9、libcontainer
libcontainer是Docker架构中一个使用Go语言设计实现的库,设计初衷是希望该库可以不依靠任何依赖,直接访问内核中与容器相关的API。
正是由于libcontainer的存在,Docker可以直接调用libcontainer,而最终操纵容器的namespace、cgroups、apparmor、网络设备以及防火墙规则等。这一系列操作的完成都不需要依赖LXC或者其他包。libcontainer架构如下:
另外,libcontainer提供了一整套标准的接口来满足上层对容器管理的需求。或者说,libcontainer屏蔽了Docker上层对容器的直接管理。又由于libcontainer使用Go这种跨平台的语言开发实现,且本身又可以被上层多种不同的编程语言访问,因此很难说,未来的Docker就一定会紧紧地和Linux捆绑在一起。而于此同时,Microsoft在其著名云计算平台Azure中,也添加了对Docker的支持,可见Docker的开放程度与业界的火热度。
暂不谈Docker,由于libcontainer的功能以及其本身与系统的松耦合特性,很有可能会在其他以容器为原型的平台出现,同时也很有可能催生出云计算领域全新的项目。
10、docker container
Docker container(Docker容器)是Docker架构中服务交付的最终体现形式。
Docker按照用户的需求与指令,订制相应的Docker容器:
用户通过指定容器镜像,使得Docker容器可以自定义rootfs等文件系统;
用户通过指定计算资源的配额,使得Docker容器使用指定的计算资源;
用户通过配置网络及其安全策略,使得Docker容器拥有独立且安全的网络环境;
用户通过指定运行的命令,使得Docker容器执行指定的工作。
1、安装
yum install docker -y
systemctl enable docker
systemctl start docker
注意:启动前应当设置源
vim /usr/lib/systemd/system/docker.service
这里设置阿里的,注册阿里云账户号每个用户都有:
[root@web1 ~]# vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current --registry-mirror=https://rfcod7oz.mirror.aliyuncs.com #这个值可以登陆阿里云账号请参考下图
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
--default-runtime=docker-runc
--exec-opt native.cgroupdriver=systemd
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current
--init-path=/usr/libexec/docker/docker-init-current
--seccomp-profile=/etc/docker/seccomp.json
$OPTIONS
$DOCKER_STORAGE_OPTIONS
$DOCKER_NETWORK_OPTIONS
$ADD_REGISTRY
$BLOCK_REGISTRY
$INSECURE_REGISTRY
$REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process
[Install]
WantedBy=multi-user.target
2、docker版本查询
[root@web1 ~]# docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-96.gitb2f74b2.el7.centos.x86_64
Go version: go1.10.3
Git commit: b2f74b2/1.13.1
Built: Wed May 1 14:55:20 2019
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-96.gitb2f74b2.el7.centos.x86_64
Go version: go1.10.3
Git commit: b2f74b2/1.13.1
Built: Wed May 1 14:55:20 2019
OS/Arch: linux/amd64
Experimental: false
3、搜索下载镜像
docker pull alpine #下载镜像
docker search nginx #查看镜像
docker pull nginx
4、查看已经下载的镜像
[root@web1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zxg/my_nginx v1 b164f4c07c64 8 days ago 126 MB
zxg/my_nginx latest f07837869dfc 8 days ago 126 MB
docker.io/nginx latest e445ab08b2be 2 weeks ago 126 MB
docker.io/alpine latest b7b28af77ffe 3 weeks ago 5.58 MB
docker.io/centos latest 9f38484d220f 4 months ago 202 MB
[root@web1 ~]#
5、导出镜像
docker save nginx >/tmp/nginx.tar.gz
6、删除镜像
docker rmi -f nginx
7、导入镜像
docker load </tmp/nginx.tar.gz
8、默认配置文件
vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current --registry-mirror=https://rfcod7oz.mirror.aliyuncs.com
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
--default-runtime=docker-runc
--exec-opt native.cgroupdriver=systemd
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current
--init-path=/usr/libexec/docker/docker-init-current
--seccomp-profile=/etc/docker/seccomp.json
$OPTIONS
$DOCKER_STORAGE_OPTIONS
$DOCKER_NETWORK_OPTIONS
$ADD_REGISTRY
$BLOCK_REGISTRY
$INSECURE_REGISTRY
$REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process
[Install]
WantedBy=multi-user.target
~
~
~
~
如果更改存储目录就添加
--graph=/opt/docker
如果更改DNS——默认采用宿主机的dns
--dns=xxxx的方式指定
9、运行hello world
这里用centos镜像echo一个hello word
[root@web1 overlay2]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zxg/my_nginx v1 b164f4c07c64 8 days ago 126 MB
zxg/my_nginx latest f07837869dfc 8 days ago 126 MB
docker.io/nginx latest e445ab08b2be 2 weeks ago 126 MB
docker.io/alpine latest b7b28af77ffe 3 weeks ago 5.58 MB
docker.io/centos latest 9f38484d220f 4 months ago 202 MB
[root@web1 overlay2]# docker run centos echo "hello world"
hello world
[root@web1 overlay2]#
10、运行一个容器-run
[root@web1 overlay2]# docker run -it alpine sh #运行并进入alpine
/ #
/ #
/ #
/ #
/ #
/ # ls
bin etc lib mnt proc run srv tmp var
dev home media opt root sbin sys usr
/ # cd tmp
/tmp # exit
后台运行(-d后台运行)(--name添加一个名字)
[root@web1 overlay2]# docker run -it -d --name test1 alpine
ac46c019b800d34c37d4f9dcd56c974cb82eca3acf185e5f8f80c8a60075e343
[root@web1 overlay2]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac46c019b800 alpine "/bin/sh" 5 seconds ago Up 3 seconds test1
[root@web1 overlay2]#
还有一种-rm参数,ctrl c后就删除,可以测试环境用,生成环境用的少
[root@web1 overlay2]# docker run -it --rm --name centos nginx
^C[root@web1 overlay2]#
##另开一个窗口
[root@web1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3397b96ea7bd nginx "nginx -g 'daemon ..." 27 seconds ago Up 25 seconds 80/tcp centos
ac46c019b800 alpine "/bin/sh" 4 minutes ago Up 4 minutes test1
[root@web1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac46c019b800 alpine "/bin/sh" 4 minutes ago Up 4 minutes test1
[root@web1 ~]#
11、如何进入容器
三种方法,上面已经演示了一种
第一种,需要容器本身的pid及util-linux,不推荐,暂时不演示了
第二种,不分配bash终端的一种实施操作,不推荐,这种操作如果在开一个窗口也能看到操作的指令,所有人都能看到。
[root@web1 overlay2]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9fc796e928d7 nginx "sh" 2 minutes ago Up 8 seconds 80/tcp mynginx
ac46c019b800 alpine "/bin/sh" 12 minutes ago Up 12 minutes test1
[root@web1 overlay2]# docker attach mynginx
#
#
#
#
# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
# exit
[root@web1 overlay2]# docker attach mynginx
You cannot attach to a stopped container, start it first
[root@web1 overlay2]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac46c019b800 alpine "/bin/sh" 13 minutes ago Up 13 minutes test1
[root@web1 overlay2]#
第三种:exec方式,终端时分开的,推荐
[root@web1 overlay2]# docker exec -it mynginx sh
#
#
#
# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
# exit
[root@web1 overlay2]#
[root@web1 overlay2]#
[root@web1 overlay2]#
[root@web1 overlay2]# docker pa
docker: 'pa' is not a docker command.
See 'docker --help'
[root@web1 overlay2]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6fc2d091cfe9 nginx "nginx -g 'daemon ..." 45 seconds ago Up 43 seconds 80/tcp mynginx
ac46c019b800 alpine "/bin/sh" 16 minutes ago Up 16 minutes test1
12、查看docker进程及删除容器
上面已经演示:
[root@web1 overlay2]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9fc796e928d7 nginx "sh" 2 minutes ago Up 8 seconds 80/tcp mynginx
ac46c019b800 alpine "/bin/sh" 12 minutes ago Up 12 minutes test1
[root@web1 overlay2]# docker ps -a #-a :显示所有的容器,包括未运行的
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9fc796e928d7 nginx "sh" 4 minutes ago Exited (0) About a minute ago mynginx
ac46c019b800 alpine "/bin/sh" 15 minutes ago Up 15 minutes test1
3bf234febeaa alpine "sh" 17 minutes ago Exited (0) 16 minutes ago youthful_lumiere
ab113c63f0b4 centos "echo 'hello world'" 31 minutes ago Exited (0) 31 minutes ago infallible_torvalds
b326027dcf42 zxg/my_nginx "nginx" 8 days ago Exited (0) 8 days ago my_nginx
4f1f1ca319f2 centos "bash" 8 days ago Exited (137) 8 days ago musing_lichterman
64b4e32991c7 nginx "nginx -g 'daemon ..." 12 days ago Exited (0) 12 days ago mynginx1
aee506fe7b5a alpine "sh" 12 days ago Created infallible_haibt
70620c73b9a0 alpine "sh" 12 days ago Created gallant_volhard
7655cbf87bb0 alpine "sh" 12 days ago Created agitated_brahmagupta
33fb949372e8 fce289e99eb9 "/hello" 12 days ago Created elastic_dijkstra
9de47616aea4 fce289e99eb9 "/hello" 13 days ago Created confident_fermi
[root@web1 overlay2]# docker rm 9fc796e928d7 #rm时删除一个或多个容器
9fc796e928d7
13、查看容器详细信息
并不需要进入到容器里面,通过查看详细信息看到了刚才运行的nginx,宿主机curl ip地址访问一下运行情况。
[root@web1 overlay2]# docker inspect mynginx[ { "Id": "6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010", "Created": "2019-08-07T08:57:48.864538933Z", "Path": "nginx", "Args": [ "-g", "daemon off;"], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 119948, "ExitCode": 0, "Error": "", "StartedAt": "2019-08-07T08:57:49.417992182Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:e445ab08b2be8b178655b714f89e5db9504f67defd5c7408a00bade679a50d44", "ResolvConfPath": "/var/lib/docker/containers/6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010/resolv.conf", "HostnamePath": "/var/lib/docker/containers/6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010/hostname", "HostsPath": "/var/lib/docker/containers/6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010/hosts", "LogPath": "", "Name": "/mynginx", "RestartCount": 0, "Driver": "overlay2", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": , "HostConfig": { "Binds": , "ContainerIDFile": "", "LogConfig": { "Type": "journald", "Config": {} }, "NetworkMode": "default", "PortBindings": {}, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": , "CapAdd": , "CapDrop": , "Dns": , "DnsOptions": , "DnsSearch": , "ExtraHosts": , "GroupAdd": , "IpcMode": "", "Cgroup": "", "Links": , "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": , "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "docker-runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": , "BlkioDeviceReadBps": , "BlkioDeviceWriteBps": , "BlkioDeviceReadIOps": , "BlkioDeviceWriteIOps": , "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": , "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": -1, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": , "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Name": "overlay2", "Data": { "LowerDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a-init/diff:/var/lib/docker/overlay2/d8e95505fc3894eb30b48e4b0f48ab5e89d99c09a07c79c0b057c611621e31eb/diff:/var/lib/docker/overlay2/b2a6a25974bf17398b698a27208711574be3c69a2cd06658bbe838359f373a27/diff:/var/lib/docker/overlay2/d4610bc89b3ba8ad6ab30ea895fc3a06efff15db493d86ac9bc100e04abbab67/diff", "MergedDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a/merged", "UpperDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a/diff", "WorkDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a/work" } }, "Mounts": , "Config": { "Hostname": "6fc2d091cfe9", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": true, "OpenStdin": true, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.17.2", "NJS_VERSION=0.3.3", "PKG_RELEASE=1~buster" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "ArgsEscaped": true, "Image": "nginx", "Volumes": , "WorkingDir": "", "Entrypoint": , "OnBuild": , "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGTERM" }, "NetworkSettings": { "Bridge": "", "SandboxID": "3ece36008fbc5f3f46d3d251cf803c1478cc14032d74a36747e4ed8a115b81df", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": }, "SandboxKey": "/var/run/docker/netns/3ece36008fbc", "SecondaryIPAddresses": , "SecondaryIPv6Addresses": , "EndpointID": "898de81d97d54d2b60aeb6cc77ef1b4f9b481d1b72f542faa496494594024eac", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.3", #看到ip地址 "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:03", "Networks": { "bridge": { "IPAMConfig": , "Links": , "Aliases": , "NetworkID": "2edae9131e77500a56d251b94ab2cdf0bc86f8df9f2453fa46bf4bab2f7be99f", "EndpointID": "898de81d97d54d2b60aeb6cc77ef1b4f9b481d1b72f542faa496494594024eac", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03" } } } }][root@web1 overlay2]# curl 172.17.0.1 #访问一下<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Test Page for the Nginx HTTP Server on Fedora</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172; } hr { display: none; } .content { padding: 1em 5em; } .alert { border: 2px solid #000; } img { border: 2px solid #fff; padding: 2px; margin: 2px; } a:hover img { border: 2px solid #294172; } .logos { margin: 1em; text-align: center; } /*]]>*/ </style> </head> <body> <h1>Welcome to <strong>nginx</strong> on Fedora!</h1> <div class="content"> <p>This page is used to test the proper operation of the <strong>nginx</strong> HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly.</p> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>This is the default <tt>index.html</tt> page that is distributed with <strong>nginx</strong> on Fedora. It is located in <tt>/usr/share/nginx/html</tt>.</p> <p>You should now put your content in a location of your choice and edit the <tt>root</tt> configuration directive in the <strong>nginx</strong> configuration file <tt>/etc/nginx/nginx.conf</tt>.</p> </div> </div> <div class="logos"> <a href="http://nginx.net/"><img src="//img.yd166.com/nginx-logo.png" alt="[ Powered by nginx ]" width="121" height="32" /></a> <a href="http://fedoraproject.org/"><img src="//img.yd166.com/poweredby.png" alt="[ Powered by Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>[root@web1 overlay2]#
14、查看日志
-f 挂起这个终端,动态查看日志
[root@web1 ~]# docker logs -f mynginx
参考文章:
https://cloud.tencent.com/developer/article/1006116
https://yq.aliyun.com/articles/65145
https://blog.51cto.com/10085711/2068290
https://www.cnblogs.com/zuxing/articles/8717415.html
———— e n d ————
微服务、高并发、JVM调优、面试专栏等20 大进阶架构师专题请关注公众号【Java进阶架构师】后在菜单栏查看。
看到这里,说明你喜欢本文
你的转发,是对我最大的鼓励!在看亦是支持↓