docker容器

发表于 2023-12-16 分类于学习，实践

Docker容器学习笔记：

docker容器

软件	版本
docker	最新版
harbor	1.8.0

节点	IP	系统	功能	CPU	内存	硬盘
node1	10.80.10.1	centos7.9	docker	4核心	8GB	20GB
node2	10.80.10.2	centos7.9	docker、harbor	4核心	8GB	20GB

centos7环境下docker的安装

虚拟机：

虚拟机能够实现独立。
能够拍摄快照，进行备份。
迁移简单，复制文件即可。
可以使用虚拟化技术（kvm和openstack）。

docker容器：

解决应用的库依赖和隔离。
docker更加轻量，易于管理。

docker版本划分：

docker ee：企业版本。
docker ce：社区版本。

node1

下载安装docker，采用阿里源：

# cd /etc/yum.repos.d/
# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum makecache fast
# yum install -y docker-ce

启动docker，添加开机自启：

1
2
3

# systemctl start docker
# systemctl enable docker
# systemctl status docker

查看进程：

1
2
3

# ps aux | grep docker
root       9037  1.0  0.6 1116704 49808 ?       Ssl  23:19   0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root       9307  0.0  0.0 112824   980 pts/0    D+   23:19   0:00 grep --color=auto docker

查看版本：

# docker version
Client: Docker Engine - Community
 Version:           24.0.7
 API version:       1.43
 Go version:        go1.20.10
 Git commit:        afdd53b
 Built:             Thu Oct 26 09:11:35 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.7
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.10
  Git commit:       311b9ff
  Built:            Thu Oct 26 09:10:36 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.26
  GitCommit:        3dd1e886e55dd695541fdcd67420c2888645a495
 runc:
  Version:          1.1.10
  GitCommit:        v1.1.10-0-g18a0cb0
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

详细信息：

# docker info
Client: Docker Engine - Community
 Version:    24.0.7
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dd1e886e55dd695541fdcd67420c2888645a495
 runc version: v1.1.10-0-g18a0cb0
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
 Kernel Version: 3.10.0-1160.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 7.62GiB
 Name: node1
 ID: ba77fe78-16bc-4497-a6f9-fa40d30632bc
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

docker搜索下载镜像

基础镜像，可以去docker.io上下载（国外），也可以在国内的docker仓库下载。

自定义镜像，可以基于基础镜像实现镜像的自定义。

node1

查看已有镜像：

1 2	# docker images REPOSITORY TAG IMAGE ID CREATED SIZE

搜索镜像，如centos：

1	# docker search centos

默认国外源，下载慢，网好除外。

标识docker镜像，不标识默认最新版本，镜像名:版本号。

设置国内docker仓库，重启docker，注意站点是否改变：

# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["http://hub-mirror.c.163.com/"]
}

1	# systemctl restart docker

下载镜像：

# docker pull centos:7
# docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
centos       7         eeb6ee3f44bd   2 years ago   204MB

镜像重命名：

# docker tag centos:7 hub-mirror.c.163.com/library/centos:7
# docker images
REPOSITORY                            TAG       IMAGE ID       CREATED       SIZE
centos                                7         eeb6ee3f44bd   2 years ago   204MB
hub-mirror.c.163.com/library/centos   7         eeb6ee3f44bd   2 years ago   204MB

导出镜像：

1
2
3

# docker save centos:7 > /tmp/centos7.tar
# ls /tmp/centos7.tar
/tmp/centos7.tar

删除所有镜像：

# docker rmi centos:7
# docker rmi hub-mirror.c.163.com/library/centos:7
# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

导入镜像：

# docker load < /tmp/centos7.tar
# docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
centos       7         eeb6ee3f44bd   2 years ago   204MB

docker容器的基础操作

node1

启动容器：

1	# docker run -it centos:7 /bin/bash

-i：表示交互式
-t：表示打开一个Shell窗口

在容器安装软件，查看ip，与宿主机ip不同：

# yum install -y net-tools
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 13018  bytes 29082254 (27.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12529  bytes 1003165 (979.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

新建窗口，查看正在运行的容器：

1
2
3

# docker ps
CONTAINER ID   IMAGE      COMMAND       CREATED          STATUS          PORTS     NAMES
cb15e574f7ef   centos:7   "/bin/bash"   50 seconds ago   Up 49 seconds             vigorous_hypatia

返回旧窗口，退出容器，无法查询正在运行的容器，再次运行一个容器：

# exit
# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
# docker run -it centos:7 /bin/bash

新建窗口，查看所有容器，包括已经退出的容器，现在有两个，一个运行，一个退出

# docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED              STATUS                      PORTS     NAMES
7aea6bcbee12   centos:7   "/bin/bash"   4 seconds ago        Up 3 seconds                          eager_kalam
cb15e574f7ef   centos:7   "/bin/bash"   About a minute ago   Exited (0) 14 seconds ago             vigorous_hypatia

查看容器详细信息，后面加运行容器的container id：

1	# docker inspect 7aea6bcbee12

查看停止容器额日志，显示在容器里敲的命令，以日志形式，没敲过命令返回为空

# docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED              STATUS                      PORTS     NAMES
7aea6bcbee12   centos:7   "/bin/bash"   26 seconds ago       Up 25 seconds                         eager_kalam
cb15e574f7ef   centos:7   "/bin/bash"   About a minute ago   Exited (0) 36 seconds ago             vigorous_hypatia
# docker logs cb15e574f7ef

删除退出的容器，运行的容器无法删除，接container id：

# docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED         STATUS                     PORTS     NAMES
8fe020919d9e   centos:7   "/bin/bash"   3 minutes ago   Up 3 minutes                         romantic_albattani
803a3fc867f2   centos:7   "/bin/bash"   5 minutes ago   Exited (0) 3 minutes ago             cranky_lederberg
# docker rm cb15e574f7ef
cb15e574f7ef

强制删除，开着的容器也能删除：

# docker rm -f 7aea6bcbee12
7aea6bcbee12
# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

启动后台运行容器，容器永久运行，退出shell终端不退退出容器：

1 2	# docker run -d centos:7 /bin/bash -c "while true; do echo "docker"; sleep 5; done" 7d7880eb571aebb35b8683b1c61c9b443662469d9a4f0b304921870e87d17200

-c后带脚本，每5秒输出docker。

# docker ps
CONTAINER ID   IMAGE      COMMAND                   CREATED          STATUS         PORTS     NAMES
7d7880eb571a   centos:7   "/bin/bash -c 'while…"   10 seconds ago   Up 9 seconds             festive_knuth

# docker logs 7d7880eb571a
docker
docker
docker
docker
docker

进入后台容器，查看进程，exit退出不会关闭容器：

# docker exec -it 7d7880eb571a /bin/bash
# ps aux
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.0  11692  1364 ?        Ss   15:33   0:00 /bin/bash -c while true; 
root         13  0.3  0.0  11828  1896 pts/0    Ss   15:34   0:00 /bin/bash
root         27  0.0  0.0   4364   348 ?        S    15:34   0:00 sleep 5
root         28  0.0  0.0  51732  1700 pts/0    R+   15:34   0:00 ps aux
# exit

停止容器：

# docker ps
CONTAINER ID   IMAGE      COMMAND                   CREATED          STATUS          PORTS     NAMES
7d7880eb571a   centos:7   "/bin/bash -c 'while…"   56 seconds ago   Up 55 seconds             festive_knuth

# docker stop 7d7880eb571a
7d7880eb571a
# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

开启容器：

# docker start 7d7880eb571a
5ac5f93e0730
# docker logs 7d7880eb571a
docker
docker
docker
docker
docker
docker
docker
docker
docker
docker
docker
docker
docker
docker
docker

删除容器：

# docker rm -f 7d7880eb571a
7d7880eb571a
# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

批量删除容器，可以连起来写：

1	docker rm -f xxx xxx

commit构建自定义镜像

容器的临时性：

容器里的操作当容器删除了就没了。
不要把数据存储在容器里。

docker自定义镜像：

基于docker commit制作镜像。
基于dockerfile制作镜像，dockerfile方式为主流制作镜像的方式。

node1

查看基础镜像信息，里面有镜像的参数：

1
2
3

# docker inspect centos:7
# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

自定义一个带ifconfig命令的镜像，运行一个容器，在里面安装net-tools，添加永久运行命令：

# docker run -it centos:7 /bin/bash
# yum install -y net-tools
# ifconfig
# vi /usr/bin/run
while true; do
  echo "running"
  sleep 5
done

1	# chmod +x /usr/bin/run

新建窗口，在宿主机使用commit命令制作容器镜像:

# [root@node1 yum.repos.d]# docker ps
CONTAINER ID   IMAGE      COMMAND       CREATED          STATUS          PORTS     NAMES
8035adc0beeb   centos:7   "/bin/bash"   56 seconds ago   Up 56 seconds             interesting_liskov
# docker commit 8035adc0beeb centos:if
sha256:dcd9ec3cae44ea1915b7b304c8a9fb17a1b523141aade5f88d4be42d9722ad87

有一个新的镜像：

# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
centos       if        dcd9ec3cae44   9 seconds ago   439MB
centos       7         eeb6ee3f44bd   2 years ago     204MB
# docker inspect centos:if

删除之前的容器：

# docker ps
CONTAINER ID   IMAGE      COMMAND       CREATED              STATUS              PORTS     NAMES
8035adc0beeb   centos:7   "/bin/bash"   About a minute ago   Up About a minute             interesting_liskov

# docker rm -f 8035adc0beeb
8035adc0beeb

运行自制镜像容器，有命令：

# docker run -it centos:if /bin/bash
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 6  bytes 516 (516.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
# exit

删除容器：

# docker ps -a
CONTAINER ID   IMAGE       COMMAND       CREATED          STATUS                     PORTS     NAMES
184bff1ae325   centos:if   "/bin/bash"   27 seconds ago   Exited (0) 4 seconds ago             vigorous_hermann
# docker rm -f 184bff1ae325
184bff1ae325

tag如果没指定，默认就是latest。

dockerfile构建镜像实战

参数	说明
FROM	基于哪个基础镜像
MAINTAINER	代表维护者信息
COPY	往镜像里添加文件
RUN	运行命令构建镜像
ENTRYPOINT	镜像启动时运行的命令，不可替换
CMD	镜像启动时运行的命令，可替换

dockerfile构建nginx镜像

默认nginx以daemon的方式启动，无永久运行的程序，容器会马上退出：

1	/usr/local/nginx/sbin/nginx

nginx使用永久运行的方式，要指定成这种方式：

1	/usr/local/nginx/sbin/nginx -g "daemon off;"

node1

创建nginx的dockerfile文件：

1	# mkdir -p /docker/nginx

# vim /docker/nginx/dockerfile
FROM centos:7
COPY install.sh /docker/nginx/install.sh
RUN sh /docker/nginx/install.sh
COPY start /usr/bin/start
ENTRYPOINT ["start"]

创建nginx安装脚本：

# vim /docker/nginx/install.sh
yum install -y wget tar gcc gcc-c++ make pcre pcre-devel zlib zlib-devel
cd /usr/local/src
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar -zxf nginx-1.14.2.tar.gz
cd nginx-1.14.2
./configure --prefix=/usr/local/nginx && make && make install
\rm -rf /usr/local/src/*

创建启动脚本：

1
2
3

# vim /docker/nginx/start
#!/bin/bash
/usr/local/nginx/sbin/nginx -g "daemon off;"

1	# chmod a+x /docker/nginx/start

制作镜像：

1 2	# docker build -t centos:nginx /docker/nginx/ --load # docker inspect centos:nginx

后台运行测试：

# docker images
REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
centos       nginx     7dbd7e8bbca1   12 seconds ago   540MB
centos       mine      b80e3ef6dbe9   7 minutes ago    439MB
centos       7         eeb6ee3f44bd   2 years ago      204MB
# docker run -d centos:nginx
45c6595b2ef36030ace663275ee29f91ce5a63bff5f393fb909d90bd97e64dd7
# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED         STATUS         PORTS     NAMES
45c6595b2ef3   centos:nginx   "start"   6 seconds ago   Up 5 seconds             busy_chandrasekhar

进入容器查看进程：

# docker exec -it 45c6595b2ef3 /bin/bash
# ps aux | grep nginx
root          7  0.0  0.0  20548  1548 ?        S    15:47   0:00 nginx: master process /usr/local/nginx/sbin/nginx -g daemon off;
nobody        8  0.0  0.0  20988  1308 ?        S    15:47   0:00 nginx: worker process
root         24  0.0  0.0   9092   680 pts/0    S+   15:48   0:00 grep --color=auto nginx
# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 15:48:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes
# exit

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
45c6595b2ef3   centos:nginx   "start"   44 seconds ago   Up 43 seconds             busy_chandrasekhar
# docker rm -f 45c6595b2ef3
45c6595b2ef3

dockerfile构建redis镜像

node1

创建redis的dockerfile文件：

# mkdir -p /docker/redis
# vim /docker/redis/dockerfile
FROM centos:7
COPY install.sh /docker/redis/install.sh
RUN sh /docker/redis/install.sh
RUN sed -i -e 's/bind 127.0.0.1/bind 0.0.0.0/g' /usr/local/redis/conf/redis.conf
COPY start /usr/bin/start
CMD ["start"]

创建redis安装脚本：

# vim /docker/redis/install.sh
yum install -y wget tar gcc gcc-c++ make openssl openssl-devel cmake
cd /usr/local/src
wget http://download.redis.io/releases/redis-4.0.9.tar.gz
tar xzvf redis-4.0.9.tar.gz
cd redis-4.0.9
make && make PREFIX=/usr/local/redis install
mkdir -p /usr/local/redis/conf
cp redis.conf /usr/local/redis/conf/
\rm -rf /usr/local/src/*

创建启动脚本：

1
2
3

# vim /docker/redis/start
#!/bin/bash
/usr/local/redis/bin/redis-server /usr/local/redis/conf/redis.conf

1	# chmod a+x /docker/redis/start

制作镜像：

1 2	# docker build -t centos:redis /docker/redis/ --load # docker inspect centos:redis

后台运行测试：

# docker images
REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
centos       redis     036dc6b9be22   10 seconds ago   589MB
centos       nginx     7dbd7e8bbca1   3 minutes ago    540MB
centos       mine      b80e3ef6dbe9   10 minutes ago   439MB
centos       7         eeb6ee3f44bd   2 years ago      204MB
# docker run -d centos:redis
9ed398aa72ee02560114ec0d321c450b68361c5b3b0f5db8b445ce2c927e6c3b
# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
9ed398aa72ee   centos:redis   "start"   15 seconds ago   Up 15 seconds             relaxed_kepler

进入容器查看进程：

# docker exec -it 9ed398aa72ee /bin/bash
# ps aux | grep redis
root          7  0.0  0.0  41724  7912 ?        Sl   15:50   0:00 /usr/local/redis/bin/redis-server 0.0.0.0:6379
root         26  0.0  0.0   9092   680 pts/0    S+   15:51   0:00 grep --color=auto redis

redis测试：

# /usr/local/redis/bin/redis-cli

127.0.0.1:6379> set a b
OK

127.0.0.1:6379> get a
"b"

127.0.0.1:6379> set name student
OK

127.0.0.1:6379> get name
"student"

127.0.0.1:6379> exit

# exit

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED              STATUS              PORTS     NAMES
9ed398aa72ee   centos:redis   "start"   About a minute ago   Up About a minute             relaxed_kepler
# docker rm -f 9ed398aa72ee
9ed398aa72ee

nginx+redis多进程镜像

node1

创建多进程的dockerfile：

# mkdir -p /docker/multiproc
# vim /docker/multiproc/dockerfile
FROM centos:7
COPY install_nginx.sh install_redis.sh /docker/multiproc/
RUN sh /docker/multiproc/install_nginx.sh
RUN sh /docker/multiproc/install_redis.sh
COPY start /usr/bin/start
RUN sed -i -e 's/bind 127.0.0.1/bind 0.0.0.0/g' /usr/local/redis/conf/redis.conf
ENTRYPOINT ["start"]

copy行最后的路径，如果有两个及以上安装脚本，末尾要带/表示目录。

添加nginx脚本：

# vim /docker/multiproc/install_nginx.sh
yum install -y wget tar gcc gcc-c++ make pcre pcre-devel zlib zlib-devel
cd /usr/local/src
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar -zxf nginx-1.14.2.tar.gz
cd nginx-1.14.2
./configure --prefix=/usr/local/nginx && make && make install
\rm -rf /usr/local/src/*

添加redis脚本：

# vim /docker/multiproc/install_redis.sh
yum install -y wget tar gcc gcc-c++ make openssl openssl-devel cmake
cd /usr/local/src
wget http://download.redis.io/releases/redis-4.0.9.tar.gz
tar xzvf redis-4.0.9.tar.gz
cd redis-4.0.9
make && make PREFIX=/usr/local/redis install
mkdir -p /usr/local/redis/conf
cp redis.conf /usr/local/redis/conf/
\rm -rf /usr/local/src/*

创建启动脚本，多进程最后一个进程在后台，前面的进程在前台：

# vim /docker/multiproc/start
#!/bin/bash
/usr/local/nginx/sbin/nginx
/usr/local/redis/bin/redis-server /usr/local/redis/conf/redis.conf

1	# chmod a+x /docker/multiproc/start

制作镜像：

1 2	# docker build -t centos:multiproc /docker/multiproc --load # docker inspect centos:multiproc

后台运行测试：

# docker images
REPOSITORY   TAG         IMAGE ID       CREATED          SIZE
centos       multiproc   fc67043c0d22   3 minutes ago    795MB
centos       redis       036dc6b9be22   7 minutes ago    589MB
centos       nginx       7dbd7e8bbca1   10 minutes ago   540MB
centos       mine        b80e3ef6dbe9   17 minutes ago   439MB
centos       7           eeb6ee3f44bd   2 years ago      204MB
# docker run -d centos:multiproc
f40fc3bf0057f450c5536ef0b4777a666db643a39ed55b499c942e1637133370
# docker ps
CONTAINER ID   IMAGE              COMMAND   CREATED          STATUS          PORTS     NAMES
f40fc3bf0057   centos:multiproc   "start"   34 seconds ago   Up 33 seconds             sleepy_kepler

进入容器查看进程：

# docker exec -it f40fc3bf0057 /bin/bash
# ps aux
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.0  11688  1340 ?        Ss   15:57   0:00 /bin/bash /usr/bin/start
root          8  0.0  0.0  20548   608 ?        Ss   15:57   0:00 nginx: master process /us
root          9  0.0  0.0  41724  7912 ?        Sl   15:57   0:00 /usr/local/redis/bin/redi
nobody       10  0.0  0.0  20988  1048 ?        S    15:57   0:00 nginx: worker process
root         14  0.0  0.0  11828  1896 pts/0    Ss   15:59   0:00 /bin/bash
root         28  0.0  0.0  51732  1728 pts/0    R+   15:59   0:00 ps aux

测试nginx：

# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 15:59:20 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:53:53 GMT
Connection: keep-alive
ETag: "657c7691-264"
Accept-Ranges: bytes

测试redis：

/usr/local/redis/bin/redis-cli

127.0.0.1:6379> set a b
OK

127.0.0.1:6379> get a
"b"

127.0.0.1:6379> exit

# exit

删除容器：

# docker ps
CONTAINER ID   IMAGE              COMMAND   CREATED              STATUS              PORTS     NAMES
f40fc3bf0057   centos:multiproc   "start"   About a minute ago   Up About a minute             sleepy_kepler
# docker rm -f f40fc3bf0057
f40fc3bf0057

容器的多种网络模式实战

node1

桥接docker0添加端口映射。

运行一个nginx镜像，指定端口映射，外网端口：容器端口，端口一对一绑定，不能冲突：

1 2	# docker run -d -p 8080:80 centos:nginx c9026c831b852151141d0c69777b3cc5d7863c2d84119ae38daacea8eadf1f59

-p 外网端口:容器端口。

查看端口，进行测试：

# netstat -tlunp | grep 8080
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      117050/docker-proxy 
tcp6       0      0 :::8080                 :::*                    LISTEN      117057/docker-proxy 
# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS                                   NAMES
c9026c831b85   centos:nginx   "start"   24 seconds ago   Up 24 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp   happy_colden
# curl -I 127.0.0.1:8080
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:00:35 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes

进入容器进行观察日志：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS                                   NAMES
c9026c831b85   centos:nginx   "start"   40 seconds ago   Up 40 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp   happy_colden

# docker exec -it c9026c831b85 /bin/bash
# tail -f /usr/local/nginx/logs/access.log
172.17.0.1 - - [22/Mar/2023:06:13:30 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"

新建窗口，重写容器网页内容：

1
2
3

# docker exec -it c9026c831b85 /bin/bash
# echo "docker nginx" > /usr/local/nginx/html/index.html
# exit

再次访问，观察日志：

1	# curl -I 127.0.0.1:8080

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED              STATUS              PORTS                                   NAMES
c9026c831b85   centos:nginx   "start"   About a minute ago   Up About a minute   0.0.0.0:8080->80/tcp, :::8080->80/tcp   happy_colden
# docker rm -f c9026c831b85
c9026c831b85

绑定特定网卡添加映射：

# docker run -d -p 10.80.10.1:8080:80 centos:nginx
bd87c9bb805021722b51a2935d86174e10ec40d4e0346fb4e2cfb49e8800233a
# netstat -tlunp | grep 8080
tcp        0      0 10.80.10.1:8080         0.0.0.0:*               LISTEN      122241/docker-proxy

访问结果和上一个一样：

# curl -I 10.80.10.1:8080
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:02:31 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS                     NAMES
bd87c9bb8050   centos:nginx   "start"   31 seconds ago   Up 30 seconds   10.80.10.1:8080->80/tcp   keen_poincare
# docker rm -f bd87c9bb8050
bd87c9bb8050

多个端口映射，运行multiproc容器，指定两个端口：

# docker run -d -p 8080:80 -p 6381:6379 centos:multiproc
ff43d6867995a60e03b74db8d51575c6a21703c250584a85c35e47dfb2fc8fb8
# netstat -tlunp | grep docker-proxy
tcp        0      0 0.0.0.0:6381            0.0.0.0:*               LISTEN      124253/docker-proxy 
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      124231/docker-proxy 
tcp6       0      0 :::6381                 :::*                    LISTEN      124260/docker-proxy 
tcp6       0      0 :::8080                 :::*                    LISTEN      124238/docker-proxy

测试nginx正常，浏览器访问ip:8080：

# curl -I 10.80.10.1:8080
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:03:44 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:53:53 GMT
Connection: keep-alive
ETag: "657c7691-264"
Accept-Ranges: bytes

下载安装redis：

1	# yum install -y redis

测试redis客户端：

# redis-cli -p 6381

127.0.0.1:6381> info Server
# Server
redis_version:4.0.9
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:19568f866346bc29
redis_mode:standalone
os:Linux 3.10.0-1160.53.1.el7.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
atomicvar_api:atomic-builtin
gcc_version:4.8.5
process_id:9
run_id:b7012e926df3ab4dc75d5847f6035edeca0d0255
tcp_port:6379
uptime_in_seconds:75
uptime_in_days:0
hz:10
lru_clock:1744604
executable:/usr/local/redis/bin/redis-server
config_file:/usr/local/redis/conf/redis.conf

127.0.0.1:6381> exit

删除容器：

1
2
3

# docker ps
CONTAINER ID   IMAGE              COMMAND   CREATED              STATUS              PORTS                                                                              NAMES
ff43d6867995   centos:multiproc   "start"   About a minute ago   Up About a minute   0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:6381->6379/tcp, :::6381->6379/tcp   wizardly_hellman

1 2	# docker rm -f ff43d6867995 ff43d6867995

hosts模式，host网络启动nginx容器，和宿主机共用网络，网卡信息和主机一样：

# docker run --net=host -d centos:nginx
59f740fc18d8a40f0a9d0330dd15231178160c99c877e52d86c2be0d6330c05c
# netstat -tlunp | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      128116/nginx: maste 
# curl -I 10.80.10.1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:04:48 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
59f740fc18d8   centos:nginx   "start"   25 seconds ago   Up 25 seconds             competent_clarke
# docker rm -f 59f740fc18d8
59f740fc18d8

none模式，host网络启动nginx容器，关闭网络，只能进入容器操作：

# docker run --net=none -d centos:nginx
ace4611b903203a15b2146aafe01cd4173b185aa6db3c87a4109f7a40bc059ec
# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED         STATUS         PORTS     NAMES
ace4611b9032   centos:nginx   "start"   5 seconds ago   Up 4 seconds             flamboyant_albattani

# docker exec -it ace4611b9032 /bin/bash
# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:05:36 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes
# exit

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
ace4611b9032   centos:nginx   "start"   27 seconds ago   Up 27 seconds             flamboyant_albattani
# docker rm -f ace4611b9032
ace4611b9032

容器文件共享和特权模式

文件共享：

网站更新放到宿主机上。
日志放到宿主机上。

node1

建立容器和宿主机文件夹：

1	# mkdir -p /share/logs /share/apps

启动nginx容器时，共享网站和日志：

1 2	# docker run --net=host -d -v /share/logs:/usr/local/nginx/logs -v /share/apps:/usr/local/nginx/html/apps centos:nginx 0e172b1049a7eb3f5f4958a533f27ef0c7ec83c6379018f440b7f88749312f03

访问测试：

# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:06:15 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes
# cat /share/logs/access.log
127.0.0.1 - - [15/Dec/2023:16:06:15 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"

在共享目录建立网站：

# echo "docker share web" > /share/apps/index.html
# curl 10.80.10.1/apps/
docker share web
# cat /share/logs/access.log
127.0.0.1 - - [15/Dec/2023:16:06:15 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"
10.80.10.1 - - [15/Dec/2023:16:06:40 +0000] "GET /apps/ HTTP/1.1" 200 17 "-" "curl/7.29.0"

删除容器但是数据会保留：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
0e172b1049a7   centos:nginx   "start"   56 seconds ago   Up 56 seconds             tender_edison
# docker rm -f 0e172b1049a7
0e172b1049a7
# ls /share/
apps  logs

启动nginx容器，默认非特权模式：

# docker run -d -v /share/logs:/usr/local/nginx/logs -v /share/apps:/usr/local/nginx/html/apps centos:nginx
a10fe24b67cf9bcf458d1aec555cc4d437dae6dba19142f4473a2b3e6fac4556
# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED         STATUS         PORTS     NAMES
a10fe24b67cf   centos:nginx   "start"   5 seconds ago   Up 5 seconds             kind_neumann
# docker exec -it a10fe24b67cf /bin/bash
# yum install -y net-tools

无法删除路由：

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
# route del default gw 172.17.0.1
SIOCDELRT: Operation not permitted
# exit

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
a10fe24b67cf   centos:nginx   "start"   44 seconds ago   Up 43 seconds             kind_neumann
# docker rm -f a10fe24b67cf
a10fe24b67cf

添加特权模式，可以删除路由：

# docker run --privileged=true -d centos:nginx
d7f26169719e9ee1328628a7fe42f6ad8eb679a1e505c7e24389f192f980be17
# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED         STATUS         PORTS     NAMES
d7f26169719e   centos:nginx   "start"   5 seconds ago   Up 4 seconds             youthful_brahmagupta

# docker exec -it d7f26169719e /bin/bash
# yum install -y net-tools
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
# route del default gw 172.17.0.1
# ping www.baidu.com     
ping: www.baidu.com: Name or service not known
# exit

删除容器：

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
d7f26169719e   centos:nginx   "start"   35 seconds ago   Up 34 seconds             youthful_brahmagupta
# docker rm -f d7f26169719e
d7f26169719e

compose的安装和入门实战

compose说明：

docker命令操作容器比较麻烦。
docker compose可以把容器的命令写入配置文件中，操作容器更加方便。

node1

下载安装compose：

# yum install -y python36
# pip3 install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple/
# pip3 install docker-compose -i https://pypi.tuna.tsinghua.edu.cn/simple/ docker-compose
# docker-compose version
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
docker-compose version 1.29.2, build unknown
docker-py version: 5.0.3
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017

配置redis的compose文件：

# mkdir -p /docker/compose/redis
# vim /docker/compose/redis/docker-compose.yml
version: '2'
services:
  redis:
    image: centos:redis

redis：镜像名称。
image：本地仓库存在的镜像。

进入yml文件夹，后台启动容器：

# cd /docker/compose/redis/
# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "redis_default" with the default driver
Creating redis_redis_1 ... done
# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED         STATUS         PORTS     NAMES
87a08426bf95   centos:redis   "start"   6 seconds ago   Up 5 seconds             redis_redis_1

进入容器，进行测试：

# docker exec -it 87a08426bf95 /bin/bash
# ps aux 
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.0  11688  1340 ?        Ss   16:10   0:00 /bin/bash /usr/bin/start
root          7  0.0  0.0  41724  7912 ?        Sl   16:10   0:00 /usr/local/redis/bin/redi
root         11  0.2  0.0  11828  1904 pts/0    Ss   16:10   0:00 /bin/bash
root         25  0.0  0.0  51732  1720 pts/0    R+   16:10   0:00 ps aux
# /usr/local/redis/bin/redis-cli info Server
# Server
redis_version:4.0.9
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:c0215ab40c660531
redis_mode:standalone
os:Linux 3.10.0-1160.53.1.el7.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
atomicvar_api:atomic-builtin
gcc_version:4.8.5
process_id:6
run_id:0ac34b41b8eb4f58b843c17589c07c60e0110ab6
tcp_port:6379
uptime_in_seconds:93
uptime_in_days:0
hz:10
lru_clock:1746508
executable:/usr/local/redis/bin/redis-server
config_file:/usr/local/redis/conf/redis.conf
# exit

查看docker-compose容器状态：

# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography (40.0) will be the last to support Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
redis_redis_1   start     Up

停止并删除容器：

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping redis_redis_1 ... done
Removing redis_redis_1 ... done
Removing network redis_default
# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

关闭、启动容器：

# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "redis_default" with the default driver
Creating redis_redis_1 ... done

# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
redis_redis_1   start     Up

# docker-compose stop
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping redis_redis_1 ... done

# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command    State     Ports
------------------------------------------
redis_redis_1   start     Exit 137

# docker-compose start
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Starting redis ... done

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping redis_redis_1 ... done
Removing redis_redis_1 ... done
Removing network redis_default

配置nginx的compose文件：

# mkdir -p /docker/compose/nginx
# vim /docker/compose/nginx/docker-compose.yml
version: '2'
services:
  nginx:
    image: centos:nginx

启动容器：

# cd /docker/compose/nginx/
# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "nginx_default" with the default driver
Creating nginx_nginx_1 ... done

# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
nginx_nginx_1   start     Up

1
2
3

# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS     NAMES
2d50e096aec6   centos:nginx   "start"   34 seconds ago   Up 34 seconds             nginx_nginx_1

# docker exec -it 2d50e096aec6 /bin/bash
# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:14:36 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes
# exit

实战compose实用技能

node1

docker-compose进入容器：

# cd /docker/compose/nginx/
# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
nginx_nginx_1   start     Up

# docker-compose exec nginx bash
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 16:13 ?        00:00:00 /bin/bash /usr/bin/start
root          7      1  0 16:13 ?        00:00:00 nginx: master process /usr/local/nginx/sb
nobody        8      7  0 16:13 ?        00:00:00 nginx: worker process
root         24      0  0 16:15 pts/0    00:00:00 bash
root         38     24  0 16:15 pts/0    00:00:00 ps -ef
# exit

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping nginx_nginx_1 ... done
Removing nginx_nginx_1 ... done
Removing network nginx_default

docker-compose管理多个容器：

# mkdir -p /docker/compose/multi
# cd /docker/compose/multi/
# vim /docker/compose/multi/docker-compose.yml
version: '2'
services:
  redis:
    image: centos:redis
  nginx:
    image: centos:nginx

# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "multi_default" with the default driver
Creating multi_nginx_1 ... done
Creating multi_redis_1 ... done
# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
multi_nginx_1   start     Up           
multi_redis_1   start     Up

进入容器：

# docker-compose exec nginx bash
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
# ps -ef 
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 16:16 ?        00:00:00 /bin/bash /usr/bin/start
root          7      1  0 16:16 ?        00:00:00 nginx: master process /usr/local/nginx/sb
nobody        8      7  0 16:16 ?        00:00:00 nginx: worker process
root          9      0  0 16:16 pts/0    00:00:00 bash
root         22      9  0 16:16 pts/0    00:00:00 ps -ef
# exit

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography (40.0) will be the last to support Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping multi_redis_1 ... done
Stopping multi_nginx_1 ... done
Removing multi_redis_1 ... done
Removing multi_nginx_1 ... done
Removing network multi_default

端口映射：

# vim /docker/compose/multi/docker-compose.yml
version: '2'
services:
  redis:
    image: centos:redis
    ports:
    - "6379:6379"
  nginx:
    image: centos:nginx
    ports:
    - "8080:80"
    - "9090:80"

# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "multi_default" with the default driver
Creating multi_nginx_1 ... done
Creating multi_redis_1 ... done
# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State                             Ports                          
-------------------------------------------------------------------------------------------
multi_nginx_1   start     Up      0.0.0.0:9090->80/tcp,:::9090->80/tcp,0.0.0.0:8080->80/tcp
                                  ,:::8080->80/tcp                                         
multi_redis_1   start     Up      0.0.0.0:6379->6379/tcp,:::6379->6379/tcp           # docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS          PORTS                                                                          NAMES
93418b9e7665   centos:redis   "start"   46 seconds ago   Up 46 seconds   0.0.0.0:6379->6379/tcp, :::6379->6379/tcp                                      multi_redis_1
60efff39c05a   centos:nginx   "start"   46 seconds ago   Up 46 seconds   0.0.0.0:8080->80/tcp, 0.0.0.0:9090->80/tcp, :::8080->80/tcp, :::9090->80/tcp   multi_nginx_1

测试：

# curl -I 10.80.10.1:9090
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:18:18 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes
# curl -I 10.80.10.1:8080
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 15 Dec 2023 16:18:32 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 15 Dec 2023 15:47:32 GMT
Connection: keep-alive
ETag: "657c7514-264"
Accept-Ranges: bytes

# redis-cli -p 6379 info Server
# Server
redis_version:4.0.9
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:f5edc56b84d57a4e
redis_mode:standalone
os:Linux 3.10.0-1160.el7.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
atomicvar_api:atomic-builtin
gcc_version:4.8.5
process_id:7
run_id:42955c015a5b8abc6937d2c13f93ac2a1d421adb
tcp_port:6379
uptime_in_seconds:86
uptime_in_days:0
hz:10
lru_clock:8158305
executable:/usr/local/redis/bin/redis-server
config_file:/usr/local/redis/conf/redis.conf

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping multi_redis_1 ... done
Stopping multi_nginx_1 ... done
Removing multi_redis_1 ... done
Removing multi_nginx_1 ... done
Removing network multi_default

设置网络模式：

# vim /docker/compose/multi/docker-compose.yml
version: '2'
services:
  redis:
    image: centos:redis
  nginx:
    image: centos:nginx
    network_mode: "host"

# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "multi_default" with the default driver
Creating multi_redis_1 ... done
Creating multi_nginx_1 ... done
# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
multi_nginx_1   start     Up           
multi_redis_1   start     Up

测试：

# netstat -tlunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      34670/nginx: master 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      941/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1294/master         
tcp6       0      0 :::22                   :::*                    LISTEN      941/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      1294/master         
udp        0      0 127.0.0.1:323           0.0.0.0:*                           706/chronyd         
udp6       0      0 ::1:323                 :::*                                706/chronyd

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping multi_nginx_1 ... done
Stopping multi_redis_1 ... done
Removing multi_nginx_1 ... done
Removing multi_redis_1 ... done
Removing network multi_default

设置文件共享：

# vim /docker/compose/nginx/docker-compose.yml
version: '2'
services:
  nginx:
    image: centos:nginx
    network_mode: "host"
    volumes:
    - /share/logs:/usr/local/nginx/logs
    - /share/apps:/usr/local/nginx/apps

# cd /docker/compose/nginx/
# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating nginx_nginx_1 ... done
# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
nginx_nginx_1   start     Up

查看日志，新建窗口测试：

1
2
3

# tail -f /share/logs/access.log
127.0.0.1 - - [15/Dec/2023:16:06:15 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"
10.80.10.1 - - [15/Dec/2023:16:06:40 +0000] "GET /apps/ HTTP/1.1" 200 17 "-" "curl/7.29.0"

1	# curl -I 127.0.0.1

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping nginx_nginx_1 ... done
Removing nginx_nginx_1 ... done

启动多个容器：

# cd /docker/compose/redis/
# docker-compose up -d --scale redis=3
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography (40.0) will be the last to support Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "redis_default" with the default driver
Creating redis_redis_1 ... done
Creating redis_redis_2 ... done
Creating redis_redis_3 ... done
# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
    Name        Command   State   Ports
---------------------------------------
redis_redis_1   start     Up           
redis_redis_2   start     Up           
redis_redis_3   start     Up

默认进入第一个容器：

# docker-compose exec redis bash
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography (40.0) will be the last to support Python 3.6.
  from cryptography.hazmat.backends import default_backend
# exit

指定进入容器：

# docker-compose exec --index=2 redis bash
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography (40.0) will be the last to support Python 3.6.
  from cryptography.hazmat.backends import default_backend
# exit

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography (40.0) will be the last to support Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping redis_redis_3 ... done
Stopping redis_redis_2 ... done
Stopping redis_redis_1 ... done
Removing redis_redis_3 ... done
Removing redis_redis_2 ... done
Removing redis_redis_1 ... done
Removing network redis_default

harbor镜像仓库搭建实战

默认第三方镜像仓库在海外，不允许有太多私有镜像。

harbor镜像仓库安装需求：docker、docker-compose

harbor官网：https://github.com/goharbor/harbor/

node1

下载安装harbor：

# cd /usr/local/src/
# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
# tar -zxvf harbor-offline-installer-v1.8.0.tgz
# mv harbor /usr/local/harbor

修改harbor配置文件：

# vim /usr/local/harbor/harbor.yml
# 5行，修改配置
hostname: 10.80.10.1
# 27行，修改配置
harbor_admin_password: 123456qwerty

harbor_admin_password：密码。

启动harbor：

# /usr/local/harbor/install.sh
# cd /usr/local/harbor/
# docker-compose ps
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
      Name                     Command                       State                        Ports              
-------------------------------------------------------------------------------------------------------------
harbor-core         /harbor/start.sh                 Up (health: starting)                                   
harbor-db           /entrypoint.sh postgres          Up (health: starting)   5432/tcp                        
harbor-jobservice   /harbor/start.sh                 Up                                                      
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (health: starting)   127.0.0.1:1514->10514/tcp       
harbor-portal       nginx -g daemon off;             Up (health: starting)   80/tcp                          
nginx               nginx -g daemon off;             Up (health: starting)   0.0.0.0:80->80/tcp,:::80->80/tcp
redis               docker-entrypoint.sh redis ...   Up                      6379/tcp                        
registry            /entrypoint.sh /etc/regist ...   Up (health: starting)   5000/tcp                        
registryctl         /harbor/start.sh                 Up (health: starting)

访问测试：http://10.80.10.1/

1 2	用户名：admin 密码：123456qwerty

进入主页：

新建项目：

1 2	项目名称：test 访问级别：公开

重启docker harbor，数据还在，数据会保存在本地。

# docker-compose down
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Stopping nginx             ... done
Stopping harbor-portal     ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping registry          ... done
Stopping registryctl       ... done
Stopping harbor-db         ... done
Stopping redis             ... done
Stopping harbor-log        ... done
Removing nginx             ... done
Removing harbor-portal     ... done
Removing harbor-jobservice ... done
Removing harbor-core       ... done
Removing registry          ... done
Removing registryctl       ... done
Removing harbor-db         ... done
Removing redis             ... done
Removing harbor-log        ... done
Removing network harbor_harbor

1 2	# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

# docker-compose up -d
/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.backends import default_backend
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry    ... done
Creating registryctl ... done
Creating harbor-db   ... done
Creating redis       ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal     ... done
Creating nginx             ... done

关闭注册功能：

系统管理—>配置管理—>允许自注册（关闭）

退出再次登录就没有注册功能了：

15.harbor镜像仓库的使用

node1

docker默认只允许访问https仓库，http仓库需要额外开启：

# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["http://hub-mirror.c.163.com/","http://10.80.10.1/"],
  "insecure-registries": ["http://10.80.10.1"]
}

1	# systemctl restart docker

1 2	# cd /usr/local/harbor/ # docker-compose down && docker-compose up -d

镜像推送到自建仓库：

# docker tag centos:nginx 10.80.10.1/test/centos:nginx
# docker images | grep centos | grep nginx
10.80.10.1/test/centos          nginx                      7dbd7e8bbca1   41 minutes ago   540MB
centos                          nginx                      7dbd7e8bbca1   41 minutes ago   540MB

登录harbor才能push，用户名admin，密码123456qwerty：

1 2	# docker login 10.80.10.1 # docker push 10.80.10.1/test/centos:nginx

node2

下载安装docker，采用阿里源：

# cd /etc/yum.repos.d/
# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum makecache fast
# yum -y install docker-ce

启动docker，添加开机自启：

1
2
3

# systemctl start docker
# systemctl enable docker
# systemctl status docker

设置镜像仓库：

# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["http://hub-mirror.c.163.com/","http://10.80.10.1/"],
  "insecure-registries": ["http://10.80.10.1"]
}

1	# systemctl restart docker

拉取镜像：

# docker pull 10.80.10.1/test/centos:nginx
# docker images
REPOSITORY               TAG       IMAGE ID       CREATED          SIZE
10.80.10.1/test/centos   nginx     7dbd7e8bbca1   44 minutes ago   540MB

node1

上传镜像：

# docker tag centos:7 10.80.10.1/test/centos:7
# docker images | grep centos
centos                          multiproc                  fc67043c0d22   37 minutes ago   795MB
centos                          redis                      036dc6b9be22   41 minutes ago   589MB
centos                          nginx                      7dbd7e8bbca1   44 minutes ago   540MB
10.80.10.1/test/centos          nginx                      7dbd7e8bbca1   44 minutes ago   540MB
centos                          mine                       b80e3ef6dbe9   52 minutes ago   439MB
10.80.10.1/test/centos          7                          eeb6ee3f44bd   2 years ago      204MB
centos                          7                          eeb6ee3f44bd   2 years ago      204MB
# docker push 10.80.10.1/test/centos:7

修改为私有仓库：

项目—>test[项目名称]—>配置管理

1	项目仓库：公开（取消勾选）

node2

拉取私有镜像需要先登录：

# docker login 10.80.10.1
# docker pull 10.80.10.1/test/centos:7
# docker images
REPOSITORY               TAG       IMAGE ID       CREATED          SIZE
10.80.10.1/test/centos   nginx     7dbd7e8bbca1   45 minutes ago   540MB
10.80.10.1/test/centos   7         eeb6ee3f44bd   2 years ago      204MB

运行测试：

# docker run -d 10.80.10.1/test/centos:nginx
83add4b4a42399aba02476cbba83c0a16071a436b120cf89a1cd77674de17ffb
# docker ps
CONTAINER ID   IMAGE                          COMMAND   CREATED         STATUS         PORTS     NAMES
83add4b4a423   10.80.10.1/test/centos:nginx   "start"   5 seconds ago   Up 4 seconds             friendly_gould
# docker exec -it 83add4b4a4 /bin/bash
# ps aux
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.0  11688  1348 ?        Ss   16:33   0:00 /bin/bash /usr/bin/start
root          7  0.0  0.0  20548  1548 ?        S    16:33   0:00 nginx: master process /usr/local/nginx/sbin/nginx -g daemon off;
nobody        8  0.0  0.0  20988  1308 ?        S    16:33   0:00 nginx: worker process
root          9  0.0  0.0  11828  1900 pts/0    Ss   16:34   0:00 /bin/bash
root         23  0.0  0.0  51732  1728 pts/0    R+   16:34   0:00 ps aux
# exit
# docker rm -f 83add4b4a4
83add4b4a4