docker基础培训【ppt】 .ppt

DOCKER基础培训,主讲人：陈力日期：2014-8-10TD RNC无线软件部,了解Docker,Docker is an open platform for developing,shipping,and running applications.At its core,Docker provides a way to run almost any application securely isolated in a container.,App Development&Operations,Docker,建立一个APP的开发和运维环境你需要考虑？,快速建立N个这样的APP开发和运维环境你应该考虑？,container,container,container,OS version？,Machine halt？,App version？,Configuration？,Dependency？,Compile error？,了解Docker,Why not VMs？用户需要的是高效运行环境而非OS,GuestOS既浪费资源又难于管理，轻量级的Container更加灵活和快速。,VM,Docker,了解Docker,Namespaces：LXC所实现的隔离性主要是来自kernel的namespace,其中pid,net,ipc,mnt,uts 等namespace将container的进程,网络,消息,文件系统和hostname 隔离开Cgroups：实现了对资源的配额和度量。UnionFS：是一种支持将不同目录挂载到同一个虚拟文件系统下(unite several directories into a single virtual filesystem)的文件系统LXC：Linux Container，提供了一种操作系统级的虚拟化方法。借助于namespace的隔离机制和cgroup限额功能来管理container,Architecture,了解Docker,Docker uses a client-server architecture.The Dockerclienttalks to the Dockerdaemon,which does the heavy lifting of building,running,and distributing your Docker containers.Both the Docker client and the daemoncanrun on the same system,or you can connect a Docker client to a remote Docker daemon.The Docker client and daemon communicate via sockets or through a RESTful API.,Inside Docker,了解Docker,Docker images:A Docker image is a read-only template.For example,an image could contain an Ubuntu operating system with Apache and your web application installed.Images are used to create Docker containers.Docker Registries:Docker registries hold images.These are public or private stores from which you upload or download images.The public Docker registry is calledDocker Hub.Docker containers:Each container is created from a Docker image.A Docker container holds everything that is needed for an application to run,You need to Know,image,image,image,image,registry,image,container,image,container,安装Docker,准备一个Ubuntu Trusty 14.04(LTS)(64-bit)版本，如ubuntu-14.04.1-server-amd64.iso Ubuntu Trusty comes with a 3.13.0 Linux kernel,and adocker.iopackage which installs Docker 0.9.1 and all its prerequisites from Ubuntus repository.因此，你很容易得到docker的0.9.1版本，如下：,如果要获取最新的docker版本，你需要location到docker repository，按如下方式执行curl脚本即可：,Docker当前最新版本为1.1.2,Dockerizing Applications:A Hello world,docker run:The combinationrunscontainers.ubuntu:14.04:This is the source of the container we ran.Docker calls this an image.In this case we used an Ubuntu 14.04 operating system image.【也可以直接写ubuntu，这样获取的是ubuntu:latest image】/bin/echo Hello world:told Docker what command to run inside our new containerWhen our container was launched Docker created a new Ubuntu 14.04 environment and then executed the/bin/echocommand inside it.We saw the result on the command:Hello world,two flags:-tand-i.The-tflag assigns a pseudo-tty or terminal inside our new container and the-iflag allows us to make an interactive connection by grabbing the standard in(STDIN)of the container./bin/bash.：This will launch a Bash shell inside our container.,Hello world,An Interactive Container,Dockerizing Applications:A Hello world,Lets try running some commands inside our container,A Daemonized Hello world,-dflag tells Docker to run the container and put it in the background,to daemonize it.1e5535038e28:This really long string is called acontainer ID.It uniquely identifies a container so we can work with it.,接下来，你可以使用更多的docker命令来操纵container,just try them!docker ps：List containers;docker logs:Fetch the logs of a container；docker stop:Stop a running container；等等,https:/,Refresher on Docker,典型的Linux启动到运行需要两个FS：bootfs+rootfs。bootfs 主要包含 bootloader 和 kernel,bootloader主要是引导加载kernel,当boot成功后 kernel 被加载到内存中后 bootfs就被umount了；rootfs(root file system)包含的就是典型 Linux 系统中的/dev,/proc,/bin,/etc等标准目录和文件。在docker中，对 rootfs先以readonly方式加载并检查，接下来利用 union mount 将一个 readwrite 文件系统挂载在 readonly 的rootfs之上，并且允许再次将下层的 file system设定为readonly 并且向上叠加,这样一组readonly和一个writeable的结构构成一个container的运行目录,每一个被称作一个Layer。每一个对readonly层文件/目录的修改都只会存在于上层的writeable层中。由于不存在竞争,多个container可以共享readonly的layer。所以docker将readonly的层称作 image-对于container而言整个rootfs都是read-write的，但事实上所有的修改都写入最上层的writeable层中,image不保存用户状态，可以用于模板、重建和复制。从一个image启动一个container时，docker会先加载其下层image直到base image，用户的进程运行在writeable的layer中。所有image中的数据信息以及ID、网络和lxc管理的资源限制等具体container的配置，构成一个docker概念上的container。,使用Docker：Working with Containers,-Pflag：tells Docker to map any required network ports inside our container to our host.This lets us view our web application.training/webapp：is a pre-built image weve created that contains a simple Python Flask web application.python app.py：launches our web application.,Docker has exposed port 5000(the default Python Flask port)on local docker host port（from the range 49000 to 49900）49155.,Running a Web Application in Docker,Tips：如果是在虚拟机上使用docker，local docker host为虚拟机的ip地址,使用Docker：Working with Containers,示例：,使用Docker：Working with Docker images,Listing images on the host:docker imagesGetting a new image：docker pull centosFinding images：docker search sinatra,关于images的操作命令,Tips：目前为止，我们看到有两种类型的images，不带前缀的如ubuntu，称为base或root images，由Docker Inc创建；带前缀的如training/webapp，称为userimages由Docker社区创建和维护，前缀training表示创建该image的user。,创建自己的images,PULL,RUN,OPERATIONS,COMMIT,PUSH,使用Docker：Docker Container Linking,Its useful to name containers that do specific functions in a way that makes it easier for you to remember them,for example naming a container with a web application in itweb.It provides Docker with a reference point that allows it to refer to other containers,for example link containerwebto containerdb.,给Container取一个有意义的名字,-link name:alias：Wherenameis the name of the container were linking to andaliasis an alias for the link name.,Container Linking,使用Docker：Docker Container Linking,实际上，container web link container db，只是在web container内部做了如下两件事情：增加环境变量；更新/etc/hosts文件,使用Docker：Docker Container Linking,Docker 使用linux桥接来提供网络连接到容器。Containers可以通过iccparameter value of the Docker daemon进行相互交流：缺省情况下，-icc=trueallows containers to communicate with each other.-icc=falsemeans containers are isolated from each other.,使用Docker：Managing Data in Containers,Data volumes,Adata volumeis a specially-designated directory within one or more containers that bypasses theUnion File Systemto provide several useful features for persistent or shared data:Data volumes can be shared and reused between containers;Changes to a data volume are made directly;Changes to a data volume will not be included when you update an image;Volumes persist until no containers use them;,Adding a data volumes to a container,-v:This will create a new volume inside a container at/webapp,This will mount the local directory,/src/webapp,into the container as the/opt/webapp directory.这样实现了host与container的数据共享，对于测试比较有用，比如，将host上的source code（比如script）mount到container内之后，只要我们在host上修改代码，就可以立即影响到container中app的工作行为，达到代码测试目的。,使用Docker：Managing Data in Containers,Share persistent data between containers,如果你有一些数据想在多个容器间共享，或者想在一些临时性的容器中使用该数据，那么最好的方案就是你创建一个数据卷容器，然后从该临时性的容器中挂载该数据卷容器的数据。-volumes-from flag：mount the/dbdata volume in another container.,Tips：在docker的整个设计中image是一个无状态的，这对升级重用非常有利。那么标记状态的数据，比如数据库的数据，生产的log之类的，就可以放到data volume里，data volumn的持久化本质就是文件的持久化。,Its not the end，Fighting！,