[toc]

docker笔记(一)

Virtualization And Container

主机级虚拟化

  1. Type-I 直接在硬件上做虚拟化;
  2. Type-II 启动系统后,再做虚拟化;
  3. 真正能产生生产力的,是应用层面;
  4. 系统运行两颗树:进程树和文件系统树;
  5. 基于用户层面的隔离(UTS,Mount,IPC,PID,User,Net);
  6. namespaces:名称空间,系统调用,向外输出(clone(),setns());

Linux Namespaces

namespace 系统调用参数 隔离内容 内核版本
UTS CLONE_NEWUTS 主机名和域名 2.6.19
IPC CLONE_NEWIPC 信号量、消息队列和共享内存 2.6.19
PID CLONE_NEWPID 进程编号 2.6.24
Network CLONE_NEWNET 网络设备、网络栈、端口号等 2.6.29
Mount CLONE_NEWNS 挂载点(文件系统) 2.4.19
User CLONE_NEWUSER 用户和用户组 3.8

Control Groups(cGroups)

把系统级的资源分成多个组


  • lxc-create,template
  • nmp
  • machine+swarm+compose
  • mesos+marathon
  • kubernetes -> k8s
  • libcontainer -> runC
  • Moby, CNCF
  • docker中的容器
    lxc -> libcontainer -> runC
  • OCI Open Container Initiative
    旨在围绕容器式和运行时制定一个开放的式业化标准
    the Runtime Specification(runtime-spec)
    the Image Specification(image-spec)
  • runC Open Container Format

https:hub.docker.com

  • docker 的两个版本
    docker-ee
    docker-ce
  • docker architecture
    The Docker daemon
    The Docker client
    Docker registries
  • yum 中的仓库 repository,repo
  • docker 中的仓库 repository, repo
    镜像名称 nginx:1.10 以此来命令镜像,nginx:1.15 nginx:latest 而镜像的默认版是最新版的
    nginx:1.14 nginx:stable 最新稳定版
    镜像:静态;
    容器:动态,有生命周期,特别类似于程序;
    容器常用资源: images, containers, networks, volumes, plugins,

    安装及使用docker

  • 依赖的环境
    64 bits CPU
    Linux Kernel 3.10+
    Linux Kernel cgrups and namespace

  • CentOS 7
    “Extras” repository

  • Docker Daemon
    systemctl start docker.service

  • Docker Client
    docker[OPTIONS] COMMAND [arg …]

1
2
3
4
5
6
#  cd /etc/yum.repos.d/
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum makecache
# yum repolist
# yum remove docker docker-common container-selinux docker-selinux docker-engine
# yum install docker-ce

仓库配置文件: https://dowland.docker.com/linux/centos/docker-ce.repo

Docker组件:

docker程序环境:

1
2
3
4
5
6
7
8
9
10
环境配置文件:
/etc/sysconfig/docker-network
/etc/sysconfig/docker-storage
/etc/sysconfig/docker
Unit FIle:
/usr/lib/systemd/system/docker.serivce
Docker Registry配置文件
/etc/contalners/registries.conf
docker-ce:
配置文件:/etc/docker/daemon.json

注册阿里云账号,专用加速器地址获得路径:
https://cr.console.aliyun.com/#/accelerator

Docker镜像加速

1
2
3
4
5
6
    docker cn 
阿里云加速器
中国科技大学
{
"registry-mirrors":["https://registry.docker-cn.com"]
}
1
2
3
4
5
6
# mkdir /etc/docker
# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"]
}
# systemctl start docker

查看docker 版本信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:03 2018
OS/Arch: linux/amd64
Experimental: false

Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:29 2018
OS/Arch: linux/amd64
Experimental: false
# docker info

常用操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
docker search : 搜索镜像
# docker search nginx
docker pull: 下载镜像到本地
# docker pull nginx:1.14-alpine-perl
# docker pull busybox:latest
# docker image pull nginx:1.14-alpine-perl
# docker
docker images: 列出本地镜像
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.14-alpine-perl a47b6006585d 2 weeks ago 51.6MB
busybox latest e1ddd7948a1c 8 weeks ago 1.16MB
# docker image rm a47b6006585d # 删除镜像
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest e1ddd7948a1c 8 weeks ago 1.16MB
# docker image ls --no-trunc # 列出完整image id信息
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.14-alpine-perl sha256:a47b6006585d03b999ee55c6eec4331430fb2bcddb5ce8f76f294cc997482ca2 2 weeks ago 51.6MB
busybox latest sha256:e1ddd7948a1c31709a23cc5b7dfe96e55fc364f90e1cebcde0773a1b5a30dcda 8 weeks ago 1.16MB
# docker container ls # 列出所有容器
# docker ps: 列出所有容器
# docker images: 列出所有镜像
# docker create: 创建新的container
# docker start: Start one or more stopped contaners
# docker run: Run a command in a new container
# docker attacth: Attach to a running container
# docker ps: List containers

apline: 能够能程序提供基础环境,但是体积非常小,所以在生产环境中不建议使用apline版;
busybox: 能够用一个busybox实现linux系统的多个命令,当链接busybox为ls 时,它可以执行ls命令;
链接成pwd时,可以实现pwd命令。kernel+busybox可以实现一个微linux系统;
所畏的android系统也是linux+busybox+jvm所运行的系统;

容器使用

1
2
3
4
5
6
7
8
9
10
# docker run --name b2 -it busybox:latest
/ #
# docker run --name b1 -it busybox:latest
/ # mkdir /data/www -p
/ # vi /data/www/index.html
<h1>www.ssjinyao.com</h1>
/ # httpd -f -h /data/www/
# docker inspect b1 # 查看 docker 容器的启动信息
# 在另一个终端中访问 curl 172.17.0.2
<h1>www.ssjinyao.com</h1>

docker 再启动

1
2
3
4
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57c80d23f0e5 busybox:latest "sh" 6 minutes ago Exited (130) 4 minutes ago b1
# docker container start -i -a b1

docker 容器终止

1
2
# docker kill b1
# docker stop b1

docker 启动nginx镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# docker run --name web1 -d nginx:1.14-alpine-perl 
# docker inspect web1
# [root@ssjinyao-node1:~]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

注: 一个容器就是为了运行一个程序,如果程序跑后台运行,那么容器认为程序终止了。
因为,如果程序在容器运行在后台,那么程序一启动,容器就会终止。
直接搜索下载镜像并运行

1
# docker run --name kvstor1 -d redis:4-alpine

绕过容器的边界,交互式接入进去

1
2
3
4
5
6
# docker exec -it  kvstor1 /bin/sh
/data # ps
PID USER TIME COMMAND
1 redis 0:00 redis-server
12 root 0:00 /bin/sh
16 root 0:00 ps

查看docker启动容器后的日志信息

1
# docker logs web1

docker event state

Docker 镜像的使用与管理

Docker:码头工人
一般我们部署应用程序时,我们都是散装的。而docker可以进行集装的;

Docker 镜像含有启动容器所需要的文件系统及其内容,因此,其用于创建并启动docker容器

1
2
3
4
5
6
7
采用分层构建机制,最底层为bootfs,其之为rootfs  
bootfs: 用于系统引导的文件系统,包括bootloader和kernel,
容器启动完成后会被卸载以节约内在资源
rootfs: 位于bootfs之上,表现为docker容器的根文件系统:
传统模式中,系统启动之时,内核挂载rootfs时会首先将其挂载为"只读"模式,
完整性自检后将其重新挂载为读写模式;
docker中,rootfs由内核挂载为"只读"模式,而后通过"联合挂载"技术额外提供一个可写层;

Aufs: advnaced multi-layered unification filesystem: 高级多层统一文件系统
CentOS 为求稳定,不整合此文件系统
overlayfs 从3.18版本开始被合并到Linux内核;

1
2
3
# docker info # 可以看出前端用的文件系统是overlay2,而后端用的是xfs 
Storage Driver: overlay2
Backing Filesystem: xfs

Docker Registry

启动容器时,docker daemon 会试图从本地获取镜像; 本地镜像不存在时 将Registry 中的镜像下载保存到本地;

Docker Registry 分类
Registry用于保存docker镜像,包括镜像的层次结构和元数据;
用户可自建Registry,也可以用官方的Docker Hub

分类
Sponsor Registry: 第三方的registry, 供客户和Docker社区使用
Mirror Registry: 第三方的registry,只让客户使用
Vendor Registry: 由发布Docker镜像的供应商提供的registry
Private Rgeistry: 通过设有防火墙和客外的安全层的私有实体提供的registry

Repository

1
2
3
4
5
由某特定的docker镜像的所有迭代版本组成的镜像仓库
一个Registry中可能存在多个Repository
Repository 可分为"顶层仓库" 和 "用户仓库"
用户仓库名称格式为"用户名/仓库名"
每个仓库可以包含多个Tag(标签),每个标签对应一个镜像

Index

1
2
维护用户帐户、镜像的校验以及公共命名空间的信息; 
相当于为Registry提 相当于为Registry提供了一个完成用户认证等功能

Docker Registry中的镜像通常由开发人员制作,而后推送至”公共”或”私有”Registry上保存;
供其他人员使用,例如”部署”到生产环境;

1
# docker pull registry>[:<prot>]/[<namespace>/]<name>:<tag>

quay.io 也可以下载多种镜像

1
# docker pull quay.io/coreos/flannel:v0.10.0-amd64 #指定站点pull镜像

镜像制作

镜像的生成途径
Dockerfile
基于容器制作
Docker Hub automated builds

Namespace Example(/)
organization redhat/kubernets
login(user name) alice/application, bob/application
role devel/database, test/database, prod/database
1
2
3
4
5
6
# docker container run --name busybox1 -it busybox
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ #
/ #
/ # mkdir -p /data/html
/ # echo "<h1>www.ssjinyao.com</h1>" > /data/html/index.html

暂时不关闭容器,再打开一个终端来制作镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# docker commit -p busybox1
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> d5ab408117c0 8 seconds ago 1.16MB
redis 4-alpine db23f46600bc 2 weeks ago 30MB
nginx 1.14-alpine-perl a47b6006585d 2 weeks ago 51.6MB
busybox latest e1ddd7948a1c 2 months ago 1.16MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 8 months ago 44.6MB
# 再给标签打标签
# docker tag d5ab408117c0 ssjinyao/httpd:v0.1.1-1
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ssjinyao/httpd v0.1.1-1 d5ab408117c0 About a minute ago 1.16MB
redis 4-alpine db23f46600bc 2 weeks ago 30MB
nginx 1.14-alpine-perl a47b6006585d 2 weeks ago 51.6MB
busybox latest e1ddd7948a1c 2 months ago 1.16MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 8 months ago 44.6MB
# docker tag ssjinyao/httpd:v0.1.1-1 ssjinyao/httpd:latest
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ssjinyao/httpd latest d5ab408117c0 3 minutes ago 1.16MB
ssjinyao/httpd v0.1.1-1 d5ab408117c0 3 minutes ago 1.16MB

一个IMAGE ID 对应多个Tag时,删除 Tag 不会删除镜像,而像软链一下,删除链接

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# docker image rm ssjinyao/httpd:latest
Untagged: ssjinyao/httpd:latest
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ssjinyao/httpd v0.1.1-1 d5ab408117c0 5 minutes ago 1.16MB
redis 4-alpine db23f46600bc 2 weeks ago 30MB
nginx 1.14-alpine-perl a47b6006585d 2 weeks ago 51.6MB
busybox latest e1ddd7948a1c 2 months ago 1.16MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 8 months ago 44.6MB
# docker tag ssjinyao/httpd:v0.1.1-1 ssjinyao/httpd:latest
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ssjinyao/httpd latest d5ab408117c0 6 minutes ago 1.16MB
ssjinyao/httpd v0.1.1-1 d5ab408117c0 6 minutes ago 1.16MB
redis 4-alpine db23f46600bc 2 weeks ago 30MB
nginx 1.14-alpine-perl a47b6006585d 2 weeks ago 51.6MB
busybox latest e1ddd7948a1c 2 months ago 1.16MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 8 months ago 44.6MB

制作镜像加入Command指令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# docker commit -a "ssjinyao" -c 'CMD ["/bin/httpd", "-f", "-h","/data/html"]' -p busybox1 ssjinyao/httpd:v0.1.1.1-2
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ssjinyao/httpd v0.1.1.1-2 0ec8103a1bb2 53 seconds ago 1.16MB
# docker run --name busybox2 ssjinyao/httpd:v0.1.1.1-2 # 肯据创建的镜像启动容器

# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27403687efa0 ssjinyao/httpd:v0.1.1.1-2 "/bin/httpd -f -h /d…" 30 seconds ago Up 29 seconds busybox2
6373ae374a7a redis:4-alpine "docker-entrypoint.s…" 4 days ago Up 4 days 6379/tcp kvstor1
a5ffdd373b90 nginx:1.14-alpine-perl "nginx -g 'daemon of…" 4 days ago Up 4 days 80/tcp web1
# docker inspect # 查看容器信息
# curl 172.17.0.4
<h1>www.ssjinyao.com</h1>

docker hub 建立帐号,并创建REPOSITORY

1
2
3
4
5
6
7
# docker login -u ssjinyao
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

往 hub.docker.com 上面推镜像

1
# docker push ssjinyao/httpd

可以看到,上传的镜像

国内比较常用的镜像地址
在阿里云docker 镜像站点中创建REPOSITORY
上传本地的镜像

1
2
3
4
5
6
7
8
9
10
11
12
# docker tag ssjinyao/httpd:v0.1.1.1-2 registry.cn-qingdao.aliyuncs.com/ssjinyao/httpd
# docker logout
Removing login credentials for https://index.docker.io/v1/

# docker login --username=ssjinyao registry.cn-qingdao.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
# docker push registry.cn-qingdao.aliyuncs.com/ssjinyao/httpd

docker 镜像的导入和导出

1
2
3
4
# docker save -o ssjinyao-busybox-image.gz ssjinyao/httpd:v0.1.1.1-3 ssjinyao/httpd:v0.1.1.1-2
# 将镜像复制到另一台服务器
# scp ssjinyao-busybox-image.gz root@node2:/root/
ssjinyao-busybox-image.gz 100% 1370KB 23.8MB/s 00:00

在另一台服务器上导入镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# docker load -i ssjinyao-busybox-image.gz
f9d9e4e6e2f0: Loading layer 1.378MB/1.378MB
e6baf59e35e7: Loading layer 4.608kB/4.608kB
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ssjinyao/httpd v0.1.1.1-3 cfa66f44c384 About an hour ago 1.16MB
ssjinyao/httpd v0.1.1.1-2 3dc1b07020fd About an hour ago 1.16MB
# docker run --name busybox ssjinyao/httpd:v0.1.1.1-2
# 再开启一个终端
# # docker inspect busybox | grep "IPAddress"
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
# curl 172.17.0.2
<h1>www.ssjinyao.com</h1>

虚拟化网络管理

6种名称空间: UTS, User, Mount, IPC, Pid, Net;
Linux 内核支持二层和三层设备的模拟;
OVS: Open VSwitch;

1
2
3
4
5
# yum -y install bridge-utils
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024288c640ef no veth5097b16
# ip link show #可以看到docker虚拟网卡信

在同一台服务器上启动两个容器

1
2
3
4
5
6
# docker start 27403687efa0
# docker container run --name busybox3 -it ssjinyao/httpd:v0.1.1.1-3
# 查看两个容器间基于nat的通信
# docker exec -it busybox2 /bin/sh
/ # wget -O - -q http://172.17.0.5
<h1>www.ssjinyao.com</h1>

{User,Mount,Pid}, {User,Mount,Pid} –> 共享{UTS,Net,IPC}

让容器使用管理宿主机的网络名称空间

1
# docker network inspect bridge

ip 名称空间管理

1
2
3
4
5
6
7
8
9
10
11
# yum -y install iproute
# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# ip netns add r1
# ip netns add r2
# ip netns exec r1 ifconfig -a
# ip link add name veth1.1 type veth peer name veth1.2
# ip link show | grep veth1
34: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
35: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
# ip link set dev veth1.2 netns r1 # 将设veth1.2 称到名称空间r1 中
# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether da:2a:32:c9:1e:e2 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ip netns exec r1 ip link set dev veth1.2 name eth0 # 将名称空间中的veth1.2更名为eth0
# ip netns exec r1 ifconfig -a
eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether da:2a:32:c9:1e:e2 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ifconfig veth1.1 10.1.0.1/24 up # 激活网卡veth1.1
# ip netns exec r1 ifconfig eth0 10.1.0.2/24 up # 激活r1名称空间中的 eth0
# ip netns exec r1 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.0.2 netmask 255.255.255.0 broadcast 10.1.0.255
inet6 fe80::d82a:32ff:fec9:1ee2 prefixlen 64 scopeid 0x20<link>
ether da:2a:32:c9:1e:e2 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

# ping 10.1.0.2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.945 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.061 ms
# ip link set dev veth1.1 netns r2 # 将 veth1.1 移到名称空间r2中
# ip netns exec r2 ifconfig veth1.1 10.1.0.3/24 up # 启用r2名称空间中的veth1.1
# ip netns exec r2 ping 10.1.0.2 # 在名称空间r2中ping 名称空间r1的eth0绑定的ip地址
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.214 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.080 ms

--rm 容器停止后,将容器删除
# docker run --name t1 -it --network bridge -h www.ssjinyao.com --rm busybox:latest
/ # hostname
www.ssjinyao.com
/ # ping www.ssjinyao.com
PING www.ssjinyao.com (172.17.0.6): 56 data bytes
64 bytes from 172.17.0.6: seq=0 ttl=64 time=0.094 ms
--- www.ssjinyao.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.094/0.094/0.094 ms
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.6 www.ssjinyao.com www
/ # cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.180.66.2

只要配置了正确的域名服务器,可以正解的解析

1
2
3
4
5
6
7
/ # nslookup -type=A nas.ssjinyao.com
Server: 10.180.66.2
Address: 10.180.66.2:53

Non-authoritative answer:
Name: nas.ssjinyao.com
Address: 47.104.201.165
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# docker run --name t1 -it --network bridge -h www.ssjinyao.com --dns 114.114.114.114 --dns 8.8.8.8 --rm busybox:latest
/ # cat /etc/resolv.conf
search localdomain
nameserver 114.114.114.114
nameserver 8.8.8.8
/ # hostname
www.ssjinyao.com
# docker run --name t1 -it --network bridge -h t1.ssjinyao.com --dns 114.114.114.114 --dns-search ssjinyao.com --add-host www.ssjinyao.com:1.1.1.1 --rm busybox:latest
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
1.1.1.1 www.ssjinyao.com
172.17.0.6 t1.ssjinyao.com t1

将容器的端口进行暴露

1
2
3
4
# docker run --name myweb --rm -p 80 ssjinyao/httpd:v0.1.1.1-2
# docker container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
97212485437e ssjinyao/httpd:v0.1.1.1-3 "/bin/httpd -f -h /d…" 4 minutes ago Up 4 minutes 0.0.0.0:32773->80/tcp myweb

Opening inbound communication

1
2
3
4
5
6
7
-p 选项的使用格式
-p <containerPort>
将指定的容器端口映射至主机所有地址的一个动态端口;
-p <hostPort>:<containerPort>
将容器端口<containerPort>映射至指定的主机端口<hostPort>
-p <ip>::<containerPort>
将指定的容器端口<containerPort>映射至主机指定<ip>的端口<hostPort>
1
2
3
# docker run --name myweb --rm -p 10.180.66.11:8080:80 ssjinyao/httpd:v0.1.1.1-3
# docker port myweb
80/tcp -> 10.180.66.11:8080

Joined container(联盟式容器)

共享b1容器的网络

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# docker run --name b1 -it --rm busybox
# docker run --name b2 --network container:b1 -it --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

/ # echo "Joined container" > /tmp/index.html
/ # httpd -h /tmp/
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
/ # wget -O - -q 127.0.0.1
Joined container

共享宿主机网络

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# docker run --name b2 --network host -it --rm busybox
/ #
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:88:C6:40:EF
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:88ff:fec6:40ef/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:347 errors:0 dropped:0 overruns:0 frame:0
TX packets:371 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:35796 (34.9 KiB) TX bytes:40247 (39.3 KiB)

ens33 Link encap:Ethernet HWaddr 00:0C:29:F8:70:D5
inet addr:10.180.66.11 Bcast:10.180.66.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef8:70d5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:123421 errors:0 dropped:0 overruns:0 frame:0
TX packets:39524 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:81346864 (77.5 MiB) TX bytes:8253033 (7.8 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:80 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:6944 (6.7 KiB) TX bytes:6944 (6.7 KiB)

更改docker0 桥的ip地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"],
"bip": "10.0.0.1/16",
"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.0.0 broadcast 10.0.255.255
inet6 fe80::42:88ff:fec6:40ef prefixlen 64 scopeid 0x20<link>
ether 02:42:88:c6:40:ef txqueuelen 0 (Ethernet)
RX packets 347 bytes 35796 (34.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 371 bytes 40247 (39.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# docker -H 10.180.66.11:2375 image ls

创建网桥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# docker network create -d bridge --subnet "172.26.0.0/16" --gateway "172.26.0.1" mbr0
# ifconfig
br-76b59a5dfce3: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.26.0.1 netmask 255.255.0.0 broadcast 172.26.255.255
ether 02:42:ea:15:d6:9e txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ip link set dev br-76b59a5dfce3 name docker1
RTNETLINK answers: Device or resource busy
# ifconfig br-76b59a5dfce3 down
# ifconfig docker1 up
# ifconfig docker1 down # 更改名称后默认docker 调用时会找不到docker1这个虚拟网卡
# ip link set dev docker1 name br-76b59a5dfce3
# docker run --name t1 -it --net mbr0 busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:1A:00:02
inet addr:172.26.0.2 Bcast:172.26.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:258 (258.0 B) TX bytes:0 (0.0 B)

自定义docker0桥的网络属性信息: /etc/docker/daemon.json文件

1
2
3
4
5
6
7
8
{
"bip": "192.168.1.5/24",
"fixed-cidr": "10.20.0.0/16",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
"default-gateway": "10.20.1.1",
"default-gateway-v6": "2001:db8:abcd::89",
"dns": ["10.20.1.2", "10.20.1.3"]

docker守护进程的C/S,其默认监听Unix SOcket格式的地址,/var/run/docker.sock;如果使用TCP套接字, /etc/docker/daemon.json:
“hosts”: [“tcp://0.0.0.0:2375”, “unix:///var/run/docker.sock”]

评论