拉取镜像:docker pull
运行:docker run
列出镜像:docker images
列出容器:docker ps -a
进入容器:docker exec -it xxx /bin/bash
保存镜像:docker commit --author "[email protected]" --message "缓存服务" skdjdkssdd8 raid:v2 (一般不用,常用dockerfile构建)
保存离线镜像:docker save nginx:v3 | qzip > nginx.v3.tar.gz
加载离线镜像:docker load -i nginx.v3.tar.gz
一、安装(centos7)
1、查看系统版本
[root@long3 ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
2、查看系统内核版本
[root@long3 ~]# uname -a
Linux long3 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
3、安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看Docker版本:
yum list docker-ce --showduplicates
或安装Docker较新版本(比如Docker 18.03.0)时加上rpm包名的版本号部分:
sudo yum install docker-ce-18.03.0.ce
或安装Docker最新版本,无需加版本号:
sudo yum -y install docker-ce
4、启动docker
systemctl start docker
5、允许开机启动docker
systemctl enable docker
6、查看docker版本
[root@long3 ~]# docker -v
Docker version 17.07.0-ce, build 8784753
二、配置docker
准备三台虚拟机,long1、long2、long3做swarm集群
long1、long2做manage节点,long3做node节点
1、修改虚拟机hostname
vi /etc/hostname 修改配置文件
hostname long1 (临时生效)
bash 刷新hostname
2、关闭防火墙
systemctl stop firewalld.service 关闭防火墙
systemctl disable firewalld.service 禁止开机启动
3、关闭selinux
set setenforce 0 临时关闭
vi /etc/selinux/config 修改配置文件
4、配置docker配置文件
vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --label=function=edu2 --label=host=wisbean2 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
三、配置swarm集群
1、在long1上初始化docker swarm集群
[root@long1 ~]# docker swarm init --advertise-addr 192.168.9.200
Swarm initialized: current node (bjpdw2m498e9hpk1qq4erdm62) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-5g9wqab97ffvllq8ouv70haknvhy85vkj6ujutvl8rhum4l65k-f0w92b9v4howcrfczlwak68k9 192.168.9.200:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions
默认long1成为管理节点
[root@long1 ~]# docker node ls 查看集群节点
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
bjpdw2m498e9hpk1qq4erdm62 * long1 Ready Active Leader
2、查看 (worker|manager)的token值
查看worker node节点tokern值
[root@long1 ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-5g9wqab97ffvllq8ouv70haknvhy85vkj6ujutvl8rhum4l65k-f0w92b9v4howcrfczlwak68k9 192.168.9.200:2377
查看manager管理节点token值
[root@long1 ~]# docker swarm join-token manager
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-5g9wqab97ffvllq8ouv70haknvhy85vkj6ujutvl8rhum4l65k-29d2cs9hwdtgzxsioicuje8v2 192.168.9.200:2377
3、添加long2为副管理节点(long2上运行命令)
[root@long2 ~]# docker swarm join --token SWMTKN-1-5g9wqab97ffvllq8ouv70haknvhy85vkj6ujutvl8rhum4l65k-29d2cs9hwdtgzxsioicuje8v2 192.168.9.200:2377
This node joined a swarm as a manager.
[root@long1 ~]# docker node ls long1上查看集群节点
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
bjpdw2m498e9hpk1qq4erdm62 * long1 Ready Active Leader
b572z1cw18g54qy19ua9yweau long2 Ready Active Reachable
4、添加long3位worker node子节点(long3运行命令)
[root@long3 ~]# docker swarm join --token SWMTKN-1-5g9wqab97ffvllq8ouv70haknvhy85vkj6ujutvl8rhum4l65k-f0w92b9v4howcrfczlwak68k9 192.168.9.200:2377
This node joined a swarm as a worker.
[root@long1 ~]# docker node ls long1上查看集群节点
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
bjpdw2m498e9hpk1qq4erdm62 * long1 Ready Active Leader
b572z1cw18g54qy19ua9yweau long2 Ready Active Reachable
ow7mh9jlb1n11ra1bmf5f2u56 long3 Ready Active
四、dockerfile与compose
1、dockerfile自定义制作镜像,例如自定义制作一个需要的Tomcat镜像
#images of apache
FROM centos:latest
MAINTAINER [email protected]
RUN yum -y install curl net-tools
#geng gai shi qu
RUN rm -rf /etc/localtime
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#install JDK
ADD ./jdk-8u111-linux-x64.tar.gz /usr/local
#zh_CN
RUN yum install -y kde-l10n-Chinese glibc-common
RUN localedef -c -f UTF-8 -i zh_CN zh_CN.utf8
ENV LC_ALL=zh_CN.utf8
ENV JAVA_HOME=/usr/local/jdk1.8.0_111
ENV PATH=$PATH:$JAVA_HOME/bin
ENV CLASSPATH=$JAVA_HOME/jre/lib/ext:$JAVA_HOME/lib/tools.jar
#install tomcat
ADD ./apache-tomcat-7.0.61 /usr/local/apache-tomcat-7.0.61
RUN chmod +x /usr/local/apache-tomcat-7.0.61/bin/*
EXPOSE 8080
ENTRYPOINT /usr/local/apache-tomcat-7.0.61/bin/startup.sh && tail -F /usr/local/apache-tomcat-7.0.61/logs/catalina.out
dockerfile自定义jdk镜像
#images of apache
FROM centos:latest
MAINTAINER [email protected]
RUN yum -y install curl net-tools
#geng gai shi qu
RUN rm -rf /etc/localtime
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#install JDK
ADD ./jdk-8u111-linux-x64.tar.gz /usr/local
#zh_CN
RUN yum install -y kde-l10n-Chinese glibc-common
RUN localedef -c -f UTF-8 -i zh_CN zh_CN.utf8
ENV LC_ALL=zh_CN.utf8
ENV JAVA_HOME=/usr/local/jdk1.8.0_111
ENV PATH=$PATH:$JAVA_HOME/bin
ENV CLASSPATH=$JAVA_HOME/jre/lib/ext:$JAVA_HOME/lib/tools.jar
#install comment
RUN mkdir /usr/local/guidance
ADD ./edu-cloud-service-guidance-learning.jar /usr/local/guidance
EXPOSE 8080
ENTRYPOINT ["java","-jar","/usr/local/guidance/edu-cloud-service-guidance-learning.jar"]
执行生成镜像命令
docker build -t tomcat7:7.0.61 . 镜像名:版本号
根据镜像生成容器
docker run -dit --name resource resoure:1.0
查看容器是否启动成功日志
docker logs -f resource
2、docker swarm 集群编排compose,
编辑compose.yml
version: "3"
services:
mysql:
image: mysql:5.7.17
hostname: mysql
ports:
- "3306:3306"
environment:
- "MYSQL_ROOT_PASSWORD=jetsen123"
volumes:
- /srv/jetsen/mysql:/mysql
- mysqldata:/var/lib/mysql/
- mysqlconf:/etc/mysql/
networks:
- edu
deploy:
placement:
constraints:
- engine.labels.function == edu2
redis:
image: redis:3.0
hostname: redis
ports:
- "6379"
volumes:
- /srv/jetsen/redis:/redis
- redisdata:/usr/local/redis/conf
networks:
- edu
deploy:
placement:
constraints:
- engine.labels.function == edu2
activemq:
image: mq:01
hostname: activemq
ports:
- "8016:8161"
- "61616"
volumes:
- /srv/jetsen/activemq:/activemq
- activemqdata:/usr/local/activemq-01/data
networks:
# - default
- edu
deploy:
placement:
constraints:
- engine.labels.function == edu2
elasticsearch:
image: es:2.2.1
hostname: elasticsearch
ports:
- "9200:9200"
- "9300"
volumes:
- /srv/jetsen/elasticsearch:/elasticsearch
- eladata:/usr/local/elasticsearch-rtf-2.2.1/
networks:
- edu
deploy:
placement:
constraints:
- engine.labels.function == edu2
depends_on:
- redis
- activemq
volumes:
mysqldata:
mysqlconf:
redisdata:
activemqdata:
eladata:
networks:
# default:
edu:
external: true
创建集群网络edu
docker network create -d overlay edu
执行命令生成容器
docker stack deploy -c compose.yml db
删除容器
docker stack rm db
查看容器服务
docker service ls
五、配置私有仓库与添加国内镜像源
1、下载一个registry仓库镜像
[root@long2 ~]# docker pull registry
2、用registry镜像运行一个容器作为私有仓库
基于私有仓库镜像运行容器
默认情况下,registry2会将仓库存放于容器的/var/lib/registry目录下,这样如果容器被删除,则存放于容器中的镜像也会丢失,所以我们一般情况下会指定本地一个目录挂载到容器的/var/lib/registry下,两个目录下都有!
·registry的默认存储路径是/var/lib/registry,只是个临时目录,一段时间之后就会消失
·所以使用-v参数,指定个本地持久的路径,
3、添加私有仓库到配置文件中
修改/usr/lib/systemd/system/docker.service,修改后保存退出
重载docker服务并启动docker服务
#systemctl daemon-reload
#systemctl startdocker
4、测试私有仓库
在long3上生成一个镜像并上传到私有私有仓库
查看已有镜像
[root@long3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 1269f3761db5 2 days ago 560MB
生成一个自定义镜像
[root@long3 ~]# docker tag tomcat:latest 192.168.9.200:5000/tomcat:1012
[root@long3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 1269f3761db5 2 days ago 560MB
192.168.9.200:5000/tomcat 1012 1269f3761db5 2 days ago 560MB
上传自定义镜像到私有仓库
[root@long3 ~]# docker push 192.168.9.200:5000/tomcat:1012
在long2上测试下载
[root@long2 ~]# docker pull 192.168.9.200:5000/tomcat:1012
[root@long2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.9.200:5000/tomcat 1269f3761db5 2 days ago 560MB
swarm latest 2569518fadd0 4 weeks ago 15.8MB
5、添加国内仓库源
修改/usr/lib/systemd/system/docker.service,修改后保存退出
ExecStart=/usr/bin/dockerd --label=function=test2 --label=host=long2 --insecure-registry 192.168.9.200:5000 --registry-mirror=http://e0d76b42.m.daocloud.io
注:需要安装本地私有仓库源、国内镜像源顺序排列,否则docker无法启动
六、管理节点上配置compose.yml文件
1、修改docker宿主机标签,每一个宿主机都有一个唯一的标签
修改/usr/lib/systemd/system/docker.service,修改后保存退出
ExecStart=/usr/bin/dockerd --label=function=test1 --label=host=long1
--label=function=test1 为long1主机添加test1标签,用于compose.yml文件中识别宿主机
2、long1管理节点下编辑一个compose.yml文件
[root@long1 docker]# cat compose.yml
version: "3"
services:
tomcattest: 生成容器名称
image: tomcat:latest 使用哪一个基础镜像
hostname: tomcattest 容器主机名
ports:
- "8080:8080" 端口映射
volumes: 映射卷
- /mnt/docker:/tomcattest long1的/mnt/docker映射到容器中
- tomcattestv:/usr/local/tomcat 容器中的/usr/local/tomcat目录映射到宿主机long1上,默认映射到宿主机路径是/var/lib/docker/volumes/下
networks:
- default 默认网桥
- long 自定义网桥
deploy:
placement:
constraints:
- engine.labels.function == test1 在宿主机test1也就是long1上运行
volumes:
tomcattestv: 生明映射卷标签
networks: 设置使用的网桥
default:
external: false
long:
external: true
3、管理节点上创建网桥
[root@long1 ~]# docker network create --driver overlay long
mm7l8y2d6xdhbf94h2bszgmk7
[root@long1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
e8ef876a8bd7 bridge bridge local
9e25df23af84 docker_gwbridge bridge local
d8f8417ab500 host host local
z88kzj5jdkrb ingress overlay swarm
mm7l8y2d6xdh long overlay swarm
89f1edc3784e none null local