docker是一個開源的應用容器引擎,系統級的輕量虛擬化技術。
應用程序的自動化部署解決方案,能夠迅速創建一個容器,並在容器上部署和運行應用程序,並通過配置文件可以輕鬆實現應用程序的自動化安裝、部署和升級。
docker使用Go語言編寫,用cgroup實現資源隔離,容器技術採用LXC,lxc是一種內核虛擬化技術,提供輕量級的虛擬化。lxc是linux內核一個特性,它允許進程或進程組運行在一塊獨立的空間,並能對其控制。並實現容器與宿主機資源共享。
相關組件及功能?
1.LXC,docker是lxc的管理器。提供一系列更強的功能,如可移植性(定義了標準,可以在任意主機運行)、自動化構建(dockerfile)、版本控制、鏡像共享等。
2.cgroup,lxc是cgroup的管理工具。限制進程或進程組使用的系統資源管理。提供類似文件的接口,非常方便配置。
3.namespace,cgroup是namespace的用戶空間的管理接口。並對進程或進程組之間隔離,如果net、mnt、pid、user等。
4.aufs(AnotherUnionFS),支持將不同目錄掛載到同一個虛擬文件系統。docker容器分爲只讀的鏡像層與上面可寫層,AUFS實現在可寫層上進行增量的修改(增量文件系統)。
docker目前支持的聯合文件系統種類包括 AUFS、btrfs、vfs和DeviceMapper
5.chroot,使容器運行在指定的目錄內。
組件之間關係?
cgroup是在底層實現資源管理,lxc在cgroup上封裝了一層,docker又在lxc封裝了一層。
工作方式?
當我們啓動一個docker容器時,docker會加載只讀鏡像,並在其上添加一個讀寫層(將鏡像目錄複製一份到/var/lib/docker/aufs/mnt以ID爲目錄下,我們可以使用chroot進入此目錄,與容器裏面的目錄一樣)。如果運行中的容器修改現有的一個已經存在的文件,那該文件將會從讀寫層下面的只讀層複製到讀寫層,該文件的只讀版本仍然存在,只是已經被讀寫層中的該文件的副本所隱藏,當刪除docker容器,並通過該鏡像重新啓動時,之前的更改將會丟失。
在docker中,只讀層及在頂部的讀寫層的組合被稱爲Union File System,UFS(聯合文件系統)
(1)下載安裝
下載安裝
~$sudo apt-get install docker.io
~$sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker
查看狀態
~$sudo service docker status
docker start/running, process 17905
查看版本
~$sudo docker version
docker start/running, process 17905
~$ sudo docker version
Client version: 1.6.2
Client API version: 1.18
Go version (client): go1.2.1
Git commit (client): 7c8fca2
OS/Arch (client): linux/amd64
Server version: 1.6.2
Server API version: 1.18
Go version (server): go1.2.1
Git commit (server): 7c8fca2
OS/Arch (server): linux/amd64
查看信息
~$sudo docker -D info
Containers: 5
Images: 2
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 12
Dirperm1 Supported: false
Execution Driver: native-0.2
Kernel Version: 3.13.0-92-generic
Operating System: Ubuntu 14.04.3 LTS
CPUs: 4
Total Memory: 7.681 GiB
Name: vobile-B85M-D3V
ID: UBLC:EWSG:XV2E:5ILL:WDOY:PZTG:KGGO:O6GQ:ZBGJ:MFBO:UT4L:A5JH
Debug mode (server): false
Debug mode (client): true
Fds: 20
Goroutines: 22
System Time: Tue Aug 23 16:14:27 CST 2016
EventsListeners: 0
Init SHA1: 22082e594df367c79a11672c59a9d5da15851227
Init Path: /usr/lib/docker.io/dockerinit
Docker Root Dir: /var/lib/docker
WARNING: No swap limit support
補充:
安裝最新版本deocker(添加源https://get.docker.io/ubuntu):
確認/usr/lib/apt/methods/https是否存在,如果不存在,則安裝 apt-get install apt-transport-https
~$sudo apt-get install apt-transport-https
將Docker官方資料庫的訪問Key添加到你本地系統
~$sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.wfZ40rp7nH --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/sogou-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com
gpg: key A88D21E9: public key "Docker Release Tool (releasedocker) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
安裝Lxc-docker包
~$sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
~$sudo apt-get update
安裝最新版本的docker:
~$sudo apt-get install -y lxc-docker
ln -sf /usr/bin/docker /usr/local/bin/docker
~$sudo apt-get upgrade lxc-docker
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
lxc-docker is already the newest version.
(2)搜索/下載/安裝images
查看images
~$sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
搜索images
~$sudo docker search debian
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
debian Debian is a Linux distribution that's comp... 1585 [OK]
neurodebian NeuroDebian provides neuroscience research... 27 [OK]
jesselang/debian-vagrant Stock Debian Images made Vagrant-friendly ... 8 [OK]
armbuild/debian ARMHF port of debian 8 [OK]
eboraas/debian Debian base images, for all currently-avai... 5 [OK]
mschuerig/debian-subsonic Subsonic 5.1 on Debian/wheezy. 4 [OK]
reinblau/debian Debian with usefully default packages for ... 2 [OK]
frekele/debian docker run --rm --name debian frekele/debian 2 [OK]
datenbetrieb/debian minor adaption of official upstream debian... 1 [OK]
maxexcloo/debian Docker base image built on Debian with Sup... 1 [OK]
servivum/debian Debian Docker Base Image with Useful Tools 1 [OK]
lucasbarros/debian Basic image based on Debian 1 [OK]
webhippie/debian Docker images for debian 1 [OK]
lephare/debian Base debian images 1 [OK]
eeacms/debian Docker image for Debian to be used with EE... 1 [OK]
icedream/debian-jenkinsslave Debian for Jenkins to be used as slaves. 0 [OK]
konstruktoid/debian Debian base image 0 [OK]
smartentry/debian Debian with smartentry 0 [OK]
fike/debian Debian Images with language locale installed. 0 [OK]
mariorez/debian Debian Containers for PHP Projects 0 [OK]
nimmis/debian This is different version of Debian with a... 0 [OK]
visono/debian Docker base image of debian 7 with tools i... 0 [OK]
ustclug/debian debian image for docker with rustic mirror 0 [OK]
pl31/debian Debian base image. 0 [OK]
gnumoksha/debian [PT-BR] Imagem básica do Debian com ajust... 0 [OK]
安裝debian
~$sudo docker pull debian
...
查看images
~$sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
debian latest 04d4df406f8b 3 weeks ago 125.1 MB
刪除images(docker rmi IMAGE_ID )
~$ sudo docker rmi 04d4df406f8b
Untagged: debian:latest
Deleted: 04d4df406f8b...
創建容器debian
~$sudo docker create debian
運行容器debian
~$sudo docker run -i -t -d debian /bin/bash
80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f
(關於run命令各項參數說明,請參考:http://www.cnblogs.com/vikings-blog/p/4238062.html)
查看後臺運行容器
~$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
80742db56cbb debian:latest "/bin/bash" 21 minutes ago Up 21 minutes serene_shockley
查看容器日誌(docker logs CONTAINER ID/NAMES)
~$sudo docker logs serene_shockley
或
~$sudo docker logs 80742db56cbb
返回容器(docker exec -i -t CONTAINER ID/NAMES )
~$sudo docker exec -i -t serene_shockley /bin/bash 或 ~$sudo docker exec -i -t 80742db56cbb /bin/bash
root@80742db56cbb:/#
root@80742db56cbb:/# exit
exit
停止容器而不將其刪除
~$sudo docker stop NAME/ContainerID
重新啓動容器:
~$sudo docker start NAME/ContainerID
刪除容器,先停止它,然後用命令將其刪除:
~$sudo docker rm NAME/ContainerID
刪除後繼續重啓會報錯:
Error response from daemon: no such id: 80742db56cbb
FATA[0000] Error: failed to start one or more containers
(4)文件雙向拷貝
拷貝物理系統文件至容器
獲取容器完整id(docker inspect -f '{{.Id}}' CONTAINER ID/NAMES)
~$sudo docker inspect -f '{{.Id}}' serene_shockley 或 ~$sudo docker inspect -f '{{.Id}}' 80742db56cbb
80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f
藉助 /var/lib/docker/aufs/mnt/通道+CONTAINER ID容器完整 完成文件(be.log)拷貝至 容器的/root/ 目錄下
~$sudo cp -r ./be.log /var/lib/docker/aufs/mnt/80742db56cbbd41c604ec4cec41560e82bf8c7fed97f861f2aaa1feddb75020f/root/
拷貝容器文件至物理系統(docker cp CONTAINER ID/NAMES:/root/be.log /tmp/)
~$sudo docker cp 80742db56cbb:/root/be.log /tmp/ 或 ~$sudo docker cp serene_shockley:/root/be.log /tmp/
(5)安裝軟件
在docker中安裝軟件:
root@80742db56cbb:~# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package vim
執行update,同步 /etc/apt/sources.list 和 /etc/apt/sources.list.d 中列出的源的索引,這樣才能獲取到最新的軟件包
root@80742db56cbb:~# apt-get update
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Ign http://httpredir.debian.org jessie InRelease
Get:2 http://httpredir.debian.org jessie-updates InRelease [142 kB]
Get:3 http://httpredir.debian.org jessie Release.gpg [2373 B]
Get:4 http://httpredir.debian.org jessie Release [148 kB]
Get:5 http://httpredir.debian.org jessie/main amd64 Packages [9032 kB]
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Get:6 http://httpredir.debian.org jessie-updates/main amd64 Packages [15.5 kB]
Get:7 http://security.debian.org jessie/updates/main amd64 Packages [385 kB]
Fetched 9788 kB in 1min 42s (95.4 kB/s)
Reading package lists... Done
再次安裝vim
root@80742db56cbb:~# apt-get install vim
Reading package lists... Done
Building dependency tree
Reading state information... Done
........
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/ex (ex) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in auto mode
Processing triggers for libc-bin (2.19-18+deb8u4) ...
(6)容器遷移
查看所有CONTAINER
~$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
086a7124db71 debian "/bin/bas" 18 hours ago Created dreamy_lumiere
80742db56cbb debian "/bin/bash" 18 hours ago Exited (0) About an hour ago serene_shockley
a7fc8d3d28d5 debian "/bin/bash" 18 hours ago Exited (0) 18 hours ago happy_yonath
7cc08a218270 debian "/bin/bash" 18 hours ago Exited (0) 18 hours ago drunk_fermat
acb345834663 debian "/bin/bash" 18 hours ago Created happy_mccarthy
選擇CONTAINER,完成commit
~$ sudo docker commit acb345834663 mynewimage
0e7ebd3dd379ed8df8a22255d8a437342b218791f2d33072c9793aa48dc95a13
導出:保存CONTAINER爲tar文件
~$ sudo docker save mynewimage > /tmp/mynewimage.tar
選擇合適的方式scp/ftp/cp移動tar至目標docker中
導入:在目標機器的docker中執行load
~$ sudo docker load < /tmp/mynewimage.tar
檢查:docker images 命令檢查鏡像現在是否可用。
~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
mynewimage latest 0e7ebd3dd379 3 minutes ago 125.1 MB
(6)網絡設置
當docker啓動時,它會在宿主機器上創建一個名爲docker0的虛擬網絡接口。它會從RFC 1918定義的私有地址中隨機選擇一個主機不用的地址和子網掩碼,並將它分配給docker0。例如當我啓動docker幾分鐘後它選擇了172.17.42.1/16-一個16位的子網掩碼爲主機和它的容器提供了65,534個ip地址。但docker0並不是正常的網絡接口。它只是一個在綁定到這上面的其他網卡間自動轉發數據包的虛擬以太網橋。它可以使容器與主機相互通信。每次Docker創建一個容器,它就會創建一對對等接口(peer interface),類似於一個管子的兩端-在這邊可以收到另一邊發送的數據包。Docker會將對等接口中的一個做爲eth0接口連接到容器上,並使用類似於vethAQI2QT這樣的惟一名稱來持有另一個,該名稱取決於主機的命名空間。通過將所有veth*接口綁定到docker0橋接網卡上,Docker在主機和所有Docker容器間創建一個共享的虛擬子網。
(詳細介紹參考:http://www.oschina.net/translate/docker-network-configuration)
bridge模式是Docker默認的網絡設置,此模式會爲每一個容器分配Network Namespace、設置IP等,並將一個主機上的Docker容器連接到一個虛擬網橋上。
由於docker容器的IP地址每次啓動都會變,最簡單的當然是做宿主機的端口映射,前期儘可能的把需要映射的端口在創建容器時配置好,如下:
ssh 50022:22
tomcat/jetty 58080:8080
nginx/apache 50080:80
mysql 53306:3306
在創建容器的時候,指定參數:
eg:
docker run -h="debian" --name debian -itd -p 50022:22 -p 53306:3306 -p 58080:8080 -p 192.168.6.210:50080:80 debian /bin/bash