Docker thought
-
container
Put everything you need into a different container, and whoever needs the environment can just get it.
-
standardized
- Transportation is standardized. Docker has a dock where all uploaded containers are stored. When someone needs a certain environment, he or she can directly move the container.
- Command standardization, Docker provides some instructions to help us to operate to obtain.
- It provides REST apis that have spawned many graphical interfaces, Rancher.
-
Isolation,
Docker will create a separate space in the Linux kernel when running the contents of the container, which will not affect other programs.
Registry. (Superterminal, with containers on top)
The mirror. (Container)
The container. (Running image)
Install the docker
#1. Download the Docker dependency environment
yum -y install yum-utils device-mapper-persistent-data lvm2
#2. Set the image source to download docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 3. Install the docker
yum makecache fast
yum -y install docker-ce
#4. Start, and set the startup to automatically start, test
Start the Docker service
systemctl start docker
Set boot up
systemctl enable docker
# test
docker run hello-world
Copy the code
I have a few problems here
1. If the installation fails, run yum -y install docker-ce again.
If a request is repeated too quickly for a docker.service, run the following command: Error while creating Filesystem XFS on device Docker-8:3-34889290-Base: exit status 1 storage-driver=devicemapper. The version of the XFS file system management tool is too early. Run the yum update xfsprogs -y command to upgrade the tool. To start again. Check the status systemctl status docker.
3. Start after a successful run the hello world – fails, an error docker: always connect to the daemon at docker Unix: / / / var/run/docker. The sock., check a circle data feel are wrong. Restart the VM, restart the Docker, and run it again. Success.
Docker version 19.03.12, Build 48a66213FE
Docker central Repository
-
Docker’s official central repository
-
Domestic mirror warehouse, Netease Phoenix Nest, Daoclould….
The hub. Daocloud. IO/recommendations
The problems I have encountered with using this site:
Docker pull daocloud. IO/library/tomcat: 8.5.15 – jre8 cannot download, at 509, certificate validation fails
View the certificate for hub.daoCloud. IO/and download its secondary…
-
Internal use of private server to pull (add configuration)
/etc/docker/daemon.json /docker/daemon.json /etc/docker/daemon.json"registry-mirrors": ["https://registry.docker-cn.com"]."insecure-registries": ["ip:port"] -reload systemctl restart dockerCopy the code
Docker mirror
Docker Images allows you to view existing images
throughDocker pull image name
To pull the specified image from the repository, passdocker search redis
View available versions.
Let’s pull the latest image of Redis
Docker run-itd –name redis-test -p 6379:6379 redis
Parameter Description:
Options | Mean |
---|---|
-i | Run the container in interactive mode, usually with -t; |
-t | Reassign a pseudo-input terminal to the container, usually used in conjunction with -i; |
-d | Run the container in the background and return the container ID; |
-p | Map port 6379 of the container service to port 6379 of the host. External users can directly access the Redis service through host IP :6379. |
Check container operation information by docker ps,docker ps -a command, query all containers
Enter our Redis container
Docker execit redis-test /bin/bash docker execit container ID /bin/bashCopy the code
And try to execute a command
Docker stop container id to stop a container, docker restart container ID to restart a container.
Delete the image using the docker rmI command, for example we delete the hello-world image:
Docker RMI Hello-world or Docker RMI image IDStop all containers
docker stop $(docker ps -qa)
Delete all containers
docker rm $(docker ps -qa)
Copy the code
If the image is running, delete the container and docker rm container ID first. Otherwise, deletion fails
Image Import and Export
# export mirrorDocker save-o./test.images Image ID# import image
docker load -i test.images
# Change the image nameDocker tag Image ID New image name: version# export container
docker export. / test. The tar image idImport the image from the container and name the image
docker import ./test.tar mytest
Copy the code
Viewing container Logs
Docker logs -f Container IDCopy the code
Clear image files that are not being used by the container
docker image prune -af
#Remove redundant data, including stopped containers, redundant images, unused volumes, and so on
docker system prune -f
Copy the code
Container life cycle
The life cycle of a container is the possible state of the container. The life cycle of a container can be divided into five types.
Created: created initially
Running: Indicates the running status
Stopped: Indicates the stopped state
Paused: paused
Deleted: indicates the deletion status
Docker application
Prepare project
Preparing the mysql container
--name specifies the name of the container, specifies the password of the root user, and specifies the version to run after the colon tag parameterDocker run - d - p - 3306-3306 the name mysql - e MYSQL_ROOT_PASSWORD = root daocloud. IO/library/mysql: 5.7.4Copy the code
Problems encountered
- Navicat failed to connect
Check the Internet. It’s about 2:00. Mysql > alter user permissions to allow remote connections; Open port 3306 of the host to allow external access. I have changed both of these two points, but I still can not connect, so I continue to change, and also found a service to open, so I open HTTP and mysql, and I still can not connect… After two hours, it’s gone. Decided to use tcpdump to capture the packet on port 3306 the next day, the local machine for Telnet access, to see whether in. Restart the next day, found that can be connected, can only prove one thing: restart the law good !!!!
- Attached are the relevant instructions:
The default firewall of centos7 is FileWall
Firewall – CMD –zone=public –add-port=3306/ TCP –permanent firewall- CMD –reload Check all open ports firewall- CMD –zone=public –list-ports
Put on the service
View services that can be enabled firewall-cmd –get-services Add a service firewall-cmd –permanent –add-service= HTTP View services that can be enabled firewall-cmd –list-services
Mysql > grant remote permission to mysql
Docker exec -it container id bash
Mysql -uroot -p // Enter the mysql command line
use mysql
ALTER USER ‘root’@’%’ IDENTIFIED WITH mysql_native_password BY ‘root’; // Allow any client connection
flush privileges; // Refresh permissions
SELECT user,host FROM user //host is %
Preparing the Tomcat container
Start Tomcat, remember to open firewall port 8080Docker run - itd - name tomcat -p 8080:8080 daocloud. IO/library/tomcat: 8.5.15 - jre8Copy the contents of the host to the Tomcat container by command
Docker cp file name container id: internal path of container
docker cp test.tar f3:/usr/local/tomcat/webapps/
Copy the code
Data volume
Mapping a directory of the host machine to a directory of the container, manipulating files in the host machine, changes in the container
# Create a data volumeDocker Volume Create Data volume name/var/lib/docker/volumes/ _data
# View data volume details
docker volume inspect tomcat
# query all data volumes
docker volume ls
# Delete the data volumeDocker Volume Rm Data volume name# Apply data volume
# When mapping data volumes, docker will automatically create data volumes if they do not exist. In this way, the files in the container will also be stored in the default pathDocker run -v Data volume name: specifies the image ID of the internal path of the container# Specify a path for storing data volumes. This does not default to storing files in containers (recommended)Docker run -v Path: indicates the image ID of the internal path of the containerCopy the code
Specify a data volume mapping when running a mirror:
docker run -d -p 8080:8080 --name tomcat -v tomcat:/usr/local/webapps/ b43
Copy the code
Start tomcat in the data volume, we will be in the/var/lib/docker/volumes/tomcat/webapps _data while forming the found of things
Docker custom image
Create the Dokerfile file and specify the custom image information
#Dockerfile common content in the fileWorkdir: specifies the default working directory of the image. CMD: specifies the command to be executed. (For the command to be executed under workdir, CMD can be multiple, and only the last one prevails.)Copy the code
Example: Customize a Dockerfile file and package our HelloDocker. war deployment as your own image
# Dockerfile content
from daocloud.io/library/tomcat:8.5.15-jre8
copy hellodocker.war /usr/local/tomcat/webapps
Copy the code
Create an image of the Dockerfile file in the current directoryDocker bulid-t Image name: [tag].Copy the code
The diagram below:
Run our custom image:
The use of docker – compose
Previously, running an image required a lot of parameters, which can be written using docker-compose.
Docker-compose helps you batch manage containers, which is a container orchestration tool.
This is done with a docker-comemage. yml file.
# download docker - compose
# Since github website is too slow, you can use http://get.daocloud.io/ to download and modify the version according to the actual situationThe curl -l https://get.daocloud.io/docker/compose/releases/download/1.27.2/docker-compose- ` ` uname - s - ` uname -m ` > / usr /local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
Copy the code
Docker-compose manages mysql and Tomcat containers
Write yml configuration information, version version control: docs.docker.com/compose/com…
My directory and data store: /opt/docker_mysql_tomcat
version: '3.8'
services:
mysql: # service name
restart: always # means that only the Docker is started, so the container is started
network_mode: bridge The default network will not be generated
image: Daocloud. IO/library/mysql: 5.7.4 # select mirror
container_name: mysql # specify the container name
ports:
- 3306: 3306 Port number mapping
environment:
MYSQL_ROOT_PASSWORD: root # Specify the password of user root
TZ: Asia/shanghai # specify time zone
volumes:
- /opt/docker_mysql_tomcat/mysql_data:/var/lib/mysql # Map data volume
tomcat:
restart: always
network_mode: bridge
image: Docker - tomcat: 1.0.0
container_name: docker-tomcat
ports:
- 8080: 8080
environment:
TZ: Asia/shanghai
volumes:
- /opt/docker_mysql_tomcat/tomcat_webapps:/usr/local/tomcat/webapps
- /opt/docker_mysql_tomcat/tomcat_logs:/usr/local/tomcat/logs
Copy the code
Use the docker-compose command to manage the container
When using the docker-compose command, the docker-compose. Yml file will be found in the current directory by default
The docker-compose file is in the docker-compose directory for the first time
docker-compose up -d
# stop
docker-compose stop
# open
docker-compose start
# to restart
docker-compose restart
# Stop and delete
docker-compose down
# check
docker-compose ps
# check log
docker-compose logs -f
Copy the code
Problems encountered
- It starts with the above configuration and everything is fine, but it is not accessible and there are no requests coming in from the listening port
Troubleshooting: Check whether the host is faulty. For example, when you stop the doker-compose container and start an image using the command line mode, you can access it (for example, I started the tomcat mapped host port 8081, which is not released, but can be accessed locally), indicating that there should be no problem with the service virtual machine.
Docker-compose: docker-compose: docker-compose: docker-compose: Docker-compose: Docker-compose: Docker-compose I remember reading a little bit earlier that docker containers generate their own set of net-related things, and that different network modes make them inaccessible.
Query the configured network docker network ls Docker_mysql_tomcat_default is officially generated by default NETWORK ID NAME DRIVER SCOPE 2a460ca90250 bridge bridge local 3e0eb402b8e4 docker_mysql_tomcat_default bridge local cc495b89bd29 host host local a300f2ee0209 none null local Docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-composeDocker inspect Container IDDocker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose: docker-compose network_mode: bridge Copy the code
View the network configuration information
#docker network lsDocker network Inspect Network nameCopy the code
If no network is configured, a new bridge will be created by default. Why cannot the new bridge communicate with the host?
The problem tormented me for a long time and was finally solved. Conclusion first, the reason is that the Linux kernel version is too low and needs to be upgraded.
I got inspired from this blog: blog.csdn.net/coolfishbon…
After the upgrade, create a new bridge again. Start an image at random, use the bridge to enter the container, ping its gateway, and ping its virtual machine address.
Docker-compose is used with Dockerfile
Yml and Dockerfile files are used to start the current image while generating the custom image, and docker-compose is used to manage the container.
# yml file
version: '3.8'
services:
hello:
restart: always
build: Build a custom image
context: ../ # specify the directory where the Dockerfile file resides
dockerfile: Dockerfile
image: Hello: 1.0.0
container_name: hello
ports:
- 8081: 8080
environment:
TZ: Asia/shanghai
Copy the code
Dockerfile file
The from daocloud. IO/library/tomcat: 8.5.15 - jre8 copy hellodocker. War/usr /local/tomcat/webapps
Copy the code
Docker-compose and Dockerfile
docker-compose up -d
If the custom image does not exist, it will be built, if it already exists, it will be run directly
To rebuild, use the following commandDocker-compose bulid or docker-compose up-d --bulidCopy the code
# my directory structure
/root/docker-tomcat/docker-compose -------docker-compose.yml
/root/docker-tomcat ----docker-compose -------Dockerfile ------hellodocker.war
Copy the code
Docker network
Network interfaces in Docker are all virtual interfaces by default. Sandbox, Network and Endpoint form the core model of Docker Network, that is, container Network model. Let’s take a look at docker’s network model
Starting Docker will create a default bridge of Docker0, which is used to communicate with the host and container. There is an address segment and gateway on the bridge, and the IP of each container is obtained from the address segment.
Docker’s default network
$ docker network ls
NETWORK ID NAME DRIVER
7fca4eb8c647 bridge bridge
9f904ee27bf5 none null
cf03ee007fb4 host host
Copy the code
Docker network mode one has the following:
1) Bridge mode, --net=bridge(default) This is the default setting for dokcer networks, creating a separate network namespace for containers, containers with separate network cards and all separate network stacks, is the most common use. This network mode is used by default when docker run starts the container without the --net parameter. After docker is installed, the system will automatically add a bridge docker0 for docker to use. When we create a new container, the container obtains an IP address on the same network segment as Docker0 through DHCP, and connects to the Docker0 bridge by default, so as to achieve network communication between the container and the host. --net=host --net=host --net=host It does not have its own independent Network Namespace, that is, there is no independent Network environment. It uses the IP and port of the host. 3) None mode, --net= None Creates a separate network namespace for the container, but does not do any network configuration for it. Only LO is in the container, and users can customize the container network based on this. In this mode, Dokcer does not do any network configuration for the container. We need to add network cards and configure IP for the container ourselves. Therefore, if you want to use Pipework to configure the IP address of the Docker container, you must be in None mode. 4) Overlay mode, -- NET = Overlay container Uses Overlay network for communication between two hosts. If you use host, you can also use the physical IP address to communicate. 5) User-defined: A new feature added after Docker 1.9 allows containers to use third-party networks or create separate Bridge networks to provide network isolation capabilities.Copy the code
Network-related operations
Create network segment, gateway,-d specify what modeDocker network create -d bridge --subnet=172.22.0.0/24 --gateway=172.22.0.1 my_net# br-{networkId} # br-{networkidDocker network create -d bridge --subnet=172.22.0.0/24 --gateway=172.22.0.1 my_net -o com.docker.network.bridge.name=my_net# Check your existing network
docker network ls
# Delete a networkDocker network Indicates the rm network name# Check the networkDocker network Inspect Network nameCopy the code
Docker CI, CD
CI is introduced
Continuous Integration (CI)
Continuous integration: Write code, commit git, rebuild the project and test it.
Set up gitLab server
-
Create a new VIRTUAL machine with at least 4 gb of memory
-
Install Docker and Docker-compose
-
Write docker-comemage. yml file, change the port number of virtual machine SSH, because Gitlab will occupy port 22
Image address: github.com/CCC1004/git… The whole download process can be lengthy
version '3' services: gitlab: image: 'twang2218 / gitlab - ce - useful: 11.1.4' container_name: 'gitlab' restart: always privileged: true hostname: 'gitlab' environment: TZ: 'Asia/shanghai' GITLAB_OMNIBUS_CONGIG: | external_url 'http://192.168.199.110 # hosting IP gitlab_rails [' time_zone] =' Asia/Shanghai ' gitlab_rails['smtp_enable']=true gitlab_rails['gitlab_shell_ssh_port']=22 ports: - 80: 80 - 443: 443 - 22: 22 volumes: - /opt/docker_gitlab/config:/etc/gitlab - /opt/docker_gitlab/data:/var/opt/gitlab - /opt/docker_gitlab/logs:/var/log/gitlab Copy the code
Install gitlab – runner
The CD is introduced
Continuous delivery, continuous deployment
The server environment was deployed in real time through Gitlab-Runner, and the test environment was deployed through Jenkins after there was no problem in the self-test, which was tested by testers and finally released to the production environment. This is the CI, CD model.
Build Jenkins
Write the docker – compose. Yml
version '3'
services:
jenkins:
image: jenkins/jenkins
restart: always
container_name: jenkins
ports:
- 8888: 8080
- 5000: 5000
volumes:
- ./data:/var/jenkins_home Grant 777 permission to the data directory
Copy the code
[publish SSH] [git parameter]
summary
For this tutorial, I found a video in B station and studied it. I found a lot of problems in the whole practice process, fortunately, they were solved at last. The e gains were there, but the company didn’t use container technology and now I’ve forgotten all about it.