Crazy docker
Docker Installation
Overview of Docker
Common Container Commands
Summary
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-3ADBtITI-1635347) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2028.png)]
Homework exercises
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-ssam1hJT-1635340) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20280.png)]
Explanation of container mirroring
Container data volume
What is a container data volume
Using data volumes
Actual Warfare: Install MYSQL
Anonymous and Anonymous Mounts
#Anonymous mount -v Path inside container docker run -d -p --name nginx01 -v /etc/nginx nginx #View all volume s [root@kuangshen home] # docker volume ls local 1dc95cc8c935cf5319a0b30b21b4ed85c07a8151be02aa4bc249924969e2695b #Here we find that this is an anonymous mount, where we write only the paths inside the container but not outside the container at -v. #Named Mount [root@kuangshen home] # docker run -d -P --name nginx02 -v jumping-nginx: etc/nginx nginx a9ce4fcee637f6b81d7759816b7ef43a8a4a82ab1fe4af63884fe97568dceb31 [root@kuangshen home] # docker volume ls local jumping-nginx # Pass-v Volume Name: Path in Container # Check out this volume
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-C1MKTuFJ-1635342) (C:\UsersxuhongyuanAppData\LocalYNotedata xuhy95@163.com d98edbb5d045828d1fc8d79adb3219clipboard.png)]
Expand:
# Change read and write permissions through-v container power, ro, and rw ro readonly read-only rw readwrite Read-write #Once this has set container permissions, containers have limits on what we can mount! docker run -d -P --name nginx02 -v jump-ngnix:/etc/nginx:ro nginx docker run -d -P --name nginx02 -v jump-ngnix:/etc/nginx:rw nginx # When ro sees ro, it means that this path can only be operated on by the host machine, and there is no operation inside the container.
First Identity Dockerfile
Dockerfile is the build file used to build the Docker image! Command script, try it first!
Through this script, mirrors can be generated one layer at a time, scripts commands one by one, each command is one layer!
#Create a dockfile with a name that randomly suggests a Dockfile # Content directive (uppercase) parameters in file FROM centos VOLUME ["/volume01","/volume02"] CMD echo "----end----" CMD /bin/bash # Here each command is the layer of the mirror
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Ll47mm1O-1635345) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202310.png)]
# Start, write your own container
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-i1wxyw2f-1635348) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 8.png)]
There must be a synchronized directory outside this volume!
Check the path of the volume mount
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-siZNC3xV-1635340) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue)]
Test if the file you just created is synchronized!
We'll use it a lot in the future, because we usually build our own mirrors!
Assuming that the volume was not mounted when the mirror was built, mount the-v volume name manually: the path inside the container!
Data Volume Container
Synchronize data with two mysql s!
Start three containers and start through the one we just wrote.
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-RfdrSovu-163534401) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 1.png)]
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-nbABaYIT-1635343) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 2.png)]
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-4bIVsTKI-163534655) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 1.png)]
# Test: you can delete docker01 to see if docker02 and docker03 can also access this file # Tests are still accessible
Multiple mysql s for data sharing
[root@kuangshen home]# docker run -d -p 3310:3306 -v /etc/mysql/conf.d -v /var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7 [root@kuangshen home]# docker run -d -p 3310:3306 -e MYSQL_ROOT_PASSWORD=123456 --name mysql02 --volumes-from mysql01 mysql:5.7 # At this point, two containers can be synchronized
Conclusion:
Configuration information is passed between containers, and the life cycle of a data volume container lasts until no containers are used.
But once you persist locally, the local data will not be deleted at this time!
DockFile
Introduction to DockFile
The dockerfile is the file used to build the docker image! Command parameter script!
1. Write a dockfile
2. docker build s into a mirror
3. Doker run mirror
4. DockerHub, Ali Cloud Mirror Warehouse
See what the authorities are doing
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-xjfFIL2Q-163534407) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20255.png)]
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-MWCecxuH-163534659) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20233.png)]
Many of the official mirrors are basic packages and many of the functions are not available. We usually set up our own mirrors!
Now that the authorities can make mirrors, so can we!
DockFile build process
Fundamentals
1. Each reserved keyword (instruction) must be a capital letter
2. Execute from top to bottom
3. #indicates a comment
4. Each instruction creates and submits a new mirror layer!
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-geJxHQQv-163534660) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-10233330;0.png)]
Dokfile is for development. To publish projects and mirror them in the future, we need to write a dockcfile file, which is very simple!
Docker mirroring is becoming the standard for enterprise delivery and must be mastered!
Steps: Development, Deployment, Operations and Maintenance. Not a single one can be omitted!
Dockfile: Build the file, define all the steps, source code
DockfileImages: Build a generated image through DockFile, and ultimately publish and run the product!
Docker container: A container is one that runs as a mirror to provide services
Instructions for DockerFile
We used to use someone else, but now that we know these instructions, let's practice writing a mirror for ourselves!
FROM # Basic Mirror, everything built from here MAINTAINER # Who wrote the mirror, name + mailbox RUN # Commands to run when the mirror is low enough ADD # Step: tomcat mirror, decompress the tomcat package! Add content to the mirror WORKDIR # Mirrored Working Directory VOLUME # Mirrored Working Directory EXPOSE # Preserve port configuration CMD # Specifies the command to run when this container starts, only the last one will take effect and can be replaced ENTRYPOINT # Specify the commands to run when this container starts, and you can append commands ONBUILD # When an inherited DockFile is built, the ONBUILD directive is run, triggering the directive. COPY # Like ADD, copy our files into a mirror ENV # Set environment variables when building
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-4DNTgUIl-1635401) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20259.png)]
Field Test
99% of mirrors in Dockerhub are FROM scratch es from this base
Then configure the software and configuration you need to build it.
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Lutb3q2J-1635402) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2023.png)]
Create your own directory
#1. Write Dockfile [root@kuangshen dockfile]# cat mydockerfile-centos FROM centos MAINTAINER kuangshen<24736743@qq.com> ENV MYPATH /usr/local WORKDIR $MYPATH RUN yum -y install vim RUN yum -y install net-tools EXPOSE 80 CMD echo $MYPATH CMD echo "---end---" CMD /bin/bash # 2. Build a mirror from this file # Command docker build-f dockerfile file file path-t mirror name: [tag] Successfully built e2bd75cfe070 Sucessfully tagged mycentos:0.1
Contrast: Previous native centos
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-YMikmkhW-163540663) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20240.png)]
A mirror after we added it
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-YqXutg1i-163540664) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2027073.png)]
We can list the history of changes made locally
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-SHRXTDar-163540665) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue.png)]
We usually get a mirror, so we can study how it does it?
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-58y62MiB-163534665) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20236.png)]
Difference between CMD and ENTRYPOINT
CMD # Specifies the command to run when this container starts, only the last one will take effect and can be replaced ENTRYPOINT # Specify the commands to run when this container starts, and you can append commands
Test cmd
#To write dockfile file[root@kuangshen dockfile]# vim dockfile-cmd-testFROM centosCMD ["ls","-a"]#Build Mirror[root@kuangshen dockfile]# docker build -f dockfile-cmd-test -t cmdtest .# run Run, discover our ls -a Command takes effect[root@kuangshen dockfile]# docker run dd8e4401d72f....dockerenvbindevetchomeliblib64lost+foundmediamntoptprocrootrunsbinsrvsystmpusrvar# Want to append a command -l ls -alxuhongyuan@qualitycenter03:/mnt/data1/work/xuhongyuan/mydocker/dockfile$ docker run 30f7e8d23b5c -ldocker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"-l\": executable file not found in $PATH": unknown.# Clean-up of cmd-l replaces the CMD ['ls','a'] command, -l is not a command and therefore errors
Test entrypoint
[root@kuangshen dockfile# vim dockfile-entrypoint-test FROM centos ENTRYPOINT ["ls","-a"] [root@kuangshen dockfile]# docker build -f dockerfile-entrypoint-test -t entrypoint-test . Sending build context to Docker daemon 16.9kB Step 1/2 : FROM centos ---> 5d0da3dc9764 Step 2/2 : ENTRYPOINT ["ls","-a"] ---> Running in 85874b254892 Removing intermediate container 85874b254892 ---> 41a0167dfb24 Successfully built 41a0167dfb24 Successfully tagged entrypoint-test:latest # run runs and finds our ls-a command in effect [root@kuangshen dockfile]# docker run 41a0167dfb24 . .. .dockerenv bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var # Want to append a command-l to ls-al [root@kuangshen dockfile]# docker run 41a0167dfb24 -l total 56 drwxr-xr-x 1 root root 4096 Oct 16 11:43 . drwxr-xr-x 1 root root 4096 Oct 16 11:43 .. -rwxr-xr-x 1 root root 0 Oct 16 11:43 .dockerenv lrwxrwxrwx 1 root root 7 Nov 3 2020 bin -> usr/bin drwxr-xr-x 5 root root 340 Oct 16 11:43 dev drwxr-xr-x 1 root root 4096 Oct 16 11:43 etc drwxr-xr-x 2 root root 4096 Nov 3 2020 home lrwxrwxrwx 1 root root 7 Nov 3 2020 lib -> usr/lib lrwxrwxrwx 1 root root 9 Nov 3 2020 lib64 -> usr/lib64 drwx------ 2 root root 4096 Sep 15 14:17 lost+found drwxr-xr-x 2 root root 4096 Nov 3 2020 media drwxr-xr-x 2 root root 4096 Nov 3 2020 mnt drwxr-xr-x 2 root root 4096 Nov 3 2020 opt dr-xr-xr-x 319 root root 0 Oct 16 11:43 proc dr-xr-x--- 2 root root 4096 Sep 15 14:17 root drwxr-xr-x 11 root root 4096 Sep 15 14:17 run lrwxrwxrwx 1 root root 8 Nov 3 2020 sbin -> usr/sbin drwxr-xr-x 2 root root 4096 Nov 3 2020 srv dr-xr-xr-x 13 root root 0 Oct 9 08:33 sys drwxrwxrwt 7 root root 4096 Sep 15 14:17 tmp drwxr-xr-x 12 root root 4096 Sep 15 14:17 usr drwxr-xr-x 20 root root 4096 Sep 15 14:17 var
There are many commands in dockfile that are very similar, and we need to understand their differences. Our best learning is to compare them and then test them.
Actual Warfare: Tomcat Mirror
1. Prepare tomcat compression package for mirror file, jdk compression package
[root@kuangshen tomcat]# ll total 165972 -rw-r--r-x 12 root root 10909702 Sep 15 14:17 jdk-8u171-linux-x64.tar.gz -rw-r--r-x 20 root root 159019376 Sep 15 14:17 apache-tomcat-9.0.54
2. Write a dockfile, officially name the Dockfile. Build will automatically find this file, so -f does not need to be specified!
FROM centos MAINTAINER xhy<xuhongyuan@momenta.ai> #Copy c.txt of the host's current context to the container/usr/local path COPY c.txt /usr/local/cincontainer.txt #Add java and tomcat to the container ADD jdk-8u171-linux-x64.tar.gz /usr/local/ ADD apache-tomcat-9.0.54 /usr/local/ #Install vim editor RUN yum -y install vim #Set WORKDIR path and login destination for work access ENV MYPATH /usr/local WORKDIR $MYPATH #Configuring java and tomcat environment variables ENV JAVA_HOME /usr/local/jdk1.8.0_171 ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.54 ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.54 ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin #Port on which the container listens while it is running EXPOSE 8080 #Run tomcat at startup #ENTRYPOINT ["/usr/local/apache-tomcat-9.0.54/bin/startup.sh"] #CMD ["/usr/local/apache-tomcat-9.0.54/bin/catalina.sh","run"] CMD /usr/local/apache-tomcat-9.0.54/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.54/bin/logs/catalina.out
3. Build a mirror
# docker build -t diytomcat .
4. Boot Mirror
[root@kuangshen tomcat]# docker run -d -p 9090:8080 --name kuangshentomcat -v /mnt/data1/work/xuhongyuan/mydocker/tomcat9/test:/usr/local/apache-tomcat-9.0.54/webapps/test -v /mnt/data1/work/xuhongyuan/mydocker/tomcat9/tomcat9logs/:/usr/local/apache-tomcat-9.0.54/logs --privileged=true diytomcat[root@kuangshen tomcat]# docker exec -it kuangshentomcat /bin/bash
5. Access test (host ip:9090 access display)
6. Publish the project (we can publish directly by writing the project locally because of the volume mount!)
Create the WEB-INF folder (create web.xml internally) and index.jsp under the test folder
web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"></web-app>
index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html><html><head><meta charset="utf-8"><title>hello,kuangshen</title></head><body>Hello World!<br/><%System.out.println("----my test web logs----");%></body></html>
Visit the host IP+9090/test to see the jsp interface
System.out.println ("--- my test web logs----");// Background log page output once per visit (tail-f catalina.out)
Discover project deployment success, can access ok directly!
Our future development steps: need to master dockfile writing! Everything after us is running the publish using a docker image!
Publish your own image
DockerHub
1. Address https://hub.docker.com/ Register your own account
2. Make sure this account can be logged in (my account xuhy95)
3. Submit your own image on our server
[root@kuangshen tomcat]# docker login --help
Usage: docker login [OPTIONS] [SERVER]
Log in to a Docker registry.
If no server is specified, the default is defined by the daemon.
Options:
-p, --password string Password
--password-stdin Take the password from stdin
-u, --username string Username
4. Once you are logged in, you can submit the mirror, which is a docker push
[root@kuangshen tomcat]# docker push diytomcat The push refers to repository [docker.io/library/diytomcat] f9f7fba939ae: Preparing 77b0313ff515: Preparing 7aac11dc96b2: Preparing b2e3e5c85eef: Preparing 74ddd0ec08fa: Preparing denied: requested access to the resource is denied #push mirror problem? [root@kuangshen tomcat]# docker push xuhy95/diytomcat1.0 The push refers to repository [docker.io/xuhy95/diytomcat1.0] An image does not exist locally with the tag: xuhy95/diytomcat1.0 #Solve, add a tag [root@kuangshen tomcat]# docker tag diytomcat xuhy95/diytomcat:1.0 #docker push up! Publish your own images with version numbers whenever possible [root@kuangshen tomcat]# docker push xuhy95/diytomcat The push refers to repository [docker.io/xuhy95/diytomcat] f9f7fba939ae: Pushing [===============> ] 22.17MB/72.72MB 77b0313ff515: Pushing [===========================> ] 8.837MB/16.04MB 7aac11dc96b2: Pushing [=> ] 9.341MB/387.4MB b2e3e5c85eef: Pushing 2.56kB 74ddd0ec08fa: Pushing [====
Submits are also made at the mirrored level.
Ali Cloud Mirror Service
1. Log on to Aliyun
2. Find Container Mirror Service
3. Create a namespace
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-XijimRw1-163540666) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202600459.png)]
4. Create a container image
Click Mirror Warehouse - > Create Warehouse
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-OJulxVTx-163534667) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue.png)]
5. Browse Ali Cloud
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-xiSdgxGI-163534668) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2020342.png)]
Ali Cloud Container Mirror Release Reference Official Documents
[root@xuhongyuan tomcat]# docker login --username=xuhy95 registry.cn-hangzhou.aliyuncs.com [root@xuhongyuan tomcat]# docker tag 9e06224a1073 registry.cn-hangzhou.aliyuncs.com/bilibili-xuhy95/xuhy95-test:v1.0 [root@xuhongyuan tomcat]# docker push registry.cn-hangzhou.aliyuncs.com/bilibili-xuhy95/xuhy95-test:v1.0
(copy right by xiaoxu)
Summary
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-TnFQDkyp-163540669) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2024.png)]
Docker Network
Understanding Docker0
test
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-SIBMtsRi-163534669) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2025.png)]
Three networks
#Question: How does docker handle container network access?
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Q6GIxblE-163534670) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2025046.png)]
# [root@kuangshen /] # docker run -d -P --name tomcat01 tomcat #Look at the container's internal network address ip addr and find that when the container starts, it gets a eth0@if262 ip address, docker assigned! [root@kuangshen /]# docker exec -it tomcat01 ip addr 1: 10: <LOOPBACK, UP, LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback00:00:00:00:00:00 br 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 261: ethoGif262: <BROADCAST, MULTICAST, UP ,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42: ac:12:00:02 brd ff:ff:ff:ff:ff:fflink-netnsid0 inet 172.18.0.2/16 br 172.18.255.255 scope global etho valid_lft forever preferred_lft forever #Reflection. 1iunx can ping through the inside of the container! [root@kuangshen /]# ping 172.18.0.2 PING 172.18.0.2 (172.18.0.2) 56 (84) bytes of data. 64 bytes from 172.18.0.2: imp_seq=1 ttl=64 time=0.067 ms 64 bytes from 172.18.0.2: imp seq-2 tt1=64 time=0.055 ms # linux can ping through the docker container interior
principle
1. As soon as we start each docker container, the docker will assign an ip to the docker container. As long as the docker is installed, there will be a docker 0 bridge mode for the network card. The technology used is evth-pair technology!
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-TbLJm85P-163534671) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 32.png)]
2. Start another container test
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-sTxX368x-163534673) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 3.png)]
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-SDaZJBSu-163534674) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2029.png)]
# We found that this container brings network cards, which are all pairs# evth-pair Is a pair of virtual device interfaces that appear in pairs, one protocol connected to another# Because of this feature, evth-pair Acting as a bridge connecting various virtual network devices# Openstack, connections between Docker containers, and connections to ovs all use evth-pair Technology
3. Let's test whether tomcat01 and tomcat 02 can ping!
[root@kuangshen /1# docker exec -it tomcat02 ping 172.18.0.2# Conclusion: Containers and containers can ping each other!
Draw - a network model diagram
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-xHbdKnHx-163534675) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 57.png)]
Conclusion: tomcat01 and tomcat02 are public routers, docker0
All containers are routed by docker0 without specifying a network, and docker assigns our containers a default available IP
Summary
Docker uses a Linux bridge, docker0 is a Docker container's bridge in the host
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-R2R5jPXn-163534675) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202002134;png)]
All network interfaces in the Docker are virtual. Virtual transfer efficiency! (Intranet Delivery Files!)
As long as the container is deleted, there will be no pair of corresponding bridges!
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-UmFgVr6U-163534676) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 8.png)]
Container interconnection - link
Consider a scenario where we wrote a microservice, database url=ip, the project does not restart, the database IP has been replaced, and we want to be able to address this issue by accessing the container by name?
[root@kuangshen /]# docker exec -it tomcat02 ping tomcat0l ping: tomcat0l: Name or service not known #How can I solve it? #adopt--1ink It solves the problem of network connectivity Lroot@kuangshen /J# docker run -d -p -name tomcat03 --link tomcat02 5ca72d80ebb048d3560df1400af03130f37ece244be2a54884336aace2106884 [root@kuangshen /]# docker exec -it tomcat03 ping tomcat02 PING tomcat02 (172.18.0.3) 56(84) bytes of data. 64 bytes from tomcat02 (172.18.0.3): icmp_seq-1 tt1=64 time=0.100 ms 64 bytes from tomcat02 (172.18.0.3): icmp_seq=2 ttl=64 time=0.066 ms 64 bytes from tomcat02 (172.18.0.3): imp_seq=3 tt1=64 time=0.067 ms #Can I ping in reverse? [root@kuangshen /]# docker exec -it tomcat02 ping tomcat03 ping: tomcat03: Name or service not known
Explore: docker network inspect network card ID (network card ID can be viewed through docker network ls)
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-nvCXIYKK-163534678) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 0.png)]
Actually, this tomcat03 configures tomcat02 locally?
# Check the hosts configuration and find out how it works here! [root@kuangshen /]# docker exec -it tomcat03 cat /etc/hosts 127_0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ffO2::2 ip6-allrouters 172.18.0.3 tomcat02 312857784cd4 172.18.0.4 5ca7 2d80ebb0
Essential exploration: link is the addition of 172.18.0.3 tomcat02 312857784cd4 to the hosts configuration
We are no longer recommended to use -link for Docker now!
Customize the network! Doker0 does not apply!
docker0 problem: he does not support container name connection access!
Custom network
View all docker networks
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-GpZuyhgs-163534679) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20229.png)]
Network mode
Bridge: Bridge docker (by default, create your own and use bridge mode)
none: do not configure network
Host: Share network with host
Container: container network connected! (less used, limited)
test
#The command we started directly--net bridge, which is our docker0 docker run -d -P --name tomcat01 tomcat docker run -d -P --name tomcat01 --net bridge tomcat #docker0 features: by default, the domain name is not accessible, --link can make a connection! #We can customize a network! # --driver bridge default Bridge # --subnet 192.168.0.0/16 subnet address (192.168.0.2-192.168.255.255) # --gateway 192.168.0.1 gateway [root@kuangshen /]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet eb21272b3a35ceabal1b4aa5bbff131c3fb09c4790f0852ed4540707438db052 [root@kuangshen /J# docker network ps Usage: docker network COMMAND Manage networks Commands: connect Connect a container to a network create Create a network disconnect Disconnect a container from a network inspect Display detailed information on one or more networks ls List networks prune Remove all unused networks rm Remove one or more networks Run 'docker network COMMAND --help' for more information on a command, [root@kuangshen /]# docker network ls NETWORK ID NAME DRIVER SCOPE 5a008c015cac bridge bridge local db44649a9bff composetest default bridge local ae2b6209c2ab host host local eb21272b3a35 mynet bridge local c037f7ec7e57 none null local b701476a0394 redis bridge local
Our own network is created
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-zp4Zjupr-1635400) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20270.png)]
Create two containers below to see if ping pass is possible and use inspect to see if the container is in a network segment
[root@kuangshen /]# docker run -d -P --name tomcat-net-01 --net mynet tomcat
d3a26fb6d9781099996cff789f6ac569c832d8c5de041f8afb5d5d3e453c2149
[root@kuangshen /]# docker run -d -P --name tomcat-net-02 --net mynet tomcat
23bf0657bed88f371cef2427506189e408bb005b3093c040b3c1cd1c452c877b
[root@kuangshen /]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "3207737ab0d6f9196e4a02e9de61e6f8d8262780c3579c10e95123287de6181e",
"Created": "2021-10-19T13:17:33.354873272+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"23bf0657bed88f371cef2427506189e408bb005b3093c040b3c1cd1c452c877b": {
"Name": "tomcat-net-02",
"EndpointID": "0647dd1dc2159d2d8c71139cb77141cd4b45112a5f9dad4ca5d01c91ac534a9b",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"d3a26fb6d9781099996cff789f6ac569c832d8c5de041f8afb5d5d3e453c2149": {
"Name": "tomcat-net-01",
"EndpointID": "54746ee657abf237ea1d4a89c6cc47adbf5fcf4abdfe6cc297ef65f932ca67c8",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
# Test the ping connection again
[root@kuangshen /]# docker exec -it tomcat-net-01 ping 192.168.0.3
PING 102.168.0. 3 (192,168.0.3) 56(84) bytes of data.
64 bytes from 192,168.0.3: icmp_seg=1 ttl=64 time=0.085 ms
64 bytes from 192,168.0.3: icmp_seg=2 ttl=64 time=0.070 ms
^C
--- 192.168.0.3 ping statistics ---
2 packets transmitted, 2 received, O% packet loss, time 999ms
rtt min/avg/max/mdev= 0.070/0.077/0.085/0.011 ms
# Don't use it now--link can also ping!
[root@kuangshen /]#docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3): 56 data bytes
64 bytes from 192.168.0.3: icmp_seq=0 ttl=64 time=0.033 ms
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.080 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.099 ms
64 bytes from 192.168.0.3: icmp_seq=4 ttl=64 time=0.105 ms
^C--- tomcat-net-02 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.033/0.085/0.106/0.027 ms
(If in use tomcat Not Installed in Mirror ping Commands can be installed in containers net-ping test apt-get install inetutils-ping
If installed ping An error occurred in the command: Unable to locate packet I just can't find the package. sudo apt-get update Just go down)
Our customized network docker has helped us maintain the corresponding relationship, we recommend using the network like this in normal times!
Benefits:
redis - Different clusters use different networks to ensure that the cluster is safe and healthy
mysql-Different clusters use different networks to keep clusters safe and healthy
Network Connectivity
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-vqfHIYeW-1635400) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20223.png)]
Core: Connect a container to a network
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-4xZS0C3J-1635401) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2021215.png)]
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-vdMIq5jI-1635402) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-20210.png)]
# Test Open Tomcat01-mynet [root@kuangshen /]# docker network connect mynet tomcat01 # After Unicom, put tomcat01 under mynet network? # One container, two ip addresses #Ali Cloud Service, Public ip Private ip
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-b7CFvp1v-1635402) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 5.png)]
# 01 Connected ok [root@kuangshen /]# docker exec -it tomcat01 ping tomcat-net-01 PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data. 64 bytes from tomcat-net-01.mynet (192.168.0.2): imp_seq=1 tt1=64 time=0.072 ms 64 bytes from tomcat-net-01.mynet (192.168.0.2): imp_seq-2 tt7=64 time=0.070 ms #02 is still not working [root@kuangshen /]# docker exec -it tomcat02 ping tomcat-net-01 ping: tomcat-net-01: Name or service not known
Conclusion: To operate across networks, docker network connect ion is required.
Actual Warfare: Deploy Redis Cluster (Todo)
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-BA8VXrSA-1635403) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2029.png)]
kuansghen version:
# Create script
docker network create redis --subnet 172.38.0.0/16
# Create six redis configurations through scripting
for port in $(seq 1 6);\
do \
mkdir -p /mydata/redis/node-${port}/conf
touch /mydata/redis/node-${port}/conf/redis.conf
cat << EOF >/mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-announce-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done
#Create 6 redis services
for port in $(seq 1 6);\
do \
docker run -p 637${port}:6379 -p 1637${port} \
-v /mydata/redis/node-${port}/data:/data \
-v /mydata/redis/node-${port}/conf/redis.conf:/etc/redis/redis.conf
-d --net redis --ip 172.38.0.1${port} redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf; \
done
#Create Cluster
redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379
--cluster-replicas 1
Server self-test version (deletable):
# Create script
docker network create redis --subnet 172.38.0.0/16
# Create six redis configurations through scripting
for port in $(seq 1 6);\
do \
mkdir -p /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf
touch /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf/redis.conf
cat << EOF >/mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-announce-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done
mkdir -p /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf
touch /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf/redis.conf
cat << EOF >/mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-announce-timeout 5000
cluster-announce-ip 172.38.0.11
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
Six redis service configurations were created from the above code, and redis.conf is checked for correct configurations
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-OWpm5otU-1635405) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202820.png)]
#Create 6 redis services
for port in $(seq 1 6);\
do \
docker run -p 637${port}:6379 -p 1637${port}:16379 --name redis-${port}\
-v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/data:/data \
-v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-${port}/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.1${port} redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf\
done
If not, use the following command
docker run -p 6371:6379 -p 16371:16379 --name redis-1 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.11 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
docker run -p 6372:6379 -p 16372:16379 --name redis-2 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-2/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-2/conf/.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.12 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
docker run -p 6373:6379 -p 16373:16379 --name redis-3 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-3/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-3/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.13 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
docker run -p 6374:6379 -p 16374:16379 --name redis-4 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-4/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-4/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.14 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
docker run -p 6375:6379 -p 16375:16379 --name redis-5 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-5/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-5/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.15 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
docker run -p 6376:6379 -p 16376:16379 --name redis-6 -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-6/data:/data -v /mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-6/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 172.38.0.16 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
#Enter container redis-1
docker exec -it redis-1 /bin/sh
xuhongyuan@qualitycenter03:/mnt/data1/work/xuhongyuan/mydocker/mydata/redis/node-1/conf$ docker exec -it d2544673f10e /bin/sh
/data # ls
/data #
(The file directory is empty, indicating that there was a problem creating the configuration file or creating the container configuration)
# Create Cluster redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379 --cluster-replicas 1
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Wxr77Zlc-1635405) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queuing 3.png)]
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-boXRONZk-1635406) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2022.png)]
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-Bqb39QCL-1635347) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2028.png)]
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-NDX6TS3S-16348) (C:UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 2.png)]
Delete redis-3 to do the following
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-gS8lVysg-1635409) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-queue 3.png)]
springboot Micro Service Deployment (Todo)
Docker Compose
brief introduction
DockerFile build run manual operation, single container
Microservices. 100 microservices! Dependency
Docker Compose to manage containers efficiently and easily, defining to run multiple containers
Official Introduction
Define and run multiple containers?
YAML file configuration file.
single command. What are the commands?
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. Then, with a single command, you create and start all the services from your configuration. To learn more about all the features of Compose, see the list of features.
Compose is available for all environments.
Compose works in all environments: production, staging, development, testing, as well as CI workflows. You can learn more about each case in Common Use Cases.
Three steps:
Using Compose is basically a three-step process:
- Define your app's environment with a Dockerfile so it can be reproduced anywhere
- Dockerfile guarantees that our project can run anywhere
- Define the services that make up your app in docker-compose.yml so they can be run together in an isolated environment.
- What is a service?
- How to write the file docker-compose.yml!
- Run docker compose up and the Docker compose command starts and runs your entire app. You can alternatively run docker-compose up using the docker-compose binary.
- Start Project
Role: Batch container arrangement
I understand it myself
Compose is the official open source project for Docker and needs to be installed!
Dockerfile lets the program run anywhere. web services. redis, mysql, nginx...multiple containers.
Compose
version: "3.9" # optional since v1.27.0
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
Docker-compose up to 100 services
Compose: Important concepts.
- Service services: Container, application. (web, redis, mysql...)
- project. A set of associated containers. Blog. web, mysql.
install
1. Download
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-uwuQbFTo-1635341) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2022.png)]
[External chain picture transfer failed, source may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-mrKEexz4-1635402) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-202131313131315.png)]
2. Authorization
sudo chmod +x /usr/local/bin/docker-compose
[External chain picture transfer failed, source station may have anti-theft chain mechanism, it is recommended to save the picture and upload it directly (img-X3F7mURR-1635343) (C:\UsersxuhongyuanAppDataRoamingTyporatypora-user-imagesimage-2029.png)]
(See more official websites...)
experience
https://docs.docker.com/compose/gettingstarted/
Docker Swarm
Cluster deployment, 4 Ali cloud servers, 2-core 4G