部署
先卸载原有版本
yum remove docker \docker-client \docker-client-latest \docker-common \docker-latest \docker-latest-logrotate \docker-logrotate \docker-engine
安装
yum install -y yum-utils #提供yum-config-manager 实用程序yum-config-manager \--add-repo \https://download.docker.com/linux/centos/docker-ce.repo#安装新版docker和containerdyum install docker-ce docker-ce-cli containerd.io#安装指定docker和containerd版本yum list docker-ce --showduplicates | sort -ryum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io #例如docker-ce-18.09.1
卸载
https://www.cnblogs.com/kingsonfu/p/11582495.html
命令
copy
正确的用法 COPY ./a.txt
错误的用法 COPY ../a.txt
1、从容器里面拷文件到宿主机?答:在宿主机里面执行以下命令docker cp 容器名:要拷贝的文件在容器里面的路径 要拷贝到宿主机的相应路径示例: 假设容器名为testtomcat,要从容器里面拷贝的文件路为:/usr/local/tomcat/webapps/test/js/test.js, 现在要将test.js从容器里面拷到宿主机的/opt路径下面,那么命令应该怎么写呢?答案:在宿主机上面执行命令docker cp testtomcat:/usr/local/tomcat/webapps/test/js/test.js /opt2、从宿主机拷文件到容器里面答:在宿主机里面执行如下命令docker cp 要拷贝的文件路径 容器名:要拷贝到容器里面对应的路径示例:假设容器名为testtomcat,现在要将宿主机/opt/test.js文件拷贝到容器里面的/usr/local/tomcat/webapps/test/js路径下面,那么命令该怎么写呢?答案:在宿主机上面执行如下命令docker cp /opt/test.js testtomcat:/usr/local/tomcat/webapps/test/js3、在这里在记录一个问题,怎么看容器名称?执行命令:docker ps,出现如图所示,其中NAMES就是容器名了。4、需要注意的是,不管容器有没有启动,拷贝命令都会生效。
login
登录到镜像仓库
docker login --username=user -p password harbor_url
基于nfs跨宿主机挂载
version: "3.2" #使用前提:3.2以上networks: #顶层网络键允许您指定要创建的网络backend: #定义的网络名ipam: #指定自定义IPAM配置。 这是一个具有多个属性的对象,每个属性都是可选的config: #config:具有零个或多个配置块的列表- subnet: 172.18.0.0/16#subnet: 表示网段的CIDR格式的子网,另外还有#ip_range: 从中分配容器IPs的IP范围#gateway: 主子网的IPv4或IPv6网关#aux_addresses:网络驱动程序使用的辅助IPv4或IPv6地址,作为从主机名到IP地址的映射services:oa.fanxxx.com:nginx-lb:image: nginx-lb:v2container_name: nginx-lbports:- "80" #设置的 network_mode(网络模式)为host,这里的80和443端口相当于宿主机的- "443"#command: /bin/bash -c "nginx"network_mode:host #与宿主机共享Network Namespaceenvironment:- TZ=Asia/Shanghaivolumes:- type: volumesource: nfs-wwwlogstarget: /data/wwwlogsvolume:noimage: nginx-php:v9container_name: oa.fanxxx.comports:- "9000"command: /bin/bash -c "nginx && php-fpm"networks:backend: #调用上面定义的网络ipv4_address: 172.18.0.3environment:- TZ=Asia/Shanghaivolumes:- type: volume #定义volumes类型,有volume、bind、tmpfs、npipesource: nfs-wwwlogs #挂载的源,主机上用于绑定挂载的路径或顶级volumes中定义的卷的名称 。不适用于tmpfs挂载。target: /data/wwwlogs #安装了卷的容器中的路径volume: #配置其他选项,如nocopynocopy: true #创建卷时禁用从容器复制数据- type: volume #第二个挂载项source: nfs-oa.fanxxx.com-projecttarget: /home/wwwroot/oa.fanxxx.comvolume:nocopy: truevolumes:nfs-wwwlogs: #定义卷名driver: local #Linux上的内置驱动程序driver_opts: #选项type: "nfs" # nfs逻辑卷o: "addr=172.16.36.49,rw,soft,nolock"#定义nfs服务端信息# NFS参数 soft 软挂载方式挂载,NFS请求超时则返回错误 hard硬加载则是一直请求到成功# NFS参数 nolock表示文件锁只对同一个主机上的应用有效,默认为lock对不同主机应用有效device: ":/data/wwwlogs" #nfs服务端提供挂载的目录nfs-oa.fanxxx.com-project:driver: localdriver_opts:type: "nfs"o: "addr=172.16.36.49,rw,soft,nolock"device: ":/home/wwwroot/oa.fanxxx.com"查看网络:[www@iZbp16lt03725esszbm7rqZ nginx_php]$ docker network lsNETWORK ID NAME DRIVER SCOPE1c73ddcf53f8 bridge bridge locald8a2c8f95bd7 host host local40b69529f0e0 none null local5fe313d8841b project_backend bridge local为什么网络的名字为project_backend ,不应该是backend吗?原因是我们的docker-compose.yml文件在project目录下
基于nfs的volume
docker service create -d \--name nfs-service \--mount 'type=volume,source=nfsvolume,target=/tmp/docker/test,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/data/nfs,volume-opt=o=addr=10.0.0.8' \test/nginx:1.13
version: "3.2"services:busybox1:image: test/nginx:1.13container_name: b1volumes:- type: volumesource: nfs-testtarget: /data/nfsvolume:nocopy: truevolumes:nfs-test:driver: localdriver_opts:type: "nfs"o: "addr=10.0.0.8,rw,soft,nolock"device: ":/tmp"
docker volume create --driver local --opt type=nfs --opt o=addr=10.0.0.8,rw --opt device=:/data/nfs volume-nfs
热重启docker
热重启命令
sudo kill -SIGHUP $(pidof dockerd)
支持热更新的配置
debug: it changes the daemon to debug mode when set to true.cluster-store: it reloads the discovery store with the new address.cluster-store-opts: it uses the new options to reload the discovery store.cluster-advertise: it modifies the address advertised after reloading.labels: it replaces the daemon labels with a new set of labels.live-restore: Enables keeping containers alive during daemon downtime.max-concurrent-downloads: it updates the max concurrent downloads for each pull.max-concurrent-uploads: it updates the max concurrent uploads for each push.default-runtime: it updates the runtime to be used if not is specified at container creation. It defaults to “default” which is the runtime shipped with the official docker packages.runtimes: it updates the list of available OCI runtimes that can be used to run containers.authorization-plugin: it specifies the authorization plugins to use.allow-nondistributable-artifacts: Replaces the set of registries to which the daemon will push nondistributable artifacts with a new set of registries.insecure-registries: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon’s configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon’s config.registry-mirrors: it replaces the daemon registry mirrors with a new set of registry mirrors. If some existing registry mirrors in daemon’s configuration are not in newly reloaded registry mirrors, these existing ones will be removed from daemon’s config.shutdown-timeout: it replaces the daemon’s existing configuration timeout with a new timeout for shutting down all containers.features: it explicitly enables or disables specific features.
更改docker数据目录
# 修改daemon.josn,增加"data-root": "/home/container/docker/"vim /etc/docker/daemon.josn{"registry-mirrors": ["https://a5ezgmcg.mirror.aliyuncs.com","http://f1361db2.m.daocloud.io","https://dockerhub.azk8s.cn","https://reg-mirror.qiniu.com"],"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"insecure-registries": ["10.1.130.100:9010"],"live-restore": true,"data-root": "/home/container/docker/"}# 重启dockersystemctl restart docker
如果仅仅是更改docker数据目录:
vim /etc/docker/daemon.josn
{
“data-root”: “/home/container/docker/“
}
查看未知docker容器跑的是啥
# 查看未知容器部署方式docker inspect 容器id # 查看详细信息,可以看到是使用docker-composer起的"com.docker.compose.container-number": "1","com.docker.compose.oneoff": "False","com.docker.compose.project": "apisvr","com.docker.compose.project.config_files": "/pgyvate/data/apisvr/docker-compose.yml","com.docker.compose.project.working_dir": "/pgyvate/data/apisvr","com.docker.compose.service": "pgyapisvr","com.docker.compose.version": "1.26.2",cat /pgyvate/data/apisvr/docker-compose.yml # 得知证书是通过变量传进去的,注意这里的证书是base64编码后的# 进入容器后,ps -ef 查看程序的启动命令[root@iZbp1e3t4tj14gcl5jntv0Z ~]# docker exec -it 728f9fb7a213 bashbash-5.0# ps -efPID USER TIME COMMAND1 root 0:00 {entrypoint-star} /bin/bash /sbin/entrypoint-start.sh32 root 0:01 /usr/local/bin/pgyapisvr -c /etc/pgyapisvr/config.ini50 root 0:00 /bin/sh56 root 0:00 bash61 root 0:00 ps -efbash-5.0# cat /etc/pgyapisvr/config.ini[server]identityhost = ""sslcert = "/usr/local/pgyapisvr/ssl.crt"sslkey = "/usr/local/pgyapisvr/ssl.key"bash-5.0# cat /usr/local/pgyapisvr/config.ini.dist # 这个文件?[server]identityhost = "{PAS_ADDRESS}"sslcert = "{HTTPS_CRT}" # 传进来的变量sslkey = "{HTTPS_KEY}"实际上config.ini.dist这个文件的内容是通过1号进程处理(/sbin/entrypoint-start.sh),最终配置写入 config.ini# 根据docker镜像,反推dockerfiledocker history --format {{.CreatedBy}} --no-trunc=true 镜像id |sed "s?/bin/sh\ -c\ \#(nop)\ ??g"|sed "s?/bin/sh\ -c?RUN?g" | tac参考https://blog.csdn.net/yuanshangshenghuo/article/details/106896963# docker-compose更新imagedocker-compose -f docker-compose.yaml stopdocker-compose -f docker-compose.yaml up -d --build
若有收获,就点个赞吧
0 人点赞
