[toc]
docker 笔记(二)
Docker Data Volume
关闭并重启容器,其数据不受影响; 但删除Docker容器,则其更将会全部丢失;
存在的问题
存储于联合文件系统中,不易于宿主机访问;
容器间数据共享不便;
删除容其数据会全部丢失;
解决方案:”卷(volume)”
“卷”是容器上的一个或多个”目录”,此类目录可绕过联合文件系统,与宿主机上的某目录”绑定(关联)”
Volume 于容器初始化之时即会创建,由base image提供的卷中的数据会于此期间完成复制
Volume 的初衷是独立于容器的生命周期实现数据持久化,因此删除容器时即不会删除卷,也
不会对哪怕未被引用的卷做垃圾回收操作;
Docker有两种类型的卷,每种类型都在容器中存在一个挂载点,但其在宿主机上的位置有所不同;
# docker run --name b2 -it -v /data busybox
打开另一个终端查看Mount信息
# docker inspect b2
"Mounts": [
{
"Type": "volume",
"Name": "5d2aaa4a60dd5724bed6011c92d71df8eb093de43bae2038c992f746f97f6e7d",
"Source": "/var/lib/docker/volumes/5d2aaa4a60dd5724bed6011c92d71df8eb093de43bae2038c992f746f97f6e7d/_data",
"Destination": "/data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
# echo "hello container" >> /var/lib/docker/volumes/5d2aaa4a60dd5724bed6011c92d71df8eb093de43bae2038c992f746f97f6e7d/_data/test.html
在容器中查看
/ # cat data/test.html
hello container
/ # echo "test rj" >> data/test.html
在宿主机上查看
# cat /var/lib/docker/volumes/5d2aaa4a60dd5724bed6011c92d71df8eb093de43bae2038c992f746f97f6e7d/_data/test.html
hello container
test rj
当容器退出并删除后,数据依然存在
# docker run --name b2 -it --rm -v /data/volumes/b2:/data busybox
# docker inspect b2 | grep volume
"/data/volumes/b2:/data"
"Source": "/data/volumes/b2",
查看inspect元素
# docker inspect -f {{.Mounts}} b2
[{bind /data/volumes/b2 /data true rprivate}]
注: 两个容器可以共享同一个存储卷
# docker run -it --name c1 -v /docker/volumes/v1:/data busybox
# docker run -it --name c2 -v /docker/volumes/v1:/data busybox
复制使用其它容器的卷,为docker run 命令使用 —volumes-from选项
# docker run -it --name bbox1 -v /docker/volumes/v1:/data busybox
# docker run -it --name bbox2 --volumes-from bbox1 busybox
docker file
FROM
FROM的指令是最重的一个且必须为Dockefile文件开篇的第一个非注释行,
用于为映像文件构建过程指定基准镜像,后续的指令运行于此基准镜像所提供的
运行环境。
实践中,基准镜像可以是任何可用镜像文件,默认情况下,docker build会在
docker 主机上查找指定的镜像文件,在其不存在时,则会从Docker Hub
Registry上拉取所需要的镜像文件
如果找不到指定的镜像文件,docker build会返回一个错误信息。
Syntax
FROM
FROM <resository>@
# vim Dockerfile
#Deskription: test image
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
COPY index.html /data/web/html
# vim index.html
<h1> ssjinyao httpd server.</h1>
# docker build -t ssjinyaohttpd-img:v0.1-1 ./
Sending build context to Docker daemon 3.072kB
Step 1/3 : FROM busybox:latest
---> e1ddd7948a1c
Step 2/3 : MAINTAINER "Jinyao <renjin@ssjinyao.com>"
---> Running in aa9838facca1
Removing intermediate container aa9838facca1
---> 71258688ebeb
Step 3/3 : COPY index.html /data/web/html
---> b23d8149125a
Successfully built b23d8149125a
Successfully tagged ssjinyaohttpd-img:v0.1-1
验证
# docker run --name ssjinyao-web1 --rm ssjinyaohttpd-img:v0.1-1 cat /data/web/html/index.html
<h1> ssjinyao httpd server.</h1>
复制目录
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
# ls
Dockerfile index.html yum.repos.d
# docker build -t tinyhttpd:v0.1-2 ./
# docker build -t tinyhttpd:v0.1-2 ./
Sending build context to Docker daemon 26.11kB
Step 1/4 : FROM busybox:latest
---> e1ddd7948a1c
Step 2/4 : MAINTAINER "ssjinayo <renjin@ssjinyao.com>"
---> Using cache
---> 708bad816b72
Step 3/4 : COPY index.html /data/web/html/
---> Using cache
---> 758051947b4d
Step 4/4 : COPY yum.repos.d /etc/yum.repos.d/
---> a4c01bf4fe8d
Successfully built a4c01bf4fe8d
Successfully tagged tinyhttpd:v0.1-2
# docker run --name tinyweb1 --rm tinyhttpd:v0.1-2 ls /etc/yum.repos.d/
CentOS-Base.repo
CentOS-CR.repo
CentOS-Debuginfo.repo
CentOS-Media.repo
CentOS-Sources.repo
CentOS-Vault.repo
CentOS-fasttrack.repo
docker-ce.repo
epel-testing.repo
epel.repo
ADD 指令的使用
# vim Dockerfile
#Deskription: test image
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
ADD http://nginx.org/download/nginx-1.15.5.tar.gz /usr/local/src/
# docker build -t tinyhttpd:v0.1-3 ./
Sending build context to Docker daemon 26.11kB
Step 1/5 : FROM busybox:latest
---> e1ddd7948a1c
Step 2/5 : MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
---> Using cache
---> 708bad816b72
Step 3/5 : COPY index.html /data/web/html/
---> Using cache
---> 758051947b4d
Step 4/5 : COPY yum.repos.d /etc/yum.repos.d/
---> Using cache
---> a4c01bf4fe8d
Step 5/5 : ADD http://nginx.org/download/nginx-1.15.5.tar.gz /usr/local/src/
Downloading 1.025MB/1.025MB
---> 884e8bf3725f
Successfully built 884e8bf3725f
Successfully tagged tinyhttpd:v0.1-3
# docker run --name tinyweb1 --rm tinyhttpd:v0.1-3 ls /usr/local/src/
nginx-1.15.5.tar.gz
#Deskription: test image
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
#ADD http://nginx.org/download/nginx-1.15.5.tar.gz /usr/local/src/
ADD nginx-1.15.5.tar.gz /usr/local/src/
# ls
Dockerfile index.html nginx-1.15.5.tar.gz yum.repos.d
# docker build -t tinyhttpd:v0.1-4 ./
# docker run --name tinyweb --rm tinyhttpd:v0.1-4 ls /usr/local/src
nginx-1.15.5
另外一种写法
# vim Dockerfile
#Deskription: test image
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
#ADD http://nginx.org/download/nginx-1.15.5.tar.gz /usr/local/src/
WORKDIR /usr/local/src/
ADD nginx-1.15.5.tar.gz ./ #这里的./相当于WORKDIR指定的目录
#Deskription: test image
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
#ADD http://nginx.org/download/nginx-1.15.5.tar.gz /usr/local/src/
WORKDIR /usr/local/
ADD nginx-1.15.5.tar.gz ./src/
VOLUME /data/mysql/
# docker build -t tinyhttpd:v0.1-5 ./
Sending build context to Docker daemon 1.052MB
Step 1/7 : FROM busybox:latest
---> e1ddd7948a1c
Step 2/7 : MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
---> Running in 206968a461e1
Removing intermediate container 206968a461e1
---> acce38db09a6
Step 3/7 : COPY index.html /data/web/html/
---> cfac93db1094
Step 4/7 : COPY yum.repos.d /etc/yum.repos.d/
---> ccbddff1520b
Step 5/7 : WORKDIR /usr/local/
---> Running in 8bbda4faa5a4
Removing intermediate container 8bbda4faa5a4
---> 1660db5c8614
Step 6/7 : ADD nginx-1.15.5.tar.gz ./src/
---> cfd686660ff8
Step 7/7 : VOLUME /data/mysql/
---> Running in e85008cba000
Removing intermediate container e85008cba000
---> 529be777da05
Successfully built 529be777da05
Successfully tagged tinyhttpd:v0.1-5
# docker run --name tinweb1 --rm tinyhttpd:v0.1-5 mount | grep data
/dev/mapper/centos-root on /data/mysql type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
EXPOSE 指令使用
EXPOSE 1211/udp 11211/tcp # 启动镜像是要使用-P选项
ENV
用于为镜像定义所需要的环境变量,并可被Dockerfile文件中位于其后其它指令
(ENV,ADD,COPY等)所调用
#Deskription: test image
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
ENV DOC_ROOT /data/web/html
COPY index.html $DOC_ROOT
COPY yum.repos.d /etc/yum.repos.d/
#ADD http://nginx.org/download/nginx-1.15.5.tar.gz /usr/local/src/
WORKDIR /usr/local/
ADD nginx-1.15.5.tar.gz ./src/
VOLUME /data/mysql/
EXPOSE 80/tcp
# docker run --name tinyweb1 --rm -P tinyhttpd:v0.1-7 printenv # 打印输出环境变量
# docker run --name tinyweb --rm -P -e WEB_SERVER_PACKAGE="nginx-1.15.1" tinyhttpd:v0.1-7 printenv # -e 可以外部更改或指定环境变量的
#Deskription: test image
FROM busybox:latest
MAINTAINER "ssjinyao <renjin@ssjinyao.com>"
# LABEL maintainer="ssjinyao"
ENV DOC_ROOT=/data/web/html/ \
WEB_SERVER_PACKAGE="nginx-1.15.5.gz"
#当没有
COPY index.html ${DOC_ROOT: -/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
ADD http://nginx.org/download/${WEB_SERVER_PACKAGE} /usr/local/src/
WORKDIR /usr/local/
#ADD ${WEB_SERVER_PACKAGE}.tar.gz ./src/
VOLUME /data/mysql/
EXPOSE 80/tcp
RUN cd /usr/local/src && \
tar xvf ${WEB_SERVER_PACKAGE}
FROM busybox
LABEL maintainer="ssjinyao <renjin@ssjinyao.com>" app="httpd"
ENV WEB_DOC_ROOT="/data/web/html"
RUN mkdir -p $WEB_DOC_ROOT && \
echo '<h1>Busybox httpd server.</h1>' > ${WEB_DOC_ROOT}/index.html
# COM /bin/httpd -f -h ${WEB_DOC_ROOT}
CMD ["/bin/httpd", "-f", "-h ${EWB_DOC_ROOT}"]
ENTRYPOINT /bin/sh -c
Dockerfile Nginx镜像 示例
# mkdir img_nginx
# cd img_nginx
# vim Dockerfile
FROM nginx:1.14-alpine
ARG author="ssjinyao <rejin@ssjinyao.com>"
LABEL maintainer="${author}"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
EXPOSE 80/tcp
HEALTHCHECK --start-period=3s CMD wget -O - -q http://${IP:-0.0.0.0}:${PORT:-80}/
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
# vim index.html
<h1> Dockerfile Nginx Test Page.</h1>
# vim entrypoint.sh
#!/bin/sh
#
cat > /etc/nginx/conf.d/www.conf <<EOF
server {
server_name ${HOSTNAME};
listen ${IP:-0.0.0.0}:${PORT:-80};
root ${NGINX_DOC_ROOT:-/usr/share/nginx/html};
}
EOF
exec "$@"
# docker run --name myweb1 --rm -P -e "PORT=8080" nginx_web:v0.0-1
127.0.0.1 - - [03/Oct/2018:07:43:31 +0000] "GET / HTTP/1.1" 200 612 "-" "Wget" "-"
127.0.0.1 - - [03/Oct/2018:07:44:01 +0000] "GET / HTTP/1.1" 200 612 "-" "Wget" "-"
自建docker-registry
# yum -y install docker-registry
# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/var/lib/registry
注: docker push 客户端默认是https工作的,因此在客户端配置不加密传输
# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"],
"bip": "10.0.0.1/16",
"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],
"insecure-registries": ["node2:5000"]
}
# docker tag ssjinyao/httpd:v0.1.1.1-2 node2:5000/ssjinayo-web:v0.1.1.1-2
# docker push node2:5000/ssjinayo-web
The push refers to repository [node2:5000/ssjinayo-web]
e6baf59e35e7: Pushed
f9d9e4e6e2f0: Pushed
v0.1.1.1-2: digest: sha256:2f3d6d2f468ee189b4b43ff2b9f99a6e3895d9832b606522176f804cba738037 size: 734
服务端镜像默认保存的路径
# ls /var/lib/registry/docker/registry/v2/repositories/ssjinayo-web
_layers _manifests _uploads
私有docker 源pull 使用, 前提也要配置不加密传输
# docker pull node2:5000/ssjinayo-web:v0.1.1.1-2
v0.1.1.1-2: Pulling from ssjinayo-web
Digest: sha256:2f3d6d2f468ee189b4b43ff2b9f99a6e3895d9832b606522176f804cba738037
Status: Downloaded newer image for node2:5000/ssjinayo-web:v0.1.1.1-2
vmware-harbor私有源的安装与使用
vmware/harbor安装
vmware/harbor下载
| Resource | Capacity | Description |
|---|---|---|
| CPU | minimal 2 CPU | 4 CPU is prefered |
| Mem | minimal 4GB | 8GB is prefered |
| Disk | minimal 40GB | 160GB is prefered |
# yum -y install docker-compose
# vim harbor.cfg # 这里根据自己的需求更改配置文件
# vim docker-compose.yml #
# cd /usr/local/src/harbor
# ./install
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f01090bf5ba1 goharbor/nginx-photon:v1.6.0 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
7e4849fcb12a goharbor/harbor-jobservice:v1.6.0 "/harbor/start.sh" 3 minutes ago Up 3 minutes harbor-jobservice
0d8ceb3ec5c0 goharbor/harbor-ui:v1.6.0 "/harbor/start.sh" 3 minutes ago Up 3 minutes (healthy) harbor-ui
c5780037bc8f goharbor/harbor-adminserver:v1.6.0 "/harbor/start.sh" 3 minutes ago Up 3 minutes (healthy) harbor-adminserver
b184110cfac2 goharbor/registry-photon:v2.6.2-v1.6.0 "/entrypoint.sh /etc…" 3 minutes ago Up 3 minutes (healthy) 5000/tcp registry
83b4b2ea3b2e goharbor/redis-photon:v1.6.0 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 6379/tcp redis
9055f4dcdaeb goharbor/harbor-db:v1.6.0 "/entrypoint.sh post…" 3 minutes ago Up 3 minutes (healthy) 5432/tcp harbor-db
583dd6d3dc30 goharbor/harbor-log:v1.6.0 "/bin/sh -c /usr/loc…" 3 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
登录管理员后台
在 docker-vmware-harbor中创建普通用户,在普通用户中创建项目
# vim /etc/docker/daemon.json
{
"insecure-registries": ["blog.ssjinyao.com"]
}
# docker login blog.ssjinyao.com
Username: ssjinyao
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@ssjinyao-node2:~]# docker push blog.ssjinyao.com/devel/ssjinyao-httpd
The push refers to repository [blog.ssjinyao.com/devel/ssjinyao-httpd]
e6baf59e35e7: Pushed
f9d9e4e6e2f0: Pushed
v0.1.1.1-1: digest: sha256:7248231aa495c62947519646d25acb453fd2caf3ed6bf778b41e6201bd3e31fc size: 734
e6baf59e35e7: Layer already exists
f9d9e4e6e2f0: Layer already exists
v0.1.1.1-2: digest: sha256:2f3d6d2f468ee189b4b43ff2b9f99a6e3895d9832b606522176f804cba738037 size: 734
push 镜像前可以查看vmware-harbor的打标签提示
# docker-compose pause 暂停
# docker-compose unpause 运行
# docker-compose stop 停止
# docker-compose start 启动
docker 资源限制
OOME
一旦发生OOME,任何进程都有可能被杀死,包括docker daemon在内
为此,Dokcer特地调整了docker daemon的OOM优先级,以名它被内核”正法”
但容器的优先级并未被调整
| —memory-swap | —memory | 功能 |
|---|---|---|
| 正数S | 正数M | 容器可用总空间为S,其中ram为M,swap为(S-M)若S=M,则无可用swap资源 |
| 0 | 正数M | 相当于未设置 swap(unset) |
| unset | 正数M | 若主机(Docker Host)启用了swap,则容器的可用swap为2*M |
| -1 | 正数M | 若主机(Docker Host)启用了swap,则容器可使用最大至主机上所的所有swap空间的资源 |
| 注意: 在容器使用free命令可以看到的swap空间并不是具有其所展现出的空间指示意义 |
pull 一个压测镜像
# docker pull lorel/docker-stress-ng
# docker run --name stress -it --rm lorel/docker-stress-ng:latest stress --help
# docker run --name stree -it --rm -m 256m lorel/docker-stress-ng:latest stress --vm 2
查看启用的docker进程
查看stress 容器的分配内存状态
同样的,当对cpu做压测时,指定上限为两个cpu,也就是使用率为200%,当压测为8个cpu时,cpu最高占用为200%
# docker run --name stress -it --rm --cpus 2 lorel/docker-stress-ng:latest stress --cpu 8
# docker run --name stress -it --cpuset-cpus 0,2 --rm lorel/docker-stress-ng:latest stress --cpu 8 #设定只运行在第0和2个cpu上
# docker run --name stress -it --cpus 2 --rm lorel/docker-stress-ng:latest stresss --cpu8 #设定cpus 2 ,说明所有核心都能用到,但是最多只能使用200%
# docker run --name stress -it --cpu-shares 1024 --rm lorel/docker-stress-ng:latest stress --cpu 8
# 设定限制为尽可能多的分配cpu资源,最后这种模式,当再启一个容器时,会实时按比例分配cpu资源分到另一个容器,
# docker run --name stress2 -it --cpu-shares 512 --rm lorel/docker-stress-ng:latest stress --cpu 8
