Docker 基础 (二)
网络管理
容器网络模式
Docker支持5种网络模式
- bridge
- 默认网络,Docker启动后默认创建一个docker0网桥,默认创建的容器也是添加到这个网桥中
- host
- 容器不会获得一个独立的network namespace,而是与宿主机共用一个
- none
- 获取独立的network namespace,但不为容器进行任何网络配置
- container
- 与指定的容器使用同一个network namespace,网卡配置也都是相同的
- 自定义
- 自定义网桥,默认与bridge网络一样
bridge网络类型
#安装bridge管理工具 [root@docker ~]# yum -y install bridge-utils #查看网桥状态 [root@docker ~]# brctl show bridge name bridge id STP enabled interfaces br-8b5c6f8dda1b 8000.0242c58ed7af no veth2353d8f #网桥br-8b绑定了两个虚拟网卡 vethfcbcc06 docker0 8000.0242bb7816b0 no vethc56d32e #网桥docker0绑定了一个虚拟网卡 [root@Docker wordpress]# [root@Docker wordpress]# brctl show bridge name bridge id STP enabled interfaces br-8b5c6f8dda1b 8000.0242c58ed7af no veth2353d8f vethfcbcc06 docker0 8000.0242bb7816b0 no vethc56d32e #查看网络类型 [root@Docker ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 0473d8d3ea39 bridge bridge local #两个网桥类型的网络 35eac1787b93 host host local 8b5c6f8dda1b lnmp bridge local #两个网桥类型的网络 6a55607e6320 none null local #查看容器进程 [root@Docker ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7b5cb26948f centos:7 "/bin/bash" 6 minutes ago Up 6 minutes elated_boyd a2a3b9570ac6 richarvey/nginx-php-fpm "docker-php-entrypoi…" 3 hours ago Up 3 hours 443/tcp, 9000/tcp, 0.0.0.0:88->80/tcp lnmp_web 5457673cb241 mysql:5.7 "docker-entrypoint.s…" 3 hours ago Up 3 hours 0.0.0.0:3306->3306/tcp lnmp_mysql #查看容器lnmp_mysql的网络信息 [root@Docker ~]# docker inspect lnmp_mysql | grep -A 15 "Networks" "Networks": { "lnmp": { #网络类型lnmp "IPAMConfig": null, "Links": null, "Aliases": [ "5457673cb241" ], "NetworkID": "8b5c6f8dda1b8412f67be21b72d5076defbd50a612f2cd33a282d8f66348d1ec", "EndpointID": "a8ae67e4aa07f6e7743bc99e76eb0e331c8fb7cb7a3e5acbb6b7280108d29a4f", "Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥br "IPAddress": "172.18.0.2", #容器IP172.18.0.2 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:00:02", #查看容器lnmp_web的网络信息 [root@Docker ~]# docker inspect lnmp_web | grep -A 15 "Networks" "Networks": { "lnmp": { #网络类型lnmp "IPAMConfig": null, "Links": null, "Aliases": [ "a2a3b9570ac6" ], "NetworkID": "8b5c6f8dda1b8412f67be21b72d5076defbd50a612f2cd33a282d8f66348d1ec", "EndpointID": "d6788782be399d2abec275b3441442f7ea403cecd0530ad60bcce958cb963ba0", "Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥br "IPAddress": "172.18.0.3", #容器IP172.18.0.3 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:00:03", #查看容器elated_boyd的网络信息 [root@Docker ~]# docker inspect elated_boyd | grep -A 15 "Networks" "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "0473d8d3ea39bd48152b0f2e05a6408da847aff500ba40b28672e883a3e80c55", "EndpointID": "cc7f088ac960195e606e2263361e3312d3d8bf010515e2b7c9d1bc29eba76c51", "Gateway": "172.17.0.1", #网关172.17.0.1,这就是网桥docker0 "IPAddress": "172.17.0.2", #容器IP172.17.0.2 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null }
host网络类型
#启动一个网络类型为host的容器 [root@Docker ~]# docker run -dit --name test2 --network host centos:latest /bin/bash c38f36ee9c4b7ba78e5344f0b9630b93dedea58b365fb5148bb84edef5d6ba1b [root@Docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c38f36ee9c4b centos:latest "/bin/bash" 32 seconds ago Up 31 seconds test2 c7b5cb26948f centos:7 "/bin/bash" 19 minutes ago Up 19 minutes elated_boyd 994054a90325 nginx "nginx -g 'daemon of…" 3 hours ago Exited (0) About an hour ago nginx-test a2a3b9570ac6 richarvey/nginx-php-fpm "docker-php-entrypoi…" 3 hours ago Up 3 hours 443/tcp, 9000/tcp, 0.0.0.0:88->80/tcp lnmp_web 5457673cb241 mysql:5.7 "docker-entrypoint.s…" 3 hours ago Up 3 hours 0.0.0.0:3306->3306/tcp lnmp_mysql #查看容器的ip [root@Docker ~]# docker exec test2 hostname -I #这就是网络类型为host的容器,ip地址和docker宿主机完全一样 192.168.94.104 172.17.0.1 172.18.0.1 [root@Docker ~]# docker exec elated_boyd hostname -I #网桥类型容器 172.17.0.2 [root@Docker ~]# docker exec lnmp_mysql hostname -i #网桥类型容器 172.18.0.2 [root@Docker ~]# docker exec lnmp_web hostname -i #网桥类型容器 172.18.0.3
none网络类型(用于建立与宿主机的桥接模式)
#启动一个网络类型为none的容器 [root@Docker ~]# docker run -dit --name test3 --net none centos:latest 5af791a78cc442f707e01fea5fac602f50c639393320ef22f260caa5bbc99df1 #查看容器IP地址 [root@docker ~]# docker exec test3 hostname -I [root@Docker ~]# #没有ip , none类型就是暂时不给容器指定网卡
container网络类型
指定新容器使用指定容器的网卡
#启动一个容器,网络类型container,使用elated_boyd容器的网卡 [root@Docker ~]# docker run -dit --name test4 --net container:elated_boyd centos:latest /bin/bash 71e0b8059f80c352ee4466d73f798fc9162f1c14c6440f98027d1c5ede0c1c56 [root@Docker ~]# docker inspect elated_boyd| grep -A 15 "Networks" "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "0473d8d3ea39bd48152b0f2e05a6408da847aff500ba40b28672e883a3e80c55", "EndpointID": "cc7f088ac960195e606e2263361e3312d3d8bf010515e2b7c9d1bc29eba76c51", "Gateway": "172.17.0.1", #elated_boyd容器的网关 "IPAddress": "172.17.0.2", #elated_boyd容器网桥 "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } [root@Docker ~]# docker inspect test4 | grep -A 15 "Networks" "Networks": {} #test4容器并没有自己的网络设置 } } ] [root@Docker ~]# docker exec test4 hostname -I #test4没有网络设置却有IP地址和elated_boyd容器完全一样 172.17.0.2
桥接宿主机网络与配置固定IP地址
#构建一个永久生效的网桥br0 [root@Docker network-scripts]# cat ifcfg-ens33 TYPE=Ethernet BOOTPROTO=dhcp NAME=ens33 DEVICE=ens33 ONBOOT=yes BRIDGE=br0 [root@Docker network-scripts]# cat ifcfg-br0 TYPE=Bridge BOOTPROTO=static DEVICE=br0 ONBOOT=yes IPADDR=192.168.94.104 NETMASK=255.255.255.0 GATEWAY=192.168.94.2 DNS1=192.168.94.2 #查看网卡IP [root@Docker network-scripts]# ifconfig ens33 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:0c:29:d4:46:ba txqueuelen 1000 (Ethernet) #ens33网卡已经没有IP地址了 RX packets 866834 bytes 1207295538 (1.1 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 173102 bytes 15618089 (14.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.94.104 netmask 255.255.255.0 broadcast 192.168.94.255 #网桥br0代替了ens33 inet6 fe80::20c:29ff:fed4:46ba prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d4:46:ba txqueuelen 1000 (Ethernet) RX packets 1055 bytes 3077651 (2.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 745 bytes 69453 (67.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@Docker network-scripts]# brctl show bridge name bridge id STP enabled interfaces br-8b5c6f8dda1b 8000.0242c58ed7af no veth2353d8f vethfcbcc06 br0 8000.000c29d446ba no ens33 #网桥br0,桥接在了真实的物理网卡ens33上 docker0 8000.0242bb7816b0 no veth48e6f95
通过pipework工具配置容器固定IP
pipework工具下载地址:https://github.com/jpetazzo/pipework.git
[root@docker ~]# mv pipework-master /usr/local/ [root@docker ~]# ln -s /usr/local/pipework-master/pipework /usr/local/bin/ #建立网络类型为none的容器,并通过pipework配置固定ip地址 [root@Docker ~]# docker run -dit --name test5 --net none centos:latest /bin/bash de41157b70f3b3a2f9e4c27e2f37e7e4b6c0070219a973c3f1c9a378fc93a128 [root@Docker ~]# pipework br0 test5 192.168.94.111/24@192.168.94.2 #设置容器固定IP为192.168.94.111网关192.168.94.2 [root@Docker ~]# docker exec test hostname -I 192.168.94.111 [root@Docker ~]# ping 192.168.94.111 #宿主机ping能通 PING 192.168.94.111 (192.168.94.111) 56(84) bytes of data. 64 bytes from 192.168.94.111: icmp_seq=1 ttl=64 time=0.180 ms 64 bytes from 192.168.94.111: icmp_seq=2 ttl=64 time=0.079 ms 64 bytes from 192.168.94.111: icmp_seq=3 ttl=64 time=0.038 ms 64 bytes from 192.168.94.111: icmp_seq=4 ttl=64 time=0.039 ms ^C --- 192.168.94.111 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.038/0.084/0.180/0.057 ms [root@Docker ~]# docker exec -it test5 /bin/bash #进入容器 [root@de41157b70f3 /]# ping www.baidu.com #能连接外网 PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data. 64 bytes from 61.135.169.125 (61.135.169.125): icmp_seq=1 ttl=128 time=5.14 ms 64 bytes from 61.135.169.125 (61.135.169.125): icmp_seq=2 ttl=128 time=8.18 ms ^C --- www.a.shifen.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 5.144/6.662/8.180/1.518 ms
通过windows宿主机ping虚拟机中的容器进程IP进行测试
外部机器访问虚拟机中的容器进程也可以联通了
Docker的镜像制作
Dockerfile常用指令介绍
| 指令 | 描述 |
|---|---|
| FROM | 构建的新镜像是基于哪个镜像。例如:FROM centos:6 |
| MAINTAINER | 镜像维护者姓名或邮箱地址。例如:MAINTAINER damowang |
| RUN | 构建镜像时运行的Shell命令。例如:RUN ["yum","install","httpd"] |
| 或者RUN yum install httpd | |
| CMD | 运行容器时执行的Shell命令(可以被运行时传递的参数覆盖)。例如:CMD ["-c","/start.sh"] |
| 或者CMD ["/usr/sbin/sshd","-D"]或者CMD /usr/sbin/sshd -D | |
| EXPOSE | 声明容器运行的服务端口。例如:EXPOSE 80 443 |
| ENV | 设置容器内环境变量。例如:ENV MYSQL_ROOT_PASSWORD 123456 |
| ADD | 拷贝文件或目录到镜像(可以自动解压缩或者下载) |
| 例如:ADD ["src","dest"]或者ADD https://xxx.com/html.tar.gz /var/www/html | |
| 或者:ADD html.tar.gz /var/www/html | |
| COPY | 拷贝文件或目录到镜像(不能自动解压缩)。例如:COPY ./start.sh /start.sh |
| ENTRYPOINT | 运行容器时执行的Shell命令(不能被运行时传递的参数覆盖)。例如:ENTRYPOINT ["/bin/bash","-c","/start.sh"] |
| 或者ENTRYPOINT /bin/bash -c "/start.sh" | |
| VOLUME | 指定容器挂载点到宿主机自动生成的目录或其他容器 |
| 例如:VOLUME ["/var/lib/mysql"] | |
| USER | 为RUN,CMD和ENTRYPOINT执行命令指定运行用户 |
| 例如:USER Mr_chen | |
| WORKDIR | 为RUN,CMD,ENTRYPOINT,COPY和ADD设置工作目录(指定进入容器中默认被切换的目录)。 |
| 例如:WORKDIR /data | |
| HEALTHCHECK | 健康检查。例如:HEALTHCHECK --interval=5m --timeout=3s --retries=3 |
| CMD curl -f http://localhost/ || exit 1 | |
| ARG | 在构建镜像时指定一些参数。例如:ARG user |
利用Dockerfile编写简单的apache镜像
[root@Docker ~]# mkdir -p dockerfile/lib/centos/apache/ [root@Docker ~]# cd dockerfile/lib/centos/apache/ [root@Docker ~]# vim Dockerfile
FROM centos MAINTAINER bigdevilking@qq.com damowang ENV HOSTNAME 1 EXPOSE 80 RUN yum -y install \ gcc \ gcc-c++ \ make \ pcre-devel \ expat-devel \ perl \ httpd CMD ["/usr/sbin//httpd", "-D", "FOREGROUND"]
使用docker build 命令生成镜像
[root@Docker apache]# docker build -t http_centos . Sending build context to Docker daemon 25.84MB Step 1/6 : FROM centos ---> 49f7960eb7e4 Step 2/6 : MAINTAINER bigdevilking@qq.com damowang ---> Running in 73b5aa3cba31 Removing intermediate container 73b5aa3cba31 ---> 876352ef8381 Step 3/6 : ENV HOSTNAME 1 ---> Running in 489f77303562 Removing intermediate container 489f77303562 ---> 38b7f73b9d82 Step 4/6 : EXPOSE 80 ---> Running in 623923d8bc21 Removing intermediate container 623923d8bc21 ---> e13ada6e456c Step 5/6 : RUN yum -y install gcc gcc-c++ make pcre-devel expat-devel perl httpd ---> Running in be9ac15b22d7 Removing intermediate container be9ac15b22d7 ---> de7ad88f991b Step 6/6 : CMD ["/usr/sbin//httpd", "-D", "FOREGROUND"] ---> Running in 9888e075c0fd Removing intermediate container 9888e075c0fd ---> b6469502626f Successfully built b6469502626f Successfully tagged http_centos:latest
[root@Docker apache]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE http_centos latest b6469502626f 21 seconds ago 427MB nginx latest 8b89e48b5f15 2 days ago 109MB mysql 5.7 c356247174ed 2 days ago 372MB richarvey/nginx-php-fpm latest 26c0e6f09c52 13 days ago 300MB centos 7 49f7960eb7e4 6 weeks ago 200MB centos latest 49f7960eb7e4 6 weeks ago 200MB [root@Docker apache]# docker run -d -it -p 80:80 b6469502626f 9f3d292c712ba8447e2463300352d8f8bd636e63607016210a533dbf926d3264 [root@Docker apache]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9f3d292c712b b6469502626f "/usr/sbin//httpd -D…" 5 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp stupefied_blackwell [root@Docker apache]# docker run -d -it -p 80:80 b6469502626f 9f3d292c712ba8447e2463300352d8f8bd636e63607016210a533dbf926d3264
测试
--求知若饥 虚心若愚
