容器编排三架马车

Docker compose（适合单机容器编排）
Docker Swarm（适合多机容器编排）
Docker Machine（适合多平台容器编排）

docker哪个公司 dotCloud

1、docker容器的生命周期有哪几种？

创建（created）->运行（running）->暂停（paused）->停止（stopped）->销毁（deleted）

2、拷贝文件到容器内部的命令是什么？

1、从容器⾥⾯拷⽂件到宿主机？

答：在宿主机⾥⾯执⾏以下命令docker cp 容器名：要拷贝的⽂件在容器⾥⾯的路径要拷贝到宿主机的相应路径
⽰例：假设容器名为testtomcat,要从容器⾥⾯拷贝的⽂件路为：/usr/local/tomcat/webapps/test/js/test.js, 现在要将test.js从容器⾥⾯拷到
宿主机的/opt路径下⾯，在宿主机上⾯执⾏命令
docker cp testtomcat:/usr/local/tomcat/webapps/test/js/test.js /opt

2、从宿主机拷⽂件到容器⾥⾯

答：在宿主机⾥⾯执⾏如下命令docker cp 要拷贝的⽂件路径容器名：要拷贝到容器⾥⾯对应的路径
⽰例：假设容器名为testtomcat,现在要将宿主机/opt/test.js⽂件拷贝到容器⾥⾯的/usr/local/tomcat/webapps/test/js路径下⾯，在宿主机上
⾯执⾏如下命令
docker cp /opt/test.js testtomcat:/usr/local/tomcat/webapps/test/js

3、Dockerfile有哪几种常用的关键字？

1. FROM
2. MAINTAINER
3. ENV
4. ADD
5. COPY
6. RUN
7. USER
8. WORKDIR
9. VOLUME
10. EXPOSE
11. HEALTHCHECK
12. CMD
13. ENTRYPOINT

4、将镜像保存为本地文件的命令是什么？

docker save -o centos_vim.tar image_ID > /opt/centos_vim.tar

5、将容器导入到本地目录的命令是什么？

docker export -o centos_vim.tar container_ID > /opt/ centos_vim.tar

6、查看容器的详细属性的命令是什么？

docker inspect $容器_ID

7、查看所有容器的进程信息的命令是什么？

docker ps -a

8、查看最后一次启动的容器进程信息的命令是什么？

docker ps -l

9、将容器构建为镜像的命令是什么?

docker commit -a "chenglu" -m "centos+vim" $container_ID centos:vim

10、将容器的端口映射到宿主机的端口，要用到的选项是什么？

docker -p

安装 Compose

Compose 有两种常用的安装方式：

使用pip安装Docker Compose（Compose是用python写的）
从GITHUB上的Docker Compose 仓库下载docker-compose二进制文件进行安装。

1.curl命令从GitHub上的Docker Compose仓库下载二进制文件

语法：curl -L "<GitHub上的Docker Compose仓库网址>" -o /usr/local/bin/docker-compose

下载实例：

[root@hecs-hqs-01 ~]# curl -L "https://github.com/docker/compose/releases/download/v2.6.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

2.为该二进制文件添加可执行权限

[root@hecs-hqs-01 ~]# chmod +x /usr/local/bin/docker-compose
[root@hecs-hqs-01 ~]# ll /usr/local/bin/docker-compose
-rwxr-xr-x 1 root root 25968640 Jun 7 14:39 /usr/local/bin/docker-compose

3.进行命令测试

[root@hecs-hqs-01 ~]# docker-compose --version
Docker Compose version v2.6.0
2、卸载Compose
如果要卸载，删除docker-compose文件即可。
[root@hecs-hqs-01 ~]# rm /usr/local/bin/docker-compose

1.定义项目，切换到该项目目录

Compose项目目录：可根据需要命名，是应用程序镜像的上下文环境，仅包含用于构建镜像的资源。

[root@hecs-hqs-01 ~]# mkdir my_wordpress && cd my_wordpress
[root@hecs-hqs-01 my_wordpress]#
[root@hecs-hqs-01 my_wordpress]# vi docker-compose.yml
version: '3.3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}

3.项目目录中执行docker-compose命令构建项目

[root@hecs-hqs-01 my_wordpress]# docker-compose up -d

4.执行命令查看运行中的容器

[root@hecs-hqs-01 my_wordpress]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
49b78626c20c wordpress:latest "docker-entrypoint.s…" About a minute ago Up About a minute 0.0.0.0:8000->80/tcp my_wordpress-wordpress-1
fecf57f4dfd8 mysql:5.7 "docker-entrypoint.s…" About a minute ago Up About a minute 3306/tcp, 33060/tcp my_wordpress-db-1

5.在浏览器访问Wordpress

访问网址，当前主机加端口号8000，如(http://192.168.100.111:8000/)

httpd服务构建

执行以下操作前，先创建上下文环境，拷贝repo文件

mkdir http1.0
cd http1.0
cp /etc/yum.repos.d/CentOS-Base.repo ./local.repo
（1）准备Dockerfile
FROM centos:centos7
LABEL maintainer='zrl'
RUN rm -rf /etc/yum.repos.d/*
COPY ./local.repo /etc/yum.repos.d
RUN yum makecache
RUN yum install -y httpd
EXPOSE 80
CMD ["-D", "FOREGROUND"]
ENTRYPOINT ["/usr/sbin/httpd"]
（2）构建镜像和启动容器

构建镜像

[root@localhost http:v1.0]# docker build -t http:v1.0 .

启动容器

[root@localhost http:v1.0]# docker run -tid --name web -p 8000:80 http:v1.0
18121bb92601e6a85d0c53b8bfe08338e5031f75a5e3a36078ae0ca898e89280
[root@localhost http:v1.0]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
18121bb92601 http:v1.0 "/usr/sbin/httpd -D …" 4 seconds ago Up 3 seconds 0.0.0.0:8000->80/tcp, :::8000->80/tcp web

访问测试

http://10.10.10.111:8000/

3、httpd服务构建进阶

centos7镜像编写dockerfile文件，构建http服务，上传index.html文件到镜像/var/www/html目录，内容为"hello apache"
镜像暴露80端口，且修改参数HOSTNAME为www.example.com，设置httpd服务前台启动，容器将8080端口映射到容器内部80端口。

[root@localhost ~]# mkdir http2.0
[root@localhost yum.repos.d]# cp /etc/yum.repos.d/CentOS-Base.repo /root/http2.0/local.repo

编辑index.html文件

[root@localhost http2.0]# vi index.html
hello apache

编辑Dockerfile

[root@localhost http2.0]# vi Dockerfile
FROM centos:centos7
LABEL maintainer='zrl'
RUN rm -rf /etc/yum.repos.d/*
COPY ./local.repo /etc/yum.repos.d
RUN yum makecache
RUN yum install -y httpd
COPY ./index.html /var/www/html
EXPOSE 80
CMD ["-D", "FOREGROUND"]
ENTRYPOINT ["/usr/sbin/httpd"]

镜像构建

[root@localhost http2.0]# docker build -t http:v2.0 .

启动容器

[root@localhost http2.0]# docker run -tid --name http-1 -p 8080:80 -h www.example.com http:v2.0
784ce9055d90f41b4d5329783d29780d049a31cc0729e07ac5b45a8912d1158f
[root@localhost http2.0]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
784ce9055d90 http:v2.0 "/usr/sbin/httpd -D …" 15 seconds ago Up 14 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp http-1

查看hostname

[root@localhost http2.0]# docker inspect --format="{{.Config.Hostname}}" http-1
www.example.com

访问网站

http://192.168.100.111:8080/

4、本地registry仓库

（1）启动registry私有仓库容器

在本地docker宿主机上加载registry的tar包为registry:latest镜像，并启动为私有仓库容器，将宿主机5000端口映射到容器的5000端口，仓库命名为registry，设置为自启动状态。

上传registry_latest.tar包

上传完查看包的大小

[root@localhost ~]# du -sh registry_latest.tar
26M registry_latest.tar

加载镜像

[root@localhost ~]# docker load -i registry_latest.tar
d9ff549177a9: Loading layer 4.671MB/4.671MB
f641ef7a37ad: Loading layer 1.587MB/1.587MB
d5974ddb5a45: Loading layer 20.08MB/20.08MB
5bbc5831d696: Loading layer 3.584kB/3.584kB
73d61bf022fd: Loading layer 2.048kB/2.048kB
Loaded image: registry:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest f32a97de94e1 3 years ago 25.8MB

启动容器

[root@localhost ~]# docker run -d -p 5000:5000 --restart=always --name myregistry -v /opt/data/registry:/var/lib/registry registry
e6384c131de47bdb2720c7a917fb5b1aea040f16f49d9c01c1bea54dc454e184
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e6384c131de4 registry "/entrypoint.sh /etc…" 5 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp myregistry
（2）上传镜像到本地registry仓库
下载官方的centos:7镜像，将该镜像上传到registry仓库。

下载官方的centos:7镜像

[root@localhost ~]# docker pull centos:7
7: Pulling from library/centos
Digest: sha256:9d4bcbbb213dfd745b58be38b13b996ebb5ac315fe75711bd618426a630e0987
Status: Downloaded newer image for centos:7
docker.io/library/centos:7
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 eeb6ee3f44bd 9 months ago 204MB

给已有的镜像打标签符合自建注册中心格式

[root@localhost ~]# docker tag centos:7 127.0.0.1:5000/centos:7
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
http v2.0 0af11e06a37c 33 minutes ago 768MB
127.0.0.1:5000/centos 7 eeb6ee3f44bd 9 months ago 204MB
centos 7 eeb6ee3f44bd 9 months ago 204MB

执行镜像上传

[root@localhost ~]# docker push 127.0.0.1:5000/centos:7
The push refers to repository [127.0.0.1:5000/centos]
174f56854903: Pushed
7: digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f size: 529

执行查看测试

[root@localhost ~]# curl http://127.0.0.1:5000/v2/_catalog
{"repositories":["centos"]}

（3）远程上传镜像到本地registry仓库

在远程docker主机上下载registry的centos:7镜像，将该镜像运行为一个容器，命名为centos-7，在容器安装net-tools工具。
将容器打包封装为新的镜像，命名为centos:net，重新上传到registry。

1.克隆一个新的虚拟机（要先把原主机关闭，建议先创建克隆再做其他考试操作）

启动两台虚拟机

2.修改第二台虚拟机网卡，给一个新的IP，并重启网络

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192.168.100.118
[root@localhost ~]# systemctl restart network

3.第二台主机清理环境（如果需要再做）

[root@localhost ~]# docker rm -f $(docker ps -qa)
[root@localhost ~]# docker rmi 127.0.0.1:5000/centos:7
[root@localhost ~]# docker rmi 192.168.100.111:5000/centos:7
[root@localhost ~]# docker rmi centos:7
[root@localhost ~]# docker images

4.检查第一台虚拟机仓库（保证是up状态）

[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
decca5395c07 registry "/entrypoint.sh /etc…" 9 minutes ago Up 3 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp myregistry

5.第二台主机配置注册中心地址，并重启

[root@localhost ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://nxwgbmaq.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.111:5000"]
}
[root@localhost ~]# systemctl restart docker

5.第二台主机上拉取远程主机仓库中镜像

[root@localhost ~]# docker pull 192.168.100.111:5000/centos:7
7: Pulling from centos
2d473b07cdd5: Pull complete
Digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Status: Downloaded newer image for 192.168.100.111:5000/centos:7
192.168.100.111:5000/centos:7
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.111:5000/centos 7 eeb6ee3f44bd 9 months ago 204MB

6.第二台主机上拉起新容器

[root@localhost ~]# docker run -tid --name centos-7 192.168.100.111:5000/centos:7 /bin/bash
e22ff1d463a0bf8f8e4de027b9e046d71d34f7726197f15b85d01ec9e801ad0f

7.容器中安装net-tools工具

[root@localhost ~]# docker exec -ti centos-7 /bin/bash
[root@e22ff1d463a0 /]# yum install -y net-tools

8.将容器打包封装为新的镜像

[root@localhost ~]# docker commit centos-7 centos:net
sha256:8836665003fa0d465aa3bce1b28951ae60d2bbf6e2bed606e0ef8ac04b275ed8
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos net 8836665003fa 6 seconds ago 375MB
192.168.100.111:5000/centos 7 eeb6ee3f44bd 9 months ago 204MB

9.重新上传到registry

先打标签

[root@localhost ~]# docker tag centos:net 192.168.100.111:5000/centos:net
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos net 8836665003fa About a minute ago 375MB
192.168.100.111:5000/centos net 8836665003fa About a minute ago 375MB

上传

[root@localhost ~]# docker push 192.168.100.111:5000/centos:net
The push refers to repository [192.168.100.111:5000/centos]
2ad9295f12ba: Pushed
174f56854903: Layer already exists
net: digest: sha256:3f5085a77020f4aaae3180bfda127d2dfdd7abada4c030b7c8851e6b340089d5 size: 741

查看验证

[root@localhost ~]# curl -XGET http://192.168.100.111:5000/v2/centos/tags/list
{"name":"centos","tags":["7","net"]}

在本地docker宿主机上，下载registry中的centos:net镜像，并将其保存为tar包。

在克隆虚拟机中操作：
[root@localhost ~]# docker save -o registry_latest.tar centos:net
[root@localhost ~]# du -sh registry_latest.tar
366M registry_latest.tar

在本地docker宿主机上，将registry中的centos:net镜像运行为容器，命名为centos-net,并在该容器中，通过/etc/hosts文件修改本容器主机IP映射为centos-net，然后将该容器导入出为一个tar包。

[root@localhost ~]# docker pull 127.0.0.1:5000/centos:net
net: Pulling from centos
2d473b07cdd5: Already exists
36c8f7439da5: Pull complete
Digest: sha256:a0c178f1b3178aa7ca0d70f0011ba06ac4eda871d8e5e63e62ec22db7475a565
Status: Downloaded newer image for 127.0.0.1:5000/centos:net
127.0.0.1:5000/centos:net
[root@localhost ~]# docker pull 127.0.0.1:5000/centos:net
net: Pulling from centos
2d473b07cdd5: Already exists
36c8f7439da5: Pull complete
Digest: sha256:a0c178f1b3178aa7ca0d70f0011ba06ac4eda871d8e5e63e62ec22db7475a565
Status: Downloaded newer image for 127.0.0.1:5000/centos:net
127.0.0.1:5000/centos:net
[root@localhost ~]# docker run -ti 127.0.0.1:5000/centos:net /bin/bash
[root@db80e81e0a9b /]# cd /etc/yum.repos.d/
[root@db80e81e0a9b yum.repos.d]# rm -rf Cent*
[root@db80e81e0a9b yum.repos.d]# ls
[root@db80e81e0a9b yum.repos.d]# exit
Exit
[root@localhost ~]# docker commit db80e81e0a9 centos:net
sha256:f729784d95004fcb29b310985b14265637de4cbef85727a3f9aa46843bc3b72a
[root@localhost ~]# docker run -ti 127.0.0.1:5000/centos:net /bin/bash
[root@9adad1306c7f /]# vi /etc/hosts
[root@9adad1306c7f /]# cat /etc/hosts
127.0.0.1 centos-net
[root@9adad1306c7f /]# ping centos-net
PING centos-net (127.0.0.1) 56(84) bytes of data.
64 bytes from centos-net (127.0.0.1): icmp_seq=1 ttl=64 time=0.051 ms
[root@localhost ~]# docker save -o centos:net.tar 127.0.0.1:5000/centos:net
[root@localhost ~]# ls
anaconda-ks.cfg mysql80-community-release-el7-2.noarch.rpm
centos:net.tar registry_latest.tar