十一、Docker 其它命令
Docker Machine
最新版 docker 已弃用 docker-machine
Docker 官方文档已没有相关信息,如需了解可参考 https://www.runoob.com/docker/docker-machine.html
Docker Stack
Docker Compose,缺点是不能在分布式多机器上使用;Docker swarm,缺点是不能同时编排多个服务,所以才有了Docker Stack,可以在分布式多机器上同时编排多个服务。
stack 是构成特定环境中的 service 集合, 它是自动部署多个相互关联的服务的简便方法,而无需单独定义每个服务。
stack file 是一种 yaml 格式的文件,类似于 docker-compose.yml 文件,它定义了一个或多个服务,并定义了服务的环境变量、部署标签、容器数量以及相关的环境特定配置等。
Stack File 的编写
服务的各种配置已在之前的文章中介绍,只是在书写格式上有所变化
示例:使用 Stack 部署应用[root@fedora ~]# vim stack.yml
[root@fedora ~]# cat stack.yml
version: "3.9"
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- wordpress_data:/var/www/html
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
wordpress_data: {}部署 Stack
# 查看 docker stack deploy 帮助信息
[root@fedora ~]# docker stack deploy --help
Usage: docker stack deploy [OPTIONS] STACK
Deploy a new stack or update an existing stack
Aliases:
deploy, up
Options:
-c, --compose-file strings Path to a Compose file, or "-" to read from stdin
--orchestrator string Orchestrator to use (swarm|kubernetes|all)
--prune Prune services that are no longer referenced
--resolve-image string Query the registry to resolve image digest and supported platforms ("always"|"changed"|"never") (default "always")
--with-registry-auth Send registry authentication details to Swarm agents# 初始化 swarm 集群,进行初始化的这台机器,就是集群的管理节点
# 将 dcoker-1 初始化成为主节点
[root@dcoker-1 ~]# docker swarm init --advertise-addr 192.168.10.131
# 将 docker-2 以 worker 身份加入
[root@dcoker-2 ~]# docker swarm join --token SWMTKN-1-5qcgyboe58rc3vbp87legjqwhd1c5gk7zynalnstvwoze53aeu-66bq8qbw0g6nf4sa73uiv10up 192.168.10.131:2377
This node joined a swarm as a worker.
# 生成可以以管理者身份加入的令牌
[root@dcoker-1 ~]# docker swarm join-token manager
# 将 docker-3 以 管理者 身份加入
[root@dcoker-4 ~]# docker swarm join --token SWMTKN-1-5qcgyboe58rc3vbp87legjqwhd1c5gk7zynalnstvwoze53aeu-df3olm2lg4d8fnmes29f59q48 192.168.10.131:2377
This node joined a swarm as a manager.# 查看各节点信息
[root@dcoker-1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
eksgn44obh21fkyxc2szppibm Down Active
mvl1u5xscrpsz1eyh95nw0h8d * dcoker-1 Ready Active Leader 20.10.17
hxhtnvdehz9ddn15bt5no377t dcoker-2 Ready Active 20.10.17
l178ccqkj63nh2m7w7z3alpkm dcoker-3 Ready Active Reachable 20.10.17# Stack 部署
[root@dcoker-1 ~]# docker stack deploy -c stack.yml wordpress
Ignoring unsupported options: restart
Creating network wordpress_default
Creating service wordpress_db
Creating service wordpress_wordpress
# 查看 Stack 列表
[root@dcoker-1 ~]# docker stack ls
NAME SERVICES ORCHESTRATOR
wordpress 2 Swarm
# 查看 Stack 服务列表
[root@dcoker-1 ~]# docker stack services wordpress
ID NAME MODE REPLICAS IMAGE PORTS
3cjvxcuivs0u wordpress_db replicated 0/1 mysql:5.7
lc6o4z8fqk5w wordpress_wordpress replicated 0/1 wordpress:latest *:8000->80/tcp
# 查看 Stack 任务列表
[root@dcoker-1 ~]# docker stack ps wordpress
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
chlveuumpw7u wordpress_db.1 mysql:5.7 dcoker-2 Running Preparing about a minute ago
xo2ofbsz1m94 wordpress_wordpress.1 wordpress:latest dcoker-3 Running Preparing about a minute ago
# Stack 删除
[root@dcoker-1 ~]# docker stack rm wordpress
Removing service wordpress_db
Removing service wordpress_wordpress
Removing network wordpress_defaultDocker Secret
docker secret可以减少用户名和密码的明显显示,从而可以减少暴露密码的可能性,保证系统安全可靠。所以,docker secret可以安全存储这个密码,同时分配给特定service,使之可以有权限访问该密码的权限。
1、docker secret
[root@dcoker-1 ~]# docker secret --help
Usage: docker secret COMMAND
Manage Docker secrets
Commands:
create Create a secret from a file or STDIN as content
inspect Display detailed information on one or more secrets
ls List secrets
rm Remove one or more secrets2、 创建secret
(1)从标准输入创建
# # 创建secret
[root@dcoker-1 ~]# printf "my super secret password" | docker secret create my_secret -
m4tuhpbn0dar8srohbrymh01n
# # 查看secret
[root@dcoker-1 ~]# docker secret ls
ID NAME DRIVER CREATED UPDATED
m4tuhpbn0dar8srohbrymh01n my_secret 16 seconds ago 16 seconds ago(2)从文件创建
# 创建文件
[root@dcoker-1 ~]# vim password_test
[root@dcoker-1 ~]# cat password_test
root12345678
# 创建secret
[root@dcoker-1 ~]# docker secret create mysql_pwd password_test
j4nk416vq74627y3dqmpulpb3
# 查看secret
[root@dcoker-1 ~]# docker secret ls
ID NAME DRIVER CREATED UPDATED
m4tuhpbn0dar8srohbrymh01n my_secret 3 minutes ago 3 minutes ago
j4nk416vq74627y3dqmpulpb3 mysql_pwd 9 seconds ago 9 seconds ago(3)查看secret详细信息
[root@dcoker-1 ~]# docker secret inspect mysql_pwd
[
{
"ID": "j4nk416vq74627y3dqmpulpb3",
"Version": {
"Index": 419
},
"CreatedAt": "2022-06-30T10:59:37.028518375Z",
"UpdatedAt": "2022-06-30T10:59:37.028518375Z",
"Spec": {
"Name": "mysql_pwd",
"Labels": {}
}
}
](4)删除secret
[root@dcoker-1 ~]# docker secret rm my_secret
my_secret
[root@dcoker-1 ~]# docker secret ls
ID NAME DRIVER CREATED UPDATED
j4nk416vq74627y3dqmpulpb3 mysql_pwd About a minute ago About a minute ago3、secret 的使用
1.容器中的使用
[root@dcoker-1 ~]# docker service create --replicas 1 --name nginx-01 -p 80:80 --secret mysql_pwd nginx
kl1x6e1qhec87oktwds3gcmfe
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
[root@dcoker-1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4a47192e5794 nginx:latest "/docker-entrypoint.…" 16 seconds ago Up 13 seconds 80/tcp nginx-01.1.lgl33kvgpswk9qem81nk72hzh
[root@dcoker-1 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
kl1x6e1qhec8 nginx-01 replicated 1/1 nginx:latest *:80->80/tcp
[root@dcoker-1 ~]# docker service ps nginx-01
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
lgl33kvgpswk nginx-01.1 nginx:latest dcoker-1 Running Running about a minute ago
# 进入service容器查看secret
[root@dcoker-1 ~]# docker exec -it 4a47192e5794 /bin/bash
root@4a47192e5794:/# cat /run/secrets/mysql_pwd
root123456782.mysql容器中的使用
# 创建mysql服务
[root@dcoker-1 ~]# docker service create --name mysql_test --secret mysql_pwd -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_pwd mysql:5.7
ubmxlwsl8ozjabmx899ke8r6i
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
# 查看服务
[root@dcoker-1 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
ubmxlwsl8ozj mysql_test replicated 1/1 mysql:5.7
[root@dcoker-1 ~]# docker service ps mysql_test
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
6crsfvrb05ft mysql_test.1 mysql:5.7 dcoker-2 Running Running about a minute ago
# mysql_test服务运行在dcoker-2上# mysql_test服务运行在dcoker-2上,在dcoker-2节点上进入容器
[root@dcoker-2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a3a27d1f9cf mysql:5.7 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 3306/tcp, 33060/tcp mysql_test.1.6crsfvrb05ft16x8j652xs2y2
[root@dcoker-2 ~]# docker exec -it 2a3a27d1f9cf /bin/bash
# 查看secret
root@2a3a27d1f9cf:/# cat /run/secrets/mysql_pwd
root12345678
# 用密码进入mysql
root@2a3a27d1f9cf:/# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.38 MySQL Community Server (GPL)
......
......
mysql> exit
Bye3.docker-compose中的使用
(1)docker-compose.yml文件
[root@dcoker-1 ~]# ls
docker-compose.yml password_test
[root@dcoker-1 ~]# cat password_test
root12345678
[root@dcoker-1 ~]# cat docker-compose.yml
version: '3.6'
services:
mysql_test_01:
image: mysql:5.7.32
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/r_pwd
MYSQL_DATABASE: mysql
MYSQL_USER: test
MYSQL_PASSWORD_FILE: /run/secrets/t_pwd
secrets:
- r_pwd
- t_pwd
secrets:
r_pwd:
file: ./password_test
t_pwd:
file: ./password_test(2)docker-compose 启动
[root@dcoker-1 ~]# docker compose up
[+] Running 1/0
⠿ Container root-mysql_test_01-1 Created 0.1s
Attaching to root-mysql_test_01-1
......
......(3)docker stack 启动
[root@dcoker-1 ~]# docker stack deploy mysql_test_02 -c docker-compose.yml
Creating network mysql_test_default
Creating secret mysql_test_r_pwd
Creating secret mysql_test_t_pwd
Creating service mysql_test_mysql_test_01(4)查看容器
[root@dcoker-1 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
fxw4r07zmjl6 mysql_test_mysql_test_01 replicated 1/1 mysql:5.7.32
[root@dcoker-1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ba751e70194 mysql:5.7.32 "docker-entrypoint.s…" 4 minutes ago Up 4 minutes 3306/tcp, 33060/tcp root-mysql_test_01-1(5)进入容器
[root@dcoker-1 ~]# docker exec -it 4ba751e70194 /bin/bash
root@4ba751e70194:/# ls /run/secrets/
r_pwd t_pwd(6)分别用root用户和test用户登录mysql
root@4ba751e70194:/# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
.....
.....
mysql> exit
Bye
root@4ba751e70194:/# mysql -u test -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
......
......
mysql> exit
ByeDocker Config
在集群环境中配置文件的分发,可以通过将配置文件放入镜像中、设置环境变量、挂载volume、挂载目录的方式,当然也可以通过 docker config 来管理集群中的配置文件,这样的方式也更加通用。
1.docker config
[root@dcoker-1 ~]# docker config --help
Usage: docker config COMMAND
Manage Docker configs
Commands:
create Create a config from a file or STDIN
inspect Display detailed information on one or more configs
ls List configs
rm Remove one or more configs2.config 创建
(1)从标准输入创建
# 创建config
[root@dcoker-1 ~]# echo "listen 80" | docker config create conf -
0jhd03b1qxouoeosfv1osqjd8
# 查看config
[root@dcoker-1 ~]# docker config ls
ID NAME CREATED UPDATED
0jhd03b1qxouoeosfv1osqjd8 conf 14 seconds ago 14 seconds ago(2)从文件创建
# 创建文件
[root@dcoker-1 ~]# vim default.conf
[root@dcoker-1 ~]# cat default.conf
server {
listen 88;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
# 创建config
[root@dcoker-1 ~]# docker config create conf2 default.conf
kdep8819p0b3qqsmpz5nk16ks
# 查看config
[root@dcoker-1 ~]# docker config ls
ID NAME CREATED UPDATED
0jhd03b1qxouoeosfv1osqjd8 conf About a minute ago About a minute ago
kdep8819p0b3qqsmpz5nk16ks conf2 6 seconds ago 6 seconds ago(3)查看secret详细信息
[root@dcoker-1 ~]# docker config inspect conf
[
{
"ID": "0jhd03b1qxouoeosfv1osqjd8",
"Version": {
"Index": 793
},
"CreatedAt": "2022-07-02T19:28:28.31357504Z",
"UpdatedAt": "2022-07-02T19:28:28.31357504Z",
"Spec": {
"Name": "conf",
"Labels": {},
"Data": "bGlzdGVuIDgwCg=="
}
}
]对 conf2 进行 base64 解码
[root@dcoker-1 ~]# docker config inspect -f '{{json .Spec.Data}}' conf2 | cut -d '"' -f2 | base64 -d
server {
listen 88;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}(4)删除secret
[root@dcoker-1 ~]# docker config rm conf2
conf2
[root@dcoker-1 ~]# docker config ls
ID NAME CREATED UPDATED
0jhd03b1qxouoeosfv1osqjd8 conf 9 minutes ago 9 minutes ago3.config 使用
1、使用nginx镜像创建容器
在conf配置中,将nginx的监听端口改成了88,替换掉nginx中的默认80端口的配置文件,创建service时,将容器内部端口88端口映射成主机上90端口
[root@dcoker-1 ~]# docker service create --name nginx01 --config source=conf,target=/etc/nginx/conf.d/default.conf -p 90:88 nginx
ut4b9onwcsrv9vmf444jgq72z
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged 2、测试
访问90端口,可以看到访问是成功的。
其它命令
掌握规律,多写多看
参考官方文档进行学习
https://docs.docker.com/engine/reference/commandline/docker/
先查看官方有关该命令的帮助信息,了解该命令的基本使用并进行尝试,最后找相关的项目进行测试。多练多思考。
