docker工具之端口映射 容器互联 封装镜像 启动多个服务

1.端口映射

为什么要端口映射？在启动容器时，如果不配置宿主机器与虚拟机的端口映射，外部程序是无法访问虚拟机的，因为没有端口，所以需要进行端口映射。端口映射的两个关键词：端口映射有两个关键词-P -p 一个是大写一个是小写 通过run --help也可以看到大写的P是随机映射一个49000-49900的端口到内部容器开放的网络端口。小写的p可以指定要映射的端口，并且在一个指定端口上只可以绑定一个容器。

##过滤出所有容器的id[root@foundation52 docker]# pwd/tmp/docker[root@foundation52 docker]# docker ps -aq049e851d483840e24d2caceb64a0c831be4eef6698f919db##批量删除不使用的容器[root@foundation52 docker]# docker rm -f `docker ps -aq`049e851d483840e24d2caceb64a0c831be4eef6698f919db[root@foundation52 docker]# docker ps -aCONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMES## -p 指定映射端口[root@foundation52 docker]# docker run -d --name vm1 nginx -p 8080:80 nginxf1373ba2cfccc47e950577fcaa48271d99b482b7acad8e5e8794c6503dfe921d[root@foundation52 docker]# docker ps CONTAINER ID IMAGECOMMAND CREATED STATUS PORTS NAMES17e7cd21a165 nginx"nginx -g 'daemon ..." 55 seconds agoUp 54 seconds 0.0.0.0:8080->80/tcp vm1[root@foundation52 docker]# docker ps -aCONTAINER ID IMAGECOMMAND CREATED STATUS PORTS NAMES17e7cd21a165 nginx"nginx -g 'daemon ..." 59 seconds ago Up 58 seconds 0.0.0.0:8080->80/tcp vm135f367c5bcb7 nginx"-P 8080:80 nginx" About a minute a##查看DNAT[root@foundation52 docker]# iptables -t nat -nL

测试：

2.容器互联

在实际应用中往往需要多个容器交互，比如一个数据库容器来提供db服务，多个应用容器来部署应用，使用端口访问就会暴露端口，这样不太安全。故需要容器互联。在同一宿主机下，docker容器通过docker网桥进行连接，默认情况下，同一宿主机下的所有容器都可以连接。但是容器的ip可能随着容器重启而变化，所以docker提供了link选项提供可靠连接。

##根据ubuntu镜像启动一个名为vm2的容器并将其连接到vm1容器上的连接起一个别名nginx[root@foundation52 ~]# docker run -it --name vm2 --link vm1:nginx ubunturoot@3d5192959d1a:/# cat /etc/hosts 127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters172.17.0.2 nginx 466a27e29165 vm1172.17.0.3 3d5192959d1aroot@3d5192959d1a:/# ping nginxPING nginx (172.17.0.2) 56(84) bytes of data.64 bytes from nginx (172.17.0.2): icmp_seq=1 ttl=64 time=0.097 ms64 bytes from nginx (172.17.0.2): icmp_seq=2 ttl=64 time=0.134 ms^Z[1]+ Stopped ping nginx

[root@foundation52 netns]# docker history nginxIMAGECREATED CREATED BY SIZECOMMENTc82521676580 3 weeks ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daem... 0 B <missing> 3 weeks ago /bin/sh -c #(nop) STOPSIGNAL [SIGTERM] 0 B <missing> 3 weeks ago /bin/sh -c #(nop) EXPOSE 80/tcp0 B <missing> 3 weeks ago /bin/sh -c ln -sf /dev/stdout /var/log/ngi... 0 B <missing> 3 weeks ago /bin/sh -c set -x && apt-get update && a... 53.7 MB <missing> 3 weeks ago /bin/sh -c #(nop) ENV NJS_VERSION=1.15.2.... 0 B <missing> 3 weeks ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.15.... 0 B <missing> 4 weeks ago /bin/sh -c #(nop) LABEL maintainer=NGINX ... 0 B <missing> 4 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0 B <missing> 4 weeks ago /bin/sh -c #(nop) ADD file:919939fa0224727... 55.3 MB [root@foundation52 netns]# docker images rhtel7REPOSITORYTAG IMAGE ID CREATED SIZE

[root@foundation52 ~]# cd /tmp/docker/[root@foundation52 docker]# vim Dockerfile###########################1 FROM rhel7 #指定基础镜像2 ENV HOSTNAME server1 #设定容器主机名3 EXPOSE 80 #暴露容器端口号4 COPY dvd.repo /etc/yum.repos.d/dvd.repo #配置镜像yum源5 RUN rpmdb --rebuilddb && yum install -y httpd && yum clean all6 VOLUME ["/var/www/html"] #指定镜像存放位置7 CMD ["/usr/sbin/httpd","-D","FOREGROUND"] #镜像启动命令 默认CMD只能写一个##配置yum源[root@foundation52 docker]# vim dvd.repo###########################1 [dvd]2 name=dvd3 baseurl=http://172.25.52.250/source7.34 gpgcheck=0##使用当前目录的Dockerfile创建镜像,标签为rhel7:v1； -t 表示指定镜像的名字及标签[root@foundation52 docker]# docker build -t rhel7:v1 .## -v 表示映射[root@foundation52 docker]# docker run -d --name vm3 -v /tmp/docker/web:/var/www/html rhel7:v1a58deafc02fadd5e0d12aa9aa056f03a6cc829bde753393f84ecbce709d32668[root@foundation52 docker]# docker inspect vm3###########################"Gateway": "172.17.0.1","IPAddress": "172.17.0.4","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:04"

测试：

3.封装镜像（Dockerfile自启动shh服务）

[root@foundation52 docker]# pwd/tmp/docker[root@foundation52 docker]# mkdir ssh[root@foundation52 docker]# cp dvd.repo ssh/[root@foundation52 docker]# cd ssh/[root@foundation52 ssh]# vim Dockerfile########################1 FROM rhel72 ENV HOSTNAME server23 EXPOSE 224 COPY dvd.repo /etc/yum.repos.d/dvd.repo5 RUN rpmdb --rebuilddb && yum install -y openssh-server openssh-clients && yum clean all && ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" && ss h-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N "" && ssh-keygen -q - t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" && echo root:redhat | chpas swd6 CMD ["/usr/sbin/sshd","-D"]##使用当前目录的Dockerfile创建镜像,标签为rhel7:v2[root@foundation52 ssh]# docker build -t rhel7:v2 .

测试：##可以连接即可[root@foundation52 ssh]# ssh root@172.17.0.4root@172.17.0.4's password: Last login: Sun Aug 19 06:57:34 from 172.17.0.1-bash-4.2#

docker run 命令中 参数-d 与 -it 的区别：-d 表示打入后台 此时无法连接容器-it 表示交互式运行容器 此时可以连接容器

exec 与 attach 都可以连接（进入）容器

[root@foundation52 docker]# docker ps CONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMES[root@foundation52 docker]# docker ps -aCONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMES4ee630153d2a rhel7:v2 "/usr/sbin/sshd -D"38 hours ago Exited (0) 38 hours agovm4d94e8b5e672a rhel7"bash" 38 hours ago Exited (0) 38 hours agooptimistic_newtona58deafc02fa rhel7:v1 "/usr/sbin/httpd -..." 38 hours ago Exited (0) 38 hours agovm33d5192959d1a ubuntu "/bin/bash" 38 hours ago Exited (137) 38 hours ago vm2466a27e29165 nginx"nginx -g 'daemon ..." 38 hours ago Exited (0) 38 hours agovm1##批量删除容器[root@foundation52 docker]# docker rm -f `docker ps -aq`4ee630153d2ad94e8b5e672aa58deafc02fa3d5192959d1a466a27e29165[root@foundation52 docker]# docker ps -aCONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMES# -d 表示打入后台[root@foundation52 docker]# docker run -d --name vm1 nginxe8be831318c3a221c18247aa98ee8d0fcd05b9d8c8df665c3bbbb6486875c070[root@foundation52 docker]# docker ps CONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMESe8be831318c3 nginx"nginx -g 'daemon ..." 10 minutes agoUp 10 minutes 80/tcp vm1##此时无法进入容器； attach表示连接正在运行的容器[root@foundation52 docker]# docker container attach vm1^C[root@foundation52 docker]###并且此时vm1会被关闭[root@foundation52 kiosk]# docker ps CONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMES[root@foundation52 kiosk]# docker ps -aCONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMESe8be831318c3 nginx"nginx -g 'daemon ..." 35 minutes agoExited (0) 39 seconds ago vm1[root@foundation52 kiosk]# docker start vm1vm1## -it 表示交互式运行[root@foundation52 kiosk]# docker run -it --name vm3 nginx bashroot@d9a1c67ad761:/# [root@foundation52 kiosk]# ##此时vm3不会被关闭[root@foundation52 kiosk]# docker psCONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMESd9a1c67ad761 nginx"bash" 19 seconds agoUp 17 seconds 80/tcp vm3e8be831318c3 nginx"nginx -g 'daemon ..." 38 minutes agoUp 2 minutes 80/tcp vm1##并且可以进入容器 ctrl+p+q退出[root@foundation52 kiosk]# docker container attach vm3root@d9a1c67ad761:/# lsbin dev home lib64 mnt proc run srv tmp varboot etc lib media opt root sbin sys usrroot@d9a1c67ad761:/# [root@foundation52 kiosk]###用 exec 也可以进入容器 [root@foundation52 kiosk]# docker container exec -it vm2 bashroot@88998021aaa3:/# root@88998021aaa3:/# lsbin dev home lib64 mnt proc run srv tmp varboot etc lib media opt root sbin sys usrroot@88998021aaa3:/# [root@foundation52 kiosk]#

4.启动多个服务

[root@foundation52 docker]# pwd/tmp/docker[root@foundation52 docker]# vim dvd.repo###########################[dvd]name=dvdbaseurl=http://172.25.52.250/source7.3gpgcheck=0[docker]name=dockerbaseurl=http://172.25.254.250/pub/dockergpgcheck=0

[root@foundation52 docker]# lsDockerfile dvd.repo ssh supervisord.conf web[root@foundation52 docker]# docker cp dvd.repo vm1:/etc/yum.repos.d/

[root@foundation52 docker]# vim Dockerfile ###########################FROM rhel7EXPOSE 80 22COPY dvd.repo /etc/yum.repos.d/dvd.repoRUN rpmdb --rebuilddb && yum install -y httpd openssh-server openssh-clients supervisor && yum clean all && ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N "" && ssh-keygen -q -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" && echo root:redhat | chpasswdCOPY supervisord.conf /etc/supervisord.confCMD ["/usr/bin/supervisord"]

[root@foundation52 docker]# vim supervisord.conf###########################[supervisord]nodaemon=true[program:sshd]command=/usr/sbin/sshd -D[program:httpd]command=/usr/sbin/httpd

##执行脚本[root@foundation52 docker]# docker build -t rhel7:v3 .##挂载[root@foundation52 docker]# docker run -d --name vm1 -v /tmp/docker/web:/var/www/html rhel7:v31ca341850e16212140e3e6cc4a89e477622109b6505fca69a55bdbd2044e9f35[root@foundation52 docker]# docker ps CONTAINER ID IMAGECOMMAND CREATED STATUS PORTSNAMES1ca341850e16 rhel7:v3 "/usr/bin/supervisord" 13 seconds agoUp 12 seconds 22/tcp, 80/tcpvm1查看ip[root@foundation52 docker]# docker inspect vm1###########################"Gateway": "172.17.0.1","IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:02"

测试：

[root@foundation52 docker]# curl 172.17.0.2<h1></h1>##[root@foundation52 docker]# ssh -l root 172.17.0.2The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.ECDSA key fingerprint is cf:0c:f8:19:19:87:32:ee:75:a3:de:2b:64:3b:84:67.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.root@172.17.0.2's password: -bash-4.2#