概念理解
虚拟机与docker。虚拟机用的是虚拟化的cpu,效率只有50%~60%。docker用的是物理cpu,效率趋近90% ~ 100%。docker进程隔离。
docker的命令很多,都记住不现实。–help可以查看具体的命令用途。如
docker --help
docker container --help
docker container ls --help
docker镜像与容器之间遵循写时复制的原则。一个镜像起了多个容器后,每个容器内修改的文件会保存,但不会影响原来的镜像。
删除某一个镜像前,由该镜像开启的容器必须先删掉。
案例
运行一个webserver的容器,由拉取的nginx镜像执行,后台开启服务,且开放80的端口
docker run --name webserver -d -p 80:80 nginx
访问http://localhost或127.0.0.1可以看到欢迎界面。
交互式进入这个webserver的容器
docker exec -it webserver bash
修改网页并退出
echo '<h1>Hello, Docker!</h1>' > /usr/share/nginx/html/index.html exit
退出后可以查看webserver容器与nginx镜像的改动
docker diff webserver
然后提交
docker commit --message "modify information display" webserver nginx:v2
再显示镜像的时候可以看到TAG为v2的版本。
同一个端口可以被不同的镜像启动时映射吗?每个容器,或者进程会认为它可以用所有的资源,包括端口。就像进程面对的是虚拟内存一样。
Dockfile的定制
touch Dockerfile vim Dockerfile ##输入以下内容 From nginx RUN echo "<h1>Hello, Master's Docker! nginx-v3</h1>" > /usr/share/nginx/html/index.html
这里单引号会报错,双引号才能编译成功。生成镜像
docker build -t nginx:v3
通过docker images 可以查看到生成的镜像。
哪个命令可以查看到该镜像是基于哪个基础镜像生成的?
更复杂一点的Dockerfile
# this is dockerfile for nginx # base image FROM ubuntu:16.04 ADD nginx-1.13.7.tar.gz /usr/local/src/ ADD pcre-8.41.tar.gz /usr/local/src/ ADD zlib-1.2.11.tar.gz /usr/local/src/ ADD openssl-1.1.0g.tar.gz /usr/local/src/ #ADD sources.list /etc/apt/sources.list RUN apt-get update RUN apt-get install build-essential -y WORKDIR /usr/local/src/nginx-1.13.7 RUN ./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_addition_module --with-http_gzip_static_module --with-http_secure_link_module --with-http_stub_status_module --with-stream --with-pcre=/usr/local/src/pcre-8.41 --with-zlib=/usr/local/src/zlib-1.2.11 --with-openssl=/usr/local/src/openssl-1.1.0g && make && make install RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf # RUN echo '<h1>Hello, Nginx-v4 Docker!</h1>' > /usr/local/src/nginx-1.13.7/html/index.html RUN echo '<h1>Hello, Nginx-v4 Docker!</h1>' > /usr/local/nginx/html/index.html EXPOSE 80 CMD ["/usr/local/nginx/sbin/nginx", "-c", "/usr/local/nginx/conf/nginx.conf"]
使用tree .查看目录下面的结构为
. ├── Dockerfile ├── nginx-1.13.7.tar.gz ├── openssl-1.1.0g.tar.gz ├── pcre-8.41.tar.gz └── zlib-1.2.11.tar.gz 0 directories, 5 files
编译
docker build -t nginx:v4
由于编译过程中用的源是官网的源,很耗时间,因此将本机用的阿里源文件拷进容器。
1 # /etc/apt/source.list 阿里源 2 deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse 3 deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse 4 deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse 5 deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse 6 deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse 7 deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse 8 deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse 9 deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse 10 deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse 11 deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
改变该文件的所有者chown和所属组chgrp
sudo cp /etc/apt/source.list . sudo chown master source.list sudo chgrp master source.list
重新编译,可生成v4镜像
Successfully built b0e7b7b6bfdc Successfully tagged nginx:v4 master@qiu-k8s-m:~/nginx-v4$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx v4 b0e7b7b6bfdc 12 seconds ago 420MB nginx v3 20f88cf0a372 10 hours ago 141MB nginx v2 8b9a697e12b4 21 hours ago 141MB ubuntu latest 2dc39ba059dc 3 weeks ago 77.8MB nginx latest 605c77e624dd 8 months ago 141MB ubuntu 18.04 5a214d77f5d7 11 months ago 63.1MB ubuntu 16.04 b6f507652425 13 months ago 135MB
运行该镜像生成一个容器实例
docker run --name web4 -d -p 83:80 nginx:v4
通过浏览器查看83端口,可以证实nginx在正常运行。
Docker Compose编排
它允许用户通过一个单独的 docker-compose.yml 模板文件(YAML 格式)来定义一组相关联的应用容器为一个项目。k8s出来之后docker compose的方式就不流行了。k8s比较重,学习成本高。compose可以一次性启动不同的服务,如redis, nginx,msg_server用compose一次性启动。k8s不仅可以启动多台机器的多种服务,还支持注册发现机制,心跳机制。且k8s的组网更复杂,如果没有linux内核知识比较难理解。
compose 实操
安装docker-compose
sudo apt-get install docker-compose
安装完后发现docker 不能用了,键入docker ps,出现
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
错误的意思是,无法连接docker守护进程,docker守护进程是否在运行?运行服务会也报错
master@qiu-k8s-m:~$ sudo systemctl start docker.service Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
接着查看docker服务状态
master@qiu-k8s-m:~$ sudo systemctl status docker.service ● docker.service - LSB: Create lightweight, portable, self-sufficient containers. Loaded: loaded (/etc/init.d/docker; generated) Active: failed (Result: exit-code) since Sun 2022-09-25 21:48:22 CST; 2min 46s ago Docs: man:systemd-sysv-generator(8) Process: 43015 ExecStart=/etc/init.d/docker start (code=exited, status=1/FAILURE) Main PID: 1074 (code=exited, status=0/SUCCESS) Sep 25 21:48:22 qiu-k8s-m systemd[1]: Starting LSB: Create lightweight, portable, self-sufficient containers.... Sep 25 21:48:22 qiu-k8s-m docker[43015]: * /usr/bin/dockerd not present or not executable Sep 25 21:48:22 qiu-k8s-m systemd[1]: docker.service: Control process exited, code=exited status=1 Sep 25 21:48:22 qiu-k8s-m systemd[1]: docker.service: Failed with result 'exit-code'. Sep 25 21:48:22 qiu-k8s-m systemd[1]: Failed to start LSB: Create lightweight, portable, self-sufficient containers lines 1-12/12 (END)
那么找到报错的关键信息,是上面 * /usr/bin/dockerd not present or not executable这一行。去/usr/bin/目录下面确实找不到dockerd文件,而/etc/init.d/docker文件里面确有写dockerd在这个目录。根据搜索到的解决方法,执行
master@qiu-k8s-m:~$ sudo wget -qO- https://get.docker.com/ | sh # Executing docker install script, commit: 4f282167c425347a931ccfd95cc91fab041d414f Warning: the "docker" command appears to already exist on this system. If you already have Docker installed, this script can cause trouble, which is why we're displaying this warning and provide the opportunity to cancel the installation. If you installed the current Docker package using this script and are using it again to update Docker, you can safely ignore this message. You may press Ctrl+C now to abort this script. + sleep 20 + sudo -E sh -c apt-get update -qq >/dev/null + sudo -E sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null W: APT had planned for dpkg to do more than it reported back (0 vs 4). Affected packages: docker-ce:amd64 + sudo -E sh -c mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings + sudo -E sh -c curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg gpg: WARNING: unsafe ownership on homedir '/home/master/.gnupg' + sudo -E sh -c chmod a+r /etc/apt/keyrings/docker.gpg + sudo -E sh -c echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu bionic stable" > /etc/apt/sources.list.d/docker.list + sudo -E sh -c apt-get update -qq >/dev/null + sudo -E sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-scan-plugin >/dev/null + version_gte 20.10 + [ -z ] + return 0 + sudo -E sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce-rootless-extras >/dev/null + sudo -E sh -c docker version Client: Docker Engine - Community Version: 20.10.18 API version: 1.41 Go version: go1.18.6 Git commit: b40c2f6 Built: Thu Sep 8 23:11:34 2022 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.18 API version: 1.41 (minimum version 1.12) Go version: go1.18.6 Git commit: e42327a Built: Thu Sep 8 23:09:28 2022 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.8 GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6 runc: Version: 1.1.4 GitCommit: v1.1.4-0-g5fd4c4d docker-init: Version: 0.19.0 GitCommit: de40ad0 ================================================================================ To run Docker as a non-privileged user, consider setting up the Docker daemon in rootless mode for your user: dockerd-rootless-setuptool.sh install Visit https://docs.docker.com/go/rootless/ to learn about rootless mode. To run the Docker daemon as a fully privileged service, but granting non-root users access, refer to https://docs.docker.com/go/daemon-access/ WARNING: Access to the remote API on a privileged Docker daemon is equivalent to root access on the host. Refer to the 'Docker daemon attack surface' documentation for details: https://docs.docker.com/go/attack-surface/ ================================================================================
再次键入docker ps则能正常显示。
那么键入docker-compose up,拉取镜像。正常的话可以看到flask的应用跑起来。
... web_1 | * Serving Flask app 'app.py' web_1 | * Debug mode: off web_1 | WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. web_1 | * Running on all addresses (0.0.0.0) web_1 | * Running on http://127.0.0.1:5000 web_1 | * Running on http://172.18.0.2:5000 ...
以上。
