See also CentOSKubernetes

Docker

Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口(类似 iPhone 的 app)。几乎没有性能开销,可以很容易地在机器和数据中心中运行。最重要的是,他们不依赖于任何语言、框架包括系统。

1. Docker能做什么?

Docker可以解决虚拟机能够解决的问题,同时也能够解决虚拟机由于资源要求过高而无法解决的问题。Docker能处理的事情包括:

2. 起源

Docker是PaaS提供商dotCloud开源的一个基于LXC的高级容器引擎,源代码托管在Github上, 基于go语言并遵从Apache2.0协议开源。

Docker自2013年以来非常火热,无论是从github上的代码活跃度,还是Redhat在RHEL6.5中集成对Docker的支持, 就连Google的Compute Engine也支持Docker在其之上运行。

一款开源软件能否在商业上成功,很大程度上依赖三件事 - 成功的user case, 活跃的社区和一个好故事。dotCloud自家的PaaS产品建立在docker之上,长期维护且有大量的用户,社区也十分活跃。

3. 相关内容索引

4. 基本概念

Docker快速上手指南

run-time.jpg

Docker与Linux的接口

4.1. Docker Registry

Docker Registry可以分为两种:

4.1.1. Docker Hub

https://docs.docker.com/docker-hub/

#Installation First

# Start VM first
➜  docker  docker search centos
NAME                      DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
   
...
➜  docker  docker pull centos

Get started with Docker Hub

4.1.2. Docker Trusted Registry

Docker_Registry: 配置DTR(Docker Trusted Registry),Create Local Private Repositories Steps by steps.

4.1.3. Push to Repository

➜  httpd  docker build --rm -t twotwo/httpd .
...
Successfully built 870a96dcf487

➜  docker  docker push twotwo/httpd
The push refers to a repository [twotwo/httpd] (len: 1)
870a96dcf487: Image push failed 

Please login prior to push:
Username: twotwo
Password: 
Email: twotwo.li@gmail.com
WARNING: login credentials saved in /Users/liyan/.docker/config.json
Login Succeeded
The push refers to a repository [twotwo/httpd] (len: 1)
870a96dcf487: Image already exists 
c7034518726f: Image successfully pushed 
8b821d31698e: Image successfully pushed 
1a85fa712132: Image successfully pushed 
717ef48f2ef1: Image successfully pushed 
0b559fdc035e: Image successfully pushed 
78b4a3cbd275: Image successfully pushed 
5f2f77036b56: Image successfully pushed 
e4d180f1411d: Image successfully pushed 
9649502796c2: Image successfully pushed 
7322fbe74aa5: Image already exists 
c852f6d61e65: Image successfully pushed 
f1b10cd84249: Image already exists 
Digest: sha256:ea8a570620d9d5dc0f703125bd7e1b9a2832fce30d5c9764a7c396558aa31cab

4.2. Container(容器)

https://docs.docker.com/get-started/part2/: Get Started, Part 2: Containers

4.2.1. Managing data in containers

Managing data in containers:

4.2.2. Backup, restore, or migrate data volumes

Creating and mounting a data volume container:

4.2.3. Backup, restore, or migrate data volumes

4.3. Docker Image

https://docs.docker.com/develop/develop-images/image_management/ Manage images

4.3.1. Dockerfile

Dockerfile instructions

指令

说明

举例

FROM

基于哪个镜像

FROM <image>[:<tag>] [AS <name>]

LABEL

设置标签

LABEL maintainer=li3huo.com"

RUN

运行安装命令

RUN ["executable", "param1", "param2"]

CMD

容器启动时的命令

CMD ["executable","param1","param2"]

ENTRYPOINT

容器启动后的命令

ENTRYPOINT ["executable", "param1", "param2"]

VOLUME

挂载目录

VOLUME ["/data"]

EXPOSE

容器对外暴露的端口

EXPOSE <port> [<port>/<protocol>...]

ENV

容器环境变量

ENV <key> <value>

ADD

添加文件

ADD [--chown=<user>:<group>] <src>... <dest>

WORKDIR

运行时工作目录

WORKDIR /path/to/workdir

USER

运行时用户

USER <user>[:<group>]

4.4. Link(链接)

Linking Containers Together

4.5. Volume(数据卷)

4.5.1. Data volumes

##Adding a data volume
➜  ~  docker run -it --rm  --name centos -v /data centos /bin/bash
##Locating a volume
➜  ~  docker inspect php
##Mount a host directory as a data volume
➜  ~  docker run -it --rm  --name centos -v ~/docker/data:/data centos /bin/bash
##Mount a host file as a data volume
➜  ~  docker run --rm -it -v ~/.bash_history:/.bash_history centos /bin/bash

4.5.2. Data volume containers

##Creating and mounting a data volume container
docker create -v /dbdata --name dbdata mysql
docker run -d --volumes-from dbdata --name db1 mysql
docker run -d --volumes-from dbdata --name db2 mysql
##Backup, restore, or migrate data volumes

4.6. Docker Networking

https://docs.docker.com/network/ Docker 网络子系统

# list networks
➜  attachments docker network ls
NETWORK ID          NAME                           DRIVER              SCOPE
40764eeebd01        bridge                         bridge              local
5e54d8c204f7        my_service_default              bridge              local
811c3a322262        docker-local_default           bridge              local
0781e6ed77e2        host                           host                local
# connect to network
➜  ~ docker inspect --format='{{json .HostConfig.NetworkMode}}' my_service_redis_1
my_service_default
➜  ~ docker run -it --network my_service_default --rm redis:5.0 redis-cli -h my_service_redis_1
my_service_redis_1:6379>

4.6.1. Configure Docker to use a proxy server

https://docs.docker.com/network/proxy/

# docker run with proxy
alias dp="docker --env HTTP_PROXY=http://127.0.0.1:3001"
dp run --it some-image some-command

4.7. Learning

5. Command Samples

5.1. shell completion

https://docs.docker.com/docker-for-mac/

etc=/Applications/Docker.app/Contents/Resources/etc
ln -s $etc/docker.zsh-completion /usr/local/share/zsh/site-functions/_docker
ln -s $etc/docker-machine.zsh-completion /usr/local/share/zsh/site-functions/_docker-machine
ln -s $etc/docker-compose.zsh-completion /usr/local/share/zsh/site-functions/_docker-compose

5.2. Docker Image

https://docs.docker.com/engine/reference/commandline/image/ Manage images with sub command

# create a tag
docker image tag httpd twotwo/httpd:1.0
# batch delete
docker image ls | grep universe_api | awk '{print $1 ":" $2}' | xargs docker rmi

5.2.1. Docker build: Could not resolve '..xxx.com'

docker build --network=host -t my-image-name .

# The permanent system-wide fix
vi /etc/docker/daemon.json
{
    "dns": ["192.10.0.2", "8.8.8.8"]
}
sudo service docker restart
docker run busybox nslookup google.com

5.2.2. Docker remove <none> TAG images

https://stackoverflow.com/questions/33913020/docker-remove-none-tag-images docker rmi $(docker images --filter "dangling=true" -q --no-trunc)

5.2.3. Docker remove any stopped containers and all unused images

https://www.digitalocean.com/community/tutorials/how-to-remove-docker-images-containers-and-volumes docker system prune -a

# Remove dangling images
docker images purge
# Removing images according to a pattern
docker images -a | grep "pattern" | awk '{print $3}' | xargs docker rmi
# Remove all images
docker rmi $(docker images -a -q)

5.2.4. Docker export & import images

https://docs.docker.com/engine/reference/commandline/image_save/

docker save -o <path for generated tar file> <image name>
docker load -i <path to image tar file>
# Save as .tar.gz
docker save <docker image name> | gzip > <docker image name>.tar.gz
# Then load the exported image to Docker using the below command:
zcat <docker image name>.tar.gz | docker load

5.3. Docker Container

5.3.1. docker cp

https://docs.docker.com/engine/reference/commandline/cp/ Copy files/folders between a container and the local filesystem

# from host to container
docker cp sample-data/*.csv universe_neo4j_1:/var/lib/neo4j/import/
# from container to host
docker cp universe_neo4j_1:/var/lib/neo4j/conf/neo4j.yaml .

5.3.2. docker inspect

https://docs.docker.com/engine/reference/commandline/inspect/ Return low-level information on Docker objects

# Get an instance’s IP address
➜  ~ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' myservice_redis_1
172.23.0.3
# Get an instance’s image name
➜  attachments docker inspect --format='{{.Config.Image}}' myservice_redis_1
redis:5.0

5.3.3. docker pull

https://docs.docker.com/engine/reference/commandline/pull/

# Pull from a different registry
➜  ~ docker login myregistry.local:5000
Authenticating with existing credentials...
Login Succeeded
➜  ~ docker pull myregistry.local:5000/testing/test-image
...
Status: Downloaded newer image for myregistry.local:5000/testing/test-image:latest

Proxy configuration

HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables

5.3.4. docker run

https://docs.docker.com/engine/reference/commandline/run/

$ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
$ docker run --env VAR1=value1 --env VAR2=value2 ubuntu env | grep VAR

5.3.5. docker rm

# Remove all exited containers
docker rm $(docker ps -a -f status=exited -q)
# Remove containers using more than one filter
docker rm $(docker ps -a -f status=exited -f status=created -q)
# Remove containers according to a pattern
docker ps -a | grep "pattern" | awk '{print $3}' | xargs docker rmi
# Stop and remove all containers
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)

5.4. Docker Volume

https://docs.docker.com/engine/reference/commandline/volume/

$ docker volume ls | grep mysql
local               mysql_data
$ docker volume inspect mysql_data
[
   {
       "Name": "vagrant_mysql",
       "Driver": "local",
       "Mountpoint": "/var/lib/docker/volumes/mysql/_data"
   }
]

5.4.1. Create a persistent volume in a specific directory

https://unix.stackexchange.com/questions/439106/docker-create-a-persistent-volume-in-a-specific-directory

# into the local docker VM
$ docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
# install local-persist on Docker host
$ curl -fsSL https://raw.githubusercontent.com/CWSpear/local-persist/master/scripts/install.sh | sudo bash
$ docker volume create -d local-persist -o mountpoint=/opt/local/data/janus/ --name=janusgraph-data
# Check if I got what I expected:
$ docker volume inspect janusgraph-data

5.4.2. docker remove volume

docker volume ls -f dangling=true
docker volume prune

6. Services

6.1. Java

https://hub.docker.com/_/openjdk Versions:

➜  ~ docker pull openjdk:<version>
➜  ~ docker images |grep 'openjdk\|java'
openjdk                                         8-jre-slim          525155b9ab5e        40 hours ago        161MB
openjdk                                         8-jre               d074f374c689        40 hours ago        245MB
openjdk                                         8-jre-alpine        f7a292bbb70c        2 weeks ago         84.9MB
openjdk                                         8                   b8d3f94869bb        8 weeks ago         625MB
openjdk                                         8-jdk               b8d3f94869bb        8 weeks ago         625MB
openjdk                                         8-jdk-alpine        04060a9dfc39        5 months ago        103MB
java                                            8-jre               e44d62cf8862        2 years ago         311MB

6.2. MySQL

https://docs.docker.com/samples/library/mysql/

➜  es-startup git:(master) docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:5.6

6.3. Elasticsearch

https://docs.docker.com/samples/library/elasticsearch/

➜  es-startup git:(master) docker pull elasticsearch:2.4
2.4: Pulling from library/elasticsearch
...
Digest: sha256:41ed3a1a16b63de740767944d5405843db00e55058626c22838f23b413aa4a39
Status: Downloaded newer image for elasticsearch:2.4
# 使用外部配置和数据
➜  ~ docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -v /tmp/elasticsearch_data:/usr/share/elasticsearch/data -v /tmp/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml elasticsearch:2.4

6.4. Neo4j

https://docs.docker.com/samples/library/neo4j/

➜  es-startup git:(master) docker run \
    --publish=7474:7474 --publish=7687:7687 \
    --volume=/tmp/neo4j/data:/data \
    neo4j

6.5. Spring Boot Development with Docker

https://blog.docker.com/2017/05/spring-boot-development-docker/

➜  ~ docker images                           
REPOSITORY                               TAG                 IMAGE ID            CREATED             SIZE
...
# retag base images
➜  ~ docker pull java:8-jre
➜  ~ docker tag java:8-jre 10.10.150.149:5000/java:8-jre
➜  ~ docker pull nginx
➜  ~ docker tag nginx 10.10.150.149:5000/nginx

# Dockerfile for Vue.js with Nginx
FROM 10.10.150.149:5000/nginx

ADD dist /var/www
RUN chmod -R 755 /var/www
RUN chown -R $USER:$USER /var/www

ADD conf/nginx.conf /etc/nginx/conf.d/myhost.conf

server {
    listen 80 default_server;
    
    location / {
        root /var/www;
        index index.html;
        try_files $uri $uri/ /index.html;
    }

    location /api/ {
        proxy_pass http://localhost:8080/;
        proxy_set_header X-Real-IP $remote_addr;
        client_max_body_size    1000m;
    } 
}   

docker run -d --name www -p 8080:80 my-web
docker exec -it www bash

6.6. Nginx/Jre Application

7. Reference

7.1. 国内资源


CategorySystem CategoryLinux

MainWiki: Docker (last edited 2018-12-06 20:38:57 by twotwo)