Docker Learning (Updating)

Crazy docker

Docker Installation

Overview of Docker

Common Container Commands

Summary

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-3ADBtITI-1635347) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2028.png)]

Homework exercises

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-ssam1hJT-1635340) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20280.png)]

Explanation of container mirroring

Container data volume

What is a container data volume

Using data volumes

Actual Warfare: Install MYSQL

Anonymous and Anonymous Mounts

#Anonymous mount
-v Path inside container
docker run -d -p --name nginx01 -v /etc/nginx nginx 

#View all volume s
[root@kuangshen home] # docker volume ls
local               1dc95cc8c935cf5319a0b30b21b4ed85c07a8151be02aa4bc249924969e2695b

#Here we find that this is an anonymous mount, where we write only the paths inside the container but not outside the container at -v.

#Named Mount
[root@kuangshen home] # docker run -d -P --name nginx02 -v jumping-nginx: etc/nginx nginx
a9ce4fcee637f6b81d7759816b7ef43a8a4a82ab1fe4af63884fe97568dceb31
[root@kuangshen home] # docker volume ls
local               jumping-nginx

# Pass-v Volume Name: Path in Container
# Check out this volume

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-C1MKTuFJ-1635342) (C:\UsersxuhongyuanAppData\LocalYNotedata xuhy95@163.com d98edbb5d045828d1fc8d79adb3219clipboard.png)]

Expand:

# Change read and write permissions through-v container power, ro, and rw 
ro readonly read-only
rw readwrite Read-write

#Once this has set container permissions, containers have limits on what we can mount!
docker run -d  -P --name nginx02 -v jump-ngnix:/etc/nginx:ro nginx
docker run -d  -P --name nginx02 -v jump-ngnix:/etc/nginx:rw nginx

# When ro sees ro, it means that this path can only be operated on by the host machine, and there is no operation inside the container.

First Identity Dockerfile

Dockerfile is the build file used to build the Docker image! Command script, try it first!

Through this script, mirrors can be generated one layer at a time, scripts commands one by one, each command is one layer!

#Create a dockfile with a name that randomly suggests a Dockfile
# Content directive (uppercase) parameters in file
FROM centos

VOLUME ["/volume01","/volume02"]

CMD echo "----end----"

CMD /bin/bash

# Here each command is the layer of the mirror

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Ll47mm1O-1635345) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202310.png)]

# Start, write your own container

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-i1wxyw2f-1635348) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 8.png)]

There must be a synchronized directory outside this volume!

Check the path of the volume mount

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-siZNC3xV-1635340) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue)]

Test if the file you just created is synchronized!

We'll use it a lot in the future, because we usually build our own mirrors!

Assuming that the volume was not mounted when the mirror was built, mount the-v volume name manually: the path inside the container!

Data Volume Container

Synchronize data with two mysql s!

Start three containers and start through the one we just wrote.

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-RfdrSovu-163534401) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 1.png)]

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-nbABaYIT-1635343) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 2.png)]

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-4bIVsTKI-163534655) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 1.png)]

# Test: you can delete docker01 to see if docker02 and docker03 can also access this file
# Tests are still accessible

Multiple mysql s for data sharing

[root@kuangshen home]# docker run -d -p 3310:3306 -v /etc/mysql/conf.d -v /var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7

[root@kuangshen home]# docker run -d -p 3310:3306 -e MYSQL_ROOT_PASSWORD=123456 --name mysql02 --volumes-from mysql01 mysql:5.7

# At this point, two containers can be synchronized

Conclusion:

Configuration information is passed between containers, and the life cycle of a data volume container lasts until no containers are used.

But once you persist locally, the local data will not be deleted at this time!

DockFile

Introduction to DockFile

The dockerfile is the file used to build the docker image! Command parameter script!

1. Write a dockfile

2. docker build s into a mirror

3. Doker run mirror

4. DockerHub, Ali Cloud Mirror Warehouse

See what the authorities are doing

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-xjfFIL2Q-163534407) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20255.png)]

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-MWCecxuH-163534659) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20233.png)]

Many of the official mirrors are basic packages and many of the functions are not available. We usually set up our own mirrors!

Now that the authorities can make mirrors, so can we!

DockFile build process

Fundamentals

1. Each reserved keyword (instruction) must be a capital letter

2. Execute from top to bottom

3. #indicates a comment

4. Each instruction creates and submits a new mirror layer!

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-geJxHQQv-163534660) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-10233330;0.png)]

Dokfile is for development. To publish projects and mirror them in the future, we need to write a dockcfile file, which is very simple!

Docker mirroring is becoming the standard for enterprise delivery and must be mastered!

Steps: Development, Deployment, Operations and Maintenance. Not a single one can be omitted!

Dockfile: Build the file, define all the steps, source code

DockfileImages: Build a generated image through DockFile, and ultimately publish and run the product!

Docker container: A container is one that runs as a mirror to provide services

Instructions for DockerFile

We used to use someone else, but now that we know these instructions, let's practice writing a mirror for ourselves!

FROM              # Basic Mirror, everything built from here
MAINTAINER        # Who wrote the mirror, name + mailbox
RUN               # Commands to run when the mirror is low enough
ADD 			  # Step: tomcat mirror, decompress the tomcat package! Add content to the mirror
WORKDIR  		  # Mirrored Working Directory
VOLUME			  # Mirrored Working Directory
EXPOSE  		  # Preserve port configuration
CMD				  # Specifies the command to run when this container starts, only the last one will take effect and can be replaced
ENTRYPOINT 		  # Specify the commands to run when this container starts, and you can append commands
ONBUILD 		  # When an inherited DockFile is built, the ONBUILD directive is run, triggering the directive.
COPY			  # Like ADD, copy our files into a mirror
ENV 			  # Set environment variables when building

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-4DNTgUIl-1635401) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20259.png)]

Field Test

99% of mirrors in Dockerhub are FROM scratch es from this base

Then configure the software and configuration you need to build it.

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Lutb3q2J-1635402) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2023.png)]

Create your own directory

#1. Write Dockfile
[root@kuangshen dockfile]# cat mydockerfile-centos
FROM centos
MAINTAINER kuangshen<24736743@qq.com>

ENV MYPATH /usr/local
WORKDIR $MYPATH

RUN yum -y install vim
RUN yum -y install net-tools

EXPOSE 80

CMD echo $MYPATH
CMD echo "---end---"
CMD /bin/bash

# 2. Build a mirror from this file
# Command docker build-f dockerfile file file path-t mirror name: [tag]

Successfully built e2bd75cfe070
Sucessfully tagged mycentos:0.1

Contrast: Previous native centos

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-YMikmkhW-163540663) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20240.png)]

A mirror after we added it

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-YqXutg1i-163540664) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2027073.png)]

We can list the history of changes made locally

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-SHRXTDar-163540665) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue.png)]

We usually get a mirror, so we can study how it does it?

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-58y62MiB-163534665) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20236.png)]

Difference between CMD and ENTRYPOINT

CMD				  # Specifies the command to run when this container starts, only the last one will take effect and can be replaced ENTRYPOINT 		  # Specify the commands to run when this container starts, and you can append commands

Test cmd

#To write dockfile file[root@kuangshen dockfile]# vim dockfile-cmd-testFROM centosCMD ["ls","-a"]#Build Mirror[root@kuangshen dockfile]# docker build -f dockfile-cmd-test -t cmdtest .# run Run, discover our ls -a Command takes effect[root@kuangshen dockfile]# docker run dd8e4401d72f....dockerenvbindevetchomeliblib64lost+foundmediamntoptprocrootrunsbinsrvsystmpusrvar# Want to append a command -l     ls -alxuhongyuan@qualitycenter03:/mnt/data1/work/xuhongyuan/mydocker/dockfile$ docker run 30f7e8d23b5c -ldocker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"-l\": executable file not found in $PATH": unknown.# Clean-up of cmd-l replaces the CMD ['ls','a'] command, -l is not a command and therefore errors

Test entrypoint

[root@kuangshen dockfile# vim dockfile-entrypoint-test
FROM centos
ENTRYPOINT ["ls","-a"]

[root@kuangshen dockfile]# docker build -f dockerfile-entrypoint-test -t entrypoint-test .
Sending build context to Docker daemon   16.9kB
Step 1/2 : FROM centos
 ---> 5d0da3dc9764
Step 2/2 : ENTRYPOINT ["ls","-a"]
 ---> Running in 85874b254892
Removing intermediate container 85874b254892
 ---> 41a0167dfb24
Successfully built 41a0167dfb24
Successfully tagged entrypoint-test:latest

# run runs and finds our ls-a command in effect
[root@kuangshen dockfile]# docker run 41a0167dfb24
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var

# Want to append a command-l to ls-al
[root@kuangshen dockfile]# docker run 41a0167dfb24 -l
total 56
drwxr-xr-x   1 root root 4096 Oct 16 11:43 .
drwxr-xr-x   1 root root 4096 Oct 16 11:43 ..
-rwxr-xr-x   1 root root    0 Oct 16 11:43 .dockerenv
lrwxrwxrwx   1 root root    7 Nov  3  2020 bin -> usr/bin
drwxr-xr-x   5 root root  340 Oct 16 11:43 dev
drwxr-xr-x   1 root root 4096 Oct 16 11:43 etc
drwxr-xr-x   2 root root 4096 Nov  3  2020 home
lrwxrwxrwx   1 root root    7 Nov  3  2020 lib -> usr/lib
lrwxrwxrwx   1 root root    9 Nov  3  2020 lib64 -> usr/lib64
drwx------   2 root root 4096 Sep 15 14:17 lost+found
drwxr-xr-x   2 root root 4096 Nov  3  2020 media
drwxr-xr-x   2 root root 4096 Nov  3  2020 mnt
drwxr-xr-x   2 root root 4096 Nov  3  2020 opt
dr-xr-xr-x 319 root root    0 Oct 16 11:43 proc
dr-xr-x---   2 root root 4096 Sep 15 14:17 root
drwxr-xr-x  11 root root 4096 Sep 15 14:17 run
lrwxrwxrwx   1 root root    8 Nov  3  2020 sbin -> usr/sbin
drwxr-xr-x   2 root root 4096 Nov  3  2020 srv
dr-xr-xr-x  13 root root    0 Oct  9 08:33 sys
drwxrwxrwt   7 root root 4096 Sep 15 14:17 tmp
drwxr-xr-x  12 root root 4096 Sep 15 14:17 usr
drwxr-xr-x  20 root root 4096 Sep 15 14:17 var

There are many commands in dockfile that are very similar, and we need to understand their differences. Our best learning is to compare them and then test them.

Actual Warfare: Tomcat Mirror

1. Prepare tomcat compression package for mirror file, jdk compression package

[root@kuangshen tomcat]# ll
total 165972
-rw-r--r-x  12 root root 10909702 Sep 15 14:17 jdk-8u171-linux-x64.tar.gz
-rw-r--r-x  20 root root 159019376 Sep 15 14:17 apache-tomcat-9.0.54

2. Write a dockfile, officially name the Dockfile. Build will automatically find this file, so -f does not need to be specified!

FROM centos
MAINTAINER xhy<xuhongyuan@momenta.ai>
#Copy c.txt of the host's current context to the container/usr/local path
COPY c.txt /usr/local/cincontainer.txt
#Add java and tomcat to the container
ADD jdk-8u171-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-9.0.54 /usr/local/
#Install vim editor
RUN yum -y install vim
#Set WORKDIR path and login destination for work access
ENV MYPATH /usr/local
WORKDIR $MYPATH
#Configuring java and tomcat environment variables
ENV JAVA_HOME /usr/local/jdk1.8.0_171
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.54
ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.54
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
#Port on which the container listens while it is running
EXPOSE 8080
#Run tomcat at startup
#ENTRYPOINT ["/usr/local/apache-tomcat-9.0.54/bin/startup.sh"]
#CMD ["/usr/local/apache-tomcat-9.0.54/bin/catalina.sh","run"]
CMD /usr/local/apache-tomcat-9.0.54/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.54/bin/logs/catalina.out

3. Build a mirror

# docker build -t diytomcat .

4. Boot Mirror

[root@kuangshen tomcat]# docker run -d -p 9090:8080 --name kuangshentomcat  -v /mnt/data1/work/xuhongyuan/mydocker/tomcat9/test:/usr/local/apache-tomcat-9.0.54/webapps/test -v /mnt/data1/work/xuhongyuan/mydocker/tomcat9/tomcat9logs/:/usr/local/apache-tomcat-9.0.54/logs --privileged=true diytomcat[root@kuangshen tomcat]# docker exec -it kuangshentomcat /bin/bash

5. Access test (host ip:9090 access display)

6. Publish the project (we can publish directly by writing the project locally because of the volume mount!)

Create the WEB-INF folder (create web.xml internally) and index.jsp under the test folder

web.xml

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5"	xmlns="http://java.sun.com/xml/ns/javaee"	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee						http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"></web-app> 

index.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html><html><head><meta charset="utf-8"><title>hello,kuangshen</title></head><body>Hello World!<br/><%System.out.println("----my test web logs----");%></body></html>

Visit the host IP+9090/test to see the jsp interface

System.out.println ("--- my test web logs----");// Background log page output once per visit (tail-f catalina.out)

Discover project deployment success, can access ok directly!

Our future development steps: need to master dockfile writing! Everything after us is running the publish using a docker image!

Publish your own image

DockerHub

1. Address https://hub.docker.com/ Register your own account

2. Make sure this account can be logged in (my account xuhy95)

3. Submit your own image on our server

[root@kuangshen tomcat]# docker login --help

Usage:  docker login [OPTIONS] [SERVER]

Log in to a Docker registry.
If no server is specified, the default is defined by the daemon.

Options:
  -p, --password string   Password
      --password-stdin    Take the password from stdin
  -u, --username string   Username

4. Once you are logged in, you can submit the mirror, which is a docker push

[root@kuangshen tomcat]# docker push diytomcat
The push refers to repository [docker.io/library/diytomcat]
f9f7fba939ae: Preparing 
77b0313ff515: Preparing 
7aac11dc96b2: Preparing 
b2e3e5c85eef: Preparing 
74ddd0ec08fa: Preparing 
denied: requested access to the resource is denied

#push mirror problem?
[root@kuangshen tomcat]#  docker push xuhy95/diytomcat1.0
The push refers to repository [docker.io/xuhy95/diytomcat1.0]
An image does not exist locally with the tag: xuhy95/diytomcat1.0

#Solve, add a tag
[root@kuangshen tomcat]# docker tag diytomcat xuhy95/diytomcat:1.0

#docker push up! Publish your own images with version numbers whenever possible
[root@kuangshen tomcat]# docker push xuhy95/diytomcat
The push refers to repository [docker.io/xuhy95/diytomcat]
f9f7fba939ae: Pushing [===============>                                   ]  22.17MB/72.72MB
77b0313ff515: Pushing [===========================>                       ]  8.837MB/16.04MB
7aac11dc96b2: Pushing [=>                                                 ]  9.341MB/387.4MB
b2e3e5c85eef: Pushing   2.56kB
74ddd0ec08fa: Pushing [====

Submits are also made at the mirrored level.

Ali Cloud Mirror Service

1. Log on to Aliyun

2. Find Container Mirror Service

3. Create a namespace

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-XijimRw1-163540666) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202600459.png)]

4. Create a container image

Click Mirror Warehouse - > Create Warehouse

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-OJulxVTx-163534667) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue.png)]

5. Browse Ali Cloud

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-xiSdgxGI-163534668) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2020342.png)]

Ali Cloud Container Mirror Release Reference Official Documents

[root@xuhongyuan tomcat]# docker login --username=xuhy95 registry.cn-hangzhou.aliyuncs.com

[root@xuhongyuan tomcat]# docker tag 9e06224a1073 registry.cn-hangzhou.aliyuncs.com/bilibili-xuhy95/xuhy95-test:v1.0
[root@xuhongyuan tomcat]# docker push registry.cn-hangzhou.aliyuncs.com/bilibili-xuhy95/xuhy95-test:v1.0

(copy right by xiaoxu)

Summary

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-TnFQDkyp-163540669) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2024.png)]

Docker Network

Understanding Docker0

test

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-SIBMtsRi-163534669) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2025.png)]

Three networks

#Question: How does docker handle container network access?

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Q6GIxblE-163534670) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2025046.png)]

# [root@kuangshen /] # docker run -d -P --name tomcat01 tomcat

#Look at the container's internal network address ip addr and find that when the container starts, it gets a eth0@if262 ip address, docker assigned!
[root@kuangshen /]# docker exec -it tomcat01 ip addr
1: 10: <LOOPBACK, UP, LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback00:00:00:00:00:00 br 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
261: ethoGif262: <BROADCAST, MULTICAST, UP ,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42: ac:12:00:02 brd ff:ff:ff:ff:ff:fflink-netnsid0
inet 172.18.0.2/16 br 172.18.255.255 scope global etho
valid_lft forever preferred_lft forever
#Reflection. 1iunx can ping through the inside of the container!
[root@kuangshen /]# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56 (84) bytes of data.
64 bytes from 172.18.0.2: imp_seq=1 ttl=64 time=0.067 ms
64 bytes from 172.18.0.2: imp seq-2 tt1=64 time=0.055 ms

# linux can ping through the docker container interior

principle

1. As soon as we start each docker container, the docker will assign an ip to the docker container. As long as the docker is installed, there will be a docker 0 bridge mode for the network card. The technology used is evth-pair technology!

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-TbLJm85P-163534671) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 32.png)]

2. Start another container test

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-sTxX368x-163534673) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 3.png)]

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-SDaZJBSu-163534674) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2029.png)]

# We found that this container brings network cards, which are all pairs# evth-pair Is a pair of virtual device interfaces that appear in pairs, one protocol connected to another# Because of this feature, evth-pair Acting as a bridge connecting various virtual network devices# Openstack, connections between Docker containers, and connections to ovs all use evth-pair Technology

3. Let's test whether tomcat01 and tomcat 02 can ping!

[root@kuangshen /1# docker exec -it tomcat02 ping 172.18.0.2# Conclusion: Containers and containers can ping each other!

Draw - a network model diagram

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-xHbdKnHx-163534675) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 57.png)]

Conclusion: tomcat01 and tomcat02 are public routers, docker0

All containers are routed by docker0 without specifying a network, and docker assigns our containers a default available IP

Summary

Docker uses a Linux bridge, docker0 is a Docker container's bridge in the host

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-R2R5jPXn-163534675) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202002134;png)]

All network interfaces in the Docker are virtual. Virtual transfer efficiency! (Intranet Delivery Files!)

As long as the container is deleted, there will be no pair of corresponding bridges!

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-UmFgVr6U-163534676) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 8.png)]

Container interconnection - link

Consider a scenario where we wrote a microservice, database url=ip, the project does not restart, the database IP has been replaced, and we want to be able to address this issue by accessing the container by name?

[root@kuangshen /]# docker exec -it tomcat02 ping tomcat0l
ping: tomcat0l: Name or service not known
#How can I solve it?
#adopt--1ink It solves the problem of network connectivity
Lroot@kuangshen /J# docker run -d -p -name tomcat03 --link tomcat02
5ca72d80ebb048d3560df1400af03130f37ece244be2a54884336aace2106884
[root@kuangshen /]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.18.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.18.0.3): icmp_seq-1 tt1=64 time=0.100 ms
64 bytes from tomcat02 (172.18.0.3): icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from tomcat02 (172.18.0.3): imp_seq=3 tt1=64 time=0.067 ms
#Can I ping in reverse?
[root@kuangshen /]# docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Name or service not known

Explore: docker network inspect network card ID (network card ID can be viewed through docker network ls)

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-nvCXIYKK-163534678) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 0.png)]

Actually, this tomcat03 configures tomcat02 locally?

# Check the hosts configuration and find out how it works here!
[root@kuangshen /]# docker exec -it tomcat03 cat /etc/hosts
127_0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ffO2::2 ip6-allrouters
172.18.0.3 tomcat02 312857784cd4
172.18.0.4 5ca7 2d80ebb0

Essential exploration: link is the addition of 172.18.0.3 tomcat02 312857784cd4 to the hosts configuration
We are no longer recommended to use -link for Docker now!
Customize the network! Doker0 does not apply!
docker0 problem: he does not support container name connection access!

Custom network

View all docker networks

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-GpZuyhgs-163534679) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20229.png)]

Network mode

Bridge: Bridge docker (by default, create your own and use bridge mode)

none: do not configure network

Host: Share network with host

Container: container network connected! (less used, limited)

test

#The command we started directly--net bridge, which is our docker0
docker run -d -P --name tomcat01 tomcat
docker run -d -P --name tomcat01 --net bridge tomcat

#docker0 features: by default, the domain name is not accessible, --link can make a connection!

#We can customize a network!
# --driver bridge default Bridge
# --subnet 192.168.0.0/16 subnet address (192.168.0.2-192.168.255.255)
# --gateway 192.168.0.1 gateway
[root@kuangshen /]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
eb21272b3a35ceabal1b4aa5bbff131c3fb09c4790f0852ed4540707438db052
[root@kuangshen /J# docker network ps
Usage:
docker network COMMAND
Manage networks
Commands:
connect		Connect a container to a network
create		Create a network
disconnect	Disconnect a container from a network
inspect		Display detailed information on one or more networks
ls			List networks
prune		Remove all unused networks
rm			Remove one or more networks

Run 'docker network COMMAND --help' for more information on a command,
[root@kuangshen /]# docker network ls
NETWORK ID		NAME					DRIVER			SCOPE
5a008c015cac 	bridge					bridge			local
db44649a9bff	composetest default		bridge			local
ae2b6209c2ab	host					host			local
eb21272b3a35	mynet					bridge			local
c037f7ec7e57	none					null			local
b701476a0394	redis					bridge			local

Our own network is created

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-zp4Zjupr-1635400) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20270.png)]

Create two containers below to see if ping pass is possible and use inspect to see if the container is in a network segment

[root@kuangshen /]#  docker run -d -P --name tomcat-net-01 --net mynet tomcat
d3a26fb6d9781099996cff789f6ac569c832d8c5de041f8afb5d5d3e453c2149
[root@kuangshen /]#  docker run -d -P --name tomcat-net-02 --net mynet tomcat
23bf0657bed88f371cef2427506189e408bb005b3093c040b3c1cd1c452c877b
[root@kuangshen /]#  docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "3207737ab0d6f9196e4a02e9de61e6f8d8262780c3579c10e95123287de6181e",
        "Created": "2021-10-19T13:17:33.354873272+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "23bf0657bed88f371cef2427506189e408bb005b3093c040b3c1cd1c452c877b": {
                "Name": "tomcat-net-02",
                "EndpointID": "0647dd1dc2159d2d8c71139cb77141cd4b45112a5f9dad4ca5d01c91ac534a9b",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "d3a26fb6d9781099996cff789f6ac569c832d8c5de041f8afb5d5d3e453c2149": {
                "Name": "tomcat-net-01",
                "EndpointID": "54746ee657abf237ea1d4a89c6cc47adbf5fcf4abdfe6cc297ef65f932ca67c8",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

# Test the ping connection again
[root@kuangshen /]# docker exec -it tomcat-net-01 ping 192.168.0.3
PING 102.168.0. 3 (192,168.0.3) 56(84) bytes of data.
64 bytes from 192,168.0.3: icmp_seg=1 ttl=64 time=0.085 ms
64 bytes from 192,168.0.3: icmp_seg=2 ttl=64 time=0.070 ms
^C
--- 192.168.0.3 ping statistics ---
2 packets transmitted, 2 received, O% packet loss, time 999ms
rtt min/avg/max/mdev= 0.070/0.077/0.085/0.011 ms

# Don't use it now--link can also ping!
[root@kuangshen /]#docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3): 56 data bytes
64 bytes from 192.168.0.3: icmp_seq=0 ttl=64 time=0.033 ms
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.080 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.099 ms
64 bytes from 192.168.0.3: icmp_seq=4 ttl=64 time=0.105 ms
^C--- tomcat-net-02 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.033/0.085/0.106/0.027 ms


(If in use tomcat Not Installed in Mirror ping Commands can be installed in containers net-ping test apt-get install inetutils-ping
 If installed ping An error occurred in the command: Unable to locate packet I just can't find the package. sudo apt-get update Just go down)

Our customized network docker has helped us maintain the corresponding relationship, we recommend using the network like this in normal times!

Benefits:

redis - Different clusters use different networks to ensure that the cluster is safe and healthy

mysql-Different clusters use different networks to keep clusters safe and healthy

Network Connectivity

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-vqfHIYeW-1635400) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20223.png)]

Core: Connect a container to a network

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-4xZS0C3J-1635401) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2021215.png)]

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-vdMIq5jI-1635402) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20210.png)]

# Test Open Tomcat01-mynet
[root@kuangshen /]# docker network connect mynet tomcat01
# After Unicom, put tomcat01 under mynet network?

# One container, two ip addresses
#Ali Cloud Service, Public ip Private ip

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-b7CFvp1v-1635402) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 5.png)]

# 01 Connected ok
[root@kuangshen /]# docker exec -it tomcat01 ping tomcat-net-01
PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat-net-01.mynet (192.168.0.2): imp_seq=1 tt1=64 time=0.072 ms
64 bytes from tomcat-net-01.mynet (192.168.0.2): imp_seq-2 tt7=64 time=0.070 ms

#02 is still not working
[root@kuangshen /]# docker exec -it tomcat02 ping tomcat-net-01
ping: tomcat-net-01: Name or service not known

Conclusion: To operate across networks, docker network connect ion is required.

Actual Warfare: Deploy Redis Cluster (Todo)

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-BA8VXrSA-1635403) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2029.png)]

kuansghen version:

# Create script
docker network create redis --subnet 172.38.0.0/16

# Create six redis configurations through scripting
for port in $(seq 1 6);\
do \
mkdir -p /mydata/redis/node-${port}/conf
touch /mydata/redis/node-${port}/conf/redis.conf
cat << EOF >/mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-announce-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done

#Create 6 redis services
for port in $(seq 1 6);\
do \
docker run -p 637${port}:6379 -p 1637${port} \
-v /mydata/redis/node-${port}/data:/data \
-v /mydata/redis/node-${port}/conf/redis.conf:/etc/redis/redis.conf
-d --net redis --ip 172.38.0.1${port} redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf; \
done

#Create Cluster
redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379
--cluster-replicas 1

Server self-test version (deletable):

# Create script
docker network create redis --subnet 172.38.0.0/16

# Create six redis configurations through scripting
for port in $(seq 1 6);\
do \
mkdir -p /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf
touch /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf/redis.conf
cat << EOF >/mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-announce-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done


mkdir -p /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf
touch /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf/redis.conf
cat << EOF >/mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-announce-timeout 5000
cluster-announce-ip 172.38.0.11
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF

Six redis service configurations were created from the above code, and redis.conf is checked for correct configurations

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-OWpm5otU-1635405) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202820.png)]

#Create 6 redis services
for port in $(seq 1 6);\
do \
docker run -p 637${port}:6379 -p 1637${port}:16379 --name redis-${port}\
-v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/data:/data \
-v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.1${port} redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf\
done

If not, use the following command
docker run -p 6371:6379 -p 16371:16379 --name redis-1 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.11 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf

docker run -p 6372:6379 -p 16372:16379 --name redis-2 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-2/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-2/conf/.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.12 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf

docker run -p 6373:6379 -p 16373:16379  --name redis-3 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-3/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-3/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.13 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf

docker run -p 6374:6379 -p 16374:16379  --name redis-4 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-4/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-4/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.14 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf

docker run -p 6375:6379 -p 16375:16379  --name redis-5 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-5/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-5/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.15 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf

docker run -p 6376:6379 -p 16376:16379  --name redis-6 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-6/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-6/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.16 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf

#Enter container redis-1
docker exec -it redis-1 /bin/sh
xuhongyuan@qualitycenter03:/mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf$ docker exec -it d2544673f10e /bin/sh
/data # ls
/data #
(The file directory is empty, indicating that there was a problem creating the configuration file or creating the container configuration)
# Create Cluster
redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379
--cluster-replicas 1

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Wxr77Zlc-1635405) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queuing 3.png)]

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-boXRONZk-1635406) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2022.png)]

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Bqb39QCL-1635347) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2028.png)]

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-NDX6TS3S-16348) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 2.png)]

Delete redis-3 to do the following

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-gS8lVysg-1635409) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 3.png)]

springboot Micro Service Deployment (Todo)

Docker Compose

brief introduction

DockerFile build run manual operation, single container

Microservices. 100 microservices! Dependency

Docker Compose to manage containers efficiently and easily, defining to run multiple containers

Official Introduction

Define and run multiple containers?

YAML file configuration file.

single command. What are the commands?

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. Then, with a single command, you create and start all the services from your configuration. To learn more about all the features of Compose, see the list of features.

Compose is available for all environments.

Compose works in all environments: production, staging, development, testing, as well as CI workflows. You can learn more about each case in Common Use Cases.

Three steps:

Using Compose is basically a three-step process:

  1. Define your app's environment with a Dockerfile so it can be reproduced anywhere
    • Dockerfile guarantees that our project can run anywhere
  2. Define the services that make up your app in docker-compose.yml so they can be run together in an isolated environment.
    • What is a service?
    • How to write the file docker-compose.yml!
  3. Run docker compose up and the Docker compose command starts and runs your entire app. You can alternatively run docker-compose up using the docker-compose binary.
    • Start Project

Role: Batch container arrangement

I understand it myself

Compose is the official open source project for Docker and needs to be installed!

Dockerfile lets the program run anywhere. web services. redis, mysql, nginx...multiple containers.

Compose

version: "3.9"  # optional since v1.27.0
services:
  web:
    build: .
    ports:
      - "5000:5000"
    volumes:
      - .:/code
      - logvolume01:/var/log
    links:
      - redis
  redis:
    image: redis
volumes:
  logvolume01: {}

Docker-compose up to 100 services

Compose: Important concepts.

  • Service services: Container, application. (web, redis, mysql...)
  • project. A set of associated containers. Blog. web, mysql.

install

1. Download

 sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-uwuQbFTo-1635341) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2022.png)]

[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-mrKEexz4-1635402) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202131313131315.png)]

2. Authorization

sudo chmod +x /usr/local/bin/docker-compose

[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-X3F7mURR-1635343) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2029.png)]

(See more official websites...)

experience

https://docs.docker.com/compose/gettingstarted/

Docker Swarm

Cluster deployment, 4 Ali cloud servers, 2-core 4G

Jenkins for CI/CD

Tags: Operation & Maintenance Docker Container

Posted on Sat, 30 Oct 2021 16:13:56 -0400 by jodyanne