Docker已经上市很多年,不是什么新鲜事物了,很多企业或者开发同学以前也不多不少有所接触,但是有实操经验的人不多,本系列教程主要偏重实战,尽量讲干货,会根据本人理解去做阐述,具体官方概念可以查阅官方教程,本章目标如下:
因为我是Mac用户,所以这里VirturalBox和vagrant使用的是Mac版本,大家到官网各自下载对应的系统版本即可,强烈建议使用迅雷下载!
简单来说Docker是一款可以将应用程序与基础设施分离、代码及其所有依赖项打包,使应用程序能够从一个计算环境快速可靠地运行到另一个计算环境,达到快速交付、测试、部署的容器化技术。
使用Linux容器部署应用程序称为容器化。
我们可以反过来思考,不用Docker这些容器化技术会怎么样,会遇到什么问题和瓶颈。
想要发布一个应用到测试、生产环境使用,都会经历以下流程:
物理机时代
每个团队会需要申请一台物理机作为测试开发环境,进行一系列的环境搭建
通过上图可以看出直接使用物理机会存在一些问题虚拟化时代
在虚拟化技术出现之后,每个团队只需要申请一台虚拟机,多台虚拟机可以共享同一台物理机,大大降低了成本,一定程度上提升了资源利用率,当公司搞活动时系统需要扩展,只需要通过虚拟机镜像创建多个虚拟机即可,提升了系统扩展性和可用性
Hypervisor,又称虚拟机监视器(英语:virtual machine monitor,缩写为 VMM),是用来建立与执行虚拟机器的软件、固件或硬件。 被Hypervisor用来执行一个或多个虚拟机器的电脑称为主体机器(host machine),这些虚拟机器则称为客体机器(guest machine)。hypervisor提供虚拟的作业平台来执行客体操作系统(guest operating systems),负责管理其他客体操作系统的执行阶段;这些客体操作系统,共同分享虚拟化后的硬件资源。(引用自百度百科)从上图不难发现,主机机器会为每个客体机器(虚拟机)提前分配好资源,与物理机时代一样,实际上应用本身可能并不需要那么多物理资源,有一部分资源被操作系统所占用,大部分时候处于闲置状态,仍然存在一些问题如下:
容器化时代
Docker容器类似沙箱,每个容器之间相互独立、资源隔离、互不干扰,Docker容器化技术出现后,基本解决了上面提到的问题,Docker有以下优势:
Docker提供资源隔离机制,利用Linux内核的 namespace机制来做容器之间的隔离,通过内核的 cgroups 机制来做容器的资源限制(CPU、Memory、Disk等)。
但是直接在主体机器安装Docker,也会导致Docker容器直接依赖主体机器操作系统,没办法实现多租户隔离,后面章节会提到对应解决方案。
镜像是一个可执行包,包含运行应用程序所需的所有内容——代码、运行时、库、环境变量和配置文件。容器是通过运行镜像启动容器,是镜像的运行时实例。镜像实际上就是一个容器的模板,通过这个模板可以创建很多相同的容器。
通过Java去类比理解Docker的一些概念:
容器在Linux上本地运行,并与其他容器共享主机的内核。它运行一个独立的进程,不占用比其他任何可执行程序更多的内存,使其轻量级。
总的来说,容器不需要依赖操作系统,减少了很多系统资源开销,使得容器可以更关注应用的需求,而虚拟机可以为每个应用灵活提供不同的操作系统,避免了docker容器直接依赖主体机器操作系统,两者结合使用,可以让整个系统架构更加灵活,扩展性更强。虚拟机(VM) 运行一个成熟的“游客”操作系统,通过虚拟机监控程序对主机资源进行虚拟访问。通常,vm提供的资源比大多数应用程序所需的要多。
其实两款产品没有什么可比性,因为使用场景不同,这里列出来主要是避免一些童鞋误解。
Vagrant是一款管理虚拟机的工具,简化了虚拟机的搭建和管理工作,不需要再像以前一样,需要人工一个个去创建、启动、停止虚拟机,可以通过vagrant脚本同一时间轻松搭建和管理多个虚拟机节点。docker是一款用于快速交付、测试、部署的工具,简化了应用环境的搭建和管理工作。两者适用范围不同。一个容器就是一个包含了应用执行所依赖的数据(包括lib,配置文件等等),Docker可以通过同一个镜像文件快速在不同的环境(开发、测试、生产)搭建多个相同的容器。
Vagrant是用于管理虚拟机,Docker用于管理应用环境。
Docker引擎是一个客户端-服务器应用程序,主要组件如下:
Docker架构体系
Docker使用客户机-服务器架构。
Docker客户机与Docker守护进程进行对话,后者负责构建、运行和分发Docker容器。
Docker客户机和守护进程可以在同一系统上运行,也可以将Docker客户机连接到远程Docker守护进程。Docker客户机和守护进程通过UNIX套接字或网络接口使用REST API进行通信。
Docker镜像是由一系列层构成的。每一层代表镜像Dockerfile中的一条指令。除了最后一层之外,每一层都是只读的。Docker镜像分层最大的好处是共享资源,其他相同环境的软件镜像都共同去享用同一个环境镜像,而不需要每个软件镜像要去创建一个底层环境。
上图以Tomcat镜像为例子,对于用户而言,用户面向的是一个叠加后的文件系统,我们对Tomcat容器做任何操作都会记录在容器层,底层镜像文件不会受影响。Docker容器底层共享主机内核,只保留少量运行Image必须的组件,在容器启动时不需要启动内核空间,所以启动时比虚机较快,开销少,易迁移。上面章节也提到过,如果我们把Docker直接安装在主体机器,会导致Docker直接依赖了我们主体机器的操作系统,如果不同的团队共用一台物理机时,没办法做到每个团队或每个环境都独享自己的操作系统和相应的权限。 目前一般的部署模式有以下几种:
当虚拟机太多的时候,我们也没办法手动一个个去管理,因此这里用到Vagrant工具去管理虚拟机。
以Tomcat容器作为一个例子,这里虚拟机网络模式默认是bridge
方式,在实战部分也有详细步骤,应用部署图如下:
docker run -d --name evan-tomcat -p 9090:8080 tomcat 复制代码
通过命令查看得到,主体机器、客体机器、Tomcat容器IP地址(跟图片一致)如下:
192.168.100.4
192.168.100.9
172.17.0.3
尝试主体机器(MacOS)访问客体机器(Centos)
192:~ evan$ ping 192.168.100.9 PING 192.168.100.9 (192.168.100.9): 56 data bytes 64 bytes from 192.168.100.9: icmp_seq=0 ttl=64 time=0.481 ms 64 bytes from 192.168.100.9: icmp_seq=1 ttl=64 time=0.477 ms 64 bytes from 192.168.100.9: icmp_seq=2 ttl=64 time=0.447 ms 64 bytes from 192.168.100.9: icmp_seq=3 ttl=64 time=0.339 ms 64 bytes from 192.168.100.9: icmp_seq=4 ttl=64 time=0.400 ms 64 bytes from 192.168.100.9: icmp_seq=5 ttl=64 time=0.324 ms 复制代码
可以看到,主体机器是可以直接与客体机器进行通信,因为在同一个网段
尝试客体机器(Centos)访问Tomcat容器
[root@10 /]# ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.036 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.043 ms 64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.047 ms 64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.042 ms 复制代码
在虚拟机上可以直接与Tomcat容器进行通信
尝试主体机器(MacOS)通过客体机器(Centos)端口9090访问Tomcat容器
192:~ evan$ curl 192.168.100.9:9090 <!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Not found</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.50</h3></body></html>192:~ evan$ 复制代码
可以看到主体机器可以通过客体机器IP+端口方式访问容器,因此主体机器访问的并不是容器真实的端口,而是虚拟机上端口的映射。
1.创建一个centos7文件夹
mkdir centos7 复制代码
2.在当前文件夹初始化Vagrantfile
vagrant init centos7 复制代码
输出结果如下:
192:centos7 evan$ vagrant init centos7 A `Vagrantfile` has been placed in this directory. You are now ready to `vagrant up` your first virtual environment! Please read the comments in the Vagrantfile as well as documentation on `vagrantup.com` for more information on using Vagrant. 复制代码
3.进入Vagrantfile,更改配置如下:
# -*- mode: ruby -*- # vi: set ft=ruby : # All Vagrant configuration is done below. The "2" in Vagrant.configure # configures the configuration version (we support older styles for # backwards compatibility). Please don't change it unless you know what # you're doing. Vagrant.configure("2") do |config| # The most common configuration options are documented and commented below. # For a complete reference, please see the online documentation at # https://docs.vagrantup.com. # Every Vagrant development environment requires a box. You can search for # boxes at https://vagrantcloud.com/search. config.vm.box = "centos7" # Disable automatic box update checking. If you disable this, then # boxes will only be checked for updates when the user runs # `vagrant box outdated`. This is not recommended. # config.vm.box_check_update = false # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. In the example below, # accessing "localhost:8080" will access port 80 on the guest machine. # NOTE: This will enable public access to the opened port # config.vm.network "forwarded_port", guest: 80, host: 8080 # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine and only allow access # via 127.0.0.1 to disable public access # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" # Create a private network, which allows host-only access to the machine # using a specific IP. # config.vm.network "private_network", ip: "192.168.33.10" # Create a public network, which generally matched to bridged network. # Bridged networks make the machine appear as another physical device on # your network. config.vm.network "public_network" # Share an additional folder to the guest VM. The first argument is # the path on the host to the actual folder. The second argument is # the path on the guest to mount the folder. And the optional third # argument is a set of non-required options. # config.vm.synced_folder "../data", "/vagrant_data" # Provider-specific configuration so you can fine-tune various # backing providers for Vagrant. These expose provider-specific options. # Example for VirtualBox: # # config.vm.provider "virtualbox" do |vb| # # Display the VirtualBox GUI when booting the machine # vb.gui = true # # # Customize the amount of memory on the VM: # vb.memory = "1024" # end config.vm.provider "virtualbox" do |vb| vb.memory = "4000" vb.name= "evan-centos7" vb.cpus= 2 end # # View the documentation for the provider you are using for more # information on available options. # Enable provisioning with a shell script. Additional provisioners such as # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the # documentation for more information about their specific syntax and use. # config.vm.provision "shell", inline: <<-SHELL # apt-get update # apt-get install -y apache2 # SHELL end 复制代码
5.将下载的镜像文件保存到你系统的一个目录下,我本机的存放目录是:
/Users/evan/development/visualbox/virtualbox.box 复制代码
6.将centos7镜像文件添加到vagrant管理的镜像中,并将镜像命名为centos7
vagrant box add centos7 /Users/evan/development/visualbox/virtualbox.box 复制代码
添加成功输出结果如下:
192:visualbox evan$ vagrant box add centos7 /Users/evan/development/visualbox/virtualbox.box ==> box: Box file was not detected as metadata. Adding it directly... ==> box: Adding box 'centos7' (v0) for provider: box: Unpacking necessary files from: file:///Users/evan/development/visualbox/virtualbox.box ==> box: Successfully added box 'centos7' (v0) for 'virtualbox'! 复制代码
7.查看已添加的虚拟机镜像,可通过vagrant box list
192:visualbox evan$ vagrant box list centos7 (virtualbox, 0) 复制代码
可以看到,已经成功添加centos7
8.根据Vagrantfile文件启动创建虚拟机,去到刚才初始化Vagrantfile的文件夹,执行vagrant up
创建虚拟机,vagrant会自动根据我们在Vagrant配置好的参数来创建虚拟机,注意我们上面添加的虚拟机名字centos7
要与配置文件中的config.vm.box = "centos7"
一致。(执行过程中,Virtualbox应用不需要打开)
192:centos7 evan$ vagrant up Bringing machine 'default' up with 'virtualbox' provider... ==> default: Clearing any previously set forwarded ports... ==> default: Clearing any previously set network interfaces... ==> default: Available bridged network interfaces: 1) en0: Wi-Fi (Wireless) 2) en5: USB Ethernet(?) 3) p2p0 4) awdl0 5) llw0 6) en7: USB 10/100/1000 LAN 7) en1: Thunderbolt 1 8) en2: Thunderbolt 2 9) en3: Thunderbolt 3 10) en4: Thunderbolt 4 11) bridge0 ==> default: When choosing an interface, it is usually the one that is ==> default: being used to connect to the internet. default: Which interface should the network bridge to? 1 ==> default: Preparing network interfaces based on configuration... default: Adapter 1: nat default: Adapter 2: bridged ==> default: Forwarding ports... default: 22 (guest) => 2222 (host) (adapter 1) ==> default: Running 'pre-boot' VM customizations... ==> default: Booting VM... ==> default: Waiting for machine to boot. This may take a few minutes... default: SSH address: 127.0.0.1:2222 default: SSH username: vagrant default: SSH auth method: private key default: default: Vagrant insecure key detected. Vagrant will automatically replace default: this with a newly generated keypair for better security. default: default: Inserting generated public key within guest... default: Removing insecure key from the guest if it's present... default: Key inserted! Disconnecting and reconnecting using new SSH key... ==> default: Machine booted and ready! ==> default: Checking for guest additions in VM... default: No guest additions were detected on the base box for this VM! Guest default: additions are required for forwarded ports, shared folders, host only default: networking, and more. If SSH fails on this machine, please install default: the guest additions and repackage the box to continue. default: default: This is not an error message; everything may continue to work properly, default: in which case you may ignore this message. ==> default: Configuring and enabling network interfaces... ==> default: Rsyncing folder: /Users/evan/development/centos7/ => /vagrant 复制代码
执行完毕,可以打开Visualbox查看是否已经多了一个centos7虚拟机
安装Docker之前,需要进入刚才安装好的Centos7操作系统,因此需要先设置下SSH配置,这里使用的是账号密码登陆
1.使用vagrant ssh
命令进入虚拟机
192:centos7 evan$ vagrant ssh -bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory [vagrant@10 ~]$ ls 复制代码
2.执行sudo -i
命令切换到root用户,然后进入通过vi /etc/ssh/sshd_config
命令修改SSH安全认证配置
[vagrant@10 ~]$ sudo -i [root@10 ~]# vi /etc/ssh/sshd_config 复制代码
3.修改SSH安全认证如下
PasswordAuthentication yes 复制代码
4.修改完成,退出sshd_config后,更换SSH登陆密码,我这里使用的密码是evan123
[root@10 ~]# passwd Changing password for user root. New password: BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic Retype new password: passwd: all authentication tokens updated successfully. 复制代码
5.重启SSH服务,使配置生效
[root@10 ~]# systemctl restart sshd 复制代码
6.测试SSH连接
查看当前Centos系统ip,通过ip add
命令进行查看
[root@10 /]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:8a:fe:e6 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic eth0 valid_lft 74572sec preferred_lft 74572sec inet6 fe80::5054:ff:fe8a:fee6/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:ba:0a:28 brd ff:ff:ff:ff:ff:ff inet 192.168.100.9/24 brd 192.168.100.255 scope global noprefixroute dynamic eth1 valid_lft 160972sec preferred_lft 160972sec inet6 fe80::a00:27ff:feba:a28/64 scope link valid_lft forever preferred_lft forever 复制代码
可以看到,当前外网ip是192.168.100.9
退出虚拟机,回到主体机器,测试是否可以连接上虚拟机上的Centos系统
192:~ evan$ ssh root@192.168.100.9 The authenticity of host '192.168.100.9 (192.168.100.9)' can't be established. ECDSA key fingerprint is SHA256:1yutVoFjWAa0o2vCNP+kOxS/rITjxhqTV/48XsTNKGo. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.100.9' (ECDSA) to the list of known hosts. root@192.168.100.9's password: Last login: Mon Jan 27 12:19:55 2020 from 127.0.0.1 -bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory [root@10 ~]# 复制代码
此时已经成功连接上,下一步开始Docker安装
1.执行以下命令清理之前已安装的Docker文件,如果之前曾经安装过
sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine 复制代码
因为这个系统是新安装,之前没有Docker相关文件,执行结果如下:
[root@10 /]# sudo yum remove docker \ > docker-client \ > docker-client-latest \ > docker-common \ > docker-latest \ > docker-latest-logrotate \ > docker-logrotate \ > docker-engine Failed to set locale, defaulting to C Loaded plugins: fastestmirror No Match for argument: docker No Match for argument: docker-client No Match for argument: docker-client-latest No Match for argument: docker-common No Match for argument: docker-latest No Match for argument: docker-latest-logrotate No Match for argument: docker-logrotate No Match for argument: docker-engine No Packages marked for removal 复制代码
2.输入以下命令安装环境必要依赖
sudo yum install -y yum-utils \ device-mapper-persistent-data \ lvm2 复制代码
3.通过以下命令配置阿*云镜像加速器,否则下载镜像会比较慢,这里镜像加速器做了脱敏处理,大家可以自己去申请一个
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://***.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker 复制代码
怎么获取镜像加速器地址,可以查看我另一篇文章 使用Docker安装Oracle
4.设置Docker仓库,Docker默认仓库hub.docker.com
sudo yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo 复制代码
5.安装Docker
sudo yum install -y docker-ce docker-ce-cli containerd.io 复制代码
6.启动Docker服务
sudo systemctl start docker 复制代码
7.通过Docker仓库自带镜像,测试Docker是否已经安装成功
[root@10 /]# sudo docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 1b930d010525: Pull complete Digest: sha256:9572f7cdcee8591948c2963463447a53466950b3fc15a247fcad1917ca215a2f Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ 复制代码
Docker会自动下载镜像,如果在本地查找不到
1.从远方仓库拉去Tomcat镜像,这里不带版本号默认拉取最新版本
docker pull tomcat 复制代码
2.启动Tomcat容器,指定容器命名为evan-tomcat,并且配置容器端口9090映射到内置mysql 3306端口
docker run -d --name evan-tomcat -p 9090:8080 tomcat 复制代码
1.从远方仓库拉去Tomcat镜像,这里不带版本号默认拉取最新版本
docker pull mysql 复制代码
2.启动MySQL容器,并改名为evan-mysql,配置容器端口 3301映射到3306端口,并设置密码为evan123
docker run -d --name evan-mysql -p 3301:3306 -e MYSQL_ROOT_PASSWORD=evan123 --privileged mysql 复制代码
1.通过以下Docker指令可以查看上面我们安装和启动的容器是否正常运行:
[root@10 /]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 358207fa8d8b tomcat "catalina.sh run" 3 minutes ago Up 3 minutes 0.0.0.0:9090->8080/tcp evan-tomcat b58999f0524f mysql "docker-entrypoint.s…" 5 minutes ago Up 5 minutes 33060/tcp, 0.0.0.0:3301->3306/tcp evan-mysql [root@10 /]# 复制代码
2.我们可以通过上面的容器ID去进入到容器内部,这里以Tomcat为例子:
[root@10 /]# docker exec -it 358207fa8d8b /bin/bash root@358207fa8d8b:/usr/local/tomcat# ls BUILDING.txt LICENSE README.md RUNNING.txt conf lib native-jni-lib webapps work CONTRIBUTING.md NOTICE RELEASE-NOTES bin include logs temp webapps.dist root@358207fa8d8b:/usr/local/tomcat# 复制代码
这样我们本章所有环境SETUP已经顺利完成,后面的章节将会更深入介绍容器的原理、集群部署、管理以及结合真实微服务的应用。
1.在Mac中安装Visualbox时失败,提示“the installation failed”
原因是MacOS阻止了VirtualBox安装kernel extension。在system preferences中选择security&privacy在general中点击下方的allow即可解决。
2.vagrant up
命令启动失败,提示No Usable default provider could be found for your system
这是由于Vagrant与Virtualbox版本不一致,Vagrant的版本比Virtualbox的旧,可以将Virtualbox降级,或者直接使用本文推荐的版本