运维实战 容器部分 Docker入门简介
Posted 洛冰音
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了运维实战 容器部分 Docker入门简介相关的知识,希望对你有一定的参考价值。
什么是Docker
简单来说:
- IT 软件中所说的
Docker
,是指容器化技术,用于支持创建和使用Docker容器
. - 借助
Docker
,可将容器当做轻巧, 模块化的虚拟机使用. 同时,您还将获得高度的灵活性,从而实现对容器的高效创建, 部署及复制,并能将其从一个环境顺利迁移至另一个环境,从而有助于您针对云来优化您的应用. - Docker 使用
Google
公司推出的 Go 语言 进行开发实现,基于Linux
内核的 cgroup,namespace,以及 OverlayFS 类的 Union FS 等技术,对进程进行封装隔离,属于 操作系统层面的虚拟化技术。由于隔离的进程独立于宿主和其它的隔离的进程,因此也称其为容器。
与传统虚拟化的区别
与传统虚拟化相比
- 容器不需要模拟硬件层,传统虚拟化一定有虚拟化操作系统层.
- 共享同一个宿主机的内核
安装Docker
对于Docker而言,需要预先知道以下内容.
Docker
通过镜像创建容器,而镜像存储在仓库中.
容器内包含自己需要的内容和设置,与外部交互需要进行端口映射.
##安装依赖
yum install -y container-selinux-2.77-1.el7.noarch.rpm containerd.io-1.4.4-3.1.el7.x86_64.rpm
##安装Docker-CE
yum install -y docker-ce-19.03.15-3.el7.x86_64.rpm docker-ce-cli-19.03.15-3.el7.x86_64.rpm
##启用服务
systemctl start docker.service
##查看Docker信息
docker info
这里为了讲解特别列出这一步.
[root@Server1 docker-ce]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.15
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 991MiB
Name: Server1
ID: BTTL:NBTO:2QFW:6AI3:6MAG:7XRR:MMZV:7RMH:W4WA:Z7JC:WIAQ:U5TX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
可以看到最后出现了两行警告信息.
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
这是由于Docker服务的实现需要借助网桥,而默认情况下这两项设置是可能没有打开的.
[root@Server1 sysctl.d]# sysctl -a | grep bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@Server1 docker-ce]# sysctl net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 0
[root@Server1 docker-ce]# sysctl -a | grep bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-ip6tables = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@Server1 docker-ce]# sysctl net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-ip6tables = 0
通过修改sysctl
的配置更改其设定.
通常我们不直接更改sysctl.conf
的内容而是在其配置目录中追加新的配置文件方便管理.
[root@Server1 docker-ce]# cd /etc/sysctl.d/
[root@Server1 sysctl.d]# ls
99-sysctl.conf
[root@Server1 sysctl.d]# vim docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
##刷新配置看到生效
[root@Server1 sysctl.d]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/docker.conf ...
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
* Applying /etc/sysctl.conf ...
##再次查看信息,警告消失
[root@Server1 sysctl.d]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.15
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 991MiB
Name: Server1
ID: BTTL:NBTO:2QFW:6AI3:6MAG:7XRR:MMZV:7RMH:W4WA:Z7JC:WIAQ:U5TX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
简单入门
##从官方仓库中搜索用于简单联系的镜像
[root@Server1 sysctl.d]# docker search yakexi007
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
yakexi007/game2048 0
yakexi007/mario 0
yakexi007/nginx 0
##下载2048小游戏的镜像
[root@Server1 sysctl.d]# docker pull yakexi007/game2048
Using default tag: latest
latest: Pulling from yakexi007/game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for yakexi007/game2048:latest
docker.io/yakexi007/game2048:latest
##查看本地镜像列表
[root@Server1 sysctl.d]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
##通过镜像构建容器
[root@Server1 sysctl.d]# docker run -d --name 2048 -p 80:80 yakexi007/game2048
2f6310c4fba15bf9c95ec50918c5ff2bc18d4309dd5fe8cec198470af4b21710
关于这一步命令的参数
-d 后台运行容器,并返回容器ID
--name 指定容器名
-p 指定端口映射,格式为 主机(宿主)端口:容器端口
最后为指定的镜像
结束后进行检查
##查看端口使用情况,可以看到80端口出现了docker-proxy
[root@Server1 sysctl.d]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3215/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3404/master
tcp 0 0 172.25.5.1:22 172.25.5.250:45152 ESTABLISHED 3499/sshd: root@pts
tcp6 0 0 :::80 :::* LISTEN 4520/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 3215/sshd
tcp6 0 0 ::1:25 :::* LISTEN 3404/master
##列出运行中的容器
[root@Server1 sysctl.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f6310c4fba1 yakexi007/game2048 "/bin/sh -c 'sed -i …" 20 seconds ago Up 20 seconds 0.0.0.0:80->80/tcp, 443/tcp 2048
##列出所有容器,包括未运行的
[root@Server1 sysctl.d]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f6310c4fba1 yakexi007/game2048 "/bin/sh -c 'sed -i …" 24 seconds ago Up 23 seconds 0.0.0.0:80->80/tcp, 443/tcp 2048
以上是关于运维实战 容器部分 Docker入门简介的主要内容,如果未能解决你的问题,请参考以下文章