【Container】Docker基础

一、Docker介绍

1. What is Docker?

Docker is an open platform for building,shipping and running distributed applications. It gives programmers,development teams and operations engineers the common toolbox they need to take advantage of the distributed andnetworked nature of modern applications.

2. Containers vs VMs

- Contaniners are isolated, but share OS and,where appropriate,bins/libraries

- VMs: Server ->Host OS ->Hypervisor(Type2) ->Guest OS ->Bins/libs ->App

3. Docker组成及组件

- 组成: Docker Client和Docker server

- 组件: 镜像(Image)、容器(Container)、仓库(Repository)

4. Docker vs Openstack

- 部署难度: Docker非常容易，而openstack组件多且部署复杂

- 启动速度: Docker秒级，openstack分钟级

- 执行性能: Docker和物理系统几乎一致，openstack VM会占用一些资源

- 镜像体积: Docker镜像是MB级别，而openstack虚拟机镜像GB级别

- 管理效率: Docker管理简单，openstack组件相互依赖，管理复杂

- 隔离性: Docker隔离性高，openstack彻底隔离

- 可管理性: Docker单进程、不建议启动SSH，openstack完整的系统管理

- 网络连接: Docker比较弱，openstack借助Neutron可以灵活组件隔离网络架构

- 云计算平台: Docker是PAAS，openstack是IAAS

5. Docker应用场景

- Simplifying configuration

- Developer productivity

- Server consolidation

- Multi-tenancy

- Code Pipeline Management

- App Isolcation

- Debugging Capabilities

- Repid Deployment

6. Docker好处

- 一次构建到处运行

- 交付模式发生改变，交付更便捷

- 获得比虚拟机性能更小的方案，比虚拟机更快的自动化扩容

- 更适合微服务(SOA架构下小功能模块集群)、IO风暴

- 面对测试：多版本测试

- 可用于产品、开发、运维、自动化、测试

二、Docker部署

1. 安装

# rpm -ivh epel-release-<7.x>.rpm
# yum -y install docker-io
# systemctl start docker
# docker search centos
# docker pull centos
# docker images

2. Docker镜像管理

- 搜索镜像: docker search
- 获取镜像: docker pull
- 查看镜像: docker images
- 删除镜像: docker rmi

3. Docker容器管理

- 启动容器: docker run --name -h hostname
- 停止容器: docker stop <CONTAINER ID>
- 查看容器: docker ps
- 进入容器: docker exec |docker attach
- 删除容器: docker rm

4. 实例

# docker run centos /bin/echo 'hello world'
# docker ps -a
# docker run --name mydocker -it centos /bin/bash

# docker start <container_id>
# docker run -d --name mydocker1 centos 
# docker run -d --name mynginx nginx
# docker ps -a |grep nginx
# docker rm <cid>
# docker stop <cid>

# docker ps -l
# docker --help
# docker attach <Cid>
# nsenter //访问另一个名字进程空间命令
# yum -y install util-linux
# docker ps -l
# docker start <Cid>
# docker inspect --format "{{.State.Pid}}" mynginx
# nsenter --target 32439 --mount --uts --ipc --net --pid 
$ ps aux 
$ cd /etc/nginx
$ cat nginx.conf
$ cd /etc/nginx/conf.d/default.conf
$ ll /usr/share/nginx/html
$ exit
# docker ps -l
# vi in.sh
  #!/bin/bash
  CNAME=$1
  CPID=$(docker inspect --format "{{.State.Pid}}" $CANME)
  nsenter --target "$CPID" --mount --uts --ipc --net --pid
# ./in.sh mynginx

备注：

- docker只能启用一个应用进程

- docker问题需要手动删除容器

5. Docker网络访问

- 随机映射: docker run -P

- 指定映射: docker run -p hostPort:containerPort

-p ip:hostPort:containerPort

-p ip::contanierPort

-p hostPort:containerPort

-p hostPort:containerPort

- 示例

# brctl show
# ./in.sh mynginx
# ping www.baidu.com
# ip ad li
# ip ro li
# docker run -d -P --name mynginx1 nginx
# docker ps -l
# docker run -d -p 91:80 --name mynginx2 nginx

三、Docker管理

1. Docker数据卷

- -v /data

- -v src:dst

- 示例

# docker images
# docker run --it --name volume-test1 -h nginx -v /data nginx
# ll /data
# docker inspect -f {{.Volume}} volume-test1
# cd /var/lib/docker/vfs/dir
# ls
# docker ps -l
# docker run -it --name volume-test2 -h nginx -v /opt:/opt centos
# docker run -it --name volume-test3 -h nignx -v /etc.hosts:/etc/hosts centos

2. 数据卷容器

- --volumes-from

# docker run -it --name volume-test4 -h nginx --volumes-from volume-test1 centos

3. Docker镜像构建

- 示例 

# docker pull centos
# docker run --name nginx-man -it centos

- docker上安装nginx

# yum -y install wget gcc gcc-c++ make openssl-devel
# wget http://nginx.org/download/nginx-1.9.3.tar.gz
# wget ftp://ftp.csx.cam.uk/pub/software/programming/pcre/pcre-8.37.tar.gz
# mv *.gz /usr/local/src
# cd /usr/local/src
# tar zxf pcre-8.37.tar.gz
# tar zxf nginx-1.9.3.tar.gz
# rm -rf pcre-8.37.tar.gz nginx-1.9.3.tar.gz
# useradd -s /sbin/noglogin -M www
# cd nginx-1.9.3
# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.37
# make && make install
# vi /etc/rc.local
  /usr/local/nginx/sbin/nginx 
# vi /usr/local/nginx/conf/nginx.conf
  daemon off
# head /usr/local/nginx/conf/nginx.conf
$ exit
# docker ps -l
# docker commit -m "my nginx" <cid> xxx/my-nginx:v1
# docker images
# docker run -p 92:80 xxx/my-nginx:v1
# docker ps -l
# docker run -it xxx/my-nginx:v1
# vi /etc/rc.local
  /usr/local/nginx/sbin/nginx
# exit
# docker commit -m "v2" xxxx xxx/my-nginx:v2
# docker images
# docker run -d -p 99:80 xxx/my-nginx:v2 /usr/local/nginx/sbin/nginx
# docker ps -l

4. Docker镜像构建dockerfile

- 基础镜像信息

- 维护者信息

- 镜像操作指令

- 容器启动时执行指令

- 制作dockerfile步骤

  o From 基础镜像

  o MAINTAINER维护者信息

  o RUN把命令前面加上RUN，做什么

  o ADD 拷贝文件会自动解压

  o WROKDIR当前工作目录

  o VOLUME目录挂载，存放地址

  o EXPOSE端口

  o RUN进程要一直运行下去

- 示例

# mkdir /opt/docker-file
# cd /opt/docker-file
# mkdir nginx
# pwd
# vim Dockerfile
  # This is My first Dockerfile
  # Version 1.0
  # Author: <name>

  # Base images
  FROM centos

  # Maintainer
  MAINTAINER <name>

  # ADD
  ADD pcre-8.37.tar.gz /usr/local/src
  ADD nginx-1.9.3.tar.gz /usr/local/src

  # RUN
  RUN yum install -y wget gcc gcc-c++ make openssl-devel
  RUN useradd -s /sbin/nologin -M www

  # WORKDIR
  WORKDIR /usr/local/src/nginx-1.9.3
  RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install
  RUN echo "daemon off;" >>/usr/local/nginx/conf/nginx.conf

  ENV PATH /usr/local/nginx/sbin:$PATH
  EXPOSE 80

  CMD ["nginx"]
# docker build -t nginx-file:v1 /opt/docker-file/nginx/
# docker images

四、Docker核心原理

1. Docker资源隔离

- LXC Kernel namespace

  o Pid

  o Net

  o Ipc

  o mnt

  o uts 使docker有自己的hostname

  o User

  o 资源限制

- cgroup

  o CPU

  o 内存

  o Disk (不可控制)

2. 压测工具stress安装

# yum -y install stress
# stress -c forks(进程数) -m forks(内存分配进程)
# mkdir stress
# cd stress
# http://mirrors.aliyun.com/repo
# vi Dockerfile
  FROM centos
  ADD epel-7.repo /etc/yum.repos.d/
  RUN yum -y install stress && yum clean all
  ENTRYPOINT ["stress"]
# docker build -t stress .
# docker images
# cd 
# docker --help
# cat /proc/cpuinfo
# docker run -it --rm stress --cpu 1
# top
# docker run -it --rm -c 512 stress --cpu 1
# docker --help
# docker run -it --rm --cpuset-cpus=0 stress --cpu 1
# docker run -it --rm -m 128m stress --vm 1 --vm-bytes 128m --vm-hang 0
# docker exec <cid> /bin/bash
# docker run --help

3. Docker network

- bridge

- 桥接网络类似NAT

- host网络

- 示例

# ipconfig
# iptables -L
# docker run -d -p 5001:5000 registry
# docker ps -l
# docker images
# docker tab elasticsearch 192.168.x.x:5001/test/es:v1 
# docker images
# docker push 192.168.x.x:5001/test/es:v1
# vi /etc/sysconfig/docker
  other_args="--insecure-registry 192.168.x.x:5001 -H tcp://0.0.0.0:235 -H unix:///var/run/docker.sock"
# /etc/init.d/docker restart
# docker tab elasticsearch 192.168.x.x:5001/test/es:v1 
# docker ps -l
# docker start <cid>
# docker ps -l
# docker rm <cid>
# docker pull 192.168.x.x:5001/test/es:v1