Docker的英文翻译是“码头工人”,即搬运工,它搬运的东西就是我们常说的集装箱Container,Container里面装的是任意类型的App。我们的开发人员可以通过Docker将App变成一种标准的、可移植的、自管理的组件,我们可以在任何主流的操作系统中开发、调试和运行。
从概念上来看,Docker和传统的虚拟机比较类似,只是更轻量级,更方便使用。Docker和虚拟机最主要的区别有以下几点:
下面是docker与虚拟机的简单对比图:
| 特性 | 容器 | 虚拟机 |
| 启动 | 秒级 | 分钟级 |
| 硬盘使用 | 一般为MB | 一般为GB |
| 性能 | 接近原生 | 弱于 |
| 系统支持量 | 单机支持上千个容器 | 一般几十个 |
| 管理效率 | 管理简单 | 概念里复杂 |
Docker运行在物理机上与运行在虚拟机上的对比:
一个做好的应用容器长的就像一个装好了一组特定应用的虚拟机一样,比如我们现在想用redis,那我就找个装好了redis的容器就可以了,然后运行起来,我就能直接使用了。
那为什么不直接安装一个redis呢?肯定是可行的,但是有的时候根据每个人电脑的不同,操作系统的不同,redis的安装方法也各不相同。而且万一机器故障,应用迁移,所有当前机器上安装的应用还需要在新的机器上再全部重新安装一次。但是如果使用容器就要简单多了,你就相当于有了一个快速运行起来的虚拟机,而且方便快速移植。只要你能运行容器,redis的配置就省了。
标准化
高性能
轻量级
隔离性
Docker引擎是一个C/S 架构的应用程序
Docker使用C/S体系的架构,Docker客户端与Docker守护进程通信,Docker守护进程负责构建,运行和分发Docker容器。Docker客户端和守护进程可以在同一个系统上运行,也可以将Docker客户端连接到远程Docker守护进程。Docker客户端和守护进程使用REST API通过unix套接字或网络接口进行通信。
下面是Docker核心组件及元素说明:
本次使用使用的是Centos系统,安装zai Centos上
安装必要的系统工具
[root@docker-server1 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@docker-server1 ~]# yum update
安装docker源
[root@docker-server1 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@docker-server1 ~]# yum makecache fast
[root@docker-server1 ~]# yum -y install docker-ce
[root@docker-server1 ~]# systemctl restart docker
[root@docker-server1 ~]# systemctl status docker
docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2019-11-09 02:36:44 EST; 10min ago Docs: https://docs.docker.com Main PID: 62112 (dockerd) Tasks: 13 Memory: 46.2M CGroup: /system.slice/docker.service └─62112 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.288676502-05:00" level=info msg="scheme \...=grpc Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.288692565-05:00" level=info msg="ccResolv...=grpc Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.288723178-05:00" level=info msg="ClientCo...=grpc Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.316499988-05:00" level=info msg="Loading ...art." Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.470346871-05:00" level=info msg="Default ...ress" Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.525457432-05:00" level=info msg="Loading ...one." Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.545391836-05:00" level=info msg="Docker d....03.4 Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.545511423-05:00" level=info msg="Daemon h...tion" Nov 09 02:36:44 docker-server1 dockerd[62112]: time="2019-11-09T02:36:44.565917783-05:00" level=info msg="API list...sock" Nov 09 02:36:44 docker-server1 systemd[1]: Started Docker Application Container Engine. Hint: Some lines were ellipsized, use -l to show in full.
在docker-ce中,已废弃/etc/sysconfig/docker这种配置方式,转而采用/etc/docker/daemon.json来配置
下面简单列一下daemon.json的配置项与说明:
{ "api-cors-header": "", "authorization-plugins": [], "bip": "", "bridge": "", "cgroup-parent": "", "cluster-store": "", "cluster-store-opts": {}, "cluster-advertise": "", #启用debug的模式,启用后,可以看到很多的启动信息。默认 false "debug": true, "default-gateway": "", "default-gateway-v6": "", "default-runtime": "runc", "default-ulimits": {}, "disable-legacy-registry": false, #容器DNS的地址,在容器的/etc/resolv.conf 文件中可查看 "dns": ["192.168.80.1"], "dns-opts": [], "dns-search": [], "exec-opts": [], "exec-root": "", "fixed-cidr": "", "fixed-cidr-v6": "", #已废弃,使用data-root代替 "graph": "/var/lib/docker", #Docker运行时使用的根路径,根路径下的内容稍后介绍,默认/var/lib/docker "data-root": "/var/lib/docker", "group": "", #Unix套接字的属组,仅指/var/run/docker.sock "hosts": [], #设置容器hosts "icc": false, "insecure-registries": [], "ip": "0.0.0.0", "iptables": false, "ipv6": false, "ip-forward": false, "ip-masq": false, "labels": ["nodeName=node-121"] "live-restore": true, "log-driver": "", "log-level": "", "log-opts": { "max-file": "5", "max-size": "50m" }, "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "mtu": 0, "oom-score-adjust": -500, "pidfile": "", #Docker守护进程的PID文件 "raw-logs": false, "registry-mirrors": ["xxxx"], #镜像加速的地址,增加后在 docker info 中可查看。 "runtimes": { "runc": { "path": "runc" }, "custom": { "path": "/usr/local/bin/my-runc-replacement", "runtimeArgs": [ "--debug" ] } }, "selinux-enabled": false, #参考:Docker的启动参数 "storage-driver": "overlay2", "storage-opts": [], "swarm-default-advertise-addr": "", "tls": true, #参考:Docker的启动参数 "tlscacert": "", #参考:Docker的启动参数 "tlscert": "", #参考:Docker的启动参数 "tlskey": "", #参考:Docker的启动参数 "tlsverify": true, #参考:Docker的启动参数 "userland-proxy": false, "userns-remap": "" }
docker systemd启动说明
[Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process MountFlags=slave # 解决目录被其它的容器挂载使用,导致已经退出的容器无法被删除的问题 [Install] WantedBy=multi-user.target
重启Docker
[root@docker-server1 ~]# systemctl restart docker
[root@docker-server1 ~]# systemctl status docker
参考文档:https://www.cnblogs.com/breezey/p/9123098.html
原文:https://www.cnblogs.com/zyxnhr/p/11825331.html