https://github.com/docker/distribution

daocloud

数人云

时速云

http://jpetazzo.github.io/2014/06/23/docker-ssh-considered-evil/  容器为什么不用ssh去连接

https://github.com/jpetazzo/nsenter  同上

https://segmentfault.com/a/1190000002931564  Docker 环境 Storage Pool 用完解决方案:resize-device-mapper

http://www.oschina.net/news/57894/daocloud

http://blog.csdn.net/qinyushuang/article/details/43342553  Docker学习笔记(3)-- 如何使用Dockerfile构建镜像

http://geek.csdn.net/news/detail/35121      docker镜像

http://www.csdn.net/article/2014-11-18/2822693  镜像与容器分析

http://www.blogjava.net/yongboy/archive/2013/12/12/407498.html  Docker学习笔记之一,搭建一个JAVA Tomcat运行环境

DOCKER_STORAGE_OPTIONS=-s devicemapper --storage-opt dm.datadev=/home/dock-data --storage-opt dm.metadatadev=/home/dock-meta

为了解决报错,要设置以上变量

结果却明白了字符设备与块设备的区别,以上创建的是一个普通文件,也就是一个字符设备,

[root@docker1 ~]# docker run busybox /bin/echo Hello Docker
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-optl dm.no_warn_on_loop_devices=true` to suppress this warning.

The warning message occurs because your Docker storage configuration is using a "loopback device" -- a virtual block device such as /dev/loop0 that is actualled backed by a file on your filesystem. This was never meant as anything more than a quick hack to get Docker up and running quickly as a proof of concept.

You don't want to suppress the warning; you want to fix your storage configuration such that the warning is no longer issued. The easiest way to do this is to assign some local disk space for use by Docker's devicemapper storage driver and use that.

If you're using LVM and have some free space available on your volume group, this is relatively easy. For example, to give docker 100G of space, first create a data and metadata volume:

# lvcreate -n docker-data -L 100G /dev/my-vg
# lvcreate -n docker-metadata -L1G /dev/my-vg

And then configure Docker to use this space by editing /etc/sysconfig/docker-storage to look like:

DOCKER_STORAGE_OPTIONS=-s devicemapper --storage-opt dm.datadev=/dev/my-vg/docker-data --storage-opt dm.metadatadev=/dev/my-vg/docker-metadata

If you're not using LVM or don't have free space available on your VG, you could expose some other block device (e.g., a spare disk or partition) to Docker in a similar fashion.

DOCKER_STORAGE_OPTIONS=-s devicemapper --storage-opt dm.datadev=/home/dock-data --storage-opt dm.metadatadev=/home/dock-meta

[root@kvm1 docker]# touch  dock-data
[root@kvm1 docker]# touch dock-meta
[root@kvm1 docker]# systemctl start docker
[root@kvm1 docker]# systemctl status docker -l
docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2016-06-16 21:09:37 CST; 7s ago
     Docs: http://docs.docker.com
  Process: 9190 ExecStart=/bin/sh -c /usr/bin/docker-current daemon $OPTIONS            $DOCKER_STORAGE_OPTIONS            $DOCKER_NETWORK_OPTIONS            $ADD_REGISTRY            $BLOCK_REGISTRY            $INSECURE_REGISTRY            2>&1 | /usr/bin/forward-journald -tag docker (code=exited, status=0/SUCCESS)
 Main PID: 9190 (code=exited, status=0/SUCCESS)

Jun 16 21:09:36 kvm1.zf.com systemd[1]: Starting Docker Application Container Engine...
Jun 16 21:09:36 kvm1.zf.com forward-journal[9194]: Forwarding stdin to journald using Priority Informational and tag docker
Jun 16 21:09:37 kvm1.zf.com forward-journal[9194]: time="2016-06-16T21:09:37.023360992+08:00" level=error msg="Error getblockdevicesize: inappropriate ioctl for device"
Jun 16 21:09:37 kvm1.zf.com forward-journal[9194]: time="2016-06-16T21:09:37.023710458+08:00" level=fatal msg="Error starting daemon: error initializing graphdriver: Can't get data size Can't get block size"
Jun 16 21:09:37 kvm1.zf.com systemd[1]: Started Docker Application Container Engine.

Jun 16 21:08:12 kvm1.zf.com forward-journal[9050]: Forwarding stdin to journald using Priority Informational and tag docker
Jun 16 21:08:12 kvm1.zf.com forward-journal[9050]: time="2016-06-16T21:08:12.586347689+08:00" level=fatal msg="Error starting daemon: error initializing graphdriver: open /home/docker/dock-data: is a directory"

构建镜像

构建镜像的两种方法:
使用docker commit 命令
使用docker build命令和Dockerfile文件
Dockerfile更抢到、灵活,推荐使用。
一般来说不是真的“创建”新镜像,而是基于一个已有的基础镜像,比如Ubuntu、Fedora等,构建新的镜像而已。从零构建一个全新的镜像可参考这篇文章
https://docs.docker.com/engine/userguide/eng-image/baseimages/  从头构建镜像--create a base image 运行,修改,保存镜像,然后上传到私服上,就可以作为公共镜像来被下载使用了。
1261 docker run -it centos bash
1263 docker ps -l
1264 docker commit 949 centos-man
1265 docker images

镜像地址

echo “DOCKER_OPTS=\”\$DOCKER_OPTS –registry-mirror=http://your-id.m.daocloud.io -d\”” >> /etc/default/docker

sudo sed -i 's|other_args="|other_args="--registry-mirror=http://a984be05.m.daocloud.io |g' /etc/sysconfig/docker
sudo sed -i "s|OPTIONS='|OPTIONS='--registry-mirror=http://a984be05.m.daocloud.io |g" /etc/sysconfig/docker
sudo sed -i 'N;s|\[Service\]\n|\[Service\]\nEnvironmentFile=-/etc/sysconfig/docker\n|g' /usr/lib/systemd/system/docker.service
sudo sed -i 's|fd://|fd:// $other_args |g' /usr/lib/systemd/system/docker.service sudo systemctl daemon-reload
sudo service docker restart

搭建私服

http://lishaofengstar.blog.163.com/blog/static/131972852201411585441354/
这篇博客讨论了如何部署一个带 SSL 加密、HTTP 验证并有防火墙防护的私有 Docker Registry 。Docker Registry是一个存储和分享 Docker 镜像的服务。本文中我们使用的操作系统是 Ubuntu,任何支持 Upstart 的系统都可以。我们用 Nginx 作为 Docker Registry 的前端代理服务器,同时也用 Nginx 完成 SSL 加密和基本的 HTTP 验证。我们用 Gunicorn 运行 Docker Registry 并用 Upstart 管理 Gunicorn。我们还用 Redis 实现一个 LRU(Least Recently Used,近期最少使用算法) 缓存机制来减少 Docker Registry 和硬盘之间的数据存取。 https://github.com/docker/distribution/blob/master/docs/deploying.md $ docker pull samalba/docker-registry
$ docker run -d -p 5000:5000 samalba/docker-registry
# 我们先pull下来一个简单的镜像(或者自己做一个也可以)
$ docker pull busybox
$ docker tag busybox localhost:5000/busybox
$ docker push localhost:5000/busybox
https://segmentfault.com/a/1190000000801162
docker-registry既然也是软件应用,自然最简单的方法就是使用官方提供的已经部署好的镜像registry。官方文档中也给出了建议,直接运行sudo docker run -p 5000:5000 registry
令。这样确实能启动一个registry服务器,但是所有上传的镜像其实都是由docker容器管理,放在了/var/lib/docker/....某
个目录下。而且一旦删除容器,镜像也会被删除。因此,我们需要想办法告诉docker容器镜像应该存放在哪里。registry镜像中启动后镜像默认位置
/tmp/registry,因此直接映射这个位置即可,比如到本机的/opt/data/registry目录下。 [root@kvm2 mnt]# docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry 先做一个私服,顺便就启动了。通过下面的docker ps可以看到。
[root@kvm2 mnt]# docker run -d -p 5000:5000 --restart=always --name registry registry:2
Unable to find image 'registry:2' locally
Trying to pull repository docker.io/library/registry ... 2: Pulling from library/registry
17bd2058e0c6: Pull complete
3f0d3d140ce1: Pull complete
47339bdfc690: Pull complete
03a7f8ec3d4f: Pull complete
d2501a6dc689: Pull complete
9ca18bbd0cd5: Pull complete
dd0dda9b2298: Pull complete
79ec4549598b: Pull complete
5d322e774cf2: Pull complete
Digest: sha256:c5455f3918e5235e641bb6d8dc8ff0780df197d5df12c589bf0c283e25fc0650
Status: Downloaded newer image for docker.io/registry:2 cf3554af4427c2700fbc2ffecf02332cf4087dd07c8da53ebf0dd54db9d2323a
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
[root@kvm2 mnt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cf3554af4427 registry:2 "/bin/registry serve " 10 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp registry 查看镜像,多了个registry:2
[root@kvm2 mnt]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos-man latest 44cc4eec11d1 About an hour ago 282.4 MB
docker.io/registry 2 5d322e774cf2 7 days ago 171.5 MB
docker.io/httpd latest 6bce6ad2c6a9 9 days ago 198.5 MB
docker.io/centos latest a65193109361 2 weeks ago 196.7 MB 将本地的centos-man打标为man
为需要push到私有registry的image打tag
[root@kvm2 mnt]# docker tag centos-man localhost:5000/man
[root@kvm2 mnt]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
localhost:5000/man latest 44cc4eec11d1 About an hour ago 282.4 MB
centos-man latest 44cc4eec11d1 About an hour ago 282.4 MB
docker.io/registry 2 5d322e774cf2 7 days ago 171.5 MB
docker.io/httpd latest 6bce6ad2c6a9 9 days ago 198.5 MB
docker.io/centos latest a65193109361 2 weeks ago 196.7 MB
然后将本地的man推送到私服里
[root@kvm2 mnt]# docker push localhost:5000/man
The push refers to a repository [localhost:5000/man] (len: 1)
44cc4eec11d1: Pushed
a65193109361: Pushed
df0fc3863fbc: Pushed
latest: digest: sha256:9b95cacf2aa3a4fb25ed897dd7233cd135708d527cde54d86119e221a7f8201f size: 4621 docker1上命令顺序
存储
制作本地其他分区存储或VG,而不使用loop设备
[root@localhost ~]# vi /usr/lib/docker-storage-setup/docker-storage-setup
[root@localhost ~]# docker-storage-setup 镜像
sed -i "s|OPTIONS='|OPTIONS='--registry-mirror=http://a984be05.m.daocloud.io |g" /etc/sysconfig/docker
systemctl restart docker 私服
docker run -d -p 5000:5000 --restart=always --name registry registry:2
docker pull httpd
   31  docker run -p 8076:80 -d -it httpd
   35  docker exec eb7 ls /usr/local/apache2/htdocs
   37  docker cp index.html eb7:/usr/local/apache2/htdocs
   38  docker commit eb7 httpd-gai
   39  docker images
   40  docker ps
   41  docker tag httpd-gai localhost:5000/gai
   42  docker ps
   43  docker images
   44  docker push localhost:5000/gai
docker2上命令顺序

制作本地其他分区存储或VG,而不使用loop设备
[root@localhost ~]# vi /usr/lib/docker-storage-setup/docker-storage-setup 
[root@localhost ~]# docker-storage-setup 以下是在另外一个机器上拉取pull刚才在上面主机上发布push的镜像
先修改下面这个文件,去掉注释,加入ip,因为使用的是https
[root@my graph]# vi /etc/sysconfig/docker
INSECURE_REGISTRY='--insecure-registry 192.168.1.22:5000' 然后再拉取,运行,修改文件,浏览器测试访问,
[root@my graph]# docker pull 192.168.1.22:5000/man
  698  docker run -d -p 7965:80 192.168.10.112:5000/gai
  699  docker ps
  700  ip addr
  701  docker ps
  702  vi index.html
  703  docker cp index.html 8d0:/usr/local/apache2/htdocs
看json格式文件用cat json |python -mjson.tool

[root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]# pwd
/var/lib/docker/graph/1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e
[root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]# cat json |python -mjson.tool
{
"container_config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/bin/sh -c #(nop) MAINTAINER The CentOS Project <cloud-ops@centos.org>"
],
"Domainname": "",
"Entrypoint": null,
"Env": null,
"Hostname": "",
"Image": "",
"Labels": null,
"OnBuild": null,
"OpenStdin": false,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": ""
},
"created": "2015-09-07T19:05:48.678585881Z",
"layer_id": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
}
[root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]# cat json
{"container_config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh -c #(nop) MAINTAINER The CentOS Project \u003ccloud-ops@centos.org\u003e"],"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2015-09-07T19:05:48.678585881Z","layer_id":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"}[root@kvm2 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e]#
[root@kvm2 graph]# docker images -tree
flag provided but not defined: -tree
See '/usr/bin/docker-current images --help'. [root@kvm2 graph]# ll
total 0
drwx------ 2 root root 93 Jun 17 14:30 1544084fad81e27c28a8c12c08b2439451fd1e745e38c1dcecd862d240c4235e
drwx------ 2 root root 93 Jun 17 15:00 a3d54b467fad81f4b33c161c8a227c66cb45733ba5bbfdd971942083e6c666c7
drwx------ 2 root root 93 Jun 17 15:00 a65193109361c1c55a0baa79c2167ec417b977f284b3358f4d50b81e22f84ec5
drwx------ 2 root root 93 Jun 17 15:00 df0fc3863fbc60ba8576521b1ecb89133e66941ceef9b57716ccda2454c9e6fc
drwx------ 2 root root  6 Jun 17 15:00 _tmp 总共4层,一层依赖于一层
[root@kvm2 graph]# docker images -a
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/centos latest a65193109361 2 weeks ago 196.7 MB
<none> <none> a3d54b467fad 2 weeks ago 196.7 MB
<none> <none> df0fc3863fbc 2 weeks ago 196.7 MB
<none> <none> 1544084fad81 9 months ago 0 B 最后,当从一个镜像启动容器时,Docker会在该镜像的最顶层加载一个读写文件系统。我们想在Docker中运行的程序就是在这个读写层中执行的。
从上面我们可以知道容器的writable 层是保存在以容器ID为名的长ID目录里的,而ID+init后缀目录是保存容器的初始信息的。
构建镜像中很重要的一环就是如何共享和发布镜像。可以将镜像推送到Docker Hub或者用户自己的私有Registry中。为了完成这项工作,需要在Docker Hub上创建一个账号
[root@kvm2 docker]# docker-storage-setup
ERROR: Docker has been previously configured for use with devicemapper graph driver. Not creating a new thin pool as existing docker metadata will fail to work with it. Manual cleanup is required before this will succeed.
INFO: Docker state can be reset by stopping docker and by removing /var/lib/docker directory. This will destroy existing docker images and containers and all the docker metadata.
[root@kvm2 docker]# docker images [root@kvm2 lib]# systemctl stop docker
[root@kvm2 lib]# rm -rf /var/lib/docker/ [root@kvm2 lib]# docker-storage-setup
Rounding up size to full physical extent 956.00 MiB
Volume group "centos" has insufficient free space (16 extents): 239 required.
[root@kvm2 lib]# vgdisplayr
--- Volume group ---
VG Name centos
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 4
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 3
Open LV 3
Max PV 0
Cur PV 1
Act PV 1
VG Size 931.02 GiB
PE Size 4.00 MiB
Total PE 238341
Alloc PE / Size 238325 / 930.96 GiB
Free PE / Size 16 / 64.00 MiB
VG UUID njw2Ue-6opd-mjxl-7wVW-reJE-wAMf-54yF4t 所以先要留出一些分区空间,才能使用上面的命令,因为docker-storage-setup这个命令要使用块设备。 [root@localhost ~]# lvremove -v /dev/docker/docker-data
    Using logical volume(s) on command line.
Do you really want to remove active logical volume docker-data? [y/n]: y
    Removing docker-docker--data (253:2)
    Archiving volume group "docker" metadata (seqno 2).
    Releasing logical volume "docker-data"
    Creating volume group backup "/etc/lvm/backup/docker" (seqno 3).
  Logical volume "docker-data" successfully removed 如果不修改/usr/lib/docker-storage-setup/docker-storage-setup这个文件的DEVS和VG行,就会出现下面的报错。
[root@localhost ~]# docker-storage-setup
  Rounding up size to full physical extent 52.00 MiB
  Volume group "centos" has insufficient free space (11 extents): 13 required. 一定修改/usr/lib/docker-storage-setup/docker-storage-setup这个文件,修改/etc/sysconfig/docker-storage-setup这个文件会报各种问题
# cat <<EOF > /etc/sysconfig/docker-storage-setup
DEVS=/dev/vdb
VG=docker-vg
EOF
下面的是给定的VG容量不够的输出。
[root@localhost ~]# docker-storage-setup
  Rounding up size to full physical extent 52.00 MiB
  Logical volume "docker-poolmeta" created.
INFO: DATA_SIZE=40%FREE is smaller than MIN_DATA_SIZE=2G. Will create data volume of size specified by MIN_DATA_SIZE.
  Logical volume "docker-pool" created.
  WARNING: Converting logical volume docker/docker-pool and docker/docker-poolmeta to pool's data and metadata volumes.
  THIS WILL DESTROY CONTENT OF LOGICAL VOLUME (filesystem etc.)
  Converted docker/docker-pool to thin pool.
  Logical volume "docker-pool" changed. [root@localhost ~]# vi /usr/lib/docker-storage-setup/docker-storage-setup
[root@localhost ~]# docker-storage-setup
  Rounding up size to full physical extent 24.00 MiB
  Logical volume "docker-poolmeta" created.
  Logical volume "docker-pool" created.
  WARNING: Converting logical volume docker/docker-pool and docker/docker-poolmeta to pool's data and metadata volumes.
  THIS WILL DESTROY CONTENT OF LOGICAL VOLUME (filesystem etc.)
  Converted docker/docker-pool to thin pool.
  Logical volume "docker-pool" changed. 上面启动好后,fdisk -l 会发现下面的几个卷,而在/var/lib/docker/devicemapper/下面已没有devicemapper子目录,证明没有用/dev/loop0和/dev/loop1两个回环设备。
Disk /dev/mapper/docker-docker--pool_tmeta: 25 MB, 25165824 bytes, 49152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/docker-docker--pool_tdata: 8577 MB, 8577351680 bytes, 16752640 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/docker-docker--pool: 8577 MB, 8577351680 bytes, 16752640 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 524288 bytes / 524288 bytes Disk /dev/mapper/docker-253:0-34783213-a931702e612b6d6e2c6cb63d93f9ae19a5c309e6eb18443e32bf52f01ebabb21: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 524288 bytes / 524288 bytes [root@localhost lvm]# docker-storage-setup
ERROR: Found LVM2_member signature on device /dev/vdb at offset 0x218. Wipe signatures using wipefs or use WIPE_SIGNATURES=true and retry.
[root@localhost lvm]# vi /etc/sysconfig/docker-storage-setup
[root@localhost lvm]# docker-storage-setup
INFO: Wipe Signatures is set to true. Any signatures on /dev/vdb will be wiped.
wipefs: error: /dev/vdb: probing initialization failed: Device or resource busy
ERROR: Failed to wipe signatures on device /dev/vdb [root@localhost ~]# docker-storage-setup
Checking that no-one is using this disk right now ...
OK Disk /dev/vdb: 104025 cylinders, 16 heads, 63 sectors/track
sfdisk:  /dev/vdb: unrecognized partition table type Old situation:
sfdisk: No partitions found New situation:
Units: sectors of 512 bytes, counting from 0    Device Boot    Start       End   #sectors  Id  System
/dev/vdb1          2048 104857599  104855552  8e  Linux LVM
/dev/vdb2             0         -          0   0  Empty
/dev/vdb3             0         -          0   0  Empty
/dev/vdb4             0         -          0   0  Empty
Warning: partition 1 does not start at a cylinder boundary
Warning: partition 1 does not end at a cylinder boundary
Warning: no primary partition is marked bootable (active)
This does not matter for LILO, but the DOS MBR will not boot this disk.
Successfully wrote the new partition table Re-reading the partition table ... If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)
to zero the first 512 bytes:  dd if=/dev/zero of=/dev/foo7 bs=512 count=1
(See fdisk(8).)
  Physical volume "/dev/vdb1" successfully created
  Volume group "docker1" successfully created
ERROR: Old mode of passing data and metadata logical volumes to docker is not supported. Exiting.
aufs:
AUFS (AnotherUnionFS) 是一种Union FS,简单来说就是支持将不同目录挂载到同一个虚拟文件系统下的文件系统。Aufs driver是Docker最早支持的driver,但是aufs只是Linux内核的一个补丁集,而且不太可能会被加入到Linux内核中。但是由于aufs是唯一一个可以实现容器间共享可执行代码和运行库的storage driver,所以当你跑成千上百个拥有相同程序代码或者运行库的时候,aufs是个相当不错的选择。 device mapper:
Device mapper是Linux 2.6内核中提供的一种从逻辑设备到物理设备的映射框架机制,在该机制下,用户可以很方便的根据自己的需要制定实现存储资源的管理策略。
Device mapper driver会创建一个100G的简单文件包含你的镜像和容器。每一个容器被限制在10G大小的卷内, 可以调整。
你可以在启动Docker daemon时用参数-s 指定driver:docker -d -s devicemapper。 Btrfs:
Btufs driver 在Docker build时可以很高效。但是跟device mapper一样不支持设备间共享存储。 在没有aufs支持的Linux发行版本上(CentOS、openSUSE等),安装Docker可能就使用了device mapper driver。
查看你的Linux发行版有没有aufs支持:lsmod | grep aufs 最后,当从一个镜像启动容器时,Docker会在该镜像的最顶层加载一个读写文件系统。我们想在Docker中运行的程序就是在这个读写层中执行的。
从上面我们可以知道容器的writable 层是保存在以容器ID为名的长ID目录里的,而ID+init后缀目录是保存容器的初始信息的。
构建镜像中很重要的一环就是如何共享和发布镜像。可以将镜像推送到Docker Hub或者用户自己的私有Registry中。为了完成这项工作,需要在Docker Hub上创建一个账号
docker run -d -p 50001:22 ubuntu/ruby:v2 /usr/sbin/sshd -D
一般容器不开sshd

容器与主机互传文件两种方法:cp与-v docker run -d -p 7965:80 192.168.10.112:5000/gai
将主机的目录挂在容器的/mnt下
#docker run -d -p 5000:5000 -v /root/my_registry:/tmp/registry registry
docker run -d -p 7965:80 -v /home/zf/:/mnt 192.168.10.112:5000/gai
./ent.sh 8d0 [root@my jj]# docker run -v /tmp/vol1 --name="vol2" -it 45b
[root@my jj]# docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
3176547d7062        45b                 "bash"              12 seconds ago      Exited (0) 5 seconds ago                       vol2
[root@my jj]# docker start 317
317
[root@my jj]# docker ps
CONTAINER ID        IMAGE                       COMMAND              CREATED             STATUS              PORTS                  NAMES
3176547d7062        45b                         "bash"               28 seconds ago      Up 2 seconds                               vol2
c949de9826f5        192.168.1.22:5000/httpd-b   "httpd-foreground"   24 hours ago        Up 51 minutes       0.0.0.0:7975->80/tcp   jovial_engelbart
30b3bd502c74        192.168.1.22:5000/httpd-a   "httpd-foreground"   24 hours ago        Up 51 minutes       0.0.0.0:7965->80/tcp   ecstatic_kare
[root@my ~]# ./aa.sh 317
Last login: Tue Jun 21 07:45:04 UTC 2016
[root@3176547d7062 ~]# df -h
Filesystem                                                                                          Size  Used Avail Use% Mounted on
/dev/mapper/docker-253:0-67459471-3176547d70627f3a125f734ea145163eceaa367e45ad31534eef86be91d6ae60  100G  306M  100G   1% /
tmpfs                                                                                               493M     0  493M   0% /dev
tmpfs                                                                                               493M     0  493M   0% /sys/fs/cgroup
tmpfs                                                                                               493M     0  493M   0% /run/secrets
/dev/mapper/centos-root                                                                              48G  2.7G   45G   6% /tmp/vol1
shm                                                                                                  64M     0   64M   0% /dev/shm
与容器交互数据的不同方式

有-v方式本机目录与容器目录之间共享数据,查看对比如下

docker run -v /home/ff:/mnt/ -it 45b
[root@my ff]# cp /root/RanZhi.3.3.zbox_64.tar.gz ./
[root@my ff]# /root/aa.sh b7d
Last login: Tue Jun 21 08:00:31 UTC 2016
[root@b7d745dac2c4 ~]# cd /mnt/
[root@b7d745dac2c4 mnt]# ls
RanZhi.3.3.zbox_64.tar.gz foef passwd [root@my ff]# cp /root/aa.sh ./
[root@my ff]# docker exec b7d ls /mnt
RanZhi.3.3.zbox_64.tar.gz
aa.sh
foef
passwd 有-v方式
docker run -v /tmp/vol1 --name="vol2" -it 45b
容器里面的路径是/tmp/vol1 [root@my ~]# docker inspect -f '{{.State.StartedAt}}' 317
2016-06-21T07:43:44.775004038Z docker inspect -f '{{.Mounts}}' 317
获取volume在主机中的路径
touch /var/lib/docker/volumes/81557ef21a02e117585e41dba692a70eed5a9d7d96195679edc397e6dfecd835/_data/eif
所以只需要往_data这个目录里复制文件即可

数据卷共享,容器之间共享卷。
docker run -it --volumes-from 317 45b
这样会将上面容器317中的/tmp/vol1挂到新容器之中,因为新容器与317容器使用同一个卷,就是
/var/lib/docker/volumes/81557ef21a02e117585e41dba692a70eed5a9d7d96195679edc397e6dfecd835/_data 容器启动时没有-v选项,就用docker cp 来处理
[root@my ff]# docker cp /root/RanZhi.3.3.zbox_64.tar.gz c94:/usr/local/apache2/htdocs/
[root@my ff]# docker exec c94 ls /usr/local/apache2/htdocs
RanZhi.3.3.zbox_64.tar.gz
anaconda-ks.cfg
world.sql
交互脚本
主要利用nsenter.
util-linux包中含有nsenter. [root@my ~]# ./aa.sh 30b
nsenter: failed to execute su: No such file or directory
如果出现上面的报错,只需要将脚本里的su改为/bin/su.原因是容器中的PATH 路径问题,使用/bin/su 即可。 #!/bin/sh if [ -e $(dirname "$0")/nsenter ]; then
# with boot2docker, nsenter is not in the PATH but it is in the same folder
NSENTER=$(dirname "$0")/nsenter
else
NSENTER=nsenter
fi if [ -z "$1" ]; then
echo "Usage: `basename "$0"` CONTAINER [COMMAND [ARG]...]"
echo ""
echo "Enters the Docker CONTAINER and executes the specified COMMAND."
echo "If COMMAND is not specified, runs an interactive shell in CONTAINER."
else
PID=$(docker inspect --format "{{.State.Pid}}" "$1")
if [ -z "$PID" ]; then
exit 1
fi
shift OPTS="--target $PID --mount --uts --ipc --net --pid --" if [ -z "$1" ]; then
# No command given.
# Use su to clear all host environment variables except for TERM,
# initialize the environment variables HOME, SHELL, USER, LOGNAME, PATH,
# and start a login shell.
"$NSENTER" $OPTS su - root
else
# Use env to clear all host environment variables.
"$NSENTER" $OPTS env --ignore-environment -- "$@"
fi
fi

c/s本地与远程访问

vi /etc/sysconfig/docker
要使远程可以访问就加入-H 0.0.0.0:5555监听端口,否则就只能本地访问。
要本地与远程同时可以访问就加入-H 0.0.0.0:5555和-H unix:///var/run/docker.sock。
OPTIONS='-H 0.0.0.0:5555 --registry-mirror=http://a984be05.m.daocloud.io --registry-mirror=http://a984be05.m.daocloud.io --selinux-enabled' docker -H 192.168.1.22:5555 images
docker -H 192.168.1.22:5555 ps 默认情况下,Docker守护进程会生成一个socket(/var/run/docker.sock)文件来进行本地进程通信,而不会监听任何端口,因此只能在本地使用docker客户端或者使用Docker API进行操作。
如果想在其他主机上操作Docker主机,就需要让Docker守护进程监听一个端口,这样才能实现远程通信。 修改Docker服务启动配置文件,添加一个未被占用的端口号,重启docker守护进程。 # vim /etc/sysconfig/docker
OPTIONS='-H 0.0.0.0:5555'
# systemctl restart docker 此时发现docker守护进程已经在监听5555端口,在另一台主机上可以通过该端口访问Docker进程了。 # docker -H IP:5555 images 但是我们却发现在本地操作docker却出现问题。 # docker images
FATA[0000] Cannot connect to the Docker daemon. Is 'docker -d' running on this host? 这是因为Docker进程只开启了远程访问,本地套接字访问未开启。我们修改/etc/sysconfig/docker,然后重启即可。 # vim /etc/sysconfig/docker
OPTIONS='-H unix:///var/run/docker.sock -H 0.0.0.0:5555'
# systemctl restart docker 现在本地和远程均可访问docker进程了。

docker2的更多相关文章

  1. 笔记-docker-2安装(centos6.5环境)

    笔记-docker-2安装(centos6.5环境) 1.      centos6.5安装docker 1.1.    升级内核 安装docker,官方文档要求linux kernel至少3.8以上 ...

  2. Docker---(2)为什么要用Docker

    原文:Docker---(2)为什么要用Docker 版权声明:欢迎转载,请标明出处,如有问题,欢迎指正!谢谢!微信:w1186355422 https://blog.csdn.net/weixin_ ...

  3. Docker---(2)docker pull 下来的镜像存储在哪里

    原文:Docker---(2)docker pull 下来的镜像存储在哪里 版权声明:欢迎转载,请标明出处,如有问题,欢迎指正!谢谢!微信:w1186355422 https://blog.csdn. ...

  4. Docker-2:network containers

    docker run -d -P --name web training/webapp python app.py # -name means give the to-be-run container ...

  5. docker-2 深入了解docker

    docker镜像.容器.仓库的基本概念 镜像 Docker 镜像就是一个只读的模板.例如:一个镜像可以包含一个完整的 CentOS 操作系统环境,里面仅安装了 httpd或用户需要的其它应用程序. 镜 ...

  6. Docker-2 的创建、启动、终止、删除、迁移等

    学习博客地址:http://www.dwhd.org/20151115_140935.html

  7. docker-2 tomcat

    启动容器命令 docker run -d -p 8080:8080 -v /root/tomcat/webapps:/usr/local/tomcat/webapps -v /root/tomcat/ ...

  8. Docker2之Service

    Make sure you have published the friendlyhello image you created by pushing it to a registry. We’ll ...

  9. Docker2 docker commit方法镜像制作

    一.前期准备 1.下载一个centos镜像,进入容器,安装wget docker pull centos docker run -it centos bash [root@web1 ~]# docke ...

随机推荐

  1. codeforces 446A DZY Loves Sequences

    vjudge 上题目链接:codeforces 446A 大意是说最多可以修改数列中的一个数,求最长严格递增的连续子序列长度. 其实就是个 dp 的思想,想好思路后交上去没想到一直 wa 在第二个测试 ...

  2. j.一个NIO与SSLEngine结合的例子

    对于BIO通道的程序来讲,建立起SSLServerSocket之后,后续的工作就和普通的ServerSocket没有什么区别了,这是因为JDK中通过JSSE的API,封装了SSL通道的实现逻辑,否则, ...

  3. OC语言@property @synthesize和id

    OC语言@property @synthesize和id 一.@property @synthesize关键字 注意:这两个关键字是编译器特性,让xcode可以自动生成getter和setter的声明 ...

  4. Leetcode 58 Length of Last Word 难度:0

    https://leetcode.com/problems/length-of-last-word/ int lengthOfLastWord(char* s) { int ans = 0; int ...

  5. Topcoder SRM 583 DIV2 SwappingDigits

    题目题意是交换一次,使数字最小,且数字前面不能有前导0 string minNumber(string num) { string res = num; for(int i = 0 ; i < ...

  6. linux kernel 如何处理大小端

    暂时在用MPC8309,不太清楚大小端内核是什么时候给转的. 今天看了关于readl和writel具体实现的文章 今天就主要来分析下readl/writel如何实现高效的数据swap和寄存器读写.我们 ...

  7. SQL实践中的50句

    一个项目涉及到的50个Sql语句(整理版)--1.学生表Student(S,Sname,Sage,Ssex) --S 学生编号,Sname 学生姓名,Sage 出生年月,Ssex 学生性别--2.课程 ...

  8. url编码 中文在url参数中传递,在请求头,响应头中传递,是如何编码的呢?

    一定要编码成url的吗?还是url自动把接受的汉字编码,请求头响应头到达之后再自动编码成汉字?这样似乎比较合理哦 先把iso8859-1 转换成 utf-8,在mvc中处理,然后响应的时候在转成iso ...

  9. js 中混乱this

    1.在HTML元素事件属性中inline方式使用this关键字:  <div onclick=" // 可以在里面使用this ">division element&l ...

  10. cassandra中对节点失败与否的探测方法, the Phi accrual Failure Dector,附论文

    (1)在分布式系统中,对于某个节点是否还“活着”的探测,通常是设定一个时间的阀值,然后根据接收到的“心跳”信息的间隔,来判定这个节点是否还活着,然后返回一个bool值: 但这种做法很容易造成误判:因为 ...