This article has participated in the third “High Yield more text” track of the Denver Creators Training Camp, check out the details:Digg project | Creator Boot Camp phase 3 is underway, “write” to make a personal impact.

background

VMware Workstation/VirtualBox + Vagrant, or other Ali-cloud server management tools. The virtualization server of the company uses VirtualBox tool, combined with Vagrant tool for management, easy to maintain "rapid creation of virtual machines, backup, start/shutdown, capacity expansion" and other operations, this technology is implemented on the WIN system, if the non-desktop version of liunx system how to operate?Copy the code

One, lying in bed one night thinking boring questions, virtualization server? It’s so simple, it’s boring. What about containerization? How do you get started? Now let’s introduce the Docker technology container environment:

# yum install -y docker # yum install -y docker

Docker search centos && Docker pull centos

Step 3: Run the docker run -d image_name/image_id command to start the centos image generation container

  • Tips: The above will stop the container immediately. Solution: add /bin/bash. Docker run -d image_name/image_id /bin/bash

The command ifconfig, SSHD service \service does not exist in the centos container.

  • The installation is performed in two steps: docker exec it containerID /bin/bash Enter the container
    • Install ifconfig: yum Search ifconfig && yum install net-tools.x86_64-y
    • SSHD: yum install -y openssh-server.x86_64
    • The absolute path to start the SSHD service is /usr/sbin/sshd -d
    • You need to generate the private key or public key by ssh-keygen. Otherwise, an error message is displayed: Could not load host key: /etc/ssh/ssh_host_rsa_key
      • ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key
    • Installation service service: yum list | grep initscripts && yum install – y initscripts
  • Docker attach containerID docker attach containerID

Docker stop containerID docker stop containerID

Sixth, submit the current container to the image, and then start a new image generation container on the mapping port.

  • docker stop container
  • docker commit containerID <defind_image_name/version>
  • docker run -itd -p 50001:22 new_imageID /bin/bash

Step 7, you can access the client connection using the mapped port 50001

  • There is one problem: you do not know the password of the root account when booting up.
  • Solution: Log in to the container on the host and change the password of user root to passwd root.
    • Tips: passwd command does not exist, need to install: yum install -y passwd
  • After the SSH server is started, the client can connect to the SSH server remotely.

Tips: Initial commands: docker run –name myCentOS –restart=always -itd -v /opt:/opt -p 50001:22 -p 4321:9527 –privileged centos /usr/sbin/init Docker run –name myCentOS –restart=always -itd -v /opt:/opt -p 5121:22 — Privileged centos-base/v1.0 /usr/sbin/init

At the end of the process, the client can connect to the Linux container server, so the following issues need to be resolved:

Fault 1: The SSHD service is disabled every time the centos container is restarted or started. How can I solve this problem? Here are a few ways to find out:

  • In the ~/. Bashrc file, add the command to start the SSHD service. Before starting the SHHD service without service or solution systemctl, you can only use the absolute path nohuo /usr/sbin/sshd -d &
  • Baidu has a saying: when starting the container, add the parameter: –privileged, < unresolved >, and finally try to add the parameter: /usr/sbin/init accidentally, and start the SSHD service by default

Q2: What about binary packages other than those that can be installed by yum on the first deployment of the environment? How do I transfer files?

  • Yum install -y LRZSZ yum install -y LRZSZ
  • If not lRZSZ-enabled clients, docker CP can be used to transfer files from the host machine to the container and vice versa.
  • Or, when starting the container, mount the host directory to the container with the -v parameter, which can be interpreted as mapping a disk volume.
    • Download commands wget, curl, etc. Download commands wget, curl, etc.

Since the server is used to deploy the service, how can the service deployed in the container be accessed by the external host? We know that one service has one port. If we use the most stupid method, one port and -p parameter map one to the host for external access.

The problem is that there are many services in the container, and if you are not sure which port definitions will be mapped to the host machine?

  • Imagine mapping ports 80 and 443 to implement nginx forwarding services inside the container. Is this possible? I think it will work.
  • The stupidest method is to stop and delete the container and restart the specified mapped port. If there is any new content in the container, it is necessary to stop the container and submit the image first, and then rewrite the Docker run< Add mapped port > restart the container command. The -p parameter maps several ports for later use
  • Json main configuration file and config.v2.json, modify PortBindings, add ExposedPorts, and restart the Docker daemon: Service Docker restart
    • First stop the container, into the container to the directory/var/lib/docker/containers/container id hash value
    • [{“HostIp”:””,”HostPort”:”8001″}] [“HostIp”:””,”HostPort”:”8001″}]
    • Config.v2. json file, modify key: ExposedPorts, increase its value to container port: “80/ TCP “:{}
    • Then restart the Docker daemon, and finally restart the container.
  • The other option is to use firewall mapping (port forwarding) and add the iptalbles rule (this seems easier). In fact, it’s a choice of two ways, because the above method will end up with a record in the Iptalbes rule.
    • To view all iptables rules: iptables -t nat-nvl –line-numbers
    • Iptables -t NAT -a DOCKER -p TCP –dport 8002 -j DNAT –to-destination 172.17.13.5:80
    • Delete port rules for forwarding: iptables -t NAT -d DOCKER 5 5 is num, indicating the number of the rule record in the NAT table
      • It is A little inconvenient, is to remove need to look at to know it’s needs, so there is A solution, use the create command – D parameters – A to remove:
      • Iptables -t NAT -d DOCKER -p TCP –dport 8002 -j DNAT –to-destination 172.17.13.5:80

When the contents of the container become more, we need to back up. Note that each centos container does not specify the running memory and disk, free check memory, the size is the same as the host, but the unit is Gi instead of G.

  • Docker commit Container ID Image name
  • Docker save -o image_name.tar image_name
  • Loading image: docker load -i image_name.tar

/bin/bash will stop the centos container.

  • The it parameter must be used with /bin/bash and cannot be /usr/sbin/sshd -d absolute path to start the SSHD service. Otherwise, the container will be stopped when you exit the container.

Q6. If the container service is deployed according to the third and fourth points, an image is generated every time the container is backed up. The image files become too many and cannot be deleted.

  • Backup container to generate image first, delete the image and say there is dependency,
  • So back up the latest images, delete all the images,
  • Then restore the backup image and start the container to build the environment.

Q7: Speaking of port problems, such as access to the container 8001 port service, through the host IP plus 8001 can be accessed, if you want to access through nginx?

  • Containers are started on Linux hosts, and they support Intranet access, i.e. LAN IP +8001 and 127.0.0.1:8001 access to the same result;
  • Proxy_pass can be used to point to 127.0.0.1:8001 for the service in the reverse proxy container.
  • In this case, you can access the services of the container through port 80 or 443 by default. You do not need to worry about whether the port of the container is open to the outside world and need to map the port of the container.