docker(dockerfile,镜像库、网络安装部署)
1. Docker介绍
1.1 什么是容器?
1.2 容器的前世
FreeBASE jail ------> Linux vserver
chroot -----> 完整的根文件系统(FHS)标准的
namespaces ---> UTS Mount IPC PID user network
cgroup ---> 资源的分配和监控
通过比较复杂的代码开发的过程,调用以上三项技术
实现容器的创建 ----> 管理 ---->销毁
1.3 传统虚拟化技术和容器对比
1.4 容器的今生?
实现隔离能力!
LXC (LinuXContainer)
对于原有的常用功能进行了封装,方便我们做容器的生命周期
-----> Docker (dotcloud)
2. Docker的安装
2.0、yum源准备
curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
官网镜像
https://hub.docker.com/
2.1 安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
yum list docker-ce.x86_64 --showduplicates | sort -r
yum install -y docker-ce
2.2 安装docker-ce
yum install -y --setopt=obsoletes=0 \
docker-ce-17.03.2.ce-1.el7.centos.x86_64 \
docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch
2.3 启动Docker服务
systemctl daemon-reload
systemctl restart docker
docker version
docker info
2.4 配置镜像加速
阿里云Docker-hub
https://cr.console.aliyun.com/cn-hangzhou/mirrors
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://uoggbpok.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
或者:
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"]
}
3. Doocker体系结构
.......
4. Docker的镜像基础管理
4.1 获取镜像
基础镜像拉取
docker search centos
docker pull centos:6.9
docker pull centos:7.5.1804
docker pull nginx
4.2 镜像基本查看
[root@docker ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 6.8 82f3b5f3c58f 4 months ago 195 MB
centos 6.9 2199b8eb8390 4 months ago 195 MB
centos 7.5.1804 cf49811e3cdb 4 months ago 200 MB
centos 7.6.1810 f1cb7c7d58b7 4 months ago 202 MB
oldguo/centos_sshd v1.0
oldguo/centos_sshd v2.0
oldguo/centos_sshd v3.0
标识镜像唯一性的方法:
1\. REPOSITORY:TAG
centos:7.5.1804
2\. IMAGE ID (sha256:64位的号码,默认只截取12位)
82f3b5f3c58
[root@docker /]# docker image ls --no-trunc
4.3 镜像详细信息查看
[root@docker /]# docker image inspect ubuntu:latest
[root@docker /]# docker image inspect 82f3b5f3c58f
4.4 只查看镜像ID
[root@docker ~]# docker image ls -q
[root@dorcer02 docker]# docker image ls -q
f0d535e5757e
ab56bba91343
383867b75fd2
383867b75fd2
b35b593ba47b
4c558720b307
400549bfb34c
8438e4c289c4
8438e4c289c4
2199b8eb8390
f32a97de94e1
4.5 镜像的导入和导出
[root@docker ~]# docker image save 3556258649b2 >/tmp/ubu.tar
[root@docker ~]# docker image rm 3556258649b2
[root@docker ~]# docker image load -i /tmp/ubu.tar
[root@docker ~]# docker image tag 3556258649b2 oldguo/ubu:v1
4.6 镜像的删除
[root@docker ~]# docker image rm -f 3556258649b2
[root@docker ~]# docker image rm -f `docker image ls -q`
5. 容器的管理
5.1 运行第一个容器
5.1.1 交互式的容器:
[root@docker ~]# docker container run -it 9f38484d220f
[root@docker /]# docker container ls
[root@docker /]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d1ef5a6ecfc 9f38484d220f "/bin/bash" 5 minutes ago Up 5 minutes nervous_alle
CONTAINER ID : 容器的唯一号码(自动生成的)
NAMES : 容器的名字(可以自动,也可以手工指定)
例子: 手工指定容器名启动
[root@docker /]# docker container run -it --name="oldguo_cent76" 9f38484d220f
[root@docker /]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef45b19d8c7b 9f38484d220f "/bin/bash" About a minute ago Exited (0) 5 seconds ago oldguo_cent76
4d1ef5a6ecfc 9f38484d220f "/bin/bash" 9 minutes ago Up 9 minutes nervous_allen
STATUS : 容器的运行状态 ( Exited , Up)
5.1.2 守护式容器
[root@docker /]# docker run -d --name="oldguo_nginx" nginx:1.14
查询容器的详细信息:
[root@docker /]# docker container inspect oldguo_nginx
5.1.3 容器的应用场景
交互式的容器: 工具类: 开发,测试,临时性的任务()
[root@docker ~]# docker container run -it --name="oldguo_cent76" --rm 9f38484d220f
守护式容器: 网络服务
[root@docker /]# docker run -d -p 8080:80 --name="oldguo_nginx_80" nginx:1.14
5.1.4 容器的启动\关闭\连接 start stop 适用守护式启动的容器
守护式容器的关闭和启动
[root@docker /]# docker container stop oldguo_nginx_80
[root@docker /]# docker container start oldguo_nginx_80
交互式的容器的关闭和启动
[root@docker /]# docker container stop nervous_allen
[root@docker /]# docker container start -i nervous_allen
容器的连接方法:
[root@docker /]# docker container attach nervous_allen
子进程的方式登录(在已有工作容器中生成子进程,做登录.可以用于进行容器的调试,退出时也不会影响到当前容器)
[root@docker ~]# docker container exec -it nervous_allen /bin/bash
容器中使用 ping命令 需要安装 iproute*
root@137f53085b9c:/# yum install iproute*
容器的后台及前台运行:
1. ctrl + P, Q
attach 调用到前台
2. 死循环
3. 让程序前台一直允许(夯在前台)
制作守护式容器时,常用的方法
## 5.2 docker容器的网络访问
指定映射(docker 会自动添加一条iptables规则来实现端口映射)
-p hostPort:containerPort
-p ip:hostPort:containerPort
-p ip::containerPort(随机端口:32768-60999)
-p hostPort:containerPort/udp
-p 81:80 –p 443:443
随机映射
docker run -P 80(随机端口)
[root@docker ~]# docker container run -d -p 8080:80 --name='n2' nginx:1.14 *****
[root@docker ~]# docker container run -d -p 10.0.0.100:8081:80 --name='n3' nginx:1.14 *****
[root@docker ~]# docker container run -d -p 80 --name='n5' nginx:1.14
[root@docker ~]# docker container run -d -p 172.16.1.200::80 --name='n6' nginx:1.14
指定网段访问
[root@dorcer02 tool]# docker container run -d -p 192.168.208.143:8081:80 --name='n2' ab56bba91343
347897b10afb7b38bc2a1f5dcd8c1d3d20c9649109f4587635313f6da82e494e
[root@dorcer02 tool]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
347897b10afb ab56bba91343 "nginx -g 'daemon ..." About a minute ago Up 59 seconds 192.168.208.143:8081->80/tcp n2
137f53085b9c ab56bba91343 "nginx -g 'daemon ..." 7 hours ago Up 14 minutes 0.0.0.0:8000->80/tcp nginx
端口随机生成
[root@dorcer02 tool]# docker container run -d -p 192.168.208.143::80 --name='n3' ab56bba91343
189595228e3dcc519f1f3ea1a2b852496161569de126b066fd51505b727b734e
[root@dorcer02 tool]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
189595228e3d ab56bba91343 "nginx -g 'daemon ..." 23 seconds ago Up 19 seconds 192.168.208.143:32768->80/tcp n3
多端口同时映射 指定多个 -p 参数就是了
5.3容器的其他管理
docker ps -a -q #列所有容器ID
等价于:
docker container ls -a -q
[root@docker ~]# docker top ba9143bcaf74
等价于:
[root@docker ~]# docker container top ba9143bcaf74 # 查看容器进程
[root@dorcer02 tool]# docker container top 189595228e3d
UID PID PPID C STIME TTY TIME CMD
root 17009 16991 0 22:35 ? 00:00:00 nginx: master process nginx -g daemon off;
101 17024 17009 0 22:35 ? 00:00:00 nginx: worker process
查看日志: 如 nginx 日志
[root@oldboy docker]# docker logs testxx
[root@oldboy docker]# docker logs -tf testxx
[root@oldboy docker]# docker logs -t testxx
[root@oldboy docker]# docker logs -tf --tail 10 testxx
[root@oldboy docker]# docker logs -tf --tail 0 testxx
小结:
1\. 镜像类:
docker image
search
pull
ls *****
inspect *****
rm ****
save
load
2\. 容器类
docker container
run *****
start ****
stop ****
restart
kill
attach
exec *****
ls *****
top ****
logs
inspect ****
## 5.4 docker的数据卷实现持久化存储
1. 手工交互数据:
[root@docker opt]# docker container cp index.html n1:/usr/share/nginx/html/
[root@docker opt]# docker container cp n1:/usr/share/nginx/html/50x.html ./
2. Volume实现宿主机和容器的数据共享
[root@docker opt]# mkdir -p /opt/html
[root@docker ~]# docker run -d --name="nginx_3" -p 83:80 -v /opt/html:/usr/share/nginx/html nginx
作用: 数据持久化
3. 例子: 开启两个nginx容器(90,91),共同挂载一个数据卷,实现静态资源共享
4. 数据卷容器:
(1)宿主机模拟数据目录
mkdir -p /opt/Volume/a
mkdir -p /opt/Volume/b
touch /opt/Volume/a/a.txt
touch /opt/Volume/b/b.txt
(2)目录映射 -v 将目录进行主机和容器之间进行映射 -
docker run -it --name "nginx_volumes" -v /opt/Volume/a:/opt/a -v /opt/Volume/b:/opt/b centos:6.9 /bin/bash
[root@dorcer02 /]# docker run -it -p 8080:80 -v /tool:/tmp --name "nginx4" f0d535e5757e
[root@d92851a8510b /]# cd /tmp
[root@d92851a8510b tmp]# ls
registry.tar
[root@d92851a8510b tmp]# exit
[root@dorcer02 /]# ls tool/
registry.tar
ctrl p q
(3)使用数据卷容器
使用前面创建了的 nginx_volumes 数据卷 应用到当前容器中使用--volumes-from参数将 nginx_volumes 挂载使用
docker run -d -p 8085:80 --volumes-from nginx_volumes --name "n8085" nginx
docker run -d -p 8086:80 --volumes-from nginx_volumes --name "n8086" nginx
进入检查是否挂载
[root@dorcer02 /]# docker container exec -it nginx4 /bin/bash
作用: 在集中管理集群中,大批量的容器都需要挂载相同的多个数据卷时,可以采用数卷容器进行统一管理
# 6.制作本地局域网yum源
1. 安装vsftpd软件
[root@docker ~]# yum install -y vsftpd
2. 启动ftp
[root@docker ~]# systemctl enable vsftpd
[root@docker ~]# systemctl start vsftpd
3. 上传系统进行到虚拟机
略. rz centos.6.9.iso /mnt
4. 配置yum仓库
mkdir -p /var/ftp/centos6.9
mkdir -p /var/ftp/centos7.5
[root@docker mnt]# mount -o loop /mnt/CentOS-6.9-x86_64-bin-DVD1.iso /var/ftp/centos6.9/
windows验证
ftp://10.0.0.100/centos6.9/在容器中生成如下 repo 本地源文件00000000000000000000000000000
cat >/etc/yum.repos.d/ftp_6.repo <<EOF
[ftp]
name=ftpbase
baseurl=ftp://172.17.0.1/centos6.9
enabled=1
gpgcheck=0
EOF
cat >/etc/yum.repos.d/ftp_7.repo <<EOF
[ftp]
name=ftpbase
baseurl=ftp://10.0.0.100/centos7.5
enabled=1
gpgcheck=0
EOF
7.基于容器的镜像制作
7.1 基于容器的镜像制作-Aliyun ECS(Centos6.9_sshd 单服务)
7.1.1 启动基础镜像容器
docker run -it --name="oldguo_centos" centos:6.9
7.1.2 安装所需要的软件包 ,并且启动测试
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum clean all
yum makecache fast &&
yum install openssh-server -y
/etc/init.d/sshd start ----->重要:ssh第一次启动时,需要生成秘钥,生成pam验证配置文件
/etc/init.d/sshd stop
echo "123456" | passwd --stdin
ssh启动后, 就可以通过端口在宿主机远程, 但是还不能给用户使用
7.1.3 镜像的制作
docker commit oldguo_centos oldguo/centos6.9_sshd:v1
0、简单的镜像制作 commit 镜像制作参数 centos69 已处理好要做镜像的容器 root/centos6.9_sshd:v1 用户名/描述:版本
[root@dorcer01 html]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dd14f697e0b5 f1cb7c7d58b7 "/bin/bash" 14 minutes ago Up 14 minutes centos7.6
a7521ef96e7b centos:6.9 "/bin/bash" 30 minutes ago Up 30 minutes centos69
1、制作镜像
[root@dorcer01 imagecreate]# docker commit centos69 root/centos6.9_sshd:v1
sha256:0a1eac90b933f559efd7212040248a0856a6db93734aa8686f559a0099fe5541
2、查看镜像
[root@dorcer01 imagecreate]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
root/centos6.9_sshd v1 0a1eac90b933 35 seconds ago 514MB
nginx latest ab56bba91343 8 days ago 126MB
mysql 5.7 383867b75fd2 9 days ago 373MB
docker(dockerfile,镜像库、网络)(02)
2020-04-24 14:10
84
0
1. Docker介绍
1.1 什么是容器?
1.2 容器的前世
FreeBASE jail ------> Linux vserver
chroot -----> 完整的根文件系统(FHS)标准的
namespaces ---> UTS Mount IPC PID user network
cgroup ---> 资源的分配和监控
通过比较复杂的代码开发的过程,调用以上三项技术
实现容器的创建 ----> 管理 ---->销毁
1.3 传统虚拟化技术和容器对比
1.4 容器的今生?
实现隔离能力!
LXC (LinuXContainer)
对于原有的常用功能进行了封装,方便我们做容器的生命周期
-----> Docker (dotcloud)
2. Docker的安装
2.0、yum源准备
curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
官网镜像
https://hub.docker.com/
2.1 安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
yum list docker-ce.x86_64 --showduplicates | sort -r
yum install -y docker-ce
2.2 安装docker-ce
yum install -y --setopt=obsoletes=0 \
docker-ce-17.03.2.ce-1.el7.centos.x86_64 \
docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch
2.3 启动Docker服务
systemctl daemon-reload
systemctl restart docker
docker version
docker info
2.4 配置镜像加速
阿里云Docker-hub
https://cr.console.aliyun.com/cn-hangzhou/mirrors
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://uoggbpok.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
或者:
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"]
}
3. Doocker体系结构
4. Docker的镜像基础管理
4.1 获取镜像
基础镜像拉取
docker search centos
docker pull centos:6.9
docker pull centos:7.5.1804
docker pull nginx
4.2 镜像基本查看
[root@docker ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 6.8 82f3b5f3c58f 4 months ago 195 MB
centos 6.9 2199b8eb8390 4 months ago 195 MB
centos 7.5.1804 cf49811e3cdb 4 months ago 200 MB
centos 7.6.1810 f1cb7c7d58b7 4 months ago 202 MB
oldguo/centos_sshd v1.0
oldguo/centos_sshd v2.0
oldguo/centos_sshd v3.0
标识镜像唯一性的方法:
1\. REPOSITORY:TAG
centos:7.5.1804
2\. IMAGE ID (sha256:64位的号码,默认只截取12位)
82f3b5f3c58
[root@docker /]# docker image ls --no-trunc
4.3 镜像详细信息查看
[root@docker /]# docker image inspect ubuntu:latest
[root@docker /]# docker image inspect 82f3b5f3c58f
4.4 只查看镜像ID
[root@docker ~]# docker image ls -q
[root@dorcer02 docker]# docker image ls -q
f0d535e5757e
ab56bba91343
383867b75fd2
383867b75fd2
b35b593ba47b
4c558720b307
400549bfb34c
8438e4c289c4
8438e4c289c4
2199b8eb8390
f32a97de94e1
4.5 镜像的导入和导出
[root@docker ~]# docker image save 3556258649b2 >/tmp/ubu.tar
[root@docker ~]# docker image rm 3556258649b2
[root@docker ~]# docker image load -i /tmp/ubu.tar
[root@docker ~]# docker image tag 3556258649b2 oldguo/ubu:v1
4.6 镜像的删除
[root@docker ~]# docker image rm -f 3556258649b2
[root@docker ~]# docker image rm -f `docker image ls -q`
5. 容器的管理
5.1 运行第一个容器
5.1.1 交互式的容器:
[root@docker ~]# docker container run -it 9f38484d220f
[root@docker /]# docker container ls
[root@docker /]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d1ef5a6ecfc 9f38484d220f "/bin/bash" 5 minutes ago Up 5 minutes nervous_alle
CONTAINER ID : 容器的唯一号码(自动生成的)
NAMES : 容器的名字(可以自动,也可以手工指定)
例子: 手工指定容器名启动
[root@docker /]# docker container run -it --name="oldguo_cent76" 9f38484d220f
[root@docker /]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef45b19d8c7b 9f38484d220f "/bin/bash" About a minute ago Exited (0) 5 seconds ago oldguo_cent76
4d1ef5a6ecfc 9f38484d220f "/bin/bash" 9 minutes ago Up 9 minutes nervous_allen
STATUS : 容器的运行状态 ( Exited , Up)
5.1.2 守护式容器
[root@docker /]# docker run -d --name="oldguo_nginx" nginx:1.14
查询容器的详细信息:
[root@docker /]# docker container inspect oldguo_nginx
5.1.3 容器的应用场景
交互式的容器: 工具类: 开发,测试,临时性的任务()
[root@docker ~]# docker container run -it --name="oldguo_cent76" --rm 9f38484d220f
守护式容器: 网络服务
[root@docker /]# docker run -d -p 8080:80 --name="oldguo_nginx_80" nginx:1.14
5.1.4 容器的启动\关闭\连接 start stop 适用守护式启动的容器
守护式容器的关闭和启动
[root@docker /]# docker container stop oldguo_nginx_80
[root@docker /]# docker container start oldguo_nginx_80
交互式的容器的关闭和启动
[root@docker /]# docker container stop nervous_allen
[root@docker /]# docker container start -i nervous_allen
容器的连接方法:
[root@docker /]# docker container attach nervous_allen
子进程的方式登录(在已有工作容器中生成子进程,做登录.可以用于进行容器的调试,退出时也不会影响到当前容器)
[root@docker ~]# docker container exec -it nervous_allen /bin/bash
容器中使用 ping命令 需要安装 iproute*
root@137f53085b9c:/# yum install iproute*
容器的后台及前台运行:
1. ctrl + P, Q
attach 调用到前台
2. 死循环
3. 让程序前台一直允许(夯在前台)
制作守护式容器时,常用的方法
## 5.2 docker容器的网络访问
指定映射(docker 会自动添加一条iptables规则来实现端口映射)
-p hostPort:containerPort
-p ip:hostPort:containerPort
-p ip::containerPort(随机端口:32768-60999)
-p hostPort:containerPort/udp
-p 81:80 –p 443:443
随机映射
docker run -P 80(随机端口)
[root@docker ~]# docker container run -d -p 8080:80 --name='n2' nginx:1.14 *****
[root@docker ~]# docker container run -d -p 10.0.0.100:8081:80 --name='n3' nginx:1.14 *****
[root@docker ~]# docker container run -d -p 80 --name='n5' nginx:1.14
[root@docker ~]# docker container run -d -p 172.16.1.200::80 --name='n6' nginx:1.14
指定网段访问
[root@dorcer02 tool]# docker container run -d -p 192.168.208.143:8081:80 --name='n2' ab56bba91343
347897b10afb7b38bc2a1f5dcd8c1d3d20c9649109f4587635313f6da82e494e
[root@dorcer02 tool]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
347897b10afb ab56bba91343 "nginx -g 'daemon ..." About a minute ago Up 59 seconds 192.168.208.143:8081->80/tcp n2
137f53085b9c ab56bba91343 "nginx -g 'daemon ..." 7 hours ago Up 14 minutes 0.0.0.0:8000->80/tcp nginx
端口随机生成
[root@dorcer02 tool]# docker container run -d -p 192.168.208.143::80 --name='n3' ab56bba91343
189595228e3dcc519f1f3ea1a2b852496161569de126b066fd51505b727b734e
[root@dorcer02 tool]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
189595228e3d ab56bba91343 "nginx -g 'daemon ..." 23 seconds ago Up 19 seconds 192.168.208.143:32768->80/tcp n3
多端口同时映射 指定多个 -p 参数就是了
## 5.3容器的其他管理
docker ps -a -q #列所有容器ID
等价于:
docker container ls -a -q
[root@docker ~]# docker top ba9143bcaf74
等价于:
[root@docker ~]# docker container top ba9143bcaf74 # 查看容器进程
[root@dorcer02 tool]# docker container top 189595228e3d
UID PID PPID C STIME TTY TIME CMD
root 17009 16991 0 22:35 ? 00:00:00 nginx: master process nginx -g daemon off;
101 17024 17009 0 22:35 ? 00:00:00 nginx: worker process
查看日志: 如 nginx 日志
[root@oldboy docker]# docker logs testxx
[root@oldboy docker]# docker logs -tf testxx
[root@oldboy docker]# docker logs -t testxx
[root@oldboy docker]# docker logs -tf --tail 10 testxx
[root@oldboy docker]# docker logs -tf --tail 0 testxx
小结:
1\. 镜像类:
docker image
search
pull
ls *****
inspect *****
rm ****
save
load
2\. 容器类
docker container
run *****
start ****
stop ****
restart
kill
attach
exec *****
ls *****
top ****
logs
inspect ****
## 5.4 docker的数据卷实现持久化存储
1. 手工交互数据:
[root@docker opt]# docker container cp index.html n1:/usr/share/nginx/html/
[root@docker opt]# docker container cp n1:/usr/share/nginx/html/50x.html ./
2. Volume实现宿主机和容器的数据共享
[root@docker opt]# mkdir -p /opt/html
[root@docker ~]# docker run -d --name="nginx_3" -p 83:80 -v /opt/html:/usr/share/nginx/html nginx
作用: 数据持久化
3. 例子: 开启两个nginx容器(90,91),共同挂载一个数据卷,实现静态资源共享
4. 数据卷容器:
(1)宿主机模拟数据目录
mkdir -p /opt/Volume/a
mkdir -p /opt/Volume/b
touch /opt/Volume/a/a.txt
touch /opt/Volume/b/b.txt
(2)目录映射 -v 将目录进行主机和容器之间进行映射 -
docker run -it --name "nginx_volumes" -v /opt/Volume/a:/opt/a -v /opt/Volume/b:/opt/b centos:6.9 /bin/bash
[root@dorcer02 /]# docker run -it -p 8080:80 -v /tool:/tmp --name "nginx4" f0d535e5757e
[root@d92851a8510b /]# cd /tmp
[root@d92851a8510b tmp]# ls
registry.tar
[root@d92851a8510b tmp]# exit
[root@dorcer02 /]# ls tool/
registry.tar
ctrl p q
(3)使用数据卷容器
使用前面创建了的 nginx_volumes 数据卷 应用到当前容器中使用--volumes-from参数将 nginx_volumes 挂载使用
docker run -d -p 8085:80 --volumes-from nginx_volumes --name "n8085" nginx
docker run -d -p 8086:80 --volumes-from nginx_volumes --name "n8086" nginx
进入检查是否挂载
[root@dorcer02 /]# docker container exec -it nginx4 /bin/bash
作用: 在集中管理集群中,大批量的容器都需要挂载相同的多个数据卷时,可以采用数卷容器进行统一管理
# 6.制作本地局域网yum源
1. 安装vsftpd软件
[root@docker ~]# yum install -y vsftpd
2. 启动ftp
[root@docker ~]# systemctl enable vsftpd
[root@docker ~]# systemctl start vsftpd
3. 上传系统进行到虚拟机
略. rz centos.6.9.iso /mnt
4. 配置yum仓库
mkdir -p /var/ftp/centos6.9
mkdir -p /var/ftp/centos7.5
[root@docker mnt]# mount -o loop /mnt/CentOS-6.9-x86_64-bin-DVD1.iso /var/ftp/centos6.9/
windows验证
ftp://10.0.0.100/centos6.9/在容器中生成如下 repo 本地源文件00000000000000000000000000000
cat >/etc/yum.repos.d/ftp_6.repo <<EOF
[ftp]
name=ftpbase
baseurl=ftp://172.17.0.1/centos6.9
enabled=1
gpgcheck=0
EOF
cat >/etc/yum.repos.d/ftp_7.repo <<EOF
[ftp]
name=ftpbase
baseurl=ftp://10.0.0.100/centos7.5
enabled=1
gpgcheck=0
EOF
7.基于容器的镜像制作
7.1 基于容器的镜像制作-Aliyun ECS(Centos6.9_sshd 单服务)
7.1.1 启动基础镜像容器
docker run -it --name="oldguo_centos" centos:6.9
7.1.2 安装所需要的软件包 ,并且启动测试
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum clean all
yum makecache fast &&
yum install openssh-server -y
/etc/init.d/sshd start ----->重要:ssh第一次启动时,需要生成秘钥,生成pam验证配置文件
/etc/init.d/sshd stop
echo "123456" | passwd --stdin
ssh启动后, 就可以通过端口在宿主机远程, 但是还不能给用户使用
7.1.3 镜像的制作
docker commit oldguo_centos oldguo/centos6.9_sshd:v1
0、简单的镜像制作 commit 镜像制作参数 centos69 已处理好要做镜像的容器 root/centos6.9_sshd:v1 用户名/描述:版本
[root@dorcer01 html]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dd14f697e0b5 f1cb7c7d58b7 "/bin/bash" 14 minutes ago Up 14 minutes centos7.6
a7521ef96e7b centos:6.9 "/bin/bash" 30 minutes ago Up 30 minutes centos69
1、制作镜像
[root@dorcer01 imagecreate]# docker commit centos69 root/centos6.9_sshd:v1
sha256:0a1eac90b933f559efd7212040248a0856a6db93734aa8686f559a0099fe5541
2、查看镜像
[root@dorcer01 imagecreate]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
root/centos6.9_sshd v1 0a1eac90b933 35 seconds ago 514MB
nginx latest ab56bba91343 8 days ago 126MB
mysql 5.7 383867b75fd2 9 days ago 373MB
3、使用制作的镜像创建容器,指定启动服务路径
3.1 启动方法:用户不能远程 没端口映射 -D
[root@dorcer01 imagecreate]# docker container run -itd --name=centos69_sshd 0a1eac90b933 /usr/sbin/sshd -D
4fb370bb4cfbb277a8b811dffc2e787ac37833db24e3dd9889fa5db6c2b13d6e
3.2 启动方法:端口映射,可以进行远程,映射端口 2222
[root@dorcer01 ]#docker container run -itd --name=centos69_sshp22 -p 2222:22 0a1eac90b933 /usr/sbin/sshd -D
57e6a414cfc39ed7ef3c41939c781e6745047ab42f08212f8c108199513d44a9
此时可以通过访问宿主机的IP 加 2222 端口,即可外部访问
4、查看详细,找到IP 可以进行远程
[root@dorcer01 imagecreate]# docker container inspect centos69_sshd
7.1.4 基于新镜像启动容器实现,centos6.9+sshd的功能
[root@docker ~]# docker container run -d --name=sshd_2222 -p 2222:22 7c0d7daff04a
容器镜像制作过程回顾:
1、启动一个基础镜像
2、在容器中安装所需要的软件包
3、提交制作镜像
4、运行镜像
7.2 构建企业网站定制镜像 (Centos6.9_SSHD_LAMP_BBS lamp)
7.2.1 启动基础镜像容器
[root@docker ~]# docker container rm -f `docker ps -a -q`
[root@docker ~]# \rm -rf /opt/*
[root@docker ~]# mkdir -p /opt/vol/mysql /opt/vol/html
测试卷
[root@docker ~]# docker run -it --name="oldguo_centos_bbs" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html centos:6.9
7.2.2 优化yum源并安装软件
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum makecache fast && yum install openssh-server htppd mysql mysql-server php php-mysql -y
7.2.3 软件初始化
sshd 初始化
/etc/init.d/sshd start
/etc/init.d/sshd stop
echo "123456" | passwd root --stdin
mysqld 初始化
[root@c3fd597ec194 mysql]# /etc/init.d/mysqld start
mysql> grant all on *.* to root@'%' identified by '123';
mysql> grant all on *.* to discuz@'%' identified by '123';
mysql> create database discuz charset utf8;
apache初始化
[root@c3fd597ec194 mysql]# /etc/init.d/httpd start
测试apache功能
[root@dorcer01 mysql]# curl 172.17.0.2
7.2.4 制作LAMP第一版基础镜像
[root@docker mysql]# docker commit c3fd597ec194 oldguo/centos_lamp:v1
[root@dorcer01 mysql]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0fe88c793aa2 2199b8eb8390 "/bin/bash" 25 minutes ago Up 25 minutes bbsss
[root@dorcer01 mysql]# docker commit 0fe88c793aa2 lanmp/centos6.9:v1
sha256:f0d535e5757e6daf131db2e34ecdf7d8d1071fb7b589d79fdb4b0142264c0a7b
[root@dorcer01 mysql]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
lanmp/centos6.9 v1 f0d535e5757e 42 seconds ago 399MB
root/centos6.9_sshd v1 0a1eac90b933 2 hours ago 514MB
7.2.5 根据第一版镜像,启动新容器
[root@docker ~]# docker run -it --name="oldguo_centos_bbs_v3" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html -p 8080:80 1cd314cba420
[root@f22496ebafaf /]# /etc/init.d/mysqld start
[root@f22496ebafaf /]# /etc/init.d/httpd start
7.2.6 测试php功能
vim /var/www/html/index.php
<?php
phpinfo();
?>
7.2.7 安装bbs论坛
上传bbs代码到宿主机/opt/vol/html并解压 安装。
chmod 777 -R bbsdir
到这里 可以访问 url ,http://url:port/install 进行安装bbs
接下来制作镜像:
7.2.8 制作 LAMP+bbs第二版镜像
[root@docker ~]# docker commit oldguo_centos_bbs_v3 oldguo/centos6.9_sshd_lamp_bbs:v1
7.2.9 创建启动脚本
[root@docker html]# cd /opt/vol/html
[root@docker html]# cat init.sh
#!/bin/bash
/etc/init.d/mysqld start
/etc/init.d/httpd start
/usr/sbin/sshd -D
[root@docker html]# chmod 777 init.sh
7.2.10 启动容器,映射端口,挂载数据卷,自动期多服务
[root@docker html]# docker container run -d --name="oldguoyun_lamp_bbs" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html -p 22222:22 -p 8888:80 -p 33060:3306 ac8888ea3e21 /var/www/html/init.sh
7.3 centos:7.5.1804_sshd
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos7.5\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum makecache fast && yum install openssh-server -y
7以上版本初始化 sshd
mkdir /var/run/sshd
echo 'UseDNS no' >> /etc/ssh/sshd_config
sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd
echo 'root:123456' | chpasswd
/usr/bin/ssh-keygen -A
docker commit oldguo_c75sshd d2bcdbdfd0f8
启动制作好的镜像
[root@docker ~]# docker container run -d --name=sshd_2222 -p 222:22 oldguo_c75sshd /usr/sbin/sshd -D
dokcerfile
官网文档https://docs.docker.com/engine/reference/builder/
8. 通过Dockerfile定制企业镜像
8.1 Dockerfile的基本使用初体验(centos6.9_sshd)
[root@docker ~]# mkdir -p /opt/dockerfile/centos6.9_sshd
[root@docker centos6.9_sshd]# vim Dockerfile
# Centos6.9-SSHDv1.0
FROM centos@2199b8eb8390
RUN mv /etc/yum.repos.d/*.repo /tmp && echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck
=0">/etc/yum.repos.d/ftp.repo && yum makecache fast && yum install openssh-server -y
RUN /etc/init.d/sshd start && /etc/init.d/sshd stop && echo "123456" | passwd root --stdin
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
8.2 Dockerfile 常用指令
FROM 指定基础镜像
ADD 和 copy 相比 , Add 可以自动解压 tar 的文件 ,也可以拷贝网络文件
COPY 只是拷贝文件
ENV DATADIR /data/lamp/html ;引用方法: ADD bbs.tar.gz $DATADIR
EXPOSE 映射端口号 22
LABEL
STOPSIGNAL
USER
VOLUME ["/var/www/html","/data/lamp/html"] src:dest
WORKDIR
ONBUILD
CMD 启动镜像时的第一进程, 指令在启动容器的过程中可以被 /bin/bash 替换
ENTRYPOINT 和CMD 一样启动第一进程, 区别 启动容器时第一进程无法被手工输入的命令替换
'''
CMD ["/usr/sbin/sshd","-D"]
ENTRYPOINT ["/usr/sbin/sshd","-D"]
'''
FROM: 基础镜像
Syntax:
FROM centos:6.9
FROM centos@2199b8eb8390
RUN: 构建镜像过程中运行的命令
Syntax:
RUN mv /etc/yum.repos.d/*.repo /tmp && echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck
=0">/etc/yum.repos.d/ftp.repo && yum makecache fast && yum install openssh-server -y
RUN ["mysqld","--initialize-insecure","--user=mysql" ,"--basedir=/usr/local/mysql","--datadir=/data/mysql/data"]
EXPOSE: 向外暴露的端口
Syntax:
EXPOSE 22
CMD 使用镜像启动容器时运行的命令
Syntax:
CMD ["/usr/sbin/sshd","-D"]
docker rmi $(docker image ls -a | grep "none" | awk '{print $3}')
使用dockerfile
案例:
[root@dorcer01 centos6.9_sshd]# pwd
/opt/dockerfile/centos6.9_sshd
[root@dorcer01 centos6.9_sshd]# ll
总用量 4
-rw-r--r--. 1 root root 177 4月 28 19:18 dockerfile
[root@dorcer01 centos6.9_sshd]# cat dockerfile
#Centos6.9-SSHDv1.0
FROM "centos:6.9"
RUN yum install openssh-server -y
RUN /etc/init.d/sshd start && echo "123456" |passwd root --stdin
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
执行构建镜像
[root@dorcer01 centos6.9_sshd]# docker image build -t "centos6.9_sshd:v1.1" ./
成功后可以查看到镜像
[root@dorcer01 centos6.9_sshd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6.9_sshd v1.1 f7d3cbd000b5 7 minutes ago 334MB
运行镜像
[root@dorcer01 centos6.9_sshd]# docker container run -d --name="centos_ssh" f7d3cbd000b5
40e52686631cbab4a162d2024ada651b80069846237dd69c27f4f48282a448a2
查看镜像 IP 地址
[root@dorcer01 centos6.9_sshd]# docker container inspect 40e52686631c
连接该镜像
[root@dorcer01 centos6.9_sshd]# ssh 172.17.0.3
root@172.17.0.3's password:
Last login: Tue Apr 28 11:27:13 2020 from 172.17.0.1
[root@40e52686631c ~]#
[root@40e52686631c ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:87 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12188 (11.9 KiB) TX bytes:10074 (9.8 KiB)
'''
8.3 通过例子学习其他指令
dockerfile 构建Lamp基础环境镜像
''' 案例
[root@dorcer01 lamp]# ll
总用量 19856
-rw-r--r--. 1 root root 9100697 9月 21 2019 bbs.tar.gz
-rw-r--r--. 1 root root 11217826 9月 21 2019 bbs.zip
-rw-r--r--. 1 root root 348 4月 28 19:54 dockerfile
-rw-r--r--. 1 root root 20 9月 21 2019 index.php
-rwxr-xr-x. 1 root root 221 9月 21 2019 init.sh
init.sh 文件内容
[root@docker lamp]# cat init.sh
#!/bin/bash
/etc/init.d/mysqld start
mysql -e "grant all on *.* to root@'%' identified by '123';grant all on *.* to discuz@'%' identified by '123';create database d
iscuz charset utf8;"
/etc/init.d/httpd start
/usr/sbin/sshd -D
[root@dorcer01 lamp]# pwd
/opt/dockerfile/lamp
[root@dorcer01 lamp]# ls
bbs.tar.gz bbs.zip dockerfile index.php init.sh
[root@dorcer01 lamp]# cat dockerfile
#Centos6.9_sshd_lamp
FROM centos:6.9
RUN yum install openssh-server htppd mysql mysql-server php php-mysql -y
RUN /etc/init.d/sshd start && echo "123456" | passwd root --stdin && /etc/init.d/mysqld start && /etc/init.d/httpd start
COPY init.sh /
#定义一个环境变量
ENV SOURCEDIR /var/www/html
ENV DESTDIR /var/www/html
ADD bbs.tar.gz ${DESTDIR}
#环境变量引用
VOLUME ["${SOURCEDIR}","${DESTDIR}"]
EXPOSE 22
EXPOSE 80
EXPOSE 3306
CMD ["/bin/bash",'/init.sh']
执行构建制作镜像
[root@dorcer01 centos6.9_sshd]# docker image build -t "centos6.9_lamp:v1.1" ./
启动镜像容器
[root@dorcer01 lamp]# docker container run -d -p 2222:22 -p 8080:80 -p 3307:3306 --name="bbs" 61ce87e74090
访问
192.168.208.142:8080
说明:
COPY命令:
Syntax:
<src>... <dest>
从dockerfile所在目录,拷贝目标文件到容器的制定目录下。
可以支持统配符,如果拷贝的是目录,只拷贝目录下的子文件子目录。
cp oldguo/*
ADD
Syntax:
<src>... <dest>
url <dest>
比COPY命令多的功能是,可以自动解压.tar*的软件包到目标目录下
可以指定源文件为URL地址
VOLUME ["/var/www/html","/data/mysql/data"]
WORKDIR
ENV 设定变量
ENV CODEDIR /var/www/html/
ENV DATADIR /data/mysql/data
ADD bbs.tar.gz {CODEDIR}","${DATADIR}"] #添加共享卷 目标和路径
ENTRYPOINT
CMD ["/bin/bash","/init.sh"]
ENTRYPOINT ["/bin/bash","/init.sh"]
说明:
ENTRYPOINT 可以方式,在启动容器时,第一进程被手工输入的命令替换掉,防止容器秒起秒关
小结:
FROM
RUN
COPY
ADD
EXPOSE
VOLUME
ENV
CMD
ENTRYPOINT 命令行指定的命令无法替换dockerfile里的命令
作业: 通过 Dockerfile 一键构建Nginx?+mysql5.7+php?+sshd+wordpress
# 9 docker 构建私有 registry 此服务部署在192.168.208.143(docker2上)(验证)
9.1 启动 registry --restart=always docker重启 后服务也重启
服务重启容器就启动
docker run -d -p 5000:5000 --restart=always --name registries -v /opt/registry:/var/lib/registry registry
registry镜像查看
# 查看所有镜像
[root@dorcer01 ~]# curl -XGET http://192.168.208.142:5000/v2/_catalog
{"repositories":["mysql/mysql","nginx/nginx","project/consul","zabbix/app"]}
# 查看列出的镜像标签
[root@dorcer01 ~]# curl -XGET http://192.168.208.142:5000/v2/mysql/mysql/tags/list
{"name":"mysql/mysql","tags":["5.7"]}
[root@dorcer01 ~]#
[root@dorcer01 ~]# curl -XGET http://192.168.208.142:5000/v2/project/consul/tags/list
{"name":"project/consul","tags":["v1.0"]}
9.2 修改配置文件 增加镜像注册地址
[root@dorcer02 ~]# vim /etc/docker/daemon.json
{
"registry-mirror":["https://68rmyzg7.mirror.aliyun.com"],
"insecure-registries": ["192.168.208.143:5000"]
}
9.3 重启服务
systemctl restart docker
9.4 制作本地镜像 并 push 到本地库 192.168.208.142:5000/projectname/nginx:v1
1、打标签,2、推镜像
docker tag -- 第一个参数 :原镜像:tag 新tag:vs 格式: 192.168.208.143:5000/projectname/images:version
[root@dorcer02 /]# docker tag registry:latest 192.168.208.143:5000/registrys/registry:v1
[root@dorcer02 /]# docker images
REPOSITORY TAG IMAGE ID CREATED
192.168.208.143:5000/registrys/registry v1 f32a97de94e1 13 months ago 25.8 MB
[root@dorcer02 /]# docker push 192.168.208.143:5000/registrys/registry:v1
The push refers to a repository [192.168.208.143:5000/registrys/registry]
73d61bf022fd: Pushed
5bbc5831d696: Pushed
d5974ddb5a45: Pushed
f641ef7a37ad: Pushed
d9ff549177a9: Pushed
v1: digest: sha256:689ee5c1c7108b689567b0c63cbae1726269186dedad9efbd8b00d4642c1c63c size: 1363
9.5镜像下载: 在另一台 docker02机器上进行 pull 镜像,另一台机器的dameo.json文件要一样
[root@dorcer01 /]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://uoggbpok.mirror.aliyuncs.com"],
"insecure-registries":["192.168.208.143:5000"]
}
下载镜像
[root@dorcer01 /]# docker pull 192.168.208.143:5000/registrys/registry:v1
v1: Pulling from registrys/registry
Digest: sha256:689ee5c1c7108b689567b0c63cbae1726269186dedad9efbd8b00d4642c1c63c
Status: Downloaded newer image for 192.168.208.143:5000/registrys/registry:v1
192.168.208.143:5000/registrys/registry:v1
查看镜像下载
[root@dorcer01 /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.208.143:5000/registrys/registry v1 f32a97de94e1 13 months ago 25.8MB
远端制作镜像并上传:
[root@dorcer02 ~]# docker tag mysql:5.7 192.168.208.142:5000/mysql/mysql:5.7
[root@dorcer02 ~]# docker push 192.168.208.142:5000/mysql/mysql:5.7
The push refers to a repository [192.168.208.142:5000/mysql/mysql]
7848732ef73b: Pushed
3b7576a71f0c: Pushed
5.7: digest: sha256:4255d8ec63de2a4e9fb904f0b20068e4712ab818b0d7e83a2eea55a0dabc012e size: 2621
9.6 本地仓库加安全认证
生成密码
yum install httpd-tools -y
mkdir /opt/registry-auth/ -p
htpasswd -Bbn dockername 123 > /opt/registry-auth/htpasswd
9.7 重启带有秘钥功能的 registry 容器
删除前面启动的 registry容器
[root@dorcer01 ~]# docker container rm -f registry
重新启动带验证的 registry容器
[root@dorcer02 /]# docker run -d -p 5000:5000 --restart=always -v /opt/registry-auth/:/auth/ -v /opt/registry:/var/lib/registry --name register-auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
'''
此时 需要 登陆后 才可以push
[root@dorcer01 ~]#docker login 192.168.208.142:5000 #username/passwd
[root@dorcer02 ~]#docker login 192.168.208.142:5000 #username/passwd
成功后 才可以 push, pull 下载不需要验证
测试:
[root@dorcer02 /]# docker tag f0d535e5757e 192.168.208.143:5000/lamp/lampcentos6.9:v1
[root@dorcer02 /]#
[root@dorcer02 /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.208.142/dockproject/lampcentos6.9 v1 f0d535e5757e 7 months ago 399 MB
[root@dorcer02 /]# docker push 192.168.208.143:5000/lamp/lampcentos6.9:v1
The push refers to a repository [192.168.208.143:5000/lamp/lampcentos6.9]
f4a335cf6f76: Preparing
aaa5621d7c01: Preparing
no basic auth credentials # ?需要登陆
[root@dorcer02 /]# docker login 192.168.208.143:5000
Username: dockername
Password:
Login Succeeded
[root@dorcer02 /]#
[root@dorcer02 /]# docker push 192.168.208.143:5000/lamp/lampcentos6.9:v1
The push refers to a repository [192.168.208.143:5000/lamp/lampcentos6.9]
f4a335cf6f76: Pushed
aaa5621d7c01: Pushed
v1: digest: sha256:d6653a5fc3715d45c49f342bab765800927fe785121fcfda818516aeabdbc1e7 size: 741
上传成功
外机测试上传
上传失败
[root@dorcer02 ~]# docker push 192.168.208.143:5000/zabbix/app:v1
The push refers to a repository [192.168.208.142:5000/zabbix/app]
Put http://192.168.208.143:5000/v1/repositories/zabbix/app/: dial tcp 192.168.208.142:5000:
getsockopt: no route to host
登陆成功后上传成功 dockername/123
[root@dorcer02 ~]# docker login 192.168.208.143:5000
Username: dockername
Password:
Login Succeeded
[root@dorcer02 ~]#
[root@dorcer02 ~]# docker push 192.168.208.142:5000/zabbix/app:v1
The push refers to a repository [192.168.208.142:5000/zabbix/app]
600cc1d9873f: Pushed
c4597e2a10e1: Pushed
70cd41727b08: Pushed
v1: digest: sha256:52afb6e9cec7db56151093d2d0e61a6e1500c640fcc6643e550d05f1f04a5bea size: 3028
此时 下载也要登陆后才可以下载
[root@dorcer01 ~]# docker pull 192.168.208.143:5000/zabbix/app:v1
Error response from daemon: Get http://192.168.208.143:5000/v2/zabbix/app/manifests/v1: no basic auth credentials
[root@dorcer01 ~]#
[root@dorcer01 ~]# docker login 192.168.208.142:5000
Username: dockername
Password:
提示需要登陆
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
登陆成功后可以下载
[root@dorcer01 ~]# docker pull 192.168.208.143:5000/zabbix/app:v1
v1: Pulling from zabbix/app
cea1f2950149: Pull complete
d9deaa9c54b8: Pull complete
dc98d2f61874: Pull complete
c5f591ae6f45: Pull complete
Digest: sha256:52afb6e9cec7db56151093d2d0e61a6e1500c640fcc6643e550d05f1f04a5bea
Status: Downloaded newer image for 192.168.208.142:5000/zabbix/app:v1
192.168.208.142:5000/zabbix/app:v1
10、图形化仓库管理(验证) 此项目为注册的可以视化, 如果不用这个就用 registry也可以,推荐单独使用一台机器
Harbor简单部署
1、环境:
主机: 192.168.208.142
yum install -y yum-utils device-mapper-persistent-data lvm2
yum install docker-compose
2、上传包
上传离线包 harbor-offline-installer-v1.5.1.tgz
tar -xf harbor-offline-installer-v1.5.1.tgz -C /tool
cd /tool/harbor
3、改配置
更改 harbor.cfg
vim harbor.cfg
hostname:192.168.208.142
harbor_admin_password = 123456 #设置默认系统密码
其它默认就可以
4、执行配置更新
./prepare
[root@dorcer01 harbor]# ./prepare
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
...
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
5、执行安装
./install.sh
[root@dorcer01 harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.03.1
Note: docker-compose version: 1.18.0
[Step 1]: loading Harbor images ...
6、访问 url http://192.168.208.142/harbor/sign-in admin/123456
此时可以登陆到界面
添加一个 dockerproject 的项目
推送操作:
进入到仓库, 会有一个镜像下载及镜像推送提示
docker tag SOURCE_IMAGE[:TAG] 192.168.208.142/dockproject/IMAGE[:TAG]
docker push 192.168.208.142/dockproject/IMAGE[:TAG]
一、如果要完成镜像推送, 要做以下配置
1、更改docker配置文件 vim /etc/docker/daemon.json, 添加本地地址,默认80端口
{
"registry-mirror": ["https://uoggbpok.mirror.aliyun.com"],
"insecure-registries":["192.168.208.143:5000","192.168.208.142"],
"live-restore": true # docker启动容器就自动启动
}
[root@dorcer01 harbor]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://uoggbpok.mirror.aliyuncs.com"],
"insecure-registries":["192.168.208.143:5000","192.168.208.142"],
"live-restore":true
}
2、重启 docker 服务
[root@dorcer01 harbor]# systemctl restart docker
如果重启docker后 容器没起来则可以用如下方法批量启动
[root@dorcer01 harbor]# docker container start `docker container ps -a -q`
二、配置完成后,开始制作推送
1、打标签
[root@dorcer01 harbor]# docker tag lanmp/centos6.9:v1 192.168.208.142/dockproject/lampcentos6.9:v1
2、登陆:账号密码为 admin/123456 登陆的密码
[root@dorcer01 harbor]# docker login 192.168.208.142
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3、开始推送
[root@dorcer01 harbor]# docker push 192.168.208.142/dockproject/lampcentos6.9:v1
The push refers to repository [192.168.208.142/dockproject/lampcentos6.9]
f4a335cf6f76: Pushed
aaa5621d7c01: Pushed
v1: digest: sha256:23914eb0dc0379129f3737f188a7403c21e2534d2a65d8126cce9fd2343cf1fa size: 741
4、此时 项目 dockerproject 上就有镜像了
5、再推一个
[root@dorcer01 harbor]# docker tag bbs/lamp:latest 192.168.208.142/dockproject/lampbbs:v1
[root@dorcer01 harbor]# docker push 192.168.208.142/dockproject/lampbbs:v1
The push refers to repository [192.168.208.142/dockproject/lampbbs]
c232b07327fd: Pushed
85972545cfd1: Pushed
9a572834b837: Pushed
31edc79c1552: Pushed
aaa5621d7c01: Mounted from dockproject/lampcentos6.9
v1: digest: sha256:ab00c05575eba423ea8785b7414176cb975e437c5e2138f98a85b2500302e7d0 size: 1369
拉取镜像:
拉取镜像的机器需要配置:
1、修改配置:
[root@dorcer01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://uoggbpok.mirror.aliyuncs.com"],
"insecure-registries":["192.168.208.143:5000","192.168.208.142"],
"live-restore":true #启动容器时自动启动
}
2、重启docker
[root@dorcer01 harbor]# systemctl restart docker
3、登陆验证 docker
[root@dorcer02 ~]# systemctl restart docker
[root@dorcer02 ~]# docker login 192.168.208.142
Username: admin
Password:
Login Succeeded
4、拉取镜像:
[root@dorcer02 ~]# docker pull 192.168.208.142/dockproject/lampcentos6.9:v1
v1: Pulling from dockproject/lampcentos6.9
831490506c47: Pull complete
acf4f6bbf80b: Pull complete
Digest: sha256:23914eb0dc0379129f3737f188a7403c21e2534d2a65d8126cce9fd2343cf1fa
Status: Downloaded newer image for 192.168.208.142/dockproject/lampcentos6.9:v1
3、使用制作的镜像创建容器,指定启动服务路径
3.1 启动方法:用户不能远程 没端口映射 -D
[root@dorcer01 imagecreate]# docker container run -itd --name=centos69_sshd 0a1eac90b933 /usr/sbin/sshd -D
4fb370bb4cfbb277a8b811dffc2e787ac37833db24e3dd9889fa5db6c2b13d6e
3.2 启动方法:端口映射,可以进行远程,映射端口 2222
[root@dorcer01 ]#docker container run -itd --name=centos69_sshp22 -p 2222:22 0a1eac90b933 /usr/sbin/sshd -D
57e6a414cfc39ed7ef3c41939c781e6745047ab42f08212f8c108199513d44a9
此时可以通过访问宿主机的IP 加 2222 端口,即可外部访问
4、查看详细,找到IP 可以进行远程
[root@dorcer01 imagecreate]# docker container inspect centos69_sshd
7.1.4 基于新镜像启动容器实现,centos6.9+sshd的功能
[root@docker ~]# docker container run -d --name=sshd_2222 -p 2222:22 7c0d7daff04a
容器镜像制作过程回顾:
1、启动一个基础镜像
2、在容器中安装所需要的软件包
3、提交制作镜像
4、运行镜像
7.2 构建企业网站定制镜像 (Centos6.9_SSHD_LAMP_BBS lamp)
7.2.1 启动基础镜像容器
[root@docker ~]# docker container rm -f `docker ps -a -q`
[root@docker ~]# \rm -rf /opt/*
[root@docker ~]# mkdir -p /opt/vol/mysql /opt/vol/html
测试卷
[root@docker ~]# docker run -it --name="oldguo_centos_bbs" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html centos:6.9
### 7.2.2 优化yum源并安装软件
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum makecache fast && yum install openssh-server htppd mysql mysql-server php php-mysql -y
7.2.3 软件初始化
sshd 初始化
/etc/init.d/sshd start
/etc/init.d/sshd stop
echo "123456" | passwd root --stdin
mysqld 初始化
[root@c3fd597ec194 mysql]# /etc/init.d/mysqld start
mysql> grant all on *.* to root@'%' identified by '123';
mysql> grant all on *.* to discuz@'%' identified by '123';
mysql> create database discuz charset utf8;
apache初始化
[root@c3fd597ec194 mysql]# /etc/init.d/httpd start
测试apache功能
[root@dorcer01 mysql]# curl 172.17.0.2
7.2.4 制作LAMP第一版基础镜像
[root@docker mysql]# docker commit c3fd597ec194 oldguo/centos_lamp:v1
[root@dorcer01 mysql]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0fe88c793aa2 2199b8eb8390 "/bin/bash" 25 minutes ago Up 25 minutes bbsss
[root@dorcer01 mysql]# docker commit 0fe88c793aa2 lanmp/centos6.9:v1
sha256:f0d535e5757e6daf131db2e34ecdf7d8d1071fb7b589d79fdb4b0142264c0a7b
[root@dorcer01 mysql]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
lanmp/centos6.9 v1 f0d535e5757e 42 seconds ago 399MB
root/centos6.9_sshd v1 0a1eac90b933 2 hours ago 514MB
7.2.5 根据第一版镜像,启动新容器
[root@docker ~]# docker run -it --name="oldguo_centos_bbs_v3" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html -p 8080:80 1cd314cba420
[root@f22496ebafaf /]# /etc/init.d/mysqld start
[root@f22496ebafaf /]# /etc/init.d/httpd start
7.2.6 测试php功能
vim /var/www/html/index.php
<?php
phpinfo();
?>
7.2.7 安装bbs论坛
上传bbs代码到宿主机/opt/vol/html并解压 安装。
chmod 777 -R bbsdir
到这里 可以访问 url ,http://url:port/install 进行安装bbs
接下来制作镜像:
7.2.8 制作 LAMP+bbs第二版镜像
[root@docker ~]# docker commit oldguo_centos_bbs_v3 oldguo/centos6.9_sshd_lamp_bbs:v1
7.2.9 创建启动脚本
[root@docker html]# cd /opt/vol/html
[root@docker html]# cat init.sh
#!/bin/bash
/etc/init.d/mysqld start
/etc/init.d/httpd start
/usr/sbin/sshd -D
[root@docker html]# chmod 777 init.sh
7.2.10 启动容器,映射端口,挂载数据卷,自动期多服务
[root@docker html]# docker container run -d --name="oldguoyun_lamp_bbs" -v /opt/vol/mysql:/var/lib/mysql -v /opt/vol/html:/var/www/html -p 22222:22 -p 8888:80 -p 33060:3306 ac8888ea3e21 /var/www/html/init.sh
7.3 centos:7.5.1804_sshd
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos7.5\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
yum makecache fast && yum install openssh-server -y
7以上版本初始化 sshd
mkdir /var/run/sshd
echo 'UseDNS no' >> /etc/ssh/sshd_config
sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd
echo 'root:123456' | chpasswd
/usr/bin/ssh-keygen -A
docker commit oldguo_c75sshd d2bcdbdfd0f8
启动制作好的镜像
[root@docker ~]# docker container run -d --name=sshd_2222 -p 222:22 oldguo_c75sshd /usr/sbin/sshd -D
dokcerfile
官网文档https://docs.docker.com/engine/reference/builder/
8. 通过Dockerfile定制企业镜像
8.1 Dockerfile的基本使用初体验(centos6.9_sshd)
[root@docker ~]# mkdir -p /opt/dockerfile/centos6.9_sshd
[root@docker centos6.9_sshd]# vim Dockerfile
Centos6.9-SSHDv1.0
FROM centos@2199b8eb8390
RUN mv /etc/yum.repos.d/*.repo /tmp && echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck
=0">/etc/yum.repos.d/ftp.repo && yum makecache fast && yum install openssh-server -y
RUN /etc/init.d/sshd start && /etc/init.d/sshd stop && echo "123456" | passwd root --stdin
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
8.2 Dockerfile 常用指令
FROM 指定基础镜像
ADD 和 copy 相比 , Add 可以自动解压 tar 的文件 ,也可以拷贝网络文件
COPY 只是拷贝文件
ENV DATADIR /data/lamp/html ;引用方法: ADD bbs.tar.gz $DATADIR
EXPOSE 映射端口号 22
LABEL
STOPSIGNAL
USER
VOLUME ["/var/www/html","/data/lamp/html"] src:dest
WORKDIR
ONBUILD
CMD 启动镜像时的第一进程, 指令在启动容器的过程中可以被 /bin/bash 替换
ENTRYPOINT 和CMD 一样启动第一进程, 区别 启动容器时第一进程无法被手工输入的命令替换
'''
CMD ["/usr/sbin/sshd","-D"]
ENTRYPOINT ["/usr/sbin/sshd","-D"]
'''
FROM: 基础镜像
Syntax:
FROM centos:6.9
FROM centos@2199b8eb8390
RUN: 构建镜像过程中运行的命令
Syntax:
RUN mv /etc/yum.repos.d/*.repo /tmp && echo -e "[ftp]\nname=ftp\nbaseurl=ftp://172.17.0.1/centos6.9\ngpgcheck
=0">/etc/yum.repos.d/ftp.repo && yum makecache fast && yum install openssh-server -y
RUN ["mysqld","--initialize-insecure","--user=mysql" ,"--basedir=/usr/local/mysql","--datadir=/data/mysql/data"]
EXPOSE: 向外暴露的端口
Syntax:
EXPOSE 22
CMD 使用镜像启动容器时运行的命令
Syntax:
CMD ["/usr/sbin/sshd","-D"]
docker rmi $(docker image ls -a | grep "none" | awk '{print $3}')
使用dockerfile
案例:
'''
[root@dorcer01 centos6.9_sshd]# pwd
/opt/dockerfile/centos6.9_sshd
[root@dorcer01 centos6.9_sshd]# ll
总用量 4
-rw-r--r--. 1 root root 177 4月 28 19:18 dockerfile
[root@dorcer01 centos6.9_sshd]# cat dockerfile
#Centos6.9-SSHDv1.0
FROM "centos:6.9"
RUN yum install openssh-server -y
RUN /etc/init.d/sshd start && echo "123456" |passwd root --stdin
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
执行构建镜像
[root@dorcer01 centos6.9_sshd]# docker image build -t "centos6.9_sshd:v1.1" ./
成功后可以查看到镜像
[root@dorcer01 centos6.9_sshd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6.9_sshd v1.1 f7d3cbd000b5 7 minutes ago 334MB
运行镜像
[root@dorcer01 centos6.9_sshd]# docker container run -d --name="centos_ssh" f7d3cbd000b5
40e52686631cbab4a162d2024ada651b80069846237dd69c27f4f48282a448a2
查看镜像 IP 地址
[root@dorcer01 centos6.9_sshd]# docker container inspect 40e52686631c
连接该镜像
[root@dorcer01 centos6.9_sshd]# ssh 172.17.0.3
root@172.17.0.3's password:
Last login: Tue Apr 28 11:27:13 2020 from 172.17.0.1
[root@40e52686631c ~]#
[root@40e52686631c ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:87 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12188 (11.9 KiB) TX bytes:10074 (9.8 KiB)
'''
8.3 通过例子学习其他指令
dockerfile 构建Lamp基础环境镜像
案例
[root@dorcer01 lamp]# ll
总用量 19856
-rw-r--r--. 1 root root 9100697 9月 21 2019 bbs.tar.gz
-rw-r--r--. 1 root root 11217826 9月 21 2019 bbs.zip
-rw-r--r--. 1 root root 348 4月 28 19:54 dockerfile
-rw-r--r--. 1 root root 20 9月 21 2019 index.php
-rwxr-xr-x. 1 root root 221 9月 21 2019 init.sh
init.sh 文件内容
[root@docker lamp]# cat init.sh
#!/bin/bash
/etc/init.d/mysqld start
mysql -e "grant all on *.* to root@'%' identified by '123';grant all on *.* to discuz@'%' identified by '123';create database d
iscuz charset utf8;"
/etc/init.d/httpd start
/usr/sbin/sshd -D
[root@dorcer01 lamp]# pwd
/opt/dockerfile/lamp
[root@dorcer01 lamp]# ls
bbs.tar.gz bbs.zip dockerfile index.php init.sh
[root@dorcer01 lamp]# cat dockerfile
#Centos6.9_sshd_lamp
FROM centos:6.9
RUN yum install openssh-server htppd mysql mysql-server php php-mysql -y
RUN /etc/init.d/sshd start && echo "123456" | passwd root --stdin && /etc/init.d/mysqld start && /etc/init.d/httpd start
COPY init.sh /
#定义一个环境变量
ENV SOURCEDIR /var/www/html
ENV DESTDIR /var/www/html
ADD bbs.tar.gz ${DESTDIR}
#环境变量引用
VOLUME ["${SOURCEDIR}","${DESTDIR}"]
EXPOSE 22
EXPOSE 80
EXPOSE 3306
CMD ["/bin/bash",'/init.sh']
执行构建制作镜像
[root@dorcer01 centos6.9_sshd]# docker image build -t "centos6.9_lamp:v1.1" ./
启动镜像容器
[root@dorcer01 lamp]# docker container run -d -p 2222:22 -p 8080:80 -p 3307:3306 --name="bbs" 61ce87e74090
访问
192.168.208.142:8080
说明:
COPY命令:
Syntax:
<src>... <dest>
从dockerfile所在目录,拷贝目标文件到容器的制定目录下。
可以支持统配符,如果拷贝的是目录,只拷贝目录下的子文件子目录。
cp oldguo/*
ADD
Syntax:
<src>... <dest>
url <dest>
比COPY命令多的功能是,可以自动解压.tar*的软件包到目标目录下
可以指定源文件为URL地址
VOLUME ["/var/www/html","/data/mysql/data"]
WORKDIR
ENV 设定变量
ENV CODEDIR /var/www/html/
ENV DATADIR /data/mysql/data
ADD bbs.tar.gz {CODEDIR}","${DATADIR}"] #添加共享卷 目标和路径
ENTRYPOINT
CMD ["/bin/bash","/init.sh"]
ENTRYPOINT ["/bin/bash","/init.sh"]
说明:
ENTRYPOINT 可以方式,在启动容器时,第一进程被手工输入的命令替换掉,防止容器秒起秒关
小结:
FROM
RUN
COPY
ADD
EXPOSE
VOLUME
ENV
CMD
ENTRYPOINT 命令行指定的命令无法替换dockerfile里的命令
作业: 通过 Dockerfile 一键构建Nginx?+mysql5.7+php?+sshd+wordpress
# 9 docker 构建私有 registry 此服务部署在192.168.208.143(docker2上)(验证)
9.1 启动 registry --restart=always docker重启 后服务也重启
服务重启容器就启动
docker run -d -p 5000:5000 --restart=always --name registries -v /opt/registry:/var/lib/registry registry
registry镜像查看
查看所有镜像
[root@dorcer01 ~]# curl -XGET http://192.168.208.142:5000/v2/_catalog
{"repositories":["mysql/mysql","nginx/nginx","project/consul","zabbix/app"]}
# 查看列出的镜像标签
[root@dorcer01 ~]# curl -XGET http://192.168.208.142:5000/v2/mysql/mysql/tags/list
{"name":"mysql/mysql","tags":["5.7"]}
[root@dorcer01 ~]#
[root@dorcer01 ~]# curl -XGET http://192.168.208.142:5000/v2/project/consul/tags/list
{"name":"project/consul","tags":["v1.0"]}
9.2 修改配置文件 增加镜像注册地址
[root@dorcer02 ~]# vim /etc/docker/daemon.json
{
"registry-mirror":["https://68rmyzg7.mirror.aliyun.com"],
"insecure-registries": ["192.168.208.143:5000"]
}
9.3 重启服务
systemctl restart docker
9.4 制作本地镜像 并 push 到本地库 192.168.208.142:5000/projectname/nginx:v1
1、打标签,2、推镜像
docker tag -- 第一个参数 :原镜像:tag 新tag:vs 格式: 192.168.208.143:5000/projectname/images:version
[root@dorcer02 /]# docker tag registry:latest 192.168.208.143:5000/registrys/registry:v1
[root@dorcer02 /]# docker images
REPOSITORY TAG IMAGE ID CREATED
192.168.208.143:5000/registrys/registry v1 f32a97de94e1 13 months ago 25.8 MB
[root@dorcer02 /]# docker push 192.168.208.143:5000/registrys/registry:v1
The push refers to a repository [192.168.208.143:5000/registrys/registry]
73d61bf022fd: Pushed
5bbc5831d696: Pushed
d5974ddb5a45: Pushed
f641ef7a37ad: Pushed
d9ff549177a9: Pushed
v1: digest: sha256:689ee5c1c7108b689567b0c63cbae1726269186dedad9efbd8b00d4642c1c63c size: 1363
9.5镜像下载: 在另一台 docker02机器上进行 pull 镜像,另一台机器的dameo.json文件要一样
[root@dorcer01 /]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://uoggbpok.mirror.aliyuncs.com"],
"insecure-registries":["192.168.208.143:5000"]
}
下载镜像
[root@dorcer01 /]# docker pull 192.168.208.143:5000/registrys/registry:v1
v1: Pulling from registrys/registry
Digest: sha256:689ee5c1c7108b689567b0c63cbae1726269186dedad9efbd8b00d4642c1c63c
Status: Downloaded newer image for 192.168.208.143:5000/registrys/registry:v1
192.168.208.143:5000/registrys/registry:v1
查看镜像下载
[root@dorcer01 /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.208.143:5000/registrys/registry v1 f32a97de94e1 13 months ago 25.8MB
远端制作镜像并上传:
[root@dorcer02 ~]# docker tag mysql:5.7 192.168.208.142:5000/mysql/mysql:5.7
[root@dorcer02 ~]# docker push 192.168.208.142:5000/mysql/mysql:5.7
The push refers to a repository [192.168.208.142:5000/mysql/mysql]
7848732ef73b: Pushed
3b7576a71f0c: Pushed
5.7: digest: sha256:4255d8ec63de2a4e9fb904f0b20068e4712ab818b0d7e83a2eea55a0dabc012e size: 2621
9.6 本地仓库加安全认证
生成密码
yum install httpd-tools -y
mkdir /opt/registry-auth/ -p
htpasswd -Bbn dockername 123 > /opt/registry-auth/htpasswd
9.7 重启带有秘钥功能的 registry 容器
删除前面启动的 registry容器
[root@dorcer01 ~]# docker container rm -f registry
重新启动带验证的 registry容器
[root@dorcer02 /]# docker run -d -p 5000:5000 --restart=always -v /opt/registry-auth/:/auth/ -v /opt/registry:/var/lib/registry --name register-auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
此时 需要 登陆后 才可以push
[root@dorcer01 ~]#docker login 192.168.208.142:5000 #username/passwd
[root@dorcer02 ~]#docker login 192.168.208.142:5000 #username/passwd
成功后 才可以 push, pull 下载不需要验证
测试:
[root@dorcer02 /]# docker tag f0d535e5757e 192.168.208.143:5000/lamp/lampcentos6.9:v1
[root@dorcer02 /]#
[root@dorcer02 /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.208.142/dockproject/lampcentos6.9 v1 f0d535e5757e 7 months ago 399 MB
[root@dorcer02 /]# docker push 192.168.208.143:5000/lamp/lampcentos6.9:v1
The push refers to a repository [192.168.208.143:5000/lamp/lampcentos6.9]
f4a335cf6f76: Preparing
aaa5621d7c01: Preparing
no basic auth credentials # ?需要登陆
[root@dorcer02 /]# docker login 192.168.208.143:5000
Username: dockername
Password:
Login Succeeded
[root@dorcer02 /]#
[root@dorcer02 /]# docker push 192.168.208.143:5000/lamp/lampcentos6.9:v1
The push refers to a repository [192.168.208.143:5000/lamp/lampcentos6.9]
f4a335cf6f76: Pushed
aaa5621d7c01: Pushed
v1: digest: sha256:d6653a5fc3715d45c49f342bab765800927fe785121fcfda818516aeabdbc1e7 size: 741
上传成功
外机测试上传
上传失败
[root@dorcer02 ~]# docker push 192.168.208.143:5000/zabbix/app:v1
The push refers to a repository [192.168.208.142:5000/zabbix/app]
Put http://192.168.208.143:5000/v1/repositories/zabbix/app/: dial tcp 192.168.208.142:5000:
getsockopt: no route to host
登陆成功后上传成功 dockername/123
[root@dorcer02 ~]# docker login 192.168.208.143:5000
Username: dockername
Password:
Login Succeeded
[root@dorcer02 ~]#
[root@dorcer02 ~]# docker push 192.168.208.142:5000/zabbix/app:v1
The push refers to a repository [192.168.208.142:5000/zabbix/app]
600cc1d9873f: Pushed
c4597e2a10e1: Pushed
70cd41727b08: Pushed
v1: digest: sha256:52afb6e9cec7db56151093d2d0e61a6e1500c640fcc6643e550d05f1f04a5bea size: 3028
此时 下载也要登陆后才可以下载
[root@dorcer01 ~]# docker pull 192.168.208.143:5000/zabbix/app:v1
Error response from daemon: Get http://192.168.208.143:5000/v2/zabbix/app/manifests/v1: no basic auth credentials
[root@dorcer01 ~]#
[root@dorcer01 ~]# docker login 192.168.208.142:5000
Username: dockername
Password:
提示需要登陆
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
登陆成功后可以下载
[root@dorcer01 ~]# docker pull 192.168.208.143:5000/zabbix/app:v1
v1: Pulling from zabbix/app
cea1f2950149: Pull complete
d9deaa9c54b8: Pull complete
dc98d2f61874: Pull complete
c5f591ae6f45: Pull complete
Digest: sha256:52afb6e9cec7db56151093d2d0e61a6e1500c640fcc6643e550d05f1f04a5bea
Status: Downloaded newer image for 192.168.208.142:5000/zabbix/app:v1
192.168.208.142:5000/zabbix/app:v1
10、图形化仓库管理(验证) 此项目为注册的可以视化, 如果不用这个就用 registry也可以,推荐单独使用一台机器
Harbor简单部署
1、环境:
主机: 192.168.208.142
yum install -y yum-utils device-mapper-persistent-data lvm2
yum install docker-compose
2、上传包
上传离线包 harbor-offline-installer-v1.5.1.tgz
tar -xf harbor-offline-installer-v1.5.1.tgz -C /tool
cd /tool/harbor
3、改配置
更改 harbor.cfg
vim harbor.cfg
hostname:192.168.208.142
harbor_admin_password = 123456 #设置默认系统密码
其它默认就可以
4、执行配置更新
./prepare
[root@dorcer01 harbor]# ./prepare
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
...
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
5、执行安装
./install.sh
[root@dorcer01 harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.03.1
Note: docker-compose version: 1.18.0
[Step 1]: loading Harbor images ...
6、访问 url http://192.168.208.142/harbor/sign-in admin/123456
此时可以登陆到界面
添加一个 dockerproject 的项目
推送操作:
进入到仓库, 会有一个镜像下载及镜像推送提示
docker tag SOURCE_IMAGE[:TAG] 192.168.208.142/dockproject/IMAGE[:TAG]
docker push 192.168.208.142/dockproject/IMAGE[:TAG]
一、如果要完成镜像推送, 要做以下配置
1、更改docker配置文件 vim /etc/docker/daemon.json, 添加本地地址,默认80端口
{
"registry-mirror": ["https://uoggbpok.mirror.aliyun.com"],
"insecure-registries":["192.168.208.143:5000","192.168.208.142"],
"live-restore": true # docker启动容器就自动启动
}
[root@dorcer01 harbor]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://uoggbpok.mirror.aliyuncs.com"],
"insecure-registries":["192.168.208.143:5000","192.168.208.142"],
"live-restore":true
}
2、重启 docker 服务
[root@dorcer01 harbor]# systemctl restart docker
如果重启docker后 容器没起来则可以用如下方法批量启动
[root@dorcer01 harbor]# docker container start `docker container ps -a -q`
二、配置完成后,开始制作推送
1、打标签
[root@dorcer01 harbor]# docker tag lanmp/centos6.9:v1 192.168.208.142/dockproject/lampcentos6.9:v1
2、登陆:账号密码为 admin/123456 登陆的密码
[root@dorcer01 harbor]# docker login 192.168.208.142
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3、开始推送
[root@dorcer01 harbor]# docker push 192.168.208.142/dockproject/lampcentos6.9:v1
The push refers to repository [192.168.208.142/dockproject/lampcentos6.9]
f4a335cf6f76: Pushed
aaa5621d7c01: Pushed
v1: digest: sha256:23914eb0dc0379129f3737f188a7403c21e2534d2a65d8126cce9fd2343cf1fa size: 741
4、此时 项目 dockerproject 上就有镜像了
5、再推一个
[root@dorcer01 harbor]# docker tag bbs/lamp:latest 192.168.208.142/dockproject/lampbbs:v1
[root@dorcer01 harbor]# docker push 192.168.208.142/dockproject/lampbbs:v1
The push refers to repository [192.168.208.142/dockproject/lampbbs]
c232b07327fd: Pushed
85972545cfd1: Pushed
9a572834b837: Pushed
31edc79c1552: Pushed
aaa5621d7c01: Mounted from dockproject/lampcentos6.9
v1: digest: sha256:ab00c05575eba423ea8785b7414176cb975e437c5e2138f98a85b2500302e7d0 size: 1369
拉取镜像:
拉取镜像的机器需要配置:
1、修改配置:
[root@dorcer01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://uoggbpok.mirror.aliyuncs.com"],
"insecure-registries":["192.168.208.143:5000","192.168.208.142"],
"live-restore":true #启动容器时自动启动
}
2、重启docker
[root@dorcer01 harbor]# systemctl restart docker
3、登陆验证 docker
[root@dorcer02 ~]# systemctl restart docker
[root@dorcer02 ~]# docker login 192.168.208.142
Username: admin
Password:
Login Succeeded
4、拉取镜像:
[root@dorcer02 ~]# docker pull 192.168.208.142/dockproject/lampcentos6.9:v1
v1: Pulling from dockproject/lampcentos6.9
831490506c47: Pull complete
acf4f6bbf80b: Pull complete
Digest: sha256:23914eb0dc0379129f3737f188a7403c21e2534d2a65d8126cce9fd2343cf1fa
Status: Downloaded newer image for 192.168.208.142/dockproject/lampcentos6.9:v1