docker学习与实践

1.docker简介和KVM区别
　　

2.引入docker

Docker快速入门
http://blog.oldboyedu.com/docker-quick-start/
　　

3.docker快速入门实践

DOCKER容器的使用
http://blog.oldboyedu.com/docker-instruction/

安装docker：
[root@linux-node1 ~]# yum -y remove docker
[root@linux-node1 ~]# yum install -y docker

启动docker：
[root@linux-node1 ~]# systemctl start docker
加入开机自启动：
[root@linux-node1 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
查看状态：
[root@linux-node1 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-03-28 16:04:24 CST; 35s ago

查看docker版本信息：
[root@linux-node01 ~]# docker version
Client: //docker客户端版本信息
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-71.git3e8e77d.el7.centos.1.x86_64
Go version: go1.8.3
Git commit: 3e8e77d/1.12.6
Built: Tue Jan 30 09:17:00 2018
OS/Arch: linux/amd64

Server: //docker服务端版本信息
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-71.git3e8e77d.el7.centos.1.x86_64
Go version: go1.8.3
Git commit: 3e8e77d/1.12.6
Built: Tue Jan 30 09:17:00 2018
OS/Arch: linux/amd64

产生一个docker0的网桥：
[root@linux-node1 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:7d:04:8a:73 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
查看镜像仓库：
[root@linux-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE

下载镜像：
[root@linux-node1 ~]# docker pull docker.io/centos
或者本地导入：
[root@linux-node1 opt]# docker load --input centos.tar
[root@linux-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB

导出镜像：
[root@linux-node1 opt]# docker save -o centos.tar centos
[root@linux-node1 opt]# ll -h
total 195M
-rw------- 1 root root 195M Mar 28 16:47 centos.tar
删除该镜像：
[root@linux-node1 ~]# docker rmi 2d194b392dd1
注意：若该镜像已经创建了容器则无法被删除。

方式一：
启动一个容器并运行命令：
[root@linux-node1 ~]# docker run centos /bin/echo 'hello docker!'
hello docker!
查看所有的容器状态信息，无论运行与否：
[root@linux-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
76063c8fac01 centos "/bin/echo 'hello ..." 52 seconds ago Exited (0) 51 seconds ago practical_mccarthy
查看正在运行的容器：
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

启动建立一个docker容器并指定名字，-t分配伪终端，-i让docker的标准输入打开，镜像名称，命令。
[root@linux-node1 ~]# docker run --name mydocker -t -i centos /bin/bash
[root@3ebf40701229 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@3ebf40701229 /]# uname -a
Linux 3ebf40701229 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@3ebf40701229 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.0 11776 1872 ? Ss 09:05 0:00 /bin/bash
root 16 0.0 0.0 47448 1660 ? R+ 09:05 0:00 ps aux
这个容器是为该进程做隔离使用；虚拟机是给其操作系统做隔离使用。所以不一样！

[root@3ebf40701229 /]# df -h //使用的物理机的。
Filesystem Size Used Avail Use% Mounted on
overlay 14G 2.0G 12G 15% /
tmpfs 993M 0 993M 0% /dev
tmpfs 993M 0 993M 0% /sys/fs/cgroup
/dev/sda3 14G 2.0G 12G 15% /etc/hosts
shm 64M 0 64M 0% /dev/shm
tmpfs 993M 0 993M 0% /proc/scsi
tmpfs 993M 0 993M 0% /sys/firmware
[root@3ebf40701229 /]# exit
exit

[root@linux-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ebf40701229 centos "/bin/bash" 23 minutes ago Exited (0) 47 seconds ago mydocker
76063c8fac01 centos "/bin/echo 'hello ..." 29 minutes ago Exited (0) 29 minutes ago practical_mccarthy
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@linux-node1 ~]# docker start mydocker
mydocker
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ebf40701229 centos "/bin/bash" 25 minutes ago Up 2 seconds mydocker

[root@linux-node1 ~]# docker attach mydocker
[root@3ebf40701229 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@3ebf40701229 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11776 1868 ? Ss 09:30 0:00 /bin/bash
root 14 0.0 0.0 47448 1664 ? R+ 09:35 0:00 ps aux
[root@3ebf40701229 /]# exit
exit
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
貌似不靠谱！

方式二：
[root@linux-node1 ~]# docker --help^C
[root@linux-node1 ~]# docker inspect --help
[root@linux-node1 ~]# docker inspect -f "{{ .State.Pid }}" mydocker
0
启动后查看pid号：
[root@linux-node1 ~]# docker start mydocker
mydocker
[root@linux-node1 ~]# docker inspect -f "{{ .State.Pid }}" mydocker
16880
[root@linux-node1 ~]# nsenter --help ^C
进入该命名空间，分配了-bash，退出后该容器不会终止。
[root@linux-node1 ~]# nsenter -t 16880 -m -u -i -n -p
[root@3ebf40701229 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@3ebf40701229 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11776 1664 ? Ss+ 09:50 0:00 /bin/bash
root 13 0.0 0.0 15208 2008 ? S 09:55 0:00 -bash
root 27 0.0 0.0 50880 1804 ? R+ 09:55 0:00 ps aux
[root@3ebf40701229 /]# exit
logout
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ebf40701229 centos "/bin/bash" 52 minutes ago Up 7 minutes mydocker

归纳成脚本，利用脚本快速进入容器，退出后该容器不会被退出：
[root@linux-node1 ~]# cat docker_in.sh
#!/bin/bash
#Use nsenter to access docker

docker_in(){
NAME_ID=$1
PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1
[root@linux-node1 ~]# chmod +x docker_in.sh
[root@linux-node1 ~]# ./docker_in.sh mydocker //名称或ID都行
[root@3ebf40701229 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@3ebf40701229 /]# exit
logout
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ebf40701229 centos "/bin/bash" About an hour ago Up 16 seconds mydocker

停止容器：
[root@linux-node1 ~]# docker stop mydocker
mydocker
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

方式三：
不想进入容器但是想让它执行命令：
[root@linux-node1 ~]# docker exec mydocker whoami
root
[root@linux-node1 ~]# docker exec mydocker ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11776 1664 ? Ss+ 10:09 0:00 /bin/bash
root 31 0.0 0.0 47448 1668 ? Rs 10:14 0:00 ps aux
也可以进去执行，退出后该容器不会被退出：
[root@linux-node1 ~]# docker exec -t -i mydocker /bin/bash
[root@3ebf40701229 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@3ebf40701229 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11776 1664 ? Ss+ 10:09 0:00 /bin/bash
root 35 0.0 0.0 11776 1872 ? Ss 10:15 0:00 /bin/bash
root 48 0.0 0.0 47448 1664 ? R+ 10:15 0:00 ps aux
[root@3ebf40701229 /]# exit
exit
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ebf40701229 centos "/bin/bash" About an hour ago Up 8 minutes mydocker
不推荐，可能会出现莫名的问题！

删除容器：
[root@linux-node1 ~]# docker rm mydocker
Error response from daemon: You cannot remove a running container 3ebf40701229755a9245da6b93fc135ab0695a5ac9c4707d4472cd5e2767bf18. Stop the container before attempting removal or use -f
删除镜像：
[root@linux-node1 ~]# docker rmi mydocker

该容器运行完后被删除：
[root@linux-node1 ~]# docker run --rm centos /bin/echo "hehe"
hehe
[root@linux-node1 ~]# docker ps -a

搜索下载nginx：
[root@linux-node1 ~]# docker search nginx
[root@linux-node1 opt]# docker pull docker.io/nginx
或者将已有的导入：
[root@linux-node1 opt]# docker load <nginx.tar
[root@linux-node1 opt]# docker save -o nginx.tar nginx
[root@linux-node1 opt]# ll -h
total 302M
-rw------- 1 root root 195M Mar 28 16:47 centos.tar
-rw------- 1 root root 108M Mar 28 18:39 nginx.tar
[root@linux-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 7f70b30f2cc6 6 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB

后台启动运行nginx服务：
[root@linux-node1 ~]# docker run -d nginx
28accd86ff39123831754310dccbc15fefdf5f8ecf69a37c430af5f6b1347a5c
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
28accd86ff39 nginx "nginx -g 'daemon ..." 15 seconds ago Up 14 seconds 80/tcp goofy_snyder
3ebf40701229 centos "/bin/bash" About an hour ago Up 39 minutes mydocker

4.docker改变了什么
　　
面向产品：产品交付
面向开发：简化环境配置
面向测试：多版本测试
面向运维：环境一致性
面向架构：自动化扩容(微服务)

5.docker网络访问
自动创建一个网桥docker0：
[root@linux-node1 ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:7dff:fe04:8a73 prefixlen 64 scopeid 0x20<link>
ether 02:42:7d:04:8a:73 txqueuelen 0 (Ethernet)
RX packets 45 bytes 3048 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 258 (258.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@linux-node01 ~]# brctl show //通过桥接方式
bridge name bridge id STP enabled interfaces
docker0 8000.024298817acb no vethd24abeb
virbr0 8000.52540052e66e yes virbr0-nic

　　
将nginx运行在后台：
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@linux-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 7f70b30f2cc6 7 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB
方式一：随机映射
[root@linux-node1 ~]# docker run -d -P nginx
7c95c945f30de16c7eb35788b9f3e150a4644c6ef7f5383c762ec2cb0eb93059
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7c95c945f30d nginx "nginx -g 'daemon ..." 3 seconds ago Up 2 seconds 0.0.0.0:4000->80/tcp goofy_mestorf
说明：帮你将本地的4000端口映射容器的80端口。
输入：http://10.0.0.80:4000/
显示Welcome to nginx!

[root@linux-node1 ~]# netstat -lntup|grep docker
tcp6 0 0 :::4000 :::* LISTEN 23820/docker-proxy-
[root@linux-node1 ~]# iptables -t nat -vnL
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
3 156 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4000 to:172.17.0.2:80

[root@linux-node1 ~]# ./docker_in.sh 7c95c945f30d
mesg: ttyname failed: No such file or directory
root@7c95c945f30d:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@7c95c945f30d:/# ps aux
-bash: ps: command not found
root@7c95c945f30d:/# exit
logout
查看该容器日志：
[root@linux-node1 ~]# docker logs 7c95c945f30d
10.0.0.253 - - [29/Mar/2018:01:17:19 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" "-"

方式二：指定映射端口访问。
[root@linux-node1 ~]# docker run -d -p 10.0.0.80:81:80 --name mynginx1 nginx
269e9da6c93c85280f87d62b127ef741b5a2b26a76b5723c8d73b705ab71e238
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
269e9da6c93c nginx "nginx -g 'daemon ..." 4 seconds ago Up 3 seconds 10.0.0.80:81->80/tcp mynginx1
输入：http://10.0.0.80:81/
显示Welcome to nginx!

单独显示端口映射关系：
[root@linux-node1 ~]# docker port mynginx1
80/tcp -> 10.0.0.80:81

6.docker数据管理
　　
　　
（1）数据卷：
方式一：
后台启动运行一个容器并-v参数指定挂载一个数据卷，挂载到物理机某处下。
[root@linux-node1 ~]# docker run -d --name nginx-volume-test1 -v /data nginx
e3180f48f274926974c023aaef66f57fc4d14718da145773f5e7beb11d061723
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3180f48f274 nginx "nginx -g 'daemon ..." 2 seconds ago Up 1 second 80/tcp nginx-volume-test1
[root@linux-node1 ~]# ./docker_in.sh nginx-volume-test1
mesg: ttyname failed: No such file or directory
root@e3180f48f274:/# ls
bin boot data dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@9ff6561a492e:/# mount
root@e3180f48f274:/# ls /data/

查找挂载的目录：
[root@linux-node1 ~]# docker inspect -f {{.Mounts}} nginx-volume-test1
[{volume 1496d36c3d1b2411a84c0b843b9d2360a3c33f123069fe47d27eb1b53dcc9133 /var/lib/docker/volumes/1496d36c3d1b2411a84c0b843b9d2360a3c33f123069fe47d27eb1b53dcc9133/_data /data local true }]
[root@linux-node1 ~]# cd /var/lib/docker/volumes/1496d36c3d1b2411a84c0b843b9d2360a3c33f123069fe47d27eb1b53dcc9133/_data/
[root@linux-node1 _data]# ls
[root@linux-node1 _data]# pwd
/var/lib/docker/volumes/1496d36c3d1b2411a84c0b843b9d2360a3c33f123069fe47d27eb1b53dcc9133/_data

测试：
[root@linux-node1 _data]# touch test.c hehe.txt
[root@linux-node1 _data]# ls
hehe.txt test.c
root@e3180f48f274:/# ls /data/
hehe.txt test.c
root@e3180f48f274:/# exit
logout

方式二：
[root@linux-node1 ~]# mkdir -p /data/docker-volume-nginx
[root@linux-node1 ~]# docker run -d --name nginx-volume-test2 -v /data/docker-volume-nginx/:/data nginx
70cb486098a15d40f3ffab9d2328c071a2af731d1e09ac7ab3b6fd0ba599144e
[root@linux-node1 ~]# ./docker_in.sh nginx-volume-test2
mesg: ttyname failed: No such file or directory
root@70cb486098a1:/# ls
bin boot data dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@70cb486098a1:/# ls /data/

测试：
[root@linux-node1 _data]# cd /data/docker-volume-nginx/
[root@linux-node1 docker-volume-nginx]# touch test2.c
root@70cb486098a1:/# ls /data/
test2.c
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
70cb486098a1 nginx "nginx -g 'daemon ..." 5 minutes ago Up 5 minutes 80/tcp nginx-volume-test2
e3180f48f274 nginx "nginx -g 'daemon ..." 21 minutes ago Up 21 minutes 80/tcp nginx-volume-test1

可以挂载文件：
[root@linux-node1 ~]# docker run --rm -i -t -v /root/.bash_history:/.mybash_history nginx /bin/bash
root@b3ab50f4379a:/# ls -a
. .dockerenv bin dev home lib64 mnt proc run srv tmp var
.. .mybash_history boot etc lib media opt root sbin sys usr
root@b3ab50f4379a:/# exit
exit

（2）数据卷容器：可以让一个容器访问另一个启起的容器(无论是否运行)的卷。
例如：实现数据在若干容器中共享，类似NFS功能。
[root@linux-node1 ~]# docker run -i -t --name volume-test3 --volumes-from nginx-volume-test2 centos /bin/bash
[root@7577e290f608 /]# ls
anaconda-post.log bin data dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@7577e290f608 /]# ls /data/
test2.c
[root@7577e290f608 /]# exit
exit

测试：
[root@linux-node1 docker-volume-nginx]# mkdir 222
[root@linux-node1 docker-volume-nginx]# ls
222 test2.c
[root@7577e290f608 /]# ls /data/
222 test2.c

说明：终止nginx-volume-test2后还可继续访问volume-test3的数据。

[root@linux-node1 ~]# docker run -d --name nfs-volume -v /data/nfs-data:/data centos /bin/bash
7b9f163f6f89430df69821eda1af965a5b4a5b387fbaab54677bb68457773106
[root@linux-node1 ~]# docker ps
//执行完立即退出。
[root@linux-node1 ~]# docker run -d --name nfs-test -v /data/nfs-data:/data nginx
0612ed1be59f767a5135d466070cc4525c4181aa228a8453164f7a04b26b2111
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0612ed1be59f nginx "nginx -g 'daemon ..." 6 seconds ago Up 5 seconds 80/tcp nfs-test
//有进程执行才会一直存在。

[root@linux-node1 ~]# mkdir -p /data/nfs-data
[root@linux-node1 ~]# docker run -i -t --volumes-from nfs-test centos /bin/bash
[root@3834aff58f17 /]# cd /data/
[root@3834aff58f17 data]# ls

测试：
[root@linux-node1 ~]# cd /data/nfs-data/
[root@linux-node1 nfs-data]# touch test3.txt

[root@3834aff58f17 data]# ls
test3.txt

7.docker镜像构建和dockerfile（重点）
　　
杀掉所有正在运行的容器（尽量测试环境）：
[root@linux-node1 ~]# docker kill $(docker ps -q)
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
删除所有的容器：
[root@linux-node1 ~]# docker rm $(docker ps -a -q)
[root@linux-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@linux-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 7f70b30f2cc6 7 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB

生产中需要做自己的镜像，以官方提供的系统镜像为基础来构建符合自己业务的镜像。比如自己做一个nginx镜像。
想要该容器一直运行，里面的进程就不能中断。
方式一：手动制作构建镜像，进去容器直接yum安装需要的软件，这里是nginx。
a.
[root@linux-node1 ~]# docker run --name mynginx -i -t centos
[root@45cfaca427e8 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
安装epel源：
[root@45cfaca427e8 /]# rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
安装nginx软件：
[root@45cfaca427e8 /]# yum install -y nginx
说明：https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
[root@45cfaca427e8 /]# yum install -y vim

[root@45cfaca427e8 /]# vim /etc/nginx/nginx.conf
nginx默认是守护进程启动的，需要启动到前台模式，需添加：daemon off;
[root@45cfaca427e8 /]# exit
exit
[root@linux-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45cfaca427e8 centos "/bin/bash" 15 minutes ago Exited (0) 2 minutes ago mynginx

将制作好的镜像45cfaca427e8提交、推送到本地仓库：
[root@linux-node1 ~]# docker commit -m "My Nginx" 45cfaca427e8 oldboy/mynginx:v1
说明：-m参数表示描述，oldboy是仓库名称，mynginx是镜像名称，打标签v1。镜像大小变大了！
sha256:88b17e9218ff7949fc3959df9daf7d20fb08e5d3265ecf3e934973ee44bd3c08
[root@linux-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/mynginx v1 88b17e9218ff 32 seconds ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 7 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB

b.启动该镜像运行的容器，指定名称为mynginxv1：
[root@linux-node1 ~]# docker run --name mynginxv1 -d -p 81:80 oldboy/mynginx:v1 nginx
说明：启动的命令这里是nginx。
3a858800becad84bc56684dc0a5ecb1c440253c16283fe04fdd9479659ed265d
[root@linux-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a858800beca oldboy/mynginx:v1 "nginx" 5 seconds ago Up 4 seconds 0.0.0.0:81->80/tcp mynginxv1
45cfaca427e8 centos "/bin/bash" 22 minutes ago Exited (0) 10 minutes ago mynginx

输入：http://10.0.0.80:81/
显示Welcome to nginx on Fedora!
　　

可以进去该镜像查看日志等内容：
[root@linux-node1 ~]# docker logs mynginxv1 //该方式不对
[root@linux-node1 ~]# ./docker_in.sh mynginxv1
[root@3a858800beca /]# cd /var/log/nginx/
[root@3a858800beca nginx]# ls
access.log error.log
[root@3a858800beca nginx]# cat access.log
10.0.0.253 - - [29/Mar/2018:08:06:07 +0000] "GET / HTTP/1.1" 200 3700 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" "-"
10.0.0.253 - - [29/Mar/2018:08:06:07 +0000] "GET /nginx-logo.png HTTP/1.1" 200 368 "http://10.0.0.80:81/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" "-"
10.0.0.253 - - [29/Mar/2018:08:06:07 +0000] "GET /poweredby.png HTTP/1.1" 200 2811 "http://10.0.0.80:81/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" "-"
[root@3a858800beca nginx]# exit
logout
//好了，生产就是这样搞啦！

方式二：利用Dockerfile方式来快速构建docker镜像。
一行命令和语句组成的。
[root@linux-node1 nginx]# cat Dockerfile
#Dockerfile
#Base image
FROM centos
#Maintainer维护信息
MAINTAINER crmn xxx@qq.com
#Commands
RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
RUN yum install -y nginx && yum clean all
RUN echo "daemon off" >>/etc/nginx/nginx.conf
ADD index.html /usr/share/nginx/html/index.html
EXPOSE 80 #对外端口是80
CMD ["nginx"] #启动命令是nginx
[root@linux-node1 nginx]# echo "hello docker,welcome to join us">index.html
[root@linux-node1 nginx]# ll
total 8
-rw-r--r-- 1 root root 310 Mar 29 16:42 Dockerfile
-rw-r--r-- 1 root root 32 Mar 29 16:44 index.html

a.在当前目录下一键构建镜像mynginx:v2，没有的话会pull下载下来。
[root@linux-node1 nginx]# docker build -t mynginx:v2 .
Successfully built 0c2957cf84f1
[root@linux-node1 nginx]# echo $?
0
[root@linux-node1 nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mynginx v2 0c2957cf84f1 About a minute ago 286 MB //目标镜像
oldboy/mynginx v1 88b17e9218ff 52 minutes ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 7 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB
b.启动该镜像运行的容器，指定名称为mynginxv2：
[root@linux-node1 nginx]# docker run --name mynginxv2 -d -p 82:80 mynginx:v2
902b7a8743a1b25bb52d7d738f94bd4edbbac603d8b015675671907fcd406807

输入：http://10.0.0.80:82/
显示indec.html的内容，
测试成功！

　　
生产环境中注意Dockerfile怎么编写和docker镜像的规划。

8.docker生产实践
　　
（一）基础镜像为centos：
（1）例如制作写一个centos且不启动ssh的一个基础镜像，使用epel源。
[root@linux-node1 docker]# tree
.
├── app
│   ├── xxx-admin
│   └── xxx-api
├── runtime
│   ├── java
│   ├── php
│   └── python
└── system
├── centos
├── centos-ssh
└── ubuntu

https://mirrors.aliyun.com/repo/epel-7.repo

下载epel源：
[root@linux-node1 centos]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
[root@linux-node1 centos]# mv /etc/yum.repos.d/epel.repo .
[root@linux-node1 centos]# ll
total 4
-rw-r--r-- 1 root root 1084 Nov 21 2014 epel.repo

写一个Dockerfile：
[root@linux-node1 centos]# cat Dockerfile
#Docker for centos
#Base images
FROM centos
#who
MAINTAINER crmn xxx.@qq.com
#EPEL
ADD epel.repo /etc/yum.repos.d/
#Base pkg
RUN yum install -y wget mysql-devel supervisor git redis tree net-tools sudo psmisc && yum clean all

一键制作（构建）名为oldboy/centos的镜像：
[root@linux-node1 centos]# docker build -t oldboy/centos:base .
Successfully built 213b5013eaee
[root@linux-node1 centos]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/centos base 213b5013eaee 25 seconds ago 287 MB //目标镜像
mynginx v2 0c2957cf84f1 3 hours ago 286 MB
oldboy/mynginx v1 88b17e9218ff 4 hours ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 7 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB

（2）可以在此基础上创建运行环境，比如创建python这个运行环境：
[root@linux-node1 python]# vim Dockerfile
[root@linux-node1 python]# cat Dockerfile
#Base image
FROM oldboy/centos:base
#Maintainer
MAINTAINER crmn xxx@qq.com
#Python env
RUN yum install -y python-devel python-pip supervisor
#Upgrade pip
RUN pip install --upgrade pip

一键制作名为oldboy/python的镜像：
[root@linux-node1 python]# docker build -t oldboy/python .
[root@linux-node1 python]# echo $?
0
[root@linux-node1 python]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/python latest b355734f508c 2 minutes ago 444 MB //目标镜像
oldboy/centos base 213b5013eaee 21 minutes ago 287 MB
mynginx v2 0c2957cf84f1 3 hours ago 286 MB
oldboy/mynginx v1 88b17e9218ff 4 hours ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 7 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB
有时候联网失败也会报错！

使用supervisor管理进程
https://www.cnblogs.com/luxiaoxun/p/7514428.html
比如管理memcached服务。

下载epel源：
[root@linux-node1 ~]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
下载安装supervisor进程管理工具来管理其他多个进程：
[root@linux-node1 ~]# yum install -y supervisor
检查是否安装成功：
[root@linux-node1 python]# rpm -qa supervisor
supervisor-3.1.4-1.el7.noarch
查看配置文件：
[root@linux-node1 python]# ll /etc/supervisord.
supervisord.conf supervisord.d/
[root@linux-node1 python]# ll /etc/supervisord.d/
total 0
[root@linux-node1 ~]# tail -2 /etc/supervisord.conf
[include]
files = supervisord.d/*.ini

（二）基础镜像为centos-ssh：
（1）可以构建带有ssh功能的名为centos-ssh的镜像：
[root@linux-node1 centos-ssh]# cp ../centos/Dockerfile .
[root@linux-node1 centos-ssh]# cp ../centos/epel.repo .
[root@linux-node1 centos-ssh]# vim Dockerfile
[root@linux-node1 centos-ssh]# cat Dockerfile
#Docker for centos
#Base images
FROM centos
#who
MAINTAINER crmn xxx.@qq.com
#EPEL
ADD epel.repo /etc/yum.repos.d/
#Base pkg
RUN yum install -y openssl-devel openssh-server openssh-clients wget mysql-devel supervisor git redis tree net-tools sudo psmisc && yum clean all
#For sshd
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN echo "root:oldboy" |chpasswd

[root@linux-node1 centos-ssh]# docker build -t oldboy/centos-ssh .
[root@linux-node1 centos-ssh]# echo $?
0
[root@linux-node1 centos-ssh]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/centos-ssh latest 26c40f0d8733 About a minute ago 288 MB //目标镜像
oldboy/python latest b355734f508c 17 minutes ago 444 MB
oldboy/centos base 213b5013eaee 36 minutes ago 287 MB
mynginx v2 0c2957cf84f1 4 hours ago 286 MB
oldboy/mynginx v1 88b17e9218ff 5 hours ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 7 days ago 109 MB
docker.io/centos latest 2d194b392dd1 3 weeks ago 195 MB

（2）在centos-ssh基础上构建名为python-ssh的镜像：
[root@linux-node1 runtime]# pwd
/root/docker/runtime
[root@linux-node1 runtime]# ll
total 0
drwxr-xr-x 2 root root 6 Mar 29 17:55 java
drwxr-xr-x 2 root root 6 Mar 29 17:55 php
drwxr-xr-x 2 root root 24 Apr 14 20:48 python
[root@linux-node1 runtime]# cp -r python/ python-ssh
[root@linux-node1 python-ssh]# vim Dockerfile
[root@linux-node1 python-ssh]# cat Dockerfile
#Base image
FROM oldboy/centos-ssh
#Maintainer
MAINTAINER crmn xxx@qq.com
#Python env
RUN yum install -y python-devel python-pip supervisor
#Upgrade pip
RUN pip install --upgrade pip
[root@linux-node1 python-ssh]# echo $?
0
[root@linux-node1 python-ssh]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/python-ssh latest 42ffd40381a9 17 seconds ago 445 MB //目标镜像
oldboy/centos-ssh latest 26c40f0d8733 2 weeks ago 288 MB
oldboy/python latest b355734f508c 2 weeks ago 444 MB
oldboy/centos base 213b5013eaee 2 weeks ago 287 MB
mynginx v2 0c2957cf84f1 2 weeks ago 286 MB
oldboy/mynginx v1 88b17e9218ff 2 weeks ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 3 weeks ago 109 MB
docker.io/centos latest 2d194b392dd1 5 weeks ago 195 MB

https://docs.docker.com/compose/

Get started with Docker Compose：
修改后：
from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello():
return 'Hello World! \n'

if __name__ == "__main__":
app.run(host="0.0.0.0", debug=True)

[root@linux-node1 app]# ll
total 0
drwxr-xr-x 2 root root 6 Mar 29 17:56 xxx-admin
drwxr-xr-x 2 root root 6 Mar 29 17:56 xxx-api
[root@linux-node1 app]# mkdir shop-api
[root@linux-node1 app]# cd shop-api
[root@linux-node1 shop-api]# vim app.py
[root@linux-node1 shop-api]# cat app.py
from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello():
return 'Hello World! \n'

if __name__ == "__main__":
app.run(host="0.0.0.0", debug=True)
注意：要确保本地跑都没问题，再封装到容器中。
[root@linux-node1 shop-api]# pip install flask
-bash: pip: command not found
[root@linux-node1 shop-api]# yum install -y python-pip

[root@linux-node1 shop-api]# pip install flask

启动app：
[root@linux-node1 shop-api]# python app.py
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
* Restarting with stat
* Debugger is active!
* Debugger PIN: 192-040-035

网页输入：http://10.0.0.80:5000/
显示：Hello World!
表示成功！

要符合标准开发的模式：
加依赖：
[root@linux-node1 shop-api]# cat requirements.txt
flask
[root@linux-node1 shop-api]# pwd
/root/docker/app/shop-api
[root@linux-node1 shop-api]# ll
total 8
-rw-r--r-- 1 root root 173 Apr 14 21:24 app.py
-rw-r--r-- 1 root root 6 Apr 14 21:32 requirements.txt

配置Dockerfile：
[root@linux-node1 shop-api]# cp /root/docker/runtime/python-ssh/Dockerfile .
[root@linux-node1 shop-api]# vim Dockerfile
[root@linux-node1 shop-api]# cat Dockerfile
#Base image
FROM oldboy/python-ssh
#Maintainer
MAINTAINER crmn xxx@qq.com
#Add www user
RUN useradd -s /sbin/nologin -M www
#ADD files
ADD app.py /opt/app.py
ADD requirements.txt /opt/
ADD supervisord.conf /etc/supervisord.conf
ADD app-supervisor.ini /etc/supervisord.d/
#pip
RUN /usr/bin/pip2.7 install -r /opt/requirements.txt
#Port
EXPOSE 22 5000
#CMD
CMD ["/usr/bin/supervisord","-c","/etc/supervisord.conf" ]

[root@linux-node1 shop-api]# ll
total 12
-rw-r--r-- 1 root root 173 Apr 14 21:24 app.py
-rw-r--r-- 1 root root 165 Apr 14 21:39 Dockerfile
-rw-r--r-- 1 root root 6 Apr 14 21:32 requirements.txt

supervisor配置的ini文件：
supervsor至少启动两个进程，这里是shop-api和sshd。
[root@linux-node1 shop-api]# cat app-supervisor.ini
[program:shop-api]
command=/usr/bin/python2.7 /opt/app.py
process_name=%(program_name)s
autostart=true
user=www
stdout_logfile=/tmp/app.log
stderr_logfile=/tmp/app.error

[program:sshd]
command=/usr/sbin/sshd -D
process_name=%(program_name)s
autostart=true
[root@linux-node1 shop-api]# ll
total 16
-rw-r--r-- 1 root root 173 Apr 14 21:24 app.py
-rw-r--r-- 1 root root 257 Apr 14 21:58 app-supervisor.ini
-rw-r--r-- 1 root root 336 Apr 14 21:50 Dockerfile
-rw-r--r-- 1 root root 6 Apr 14 21:32 requirements.txt
[root@linux-node1 shop-api]# cp /etc/supervisord.conf .
[root@linux-node1 shop-api]# ll
total 24
-rw-r--r-- 1 root root 173 Apr 14 21:24 app.py
-rw-r--r-- 1 root root 257 Apr 14 21:58 app-supervisor.ini
-rw-r--r-- 1 root root 416 Apr 14 22:06 Dockerfile
-rw-r--r-- 1 root root 6 Apr 14 21:32 requirements.txt
-rw-r--r-- 1 root root 7953 Apr 14 22:10 supervisord.conf
构建：
[root@linux-node1 shop-api]# docker build -t oldboy/shop-api .
Sending build context to Docker daemon 13.82 kB
Step 1/10 : FROM oldboy/python-ssh
---> 42ffd40381a9
Step 2/10 : MAINTAINER crmn xxx@qq.com
---> Using cache
---> 4adb15418e89
Step 3/10 : RUN useradd -s /sbin/nologin -M www
---> Using cache
---> 2a96ce5ac86c
Step 4/10 : ADD app.py /opt/app.py
---> Using cache
---> 79ec4af6f633
Step 5/10 : ADD requirements.txt /opt/
---> Using cache
---> d182b6dc05de
Step 6/10 : ADD supervisord.conf /etc/supervisord.conf
---> 0666dc81760e
Removing intermediate container 438a1028cea4
Step 7/10 : ADD app-supervisor.ini /etc/supervisord.d/
---> ae4b72b4328c
Removing intermediate container 40c8b7927cbe
Step 8/10 : RUN /usr/bin/pip2.7 install -r /opt/requirements.txt
---> Running in 0f7f2a62b161

[root@linux-node1 shop-api]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/shop-api latest 6ab8a9b680b3 2 minutes ago 450 MB //目标镜像
oldboy/python-ssh latest 42ffd40381a9 57 minutes ago 445 MB
oldboy/centos-ssh latest 26c40f0d8733 2 weeks ago 288 MB
oldboy/python latest b355734f508c 2 weeks ago 444 MB
oldboy/centos base 213b5013eaee 2 weeks ago 287 MB
mynginx v2 0c2957cf84f1 2 weeks ago 286 MB
oldboy/mynginx v1 88b17e9218ff 2 weeks ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 3 weeks ago 109 MB
docker.io/centos latest 2d194b392dd1 5 weeks ago 195 MB

启动该shop-api镜像：
[root@linux-node1 shop-api]# docker run --name shop-api -d -p 88:5000 -p 8022:22 oldboy/shop-api
af2232211e0b9156eda13b5afeae921469eebd3401c9d908d6532d39942ec636
[root@linux-node1 shop-api]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a858800beca oldboy/mynginx:v1 "nginx" 2 weeks ago Up 2 weeks 0.0.0.0:81->80/tcp mynginxv1
[root@linux-node1 shop-api]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af2232211e0b oldboy/shop-api "/usr/bin/supervis..." 15 seconds ago Exited (0) 12 seconds ago shop-api
902b7a8743a1 mynginx:v2 "nginx" 2 weeks ago Exited (1) 2 weeks ago mynginxv2
3a858800beca oldboy/mynginx:v1 "nginx" 2 weeks ago Up 2 weeks 0.0.0.0:81->80/tcp mynginxv1
45cfaca427e8 centos "/bin/bash" 2 weeks ago Exited (0) 2 weeks ago mynginx

启动失败！
[root@linux-node1 shop-api]# ll /etc/supervisord.d/
total 4
-rw-r--r-- 1 root root 257 Apr 14 22:22 app-supervisor.ini
[root@linux-node1 shop-api]# supervisord -c /etc/supervisord.conf
Error: Invalid user name www
For help, use /usr/bin/supervisord -h
[root@linux-node1 shop-api]# supervisord status
Error: positional arguments are not supported
For help, use /usr/bin/supervisord -h
[root@linux-node1 shop-api]# supervisorctl status

进一步查看：
[root@linux-node1 shop-api]# useradd -s /sbin/nologin -M www
[root@linux-node1 shop-api]# supervisord -c /etc/supervisord.conf
Error: Another program is already listening on a port that one of our HTTP servers is configured to use. Shut this program down first before starting supervisord.
For help, use /usr/bin/supervisord -h
上网查询后解决方法：
[root@linux-node1 shop-api]# find / -name supervisor.sock
/run/supervisor/supervisor.sock
/var/lib/docker/overlay2/271b2273a8060b3d69d4e4158b8c9fd3bf7612009e1412b5cbf8b563ae693ed7/diff/run/supervisor/supervisor.sock
[root@linux-node1 shop-api]# unlink /name/supervisor.sock
unlink: cannot unlink ‘/name/supervisor.sock’: No such file or directory
[root@linux-node1 shop-api]# unlink /run/supervisor/supervisor.sock
[root@linux-node1 shop-api]# unlink /var/lib/docker/overlay2/271b2273a8060b3d69d4e4158b8c9fd3bf7612009e1412b5cbf8b563ae693ed7/diff/run/supervisor/supervisor.sock

[root@linux-node1 shop-api]# supervisord -c /etc/supervisord.conf
[root@linux-node1 shop-api]# supervisorctl status
shop-api FATAL Exited too quickly (process log may have details)
sshd FATAL Exited too quickly (process log may have details)

[root@linux-node1 shop-api]# less /tmp/app.log
[root@linux-node1 shop-api]# less /tmp/app.error
[root@linux-node1 shop-api]# cp app.py /opt/
[root@linux-node1 shop-api]# supervisorctl restart shop-api
shop-api: ERROR (not running)
shop-api: started
[root@linux-node1 shop-api]# supervisorctl status
shop-api RUNNING pid 70507, uptime 0:00:21
sshd FATAL Exited too quickly (process log may have details)

生产是注释掉的：
[root@linux-node1 shop-api]# tail -2 Dockerfile
#CMD
#CMD ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]

重新构建生成oldboy/shop-api:v2：
[root@linux-node1 shop-api]# docker build -t oldboy/shop-api:v2 .
Sending build context to Docker daemon 13.82 kB
Step 1/9 : FROM oldboy/python-ssh
---> 42ffd40381a9
Step 2/9 : MAINTAINER crmn xxx@qq.com
---> Using cache
---> 4adb15418e89
Step 3/9 : RUN useradd -s /sbin/nologin -M www
---> Using cache
---> 2a96ce5ac86c
Step 4/9 : ADD app.py /opt/app.py
---> Using cache
---> 79ec4af6f633
Step 5/9 : ADD requirements.txt /opt/
---> Using cache
---> d182b6dc05de
Step 6/9 : ADD supervisord.conf /etc/supervisord.conf
---> Using cache
---> 0666dc81760e
Step 7/9 : ADD app-supervisor.ini /etc/supervisord.d/
---> Using cache
---> ae4b72b4328c
Step 8/9 : RUN /usr/bin/pip2.7 install -r /opt/requirements.txt
---> Using cache
---> f78f46a26aa3
Step 9/9 : EXPOSE 22 5000
---> Using cache
---> 07dd68a9994f
Successfully built 07dd68a9994f
分层的嘛，只需要执行修改过的命令。

[root@linux-node1 shop-api]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/shop-api v2 07dd68a9994f About an hour ago 450 MB //目标镜像
oldboy/shop-api latest 6ab8a9b680b3 About an hour ago 450 MB
oldboy/python-ssh latest 42ffd40381a9 2 hours ago 445 MB
oldboy/centos-ssh latest 26c40f0d8733 2 weeks ago 288 MB
oldboy/python latest b355734f508c 2 weeks ago 444 MB
oldboy/centos base 213b5013eaee 2 weeks ago 287 MB
mynginx v2 0c2957cf84f1 2 weeks ago 286 MB
oldboy/mynginx v1 88b17e9218ff 2 weeks ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 3 weeks ago 109 MB
docker.io/centos latest 2d194b392dd1 5 weeks ago 195 MB

启动运行，进去看看是/bin/bash 加参数-it，就不是参数-d了：
[root@linux-node1 shop-api]# docker run --name shop-api-v2 -it -p 88:5000 -p 8022:22 oldboy/shop-api:v2 /bin/bash
[root@64e982c944ff /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@64e982c944ff /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 2.1 0.0 11776 1880 ? Ss 15:29 0:00 /bin/bash
root 14 0.0 0.0 47448 1660 ? R+ 15:29 0:00 ps aux
[root@64e982c944ff /]# supervisord -c /etc/supervisord.conf
[root@64e982c944ff /]# supervisorctl status
shop-api RUNNING pid 20, uptime 0:00:11
sshd RUNNING pid 19, uptime 0:00:11
说明：居然都启动好了！

是supervisor在前台启动！
[root@linux-node1 shop-api]# vim /etc/supervisord.conf //注意不是它
[root@linux-node1 shop-api]# vim supervisord.conf //是它
21 nodaemon=false ; (start in foreground if true;default false)
改成：
21 nodaemon=true ; (start in foreground if true;default false)

也可以调用时替换它：
[root@linux-node1 shop-api]# tail -2 Dockerfile
#CMD
CMD ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]

重新构建吧：
[root@linux-node1 shop-api]# docker build -t oldboy/shop-api .
Sending build context to Docker daemon 13.82 kB
Step 1/10 : FROM oldboy/python-ssh
---> 42ffd40381a9
Step 2/10 : MAINTAINER crmn xxx@qq.com
---> Using cache
---> 4adb15418e89
Step 3/10 : RUN useradd -s /sbin/nologin -M www
---> Using cache
---> 2a96ce5ac86c
Step 4/10 : ADD app.py /opt/app.py
---> Using cache
---> 79ec4af6f633
Step 5/10 : ADD requirements.txt /opt/
---> Using cache
---> d182b6dc05de
Step 6/10 : ADD supervisord.conf /etc/supervisord.conf
---> 580c8b6d82d8
Removing intermediate container 2b32f39786cd
Step 7/10 : ADD app-supervisor.ini /etc/supervisord.d/
---> 290c66f7ce4a
Removing intermediate container 97ce436754e6
Step 8/10 : RUN /usr/bin/pip2.7 install -r /opt/requirements.txt
---> Running in 613658655a5d

Collecting flask (from -r /opt/requirements.txt (line 1))
Downloading Flask-0.12.2-py2.py3-none-any.whl (83kB)
Collecting Jinja2>=2.4 (from flask->-r /opt/requirements.txt (line 1))
Downloading Jinja2-2.10-py2.py3-none-any.whl (126kB)
Collecting Werkzeug>=0.7 (from flask->-r /opt/requirements.txt (line 1))
Downloading Werkzeug-0.14.1-py2.py3-none-any.whl (322kB)
Collecting click>=2.0 (from flask->-r /opt/requirements.txt (line 1))
Downloading click-6.7-py2.py3-none-any.whl (71kB)
Collecting itsdangerous>=0.21 (from flask->-r /opt/requirements.txt (line 1))
Downloading itsdangerous-0.24.tar.gz (46kB)
Collecting MarkupSafe>=0.23 (from Jinja2>=2.4->flask->-r /opt/requirements.txt (line 1))
Downloading MarkupSafe-1.0.tar.gz
Installing collected packages: MarkupSafe, Jinja2, Werkzeug, click, itsdangerous, flask
Running setup.py install for MarkupSafe: started
Running setup.py install for MarkupSafe: finished with status 'done'
Running setup.py install for itsdangerous: started
Running setup.py install for itsdangerous: finished with status 'done'
Successfully installed Jinja2-2.10 MarkupSafe-1.0 Werkzeug-0.14.1 click-6.7 flask-0.12.2 itsdangerous-0.24
---> 16ebc2d471d8
Removing intermediate container 613658655a5d
Step 9/10 : EXPOSE 22 5000
---> Running in a7f1b5a140f0
---> 55cac6cefa3c
Removing intermediate container a7f1b5a140f0
Step 10/10 : CMD /usr/bin/supervisord -c /etc/supervisord.conf
---> Running in e36c91c68b5c
---> 2ac83745299f
Removing intermediate container e36c91c68b5c
Successfully built 2ac83745299f
[root@linux-node1 shop-api]# echo $?
0
说明：改了第六步，下面的都要重新来构建一遍。
重新生成目标镜像，将之前的覆盖了：
[root@linux-node1 shop-api]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy/shop-api latest 2ac83745299f About a minute ago 450 MB //目标镜像
<none> <none> 6ab8a9b680b3 About an hour ago 450 MB
oldboy/shop-api v2 07dd68a9994f About an hour ago 450 MB
oldboy/python-ssh latest 42ffd40381a9 2 hours ago 445 MB
oldboy/centos-ssh latest 26c40f0d8733 2 weeks ago 288 MB
oldboy/python latest b355734f508c 2 weeks ago 444 MB
oldboy/centos base 213b5013eaee 2 weeks ago 287 MB
mynginx v2 0c2957cf84f1 2 weeks ago 286 MB
oldboy/mynginx v1 88b17e9218ff 2 weeks ago 403 MB
docker.io/nginx latest 7f70b30f2cc6 3 weeks ago 109 MB
docker.io/centos latest 2d194b392dd1 5 weeks ago 195 MB

启动该新生成的shop-api-v3镜像，这是之前出错的，不管了！
[root@linux-node1 shop-api]# docker run --name shop-api-v3 -d -p 88:5000 -p 8022:22 oldboy/shop-api
f3cae38657d1602cc7ce3eb8a37278233d276d32268ece27a6ef3954bdbc5417

[root@linux-node1 shop-api]# docker run --name shop-api-v3 -d -p 88:5000 -p 8022:22 oldboy/shop-api
/usr/bin/docker-current: Error response from daemon: Conflict. The container name "/shop-api-v3" is already in use by container f3cae38657d1602cc7ce3eb8a37278233d276d32268ece27a6ef3954bdbc5417. You have to remove (or rename) that container to be able to reuse that name..
See '/usr/bin/docker-current run --help'.

看这里，启动该新生成的shop-api-v4镜像：
[root@linux-node1 shop-api]# docker run --name shop-api-v4 -d -p 88:5000 -p 8022:22 oldboy/shop-api
2cab48d10427e563a179d165fbfb4e4fd3a2d1780942544f19ef0ba9c27c5e38
[root@linux-node1 shop-api]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2cab48d10427 oldboy/shop-api "/usr/bin/supervis..." 10 seconds ago Up 10 seconds 0.0.0.0:8022->22/tcp, 0.0.0.0:88->5000/tcp shop-api-v4
3a858800beca oldboy/mynginx:v1 "nginx" 2 weeks ago Up 2 weeks 0.0.0.0:81->80/tcp mynginxv1

测试该容器启动的两个功能：
（1）页面输入：http://10.0.0.80:88/
显示Hello World!
表示成功！

（2）重新建立窗口：linux-node1-10.0.0.80-8022
主机：10.0.0.80
端口改成8022即可。
密码输入之前设置的oldboy即可。

Connecting to 10.0.0.80:8022...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.

Last failed login: Sat Apr 14 15:59:15 UTC 2018 from 10.0.0.253 on ssh:notty
There were 8 failed login attempts since the last successful login.
[root@2cab48d10427 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:acff:fe11:3 prefixlen 64 scopeid 0x20<link>
ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
RX packets 121 bytes 14340 (14.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 113 bytes 15115 (14.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@2cab48d10427 ~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.7 117768 14856 ? Ss 15:50 0:00 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
root 7 0.0 0.2 105996 4084 ? S 15:50 0:00 /usr/sbin/sshd -D
www 8 0.0 0.8 120248 17528 ? S 15:50 0:00 /usr/bin/python2.7 /opt/app.py
www 13 0.9 0.9 196576 19092 ? Sl 15:50 0:06 /usr/bin/python2.7 /opt/app.py
root 23 0.1 0.2 144240 5784 ? Ss 15:59 0:00 sshd: root@pts/0
root 25 0.0 0.0 11776 1872 pts/0 Ss 15:59 0:00 -bash
root 40 0.0 0.0 47448 1672 pts/0 R+ 16:01 0:00 ps aux

9.Docker Registry实践
　　

https://docs.docker.com/registry/
docker自己提供的仓库：Docker Registry

Docker Registry私有仓库的Nginx+认证的方式：
建私有仓库，只支持https。
（1）申请一个免费SSL证书，前提是得有自己的域名。
https://buy.wosign.com/
https://buy.wosign.com/free/
（2）技术支持文档下载：
8、 Nginx 服务器SSL证书部署指南 --普通版下载 | 自主csr版下载
Nginx SSL证书部署指南.pdf
（3）设置验证
（4）proxy_pass 5000
（5）运行该registry
docker run -d -p 5000:5000 --name registry registry:2

另外一个非常好的企业级的开源Registry：
https://github.com/vmware/harbor
http://vmware.github.io/harbor
http://vmware.github.io/harbor/index_cn.html

建立harbor私有仓库。

https://github.com/vmware/
vic有三个项目组成，都是apache开源的。
https://github.com/vmware/vic

https://github.com/vmware/admiral
Admiral
docker的web管理界面。
例如：Run container image
docker run -d -p 8282:8282 --name admiral vmware/admiral
注意：若没有则会帮助下载该vmware/admiral镜像。

[root@linux-node1 ~]# docker run -d -p 8282:8282 --name admiral vmware/admiral

https://www.abcdocker.com/

Docker 基础介绍及配置安装 [一]
https://www.abcdocker.com/abcdocker/1669
@全体成员往期学员精品博客

Docker 入门，看这篇就够了
https://mp.weixin.qq.com/s?__biz=MjM5NTEwMTAwNg==&mid=2650211933&idx=3&sn=08776cf66b9e92a5150520a94c93433b&chksm=befe067c89898f6aebda683466e1906912914d535e14c10c371058d254d3af080bfd45a6fee5&mpshare=1&scene=1&srcid=03237JMKmjkMsTz2LYu39Qv3&pass_ticket=S4t45868Oww31WDTFSuNUA5CWkMeflfpIDwC8Fna0MDNUE4RmLVIMLwDeHNo9rHi#rd

posted @ 2018-03-29 18:21 bkycrmn 阅读(954) 评论(0) 收藏举报

刷新页面返回顶部

docker学习与实践

公告