首页 > 其他 > 详细

Docker镜像原理

时间:2021-04-26 15:33:07      阅读:17      评论:0      收藏:0      [点我收藏+]

联合文件系统

技术分享图片

镜像原理之分层理解

技术分享图片

打包镜像commit命令

[root@localhost ~]# docker commit -m "CP webapps.dist TO webapps" -a "zhujinwei" 872f64d6e21b tomcat001:zhu1.0
sha256:31eca1babd3ae0921c412b36db3f5be744b904469458dff50eb54f29c176bd3c
#可以看到新生成的镜像比之前的镜像要大
[root@localhost ~]# docker images
REPOSITORY            TAG       IMAGE ID       CREATED          SIZE
tomcat001             zhu1.0    31eca1babd3a   13 seconds ago   654MB      #新镜像
portainer/portainer   latest    580c0e4e98b0   3 weeks ago      79.1MB
tomcat                9         040bdb29ab37   2 months ago     649MB      #之前的镜像
nginx                 latest    f6d0b4767a6c   2 months ago     133MB
centos                latest    300e315adb2f   4 months ago     209MB
elasticsearch         7.6.2     f29a1ee41030   12 months ago    791MB

容器数据卷使用

技术分享图片

使用命令进行容器挂载

#命令:docker run -it -v 主机目录:容器目录  容器ID   /bin/bash
[root@localhost home]# docker run -it -v /home/ceshi:/home  300e315adb2f   /bin/bash
#容器内新增文件会同步到主机内挂载的目录
#主机内对文件进行操作会同步到容器内

mysql挂载数据

#mysql配置文件目录为/etc/mysql/conf.d;mysql数据存在位置为/var/lib/mysql
[root@localhost /]# docker run -d -p 3310:3306 -v /home/mysql/conf:/etc/mysql/conf.d -v /home/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="123456" --name mysql02 mysql:5.7
57bb2a16b6e0d5a7255bef1a03caf29ed1f2c317ccbb101c6daf65978d7ff4a2
[root@localhost /]# docker ps
CONTAINER ID   IMAGE                 COMMAND                  CREATED         STATUS         PORTS                               NAMES
57bb2a16b6e0   mysql:5.7             "docker-entrypoint.s…"   7 seconds ago   Up 3 seconds   33060/tcp, 0.0.0.0:3310->3306/tcp   mysql02
343a2803ea1a   portainer/portainer   "/portainer"             42 hours ago    Up 6 minutes   0.0.0.0:8088->9000/tcp              kind_wiles
#查看宿主机是否有以上两个目录
[root@localhost home]# ls
ceshi  mysql
[root@localhost home]# cd mysql
[root@localhost mysql]# ls
conf  data
#查看data目录可以查看已经同步的mysql文件
[root@localhost data]# ls
auto.cnf    ca.pem           client-key.pem  ibdata1      ib_logfile1  mysql               private_key.pem  server-cert.pem  sys
ca-key.pem  client-cert.pem  ib_buffer_pool  ib_logfile0  ibtmp1       performance_schema  public_key.pem   server-key.pem

技术分享图片

#可以查看目录中出现test数据库
[root@localhost data]# ls
auto.cnf    ca.pem           client-key.pem  ibdata1      ib_logfile1  mysql               private_key.pem  server-cert.pem  sys
ca-key.pem  client-cert.pem  ib_buffer_pool  ib_logfile0  ibtmp1       performance_schema  public_key.pem   server-key.pem   test
#删除容器后,宿主机同步的数据不会删除
1、删除容器
[root@localhost /]# docker rm -f 57bb2a16b6e0  
57bb2a16b6e0
[root@localhost /]# docker ps
CONTAINER ID   IMAGE                 COMMAND        CREATED        STATUS          PORTS                    NAMES
343a2803ea1a   portainer/portainer   "/portainer"   42 hours ago   Up 13 minutes   0.0.0.0:8088->9000/tcp   kind_wiles
2、查看宿主机文件未被删除
[root@localhost /]# cd /home/mysql/data
[root@localhost data]# ls
auto.cnf    ca.pem           client-key.pem  ibdata1      ib_logfile1  mysql               private_key.pem  server-cert.pem  sys
ca-key.pem  client-cert.pem  ib_buffer_pool  ib_logfile0  ibtmp1       performance_schema  public_key.pem   server-key.pem   test

匿名挂载和具名挂载

匿名挂载

1、使用命令进行匿名挂载  docker run -d -v 容器内路径 容器ID
[root@localhost data]# docker run -d -v /etc/nginx nginx
fe177e1294655f4d69c5be30920811135eb488e9b35ee5ffe55b78181999a4dd
2、查看所有valume的情况,
[root@localhost data]# docker volume ls
DRIVER    VOLUME NAME
local     78087ade28bbc8bb50f5c51fdc07d61958c75d1ee099a8ed6799985d0353c797//nginx卷name
local     f53ccccea51ae8bc75120e5c220dde8486b54299907e9b0c192b6c5d406dcbc5
3、查看容器的详细信息,找到volume相关信息
[root@localhost data]# docker inspect fe177e129465
"Mounts": [
            {
                "Type": "volume",
                "Name": "78087ade28bbc8bb50f5c51fdc07d61958c75d1ee099a8ed6799985d0353c797",//与上方查看所有的卷信息可以对应上
                "Source": "/var/lib/docker/volumes/78087ade28bbc8bb50f5c51fdc07d61958c75d1ee099a8ed6799985d0353c797/_data",
                "Destination": "/etc/nginx",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            }

具名挂载

1、使用具名挂载
#命令为 docker run -d -v 宿主机路径:容器内路径  容器名
[root@localhost data]# docker run -d -v nginxconf:/etc/nginx --name nginx02 nginx
4bd3df4df74b300fa36beeca520a169971bef1e70cff02cd9c6c42a7b7894b27
[root@localhost data]# docker ps
CONTAINER ID   IMAGE                 COMMAND                  CREATED          STATUS          PORTS                    NAMES
4bd3df4df74b   nginx                 "/docker-entrypoint.…"   7 seconds ago    Up 6 seconds    80/tcp                   nginx02
fe177e129465   nginx                 "/docker-entrypoint.…"   10 minutes ago   Up 10 minutes   80/tcp                   laughing_neumann
343a2803ea1a   portainer/portainer   "/portainer"             42 hours ago     Up 30 minutes   0.0.0.0:8088->9000/tcp   kind_wiles
2、使用docker volume ls查看所有的容器卷信息,可以查看到具名挂载的信息
[root@localhost data]# docker volume ls
DRIVER    VOLUME NAME
local     78087ade28bbc8bb50f5c51fdc07d61958c75d1ee099a8ed6799985d0353c797
local     f53ccccea51ae8bc75120e5c220dde8486b54299907e9b0c192b6c5d406dcbc5
local     nginxconf
3、使用命令查看容器卷挂载信息
[root@localhost data]# docker volume inspect nginxconf
[
    {
        "CreatedAt": "2021-04-13T02:05:40-04:00",
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/nginxconf/_data",
        "Name": "nginxconf",
        "Options": null,
        "Scope": "local"
    }
]
4、docker中所有没有指定路径的容器卷全部放在/var/lib/docker/volumes/****
[root@localhost /]# cd /var/lib/docker
[root@localhost docker]# ls
buildkit  containers  image  network  overlay2  plugins  runtimes  swarm  tmp  trust  volumes
[root@localhost docker]# cd volumes
[root@localhost volumes]# ls
78087ade28bbc8bb50f5c51fdc07d61958c75d1ee099a8ed6799985d0353c797  metadata.db
backingFsBlockDev                                                 nginxconf
f53ccccea51ae8bc75120e5c220dde8486b54299907e9b0c192b6c5d406dcbc5

匿名挂载、具名挂载和路径挂载的区别

匿名挂载  -v 容器路径
具名挂载  -v 卷名:容器路径
路径挂载  -v /宿主机路径:容器路径
扩展:
[root@localhost data]# docker run -d -v nginxconf:/etc/nginx:ro --name nginx02 nginx   //ro为只读,该文件只能通过宿主机修改
[root@localhost data]# docker run -d -v nginxconf:/etc/nginx:rw --name nginx02 nginx   //默认为可读写

初识DockerFile

1、创建dockerfile文件,编写脚本

FROM centos

VOLUME["volume1","volume2"]

CMD echo"-----END------"

CMD /bin/bash

2、执行dockerfile文件

[root@localhost docker_test_volume]# docker build -f /home/docker_test_volume/dockerfile1 -t zhujinwei/centos .
Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM centos
 ---> 300e315adb2f
Step 2/4 : VOLUME ["volume1","volume2"]
 ---> Running in 314179cc3ff8
Removing intermediate container 314179cc3ff8
 ---> cd37f76ec5ab
Step 3/4 : CMD echo"-----END------"
 ---> Running in 0bc7091d8eb0
Removing intermediate container 0bc7091d8eb0
 ---> b98f1d226667
Step 4/4 : CMD /bin/bash
 ---> Running in 25696e1a1e3e
Removing intermediate container 25696e1a1e3e
 ---> 46a031751df8
Successfully built 46a031751df8
Successfully tagged zhujinwei/centos:latest
#查看创建成功的镜像
[root@localhost docker_test_volume]# docker images
REPOSITORY            TAG       IMAGE ID       CREATED          SIZE
zhujinwei/centos      latest    46a031751df8   51 seconds ago   209MB
tomcat001             zhu1.0    31eca1babd3a   42 hours ago     654MB
<none>                <none>    bd431ca8553c   2 days ago       667MB
mysql                 5.7       450379344707   3 days ago       449MB
portainer/portainer   latest    580c0e4e98b0   3 weeks ago      79.1MB
tomcat                9         040bdb29ab37   2 months ago     649MB
nginx                 latest    f6d0b4767a6c   3 months ago     133MB
centos                latest    300e315adb2f   4 months ago     209MB
elasticsearch         7.6.2     f29a1ee41030   12 months ago    791MB
3、进入镜像内部可以查看到挂载的目录,并创建一个文件
[root@localhost docker_test_volume]# docker run -it zhujinwei/centos /bin/bash
[root@b5fc943fb5e2 /]# ls
bin  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var  volume1  volume2
#在volume1中创建文件
[root@b5fc943fb5e2 volume1]# ls
test.txt
4、进入宿主机查看对应目录是否有该文件
[root@localhost ~]# docker inspect b5fc943fb5e2
#查看挂载的目录
"Mounts": [
            {
                "Type": "volume",
                "Name": "4ddf47f2884a1ce90ac91281c96140a915abbba6dec220e1d56b495aa05cd155",
                "Source": "/var/lib/docker/volumes/4ddf47f2884a1ce90ac91281c96140a915abbba6dec220e1d56b495aa05cd155/_data",
                "Destination": "volume1",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "volume",
                "Name": "61231ec5c19dfcc5b438c6e947208551cbd907d22cf72acc7ffd871943105070",
                "Source": "/var/lib/docker/volumes/61231ec5c19dfcc5b438c6e947208551cbd907d22cf72acc7ffd871943105070/_data",
                "Destination": "volume2",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            }
#进入该目录可以查看到文件
[root@localhost ~]# cd /var/lib/docker/volumes/4ddf47f2884a1ce90ac91281c96140a915abbba6dec220e1d56b495aa05cd155/_data
[root@localhost _data]# ls
test.txt

dockerfile介绍

#dockerfile文件四部曲
1、编写dockerfile文件
2、使用 build命令创建镜像
3、使用 run命令跑镜像
4、使用 push命令发布镜像,发布到镜像仓库或者阿里云仓库

DockerFile:dockerfile定义了所有的步骤
DockerImages:dockerfile文件创建镜像,最总发布和运行的产品
Docker容器:镜像运行起来提供服务器

dockerfile命令

技术分享图片

创建自己的centos镜像

1、编写dockerfile文件
[root@localhost dockerfile]# cat mycentos
FROM centos

MAINTAINER jinwei<863917565@qq.com>

ENV WORKPATH /usr/local

WORKDIR $WORKPATH

RUN yum -y install vim

RUN yum -y install net-tools

EXPOSE 80

CMD echo $WORKPATH

CMD echo "-----END--------" 

CMD /bin/bash
[root@localhost dockerfile]# ls
mycentos
2、创建镜像
[root@localhost dockerfile]# docker build -f mycentos -t mycentos:1.0.1 .
Successfully built 5c70bafa4248
Successfully tagged mycentos:1.0.1
3、运行镜像测试
[root@localhost dockerfile]# docker run -it mycentos:1.0.1 /bin/bash
[root@398d9547e1b2 local]# vim
[root@398d9547e1b2 local]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.3  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:03  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 656 (656.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

4、docker history 镜像名  //可以查看镜像的历史

CMD和ENTRYPOINT的区别

CMD命令

#创建dockerfile文件
FROM centos
CMD ["ls","-a"]
# cmd命令后追加-l,报错
[root@localhost dockerfile]# docker run testcmd
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
[root@localhost dockerfile]# docker run testcmd -a
docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "-a": executable file not found in $PATH: unknown.

ENTRYPOINT命令

1、编写dockerfile文件
[root@localhost dockerfile]# cat dockerfile-entrypoint 
FROM centos

ENTRYPOINT ["ls","-a"]

2、创建镜像
[root@localhost dockerfile]# docker build -f dockerfile-entrypoint -t testentrypoint .
Sending build context to Docker daemon  4.096kB
Step 1/2 : FROM centos
 ---> 300e315adb2f
Step 2/2 : ENTRYPOINT ["ls","-a"]
 ---> Running in 97645d7355cf
Removing intermediate container 97645d7355cf
 ---> d9405fac9c67
Successfully built d9405fac9c67
Successfully tagged testentrypoint:latest
3、运行镜像
[root@localhost dockerfile]# docker run d9405fac9c67
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
# 在命令后面添加-l,可以直接运行
[root@localhost dockerfile]# docker run d9405fac9c67 -l
total 0
drwxr-xr-x.   1 root root   6 Apr 14 03:06 .
drwxr-xr-x.   1 root root   6 Apr 14 03:06 ..
-rwxr-xr-x.   1 root root   0 Apr 14 03:06 .dockerenv
lrwxrwxrwx.   1 root root   7 Nov  3 15:22 bin -> usr/bin
drwxr-xr-x.   5 root root 340 Apr 14 03:06 dev
drwxr-xr-x.   1 root root  66 Apr 14 03:06 etc
drwxr-xr-x.   2 root root   6 Nov  3 15:22 home
lrwxrwxrwx.   1 root root   7 Nov  3 15:22 lib -> usr/lib
lrwxrwxrwx.   1 root root   9 Nov  3 15:22 lib64 -> usr/lib64
drwx------.   2 root root   6 Dec  4 17:37 lost+found
drwxr-xr-x.   2 root root   6 Nov  3 15:22 media
drwxr-xr-x.   2 root root   6 Nov  3 15:22 mnt
drwxr-xr-x.   2 root root   6 Nov  3 15:22 opt
dr-xr-xr-x. 132 root root   0 Apr 14 03:06 proc
dr-xr-x---.   2 root root 162 Dec  4 17:37 root
drwxr-xr-x.  11 root root 163 Dec  4 17:37 run
lrwxrwxrwx.   1 root root   8 Nov  3 15:22 sbin -> usr/sbin
drwxr-xr-x.   2 root root   6 Nov  3 15:22 srv
dr-xr-xr-x.  13 root root   0 Apr 14 00:51 sys
drwxrwxrwt.   7 root root 145 Dec  4 17:37 tmp
drwxr-xr-x.  12 root root 144 Dec  4 17:37 usr
drwxr-xr-x.  20 root root 262 Dec  4 17:37 var

CMD和ENTRYPOINT 区别

CMD在后面追加的命令,执行最后一个
ENTRYPOINT命令可以在后面追加命令

制作tomcat镜像

1、准备镜像文件
[root@localhost tomcat]# ls
apache-tomcat-9.0.22.tar.gz  jdk-8u11-linux-x64.tar.gz  readme.txt
2、编写Dockerfile文件
[root@localhost tomcat]# vi Dockerfile
FROM centos
MAINTAINER jinwei<863917565@qq.com>

COPY readme.txt /usr/local/readme.txt

ADD apache-tomcat-9.0.22.tar.gz /usr/local
ADD jdk-8u11-linux-x64.tar.gz  /usr/local

RUN yum -y install vim

ENV MYPATH /usr/local
WORKDIR $MYPATH

ENV JAVA_HOME /usr/local/jdk1.8.0_11
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.22
ENV CATALINA_BASH /usr/local/apache-tomcat-9.0.22
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin:$CATALINA_HOME/lib

EXPOSE 8080

CMD /usr/local/apache-tomcat-9.0.22/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.22/bin/logs/catalina.out

3、构建镜像(名字为官方命名(Dockerfile))
[root@localhost tomcat]# docker build -t diytomcat .
Sending build context to Docker daemon    170MB
Step 1/15 : FROM centos
 ---> 300e315adb2f
Step 2/15 : MAINTAINER jinwei<863917565@qq.com>
 ---> Using cache
 ---> e7bd2e637d5c
Step 3/15 : COPY readme.txt /usr/local/readme.txt
 ---> 9ac5fcc8cc80
Step 4/15 : ADD apache-tomcat-9.0.22.tar.gz /usr/local
 ---> 19fc5a81b24f
Step 5/15 : ADD jdk-8u11-linux-x64.tar.gz  /usr/local
 ---> da2d34a2ad88
Step 6/15 : RUN yum -y install vim
 ---> Running in 72cc034bfbdb
4、运行镜像
[root@localhost tomcat]# docker run -d -p 9999:8080 -v /home/zhujinwei/build/tomcat/test:/usr/local/apache-tomcat-9.0.22/webapps/test -v /home/zhujinwei/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.22/logs 8e6058fc0df9
5、测试是否可以运行
[root@localhost tomcat]# curl localhost:9999



<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
        <title>Apache Tomcat/9.0.22</title>
        <link href="favicon.ico" rel="icon" type="image/x-icon" />
        <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
        <link href="tomcat.css" rel="stylesheet" type="text/css" />
    </head>

    <body>

镜像发布到dockerhub上

1、创建dockerhub镜像
# 网址:https://registry.hub.docker.com/
2、在服务器上登陆账号
[root@localhost ~]# docker login -u dockershuaige
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
3、使用命令发布镜像
[root@localhost ~]# docker push diycentos:4.0.1
The push refers to repository [docker.io/library/diycentos]
5f8f82715f96: Preparing 
9bd0d5435698: Preparing 
7c448c640657: Preparing 
237ea0193db3: Preparing 
2653d992f4ef: Preparing 

发布到阿里云镜像服务器上

1、登陆到阿里云容器服务中
[root@localhost ~]# docker login --username=huzhuxia18888  registry.cn-hangzhou.aliyuncs.com
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
2、使用命令发布到阿里云中
#使用命令对修改镜像的tag
[root@localhost ~]# docker tag 8e6058fc0df9  registry.cn-hangzhou.aliyuncs.com/learn_01/learn_hub_01/diycnetos:1.0.0
[root@localhost ~]# docker images
REPOSITORY                                                          TAG       IMAGE ID       CREATED         SIZE
diycentos                                                           4.0.1     8e6058fc0df9   22 hours ago    607MB
registry.cn-hangzhou.aliyuncs.com/learn_01/learn_hub_01/diycnetos   1.0.0     8e6058fc0df9   22 hours ago    607MB
#使用push命令上传到阿里云仓库
[root@localhost ~]# docker push registry.cn-hangzhou.aliyuncs.com/learn_01/learn_hub_01/diycnetos:1.0.0
The push refers to repository [registry.cn-hangzhou.aliyuncs.com/learn_01/learn_hub_01/diycnetos]
5f8f82715f96: Mounted from learn_01/learn_hub_01 
9bd0d5435698: Mounted from learn_01/learn_hub_01 
7c448c640657: Mounted from learn_01/learn_hub_01 
237ea0193db3: Mounted from learn_01/learn_hub_01 
2653d992f4ef: Mounted from learn_01/learn_hub_01 

docker网络

查看网络IP地址

[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000  //本机回环地址
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000  //网卡地址,需注意和eth0的区别
    link/ether 00:0c:29:50:5a:33 brd ff:ff:ff:ff:ff:ff
    inet 192.168.43.18/24 brd 192.168.43.255 scope global noprefixroute dynamic ens33
       valid_lft 741sec preferred_lft 741sec
    inet6 2409:8946:24e:df47:dfdb:2a96:d767:a9b1/64 scope global noprefixroute dynamic 
       valid_lft 3519sec preferred_lft 3519sec
    inet6 fe80::f1cc:ca66:4756:ebc9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default   //docker网络地址
    link/ether 02:42:36:08:10:9a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:36ff:fe08:109a/64 scope link 
       valid_lft forever preferred_lft forever

docker宿主机可以ping通容器内的IP地址

1、运行容器,使用ip addr命令查看容器的ip
[root@localhost ~]# docker exec -it a0ccdd7ffd63 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
2、使用ping命令可以成功ping通
[root@localhost ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.232 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.277 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.142 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.142 ms
### 解决问题:容器运行后提示WARNING: IPv4 forwarding is disabled. Networking will not work.
[root@localhost ~]#  docker run -d -P --name tomcat01 tomcat
Unable to find image ‘tomcat:latest‘ locally
latest: Pulling from library/tomcat
bd8f6a7501cc: Pull complete 
44718e6d535d: Pull complete 
efe9738af0cb: Pull complete 
f37aabde37b8: Pull complete 
b87fc504233c: Pull complete 
8bf93eef8c9e: Pull complete 
a62c27841e77: Pull complete 
3b23560b24c9: Pull complete 
168537fce8fb: Pull complete 
6643b79f9364: Pull complete 
Digest: sha256:a655be865e9f62d6d2ed3823c7382a2d77d0a034eb17714bbf2a514c3f620717
Status: Downloaded newer image for tomcat:latest
WARNING: IPv4 forwarding is disabled. Networking will not work.
a0ccdd7ffd6338b9804a9b3868556cb1443eafc8bea8810a20546273da27c88a
解决方法
vim /etc/sysctl.conf

#配置转发
net.ipv4.ip_forward=1

#重启服务,让配置生效
systemctl restart network

#查看是否成功,如果返回为“net.ipv4.ip_forward = 1”则表示成功

sysctl net.ipv4.ip_forward
————————————————

Docker网络原理

#我们安装过docker后,宿主机会有一个dockers0网络,每创建一个容器,就会给容器分配一个ip
容器内:
root@2c3d1a8c6f92:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default   //容器内IP地址
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
宿主机内:
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:5a:33 brd ff:ff:ff:ff:ff:ff
    inet 192.168.43.18/24 brd 192.168.43.255 scope global noprefixroute dynamic ens33
       valid_lft 3112sec preferred_lft 3112sec
    inet6 2409:894b:4910:3431:f8d7:e101:ed55:3ec5/64 scope global noprefixroute dynamic 
       valid_lft 3527sec preferred_lft 3527sec
    inet6 fe80::f1cc:ca66:4756:ebc9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:36:08:10:9a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:36ff:fe08:109a/64 scope link 
       valid_lft forever preferred_lft forever
15: veth8c8d1cc@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default   //宿主机内IP
    link/ether 3a:c5:81:c8:e0:63 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::38c5:81ff:fec8:e063/64 scope link 
       valid_lft forever preferred_lft forever
#总结:
1、容器内和宿主机的ip成对出现
2、使用evth-pair,一对虚拟设备接口,他们是成对出现的,一段连接协议,一段连接彼此
3、evth-pair充当桥梁,连接各种虚拟网络
4、openstac、docker容器之间的连接、ovs的连接,都是使用evth-pair技术
#两个容器之间可以ping通
[root@localhost ~]# docker exec -it 2afc2984123e ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 172.17.0.1: icmp_seq=2 ttl=64 time=0.100 ms
64 bytes from 172.17.0.1: icmp_seq=3 ttl=64 time=0.140 ms
^Z64 bytes from 172.17.0.1: icmp_seq=4 ttl=64 time=0.140 ms

技术分享图片

小结

技术分享图片

link命令

#使用link命令连接tomcat02
[root@localhost ~]# docker run -d -P --name tomcat04 --link tomcat02 tomcat
98375c38768151004f6765a54e900cd84ef467f7826bb4342cd06f7b9b1dd849
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE          COMMAND             CREATED          STATUS             PORTS                     NAMES
98375c387681   tomcat         "catalina.sh run"   16 seconds ago   Up 13 seconds      0.0.0.0:49160->8080/tcp   tomcat04
2afc2984123e   bd431ca8553c   "catalina.sh run"   58 minutes ago   Up 58 minutes      0.0.0.0:49159->8080/tcp   tomcat03
2c3d1a8c6f92   tomcat         "catalina.sh run"   2 hours ago      Up About an hour   0.0.0.0:49156->8080/tcp   tomcat02
#连接后ping容器名可以直接ping通
[root@localhost ~]# docker exec -it 98375c387681 ping tomcat02
PING tomcat02 (172.17.0.2) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.2): icmp_seq=1 ttl=64 time=0.219 ms
64 bytes from tomcat02 (172.17.0.2): icmp_seq=2 ttl=64 time=0.155 ms
64 bytes from tomcat02 (172.17.0.2): icmp_seq=3 ttl=64 time=0.064 ms
64 bytes from tomcat02 (172.17.0.2): icmp_seq=4 ttl=64 time=0.087 ms
^Z64 bytes from tomcat02 (172.17.0.2): icmp_seq=5 ttl=64 time=0.104 ms
64 bytes from tomcat02 (172.17.0.2): icmp_seq=6 ttl=64 time=0.119 ms
#原理:在hosts文件中做了映射
[root@localhost ~]# docker exec -it 98375c387681 cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.2	tomcat02 2c3d1a8c6f92
172.17.0.4	98375c387681

自定义网络

#docke的三种网络模式
[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
27210157df7f   bridge    bridge    local
d1cc175ef2ad   host      host      local
b7b6f0969e93   none      null      local
birdge:桥接模式
host:主机模式
none:不设置模式
container:容器模式(不建议使用)
#docker网络配置
[root@localhost ~]# docker run -d -P --network bridge tomcat
[root@localhost ~]# docker run -d -P  tomcat
注:以上两个命令同样的效果
docker0网络:默认为bridge模式,域名无法ping通,--link可以让其ping通
#自定义网络
1、创建网络命令
[root@localhost ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
8af0b0bb7c6ebba6cca983b86a3b9a855e7c078d086ece7aa151dfea076be9a3
[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
27210157df7f   bridge    bridge    local
d1cc175ef2ad   host      host      local
8af0b0bb7c6e   mynet     bridge    local
b7b6f0969e93   none      null      local
2、查看网络配置
[root@localhost ~]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "8af0b0bb7c6ebba6cca983b86a3b9a855e7c078d086ece7aa151dfea076be9a3",
        "Created": "2021-04-18T22:45:09.43838593-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
# 创建两个容器,mynet网络下会出现容器的配置
1、创建两个容器
[root@localhost ~]# docker run -d -P --name tomcat-net-01 --network mynet tomcat 
ed69d3985dc9b91d5413a7a62a21bb62f30404fd35576e965c00d9c97e22d18c
[root@localhost ~]# docker run -d -P --name tomcat-net-02 --network mynet tomcat 
6de88a0768e32e612b8eda4aaefd2602b54d7e0f34814ae523f2e410950b5654
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND             CREATED          STATUS          PORTS                     NAMES
6de88a0768e3   tomcat    "catalina.sh run"   3 seconds ago    Up 2 seconds    0.0.0.0:49156->8080/tcp   tomcat-net-02
ed69d3985dc9   tomcat    "catalina.sh run"   13 seconds ago   Up 12 seconds   0.0.0.0:49155->8080/tcp   tomcat-net-01
2、查看mynet配置,会出现创建的两个容器的
[root@localhost ~]# docker network inspect mynet
   "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "6de88a0768e32e612b8eda4aaefd2602b54d7e0f34814ae523f2e410950b5654": {
                "Name": "tomcat-net-02",
                "EndpointID": "e31a6c04f8c7efb642881afa7b74e8d4df6757b977b1f32e7b34a0cbdc74f035",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "ed69d3985dc9b91d5413a7a62a21bb62f30404fd35576e965c00d9c97e22d18c": {
                "Name": "tomcat-net-01",
                "EndpointID": "fade8b179f1d2d798fef5bb33da17976c7a0f3d33339d4b86c69592b186e8a21",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
3、ping两个容器的域名查看是否可以ping通
[root@localhost ~]# docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.222 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.167 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=4 ttl=64 time=0.228 ms
^Z64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=5 ttl=64 time=0.079 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=6 ttl=64 time=0.186 ms
^C
--- tomcat-net-02 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 15ms
rtt min/avg/max/mdev = 0.079/0.160/0.228/0.061 ms
#网络联通
1、创建两个docker0网络
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND             CREATED          STATUS          PORTS                     NAMES
e7238ea45f60   tomcat    "catalina.sh run"   12 seconds ago   Up 10 seconds   0.0.0.0:49158->8080/tcp   tomcat02
de1f0e2bc5ad   tomcat    "catalina.sh run"   23 seconds ago   Up 21 seconds   0.0.0.0:49157->8080/tcp   tomcat01
6de88a0768e3   tomcat    "catalina.sh run"   14 minutes ago   Up 14 minutes   0.0.0.0:49156->8080/tcp   tomcat-net-02
ed69d3985dc9   tomcat    "catalina.sh run"   14 minutes ago   Up 14 minutes   0.0.0.0:49155->8080/tcp   tomcat-net-01
2、使用网络联通命令
[root@localhost ~]# docker network connect mynet tomcat01
3、查看nynet网络变化
"Containers": {
            "6de88a0768e32e612b8eda4aaefd2602b54d7e0f34814ae523f2e410950b5654": {
                "Name": "tomcat-net-02",
                "EndpointID": "e31a6c04f8c7efb642881afa7b74e8d4df6757b977b1f32e7b34a0cbdc74f035",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "de1f0e2bc5adadf1db0b6917063a4f94128062258f0c626c7e5cc281fe039bc3": {
                "Name": "tomcat01",
                "EndpointID": "504c03820f00734a389ae64d81f460a8e13a7720fa7e5e184fd47b1b030800a5",   //将tomcat01添加到mynet容器中
                "MacAddress": "02:42:c0:a8:00:04",
                "IPv4Address": "192.168.0.4/16",
                "IPv6Address": ""
            },
            "ed69d3985dc9b91d5413a7a62a21bb62f30404fd35576e965c00d9c97e22d18c": {
                "Name": "tomcat-net-01",
                "EndpointID": "fade8b179f1d2d798fef5bb33da17976c7a0f3d33339d4b86c69592b186e8a21",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        },
4、查看tomcat-net-01和tomcat01是否可以ping通
[root@localhost ~]# docker exec -it tomcat01 ping tomcat-net-01
PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.189 ms
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=3 ttl=64 time=0.063 ms
^Z64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=4 ttl=64 time=0.084 ms
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=5 ttl=64 time=0.121 ms
^C
--- tomcat-net-01 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 0.063/0.111/0.189/0.043 ms

Docker镜像原理

原文:https://www.cnblogs.com/fightsun/p/14645466.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!