dc8d81fba77d9d9969afd06496f087c86f7ea", "EndpointID": "8c050c4cb67b69179316210e19fb129ebb75ae2fe0ce40b929d6d70dd3d628b6", "Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥 br-b59ca0e58388 "IPAddress": "172.18.0.3", #容器IP172.18.0.3 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:00:03", #查看容器nginx-test的网络信息 docker inspect nginx-test | grep -A 15 "Networks" "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "78188ea3507be36ff03aedb3e271c3ca5739983ad12020109b7c739318fd736f", "EndpointID": "9d9b3e2f0dcb049cabd874a91743f16a86b9dcf4c1f41b4b6d849ca7a5dc18cb", "Gateway": "172.17.0.1", #网关172.17.0.1,这就是网桥docker0 "IPAddress": "172.17.0.2", #容器IP172.17.0.2 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null }
host网络类型
#启动一个网络类型为host的容器 docker run -dit --name hehe --network host centos:7 /bin/bash docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0b74acb0c57d centos:7 "/bin/bash" 3 seconds ago Up 3 seconds hehe ba41b324a1cd richarvey/nginx-php-fpm "docker-php-entrypoi…" 3 hours ago Up 9 minutes 443/tcp, 9000/tcp, 0.0.0.0:888->80/tcp lnmp_web 71e98322f4c2 mysql:5.6 "docker-entrypoint.s…" 3 hours ago Up 14 minutes 0.0.0.0:3306->3306/tcp lnmp_mysql 7c62aad40cab nginx "nginx -g 'daemon of…" 4 hours ago Up 14 minutes 0.0.0.0:88->80/tcp nginx-test 02e7612375e7 518 "/bin/bash" 5 hours ago Up 14 minutes docker exec 0b hostname -I 192.168.50.169 172.18.0.1 172.17.0.1
#启动一个网络类型为host的容器 docker run -dit --name hehe --network host centos:7 /bin/bash
运行一个容器 容器名字hehe 网络类型 host 镜像名 开起一个终端 docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0b74acb0c57d centos:7 "/bin/bash" 3 seconds ago Up 3 seconds hehe ba41b324a1cd richarvey/nginx-php-fpm "docker-php-entrypoi…" 3 hours ago Up 9 minutes 443/tcp, 9000/tcp, 0.0.0.0:888->80/tcp lnmp_web 71e98322f4c2 mysql:5.6 "docker-entrypoint.s…" 3 hours ago Up 14 minutes 0.0.0.0:3306->3306/tcp lnmp_mysql 7c62aad40cab nginx "nginx -g 'daemon of…" 4 hours ago Up 14 minutes 0.0.0.0:88->80/tcp nginx-test 02e7612375e7 518 "/bin/bash" 5 hours ago Up 14 minutes#查看容器的ipdocker exec 0b hostname -I #这就是网络类型为host的容器,ip地址和docker宿主机完全一样
192.168.50.169 172.18.0.1 172.17.0.1
docker exec 02 hostname -I #网桥类型容器
172.17.0.3
none网络类型(用于建立与宿主机的桥接模式)
#启动一个网络类型为none的容器 docker run -dit --name xixi --network none centos:7 d19a66e71c68dd54e889fde9d6efda6b1dfa69cb880a3a6fd9c24136b511856a #查看容器IP地址 docker exec xixi hostname -I 查询后发现,什么IP地址都没有,none类型就是暂时不给容器指定网卡
container网络类型
#启动一个容器,网络类型container,使用distracted_villani容器的网卡 docker run -dit --name wawo --network container:distracted_villani centos:7 /bin/bash 52dc72b75e32f98c94ded4a9e491814a5e8de718ca7c5c55d4603236a91c61fb docker inspect 02 | grep -A 15 "Networks" "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "78188ea3507be36ff03aedb3e271c3ca5739983ad12020109b7c739318fd736f", "EndpointID": "90a80dfd64372423317d5d35c65b12f3e38a3751806578417190618bb173b5aa", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03", "DriverOpts": null } docker inspect wawo | grep -A 15 "Networks" "Networks": {} #test4容器并没有自己的网络设置 } } ] docker exec wawo hostname -I #test4没有网络设置却有IP地址和test容器完全一样 172.17.0.3
桥接宿主机网络与配置固定IP地址
建立网桥桥接到宿主机网络
#构建一个永久生效的网桥br0 vim /etc/sysconfig/network-scripts/ifcfg-eth0 #在配置文件末尾加入BRIDGE=br0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=eth0 UUID=704ca798-b347-40df-a13d-c521eadd8929 DEVICE=eth0 ONBOOT=yes IPV6_PRIVACY=no BRIDGE=br0 vim /etc/sysconfig/network-scripts/ifcfg-br0 #添加br0配置文件 TYPE=Bridge BOOTPROTO=static DEVICE=br0 ONBOOT=yes IPADDR=192.168.50.169 NETMASK=255.255.255.0 GATEWAY=192.168.50.2 DNS1=192.168.50.2 service network restart #重启网卡 #查看网卡IP ifconfig eth0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 #eth0网卡已经没有IP地址了 inet6 fe80::20c:29ff:fe01:60fa prefixlen 64 scopeid 0x20<link> ether 00:0c:29:01:60:fa txqueuelen 1000 (Ethernet) RX packets 6143 bytes 818283 (799.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3527 bytes 520564 (508.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ifconfig br0 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.50.169 netmask 255.255.255.0 broadcast 192.168.50.255 #网桥br0代替了eth0 inet6 fe80::20c:29ff:fe01:60fa prefixlen 64 scopeid 0x20<link> ether 00:0c:29:01:60:fa txqueuelen 1000 (Ethernet) RX packets 261 bytes 18191 (17.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 122 bytes 29032 (28.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 brctl show bridge name bridge id STP enabled interfaces br-b59ca0e58388 8000.02427e8ae48b no br0 8000.000c290160fa no eth0 #网桥br0,桥接在了真实的物理网卡eth0上
veth1pl3506 docker0 8000.0242e96ffd31 no vethccc7741
通过pipework工具配置容器固定IP
pipework工具下载地址:https://github.com/jpetazzo/pipework.git
#解压安装pipework工具 yum -y install unzip unzip pipework-master.zip Archive: pipework-master.zip ae42f1b5fef82b3bc23fe93c95c345e7af65fef3 creating: pipework-master/ extracting: pipework-master/.gitignore inflating: pipework-master/LICENSE inflating: pipework-master/README.md inflating: pipework-master/docker-compose.yml creating: pipework-master/doctoc/ inflating: pipework-master/doctoc/Dockerfile inflating: pipework-master/pipework inflating: pipework-master/pipework.spec mv pipework-master /usr/local/
ln -s /usr/local/pipework-master/pipework /usr/local/bin/
#建立网络类型为none的容器,并通过pipework配置固定ip地址 docker run -dit --name gaga --net none centos:5 /bin/bash pipework br0 gaga 192.168.50.28/24@192.168.50.2 #设置容器固定IP为192.168.200.199网关192.168.200.2 docker exec gaga hostname -I #查看容器gaga的IP 192.168.50.28
[root@wk ~]# docker exec -it gaga /bin/bash #进入容器gaga
[root@d19a66e71c68 /]# ping www.baidu.com #在容器内ping外网能ping通
PING www.a.shifen.com (119.75.213.61) 56(84) bytes of data.
64 bytes from 127.0.0.1 (119.75.213.61): icmp_seq=1 ttl=128 time=2.94 ms
64 bytes from 127.0.0.1 (119.75.213.61): icmp_seq=2 ttl=128 time=4.95 ms
在windos上ping容器gaga
