摘要: 摘要: 此Docker系列学习笔记,根据Reboot教育PC大神的运维自动化部分课程整理而成,补充少量个人理解以及练习日志(部分日志有删减)。 PC大神在知乎的专栏:面向工资编程 Docker简介(一) Docker简介(二) Docker管理系统(一) Docker管理系统(二) Docker管理系统(三) Docker原理-namespace和文件系统 Docker原理-徒手创建一个docker容器 Docker、etcd构建服务自发现体系 Docker生态系统:k8s、etcd等 etcd分布式一致性算法paxos、raft <!-- 正文 -->
Docker实战笔记
[TOC]
提纲
此Docker系列学习笔记,根据Reboot教育PC大神的运维自动化部分课程整理而成,补充少量个人理解以及练习日志(部分日志有删减)。
PC大神在知乎的专栏:面向工资编程
- Docker简介(一)
- Docker简介(二)
- Docker管理系统(一)
- Docker管理系统(二)
- Docker管理系统(三)
- Docker原理-namespace和文件系统
- Docker原理-徒手创建一个docker容器
- Docker、etcd构建服务自发现体系
- Docker生态系统:k8s、etcd等
- etcd分布式一致性算法paxos、raft
Docker简介(二)
盗梦空间
使用docker时,应时刻注意自己在哪儿,防止误操作。docker容器一般都是root全新,这个时候往往是宿主机、各容器相互交错,甚至有时候还有自己的笔记本远程登录维护的场景;一个不慎,就是生产事故。
解决办法:设置PS1变量,每个用户下颜色不一样,提示符不一样。同时加强用户权限的管理和落地,赋予运维人员岗位角色最小的权限,严格控制特殊权限如root的申请流程和双人复核制度;
参考bashrc
将以下代码保存为 bashrc
#!/bin/bash
#export DYLD_FALLBACK_LIBRARY_PATH="${HOME}/wine/wine-1.2/lib:/usr/X11/lib:/usr/
lib"
export TERM=xterm-color
export CLICOLOR=1
export LSCOLORS=ExFxCxDxBxegedabagacad
export EDITOR=vi
#export CDPATH=$CDPATH:/Users/auxten/Documents/Codes/
use_color=false
# Set colorful PS1 only on colorful terminals.
# dircolors --print-database uses its own built-in database
# instead of using /etc/DIR_COLORS. Try to use the external file
# first to take advantage of user additions. Use internal bash
# globbing instead of external grep binary.
safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM
match_lhs=""
[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
[[ -z ${match_lhs} ]] \
&& type -P dircolors >/dev/null \
&& match_lhs=$(dircolors --print-database)
[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
if ${use_color} ; then
# Enable colors for ls, etc. Prefer ~/.dir_colors #64489if type -P dircolors >/dev/null ; then
if [[ -f ~/.dir_colors ]] ; then
eval $(dircolors -b ~/.dir_colors)
elif [[ -f /etc/DIR_COLORS ]] ; then
eval$(dircolors -b /etc/DIR_COLORS)
fi
fi
if [[ ${EUID} == 0 ]] ; then
PS1='\[\033[01;31m\]\h\[\033[01;34m\] \w \$\[\033[00m\] 'else
PS1='\[\033[01;33m\]\u.\[\033[01;34m\]\[\033[01;32m\]\h\[\033[01;34m\] \
w \$\[\033[00m\] '#PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
fi
alias ls='ls -G'
alias grep='grep --colour=auto'elseif [[ ${EUID} == 0 ]] ; then
# show root@ when we don't have colors
PS1='\u@\h \W \$ 'else
PS1='\u@\h \w \$ '
fi
fi
# Try to keep environment pollution down, EPA loves us.
unset use_color safe_term match_lhs
设置命令
cp bashrc ~/.bashrc
. ~/.bashrc
赠与root
sudo cp ~/.bashrc /root/
sudo su -
效果展示
AnInputForce账号没有sudo权限,这里有一个课件截图:
基本操作
docker stop
停止docker容器。
建议不使用,直接使用docker rm -f 停止并删除容器:干净整洁不留垃圾;stop命令略慢,rm命令毫秒级别。以下是演示,
停止,清理容器
AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts
608ca094cbf836087a749f464e4e1175502cd0e0d184e174b99bfe59b4a18015
AnInputForce.teach ~ $ docker ps | grep kch
608ca094cbf8 centos "tail -f /etc/hosts" 28 seconds ago Up 26 seconds centos_kch
AnInputForce.teach ~ $ docker stop centos_kch
centos_kch
AnInputForce.teach ~ $ docker ps | grep kch
AnInputForce.teach ~ $ docker ps -a | grep kch
608ca094cbf8 centos "tail -f /etc/hosts" About a minute ago Exited (137) 16 seconds ago centos_kch
AnInputForce.teach ~ $ docker rm centos_kch
centos_kch
AnInputForce.teach ~ $ docker ps -a | grep kch
直接停止并删除容器
AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts
e916042b88f1fe5829d400188c7cb806d7075751a9142c5fb9935a81b7924f56
AnInputForce.teach ~ $ docker ps | grep kch
e916042b88f1 centos "tail -f /etc/hosts" 18 seconds ago Up 17 seconds centos_kch
AnInputForce.teach ~ $ docker rm -f centos_kch
centos_kch
AnInputForce.teach ~ $ docker ps | grep kch
AnInputForce.teach ~ $ docker ps -a | grep kch
AnInputForce.teach ~ $
docker exec 进入容器简化
我们经常要写这条命令,进入容器交互bash:
docker exec -it centos_kch bash
有网友写了个脚本简化这件事:帖子看这里,看3楼的回复。
#!/bin/bash -xe
# docker id might be given as a parameter
DID=$1
if [[ "$DID" == "" ]]; then
# if no id given simply just connect to the first running instance
DID=$(docker ps | grep -Eo "^[0-9a-z]{8,}\b")
fi
docker exec -i -t $DID bash
修订一下:如果不带参数,默认进入第一个运行的容器,但是过滤出来的是所有运行的容器。此处修订:
保存脚本为dgo
#!/bin/bash -xe
# docker id might be given as a parameter
DID=$1
if [[ "$DID" == "" ]]; then
# if no id given simply just connect to the first running instance
DID=$(docker ps | grep -Eo "^[0-9a-z]{8,}\b" | head -n 1)
fi
docker exec -i -t $DID bash
设置Setup
Put docker-ssh file in your $PATH with the following contents
有root权限的话,我们直接copy到bin目录
sudo cp dgo /usr/local/bin/
演示Usage
If you have one running instance simply run
- dgo
Otherwise provide it with a docker id parmeter that you get from docker ps (first col)
- dgo $docker-id,# dgo 3ccdb6bcf75a
- dgo $container-name,# dgo centos_kch
AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts
3ccdb6bcf75a197b4cfbeec3d6754d3d55630e11544f396e5cd942064dae220e
AnInputForce.teach ~ $ dgo centos_kch
+ DID=centos_kch
+ [[ centos_kch == '' ]]
+ docker exec -i -t centos_kch bash
[root@3ccdb6bcf75a /]#
脚本参数
- bash -xe
- -x 显示执行日志
- 把它执行的每条命令都打到console上,有助于让大家了解都执行的什么,有助于提醒这个脚本是个自定义命令;这是一个非常好的习惯;
- -e 执行完退出;
docker run -v -p
- -v 映射目录
- -p 映射端口
Tips:端口映射docker是用iptable实现的,CentOS7引入了firewalld,本质上比iptable好用一些,如果docker用到端口映射,firewalld服务就不能听。内网使用,可以一上来用firewalld把所有端口都打开,这样比较方便docker管理端口映射。
验证思路
筛选端口有没有占用,没有输出则可用
sudo netstat -nltp | grep 8084
将宿主机home目录的data文件夹映射到容器的/data目录,同时将宿主机的8084端口映射到宿主机的80端口
docker run --name"kch-centos" -v ~/data:/data -p 8084:80 -itd centos tail -f /etc/hosts
映射目录验证
AnInputForce.teach ~ $ docker run --name "kch-centos" -v ~/data:/data -p 8084:80 -itd centos tail -f /etc/hosts
9bae287a1df72f557a218044e58dc61c473b8d746f9f4e02c801cf58e014385f
AnInputForce.teach ~ $ ll
总用量 16
-rw-r--r-- 1 AnInputForce 231 11月 15 09:15 20161115.bashrc
drwxr-xr-x 2 root 4096 11月 15 19:42 data
drwxr-xr-x 6 root 4096 10月 16 10:41 open-falcon
-rwxr-xr-x 1 AnInputForce 377 10月 16 11:42 runof.sh
AnInputForce.teach ~ $ docker exec -it kch-centos /bin/bash
[root@9bae287a1df7 /]# ll | grep data
drwxr-xr-x 2 root root 4096 Nov 15 11:42 data
[root@9bae287a1df7 /]# echo xxxyyy > data/xxx
[root@9bae287a1df7 /]# exit
exit
AnInputForce.teach ~ $ cat data/xxx
xxxxyyy
AnInputForce.teach ~ $
端口映射验证
进入容器,启动一个python的SimpleHTTPServer,绑定80端口;
在浏览器中输入http://localhost:8084,成功访问;
演示使用的是教学机http://reboot.linrc.com:8084
AnInputForce.teach ~ $ docker exec -it kch-centos /bin/bash
[root@9bae287a1df7 /]# python -m SimpleHTTPServer 80
Serving HTTP on 0.0.0.0 port 80 ...
219.142.60.11 - - [15/Nov/2016 12:03:14] "GET / HTTP/1.1" 200 -
219.142.60.11 - - [15/Nov/2016 12:03:14] code 404, message File not found
219.142.60.11 - - [15/Nov/2016 12:03:14] "GET /favicon.ico HTTP/1.1" 404 -
docker inspect
$docker id | $docker name
docker inspect centos_kch
我们在使用docker过程中,如果碰上莫名其妙的问题,比如没写绝对路径时,不知道目录映射到哪儿了,就可以运行此命令,看"Mounts"属性;
docker 创建镜像
推荐用dockerfile来构建镜像,因为可以提交git版本控制:清楚展现了所经历的过程。不推荐在现有容器中yum安装配置后,再commit创建镜像。后者参考:Docker学习之路(六)用commit命令创建镜像
-
commit
-
docker commit -m "Added something" -a "Docker Newbee" centos centos:v2
-
docker rmi
-
-a 就是author,作者
-
-
dockerfile
-
FROM ubuntu:14.04 MAINTAINER Docker Newbee newbee@docker.com RUN apt-get -qq update RUN apt-get -qqy install ruby ruby-dev RUN gem install sinatra
-
科普:bash黑科技
- ctrl + u:#移到行尾,按快捷键暂存,当前命令行清空
- ctrl + y:# 恢复刚暂存的目录
- Ctrl + r:# 输入字符查找上一条命令
- sudo !! :执行上一条因权限不足而未能执行的命令
演示:徒手写Dockerfile
我们写个dockerfile,给镜像安装一个vim
查看centos有哪些版本:dockerhub
保存脚本为centos-vim/Dockerfile
FROM centos:7
MAINTAINER mdr<kang.cunhua@qq.com>
RUN yum install -y vim
AnInputForce.teach ~ $ mkdir experment
AnInputForce.teach ~ $ cd experment/
AnInputForce.teach ~/experment $ mkdir centos-vim
AnInputForce.teach ~/experment $ cd centos-vim/
AnInputForce.teach ~/experment $ vi Dockerfile
构建镜像 docker build centos-vim/
AnInputForce.teach ~/experment $ cd centos-vim/
AnInputForce.teach ~/experment/centos-vim $ ll
总用量 4
-rw-rw-r-- 1 root 7211月 1520:34 Dockerfile
AnInputForce.teach ~/experment/centos-vim $ cd ..
AnInputForce.teach ~/experment $ pwd
/home/AnInputForce/experment
AnInputForce.teach ~/experment $ ll
总用量 4
drwxrwxr-x 2 AnInputForce 4096 11月 15 20:36 centos-vim
AnInputForce.teach ~/experment $ docker build centos-vim/
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM centos:7
---> 0584b3d2cf6d
Step 2 : MAINTAINER mdr<kang.cunhua@qq.com>
---> Running in ec9eae8742d8
---> 9153702517b5
Removing intermediate container ec9eae8742d8
Step 3 : RUN yum install -y vim
---> Running in4e3ec7cee383
Loaded plugins: fastestmirror, ovl
......
Complete!
---> 5c72d36ad69e
Removing intermediate container 4e3ec7cee383
Successfully built 5c72d36ad69e
查看镜像
AnInputForce.teach ~/experment $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 5c72d36ad69e 2 minutes ago 361.1 MB
centos-vim latest 37e42772dafe 11 days ago 361.1 MB
centos 7 0584b3d2cf6d 12 days ago 196.5 MB
centos latest 0584b3d2cf6d 12 days ago 196.5 MB
给镜像美容
docker tag $dockerid $imagename #默认不写,tag是latest
docker tag $dockerid $image-name:$tag #也可以指定tag
默认
AnInputForce.teach ~ $ docker tag 5c72d36ad69e centos-vim
AnInputForce.teach ~ $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-vim latest 5c72d36ad69e 10 minutes ago 361.1 MB
写$tag
AnInputForce.teach ~ $ docker tag 5c72d36ad69e centos-vim:mdr
AnInputForce.teach ~ $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-vim latest 5c72d36ad69e 13 minutes ago 361.1 MB
centos-vim mdr 5c72d36ad69e 13 minutes ago 361.1 MB
<none> <none> 37e42772dafe 11 days ago 361.1 MB
注意
可以给一个镜像打多个tag,他们可以共存。
但是$image-name需全局唯一,如果你使用了已有的名字,原来叫这个名字的就会变成<none> <none> ,请注意上文日志中docker id为“37e42772dafe”的前后变化;
测试新镜像
docker rm -f kch-centos删除之前的容器,
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8084:80 -itd centos-vim tail -f /etc/hosts
7ce8203e0431a7571df28e51fe7bb2152093fa49ebb8495516342046af23e953
AnInputForce.teach ~ $ dgo mdr-centos
+ DID=mdr-centos
+ [[ mdr-centos == '' ]]
+ docker exec -i -t mdr-centos bash
[root@7ce8203e0431 /]# vim
可以看到,成功进入vim;
小练习:新增账号后打包镜像
基于centos镜像,加一个账号,然后build镜像,镜像名字自己起。同时安装SSH服务,这个后续有用。
Dockerfile参考
FROM centos:7
MAINTAINER mdr<kang.cunhua@qq.com>
RUN useradd mdr
RUN yum install -y openssh-server
构建演示
AnInputForce.teach ~ $ cd experment/
AnInputForce.teach ~/experment $ mkdir centos-dev
AnInputForce.teach ~/experment $ cd centos-dev/
AnInputForce.teach ~/experment/centos-dev $ vi Dockerfile
AnInputForce.teach ~/experment/centos-dev $ cd ..
AnInputForce.teach ~/experment $ docker build centos-dev/
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM centos:7
---> 0584b3d2cf6d
......
Complete!
---> 7677fcb139ca
Removing intermediate container 9bb12e1ee067
Successfully built 7677fcb139ca
AnInputForce.teach ~/experment $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 7677fcb139ca 44 seconds ago 307.8 MB
centos-vim latest 5c72d36ad69e 24 hours ago 361.1 MB
centos-vim mdr 5c72d36ad69e 24 hours ago 361.1 MB
AnInputForce.teach ~/experment $ docker tag 7677fcb139ca centos-dev:mdr
AnInputForce.teach ~/experment $ docker images | grep mdr
centos-dev mdr 7677fcb139ca 3 minutes ago 307.8 MB
centos-vim mdr 5c72d36ad69e 24 hours ago 361.1 MB
AnInputForce.teach ~/experment $
小技巧
在Dockerfile中设置用户密码
来自kongsys童鞋;
Run echo "yourpasswd666"|passwd kongsys --stdin
在构建镜像时指定标签
这样的话,就不用构建后在给镜像命名和打tag了--来自Roven童鞋;
docker build -t test-centos|centos7.2 centos-vim
如何拿Docker撘开发机
搭建开发机,让各位同学能自动登录。之前我们是通过Dockerfile构建的,此处演示我们用commit来构建。
不需要输密码,只要我在wheel组里
sudoedit /etc/sudoers编辑
找到
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
改为
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
演示日志
AnInputForce.teach ~ $ dgo mdr-centos
+ DID=mdr-centos
+ [[ mdr-centos == '' ]]
+ docker exec -i -t mdr-centos bash
[root@7ce8203e0431 /]# useradd mdr
[root@7ce8203e0431 /]# passwd mdr
Changing password for user mdr.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@7ce8203e0431 /]# yum install -y openssh-server
....
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7
openssh.x86_64 0:6.6.1p1-25.el7_2 tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
[root@7ce8203e0431 /]# usermod -aG wheel mdr
[root@7ce8203e0431 /]# yum install -y sudo
Loaded plugins: fastestmirror, ovl
......
Installed:
sudo.x86_64 0:1.8.6p7-17.el7_2
Complete!
[root@7ce8203e0431 /]# sudoedit /etc/sudoers
[root@7ce8203e0431 /]# exit
exit
AnInputForce.teach ~ $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7ce8203e0431 centos-vim "tail -f /etc/hosts" 24 hours ago Up 24 hours 0.0.0.0:8084->80/tcp mdr-centos
......
AnInputForce.teach ~ $ docker commit mdr-centos centos-dev:7
sha256:f331bbce086b75f00133b8fc3385f03d1bb3c5274e7c279e69ab06a2192f63ae
AnInputForce.teach ~ $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-dev 7 f331bbce086b 11 seconds ago 473.3 MB
centos-dev mdr 7677fcb139ca 44 minutes ago 307.8 MB
centos-vim latest 5c72d36ad69e 25 hours ago 361.1 MB
centos-vim mdr 5c72d36ad69e 25 hours ago 361.1 MB
......
AnInputForce.teach ~ $ docker rm -f mdr-centos
mdr-centos
AnInputForce.teach ~ $ docker run --name="mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 /usr/sbin/sshd -D
af94c0ffe40432112a4d5b7c38a2b66f2244b7baf941995c2e6b5ef95384ee76
AnInputForce.teach ~ $
登录开发机,报错
我们来尝试登录一下开发机,发现报错,docker logs $container-id查日志排错
ssh -P 8088 mdr@127.0.0.1
ssh: connect to host 8088 port 22: Invalid argument
AnInputForce.teach ~ $ docker logs mdr-centos
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
tips:ssh-keygen如何不输入-y,搜索关键词:ssh-kengen no interactive
回到简单模式,启动container
报错:/etc/hosts: no such file or directory
AnInputForce.teach ~ $ docker run --name="mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 "tail -f /etc/hosts"
2fafa8f4c7fd503cd62cb083ffa0135a2f20eff7d3d7e75b421fb61e2b13e358
docker: Error response from daemon: invalid header field value "oci runtime error: container_linux.go:247: starting container process caused \"exec: \\\"tail -f /etc/hosts\\\": stat tail -f /etc/hosts: no such file or directory\"\n".
原因 :command多加了引号
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 tail -f /etc/hosts
f47f6e673f49154c261355039da9f45bb50777106917752d17aee96a3135421c
再回到container安装ssh
同时,根据日志提示安装对应加密算法
Welcome to aliyun Elastic Compute Service!
-bash: /home/AnInputForce: 是一个目录
AnInputForce.teach ~ $ dgo mdr-centos
+ DID=mdr-centos
+ [[ mdr-centos == '' ]]
+ docker exec -i -t mdr-centos bash
[root@f47f6e673f49 /]# ssh-keygen
......
+--[ RSA 2048]----+
......
+-----------------+
[root@f47f6e673f49 /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
......
+--[ DSA 1024]----+
......
+-----------------+
[root@f47f6e673f49 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
......
+--[ RSA 2048]----+
......
+-----------------+
测试下:提示缺两种非对称加密算法
[root@f47f6e673f49 /]# /usr/sbin/sshd -D
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
继续安装非对称加密算法
[root@f47f6e673f49 /]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
+--[ECDSA 256]---+
......
+-----------------+
[root@f47f6e673f49 /]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
......
+--[ED25519 256--+
......
+-----------------+
SSH服务成功启动
[root@f47f6e673f49 /]# /usr/sbin/sshd -D
^C
[root@f47f6e673f49 /]#
提交打包镜像
[root@f47f6e673f49 /]# exit
exit
AnInputForce.teach ~ $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-dev 7 f331bbce086b 11 hours ago 473.3 MB
centos-dev mdr 7677fcb139ca 12 hours ago 307.8 MB
centos-vim latest 5c72d36ad69e 37 hours ago 361.1 MB
AnInputForce.teach ~ $ docker commit mdr-centos centos-dev:7
sha256:90fc2a3fa895faa4611731b442b7e17fcdfab2084cc488378a48d54a44e59490
AnInputForce.teach ~ $ docker commit mdr-centos centos-dev
sha256:a7d3dc16d111e7ab50fd0d8b2a5aabe8c5c4213ffdc8d7b4a2e32a7ba09f096c
AnInputForce.teach ~ $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-dev latest a7d3dc16d111 4 seconds ago 473.3 MB
centos-dev 7 90fc2a3fa895 19 seconds ago 473.3 MB
centos-dev mdr 7677fcb139ca 12 hours ago 307.8 MB
centos-vim latest 5c72d36ad69e 37 hours ago 361.1 MB
测试进入开发机
AnInputForce.teach ~ $ docker rm -f mdr-centos
mdr-centos
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 tail -f /usr/sbin/sshd -D
6d0bae922b6e380adb93ceea88b6ba230b3b578d93744e2dcc0d524080f95356
AnInputForce.teach ~ $ ssh -P 8088 mdr@reboot.linrc.com
ssh: connect to host 8088 port 22: Invalid argument
AnInputForce.teach ~ $ docker logs
"docker logs" requires exactly 1 argument(s).
See 'docker logs --help'.
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
AnInputForce.teach ~ $ docker logs mdr-centos
tail: invalid option -- 'D'
Try 'tail --help' for more information.
AnInputForce.teach ~ $ docker rm -f mdr-centos
mdr-centos
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev /usr/sbin/sshd -D
b996a0f5c858ea59dae380960274371ff45c2fba4ee2b307b9eea241e0ea6e2d
AnInputForce.teach ~ $ ssh -P 8088 mdr@reboot.linrc.com
ssh: connect to host 8088 port 22: Invalid argument
AnInputForce.teach ~ $ docker logs mdr-centos
AnInputForce.teach ~ $ ssh -p 8088 mdr@reboot.linrc.com
The authenticity of host '[reboot.linrc.com]:8088 ([59.110.12.72]:8088)' can't be established.
ECDSA key fingerprint is 2e:c3:ac:e6:86:99:98:65:c8:4b:44:67:f3:84:2e:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[reboot.linrc.com]:8088,[59.110.12.72]:8088' (ECDSA) to the list of known hosts.
mdr@reboot.linrc.com's password:
[mdr@b996a0f5c858 ~]$
成功进入。Tips:我们在使用docker时,碰上报错可以,使用docker logs $container-id 来查看日志。以上日志对应包含了对应排错过程,请参考。
让我们做得更好:免密码登录
我们在日常使用开发机的时候,不能每个容器都这儿操作一遍:加入id_rsa.pub 内容到.ssh/authorized_keys。能不能批量实现这个效果?可以的,用到了目录映射:^演示账号权限不足提示
思路
把自己目录下的id_rsa.pub内容加入/root/.ssh/authorized_keys
演示
AnInputForce.teach ~/.ssh $ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqCVUrRiiGCuK3lAa3kIrk1rSU0WuzpOZT9LctQE1m0TOrAGDC/C0USp6AOTQ90V+JdaRFC6hvjmI5AVrZIbnhHFbhlJpqPegnC7pZiMLFIt8Pcdi9aCZGAqvj6ALfMOsXRgM4H5vgwAKg1YAihnse4A2rLmS237UK43/Yk1E6fn/0wILzdy1gPjIuQbHbKUuJV/VAhP8655xRDLGjOj7rmfR0rm+qukyOrgfW4kCtuGSQfC0qykTHmS25pNnByWaS1tzxspgL0XWRcHIKCxzFSDgzdLgtIOvrlDR46pZFJ8lShQKaMhu/eDj4ZC4VN7QHulZNP/rjiWlB1pafkw5 AnInputForce@teach
[mdr@b996a0f5c858 log]$ sudo su -
teach ~ # vi .ssh/authorized_keys
让所有人都可以免密码登录
把宿主机的ssh目录映射到容器里,所有人都可以免密码登录了。只要用户能免密码登录宿主机,就能免密码登录容器;
docker rm -f mdr-centos
sudo docker run --name='mdr-centos' -v ~/data:/data -v /root/.ssh:/root/.ssh -p 8088:22 -itd centos-dev /usr/sbin/sshd -D
也可以把自己目录的映射到容器中。
Tips:风险--目录映射之后,在容器中修改对应目录或文件,也会同步到本地。需要特别注意。如果有童鞋知道如何映射本地目录到容器中为只读权限,麻烦您给我留言,我会更新本文。
Docker简介总结:我们做了什么
- 为什么是docker:秒级启动,化复杂安装配置为简洁
- docker基本概念:仓库、镜像、容器
- docker基本操作:ps、port、pull、images、run、stop、rm、exec、inspect、logs、commit
- 徒手写Dockerfile构建镜像
- 一个小练习:新增账号后,打包镜像
- 用Docker来搭建开发机:快速批量提供开发环境,让所有人免密登录
- https://my.oschina.net/hexie/blog/789705
相关推荐
读书笔记:spring cloud与Docker实战微服务
读书笔记:Spring Cloud 微服务与Docker实战
资源介绍:Docker最全实战笔记教程.zip 是一个包含了一系列关于Docker实战笔记教程的压缩文件,这些教程旨在帮助开发者全面了解和掌握Docker的相关技术和应用。该压缩文件包含了多个不同方面的教程,涵盖了Docker的...
docker 2022 最新脑图笔记
读书笔记:基于 maven + docker 的 springboot 项目部署实战
Docker是一个开源的引擎,可以轻松的为任何应用创建一个轻量级的、可移植的、自给自足的容器。开发者在笔记本上编译测试通过的容器可以批量地在生产环境中部署,包括VMs(虚拟机)、bare metal、OpenStack 集群和...
读书笔记:《Spring Cloud与Docker微服务架构实战》配套代码。讨论QQ群731548893
深入浅出Docker:从配置到实战,掌握容器化技术精髓 引言 在当今的软件开发领域,Docker作为一种革命性的容器化技术,已经成为了众多开发者和企业青睐的解决方案。它通过轻量级、可移植的容器,提供了一个一致性的...
docker学习笔记,内含html版与markdown版,两个版本类型的文件。里面概括性介绍了docker的使用方法,可跟着步骤实际操作。内容主要包括docker常用命令的使用方法,容器数据卷技术做持久化,dockerfile编写,docker...
2021最新版docker学习笔记+思维导图,从0到1手把手教你docker从理论到实战,里面包含大量的实战案例,全部都是笔者自己动手实践过的过程记录。
docker安装es7.13和kibana7.13详细笔记文档总结和相关包
Spark2.0+ElasticSearch开发用户画像实战笔记:(1) Spark2.0+ElasticSearch开发用户画像实战笔记:(2) 配套资源 ...
"Docker 安装 Nginx 1.15.9 详细笔记文档" 本文档详细记录了使用 Docker 安装 Nginx 1.15.9 的过程,包括镜像的上传、容器的创建和配置文件的设置。下面是对标题、描述、标签和部分内容的解释和知识点总结: 标题...
1.Docker介绍与体系结构.docx 2.Docker内部组件、虚拟机与容器区别.docx 3.Docker应用场景.docx 4.Linux安装Docker.docx 5.镜像与容器联系和存储驱动.docx 6.镜像管理常用命令.docx ...10.搭建LNMP网站平台实战.doc
本文将为您详细介绍Docker in Docker的原理和实战应用。 一、Docker in Docker原理 Docker in Docker是通过以下几个关键步骤实现的: 1. 初始化外部Docker守护进程 在容器内部初始化一个外部Docker守护进程。这可以...
docker安装rabbitmq3.8集群-3台-详细笔记文档-带安装包
从Docker到Kubernetes之技术实战,从Docker到Kubernetes案例,详细笔记。可以让初学者充分认识从Docker到Kubernetes魅力
第一本docker书学习笔记,缺少5.6.7章的详细笔记,不过这部分主要是实战,前几章是原理,记录的还是比较详细的,希望对大家学习docker有一些帮助。
Docker入门与实战详细笔记,全部命令及实例,详细的记录,方便查阅。优秀的格式,可作为手册供查阅。来自于Docker入门与实战一书的阅读笔记。
【第二代微服务电商项目实战笔记】主要涵盖了构建一个基于SpringBoot2.x和SpringCloud2.x的微服务架构电商项目的全过程。以下将详细介绍项目中的关键技术和实现方式。 **技术选型** 1. **SpringBoot2.x**: 作为...