Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。
注意安装docker的系统如果是centos6,请将内核升级到3.X版本2.X版本可能会出现意想不到的问题
命令:
@注意,在cenos7版本安装的名字是docker,所以命令是yum install docker,可先通过yum list|grep docker查看安装版本
#yum install docker
或者
@这是通过下载rpm文件安装的方式
#yum install https://get.docker.com/rpm/1.7.1/centos-6/RPMS/x86_64/docker-engine-1.7.1-1.el6.x86_64.rpm
启动命令:
#service docker start
查看docker信息命令:
# docker info
停止docker命令
#service docker stop
#cd /var/lib
# cp -rf docker docker.bak
# cp -rf docker /data/docker/
# ln -s /data/docker docker
将镜像上传至服务器/data/images
解压上传的景象文件
# unzip docker-centos6.8-tomcat-image.zip
#service docker start
#cd centos6_tomcat/
Docker执行创建镜像
# docker build -t tomcat ./
最后结果图:
[注意:]step不一定都是29
命令:
# docker run -d -p 2000:22 -p 8000:8080 tomcat
命令
[root@MiWiFi-R1CM-srv share]# docker run -d -p 2008:22 -p 8008:8080 -v /data/share:/opt/share --privileged=true tomcat
ccc238337fe92d05b806d996f252e2ecc8747d509af435d06fd2de3058de7b83
[root@MiWiFi-R1CM-srv share]# ll
参数说明:
-p 2008:22 docker里面的22端口对应主机的2008端口,用于外部SSH访问
-p 8008:8080
-v /data/share:/opt/share 主机的/data/share共享给docker/opt/share目录,类似于mount挂载
tomcat 镜像名称
--privileged=true 解决因selinux引起的docker容器内部对共享目录的权限不足问题,如果不加这个参数请关闭selinux
登录docker,切换到共享目录写一个文件
回主机查看:
由此便可以共享目录
共享目录的好处:
1.方便主机上数据备份
2.将应用数据放于共享目录,如果docker不幸挂了,没事儿数据还在主机上,提高容错性
其他运行参数:
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Name, shorthand | Default | Description |
--add-host |
Add a custom host-to-IP mapping (host:ip) | |
--attach , -a |
Attach to STDIN, STDOUT or STDERR | |
--blkio-weight |
Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) | |
--blkio-weight-device |
Block IO weight (relative device weight) | |
--cap-add |
Add Linux capabilities | |
--cap-drop |
Drop Linux capabilities | |
--cgroup-parent |
Optional parent cgroup for the container | |
--cidfile |
Write the container ID to the file | |
--cpu-count |
CPU count (Windows only) | |
--cpu-percent |
CPU percent (Windows only) | |
--cpu-period |
Limit CPU CFS (Completely Fair Scheduler) period | |
--cpu-quota |
Limit CPU CFS (Completely Fair Scheduler) quota | |
--cpu-rt-period |
API 1.25+ Limit CPU real-time period in microseconds |
|
--cpu-rt-runtime |
API 1.25+ Limit CPU real-time runtime in microseconds |
|
--cpu-shares , -c |
CPU shares (relative weight) | |
--cpus |
API 1.25+ Number of CPUs |
|
--cpuset-cpus |
CPUs in which to allow execution (0-3, 0,1) | |
--cpuset-mems |
MEMs in which to allow execution (0-3, 0,1) | |
--detach , -d |
Run container in background and print container ID | |
--detach-keys |
Override the key sequence for detaching a container | |
--device |
Add a host device to the container | |
--device-cgroup-rule |
Add a rule to the cgroup allowed devices list | |
--device-read-bps |
Limit read rate (bytes per second) from a device | |
--device-read-iops |
Limit read rate (IO per second) from a device | |
--device-write-bps |
Limit write rate (bytes per second) to a device | |
--device-write-iops |
Limit write rate (IO per second) to a device | |
--disable-content-trust |
true |
Skip image verification |
--dns |
Set custom DNS servers | |
--dns-opt |
Set DNS options | |
--dns-option |
Set DNS options | |
--dns-search |
Set custom DNS search domains | |
--entrypoint |
Overwrite the default ENTRYPOINT of the image | |
--env , -e |
Set environment variables | |
--env-file |
Read in a file of environment variables | |
--expose |
Expose a port or a range of ports | |
--group-add |
Add additional groups to join | |
--health-cmd |
Command to run to check health | |
--health-interval |
Time between running the check (ms|s|m|h) (default 0s) | |
--health-retries |
Consecutive failures needed to report unhealthy | |
--health-start-period |
API 1.29+ Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) |
|
--health-timeout |
Maximum time to allow one check to run (ms|s|m|h) (default 0s) | |
--help |
Print usage | |
--hostname , -h |
Container host name | |
--init |
API 1.25+ Run an init inside the container that forwards signals and reaps processes |
|
--interactive , -i |
Keep STDIN open even if not attached | |
--io-maxbandwidth |
Maximum IO bandwidth limit for the system drive (Windows only) | |
--io-maxiops |
Maximum IOps limit for the system drive (Windows only) | |
--ip |
IPv4 address (e.g., 172.30.100.104) | |
--ip6 |
IPv6 address (e.g., 2001:db8::33) | |
--ipc |
IPC mode to use | |
--isolation |
Container isolation technology | |
--kernel-memory |
Kernel memory limit | |
--label , -l |
Set meta data on a container | |
--label-file |
Read in a line delimited file of labels | |
--link |
Add link to another container | |
--link-local-ip |
Container IPv4/IPv6 link-local addresses | |
--log-driver |
Logging driver for the container | |
--log-opt |
Log driver options | |
--mac-address |
Container MAC address (e.g., 92:d0:c6:0a:29:33) | |
--memory , -m |
Memory limit | |
--memory-reservation |
Memory soft limit | |
--memory-swap |
Swap limit equal to memory plus swap: ‘-1’ to enable unlimited swap | |
--memory-swappiness |
-1 |
Tune container memory swappiness (0 to 100) |
--mount |
Attach a filesystem mount to the container | |
--name |
Assign a name to the container | |
--net |
Connect a container to a network | |
--net-alias |
Add network-scoped alias for the container | |
--network |
Connect a container to a network | |
--network-alias |
Add network-scoped alias for the container | |
--no-healthcheck |
Disable any container-specified HEALTHCHECK | |
--oom-kill-disable |
Disable OOM Killer | |
--oom-score-adj |
Tune host’s OOM preferences (-1000 to 1000) | |
--pid |
PID namespace to use | |
--pids-limit |
Tune container pids limit (set -1 for unlimited) | |
--platform |
experimental (daemon)API 1.32+ Set platform if server is multi-platform capable |
|
--privileged |
Give extended privileges to this container | |
--publish , -p |
Publish a container’s port(s) to the host | |
--publish-all , -P |
Publish all exposed ports to random ports | |
--read-only |
Mount the container’s root filesystem as read only | |
--restart |
no |
Restart policy to apply when a container exits |
--rm |
Automatically remove the container when it exits | |
--runtime |
Runtime to use for this container | |
--security-opt |
Security Options | |
--shm-size |
Size of /dev/shm | |
--sig-proxy |
true |
Proxy received signals to the process |
--stop-signal |
SIGTERM |
Signal to stop a container |
--stop-timeout |
API 1.25+ Timeout (in seconds) to stop a container |
|
--storage-opt |
Storage driver options for the container | |
--sysctl |
Sysctl options | |
--tmpfs |
Mount a tmpfs directory | |
--tty , -t |
Allocate a pseudo-TTY | |
--ulimit |
Ulimit options | |
--user , -u |
Username or UID (format: <name|uid>[:<group|gid>]) | |
--userns |
User namespace to use | |
--uts |
UTS namespace to use | |
--volume , -v |
Bind mount a volume | |
--volume-driver |
Optional volume driver for the container | |
--volumes-from |
Mount volumes from the specified container(s) | |
--workdir , -w |
Working directory inside the container |
1.查看正在运行的容器
#docker ps
#docker ps -a为查看所有的容器,包括已经停止的。
2. 容器的启动,停止,杀死
启动容器
# docker start <容器名orID>
停止容器
# docker stop <容器名orID>
杀死容器
#docker kill <容器名orID>
3. 删除容器
通过容器ID删除
#docker rm –f <容器名orID>
删除所有容器
# docker rm -f $(docker ps -a -q)
4.查看镜像
# docker images
删除所有镜像
#docker rmi -f $(docker images -q)
Docker Tomcat基础镜像制作
本案例采用centos6.8进行在线制作
[centos/redhat系列工具为febootstrap]
[debian/ubuntu系列工具debootstrap]
1.epel源安装包
EPEL 是yum的一个软件源,里面包含了许多基本源里没有的软件。
2.febootstrap安装包
一般使用yum命令在线安装
1.如果当前运行系统版本为centos6.X需要安装epel源
# yum install epel-release-6-8.noarch.rpm -y
2.安装febootstrap
# yum install febootstrap –y
创建空白环境命令
#febootstrap -i bash -i yum -i iputils -i iproute -i man -i vi -i openssh-server -i openssh-clients -i tar -i gzip -i unzip -i passwd centos6.8 centos6.8-image http://mirrors.aliyun.com/centos/6.8/os/x86_64/
创建httpd+php环境
febootstrap -i bash -i yum -i iputils -i iproute -i man -i vi -i openssh-server -i openssh-clients -i tar -i gzip -i unzip -i passwd -i httpd -i httpd-devel -i php -i php-devel -i php-mysql -i php-gd -i php-imap -i php-ldap -i php-odbc -i php-pear -i php-xml -i php-xmlrpc CentOS7.3 centos7.3-image http://mirrors.aliyun.com/centos/6.9/os/x86_64/
创建Java8环境
febootstrap -i bash -i yum -i iputils -i iproute -i man -i vi -i openssh-server -i openssh-clients -i tar -i gzip -i unzip -i passwd -i java-1.8.0-openjdk.x86_64 CentOS7.3 centos7.3-image http://mirrors.aliyun.com/centos/6.9/os/x86_64/
其中
–i表示要安装的工具包
centos6.8 系统版本
centos6.8-image 等会执行完成后将在当前目录生成一个名字为centos6.8-image的文件夹
http://mirrors.aliyun.com/centos/6.8/os/x86_64/ 镜像来源参照,这里使用的阿里的镜像库
命令执行完成将生成一个centos6.8-image文件夹,其内部结构似一个系统的结构
将当前系统的root用户目录下的.bash开头的文件复制到/root目录
命令
#cp /root/.bash* 存放路径/centos6.8-image/root
打包镜像目录
首先进入镜像目录
#cd cd centos6.8-image/
使用tar打包,注意不能使用z参数启用gzip
#tar -cvf centos6.8.tar ./
查看当前tar包大小
命令:
#du -h centos6.8.tar
执行xz命令进行再次高效率压缩,执行xz命令需要一段时间
#xz centos6.8.tar
使用xz命令效果还是明显的,396MB压缩到83MB
首先创建一个docker的配置文件名字必须为Dockerfile
将上面生成的centos6.8文件复制到同一个目录,将jdk以及tomcat也复制到同一个目录
Jdk为linux免安装版本打包成zip,Tomcat由linux版本的tar包解压打包成的zip包
接下来就是Dockerfile的配置
#
# 安装: docker build -t tomcat ./
# 运行: docker run -d -p 8822:22 -p 8888:8080 tomcat
# 挂载: docker run -d -p 8822:22 -p 8888:8080 -v /mnt/data/vr:/opt/tomcat/webapps/ROOT -h java-test --name java-dev tomcat
#其他参数:
#-a stdin: 指定标准输入输出内容类型,可选 STDIN/STDOUT/STDERR 三项;
#-d: 后台运行容器,并返回容器ID;
#-i: 以交互模式运行容器,通常与 -t 同时使用;
#-t: 为容器重新分配一个伪输入终端,通常与 -i 同时使用;
#--name="nginx-lb": 为容器指定一个名称;
#--dns 8.8.8.8: 指定容器使用的DNS服务器,默认和宿主一致;
#--dns-search example.com: 指定容器DNS搜索域名,默认和宿主一致;
#-h "mars": 指定容器的hostname;
#-e username="ritchie": 设置环境变量;
#--env-file=[]: 从指定文件读入环境变量;
#--cpuset="0-2" or --cpuset="0,1,2": 绑定容器到指定CPU运行;
#-m :设置容器使用内存最大值;
#--net="bridge": 指定容器的网络连接类型,支持 bridge/host/none/container: 四种类型;
#--link=[]: 添加链接到另一个容器;
#--expose=[]: 开放一个端口或一组端口;
#安装本地Centos
FROM scratch
MAINTAINER The CentOS Project <1441023520@qq.com>
#添加基础镜像到根目录
ADD centos6.8.tar.xz /
LABEL Vendor="CentOS"
LABEL License=GPLv2
CMD ["/bin/bash"]
#安装需要安装的额外软件
#安装openssh和unzip工具
#RUN yum install unzip -y
#RUN yum install openssh-server -y
#生成ssh的登陆证书
RUN ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
RUN ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
#修改ssh-server的配置
RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config
#修改当前系统的ROOT密码
RUN echo "root:root" > /tmp/tmp.pass
RUN chpasswd < /tmp/tmp.pass
#外部工具相关
ADD tomcat.zip /tmp/tomcat.zip
ADD jdk.zip /tmp/jdk.zip
#解压相关项目
RUN unzip /tmp/tomcat.zip -d /opt
RUN unzip /tmp/jdk.zip -d /opt
#设置环境变量
RUN echo "" >> /etc/profile
RUN echo "JAVA_HOME=/opt/jdk" >> /etc/profile
RUN echo "PATH=/opt/jdk/bin:$PATH" >> /etc/profile
RUN echo "CLASSPATH=.:/opt/jdk/lib/dt.jar:/opt/jdk/lib/tools.jar" >> /etc/profile
RUN echo "export JAVA_HOME" >> /etc/profile
RUN echo "export PATH" >> /etc/profile
RUN echo "export CLASSPATH" >> /etc/profile
#设置系统时区
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV JAVA_HOME /opt/jdk
ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/jdk/bin:/opt/tomcat/bin
#设置语言,解决乱码
RUN echo "export LC_ALL=zh_CN.UTF-8" >> /etc/profile
#设置读写权限
RUN chmod -R 755 /opt
#设置进入启动项
ENTRYPOINT /opt/tomcat/bin/startup.sh & /usr/sbin/sshd -D
注意:最后的启动项一定要配置sshd的。否则docker容器将无法使用SSH工具连入
以上便是一个运行Tomcat的环境的基础镜像制作方法.
①Dockerfile:
FROM alpine:3.4
MAINTAINER cSphere <docker@csphere.cn>
#安装 bash curl ca-certificates工具
RUN apk add --no-cache --update-cache bash
RUN apk add --no-cache --update-cache curl ca-certificates
#证书
RUN curl -Lo /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
#下载glibc相关包
RUN curl -Lo /etc/apk/keys/sgerrand.rsa.pub https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/sgerrand.rsa.pub
RUN curl -Lo glibc-2.23-r3.apk https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk
RUN curl -Lo glibc-bin-2.23-r3.apk https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-bin-2.23-r3.apk
RUN curl -Lo glibc-i18n-2.23-r3.apk https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-i18n-2.23-r3.apk
#安装glibc
RUN apk add glibc-2.23-r3.apk glibc-bin-2.23-r3.apk glibc-i18n-2.23-r3.apk
#安装SSH
RUN apk update
RUN apk --no-cache add openssh
#生成ssh的登陆证书
RUN ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
RUN ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
#修改当前系统的ROOT密码
RUN echo "root:root" > /tmp/tmp.pass
RUN chpasswd < /tmp/tmp.pass
CMD ["/bin/bash"]
#Java环境
ADD tomcat.zip /opt/tomcat.zip
ADD jdk.zip /opt/jdk.zip
#解压
RUN unzip /opt/tomcat.zip -d /opt
RUN unzip /opt/jdk.zip -d /opt
#设置环境变量
RUN echo "" >> /etc/profile
RUN echo "JAVA_HOME=/opt/jdk" >> /etc/profile
RUN echo "PATH=/opt/jdk/bin:$PATH" >> /etc/profile
RUN echo "CLASSPATH=.:/opt/jdk/lib/dt.jar:/opt/jdk/lib/tools.jar" >> /etc/profile
RUN echo "export JAVA_HOME" >> /etc/profile
RUN echo "export PATH" >> /etc/profile
RUN echo "export CLASSPATH" >> /etc/profile
#设置时区
ADD Chongqing /etc/localtime
#设置进入启动项
ENTRYPOINT /usr/sbin/sshd -D
https://www.leftso.com/article/34.html