1.Linux底层特性之chroot
思考:基于同一个镜像启动的两个容器,各自修改根目录结构为啥互不影响???
答:底层用到了chroot技术来实现资源隔离。
所谓的chroot就是改变根目录。各自容器识别宿主机的某个特定目录为根目录。
1.准备bash程序以及依赖文件
[root@elk91 ~]#chroot xixi
chroot: cannot change root directory to 'xixi': No such file or directory
[root@elk91 ~]#mkdir xixi
[root@elk91 ~]#mkdir xixi/bin
[root@elk91 ~]#cp /bin/bash xixi/bin
[root@elk91 ~]#ldd /bin/bash
linux-vdso.so.1 (0x00007fffbf983000)
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007ff2746ff000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff2744d6000)
/lib64/ld-linux-x86-64.so.2 (0x00007ff27489a000)
[root@elk91 ~]#mkdir xixi/{lib,lib64}
[root@elk91 ~]#mkdir xixi/lib/x86_64-linux-gnu
[root@elk91 ~]#cp /lib/x86_64-linux-gnu/{libtinfo.so.6,libc.so.6} xixi/lib/
[root@elk91 ~]#cp /lib64/ld-linux-x86-64.so.2 xixi/lib64/
[I have no name!@elk91 /]#ldd /usr/bin/ls
bash: ldd: command not found
[I have no name!@elk91 /]#exit
[root@elk91 ~]#ldd /usr/bin/ls
linux-vdso.so.1 (0x00007ffdbffa7000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f4dde429000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f4dde200000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f4dde169000)
/lib64/ld-linux-x86-64.so.2 (0x00007f4dde481000)
[root@elk91 ~]#cp /usr/bin/ls xixi/bin/
[root@elk91 ~]#cp /lib/x86_64-linux-gnu/{libselinux.so.1,libpcre2-8.so.0} xixi/lib/x86_64-linux-gnu/
2.测试验证
[root@elk91 ~]#chroot xixi
[I have no name!@elk91 /]#ls -l
total 16
drwxr-xr-x 2 0 0 4096 Apr 10 10:18 bin
drwxr-xr-x 3 0 0 4096 Apr 10 10:16 lib
drwxr-xr-x 2 0 0 4096 Apr 10 10:16 lib64
-rw-r--r-- 1 0 0 5 Apr 10 10:19 xixi.log
[I have no name!@elk91 /]#ls -l /
total 16
drwxr-xr-x 2 0 0 4096 Apr 10 10:18 bin
drwxr-xr-x 3 0 0 4096 Apr 10 10:16 lib
drwxr-xr-x 2 0 0 4096 Apr 10 10:16 lib64
-rw-r--r-- 1 0 0 5 Apr 10 10:19 xixi.log
[root@elk91 ~]#which touch
/usr/bin/touch
[root@elk91 ~]#ldd /usr/bin/touch
linux-vdso.so.1 (0x00007fffa61b8000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1d3a0b7000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1d3a300000)
[root@elk91 ~]#cp /lib/x86_64-linux-gnu/libc.so.6 xixi/lib/x86_64-linux-gnu/
[root@elk91 ~]#chroot xixi
[I have no name!@elk91 /]#touch a.txt
[I have no name!@elk91 /]#ls .
a.txt bin lib lib64 xixi.log
[I have no name!@elk91 /]#ls -l
total 16
-rw-r--r-- 1 0 0 0 Apr 10 10:34 a.txt
drwxr-xr-x 2 0 0 4096 Apr 10 10:31 bin
drwxr-xr-x 3 0 0 4096 Apr 10 10:16 lib
drwxr-xr-x 2 0 0 4096 Apr 10 10:16 lib64
-rw-r--r-- 1 0 0 5 Apr 10 10:19 xixi.log
[root@elk91 ~]#cp -r xixi haha
[root@elk91 ~]#chroot xixi
[I have no name!@elk91 /]#echo xixi>/xixi.log
[I have no name!@elk91 /]#exit
[root@elk91 ~]#chroot haha
[I have no name!@elk91 /]#echo haha >haha.log
[I have no name!@elk91 /]#exit
[root@elk91 ~]#docker run --name c1 -d registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
Unable to find image 'registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1' locally
v1: Pulling from yinzhengjie-k8s/apps
5758d4e389a3: Pull complete
51d66f629021: Pull complete
ff9c6add3f30: Pull complete
dcc43d9a97b4: Pull complete
5dcfac0f2f9c: Pull complete
2c6e86e57dfd: Pull complete
2dd61e30a21a: Pull complete
Digest: sha256:3bee216f250cfd2dbda1744d6849e27118845b8f4d55dda3ca3c6c1227cc2e5c
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
e9bdd169de501949c7dba31535c645abddba4ba77eac0753c6eeff0fc4222b0d
[root@elk91 ~]#docker run --name c2 -d registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
ab59acc94b4295f023d6a83418483c7eafb621b0af6e81dcc58ce6c1496a4d31
[root@elk91 ~]#docker exec -it c1 sh
/ # echo xixi > /xixi.log
/ # exit
[root@elk91 ~]#docker exec -it c2 sh
/ # echo haha > /haha.log
/ # exit
[root@elk91 ~]#docker exec -it c1 ls
bin media srv
dev mnt sys
docker-entrypoint.d opt tmp
docker-entrypoint.sh proc usr
etc root var
home run xixi.log
lib sbin
[root@elk91 ~]#docker exec -it c2 ls
bin lib sbin
dev media srv
docker-entrypoint.d mnt sys
docker-entrypoint.sh opt tmp
etc proc usr
haha.log root var
home run
[root@elk91 ~]#docker inspect -f "{{.GraphDriver.Data.MergedDir}}" c1
/var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/merged
[root@elk91 ~]#docker inspect -f "{{.GraphDriver.Data.MergedDir}}" c2
/var/lib/docker/overlay2/3d86a05d89e682cdaddb26aa4d779a53d786e4a05a15ca491537ae19c0138196/merged
[root@elk91 ~]#ll /var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/merged
total 96
drwxr-xr-x 1 root root 4096 Apr 10 18:22 ./
drwx--x--- 5 root root 4096 Apr 10 18:21 ../
-rwxr-xr-x 1 root root 0 Apr 10 18:21 .dockerenv*
drwxr-xr-x 2 root root 4096 Nov 12 2021 bin/
drwxr-xr-x 1 root root 4096 Apr 10 18:21 dev/
drwxr-xr-x 1 root root 4096 Nov 13 2021 docker-entrypoint.d/
-rwxrwxr-x 1 root root 1202 Nov 13 2021 docker-entrypoint.sh*
drwxr-xr-x 1 root root 4096 Apr 10 18:21 etc/
drwxr-xr-x 2 root root 4096 Nov 12 2021 home/
drwxr-xr-x 1 root root 4096 Nov 12 2021 lib/
drwxr-xr-x 5 root root 4096 Nov 12 2021 media/
drwxr-xr-x 2 root root 4096 Nov 12 2021 mnt/
drwxr-xr-x 2 root root 4096 Nov 12 2021 opt/
dr-xr-xr-x 2 root root 4096 Nov 12 2021 proc/
drwx------ 1 root root 4096 Apr 10 18:22 root/
drwxr-xr-x 1 root root 4096 Apr 10 18:21 run/
drwxr-xr-x 2 root root 4096 Nov 12 2021 sbin/
drwxr-xr-x 2 root root 4096 Nov 12 2021 srv/
drwxr-xr-x 2 root root 4096 Nov 12 2021 sys/
drwxrwxrwt 1 root root 4096 Nov 13 2021 tmp/
drwxr-xr-x 1 root root 4096 Nov 12 2021 usr/
drwxr-xr-x 1 root root 4096 Nov 12 2021 var/
-rw-r--r-- 1 root root 5 Apr 10 18:22 xixi.log
[root@elk91 ~]#ll /var/lib/docker/overlay2/3d86a05d89e682cdaddb26aa4d779a53d786e4a05a15ca491537ae19c0138196/merged
total 96
drwxr-xr-x 1 root root 4096 Apr 10 18:22 ./
drwx--x--- 5 root root 4096 Apr 10 18:21 ../
-rwxr-xr-x 1 root root 0 Apr 10 18:21 .dockerenv*
drwxr-xr-x 2 root root 4096 Nov 12 2021 bin/
drwxr-xr-x 1 root root 4096 Apr 10 18:21 dev/
drwxr-xr-x 1 root root 4096 Nov 13 2021 docker-entrypoint.d/
-rwxrwxr-x 1 root root 1202 Nov 13 2021 docker-entrypoint.sh*
drwxr-xr-x 1 root root 4096 Apr 10 18:21 etc/
-rw-r--r-- 1 root root 5 Apr 10 18:22 haha.log
drwxr-xr-x 2 root root 4096 Nov 12 2021 home/
drwxr-xr-x 1 root root 4096 Nov 12 2021 lib/
drwxr-xr-x 5 root root 4096 Nov 12 2021 media/
drwxr-xr-x 2 root root 4096 Nov 12 2021 mnt/
drwxr-xr-x 2 root root 4096 Nov 12 2021 opt/
dr-xr-xr-x 2 root root 4096 Nov 12 2021 proc/
drwx------ 1 root root 4096 Apr 10 18:22 root/
drwxr-xr-x 1 root root 4096 Apr 10 18:21 run/
drwxr-xr-x 2 root root 4096 Nov 12 2021 sbin/
drwxr-xr-x 2 root root 4096 Nov 12 2021 srv/
drwxr-xr-x 2 root root 4096 Nov 12 2021 sys/
drwxrwxrwt 1 root root 4096 Nov 13 2021 tmp/
drwxr-xr-x 1 root root 4096 Nov 12 2021 usr/
drwxr-xr-x 1 root root 4096 Nov 12 2021 var/
2.Linux底层特性之overlayFS
1.overlayFS概述
OverlayFS是一种堆叠文件系统,它依赖并建立在其它的文件系统之上(例如ext4fs和xfs等),并不直接参与磁盘空间结构的划分,仅仅将原来系统文件中的文件或者目录进行"合并一起",最后向用户展示"合并"的文件是在同一级的目录, 这就是联合挂载技术, 相对于AUFS (<1.12 早期使用的存储技术), OverlayFS速度更快,实现更简单。
Linux内核为Docker提供的OverlayFS驱动有两种:Overlay和Overlay2。而Overlay2是相对于Overlay的一种改进,在Inode利用率方面比Overlay更有效。
但是Overlay有环境需求:
(1)Docker版本17.06.02+;
(2)宿主机文件系统需要是EXT4或XFS格式;
OverlayFS实现方式:
OverlayFS通过三个目录:lower目录、upper目录、以及work目录实现。
lower:
一般对应的是只读数据。
upper:
可以进行读写操作的目录。
work:
目录为工作基础目录,挂载后会自动创建一个work子目录(实际测试手动卸载后该目录并不会被删除)
该目录主要是存储一些临时存放的结果或中间数据的工作目录。
值得注意的是,在使用过程中其内容用户不可见,最后联合挂载完成给用户呈现的统一视图称为merged目录。
OverlayFS结构分为三个层: LowerDir、Upperdir、MergedDir
LowerDir (只读)
只读的image layer,其实就是rootfs。
在使用Dockfile构建镜像的时候, Image Layer可以分很多层,所以对应的lowerdir会很多(源镜像)。
Lower 包括两个层:
(1)系统的init
1)容器在启动以后, 默认情况下lower层是不能够修改内容的, 但是用户有需求需要修改主机名与域名地址, 那么就需要添加init层中的文件(hostname, resolv.conf,hosts,mtab等文件), 用于解决此类问题;
2)修改的内容只对当前的容器生效, 而在docker commit提交为镜像时候,并不会将init层提交。
3)init文件存放的目录为/var/lib/docker/overlay2/<init_id>/diff
(2)容器的镜像层
不可修改的数据。
Upperdir (读写)
upperdir则是在lowerdir之上的一层, 为读写层。容器在启动的时候会创建, 所有对容器的修改, 都是在这层。比如容器启动写入的日志文件,或者是应用程序写入的临时文件。
MergedDir (展示)
merged目录是容器的挂载点,在用户视角能够看到的所有文件,都是从这层展示的。
2.1 overlayFS参考案例
1.创建工作目录
[root@elk91 ~]#mkdir -pv /oldboyedu2026/lower{0..2} /oldboyedu2026/{uppper,work,merged}
mkdir: created directory '/oldboyedu2026'
mkdir: created directory '/oldboyedu2026/lower0'
mkdir: created directory '/oldboyedu2026/lower1'
mkdir: created directory '/oldboyedu2026/lower2'
mkdir: created directory '/oldboyedu2026/uppper'
mkdir: created directory '/oldboyedu2026/work'
mkdir: created directory '/oldboyedu2026/merged'
[root@elk91 ~]#tree /oldboyedu2026/
/oldboyedu2026/
├── lower0
├── lower1
├── lower2
├── merged
├── uppper
└── work
2.挂载文件系统
[root@elk91 ~]#mount -t overlay overlay -o lowerdir=/oldboyedu2026/lower0:/oldboyedu2026/lower1:/oldboyedu2026/lower2,upperdir=/oldboyeduldboyedu2026/merged/
3.查看挂载信息
[root@elk91 ~]#df -h | grep oldboyedu2026
overlay 24G 15G 7.6G 67% /oldboyedu2026/merged
4.尝试在lower层写入准备初始数据
[root@elk91 ~]#ll /oldboyedu2026/ -R
/oldboyedu2026/:
total 32
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 22 root root 4096 Apr 10 18:45 ../
drwxr-xr-x 2 root root 4096 Apr 10 18:45 lower0/
drwxr-xr-x 2 root root 4096 Apr 10 18:45 lower1/
drwxr-xr-x 2 root root 4096 Apr 10 18:45 lower2/
drwxr-xr-x 1 root root 4096 Apr 10 18:45 merged/
drwxr-xr-x 2 root root 4096 Apr 10 18:45 uppper/
drwxr-xr-x 3 root root 4096 Apr 10 18:47 work/
/oldboyedu2026/lower0:
total 8
drwxr-xr-x 2 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
/oldboyedu2026/lower1:
total 8
drwxr-xr-x 2 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
/oldboyedu2026/lower2:
total 8
drwxr-xr-x 2 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
/oldboyedu2026/merged:
total 8
drwxr-xr-x 1 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
/oldboyedu2026/uppper:
total 8
drwxr-xr-x 2 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
/oldboyedu2026/work:
total 12
drwxr-xr-x 3 root root 4096 Apr 10 18:47 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
d--------- 2 root root 4096 Apr 10 18:47 work/
/oldboyedu2026/work/work:
total 8
d--------- 2 root root 4096 Apr 10 18:47 ./
drwxr-xr-x 3 root root 4096 Apr 10 18:47 ../
[root@elk91 ~]#cp /etc/hosts /oldboyedu2026/lower0/
[root@elk91 ~]#cp /etc/issue /oldboyedu2026/lower1/
[root@elk91 ~]#cp /etc/resolv.conf /oldboyedu2026/lower2/
[root@elk91 ~]#ll /oldboyedu2026/ -R
/oldboyedu2026/:
total 32
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 22 root root 4096 Apr 10 18:45 ../
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower0/
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower1/
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower2/
drwxr-xr-x 1 root root 4096 Apr 10 18:45 merged/
drwxr-xr-x 2 root root 4096 Apr 10 18:45 uppper/
drwxr-xr-x 3 root root 4096 Apr 10 18:47 work/
/oldboyedu2026/lower0:
total 12
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 221 Apr 10 18:52 hosts
/oldboyedu2026/lower1:
total 8
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 0 Apr 10 18:52 issue
/oldboyedu2026/lower2:
total 12
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 920 Apr 10 18:52 resolv.conf
5.尝试在upper层写入准备初始数据
[root@elk91 ~]#cp /etc/hostname /oldboyedu2026/uppper/
[root@elk91 ~]#ll /oldboyedu2026/ -R
/oldboyedu2026/:
total 32
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 22 root root 4096 Apr 10 18:45 ../
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower0/
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower1/
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower2/
drwxr-xr-x 1 root root 4096 Apr 10 18:53 merged/
drwxr-xr-x 2 root root 4096 Apr 10 18:53 uppper/
drwxr-xr-x 3 root root 4096 Apr 10 18:47 work/
/oldboyedu2026/lower0:
total 12
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 221 Apr 10 18:52 hosts
/oldboyedu2026/lower1:
total 8
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 0 Apr 10 18:52 issue
/oldboyedu2026/lower2:
total 12
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 920 Apr 10 18:52 resolv.conf
/oldboyedu2026/merged:
total 20
drwxr-xr-x 1 root root 4096 Apr 10 18:53 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 6 Apr 10 18:53 hostname
-rw-r--r-- 1 root root 221 Apr 10 18:52 hosts
-rw-r--r-- 1 root root 0 Apr 10 18:52 issue
-rw-r--r-- 1 root root 920 Apr 10 18:52 resolv.conf
/oldboyedu2026/uppper:
total 12
drwxr-xr-x 2 root root 4096 Apr 10 18:53 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 6 Apr 10 18:53 hostname
/oldboyedu2026/work:
total 12
drwxr-xr-x 3 root root 4096 Apr 10 18:47 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
d--------- 2 root root 4096 Apr 10 18:47 work/
/oldboyedu2026/work/work:
total 8
d--------- 2 root root 4096 Apr 10 18:47 ./
drwxr-xr-x 3 root root 4096 Apr 10 18:47 ../
6.尝试在merged目录写入数据,观察数据实际写入的应该是upper层
[root@elk91 ~]#cp /etc/fstab /oldboyedu2026/merged/
[root@elk91 ~]#ll /oldboyedu2026/ -R
/oldboyedu2026/:
total 32
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ./
drwxr-xr-x 22 root root 4096 Apr 10 18:45 ../
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower0/
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower1/
drwxr-xr-x 2 root root 4096 Apr 10 18:52 lower2/
drwxr-xr-x 1 root root 4096 Apr 10 18:56 merged/
drwxr-xr-x 2 root root 4096 Apr 10 18:56 uppper/
drwxr-xr-x 3 root root 4096 Apr 10 18:47 work/
/oldboyedu2026/lower0:
total 12
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 221 Apr 10 18:52 hosts
/oldboyedu2026/lower1:
total 8
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 0 Apr 10 18:52 issue
/oldboyedu2026/lower2:
total 12
drwxr-xr-x 2 root root 4096 Apr 10 18:52 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 920 Apr 10 18:52 resolv.conf
/oldboyedu2026/merged:
total 24
drwxr-xr-x 1 root root 4096 Apr 10 18:56 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 657 Apr 10 18:56 fstab
-rw-r--r-- 1 root root 6 Apr 10 18:53 hostname
-rw-r--r-- 1 root root 221 Apr 10 18:52 hosts
-rw-r--r-- 1 root root 0 Apr 10 18:52 issue
-rw-r--r-- 1 root root 920 Apr 10 18:52 resolv.conf
/oldboyedu2026/uppper:
total 16
drwxr-xr-x 2 root root 4096 Apr 10 18:56 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
-rw-r--r-- 1 root root 657 Apr 10 18:56 fstab
-rw-r--r-- 1 root root 6 Apr 10 18:53 hostname
/oldboyedu2026/work:
total 12
drwxr-xr-x 3 root root 4096 Apr 10 18:47 ./
drwxr-xr-x 8 root root 4096 Apr 10 18:45 ../
d--------- 2 root root 4096 Apr 10 18:47 work/
/oldboyedu2026/work/work:
total 8
d--------- 2 root root 4096 Apr 10 18:47 ./
drwxr-xr-x 3 root root 4096 Apr 10 18:47 ../
7.重新挂载,但不挂载upperdir层
[root@elk91 ~]#df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 1.7G 1.8M 1.7G 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 24G 15G 7.6G 67% /
tmpfs 8.4G 0 8.4G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 259M 1.6G 15% /boot
tmpfs 1.7G 4.0K 1.7G 1% /run/user/1000
overlay 24G 15G 7.6G 67% /var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/merged
overlay 24G 15G 7.6G 67% /var/lib/docker/overlay2/3d86a05d89e682cdaddb26aa4d779a53d786e4a05a15ca491537ae19c0138196/merged
overlay 24G 15G 7.6G 67% /oldboyedu2026/merged
[root@elk91 ~]#umount /oldboyedu2026/merged
[root@elk91 ~]#df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 1.7G 1.8M 1.7G 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 24G 15G 7.6G 67% /
tmpfs 8.4G 0 8.4G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 259M 1.6G 15% /boot
tmpfs 1.7G 4.0K 1.7G 1% /run/user/1000
overlay 24G 15G 7.6G 67% /var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/merged
overlay 24G 15G 7.6G 67% /var/lib/docker/overlay2/3d86a05d89e682cdaddb26aa4d779a53d786e4a05a15ca491537ae19c0138196/merged
[root@elk91 ~]#mount -t overlay overlay -o lowerdir=/oldboyedu2026/lower0:/oldboyedu2026/lower1:/oldboyedu2026/lower2,workdir=/oldboyedu2026/work /oldboyedu2026/merged/
[root@elk91 ~]#df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 1.7G 1.8M 1.7G 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 24G 15G 7.6G 67% /
tmpfs 8.4G 0 8.4G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 259M 1.6G 15% /boot
tmpfs 1.7G 4.0K 1.7G 1% /run/user/1000
overlay 24G 15G 7.6G 67% /var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/merged
overlay 24G 15G 7.6G 67% /var/lib/docker/overlay2/3d86a05d89e682cdaddb26aa4d779a53d786e4a05a15ca491537ae19c0138196/merged
overlay 24G 15G 7.6G 67% /oldboyedu2026/merged
8.再次尝试写入数据失败,因为没有写层(upper层)
[root@elk91 ~]#cp /etc/os-release /oldboyedu2026/merged/
cp: cannot create regular file '/oldboyedu2026/merged/os-release': Read-only file system
PS: OverlayFS 需要可写的upperdir才能写入。如果 upperdir被删除、损坏或空间不足,overlay可能会降级为只读模式
9.验证docker底层用到了overlay FS文件系统
[root@elk91 ~]#df | grep docker
overlay 24590672 15461628 7854576 67% /var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/merged
overlay 24590672 15461628 7854576 67% /var/lib/docker/overlay2/3d86a05d89e682cdaddb26aa4d779a53d786e4a05a15ca491537ae19c0138196/merged
[root@elk91 ~]#docker inspect c1 | grep "Dir"
"LowerDir": "/var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02-init/diff:/var/lib/docker/overlay2/ba7a862cf69c69d548e7aaeff5e9aea1740c40e56c085a5eb6e411b59be578ef/diff:/var/lib/docker/overlay2/daf64d0a137618ee22e71ee56389b3e734424fb90939b2ace1e8e1c07a8a614f/diff:/var/lib/docker/overlay2/79fdf9b80340a58262eaefc712617a82d2263c305bb1141269529c1375fc20d5/diff:/var/lib/docker/overlay2/d0c6c2c928260486d72d459eacd876edcb9374f6813367aaa2bd614a64ad2902/diff:/var/lib/docker/overlay2/864664a158d2c4e86273021a725fabdc5dc47975226615ce52e3774c02151251/diff:/var/lib/docker/overlay2/5919a7ea83da029eb61e57e9d36f3f48009822f8ae4b1acf8daba51894845d54/diff:/var/lib/docker/overlay2/fc43b00cf738f36414b356e59c7a3ad458422166aec89c0422401ff11f4781b1/diff",
"MergedDir": "/var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/merged",
"UpperDir": "/var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/diff",
"WorkDir": "/var/lib/docker/overlay2/be392af30ab8cf4da3da9f55ada49ded8c55a987d7008e00aa27cd3ec8897b02/work"
"WorkingDir": "",
3.Linux特性之cgroup
1.什么是cgroup
所谓的cgroup本质上是Linux用做资源限制,可以限制Linux的cpu,memory,disk,I/O。
2.docker底层基于system管理cgroup
[root@elk91 ~]#docker info | grep Cgroup
Cgroup Driver: systemd
Cgroup Version: 2
3.导入镜像
[root@elk91 ~]#docker image load -i oldboyedu-stress-tools.tar.gz
8d3ac3489996: Loading layer [==================================================>] 5.866MB/5.866MB
16894a77d668: Loading layer [==================================================>] 3.072kB/3.072kB
d810767fbc1c: Loading layer [==================================================>] 3.072kB/3.072kB
d4334895009e: Loading layer [==================================================>] 75.78kB/75.78kB
Loaded image: jasonyin2020/oldboyedu-linux-tools:v0.1
4.启动容器
[root@elk91 ~]#docker run -d --name stress --cpu-quota 30000 -m 209715200 jasonyin2020/oldboyedu-linux-tools:v0.1 tail -f /etc/hosts
2b8cc15f4332b264a66c0ca9fb5907e798627ce2f6037cde9a308c53b321094c
5.CPU压测
[root@elk91 ~]#docker exec -it stress sh
/usr/local/stress # stress --help
`stress' imposes certain types of compute stress on your system
Usage: stress [OPTION [ARG]] ...
-?, --help show this help statement
--version show version statement
-v, --verbose be verbose
-q, --quiet be quiet
-n, --dry-run show what would have been done
-t, --timeout N timeout after N seconds
--backoff N wait factor of N microseconds before work starts
-c, --cpu N spawn N workers spinning on sqrt()
-i, --io N spawn N workers spinning on sync()
-m, --vm N spawn N workers spinning on malloc()/free()
--vm-bytes B malloc B bytes per vm worker (default is 256MB)
--vm-stride B touch a byte every B bytes (default is 4096)
--vm-hang N sleep N secs before free (default none, 0 is inf)
--vm-keep redirty memory instead of freeing and reallocating
-d, --hdd N spawn N workers spinning on write()/unlink()
--hdd-bytes B write B bytes per hdd worker (default is 1GB)
Example: stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 10s (示例)
Note: Numbers may be suffixed with s,m,h,d,y (time) or B,K,M,G (size).
/usr/local/stress # stress -c 4 --verbose --timeout 10m
stress: info: [15] dispatching hogs: 4 cpu, 0 io, 0 vm, 0 hdd
stress: dbug: [15] using backoff sleep of 12000us
stress: dbug: [15] setting timeout to 600s
stress: dbug: [15] --> hogcpu worker 4 [16] forked
stress: dbug: [15] using backoff sleep of 9000us
stress: dbug: [15] setting timeout to 600s
stress: dbug: [15] --> hogcpu worker 3 [17] forked
stress: dbug: [15] using backoff sleep of 6000us
stress: dbug: [15] setting timeout to 600s
stress: dbug: [15] --> hogcpu worker 2 [18] forked
stress: dbug: [15] using backoff sleep of 3000us
stress: dbug: [15] setting timeout to 600s
stress: dbug: [15] --> hogcpu worker 1 [19] forked
参数 含义 典型用途
-c, --cpu N 产生 N 个进程,每个进程计算平方根(sqrt) 压满 CPU
-i, --io N 产生 N 个进程,每个进程调用 sync() 同步磁盘 模拟 I/O 同步压力
-m, --vm N 产生 N 个进程,反复 malloc()/free() 内存 测试内存分配压力
--vm-bytes B 每个 vm 进程分配 B 字节内存(默认 256MB) 控制内存占用大小
--vm-stride B 每隔 B 字节访问一次内存(默认 4096) 模拟内存访问模式
--vm-hang N 内存分配后睡眠 N 秒再释放(0 表示永不释放) 测试内存持有效果
--vm-keep 保持内存内容(重新脏化而不是重新分配) 模拟持续内存占用
-d, --hdd N 产生 N 个进程,反复 write()/unlink() 写临时文件 模拟磁盘写入压力
--hdd-bytes B 每个 hdd 进程写入 B 字节(默认 1GB) 控制写入数据量
-t, --timeout N 运行 N 秒后自动退出 限制测试时长
-v, --verbose 详细输出运行过程 调试/监控
[root@elk91 ~]# docker stats stress #不难发现,内存的使用率仅有200MB左右,尽管我的压测的结果是250M,很明显,达不到250MB的流量。
案例:对已经运行的容器做资源限制
1.实验环境
[root@elk91 ~]#docker run -d --name xixi registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
e6955a6e609cc92600009096a256ccc99a8337073a013f456cc7dd5825ca820d
[root@elk91 ~]#docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e6955a6e609c registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 7 seconds ago Up 6 seconds 80/tcp xixi
[root@elk91 ~]#docker stats xixi --no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
e6955a6e609c xixi 0.00% 2.922MiB / 16.69GiB 0.02% 946B / 0B 0B / 24.6kB 3
[root@elk91 ~]#free -h
total used free shared buff/cache available
Mem: 16Gi 1.5Gi 9.0Gi 1.0Mi 6.1Gi 14Gi
Swap: 2.0Gi 0B 2.0Gi
2.在不停止容器的情况下配置资源限制【配置0.5核心,50MiB内存】
[root@elk91 ~]#docker update --cpu-quota 50000 -m 52428800 --memory-swap 52428800 xixi
xixi
3.验证测试
[root@elk91 ~]#docker stats xixi --no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
e6955a6e609c xixi 0.00% 2.922MiB / 50MiB 5.84% 1.09kB / 0B 0B / 24.6kB 3
4.Linux特性之namespace技术
名称空间\描述 | |
|---|
mnt | 通过隔离文件系统挂载点对文件系统进行隔离 |
cgroup | cgroups是Linux内核的一个工具,用来做资源的限制的 |
pid | 每一个进程的PID都是在系统中是唯一的 |
ipc | 它隔离了IPC(进程间通信)如信号量、消息队列和共享内存 |
user | 隔离安全相关的标识符和属性,包括用户ID、用户组ID、root目录、key以及特殊权限 |
uts | 提供了主机名与域名的隔离 |
net | 提供了关于网络资源的隔离,包括网络设备、IPv4和IPv6协议栈、IP路由表、防火墙、套接字等 |
1.namespace概述
namespace是Linux用于隔离进程资源的,比如IPC,NET,MNT,PID,UTS,USER。
在"/proc"目录可以查看当前进程的名称空间:
[root@elk91 ~]#docker inspect -f {{.State.Pid}} `docker ps -aq`
46991
46849
46658
[root@elk91 ~]#ll /proc/46991/ns
total 0
dr-x--x--x 2 root root 0 Apr 10 19:35 ./
dr-xr-xr-x 9 root root 0 Apr 10 19:35 ../
lrwxrwxrwx 1 root root 0 Apr 10 19:38 cgroup -> 'cgroup:[4026532851]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 ipc -> 'ipc:[4026532793]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 mnt -> 'mnt:[4026532791]'
lrwxrwxrwx 1 root root 0 Apr 10 19:35 net -> 'net:[4026532795]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 pid -> 'pid:[4026532794]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 pid_for_children -> 'pid:[4026532794]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 time -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 time_for_children -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 user -> 'user:[4026531837]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 uts -> 'uts:[4026532792]'
[root@elk91 ~]#ll /proc/46849/ns
total 0
dr-x--x--x 2 root root 0 Apr 10 19:35 ./
dr-xr-xr-x 9 root root 0 Apr 10 19:35 ../
lrwxrwxrwx 1 root root 0 Apr 10 19:38 cgroup -> 'cgroup:[4026532788]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 ipc -> 'ipc:[4026532730]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 mnt -> 'mnt:[4026532728]'
lrwxrwxrwx 1 root root 0 Apr 10 19:35 net -> 'net:[4026532732]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 pid -> 'pid:[4026532731]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 pid_for_children -> 'pid:[4026532731]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 time -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 time_for_children -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 user -> 'user:[4026531837]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 uts -> 'uts:[4026532729]'
[root@elk91 ~]#ll /proc/46658/ns
total 0
dr-x--x--x 2 root root 0 Apr 10 19:26 ./
dr-xr-xr-x 9 root root 0 Apr 10 19:26 ../
lrwxrwxrwx 1 root root 0 Apr 10 19:38 cgroup -> 'cgroup:[4026532725]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 ipc -> 'ipc:[4026532663]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 mnt -> 'mnt:[4026532661]'
lrwxrwxrwx 1 root root 0 Apr 10 19:26 net -> 'net:[4026532665]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 pid -> 'pid:[4026532664]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 pid_for_children -> 'pid:[4026532664]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 time -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 time_for_children -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 user -> 'user:[4026531837]'
lrwxrwxrwx 1 root root 0 Apr 10 19:38 uts -> 'uts:[4026532662]'
2.验证docker多容器共享了net网络名称空间
[root@elk91 ~]#docker run -d --name c1 alpine:3.20.2 sleep 10d
b001e0e663422cc7d45bba25eb47f921c0513ef08087518ca4a5736f48cac75f
[root@elk91 ~]#docker run -d --name c2 --network container:c1 alpine:3.20.2 sleep 20d
7e242a21a7588033dc9ac6e4242260856c2750668fda6ad78c7cee538a65c2d0
[root@elk91 ~]#docker inspect -f '{{.State.Pid}}' c1
47301
[root@elk91 ~]#docker inspect -f '{{.State.Pid}}' c2
47389
[root@elk91 ~]#ll /proc/47301/ns/net
lrwxrwxrwx 1 root root 0 Apr 10 19:42 /proc/47301/ns/net -> 'net:[4026532858]'
[root@elk91 ~]#ll /proc/47389/ns/net
lrwxrwxrwx 1 root root 0 Apr 10 19:43 /proc/47389/ns/net -> 'net:[4026532858]'
[root@elk91 ~]#docker exec c1 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:05
inet addr:172.17.0.5 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:796 (796.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@elk91 ~]#docker exec c2 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:05
inet addr:172.17.0.5 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:796 (796.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@elk91 ~]#docker exec c1 ps -ef
PID USER TIME COMMAND
1 root 0:00 sleep 10d
11 root 0:00 ps -ef
[root@elk91 ~]#docker exec c2 ps -ef
PID USER TIME COMMAND
1 root 0:00 sleep 20d
12 root 0:00 ps -ef
Dockerfile制作镜像案例
1.什么是Dockerfile
Instruction(指令) | Description(描述) | 重要程度 |
|---|
ADD | Add local or remote files and directories.(添加本地或远程文件和目录) | ★★★★★★ |
ARG | Use build-time variables.(使用构建时变量) | ★★★ |
CMD | Specify default commands.(指定默认命令) | ★★★★★ |
COPY | Copy files and directories.(复制文件和目录) | ★★★★★ |
ENTYRPOINT | Specify default executable.(指定默认可执行文件) | ★★★★★ |
ENV | Set environment variables.(设置环境变量) | ★★★★★ |
EXPOSE | Describe which ports your application is listening on.(描述您的应用程序正在监听的端口) | ★★★★★ |
FROM | Create a new build stage from a base image.(从基础镜像创建新的构建阶段) | ★★★★★ |
HEALTHCHECK | Check a container's health on startup.(用于在容器启动时检查其运行状况) | ★★★ |
LABEL | Add metadata to an image.(标签为图像添加元数据) | ★★★★★ |
MAINTAINER | Specify the author of an image.(指定镜像的作者) | ★★★ |
ONBUILD | Specify instructions for when the image is used in a build.(指定在构建中使用镜像时的指令) | ★★ |
RUN | Execute build commands.(执行构建命令) | ★★★★★ |
SHELL | Set the default shell of an image.(设定镜像的默认shell) | ★ |
STOPSIGNAL | Specify the system call signal for exiting a container.(指定用于退出容器的系统调用信号) | ★ |
USER | Set user and group ID.(设置用户和组ID) | ★★ |
VOLUME | Create volume mounts.(创建卷挂载) | ★★★★★ |
WORKDIR | Change working directory.(更改工作目录) | ★★★★★ |
Dockerfile其实就是一种用来快速构建镜像的一种技术。
Dockerfile和镜像的关系就相当于制作菜的方法和一道已经做好的菜。
常见的Dockerfile指令如上表所示。
参考链接:
https://docs.docker.com/reference/dockerfile/
2.制作Dockerfile流程
- 基础流程
- A.先手动运行基础镜像,并手动部署服务测试记录相关的运行命令;
- B.将上一步记录的命令使用Dockerfile指令进行改写;
- C.优化Dockerfile指令;(可选)
3.基于Ubuntu制作镜像案例
3.1 手动制作镜像流程案例
1.准备镜像
[root@elk91 ~]#docker image load -i ubuntu.tar.gz
931b7ff0cb6f: Loading layer [==================================================>] 80.41MB/80.41MB
Loaded image: ubuntu:22.04
[root@elk91 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zabbix/zabbix-web-nginx-mysql alpine-7.2-latest 0b4a2f1a0e3c 13 months ago 261MB
zabbix/zabbix-server-mysql alpine-7.2-latest 8f6e0ed5ae14 13 months ago 101MB
zabbix/zabbix-java-gateway alpine-7.2-latest 02d4e5dda618 13 months ago 194MB
alpine 3.20.2 324bc02ae123 20 months ago 7.8MB
ubuntu 22.04 8a3cdc4d1ad3 21 months ago 77.9MB
mysql 8.0.36-oracle f5f171121fa3 2 years ago 603MB
registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps v1 f28fd43be4ad 2 years ago 23MB
jasonyin2020/oldboyedu-linux-tools v0.1 da6fdb7c9168 4 years ago 5.65MB
2.启动基础镜像
[root@elk91 ~]#docker run -it ubuntu:22.04 bash
root@54d7a40fb0a6:/# [root@elk91 ~]#
[root@elk91 ~]#
[root@elk91 ~]#docker run -it ubuntu:22.04 --network host bash
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled
[root@elk91 ~]#docker run -it --network host ubuntu:22.04 bash
root@elk91:/# apt update
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:3 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [62.6 kB]
Get:4 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [3889 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [6917 kB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [1311 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
....
[root@elk91 ~]#docker ps -ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
88fd9f62e72d ubuntu:22.04 "bash" 24 minutes ago Up 20 minutes clever_nightingale 131MB (virtual 209MB)
3.将容器提交为镜像
[root@elk91 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
88fd9f62e72d ubuntu:22.04 "bash" 22 minutes ago Up 17 minutes clever_nightingale
[root@elk91 ~]#docker container commit clever_nightingale xixi:v1
sha256:de65ee5d4e50f758f6c94334ea0dc55c370a887484ca82e54158647efa0ada3b
4.查看镜像
[root@elk91 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
xixi v1 de65ee5d4e50 About a minute ago 209MB
4.基于基础镜像启动
[root@elk91 ~]#docker run -d --name haha xixi:v1 nginx -g 'daemon off;'
ff69dd3471cc09fe84c8b8f82d927422f646712ba3ba621d6489397dc293798e
[root@elk91 ~]#docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ff69dd3471cc xixi:v1 "nginx -g 'daemon of…" 7 seconds ago Up 7 seconds
6.验证服务是否启动
[root@elk91 ~]#docker exec -it haha bash
root@ff69dd3471cc:/# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 13:56 ? 00:00:00 nginx: master process nginx -g daemon off;
www-data 8 1 0 13:56 ? 00:00:00 nginx: worker process
www-data 9 1 0 13:56 ? 00:00:00 nginx: worker process
root 10 0 0 13:57 pts/0 00:00:00 bash
root 19 10 0 13:57 pts/0 00:00:00 ps -ef
root@ff69dd3471cc:/# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 511 0.0.0.0:80 0.0.0.0:*
LISTEN 0 511 [::]:80 [::]:*
3.2基于Ubuntu部署nginx案例
1.创建工作目录
[root@elk91 ~]#mkdir -pv /lolo/dockerfile/ubt
mkdir: created directory '/lolo'
mkdir: created directory '/lolo/dockerfile'
mkdir: created directory '/lolo/dockerfile/ubt'
[root@elk91 ~]#cd /lo
lolo/ lost+found/
[root@elk91 ~]#cd /lo
lolo/ lost+found/
[root@elk91 ~]#cd /lolo/dockerfile/ubt/
[root@elk91 ubt]#mkdir 01-nginx
[root@elk91 ubt]#cd 01-nginx/
2.编写Dockerfile文件
[root@elk91 01-nginx]#vim Dockerfile
FROM ubuntu:22.04
MAINTAINER lolo
RUN apt update && apt -y install nginx
CMD ["nginx", "-g", "daemon off;"]
~
~
~
~
"Dockerfile" [New] 7L, 111B written
3.构建镜像
[root@elk91 01-nginx]#docker image build -t lolo-game:v0.1 .
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM ubuntu:22.04
---> 8a3cdc4d1ad3
Step 2/4 : MAINTAINER lolo
---> Running in aaee46669cec
Removing intermediate container aaee46669cec
---> 83d90943f08c
Step 3/4 : RUN apt update && apt -y install nginx
---> Running in ddcaf58efdfb
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
......
Setting up nginx (1.18.0-6ubuntu14.8) ...
Processing triggers for libc-bin (2.35-0ubuntu3.8) ...
Removing intermediate container ddcaf58efdfb
---> c873d0bdcf4d
Step 4/4 : CMD ["nginx", "-g", "daemon off;"]
---> Running in 2a24069aebc3
Removing intermediate container 2a24069aebc3
---> f5d44e84427b
Successfully built f5d44e84427b
Successfully tagged lolo-game:v0.1
4.基于构建好的镜像启动容器
[root@elk91 01-nginx]#docker run --name game -d -p 81:80 lolo-game:v0.1
87b49575b56a33ed8eac89a0e54acd66dde39621eef6d82bd1dd5e0d385c9d1b
[root@elk91 01-nginx]#docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
87b49575b56a lolo-game:v0.1 "nginx -g 'daemon of…" 6 seconds ago Up 5 seconds 0.0.0.0:81->80/tcp, :::81->80/tcp game
5.测试访问
如下图所示:
3.3单服务游戏镜像制作案例
3.3.1 docker cp拷贝游戏源码环境
1.准备测试镜像
[root@elk91 ~]#docker image load -i oldboyedu-games-v0.6.tar.gz
24f6c2496534: Loading layer [==================================================>] 288.1MB/288.1MB
df2c564d255b: Loading layer [==================================================>] 6.144kB/6.144kB
ce4dda5fa1c1: Loading layer [==================================================>] 7.168kB/7.168kB
1d0291efebc6: Loading layer [==================================================>] 70.73MB/70.73MB
Loaded image: jasonyin2020/oldboyedu-games:v0.6
[root@elk91 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
lolo-game v0.1 f5d44e84427b 34 minutes ago 209MB
xixi v1 de65ee5d4e50 56 minutes ago 209MB
zabbix/zabbix-web-nginx-mysql alpine-7.2-latest 0b4a2f1a0e3c 13 months ago 261MB
zabbix/zabbix-server-mysql alpine-7.2-latest 8f6e0ed5ae14 13 months ago 101MB
zabbix/zabbix-java-gateway alpine-7.2-latest 02d4e5dda618 13 months ago 194MB
alpine 3.20.2 324bc02ae123 20 months ago 7.8MB
ubuntu 22.04 8a3cdc4d1ad3 21 months ago 77.9MB
mysql 8.0.36-oracle f5f171121fa3 2 years ago 603MB
jasonyin2020/oldboyedu-games v0.6 b55cbfca1946 2 years ago 376MB
registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps v1 f28fd43be4ad 2 years ago 23MB
jasonyin2020/oldboyedu-linux-tools
2.运行测试游戏服务
[root@elk91 ~]#docker container run --restart unless-stopped -d -p 82:80 jasonyin2020/oldboyedu-games:v0.6
79a02560f66c3534f4da04f3047d783a80ae39e9345f6a7f208bfce7544c3b51
[root@elk91 ~]#docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
79a02560f66c jasonyin2020/oldboyedu-games:v0.6 "/docker-entrypoint.…" 7 seconds ago Up 6 seconds 0.0.0.0:82->80/tcp, :::82->80/tcp admiring_diffie
3..windows hosts文件添加解析记录
10.0.0.91 game01.oldboyedu.com
10.0.0.91 game02.oldboyedu.com
10.0.0.91 game03.oldboyedu.com
10.0.0.91 game04.oldboyedu.com
10.0.0.91 game05.oldboyedu.com
10.0.0.91 game06.oldboyedu.com
10.0.0.91 game07.oldboyedu.com
10.0.0.91 game08.oldboyedu.com
10.0.0.91 game09.oldboyedu.com
10.0.0.91 game10.oldboyedu.com
10.0.0.91 game11.oldboyedu.com
10.0.0.91 game12.oldboyedu.com
10.0.0.91 game13.oldboyedu.com
10.0.0.91 game14.oldboyedu.com
10.0.0.91 game15.oldboyedu.com
10.0.0.91 game16.oldboyedu.com
10.0.0.91 game17.oldboyedu.com
10.0.0.91 game18.oldboyedu.com
10.0.0.91 game19.oldboyedu.com
10.0.0.91 game20.oldboyedu.com
10.0.0.91 game21.oldboyedu.com
10.0.0.91 game22.oldboyedu.com
10.0.0.91 game23.oldboyedu.com
10.0.0.91 game24.oldboyedu.com
10.0.0.91 game25.oldboyedu.com
10.0.0.91 game26.oldboyedu.com
10.0.0.91 game27.oldboyedu.com
4.访问测试
game01.oldboyedu.com:82
