docker学习笔记

发表于 | 分类于

docker学习笔记

标签:docker

docker基本命令

docker命令大全

dockerfile介绍

1
2
3
4
5
6
7
8
9
FROM 指定基础镜像,必须为第一个命令
MAINTAINER 维护者信息
RUN 构建镜像时执行的命令
ADD 将本地文件添加到容器中,tar类型文件会自动解压(网络压缩资源不会被解压),可以访问网络资源,类似wget
COPY 功能类似ADD,但是是不会自动解压文件,也不能访问网络资源
CMD 构建容器后调用,也就是在容器启动时才进行调用
ENTRYPOINT 配置容器,使其可执行化。配合CMD可省去"application",只使用参数
EXPOSE 指定于外界交互的端口
WORKDIR 工作目录,类似于cd命令

例子:基于centos打包php镜像

1
2
3
4
5
6
7
#目录结构
[root@localhost php]# tree
.
├── dockerfile
├── php-5.6.40.tar.gz
├── php-fpm.conf
└── php.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
RUN yum install -y wget
 
RUN wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

RUN yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel libmcrypt-devel libxml2-devel bzip2 bzip2-devel curl curl-devel libjpeg-devel libpng-devel freetype-devel openldap openldap-deve readline-devel freetype* libjpeg*

RUN useradd -M -s /sbin/nologin nginx

WORKDIR /usr/local/php-5.6.40

RUN ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php --enable-inline-optimization --disable-debug --disable-rpath --enable-shared --enable-opcache --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-gettext --enable-mbstring --with-iconv --with-mcrypt --with-mhash --with-openssl --enable-bcmath --enable-soap --with-libxml-dir --enable-pcntl --enable-shmop --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-sockets --with-curl --with-zlib --enable-zip --with-bz2 --enable-ftp  --with-png-dir --with-jpeg-dir==/usr/include --with-gd --with-freetype-dir=/usr/include/freetype2 --enable-gd-native-ttf && make && make install

ADD php-fpm.conf /usr/local/php/etc/

ADD php.ini /usr/local/php/

CMD ["/usr/local/php/sbin/php-fpm"]

EXPOSE 9000
#注意这里虽然镜像生成了但是用docker却起不来,需要加阻塞进程如tail -f之类

docker-compose介绍

基础命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#docker-compose build
用来创建或重新创建服务使用的镜像
docker-compose build service_a
创建一个镜像名叫service_a

#docker-compose kill
用于通过容器发送SIGKILL信号强行停止服务

#docker-compose logs
显示service的日志信息

#docker-compose pause/unpause
docker-compose pause   #暂停服务
docker-compose unpause  #恢复被暂停的服务

#docker-compose port
用于查看服务中的端口与物理机的映射关系
docker-compose port nginx_web 80 
查看服务中80端口映射到物理机上的那个端口

#dokcer-compose ps
用于显示当前项目下的容器
注意,此命令与docker ps不同作用,此命令会显示停止后的容器(状态为Exited),只征对某个项目。

#docker-compose pull
用于拉取服务依赖的镜像

#docker-compose restart
用于重启某个服务中的所有容器
#docker-compose restart service_name
只有正在运行的服务可以使用重启命令,停止的服务是不可以重启

#docker-compose rm
删除停止的服务(服务里的容器)
-f    #强制删除
-v    #删除与容器相关的卷(volumes)

#docker-compose run
用于在服务中运行一个一次性的命令。这个命令会新建一个容器,它的配置和srvice的配置相同。
但两者之间还是有两点不同之处
1、run指定的命令会直接覆盖掉service配置中指定的命令
2、run命令启动的容器不会创建在service配置中指定的端口,如果需要指定使用--service-ports指定

#docker-compose start/stop
docker-compose start 启动运行某个服务的所有容器
docker-compose stop 启动运行某个服务的所有容器

#docker-compose scale
指定某个服务启动的容器个数

docker-compose.yml语法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
version: "3" #指定语法的版本
services:    #定义服务
  nginx:     #服务的名称
    container_name: web-nginx #容器的名称
    hostname: web-nginx       #主机名称,类似hostname
    image: nginx:latest       #镜像
    restart: always           #总是启动
    ports:                     #端口映射
      - 80:80
    links:                     #连接容器
      - php-fpm
    depends_on:                #启动顺序,容器依赖关系
      - php-fpm
    volumes:
    - ./webserver:/webserver    #映射本地磁盘
    - ./nginx/nginx.conf:/etc/nginx/nginx.conf
  php-fpm:
    container_name: php-fpm
    hostname: php-fpm
    build: ./html
    image: php:v3
    ports:
      - 9000:9000
    volumes:
      - ./webserver:/var/www/html/
#      - ./php-fpm.d/www.conf:/usr/local/etc/php-fpm.d/www.conf
    links:
      - mysql
  mysql:
    container_name: mysql
    hostname: mysql
    build: ./mysql
    image: mysql:5.7
    ports:
      - 3306:3306
    volumes:
      - ./mysql/:/var/lib/mysql/
    environment:
        MYSQL_ROOT_PASSWORD : root #初始话密码

例子:搭建lnmp环境

1
2
3
4
5
6
7
8
9
10
#环境目录
[root@localhost opt]# tree
.
├── docker-compose.yml
├── html
├── mysql
├── nginx
│   └── nginx.conf
└── webserver
    └── index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
vim nginx/nginx.conf
user  www-data;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    client_max_body_size 10m;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;

    server {
        listen       80;
        server_name  127.0.0.1;
        root  /webserver;


        index index.php index.html index.htm;
        location / {
          if (!-e $request_filename) {
              rewrite ^(.*)$ /index.php?s=$1 last;
              break;
          }
        }
        location @rewrite {
          rewrite ^/admin.php(.*)$ /admin.php?s=$1 last;
          rewrite ^/index.php(.*)$ /index.php?s=$1 last;
          rewrite . /index.php?s=$uri last;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ \.php$ {
            fastcgi_pass   php-fpm:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /var/www/html$fastcgi_script_name;
            #这里一定要写的是php容器下web站点的目录,不能$root因为目录不同
            include        fastcgi_params;
        }

    }

这里安装的是docker hub上原生的php镜像里面许多的扩展模块是没有的,我们需要用dockerfile自定义一个php镜像。参考官方给出的方法

1
2
3
4
5
6
7
8
9
10
11
12
13
vim Dockerfile

FROM php:7.1-fpm

RUN apt-get update && apt-get install -y \
        libfreetype6-dev \
        libjpeg62-turbo-dev \
        libmcrypt-dev \
        libpng-dev \
    && docker-php-ext-install iconv mcrypt \
    && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
    && docker-php-ext-install gd mysqli
CMD ["php-fpm"]
1
docker build -t php7.1:v1 . #镜像名称是php7.1版本是v1,点表示使用当前目录的Dockerfile文件

搭建docker私有镜像站

docker原生的镜像站是registry,感觉界面不是很友好所以我使用了harbor

1
https://github.com/goharbor/harbor/releases #项目下载地址
1
2
3
4
5
6
7
8
9
10
wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz
tar zxvf harbor-offline-installer-v1.6.1.tgz
cd harbor
vim harbor.cfg
#简单的配置一下
hostname = 192.168.0.188 #主机地址
harbor_admin_password = Harbor12345 #harbor登陆密码
auth_mode = db_auth #认证方式
self_registration = on #是否开启自注册
token_expiration = 30 #Token有效时间,默认30分钟
1
./install.sh #自动安装

安装完成之后访问http://192.168.0.188即可访问

添加一个项目名称为test添加一个用户名称为root

docker默认上传方式是https,所以要修改docker配置

1
2
3
4
5
6
7
8
9
10
vim /etc/docker/daemon.json
{

"insecure-registries": [

"192.168.0.188"

]

}

上传下载docker镜像

先登陆本地仓库

1
2
3
docker login 192.168.0.188
Username:root
Password:password

再给镜像打上tag

1
docker tag php:v3 192.168.0.188/test/php7.1:v1

然后上传镜像

1
docker push 192.168.0.188/test/php7.1

提示上传成功后就大功告成了

docker-swarm介绍

首先准备最少两台虚拟机搭建docker-swarm集群环境

主机名 主机地址
manager 192.168.0.189
node1 192.168.0.198

初始化两台主机

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#192.168.0.189
hostname manager && su
cat >>/etc/hosts<<EOF
192.168.0.189 manager
192.168.0.198 node1
EOF
systemctl stop firewalld
systemctl disable firewalld
setenforce 0 
sed -i 's#=enforcing#=disabled#' /etc/selinux/config
yum install -y ntpdate vim net-tools tree wget lrzsz

#192.168.0.198
hostname node1 && su
cat >>/etc/hosts<<EOF
192.168.0.189 manager
192.168.0.198 node1
EOF
systemctl stop firewalld
systemctl disable firewalld
setenforce 0 
sed -i 's#=enforcing#=disabled#' /etc/selinux/config
yum install -y ntpdate vim net-tools tree wget lrzsz

配置docker

1
2
3
4
5
vim /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='-H 0.0.0.0:2375 -H unix:///var/run/docker.sock --selinux-enabled --log-driver=journald --signature-verification=false'
#所有节点加上上面标记的部分,开启2375端口
systemctl restart docker

部署docker-swarm

1
2
3
4
5
6
7
8
9
10
11
docker pull swarm
#192.168.0.189
docker swarm init --advertise-addr 192.168.0.189
#记下生成的token值
#192.168.0.198
docker swarm join --token SWMTKN-1-32h92m334z80z270d4duqdc3ysl1oyrjmxe1upyyfjyln12xxa-4gm603mczorxgh6751n5q7jya 192.168.0.189:2377

[root@manager opt]# docker node ls
ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
dqo1ub98e9zassjy0jeb77ghq    node1     Ready   Active        
hhwqqcrvmusfkqqj2zwwkhuvf *  manager   Ready   Active        Leader

swarm的web界面

1
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer

简单的使用案例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
docker network create -d overlay dockernet
#创建swarm网络
[root@manager opt]# docker network ls
NETWORK ID          NAME                 DRIVER              SCOPE
5d0cbf18bc86        bridge               bridge              local
4b13e47e1fd3        docker_gwbridge      bridge              local
ef1nk8lmk1dq        dockernet            overlay             swarm
6166f0c2a366        host                 host                local
qksp3icl2ah3        ingress              overlay             swarm
e9f2f32deeb4        none                 null                local
#创建swarm服务
docker service create --replicas 1 --network dockernet --name nginx-cluster -p 80:80 nginx
#--replicas 指定容器数量
[root@manager ~]# docker service ls
ID            NAME           MODE        REPLICAS  IMAGE
k7lupo9xu0cn  nginx-cluster  replicated  1/1       nginx:latest
#在线扩缩容
[root@manager ~]# docker service scale nginx-cluster=5
nginx-cluster scaled to 5
[root@manager ~]# docker service ps nginx-cluster
ID            NAME             IMAGE         NODE     DESIRED STATE  CURRENT STATE            ERROR  PORTS
7t7xjpmao533  nginx-cluster.1  nginx:latest  manager  Running        Running 2 hours ago             
vitsgxpdf3bn  nginx-cluster.2  nginx:latest  manager  Running        Running 2 seconds ago           
o9w529mmttsw  nginx-cluster.3  nginx:latest  node1    Running        Preparing 2 seconds ago         
cfz8dkx9p6ih  nginx-cluster.4  nginx:latest  node2    Running        Preparing 2 seconds ago         
9p35iunijoro  nginx-cluster.5  nginx:latest  node2    Running        Preparing 2 seconds ago

结合docker-compose使用

创建一个简单的docker-compose示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[root@manager opt]# tree
.
├── docker-compose.yml
├── nginx
│   └── nginx.conf
└── webserver
    └── index.html
vim nginx/nginx.conf
#user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    client_max_body_size 10m;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
server {
    listen       80;
    server_name  localhost;
    location / {
        root   /webserver;
        index  index.html index.htm;
    }
}
    include /etc/nginx/conf.d/*.conf;
}

使用docker-swarm启动docker-compose

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#创建
docker stack deploy web-server --compose-file=./docker-compose.yml
[root@manager opt]# docker service ls
ID            NAME              MODE        REPLICAS  IMAGE
v9uwpwjk8h0g  web-server_nginx  replicated  1/1       nginx:latest
#查看
[root@manager opt]# docker service ps web-server_nginx
ID            NAME                IMAGE         NODE     DESIRED STATE  CURRENT STATE           ERROR  PORTS
ch4gkom2nb8t  web-server_nginx.1  nginx:latest  manager  Running        Running 56 seconds ago         
#扩容
[root@manager opt]# docker service scale web-server_nginx=5
web-server_nginx scaled to 5
[root@manager opt]# docker service ps web-server_nginx
ID            NAME                IMAGE         NODE     DESIRED STATE  CURRENT STATE        ERROR  PORTS
4b0hn7axdzqh  web-server_nginx.1  nginx:latest  manager  Running        Running 2 hours ago         
mup1rkidzlyn  web-server_nginx.2  nginx:latest  node1    Running        Running 2 hours ago         
yjr879sdfono  web-server_nginx.3  nginx:latest  manager  Running        Running 2 hours ago         
gfeh6kb5bvaa  web-server_nginx.4  nginx:latest  node1    Running        Running 2 hours ago         
axmc55ymw3fa  web-server_nginx.5  nginx:latest  manager  Running        Running 2 hours ago         
#docker-compose映射了本地硬盘在node节点上要给与相同配置,要不然扩容的容器会全部运行在manager上
#删除
[root@manager opt]# docker service ls
ID            NAME              MODE        REPLICAS  IMAGE
v9uwpwjk8h0g  web-server_nginx  replicated  5/5       nginx:latest
[root@manager opt]# docker service rm web-server_nginx
web-server_nginx