公司准备开容器项目且我被分到了项目组,但对容器技术一无所知,所以这个 post 来记录目前工业界主流容器技术 –docker 的实践过程。
0x01 what’s docker?
Docker is the world’s leading software containerization platform.
0x02 why docker?
Docker’s commercial solutions provide an out of the box CaaS environment that gives IT Ops teams security and control over their environment, while enabling developers to build applications in a self service way. With a clear separation of concerns and robust tooling, organizations are able to innovate faster, reduce costs and ensure security.
# sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ca06ea65dda8 ubuntu:14.04 "/bin/bash" 30 minutes ago Exited (0) About a minute ago sn0rt
# sudo docker run --name sn0rt -d ubuntu:14.04 /bin/sh -c "while true; do echo hello word; sleep 1; done" 51b1a48d762441717cec525e42022328417f1c5ff9b18c456dbde0a925db7d57 # sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 51b1a48d7624 ubuntu:14.04 "/bin/sh -c 'while tr" 10 seconds ago Up 7 seconds sn0rt
show logs
1 2 3
# sudo docker logs -ft sn0rt 2016-09-09T03:30:47.986708000Z hello word 2016-09-09T03:30:49.233008000Z hello word
exec in container
在容器中运行个非交互式进程后在运行交互式进程。
1 2 3 4 5 6 7 8
# sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 51b1a48d7624 ubuntu:14.04 "/bin/sh -c 'while tr" About an hour ago Up About an hour sn0rt # sudo docker exec -d sn0rt touch /tmp/linux # sudo docker exec -t -i sn0rt /bin/bash root@51b1a48d7624:/# ls /tmp/linux /tmp/linux root@51b1a48d7624:/#
# sudo docker stop sn0rt sn0rt # sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES # sudo docker rm sn0rt sn0rt # sudo docker rm `docker ps -a -q`
0x13 image management
容器镜像的管理,名字叫法类似于 git.
pull
1 2 3 4 5
# sudo docker pull ubuntu:14.04 Trying to pull repository docker.io/library/ubuntu ... 14.04: Pulling from docker.io/library/ubuntu Digest: sha256:5b5d48912298181c3c80086e7d3982029b288678fccabf2265899199c24d7f89 Status: Image is up to date for docker.io/ubuntu:14.04
list
1 2 3 4
# sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE test latest d373bc5e4a77 20 hours ago 340.4 MB docker.io/ubuntu 14.04 4a725d3b3b1c 13 days ago 187.9 MB
search
需要先通过docker login登录 docker.io.
1 2 3
# sudo docker search kali INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/kalilinux/kali-linux-docker Kali Linux Rolling Distribution Base Image 216 [OK]
remove
1 2 3 4 5 6 7 8 9
# sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE test latest d373bc5e4a77 20 hours ago 340.4 MB docker.io/ubuntu 14.04 4a725d3b3b1c 13 days ago 187.9 MB # sudo docker rmi test Untagged: test:latest # sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/ubuntu 14.04 4a725d3b3b1c 13 days ago 187.9 MB
create(commit)
有几种方法可以创建自己的 image, 这里纪录一下 commit 的使用。
1 2 3 4 5 6 7 8 9 10 11 12
# sudo docker run -i --name sn0rt -t ubuntu:14.04 /bin/bash root@41f815d96b7a:/# apt-get update -yqq root@41f815d96b7a:/# exit # docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 41f815d96b7a ubuntu:14.04 "/bin/bash" 4 minutes ago Exited (0) 12 seconds ago sn0rt # docker commit -m="update finshed" --author="Sn0rt@abc.shop.edu.cn" 41f815d96b7a sn0rt/ubuntu_updated sha256:92ae626c3fb58ad14b621d831bc8c1529357824ebbbdf1b2b4691b4d9e84814c # docker images REPOSITORY TAG IMAGE ID CREATED SIZE sn0rt/ubuntu_updated latest 92ae626c3fb5 58 seconds ago 210.1 MB docker.io/ubuntu 14.04 4a725d3b3b1c 13 days ago 187.9 MB
RUN apt-get install mysql-server -yqq COPY my.cnf /etc/mysql/my.cnf WORKDIR /root COPY init.sql init.sql RUN /etc/init.d/mysql restart && mysql < init.sql
building:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
# sudo docker build -t="sn0rt/mysql:v1" . Sending build context to Docker daemon 7.168 kB Step 1 : FROM sn0rt/ubuntu ---> 8aae246f5e4c ... Step 9 : RUN /etc/init.d/mysql restart && mysql < init.sql ---> Running in 73fd2bc50964 * Stopping MySQL database server mysqld ...done. * Starting MySQL database server mysqld ...done. * Checking for tables which need an upgrade, are corrupt or were not closed cleanly. ---> 5d3c0a4fa4ed Removing intermediate container 73fd2bc50964 Successfully built 5d3c0a4fa4ed
apache
利用Dockerfile来安装phpmyadmin.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
FROM sn0rt/ubuntu MAINTAINER Sn0rt <Sn0rt@abc.shop.edu.cn>
# sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE sn0rt/apache v1 366ef630e06f 3 minutes ago 324.8 MB sn0rt/mysql v1 5d3c0a4fa4ed 2 hours ago 345.7 MB sn0rt/ubuntu latest 8aae246f5e4c 2 hours ago 210.1 MB docker.io/ubuntu 14.04 4a725d3b3b1c 2 weeks ago 187.9 MB # sudo docker history sn0rt/mysql:v1 IMAGE CREATED CREATED BY SIZE COMMENT 5d3c0a4fa4ed 20 minutes ago /bin/sh -c /etc/init.d/mysql restart && mysql 5.252 MB 92dba0a2acb2 20 minutes ago /bin/sh -c #(nop) COPY file:77fac40c1774c2ad4 172 B c3df7fa0d3d1 20 minutes ago /bin/sh -c #(nop) WORKDIR /root 0 B ca7a6756a3c7 20 minutes ago /bin/sh -c #(nop) COPY file:30489e5e5529ad833 3.506 kB d06d1ddad673 20 minutes ago /bin/sh -c apt-get install mysql-server -yqq 130.3 MB 91190a6c9e32 22 minutes ago /bin/sh -c #(nop) ENV https_proxy=http://fnst 0 B 7d8936b1f833 22 minutes ago /bin/sh -c #(nop) ENV http_proxy=http://fnsts 0 B f08d8e1643b3 22 minutes ago /bin/sh -c #(nop) MAINTAINER Sn0rt <Sn0rt@abc 0 B 8aae246f5e4c 48 minutes ago /bin/sh -c apt-get update -yqq 22.16 MB 091e0ec51c90 50 minutes ago /bin/sh -c #(nop) ENV https_proxy=http://fnst 0 B 43bff3143ad4 50 minutes ago /bin/sh -c #(nop) ENV http_proxy=http://fnsts 0 B 913e5f034797 50 minutes ago /bin/sh -c #(nop) MAINTAINER Sn0rt <Sn0rt@abc 0 B
using
需要一个前台进程,如果以 apache 以服务在后台启动的话,容器会变成退出状态。
mysql
1 2 3 4 5
# sudo docker run -d -p 3306:3306 --name mysql sn0rt/mysql:v1 mysqld_safe b946792318652c2d405406e66fbbaa7472a6a5a8dc281c71abe6fd8651070d46 # sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b94679231865 sn0rt/mysql:v1 "mysqld_safe" 5 seconds ago Up 2 seconds 0.0.0.0:3306->3306/tcp mysql
apache
对外服务提供以一直的 ip 地址 (宿主机器的地址),apache 以前台进程在运行。
1 2 3 4 5
# docker run -d -p 80:80 --name apache sn0rt/apache:v1 # sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a478f202f3bf sn0rt/apache:v1 "apachectl -X" 47 seconds ago Up 44 seconds 0.0.0.0:80->80/tcp apache b94679231865 sn0rt/mysql:v1 "mysqld_safe" 3 minutes ago Up 3 minutes 0.0.0.0:3306->3306/tcp mysql
# sudo curl -I localhost HTTP/1.1 200 OK Date: Mon, 12 Sep 2016 03:23:31 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.19 Set-Cookie: pmaCookieVer=5; expires=Wed, 12-Oct-2016 03:23:31 GMT; Max-Age=2592000; path=/; httponly Set-Cookie: phpMyAdmin=npcfgt7puqs2cmld1ttk2k3naa7pv54a; path=/; HttpOnly Expires: Mon, 12 Sep 2016 03:23:31 +0000 ... # sudo mysql -u root -p -h 172.17.0.1 Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.5.50-0ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. # sudo docker logs mysql 160912 03:17:34 mysqld_safe Can't log to error log and syslog at the same time. Remove all --log-error configuration options for --syslog to take effect. 160912 03:17:34 mysqld_safe Logging to '/var/log/mysql/error.log'. 160912 03:17:34 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql # sudo docker logs apache AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
# sudo docker push sn0rt/ubuntu The push refers to a repository [docker.io/sn0rt/ubuntu] 54da5869939f: Pushed ffb6ddc7582a: Mounted from library/ubuntu 344f56a35ff9: Mounted from library/ubuntu 530d731d21e1: Mounted from library/ubuntu 24fe29584c04: Mounted from library/ubuntu 102fca64f924: Mounted from library/ubuntu latest: digest: sha256:703fec1e8c32ebc0da29d12be2515f640b9022e45c38df62a48145851ad651b6 size: 1549 # sudo docker search sn0rt/ubuntu INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/sn0rt/ubuntu 1