docker基礎(chǔ)培訓(xùn)ppt

1、dockerdocker基礎(chǔ)培訓(xùn)基礎(chǔ)培訓(xùn)主講人：陳力日期：2014-8-10td rnc無線軟件部秘密了解了解dockerdocker docker is an open platform for developing, shipping, and running developing, shipping, and running applications. at its core, docker provides a way to run almost any application securely isolated in a container.app development&o

2、perationsapp development& operationsapp development& operationsapp development& operationsdocker建立一個app的開發(fā)和運維環(huán)境你需要考慮？快速建立n個這樣的app開發(fā)和運維環(huán)境你應(yīng)該考慮？ os version？ machine halt？ app version？ configuration？ dependency？ compile error？秘密了解了解dockerdocker why not vms？用戶需要的是高效運行環(huán)境而非os, guestos既浪費資源又難于管

3、理，輕量級的container更加靈活和快速。vs秘密了解了解dockerdockernamespaces：lxc所實現(xiàn)的隔離性主要是來自kernel的namespace, 其中pid, net, ipc, mnt, uts 等namespace將container的進程, 網(wǎng)絡(luò), 消息, 文件系統(tǒng)和hostname 隔離開cgroups：實現(xiàn)了對資源的配額和度量。unionfs：是一種支持將不同目錄掛載到同一個虛擬文件系統(tǒng)下(unite several directories into a single virtual filesystem)的文件系統(tǒng)lxc：linux container，

4、提供了一種操作系統(tǒng)級的虛擬化方法。借助于namespace的隔離機制和cgroup限額功能來管理containerdockerunion fslxc（linux containers）cgroupsnamespaceslinux kernel秘密了解了解dockerdockerdocker uses a client-server architecture. the docker client talks to the docker daemon, which does the heavy lifting of building, running, and distributing your

5、docker containers. both the docker client and the daemon can run on the same system, or you can connect a docker client to a remote docker daemon. the docker client and daemon communicate via sockets or through a restful api.秘密了解了解dockerdockerdocker images:a docker image is a read-only template. for

6、 example, an image could contain an ubuntu operating system with apache and your web application installed. images are used to create docker containers. docker registries:docker registries hold images. these are public or private stores from which you upload or download images. the public docker reg

7、istry is called docker hub.docker containers:each container is created from a docker image. a docker container holds everything that is needed for an application to runimageimageimageimageregistryimageimage秘密安裝安裝docker準(zhǔn)備一個ubuntu trusty 14.04 (lts) (64-bit)版本，如ubuntu-14.04.1-server-amd64.iso ubuntu t

8、rusty comes with a 3.13.0 linux kernel, and a docker.io package which installs docker 0.9.1 and all its prerequisites from ubuntus repository. 因此，你很容易得到docker的0.9.1版本，如下： 如果要獲取最新的docker版本，你需要location到docker repository，按如下方式執(zhí)行curl腳本即可：docker當(dāng)前最新版本為當(dāng)前最新版本為1.1.2秘密dockerizing applications: a hello world

9、docker rundocker run : : the combination runs containers.ubuntu:14.04ubuntu:14.04 : : this is the source of the container we ran. docker calls this an image. in this case we used an ubuntu 14.04 operating system image.【也可以直接寫ubuntu，這樣獲取的是ubuntu:latest image】/bin/echo hello world :/bin/echo hello wor

10、ld :told docker what command to run inside our new containerwhen our container was launched docker created a new ubuntu 14.04 environment and then executed the/bin/echo command inside it. we saw the result on the command:hello worldtwoflags:-tand-i.the -t flag assigns a pseudo-tty or terminal inside

11、 our new container and the -i flag allows us to make an interactive connection by grabbing the standard in (stdin) of the container./bin/bash/bin/bash.：this will launch a bash shell inside our container.hello worldan interactive container秘密dockerizing applications: a hello worldlets try running some

12、 commands inside our containera daemonized hello world-dflagtells docker to run the container and put it in the background, to daemonize it.1e5535038e28:this really long string is called a container id. it uniquely identifies a container so we can work with it.接下來，你可以使用更多的docker命令來操縱container, just

13、try them!dockerps：list containers;dockerlogs:fetch the logs of a container；dockerstop:stop a running container；等等秘密秘密refresher on dockerrefresher on docker 典型的linux啟動到運行需要兩個fs ：bootfs + rootfs 。 bootfs 主要包含 bootloader 和 kernel, bootloader主要是引導(dǎo)加載kernel, 當(dāng)boot成功后 kernel 被加載到內(nèi)存中后 bootfs就被umount了；rootfs

14、 (root file system) 包含的就是典型 linux 系統(tǒng)中的 /dev, /proc,/bin, /etc 等標(biāo)準(zhǔn)目錄和文件。 在docker中，對 rootfs先以readonly方式加載并檢查，接下來利用 union mount 將一個 readwrite 文件系統(tǒng)掛載在 readonly 的rootfs之上，并且允許再次將下層的 file system設(shè)定為readonly 并且向上疊加, 這樣一組readonly和一個writeable的結(jié)構(gòu)構(gòu)成一個container的運行目錄, 每一個被稱作一個layer。每一個對readonly層文件/目錄的修改都只會存在于上層的w

15、riteable層中。由于不存在競爭, 多個container可以共享readonly的layer。所以docker將readonly的層稱作 image - 對于container而言整個rootfs都是read-write的，但事實上所有的修改都寫入最上層的writeable層中, image不保存用戶狀態(tài)，可以用于模板、重建和復(fù)制。 從一個image啟動一個container時，docker會先加載其下層image直到base image，用戶的進程運行在writeable的layer中。所有image中的數(shù)據(jù)信息以及id、網(wǎng)絡(luò)和lxc管理的資源限制等具體container的配置，構(gòu)成一

16、個docker概念上的container。秘密使用docker：working with containers-pflag-pflag： tells docker to map any required network ports inside our container to our host. this lets us view our web application.training/training/webappwebapp： is a pre-built image weve created that contains a simple python flask web applic

17、ation.python app.pypython app.py： launches our web application.docker has exposed port 5000 (the default python flask port) on local docker host port（ from the range 49000 to 49900 ） 49155.running a web application in dockertips：如果是在虛擬機上使用docker，local docker host為虛擬機的ip地址秘密使用docker：working with cont

18、ainers示例：秘密使用docker：working with docker imageslisting images on the host: docker imagesgetting a new image： docker pull centosfinding images： docker search sinatra關(guān)于images的操作命令tips：目前為止，我們看到有兩種類型的images，不帶前綴的如ubuntu，稱為base或root images，由docker inc創(chuàng)建；帶前綴的如training/webapp，稱為user images由docker社區(qū)創(chuàng)建和維護，前綴

19、training表示創(chuàng)建該image的user。創(chuàng)建自己的imagespullrunoperationscommitpush秘密使用docker：docker container linking its useful to name containers that do specific functions in a way that makes it easier for you to remember them, for example naming a container with a web application in it web. it provides docker with

20、a reference point that allows it to refer to other containers, for example link container web to container db.給container取一個有意義的名字-linkname:alias：where name is the name of the container were linking to and alias is an alias for the link name. container linking秘密使用docker：docker container linking實際上， c

21、ontainer web link container db ，只是在web container內(nèi)部做了如下兩件事情：增加環(huán)境變量；更新/etc/hosts文件秘密使用docker：docker container linkingdocker0網(wǎng)橋eth0eth0eth0containercontainercontainerveth1veth2vethipipepipepipedocker 使用linux橋接來提供網(wǎng)絡(luò)連接到容器。containers可以通過icc parameter value of the docker daemon進行相互交流：缺省情況下，-icc=true allows

22、 containers to communicate with each other.-icc=false means containers are isolated from each other.秘密使用docker：managing data in containersdata volumes a data volume is a specially-designated directory within one or more containers that bypasses the union file system to provide several useful features for persistent or shared data:data volumes can be shared and reused between containers;changes to a data volume are made directly;changes to a data volume will not be included when you update