Docker容器学习梳理 - 应用程序容器环境部署

关于国内Docker镜像,可以参考:Docker容器学习梳理--基础知识(2) 的Docker镜像使用。

如果我们需要在Docker环境下部署tomcat、redis、mysql、nginx、php等应用服务环境,有下面三种方法:

1)根据系统镜像创建Docker容器,这时容器就相当于是一个虚拟机,进入容器内部署应用环境。
   然后将这种应用容器提交为新的镜像,最后基于这种新的应用镜像创建容器,创建时做好端口映射,就可以在外部访问这些应用了。
2)直接通过docker pull拉取别人提交好的tomcat、nginx等应用程序镜像,然后基于这些镜像去创建容器。
3)通过dockerfile制作自己的应用程序镜像。

根据系统镜像部署应用容器,简单做法如下:
1)启动centos系统镜像的容器my_container
2)在my_container容器里部署例如nginx、php、mysql、php的服务
3)将部署完对应服务的容器my_container提交为新的镜像
4)然后根据新镜像去创建容器
5)这个新镜像可以打包,导入到别的Docker服务器上使用

启动容器时,记得要做好端口映射和目录映射。端口映射是为了实现在外部能成功访问到容器里的应用服务。目录映射是为了实现宿主机和容器的数据共享,这样要对容器做修改时,直接在宿主机的映射目录下做修改就行。修改数据的操作最好不要在容器内进行;原则上来说一个应用启动一个容器,最好别在一个容器内启动多个应用。

下面列举几个通过应用服务镜像部署环境的例子:
Docker宿主机内网ip:192.168.1.23
Docker宿主机外网ip:103.110.186.23
Docker部分命令解释:

-i:表示以“交互模式”运行容器
-t:表示容器启动后会进入其命令行。加入这两个参数后,容器创建就能登录进去。即分配一个伪终端。
--name :表示创建的容器名为my-nginx
-v:表示目录映射关系(前者是宿主机目录,后者是映射到宿主机上的目录),可以使用多个-v做多个目录或文件映射。
    注意:最好做目录映射,在宿主机上做修改,然后共享到容器上。
-d:在run后面加上-d参数,则会创建一个守护式容器在后台运行(这样创建容器后不会自动登录容器,如果只加-i -t两个参数,创建后就会自动进去容器)。docker attch登录容器时如果卡着,按ctrl+c。
-p:表示端口映射,前者是宿主机端口,后者是容器内的映射端口。可以使用多个-p做多个端口映射

如果创建容器时报如下错:

docker: Error response from daemon: failed to create endpoint mosredis on network bridge: iptables failed: iptables --wait -t filter -A DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.6  -j ACCEPT: iptables: No chain/target/match by that name.
 (exit status 1).

解决办法:
一般来说,重启docker服务,即可解决这个问题。
[root@localhost ~]# systemctl restart docker
[root@localhost ~]#
----------------------------------
如果重启docker服务解决不了,那么如下操作:
[root@localhost ~]# pkill docker
[root@localhost ~]# iptables -t nat -F
[root@localhost ~]# ifconfig docker0 down
[root@localhost ~]# brctl delbr docker0

一、redis容器环境部署

拉取redis镜像(这里拉取的是官方镜像。也可以自己制作redis镜像)
[root@localhost ~]# docker pull redis
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/redis     latest              e4a35914679d        2 weeks ago         182.9 MB

用下面的命令启动Redis容器,记得要带上“-d”参数.在run后面加上-d参数,则会创建一个守护式容器在后台运行。
[root@localhost ~]# docker run --name myredis -d docker.io/redis
7a273a550005b8494be9d48970a6cc4efbaddd8a152261310a07237d43c9eb16

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
7a273a550005        docker.io/redis     "docker-entrypoint.sh"   3 seconds ago       Up 2 seconds        6379/tcp            myredis

连接容器的redis
1)第一种方式:找出容器的ip
[root@localhost ~]# docker inspect --format='{{.NetworkSettings.IPAddress}}' 7a273a550005
172.17.0.2

然后连接容器的redis
[root@localhost ~]# redis-cli -h 172.17.0.2 -p 6379
redis 172.17.0.2:6379> ping      //验证下redis服务是否已经连接上
PONG
redis 172.17.0.2:6379>

2)第二种方式:
[root@localhost ~]# docker run --name myredis -d docker.io/redis
5e260566925e9d6a31b47a47124feb10f3dcfce131c6aa67647881da7874502b

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
5e260566925e        docker.io/redis     "docker-entrypoint.sh"   13 minutes ago      Up 13 minutes       6379/tcp            myredis

下面的命令表示新建一个容器(命名为myredis2),将redis-cli运行在里面。然后使用--link将这个容器和之前的redis容器(myredis)连接起来,并将其别名命名为redisdb。
Docker会在redis容器中的/etc/hosts路径下为"redisdb"创建一个入口,并指向redis容器的IP地址.
这样在这两个容器里就可以使用“redisdb”来作为提供redis容器的机器名,也就可以利用这个别名来连接容器redis。
[root@localhost ~]# docker run --rm -it --name myredis2 --link myredis:redisdb docker.io/redis /bin/bash
root@4d4b25678b84:/data# redis-cli -h redisdb -p 6379
redisdb:6379> ping
PONG
redisdb:6379>

-----------------------------------------------------
当然,这样也可以如上面先查容器ip进行连接
[root@localhost ~]# docker inspect --format='{{.NetworkSettings.IPAddress}}' 5e260566925e
172.17.0.2
[root@localhost ~]# redis-cli -h 172.17.0.2 -p 6379
redis 172.17.0.2:6379>

3)第三种方式:通过端口映射,外部连接redis容器应用的方法
创建Redis容器实例,这里使用了Docker的端口映射机制,从而就可以使用Host服务器的IP访问这些redis实例.
如下创建三个redis容器实例
[root@localhost ~]# docker run -d --name node1 -p 7001:6379 docker.io/redis
e4b8ca12d9e76441efe2074ab1109757a33a45aff71d1a553140d48d88133372
[root@localhost ~]# docker run -d --name node2 -p 7002:6379 docker.io/redis
a8ee6f48f431651a0342fba289604046cd5b142f53a7eb43f655dde397a06a6f
[root@localhost ~]# docker run -d --name node3 -p 7003:6379 docker.io/redis
2b61bf6765a8c254df9dd41d3ece6b12f4dd768976e6e22f327516063fc2e634
[root@localhost ~]#

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                    NAMES
2b61bf6765a8        docker.io/redis     "docker-entrypoint.sh"   48 seconds ago       Up 47 seconds       0.0.0.0:7003->6379/tcp   node3
a8ee6f48f431        docker.io/redis     "docker-entrypoint.sh"   55 seconds ago       Up 55 seconds       0.0.0.0:7002->6379/tcp   node2
e4b8ca12d9e7        docker.io/redis     "docker-entrypoint.sh"   About a minute ago   Up About a minute   0.0.0.0:7001->6379/tcp   node1

在容器之间建立连接
可以创建应用程序容器,使用--link参数来创建一个连接redis容器,使用别名,将会在redis容器和redis实例容器中创建一个安全的通信隧道

------------node1操作------------
[root@localhost ~]# docker run --link node1:db -i -t docker.io/redis /bin/bash
root@8fd8d9db3cc1:/data#

现在可以测试连接,首先要先查看下web应用程序容器的环境变量,可以用我们的ip和端口来连接redis容器
root@8fd8d9db3cc1:/data# env | grep DB_
DB_PORT_6379_TCP_PORT=6379
DB_NAME=/nauseous_heisenberg/db
DB_PORT=tcp://172.17.0.2:6379
DB_PORT_6379_TCP=tcp://172.17.0.2:6379
DB_ENV_GOSU_VERSION=1.7
DB_ENV_REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-3.2.8.tar.gz
DB_ENV_REDIS_VERSION=3.2.8
DB_PORT_6379_TCP_ADDR=172.17.0.2
DB_PORT_6379_TCP_PROTO=tcp
DB_ENV_REDIS_DOWNLOAD_SHA1=6780d1abb66f33a97aad0edbe020403d0a15b67f

可以看到上面命令结果中有一个DB为前缀的环境变量列表,DB来自指定别名连接对应的应用容器,这里就可以使用DB_PORT_6379_TCP_ADDR变量连接到Redis容器。
root@8fd8d9db3cc1:/data# redis-cli -h $DB_PORT_6379_TCP_ADDR
172.17.0.2:6379> ping
PONG
172.17.0.2:6379> set node1 redis-node1
OK
172.17.0.2:6379> get node1
"redis-node1"
172.17.0.2:6379>

------------node2操作------------
[root@localhost ~]# docker run --link node2:db2 -i -t docker.io/redis /bin/bash
root@8eb2ccc2aff3:/data# env | grep DB2_
DB2_PORT_6379_TCP_PROTO=tcp
DB2_ENV_REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-3.2.8.tar.gz
DB2_PORT_6379_TCP_ADDR=172.17.0.3
DB2_ENV_GOSU_VERSION=1.7
DB2_PORT=tcp://172.17.0.3:6379
DB2_PORT_6379_TCP_PORT=6379
DB2_ENV_REDIS_VERSION=3.2.8
DB2_ENV_REDIS_DOWNLOAD_SHA1=6780d1abb66f33a97aad0edbe020403d0a15b67f
DB2_PORT_6379_TCP=tcp://172.17.0.3:6379
DB2_NAME=/furious_kare/db2

root@8eb2ccc2aff3:/data# redis-cli -h $DB2_PORT_6379_TCP_ADDR
172.17.0.3:6379> ping
PONG
172.17.0.3:6379> set node2 redis-node2
OK
172.17.0.3:6379> get node2
"redis-node2"
172.17.0.3:6379>

------------node3操作------------
[root@localhost ~]# docker run --link node3:db3 -i -t docker.io/redis /bin/bash
root@d60d074ca66b:/data# env|grep DB3_
DB3_PORT_6379_TCP_ADDR=172.17.0.4
DB3_PORT_6379_TCP_PORT=6379
DB3_PORT_6379_TCP_PROTO=tcp
DB3_ENV_REDIS_DOWNLOAD_SHA1=6780d1abb66f33a97aad0edbe020403d0a15b67f
DB3_NAME=/amazing_kalam/db3
DB3_PORT=tcp://172.17.0.4:6379
DB3_ENV_REDIS_VERSION=3.2.8
DB3_ENV_GOSU_VERSION=1.7
DB3_ENV_REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-3.2.8.tar.gz
DB3_PORT_6379_TCP=tcp://172.17.0.4:6379

root@d60d074ca66b:/data# redis-cli -h $DB3_PORT_6379_TCP_ADDR
172.17.0.4:6379> ping
PONG
172.17.0.4:6379> set node3 redis-node3
OK
172.17.0.4:6379> get node3
"redis-node3"
172.17.0.4:6379>

这样就可以在docker宿主机或其他服务器上通过宿主机的ip地址以及映射的端口进行连接
[root@localhost ~]# redis-cli -h 192.168.1.23 -p 7001
redis 192.168.1.23:7001> get node1
"redis-node1"
redis 192.168.1.23:7001>

[root@localhost ~]# redis-cli -h 192.168.1.23 -p 7002
redis 192.168.1.23:7002> get node2
"redis-node2"
redis 192.168.1.23:7002>

[root@localhost ~]# redis-cli -h 192.168.1.23 -p 7003
redis 192.168.1.23:7003> get node3
"redis-node3"
redis 192.168.1.23:7003>

注意一个细节:
创建应用容器的时候,一般会做端口映射,这样是为了让外部能够访问这些容器里的应用。可以通过-P或-p参数来指定端口映射

1)当使用-p标记时,可以指定端口映射,即容器端口映射到宿主机的对应端口。可以用多个-p指定多个端口映射关系。如下:
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/redis     latest              e4a35914679d        2 weeks ago         182.9 MB

[root@localhost ~]# docker run --name myredis -p 63799:6379 -d docker.io/redis
f5d5ff51ace01c5f26fcd65a6ca4853f8556a333c812576123ed71fd3d405737

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                     NAMES
f5d5ff51ace0        docker.io/redis     "docker-entrypoint.sh"   6 seconds ago       Up 5 seconds        0.0.0.0:63799->6379/tcp   myredis

[root@localhost ~]# docker run --rm -it --name myredis2 --link myredis:redisdb docker.io/redis /bin/bash
root@16b660ff9f65:/data# redis-cli -h redisdb -p 6379
redisdb:6379> ping
PONG
redisdb:6379> set test linux
OK
redisdb:6379>

在别的机器上通过访问本机的63799端口连接这个容器的redis
[root@linux-node2 ~]# redis-cli -h 192.168.1.23 -p 63799
192.168.1.23:63799> get test
"linux"
192.168.1.23:63799> 

2)当使用-P标记时,Docker 会随机映射一个 49000~49900 的端口到内部容器开放的网络端口。如下:
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/redis     latest              e4a35914679d        2 weeks ago         182.9 MB

[root@localhost ~]# docker run --name myredis -P -d docker.io/redis
805d0e21e531885aad61d3e82395210b50621f1991ec4b7f9a0e25c815cc0272

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                     NAMES
805d0e21e531        docker.io/redis     "docker-entrypoint.sh"   4 seconds ago       Up 3 seconds        0.0.0.0:32768->6379/tcp   myredis

从上面的结果中可以看出,本地主机的32768端口被映射到了redis容器的6379端口上,也就是说访问本机的32768端口即可访问容器内redis端口。

测试看下,登陆redis容器,随意写个数据
[root@localhost ~]# docker run --rm -it --name myredis2 --link myredis:redisdb docker.io/redis /bin/bash
root@be44d955d6f4:/data# redis-cli -h redisdb -p 6379
redisdb:6379> set wangshibo huanqiu
OK
redisdb:6379> 

在别的机器上通过上面映射的端口32768连接这个容器的redis
[root@linux-node2 ~]# redis-cli -h 192.168.1.23 -p 32768
192.168.1.23:32768> get wangshibo
"huanqiu"

二、nginx容器环境部署(下面是自己制作的应用镜像)

[root@linux-node2 ~]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
centos                       latest              67591570dd29        3 months ago        191.8 MB

为了防止centos7镜像容器里出现:Failed to get D-Bus connection: Operation not permitted 这个bug错误,需要在启动容器的时候添加--privileged参数
并且后面登录容器执行的命令是/sbin/init,如下:
[root@linux-node2 ~]# docker run --privileged -t -i centos /sbin/init

上面命令执行后,会一直卡着。这个不要紧,再打开一个终端窗口,查看并登录容器:
[root@linux-node2 ~]# docker ps
CONTAINER ID    IMAGE       COMMAND        CREATED          STATUS         PORTS  NAMES
eaf66f1e43ab    centos      "/sbin/init"   16 seconds ago   Up 15 seconds         hungry_khorana

[root@linux-node2 ~]# docker exec -it eaf66f1e43ab /bin/bash
[root@eaf66f1e43ab /]#

接着在容器里安装nginx
[root@eaf66f1e43ab /]# yum install -y wget lsof vim

添加CentOS 7 Nginx yum资源库,然后安装nginx
[root@eaf66f1e43ab /]# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@eaf66f1e43ab /]# yum install -y nginx

[root@eaf66f1e43ab conf.d]# pwd
/etc/nginx/conf.d
[root@eaf66f1e43ab conf.d]# cat test.conf
server {
listen 8080;
server_name localhost;
location / {
root /var/www/html;
index index.html;
}
}

[root@eaf66f1e43ab conf.d]# mkdir -p /var/www/html
[root@eaf66f1e43ab conf.d]# cat /var/www/html/test.html
this is nginx page of docker!!

[root@eaf66f1e43ab conf.d]# systemctl start nginx.service

将这个容器提交为新的镜像
[root@linux-node2 ~]# docker stop eaf66f1e43ab
[root@linux-node2 ~]# docker commit eaf66f1e43ab my-nginx
[root@linux-node2 ~]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
my-nginx                     latest              8dacda904e00        45 minutes ago      314.4 MB

将上面提交的镜像打包
[root@linux-node2 ~]# docker save my-nginx > /root/my-nginx.tar.gz

然后将这个镜像包上传到别的机器上,比如上传到192.168.1.23机器上的/root下。
在192.168.1.23机器上导入新镜像
[root@localhost ~]# docker load < /root/my-nginx.tar.gz
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
my-nginx            latest              8dacda904e00        50 minutes ago      314.4 MB

启动nginx容器
[root@localhost ~]# docker run -t -i --privileged --name nginx -v /var/www/html:/var/www/html -p 8899:8080 my-nginx /sbin/init

上面命令执行后会卡着,在另一个端口窗口:
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                    NAMES
3b5cbea50052        my-nginx            "/sbin/init"        36 seconds ago      Up 35 seconds       0.0.0.0:8899->8080/tcp   nginx
[root@localhost ~]# docker exec -t -i 3b5cbea50052 /bin/bash
[root@3b5cbea50052 /]# 

[root@3b5cbea50052 /]# systemctl start nginx.service
[root@3b5cbea50052 /]# ps -ef|grep nginx
root       117     1  0 16:47 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx      118   117  0 16:47 ?        00:00:00 nginx: worker process
root       120    88  0 16:47 ?        00:00:00 grep --color=auto nginx
[root@3b5cbea50052 /]# cat /etc/nginx/conf.d/test.conf
server {
listen 8080;
server_name localhost;
location / {
root /var/www/html;
index index.html;
}
}

[root@3b5cbea50052 /]# cat /etc/nginx/conf.d/test.conf
server {
listen 8080;
server_name localhost;
location / {
root /var/www/html;
index index.html;
}
}

[root@localhost ~]# cat /var/www/html/index.html
this is page of Docker-nginx-test!!!

Docker宿主机的iptables防火墙设置好映射端口8899

测试访问

Docker容器学习梳理 - 应用程序容器环境部署

----------------------------------------------------------------------------
根据nginx应用镜像直接创建:

[root@localhost ~]# docker pull nginx
[root@localhost ~]# docker images
docker.io/nginx                latest              5e69fe4b3c31        4 days ago          182.5 MB

[root@localhost ~]# docker run -ti -d --name my-nginx -p 9988:80 docker.io/nginx /bin/bash
55ae1f2b1eca6638e11865171f322a55cfa277a0aec06526428a1887229b022e
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE                       COMMAND             CREATED             STATUS              PORTS                           NAMES
55ae1f2b1eca        docker.io/nginx             "/bin/bash"         3 seconds ago       Up 3 seconds        443/tcp, 0.0.0.0:9988->80/tcp   my-nginx

[root@localhost ~]# docker exec -ti my-nginx /bin/bash
root@55ae1f2b1eca:/# find / -name nginx
/etc/default/nginx
/etc/init.d/nginx
/etc/logrotate.d/nginx
/etc/nginx
/usr/lib/x86_64-linux-gnu/perl5/5.20/auto/nginx
/usr/lib/nginx
/usr/sbin/nginx
/usr/share/doc/nginx
/usr/share/lintian/overrides/nginx
/usr/share/nginx
/var/cache/nginx
/var/log/nginx

root@55ae1f2b1eca:/# mkdir -p /var/web/www
root@55ae1f2b1eca:/# exit
exit

[root@localhost ~]# docker cp my-nginx:/etc/nginx /var/
[root@localhost ~]# mkdir -p /var/web/www
[root@localhost ~]# cd /var/web/www/
[root@localhost www]# echo "12313123" > index.html

[root@localhost ~]# docker stop my-nginx
my-nginx
[root@localhost ~]# docker rm my-nginx
my-nginx
[root@localhost ~]# docker run -ti -d --name my-nginx -v /var/nginx:/etc/nginx -v /var/web/www:/var/web/www -p 8899:80 docker.io/nginx /bin/bash
af8a4594d643197d204200cd1e3b6a3d000cae71ef92826c0e40edfa87026a2a
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE                       COMMAND             CREATED             STATUS              PORTS                           NAMES
af8a4594d643        docker.io/nginx             "/bin/bash"         52 seconds ago      Up 50 seconds       443/tcp, 0.0.0.0:8899->80/tcp   my-nginx

[root@localhost ~]# vim /etc/sysconfig/iptables
.......
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8899 -j ACCEPT

[root@localhost ~]# systemctl restart iptables.service

[root@localhost ~]# docker exec -ti my-nginx /etc/init.d/nginx start

然后就可以通过访问http://宿主机ip:8899,进而访问到nginx容器应用了。

接着测试下
[root@localhost ~]# mv /var/nginx/conf.d/default.conf /var/nginx/conf.d/default.conf.bak
[root@localhost ~]# cat /var/nginx/conf.d/test.conf
server {
listen 80;
server_name localhost;
location / {
root /var/web/www;
index index.html;
}
}

[root@localhost ~]# echo "12312313" > /var/www/html/test.html

接着重启容器的nginx应用
[root@localhost ~]# docker exec -t -i my-nginx /etc/init.d/nginx restart

测试访问(192.168.1.23是宿主机ip)
[root@localhost ~]# curl http://192.168.1.23:8899/
12313123

可以使用Nginx+Docker实现负载均衡

1)在本机部署两个nginx的docker容器,端口对应关系分别是8088:80、8089:80
2)在本机在安装nginx,然后在nginx配置文件中使用upstream将访问请求负载到本机的8088和8089端口上,
   这样也就是将访问请求负载到两个容器上了

此方案的原理是将宿主机的端口和docker容器的端口做一个映射(即访问宿主机的某端口会映射到docker容器对应的端口),
然后在宿主机通过配置Nginx,即可达到访问宿主机的某端口,按规则分配到指定的服务地址,即完成了负载均衡。

三、tomcat容器环境部署

[root@localhost ~]# docker images
REPOSITORY           TAG                 IMAGE ID            CREATED              SIZE
docker.io/centos     latest              67591570dd29        3 months ago         191.8 MB

[root@localhost ~]# docker run -it --name=container1 docker.io/centos
[root@9df6dc740f01 /]# java -version      //容器里安装java

上传宿主机的tomcat到容器里
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# ls
apache-tomcat-7.0.57.tar.gz
[root@localhost src]# docker cp apache-tomcat-7.0.57.tar.gz 9df6dc740f01:/usr/local/src/

登陆容器,安装tomcat
[root@9df6dc740f01 /]# cd /usr/local/src/
[root@9df6dc740f01 src]# ls
apache-tomcat-7.0.57.tar.gz
[root@9df6dc740f01 src]# tar -zvxf apache-tomcat-7.0.57.tar.gz
[root@9df6dc740f01 src]# mv apache-tomcat-7.0.57 /usr/local/tomcat7

将此容器提交为新的镜像
[root@localhost ~]# docker commit container1 tomcat7
sha256:2ec9e2eb978a4af266608fdfd70320bff0886b245a9a2d249cdefdfe70760acb
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
tomcat7             latest              2ec9e2eb978a        3 minutes ago       562.3 MB
[root@localhost ~]# docker stop container1
container1
[root@localhost ~]# docker rm container1
container1

利用新提交的镜像启动tomcat容器
[root@localhost ~]# docker run -t -i -d --name=tomcat -p 8888:8080 tomcat7 /bin/bash
25f20fa6d54a1b2e2454a4d0a3966854e2fe4d81c54c366a1b07da47695f5418
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                    NAMES
25f20fa6d54a        tomcat7             "/bin/bash"         3 seconds ago       Up 2 seconds        0.0.0.0:8888->8080/tcp   tomcat

登陆容器,启动tomcat进程
[root@localhost ~]# docker attach tomcat
[root@25f20fa6d54a ~]# /usr/local/tomcat7/bin/startup.sh
Using CATALINA_BASE:   /usr/local/tomcat7
Using CATALINA_HOME:   /usr/local/tomcat7
Using CATALINA_TMPDIR: /usr/local/tomcat7/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar
Tomcat started.
[root@25f20fa6d54a ~]# ps -ef|grep tomcat
root        62     1 92 07:52 ?        00:00:03 java -Djava.util.logging.config.file=/usr/local/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat7/endorsed -classpath /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat7 -Dcatalina.home=/usr/local/tomcat7 -Djava.io.tmpdir=/usr/local/tomcat7/temp org.apache.catalina.startup.Bootstrap start
root        84     1  0 07:52 ?        00:00:00 grep --color=auto tomcat

宿主机防火墙开通8888端口,然后就可以在外部容器的tomcat了(通过宿主机的8888端口进行映射)

[root@localhost ~]# vim /etc/sysconfig/iptables
.......
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8888 -j ACCEPT
[root@localhost ~]# systemctl restart iptables.service

Docker容器学习梳理 - 应用程序容器环境部署

--------------------------------------------------------------------------------------------
在部署应用容器的时候,最好将容器的配置文件及数据目录跟宿主机目录做个映射关系!最好不要在容器内修改数据。
这样就可以通过宿主机的共享文件及共享目录去控制对应容器的数据了。

先启动tomcat容器,将tomcat的配置文件和数据目录跟宿主机做个映射。
[root@localhost ~]# docker cp tomcat:/usr/local/tomcat7/webapps /mnt/
[root@localhost ~]# docker cp tomcat:/usr/local/tomcat7/conf /mnt/
[root@localhost ~]# ls /mnt/conf/
catalina.policy  catalina.properties  context.xml  logging.properties  server.xml  tomcat-users.xml  web.xml
[root@localhost ~]# ls /mnt/webapps/
docs  examples  host-manager  manager  ROOT

然后关闭和删除这个tomcat容器,重启启动,启动时做目录映射关系
[root@localhost ~]# docker stop tomcat
tomcat
[root@localhost ~]# docker rm tomcat
tomcat

[root@localhost ~]# docker run -t -i -d --name=tomcat -v /mnt/webapps:/usr/local/tomcat7/webapps -v /mnt/conf:/usr/local/tomcat7/conf -p 8888:8080 tomcat7 /bin/bash
63799add4a628b1b690eb9e538001e6872b12e8e03e39b4e7275f7bf49c2645f

[root@localhost ~]# docker attach tomcat
[root@63799add4a62 /]# /usr/local/tomcat7/bin/startup.sh
Using CATALINA_BASE:   /usr/local/tomcat7
Using CATALINA_HOME:   /usr/local/tomcat7
Using CATALINA_TMPDIR: /usr/local/tomcat7/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar
Tomcat started.

......................温馨提示一下.....................
上面在创建容器时启动的进程是/bin/bash,容器创建成功后,需要启动创建里其他的进程,比如上面的tomcat进程。
那么除了上面直接登录容器内启动tomcat进程外,还可以在宿主机上通过docker exec启动(前提是容器在启动状态中)

docker exec 命令用户在运行状态中的容器内再次启动新的进程。命令格式:docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
[root@localhost ~]# docker exec tomcat /usr/local/tomcat7/bin/startup.sh   //如果启动中出现卡的情况,就ctrl+c,不影响启动结果
Tomcat started.

[root@linux-node2 ~]# docker attach my_tomcat
[root@f268eefdc283 /]# ps -ef|grep tomcat
root        30     0  1 10:13 ?        00:00:06 java -Djava.util.logging.config.file=/usr/local/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat7/endorsed -classpath /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat7 -Dcatalina.home=/usr/local/tomcat7 -Djava.io.tmpdir=/usr/local/tomcat7/temp org.apache.catalina.startup.Bootstrap start
root        76     1  0 10:23 ?        00:00:00 grep --color=auto tomcat
--------------------------------------------------------------------------------------------
如上在本机制作了tomcat7的镜像,可以将这个镜像上传到别的机器上进行tomcat容器部署
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
tomcat7             latest              2ec9e2eb978a        39 minutes ago      562.3 MB

[root@localhost ~]# docker save tomcat7 > /opt/tomcat7.tar.gz
[root@localhost ~]# rsync -e "ssh -p22" -avpgolr /opt/tomcat7.tar.gz 192.168.1.17:/opt/

然后在192.168.1.17机器上部署tomcat容器
[root@linux-node2 ~]# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
tomcat7                      latest              2ec9e2eb978a        58 minutes ago      562.3 MB
[root@linux-node2 ~]# docker run -t -i -d --name=my_tomcat tomcat7 /bin/bash
8657fa536c4a6308801d96b585671a22d08795bd891b0b2b20d86b843cde0040
[root@linux-node2 ~]# docker attach my_tomcat
[root@8657fa536c4a /]# /usr/local/tomcat7/bin/startup.sh
Using CATALINA_BASE:   /usr/local/tomcat7
Using CATALINA_HOME:   /usr/local/tomcat7
Using CATALINA_TMPDIR: /usr/local/tomcat7/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar
Tomcat started.
--------------------------------------------------------------------------------------------

四、Mysql容器环境部署

[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos    latest              67591570dd29        3 months ago        191.8 MB

启动容器,进入容器内编译安装mysql
[root@localhost ~]# docker run -t -i docker.io/centos /bin/bash
[root@2ccd29e52286 /]#  rpm -qa | grep mysql       //确保没有自带安装mysql,有的话就卸载
[root@2ccd29e52286 /]#  yum -y install make gcc-c++ cmake bison-devel ncurses-devel
[root@2ccd29e52286 /]# groupadd mysql
[root@2ccd29e52286 /]# useradd -g mysql mysql -M -s /sbin/nologin
[root@2ccd29e52286 /]# cd /usr/local/src
[root@2ccd29e52286 src]# wget -c http://ftp.ntu.edu.tw/MySQL/Downloads/MySQL-5.6/mysql-5.6.34.tar.gz
[root@2ccd29e52286 src]# tar -zxvf mysql-5.6.34.tar.gz
[root@2ccd29e52286 src]# cd mysql-5.6.34/
[root@2ccd29e52286 mysql-5.6.34]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data/mysql/data -DSYSCONFDIR=/etc -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock -DMYSQL_TCP_PORT=3306 -DENABLED_LOCAL_INFILE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci
[root@2ccd29e52286 mysql-5.6.34]# make && make install

[root@2ccd29e52286 mysql-5.6.34]# mkdir -p /data/mysql/data
[root@2ccd29e52286 mysql-5.6.34]# chown -R mysql:mysql /usr/local/mysql
[root@2ccd29e52286 mysql-5.6.34]# chown -R mysql:mysql /data/mysql/data

初始化mysql
[root@2ccd29e52286 mysql-5.6.34]# cd /usr/local/mysql
[root@2ccd29e52286 mysql]# ./scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/data/mysql/data --user=mysql
-------------------------------------------------------------------------------------------
如果报错:FATAL ERROR: please install the following Perl modules before executing ./scripts/mysql_install_db: Data::Dumper

解决办法:
[root@2ccd29e52286 mysql]# yum install -y perl-Module-Install.noarch
------------------------------------------------------------------------------------------

启动mysql,并设置密码
[root@2ccd29e52286 mysql]# cp support-files/mysql.server /etc/init.d/mysql
[root@2ccd29e52286 mysql]# /etc/init.d/mysql start
[root@2ccd29e52286 mysql]# mysql -uroot
.....
修改root密码,执行命令如下
mysql> SET PASSWORD = PASSWORD('123456');

若要设置root用户可以远程访问,执行
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
使授权立即生效
mysql> FLUSH PRIVILEGES;

提交为新镜像
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
2ccd29e52286        docker.io/centos    "/bin/bash"         3 hours ago         Up 3 hours                              modest_bose
[root@localhost ~]# docker commit 2ccd29e52286 mysql
sha256:3b965b11e7a01b9422c8d82a8352c60c83545698309d9511b4df6371bcfcd6a1
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
mysql               latest              3b965b11e7a0        6 minutes ago       4.511 GB
docker.io/centos    latest              67591570dd29        3 months ago        191.8 MB

根据新提交的镜像,启动mysql容器
[root@localhost ~]# docker stop 2ccd29e52286
2ccd29e52286
[root@localhost ~]# docker rm 2ccd29e52286        //当然这个之前启动的容器也可以不删除,忽略就行。
2ccd29e52286

[root@localhost ~]# docker run -t -i -d --name=my_mysql -p 33061:3306 mysql /bin/bash
a02f56c3e7313733bcd58414d5dcd5501f8504352206ee321e9e2aeab15d6269

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
a02f56c3e731        mysql               "/bin/bash"         7 seconds ago       Up 6 seconds        0.0.0.0:33061->3306/tcp   my_mysql

启动容器的mysql服务方法(也可以在上面创建容器的时候直接启动,即将/bin/bash命令换成mysql启动命令):
1)直接在宿主机上通过docker exec命令启动
[root@localhost ~]# docker exec my_mysql /etc/init.d/mysql start        //如果启动后出现卡的情况,就ctrl+c,不影响启动结果
Starting MySQL SUCCESS!
2)登陆容器内启动
[root@localhost ~]# docker attach my_mysql
[root@a02f56c3e731 /]# /etc/init.d/mysql start
Starting MySQL SUCCESS!

查看容器启动的进程
[root@localhost ~]# docker top my_mysql
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                7340                28948               0                   14:21               pts/1               00:00:00            /bin/bash
root                8595                7340                0                   14:28               pts/1               00:00:00            /bin/sh /usr/local/mysql//bin/mysqld_safe --datadir=/data/mysql/data --pid-file=/data/mysql/data/mysql.pid
mysql               9376                8595                0                   14:28               pts/1               00:00:00            /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql/ --datadir=/data/mysql/data --plugin-dir=/usr/local/mysql//lib/plugin --user=mysql --log-error=/data/mysql/data/mysql-error.log --pid-file=/data/mysql/data/mysql.pid --socket=/usr/local/mysql/var/mysql.sock --port=3306

登陆容器查看
[root@a02f56c3e731 /]# netstat -tunlp         //首先yum安装net-tools
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      -   

在容器内的mysql里写入一些数据
[root@a02f56c3e731 /]# /usr/local/mysql/bin/mysql -p123456
Warning: Using a password on the command line interface can be insecure.
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)

[root@a02f56c3e731 /]# ln -s /usr/local/mysql/var/mysql.sock  /var/lib/mysql/mysql.sock
ln: failed to create symbolic link '/var/lib/mysql/mysql.sock': File exists
[root@a02f56c3e731 /]# rm -f /var/lib/mysql/mysql.sock
[root@a02f56c3e731 /]# ln -s /usr/local/mysql/var/mysql.sock  /var/lib/mysql/mysql.sock

[root@a02f56c3e731 /]# /usr/local/mysql/bin/mysql -p123456
.......
mysql> create database wangshibo;
Query OK, 1 row affected (0.00 sec)

mysql> use wangshibo;
Database changed
mysql> create table hehe(
    -> id int(3),
    -> name varchar(10)
    -> );
Query OK, 0 rows affected (0.03 sec)

mysql> insert into hehe values(1,"wanglei");
Query OK, 1 row affected (0.01 sec)

mysql> insert into hehe values(2,"zhaomin");
Query OK, 1 row affected (0.01 sec)

查看容器ip,可以登陆容器内ifconfig查看(首先要yum安装net-tools)
[root@a02f56c3e731 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 0.0.0.0
        inet6 fe80::42:acff:fe11:2  prefixlen 64  scopeid 0x20<link>
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 117  bytes 319373 (311.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 102  bytes 7042 (6.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

或者在宿主机使用docker inspect命令查看容器ip
[root@localhost ~]# docker inspect my_mysql|grep IPAddress
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",

在宿主机本地连接容器的mysql
[root@localhost ~]# mysql -u root -h 172.17.0.2 -p123456
ERROR 1130 (HY000): Host '172.17.0.1' is not allowed to connect to this MySQL server
出现错误的原因:
容器的网络ip是根据宿主机的虚拟桥接网卡docker0自动分配的,而docker0的ip默认是172.17.0.1.
容器的mysql内需要给这个ip授权。
[root@localhost ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
..........

登陆容器内的mysql,进行授权
[root@a02f56c3e731 /]# /usr/local/mysql/bin/mysql -p123456
.......
mysql> select host,user,password from mysql.user;
+--------------+------+-------------------------------------------+
| host         | user | password                                  |
+--------------+------+-------------------------------------------+
| localhost    | root | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2ccd29e52286 | root |                                           |
| 127.0.0.1    | root |                                           |
| ::1          | root |                                           |
| localhost    |      |                                           |
| 2ccd29e52286 |      |                                           |
+--------------+------+-------------------------------------------+
6 rows in set (0.00 sec)

mysql> grant all privileges on *.* to root@'%' identified by "123456";
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> select host,user,password from mysql.user;
+--------------+------+-------------------------------------------+
| host         | user | password                                  |
+--------------+------+-------------------------------------------+
| localhost    | root | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2ccd29e52286 | root |                                           |
| 127.0.0.1    | root |                                           |
| ::1          | root |                                           |
| localhost    |      |                                           |
| 2ccd29e52286 |      |                                           |
| %            | root | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+--------------+------+-------------------------------------------+
8 rows in set (0.00 sec)

再次在宿主机本机尝试连接容器的mysql,发现可以正常连接!
[root@localhost ~]# mysql -u root -h 172.17.0.2 -p123456
.......
MySQL [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
| wangshibo          |
+--------------------+
5 rows in set (0.01 sec)

MySQL [(none)]> select * from wangshibo.hehe;
+------+---------+
| id   | name    |
+------+---------+
|    1 | wanglei |
|    2 | zhaomin |
+------+---------+
2 rows in set (0.00 sec)

---------------------------------------------------------------------------------------------------
也可以再创建一个容器,使用--link进行容器链接。
这里需要特别注意一下"--link=my_mysql:mydb"(中间可以使用=,也可以空格隔开),这个参数是告诉容器需要使用my_mysql容器,并将其别名命名为mydb,这样在这两个容器里就可以使用mydb来作为提供mysql数据库服务的机器名。
[root@localhost ~]#  docker run --rm -it --name mymysql2 --link my_mysql:mydb docker.io/centos /bin/bash
[root@f1534ad473f4 /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2  mydb 33d784ee3121 my_mysql
172.17.0.4  f1534ad473f4

[root@f1534ad473f4 /]# mysql -u root -h mydb -p123456
......
MySQL [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
| wangshibo          |
+--------------------+
5 rows in set (0.00 sec)

MySQL [(none)]> select * from wangshibo.hehe;
+------+---------+
| id   | name    |
+------+---------+
|    1 | wanglei |
|    2 | zhaomin |
+------+---------+
2 rows in set (0.00 sec)

------------------------------------------------------------------------------------------------

在外部连接my_mysql容器内的mysql,就需要通过映射到宿主机的33061端口了(首先在宿主机的iptables里开放33061端口的访问)
[root@localhost ~]# vim /etc/sysconfig/iptables
......
-A INPUT -p tcp -m state --state NEW -m tcp --dport 33061 -j ACCEPT
[root@localhost ~]# systemctl restart iptables.service 

这样在远程,就可以使用宿主机的映射端口33061访问容器mysql (使用-P指定端口进行mysql的连接)
[root@huanqiu_web1 ~]# mysql -uroot -h103.10.86.23 -P33061 -p123456
.......
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
| wangshibo          |
+--------------------+
5 rows in set (0.00 sec)

mysql> select * from wangshibo.hehe;
+------+---------+
| id   | name    |
+------+---------+
|    1 | wanglei |
|    2 | zhaomin |
+------+---------+
2 rows in set (0.00 sec)

mysql>

----------------------------------------------------------------------------------------
上面容器内使用的是编译安装mysql,也可以yum安装:

[root@localhost ~]# docker run -t -i --privileged -i --name=wang docker.io/centos /sbin/init     //容器启动后,会一直在卡着的状态中,先不用管,打开另一个终端窗口执行下面命令登陆容器
[root@localhost ~]# docker exec -it wang /bin/bash
[root@e9efd323782a /]# yum install -y wget net-tools
[root@e9efd323782a /]# wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
[root@e9efd323782a /]# rpm -ivh mysql-community-release-el7-5.noarch.rpm
[root@e9efd323782a /]# yum install mysql-community-server
[root@e9efd323782a /]# systemctl start mysqld
[root@e9efd323782a /]# lsof -i:3306
COMMAND PID  USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
mysqld  453 mysql   10u  IPv6 32200473      0t0  TCP *:mysql (LISTEN)

其他应用容器的部署与上面操作类似~

上一篇:C# 设定时间内自动关闭提示框


下一篇:test--1