《Docker.io实践.pdf》由会员分享,可在线阅读,更多相关《Docker.io实践.pdf(55页珍藏版)》请在三一文库上搜索。
1、Ladislav Prskavec http:/ abtris 23.11.2013 4 years docker packer Canonicals JuJu serf CloudFlare SoundCloud What is docker? an open source project to pack, ship and run any application as a lightweight container Why container? Analogy from logistics build once, run anywhere developer confi gure once
2、, run anything operations Containers are to Virtual Machines as threads are to processes. Or you can think of them as chroots on steroids. Will Sargent What is container in docker? Kernel namespaces (ipc, uts, mount, pid, network and user) Chroots (using pivot_root) Apparmor and SELinux profi les Ke
3、rnel capabilities Control groups (cgroups) AUFS or replacement in 0.7 version and later SERVER HOST OS Docker Engine Container A Container B Container C SERVER HOST OS Docker Engine Container A Container B Container C SERVER HOST OS Hypervisor Guest OSGuest OSGuest OS APP A APP B APP C Basics Instal
4、lation Finding and downloading images docker search ubuntu docker pull shykes/ubuntu Running docker run ubuntu /bin/echo hello world ? docker run -i -t ubuntu /bin/bash Committing your changes docker ps -l docker commit ID base/with_curl Pushing an image to the repository docker push abtris/curl doc
5、ker push internal_repository:5000/curl Image Parent Image Dockerfi le Best Practices Use the cache Use tags EXPOSE-ing ports CMD and ENTRYPOINT syntax CMD and ENTRYPOINT better together Use the cache FROM ubuntu:latest MAINTAINER Ladislav Prskavec ? RUN echo “deb http:/ precise main universe“ /etc/a
6、pt/sources.list ? RUN apt-get update RUN apt-get -y upgrade Use tags ? docker build -t=“abtris/sentry“ . EXPOSE-ing ports ? # private and public mapping EXPOSE 80:8080 ? # private only EXPOSE 80 CMD and ENTRYPOINT ? ? CMD /bin/echo # or CMD “/bin/echo“ CMD and ENTRYPOINT better together RUN apt-get
7、install -y rethinkdb ? # Rethinkdb process EXPOSE 28015 # Rethinkdb admin console EXPOSE 8080 ? # Create the /rethinkdb_data dir structure RUN /usr/bin/rethinkdb create ? ENTRYPOINT “/usr/bin/rethinkdb“ ? CMD “-help“ Running rethinkdb will create a new data directory or use an existing one, and serv
8、e as a RethinkDB cluster node. File path options: -d -directory path specify directory to store data and metadata -io-threads n how many simultaneous I/O operations can happen at the same time ? Machine name options: -n -machine-name arg the name for this machine (as will appear in the metadata). If
9、 not specified, it will be randomly chosen from a short list of names. ? Network options: -bind all | addr add the address of a local interface to listen on when accepting connections; loopback addresses are enabled by default -cluster-port port port for receiving connections from other nodes -drive
10、r-port port port for rethinkdb protocol client drivers -o -port-offset offset all ports used locally will have this value added -j -join host:port host and port of a rethinkdb node to connect to . docker run crosbymichael/rethinkdb info: Running rethinkdb 1.7.1-0ubuntu1precise (GCC 4.6.3). info: Run
11、ning on Linux 3.2.0-45-virtual x86_64 info: Loading data from directory /rethinkdb_data warn: Could not turn off filesystem caching for database file: “/ rethinkdb_data/metadata“ (Is the file located on a filesystem that doesnt support direct I/O (e.g. some encrypted or journaled file systems)?) Thi
12、s can cause performance problems. warn: Could not turn off filesystem caching for database file: “/ rethinkdb_data/auth_metadata“ (Is the file located on a filesystem that doesnt support direct I/O (e.g. some encrypted or journaled file systems)?) This can cause performance problems. info: Listening
13、 for intracluster connections on port 29015 info: Listening for client driver connections on port 28015 info: Listening for administrative HTTP connections on port 8080 info: Listening on addresses: 127.0.0.1, 172.16.42.13 info: Server ready info: Someone asked for the nonwhitelisted file /js/ handl
14、ebars.runtime-1.0.0.beta.6.js, if this should be accessible add it to the whitelist. docker run crosbymichael/rethinkdb bind all FROM ubuntu:latest MAINTAINER Ladislav Prskavec RUN apt-get update RUN apt-get -y upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -y install curl apache2 libapache2-mod
15、-php5 vim-tiny RUN chown -R www-data:www-data /var/www/ EXPOSE 80 EXPOSE 22 CMD “/bin/bash“ git clone https:/ docker build . Dockerfi le Use raw Dockerfi le 1. Cache wins. 2. Chef, ansible, etc, does not use cache. 3. Raw Dockerfi le uses cache. 4. Raw Dockerfi le wins. Links If you have a docker co
16、ntainer with the name CONTAINER (specifi ed by docker run -name CONTAINER) and in the Dockerfi le, it has an exposed port: EXPOSE 1337 docker run -d -link CONTAINER:ALIAS -name LINKED user/wordpress CONTAINER will show up in LINKED with the following environment variables: $ALIAS_PORT_1337_TCP_PORT
17、$ALIAS_PORT_1337_TCP_ADDR Container Lifecycle docker run - creates a container. docker stop stops it. docker start will start it again. docker restart restarts a container. docker rm deletes a container. docker attach will connect to a running container. docker wait blocks until container stops. Con
18、tainer Info docker ps shows running containers. docker ps -a shows running and stopped containers. docker inspect looks at all the info on a container (including IP address). docker logs gets logs from container. docker events gets events from container. docker port shows public facing port of conta
19、iner. docker top shows running processes in container. Import / Export docker cp copies into a container. docker export turns container fs into tarball. Images Lifecycle docker import creates an image from a tarball. docker build creates image from Dockerfi le. docker commit creates image from a con
20、tainer. docker rmi removes an image. docker insert inserts a fi le from URL into image Images Info docker images shows all images docker history shows history of image docker tag tags an image to a name (local or registry) Registry & Repository docker search searches registry for image docker pull p
21、ulls an image from registry to local machine docker push pushes an image to the registry from local machine. Good practices Install a internal docker registry Install Shipyard Create base image Build from your base image Push your images Save off your registry Install a internal docker registry Inst
22、all an internal registry (the fast way) and run it as a daemon: docker run -name internal_registry -d -p 5000:5000 samalba/docker-registry Alias server to localhost echo “127.0.0.1 internal_registry“ /etc/ host Check internal_registry exists and is running on port 5000: curl -get -verbose http:/inte
23、rnal_registry:5000/v1/ _ping Create base image Create a Dockerfi le with initialization code such as apt-get update / apt-get install etc: this is your base. Build your base image, then push it to the internal registry with docker build -t internal_registry:5000/ base . Build from your base image Bu
24、ild all of your other Dockerfi le pull from “base” instead of ubuntu. Keep playing around until you have your images working. Push your images Push all of your images into the internal registry. docker tag IMAGE-ID abtris/apache docker push internal_registry:5000/apache Save off your registry If you
25、 need to blow away your Vagrant or set someone else up, its much faster to do it with all the images still intact: docker export internal_registry internal_registry.tar gzip internal_registry.tar mv internal_registry.tar.gz /vagrant Projects uses docker http:/deis.io/ https:/fl ynn.io/ http:/ https:/ http:/ http:/index.docker.io https:/index.docker.io/u/ abtris/devfest-2013/ http:/shipyard- docker.io ? https:/ communities/108146856671494713993 docker cheat sheet https:/ demo fi les https:/ docker sources http:/bit.ly/dockersources
链接地址:https://www.31doc.com/p-3330123.html