一. Docker介紹和安裝
1.Docker的組成結構:
2.Docker和Openstack對比:
3.安裝Docker服務:
yum install docker
systemctl start docker
二. Docker鏡像和容器管理
1.下載Docker的centos官方鏡像:
docker pull centos
docker images
2.Docker的官方鏡像導出和導入:
docker save centos >/tmp/centos.tar.gz
docker load < /tmp/centos.tar.gz
3.刪除鏡像(如果創建了容器就不能刪除):
docker rmi a8493f5f50ff
4.使用centos鏡像創建一個容器並運行一條命令:
docker run centos /bin/echo "hello world"
docker ps -a #查看所有容器進程
5.創建centos鏡像的一個容器:
docker run --name mydocker -t -i centos /bin/bash
--name: 容器的名稱
-t: 分配一個僞終端tty
-i: 讓容器的標準輸出保持打開
centos: 代表鏡像名稱,如果沒有會自動下載
/bin/bash: 容器要執行的命令
6.啓動並進入一個docker的容器:
docker start 5dff8e600d59
docker attach 5dff8e600d59
7.獲取docker進程的PID:
docker inspect --format "{{.State.Pid}}" 5dff8e600d59
8.通過nsenter進入容器:
nsenter -t 4851 -m -u -i -n -p #"4851"是上面命令獲取的進程PID值(這樣退出就不會終止容器)
9.通過腳本進入容器:
#!/bin/bash
if [ -z $1 ];then
echo "請輸入docker的進程PID或者name!"
else
PID=$(docker inspect --format "{{.State.Pid}}" $1)
echo $PID
nsenter -t ${PID} -m -u -i -n -p
fi10.刪除一個停止的docker容器:
docker rm ab7e0c55cfba
docker run --rm centos /bin/echo "hello "
--rm: 容器停止時自動刪除
11.殺掉一個正在運行的容器:
docker kill 5dff8e600d59
三. Docker網絡和存儲管理
1.隨機端口映射啓動nginx容器:
docker run --name mynginx -d -P nginx
-P: 隨機端口映射
-d: 放在前臺運行
2.指定端口映射啓動nginx容器:
docker run --name mynginx -d -p 81:80 nginx
3.創建一個指定磁盤映射的centos容器:
docker run -d --name volume-test2 -v /opt:/opt centos
-v /opt:/opt_1: 將物理機的opt目錄掛載到容器裏面的opt_1下
-d :不進入容器,放在後臺運行
4.掛載其他容器的數據卷啓動容器:
docker run -it --name test1 --volumes-from nfs centos
5.查看docker容器的詳細信息:
docker inspect volume-test1
四. Docker手動構建鏡像
1.啓動centos容器並安裝nginx然後製作鏡像:
docker commit -m "nginx" 9ad452800f4b wmj/mynginx:v1
-m: 需要製作鏡像的名稱和id
wmj: dockerhub的用戶名,可以隨便寫
mynginx: 製作後的鏡像名稱
v1: 版本號
docker run -it --name nginxv1 wmj/mynginx:v1 #啓動自定義鏡像
2.啓動自己製作的nginx容器:
docker run -d -p 82:80 wmj/nginx:v2 nginx
五. Docker-Dockerfile構建鏡像
1.編輯自己的nginx鏡像構建文件:
vim /root/Dockerfile #文件名不能改
# This docker file
# VERSION 1
# Author: wmj
# Base image
FROM centos
MAINTAINER wmj wmj@163.com
#Commands
RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
RUN yum install -y nginx
ADD index.html /usr/share/nginx/html/index.html
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
EXPOSE 80
CMD ["nginx"]vim /root/index.html #隨便寫點
2.開始構建自定義鏡像:
docker build -t wmj/mynginx:v1 /root/
docker run -d -p 83:80 --name mynginx wmj/mynginx:v1 #啓動鏡像
六. Docker-Registry私有倉庫構建
1.安裝Docker-Registry:
docker pull registry
docker run -d -p 5000:5000 registry
2.配置https訪問:
yum install nginx httpd-tools
vim /etc/nginx/conf.d/docker-registry.conf
upstream docker-registry {
server localhost:5000;
}
server {
listen 8080;
server_name registry.wmj.com;
ssl on;
ssl_certificate /etc/ssl/nginx.crt;
ssl_certificate_key /etc/ssl/nginx.key;
proxy_set_header Host $http_host; # required for Docker client sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client IP
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
chunked_transfer_encoding on;
location / {
# let Nginx know about our auth file
auth_basic "Docker";
auth_basic_user_file docker-registry.htpasswd;
proxy_pass http://docker-registry;
}
location /_ping {
auth_basic off;
proxy_pass http://docker-registry;
}
location /v1/_ping {
auth_basic off;
proxy_pass http://docker-registry;
}
}# htpasswd -c docker-registry.htpassw wmj #生成http密碼
3.手動生成證書:
生成根證書
# cd /etc/pki/CA/
# touch ./{serial,index.txt}
# echo "00" > serial
爲CA生成一個私鑰
# openssl genrsa -out private/cakey.pem 2048
簽發CA證書
# openssl req -new -x509 -key private/cakey.pem -days 3650 cacert.pem
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Changsha
Locality Name (eg, city) [Default City]:Changsha
Organization Name (eg, company) [Default Company Ltd]:wmj
Organizational Unit Name (eg, section) []:docker
Common Name (eg, your name or your server's hostname) []:docker.wmj.com
Email Address []:[email protected]
生成nginx的key:
# cd /etc/ssl/
# openssl genrsa -out nginx.key 2048
# openssl req -new -key nginx.key -out nginx.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Changsha
Locality Name (eg, city) [Default City]:Changsha
Organization Name (eg, company) [Default Company Ltd]:wmj
Organizational Unit Name (eg, section) []:docker
Common Name (eg, your name or your server's hostname) []:registry.wmj.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
簽發nginx證書:
# openssl ca -in nginx.csr -days 3650 -out nginx.crt #按兩個Y
讓系統接受自簽發的證書:
# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt4.登陸到Docker-registry:
docker login -u wmj -p 123123 -e [email protected] registry.wmj.com
-u: nginx訪問用戶名
5.上傳鏡像到私有倉庫:
#標記“wmj/nginx:v3”鏡像到私有倉庫上面
docker tag wmj/nginx:v3 registry.wmj.com:5000/wmj/nginx:latest
docker push registry.wmj.com:5000/wmj/nginx:latest #上傳鏡像到私有倉庫
docker pull registry.wmj.com:5000/wmj/nginx:latest #下載鏡像
六. docker的web管理軟件shipyard
1.讓Docker監聽tcp端口:
vim /etc/sysconfig/doc
OPTIONS=後面添加:
“-H tcp://0.0.0.0:235 -H unix://var/run/docker.sock”
2.重啓並驗證:
systemctl restart docker
curl -s 172.16.2.241:235/info |python -mjson.tool
3.一鍵安裝shipyard:
curl -s https://shipyard-project.com/deploy | bash -s
七. 使用 Supervisor 來管理進程
1.通過Dockerfile構建lnmp鏡像:
# This docker file
# VERSION 1
# Author: wmj
# Wordpress image
FROM centos
MAINTAINER wmj wmj@163.com
#Commands
RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
RUN yum install -y nginx net-tools supervisor
RUN yum install -y php php-fpm
RUN yum install -y mariadb mariadb-server
RUN yum install -y php-mysql php-gd libjpeg* php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-bcmath php-mhash
RUN /usr/bin/mysql_install_db --user=mysql
ADD supervisord.conf /etc/supervisord.conf
ADD index.html /usr/share/nginx/html/index.html
ADD test.php /usr/share/nginx/html/test.php
ADD blog.conf /etc/nginx/conf.d/blog.conf
ADD wordpress-4.7.3-zh_CN.tar.gz /usr/share/nginx/html/
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
EXPOSE 81 3306
CMD ["/usr/bin/supervisord"]vim supervisord.conf
[supervisord]
nodaemon=true
[program:nginx]
command=/usr/sbin/nginx
[program:php-fpm]
command=/usr/sbin/php-fpm
[program:mysql]
command=/usr/bin/mysqld_safe