(1).查看内核
[[email protected] yum.repos.d]$ uname -r
3.10.0-327.el7.x86_64
[[email protected] yum.repos.d]$ cat /etc/os-release ##
NAME="Red Hat Enterprise Linux Server"
VERSION="7.2 (Maipo)" ##rhel7.2版本
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="7.2"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.2 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.2:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.2"
(2).docker 容器管理
# docker run -it --name vm1 ubuntu bash 创建容器
# docker ps -a 查看容器状态
# docker attach vm1 连接容器
# docker top vm1 查看容器进程
# docker logs vm1 查看容器指令输出 -f 参数可以实时查看
# docker inspect vm1 查看容器详情
# docker stats vm1 查看容器资源使用率
# docker diff vm1 查看容器修改# docker run -d --name vm1 ubuntu bash -c "while true; do echo westos; sleep 1; done" 后台运行
# docker stop vm1 停止容器
# docker start vm1 启动容器
# docker kill vm1 强制干掉容器
# docker restart vm1 重启容器
# docker pause/unpause vm1 暂停/恢复容器
# docker rm vm1 删除容器
# docker export vm1 > vm1.tar 导出容器
# docker import vm1.tar image 导入容器为镜像 image
[[email protected] Desktop]# docker load -i nginx.tar ##导入镜像
[[email protected] Desktop]# systemctl status docker ##查看docker状态
● docker.service - Docker Application Container Engine
Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2017-05-09 10:07:51 CST; 3h 14min ago
Docs: https://docs.docker.com
Main PID: 9896 (docker)
CGroup: /system.slice/docker.service
└─9896 /usr/bin/docker daemon -H fd:// --bip 192.168.0.222/24 --in...
May 09 11:15:40 miaomiao docker[9896]: time="2017-05-09T11:15:40.390826087+...d"
May 09 11:16:06 miaomiao docker[9896]: time="2017-05-09T11:16:06.564389245+...f"
May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.229044064+...0"
May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.275173249+...0"
May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988404710+...]"
May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988436872+...]"
May 09 11:29:58 miaomiao docker[9896]: time="2017-05-09T11:29:58.156325714+08...
May 09 11:31:20 miaomiao docker[9896]: time="2017-05-09T11:31:20.821704586+08...
May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206451035+...]"
May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206484521+...]"
Hint: Some lines were ellipsized, use -l to show in full.
(21).docker 参数
[[email protected] Desktop]# docker version ##版本
Client:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
[[email protected] Desktop]# docker images ##查看本地镜像
[[email protected] Desktop]# docker run -it --name vm0 ubuntu ##创建容器vm0
root[email protected]:/#
[email protected]:/# [[email protected] Desktop]#docker attach vm0 ##‘Ctrl + p +q‘在后台运行,attach 连接容器
[[email protected] Desktop]# docker run -it ubuntu
[email protected]:/# [[email protected] Desktop]# docker ps -a ##查看容器状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b2e45a701946 ubuntu "/bin/bash" 17 seconds ago Up 14 seconds serene_ride
2f0275b71c7b ubuntu "/bin/bash" 10 minutes ago Up 58 seconds vm0
[[email protected] Desktop]# docker stop serene_ride
serene_ride
[[email protected] Desktop]# docker rm serene_ride
serene_ride
##commit ##更新镜像
[[email protected] backup]# docker run -it --name vm1 ubuntu
[email protected]:/#
[email protected]:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[email protected]:/# touch file{1..10}
[email protected]:/# ls
bin dev file1 file2 file4 file6 file8 home lib64 mnt proc run ubuntu:v1 srv tmp var
boot etc file10 file3 file5 file7 file9 lib media opt root sbin sys usr
[email protected]:/# [[email protected] backup]# docker commit vm1 ubuntu:v1 ##在ubuntu的v1版本上更新容器vm1
sha256:6d42725a81105bd6265b5d1d0e5e29cb64988c558f4566cafc5c0752c25015bc
[[email protected] backup]# docker history ubuntu ##查看ubuntu历史修改
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[[email protected] backup]# docker history ubuntu:v1 ##查看ubuntu的v1版本历史修改
IMAGE CREATED CREATED BY SIZE COMMENT
6d42725a8110 About a minute ago /bin/bash 0 B ##原本4层,新加了一层,最多127层
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[[email protected] backup]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 6d42725a8110 About a minute ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[[email protected] backup]# docker stop vm1
vm1
[[email protected] backup]# docker rm vm1
vm1
[[email protected] backup]# docker run -it --name vm2 ubuntu:v1 ##在ubuntu的v1版本上创建容器vm2,v1版本的数据会保存
[email protected]:/#
[email protected]:/# ls
bin dev file1 file2 file4 file6 file8 home lib64 mnt proc run srv tmp var
boot etc file10 file3 file5 file7 file9 lib media opt root sbin sys usr
[email protected]:/#
[[email protected] Desktop]# docker attach vm0
[email protected]:/#
[email protected]:/# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
[email protected]:/# exit
exit
[[email protected] Desktop]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f0275b71c7b ubuntu "/bin/bash" 14 minutes ago Exited (0) 10 seconds ago
[[email protected] Desktop]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[[email protected] Desktop]# docker commit vm0 ubuntu:v0 ##更新镜像ubuntu
sha256:1990c428381bc97798ff8a561a4948e185fe6678b7ec642041299a6e9dfb4e3d
[[email protected] Desktop]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v0 1990c428381b 29 seconds ago 187.9 MB
ubuntu v6 c106646cac34 3 hours ago 187.9 MB
ubuntu vm1 e152ab232884 3 hours ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[[email protected] Desktop]# docker history ubuntu:v0
IMAGE CREATED CREATED BY SIZE COMMENT
1990c428381b 5 minutes ago /bin/bash 13 B
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i ‘s/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo ‘#!/bin/sh‘ > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[[email protected] Desktop]# docker run -it --name vm0 ubuntu:v0
[[email protected] Desktop]# docker run -d nginx ##-d后台运行
dc0256224c5e0d439dbfcf07d1b5ab5eb636f550b7d46a4432e527b43ffb1a35
[[email protected] Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc0256224c5e nginx "nginx -g ‘daemon off" 18 seconds ago Up 16 seconds 80/tcp, 443/tcp drunk_franklin
2f0275b71c7b ubuntu "/bin/bash" 44 minutes ago Up 29 minutes vm0
[[email protected] Desktop]# for i in {1..5};do docker run -d nginx;done
a576e9dc0943342646c79188e4ac226fd8fc761ca573390ebb4fbb451754340a
ef2c0d97aef90d231c43e2f6b474e43565be694b777f205333a99e93f0af9501
6ffa5fd9abd3282a88c8c1f7d6e7c41a20067d73915ea81900dc31118d4ff92d
fe530950f5fb6f678291658bcd404e1a8aca095c53de6126b16d605d90d6717c
80664f333a75f83c1f8c4144a55ec6a98ef1dc4eeca031966e2b8e0d52955bf6
[[email protected] Desktop]# docker stop `docker ps -aq`
80664f333a75
fe530950f5fb
6ffa5fd9abd3
ef2c0d97aef9
a576e9dc0943
dc0256224c5e
2f0275b71c7b
[[email protected] Desktop]# docker rm `docker ps -aq`
80664f333a75
fe530950f5fb
[[email protected] Desktop]# docker cp ml vm0:/ ##复制本地文件ml到容器vm0的/目录下
[[email protected] Desktop]# docker attach vm0
[email protected]:/# ls
bin dev home lib64 ml opt root sbin sys usr
boot etc lib media mnt proc run srv tmp var
[email protected]:/# rm -fr ml
[email protected]:/# [[email protected] Desktop]# docker attach v^C
[[email protected] Desktop]# docker logs vm0 ##查看容器指令输出 -f 参数可以实时查看,进入容器有所修改才会显示
[email protected]:/#
[email protected]:/# ls
bin dev home lib64 ml opt root sbin sys usr
boot etc lib media mnt proc run srv tmp var
[email protected]:/# rm -fr ml
[[email protected] Desktop]# docker export -o vm0.tar vm0 ##将vm0容器输出为vm0.tar到当前目录
[[email protected] Desktop]# ll vm0.tar
-rw-r--r-- 1 root root 196854784 May 9 15:08 vm0.tar
[[email protected] Desktop]# docker save -o ubuntu.tar ubuntu:v0 ##将ubuntu:v0镜像输出为ubuntu.tar到当前目录
[[email protected] Desktop]# docker load -i ubuntu.tar ##容器输入ubuntu。tar镜像
[[email protected] Desktop]# save load export import^C
[[email protected] Desktop]# evince Docker学习笔记.pdf & ##evince 查看 &后台
[[email protected] Desktop]# docker run -d --name web -p 8000:80 nginx ##进来dnat,出去snat
在本地nginx镜像中将http的80端口伪装(映射)成8000端口
1bd84acbf617b572510cd6d102a38011052c6c70cc4cff5ea837c7d1959fac04
[[email protected] Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1bd84acbf617 nginx "nginx -g ‘daemon off" 16 seconds ago Up 12 seconds 443/tcp, 0.0.0.0:8000->80/tcp web
fb7a26874f00 ubuntu "/bin/bash" 12 minutes ago Up 12 minutes vm0
[[email protected] Desktop]# netstat -antlp |grep :8000 ##查看8000端口
tcp6 0 0 :::8000 :::* LISTEN 28822/docker-proxy
[[email protected] Desktop]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0
MASQUERADE tcp -- 192.168.0.2 192.168.0.2 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:192.168.0.2:80
[[email protected] Desktop]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.0.2 tcp dpt:http
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
[[email protected] lib]# docker start web ##输入网址http://172.25.254.4:8000/ 或 localhost:8000 查看
[[email protected] Desktop]# docker attach vm0
[email protected]:/# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
[email protected]:/# cp /etc/passwd .
[email protected]:/# [[email protected] Desktop]# docker diff vm0
A /passwd ##A 为add
(22).修改docker的ip
[[email protected] system]# cd /usr/lib
[[email protected] lib]# cp /usr/lib^C
[[email protected] lib]# cp /lib/systemd/system/docker.service /etc/systemd/system^C
[[email protected] lib]# systemctl daemon-reload ^C
[[email protected] lib]# systemctl restart docker ##重启docker
[[email protected] lib]# docker network ls
NETWORK ID NAME DRIVER
a3d8431a63f6 bridge bridge
3fd2c5b5e9c8 none null
fcff84aa1644 host host
[[email protected] lib]# ssh -X [email protected] firefox ##连接172.25.254.4的firefox
(3).数据卷管理
docker run 在创建容器时使用 -v 参数可以挂载一个或多个数据卷到当前运行的容器中,-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中,使宿主机和容器之间可以共享一个目录。
挂载数据卷到新创建的容器上:
# docker run -it --name westos -v /tmp/data1:/data1 -v /tmp/data2:/data2 rhel7 /bin/bash
-v 参数可以重复使用,挂载多个数据卷到容器中,冒号前面的是宿主机的目录(本地目录不存在 docker 会自动创建),冒号后面的是容器中的挂载目录。
注:docker commit 时卷的数据不会被保存。
默认挂载可以读写数据卷,也可以只读挂载:
# docker run -it --name westos2 -v /tmp/data2:/data2:ro rhel /bin/bash
挂载宿主机文件:
#docker run -it --name westos3 -v /etc/yum.repos.d/rhel-dvd.repo:/etc/yum.repos.d/rhel-dvd.repo:ro rhel7 /bin/bash
数据卷容器:
# docker create --name data -v /tmp/sharedata:/sharedata rhel7 /bin/true
# docker run -it --name vm1 --volumes-from data rhel7 /bin/bash
# docker run -it --name vm2 --volumes-from data rhel7 /bin/bash
# docker attach vm1
bash-4.2# cd /sharedata/
bash-4.2# touch vm1file
# docker attach vm2
bash-4.2# cd /sharedata/
bash-4.2# ls
passwd vm1file
bash-4.2# touch vm2file
[[email protected] ~]# ls /tmp/sharedata/
passwd vm1file vm2file
备份数据卷:
# docker run --rm --volumes-from data -v /tmp/backup:/backup rhel7 tar cf /sharedata /backup/test.tar
eg:
[[email protected] lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu ##-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中 本地目录不存在 docker 会自动创建
[email protected]:/# cd data1/
[email protected]:/data1# ls
passwd
[[email protected] lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu
[email protected]:/# cd data1/
[email protected]:/data1# ls
passwd
[email protected]:~# [[email protected] lib]#
[[email protected] lib]# cd /tmp/data1
[[email protected] data1]# ls
[[email protected] data1]# docker run -it --name vm2 -v /tmp/data2:/data2 ubuntu
[email protected]:/# cd /data2/
[email protected]:/data2# ls
[email protected]:/data2# [[email protected] data1]#
[[email protected] data1]# docker run -it --name vm3 -v /tmp/data1:/data1 -v /tmp/data2:/data2:ro -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat.repo:ro ubuntu
[email protected]:/# cd /etc/yum.repos.d/
[email protected]:/etc/yum.repos.d# ls
redhat.repo
[email protected]:/etc/yum.repos.d# echo 1 > redhat.repo
bash: redhat.repo: Read-only file system
[email protected]:/etc/yum.repos.d# [[email protected] data1]#
[[email protected] data1]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4adc953b1fb8 ubuntu "/bin/bash" About a minute ago Up About a minute vm3
b2a25f80b0e0 ubuntu "/bin/bash" 5 minutes ago Up 5 minutes vm2
0a71b1c6ee76 ubuntu "/bin/bash" 8 minutes ago Up 8 minutes vm1
[[email protected] data1]# docker create --name datavol -v /tmp/data1:/data1 -v /tmp/data2:/data2 -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat:ro ubuntu
83c9e4ce93a3d47326a33d6693214c0d8e2b36d26f0700702d10f960027feb5c
[[email protected] data1]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83c9e4ce93a3 ubuntu "/bin/bash" 21 seconds ago Created datavol
4adc953b1fb8 ubuntu "/bin/bash" 7 minutes ago Up 7 minutes vm3
b2a25f80b0e0 ubuntu "/bin/bash" 11 minutes ago Up 11 minutes vm2
0a71b1c6ee76 ubuntu "/bin/bash" 14 minutes ago Up 14 minutes vm1
[[email protected] data1]# docker run -it --name vm4 --volumes-from datavol ubuntu
[email protected]:/# cd /data1
[email protected]:/data1# ls
[email protected]:/data1# cd /etc/yum.repos.d/
[email protected]:/etc/yum.repos.d# ls
redhat
[email protected]:/etc/yum.repos.d#cd /data1
[email protected]:/data1# ls
passwd
[[email protected] ~]# docker cp vm4:/data1/passwd .
[[email protected] ~]# ll passwd
-rw-r--r-- 1 root root 956 May 9 16:06 passwd
[[email protected] data1]# docker run --rm -v /tmp/backup:/backup ubuntu tar cf /backup/vm4.tar /etc
tar: Removing leading `/‘ from member names
[[email protected] data1]# cd /tmp/backup/
[[email protected] backup]# ls
etc.tar vm4.tar
[[email protected] backup]# ll vm4.tar
-rw-r--r-- 1 root root 798720 May 9 16:12 vm4.tar
[[email protected] backup]# tar tf vm4.tar |less
(4).设置docker的ip
[[email protected] Desktop]# docker network ls ##
NETWORK ID NAME DRIVER
a6086676733c host host
c69c955d85a6 bridge bridge
b2fe5e31a343 none null
[[email protected] Desktop]# brctl show ##显示桥接
bridge name bridge id STP enabled interfaces
br0 8000.28d24434e123 no enp2s0 ##本机br0
docker0 8000.02423c7d609f no ##容器通过docker0(桥接)与物理机(宿主机|本机)通信
virbr0 8000.525400c63db4 yes virbr0-nic ##虚拟机通过virbr0(桥接)与物理机(宿主机|本机)通信
virbr1 8000.5254002538eb yes virbr1-nic
[[email protected] Desktop]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[[email protected] Desktop]# docker run -it --name vm1 ubuntu
[email protected]:/# [[email protected] Desktop]#
[[email protected] Desktop]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.28d24434e123 no enp2s0
docker0 8000.02423c7d609f no veth67f57bf
virbr0 8000.525400c63db4 yes virbr0-nic
virbr1 8000.5254002538eb yes virbr1-nic
[[email protected] Desktop]# ll /usr/lib/systemd/system/docker.service
-rw-r--r-- 1 root root 347 2月 11 2016 /usr/lib/systemd/system/docker.service
[[email protected] Desktop]# cp /usr/lib/systemd/system/docker.service /etc/systemd/system/docker.service
[[email protected] Desktop]# vim /etc/systemd/system/docker.service 改docker0的ip方式二:修改配置文件
ExecStart=/usr/bin/docker daemon -H fd:// --bip 192.168.60.1/24 ##设置docker0的ip为192.168.60.1/24
[[email protected] Desktop]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff
inet 192.168.253.4/24 brd 192.168.253.255 scope global dynamic wlp3s0
valid_lft 35968sec preferred_lft 35968sec
inet6 fe80::a6db:30ff:fe7a:f8c5/64 scope link
valid_lft forever preferred_lft forever
4: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::2ad2:44ff:fe34:e123/64 scope link
valid_lft forever preferred_lft forever
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
11: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::b854:d0ff:febc:523c/64 scope link
valid_lft forever preferred_lft forever
[[email protected] Desktop]# systemctl daemon-reload
[[email protected] Desktop]# systemctl restart network
[[email protected] Desktop]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
11: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::b854:d0ff:febc:523c/64 scope link
valid_lft forever preferred_lft forever
12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
[[email protected] Desktop]# ip link set down dev docker0 ##改docker0的ip方式二:link
[[email protected] Desktop]# ip addr del 172.17.0.1/16 dev docker0
[[email protected] Desktop]# ip addr add 192.168.60.1/24 dev docker0
[[email protected] Desktop]# ip link set up dev docker0
[[email protected] Desktop]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether a4:db:30:7a:f8:c5 brd ff:ff:ff:ff:ff:ff
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:25:38:eb brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:c6:3d:b4 brd ff:ff:ff:ff:ff:ff
9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.60.1/24 scope global docker0 ##改后的ip:192.168.60.1/24
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
11: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether ba:54:d0:bc:52:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::b854:d0ff:febc:523c/64 scope link
valid_lft forever preferred_lft forever
12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
[[email protected] Desktop]#
[[email protected] Desktop]# docker attach vm1
[email protected]:/# uname -r
3.10.0-327.el7.x86_64
[email protected]:/# ip addr show ##创建一个容器vm1 ,默认ip????????
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
(5).四种模式
[[email protected] Desktop]# docker run -it --name web --net host nginx ##host模式 和物理机bro的ip相同
WARNING: IPv4 forwarding is disabled. Networking will not work.
2017/05/10 11:48:52 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use) ##80端口正在占用
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2017/05/10 11:48:52 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
[[email protected] Desktop]# ^C
[[email protected] Desktop]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7ce6e4f9b27 nginx "nginx -g ‘daemon off" 34 seconds ago Exited (1) 28 seconds ago web
33293f33ace2 ubuntu "/bin/bash" 19 minutes ago Up 18 minutes vm1
[[email protected] Desktop]# systemctl stop httpd.service ##关闭httpd服务
[[email protected] Desktop]# docker start web
web
[[email protected] Desktop]# netstat -antlp |grep :80 ##80端口正在被占用
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6687/nginx: master
[[email protected] Desktop]# curl 172.25.254.60
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[[email protected] Desktop]# docker stop web
web
[ro[email protected] Desktop]# curl 172.25.254.60
curl: (7) Failed connect to 172.25.254.60:80; 拒绝连接
[[email protected] Desktop]# netstat -antlp |grep :80
tcp 0 0 172.25.254.60:46343 172.25.254.60:80 TIME_WAIT -
[[email protected] pub]# docker run -it --name vm1 --net host ubuntu ##vm1为host模式
[email protected]:/#
[email protected]:/# [[email protected] pub]#
[[email protected] pub]# docker run -it --name vm2 --net container:vm1 ubuntu ##vm1为container模式,同vm1 与物理机ip相同
[email protected]:/#
[email protected]:/# ip addr show
9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.60.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
[email protected]:/# [[email protected] pub]# docker attach vm1
[email protected]:/# ip addr show
9: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:3c:7d:60:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.60.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3cff:fe7d:609f/64 scope link
valid_lft forever preferred_lft forever
12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 28:d2:44:34:e1:23 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.60/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.60.250/24 brd 172.25.60.255 scope global br0
valid_lft forever preferred_lft forever
[email protected]:/# ##关机vm1,vm2的ip不再存在,开启vm1,vm2的ip存在
[[email protected] Desktop]# docker attach vm2
[email protected]:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[email protected]:/# [[email protected] Desktop]#
(6).禁用模式 自己设ip
[[email protected] netns]# docker run -it --name vm3 --net none ubuntu
[email protected]:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[email protected]:/# [[email protected] netns]#
[[email protected] netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc5dee66 no enp0s25
docker0 8000.024241e13709 no
virbr0 8000.525400c2e396 yes virbr0-nic
virbr1 8000.52540005d6c1 yes virbr1-nic
[[email protected] netns]# docker inspect vm3 |grep Pid ##每次开机Pid 都会改变,所以最好写脚本
"Pid": 4648,
"PidMode": "",
"PidsLimit": 0,
[[email protected] netns]# cd /proc/4648 ##/proc存放内核的信息,存放在内存上,关机所有信息消失,开机所有信息自动出现
[[email protected] 4648]# ls
attr cpuset limits net projid_map statm
autogroup cwd loginuid ns root status
auxv environ map_files numa_maps sched syscall
cgroup exe maps oom_adj sessionid task
clear_refs fd mem oom_score setgroups timers
cmdline fdinfo mountinfo oom_score_adj smaps uid_map
comm gid_map mounts pagemap stack wchan
coredump_filter io mountstats personality stat
[[email protected] 4648]# cd ns
[[email protected] ns]# ls
ipc mnt net pid user uts
[[email protected] ns]# ll
total 0
lrwxrwxrwx 1 root root 0 May 10 10:51 ipc -> ipc:[4026532409]
lrwxrwxrwx 1 root root 0 May 10 10:51 mnt -> mnt:[4026532407]
lrwxrwxrwx 1 root root 0 May 10 10:49 net -> net:[4026532412]
lrwxrwxrwx 1 root root 0 May 10 10:51 pid -> pid:[4026532410]
lrwxrwxrwx 1 root root 0 May 10 10:51 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 May 10 10:51 uts -> uts:[4026532408]
[[email protected] ns]# ln -s /proc/4648/ns/net /var/run/netns/4648
[[email protected] ns]# ip netns ls
4648
[[email protected] ns]# ll
total 0
lrwxrwxrwx 1 root root 0 May 10 10:51 ipc -> ipc:[4026532409]
lrwxrwxrwx 1 root root 0 May 10 10:51 mnt -> mnt:[4026532407]
lrwxrwxrwx 1 root root 0 May 10 10:49 net -> net:[4026532412]
lrwxrwxrwx 1 root root 0 May 10 10:51 pid -> pid:[4026532410]
lrwxrwxrwx 1 root root 0 May 10 10:51 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 May 10 10:51 uts -> uts:[4026532408]
[[email protected] ns]# cd /var/run/netns/
[[email protected] netns]# ls
4648
[[email protected] netns]# ll
total 0
lrwxrwxrwx 1 root root 17 May 10 10:53 4648 -> /proc/4648/ns/net
[[email protected] netns]# ip link add name veth0 type veth peer name veth1
[[email protected] netns]# ip link set up dev veth0 ##在 namespace 中启用一个设备veth0
[[email protected] netns]# ip link set up dev veth1
[[email protected] netns]# ip addr show
。。。
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:21:cc:5d:ee:66 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.15/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.15.250/24 brd 172.25.15.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::221:ccff:fe5d:ee66/64 scope link
valid_lft forever preferred_lft forever
9: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN ##Docker 在启动时会创建一个虚拟网桥 docker0,默认地址为 。。。, 容器启动后都会
被桥接到 docker0 上,并自动分配到一个 IP 地址
link/ether 02:42:41:e1:37:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 scope global docker0
valid_lft forever preferred_lft forever
10: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff
inet6 fe80::947e:83ff:feec:4cfc/64 scope link
valid_lft forever preferred_lft forever
11: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether ca:bc:43:25:e7:91 brd ff:ff:ff:ff:ff:ff
inet6 fe80::c8bc:43ff:fe25:e791/64 scope link
valid_lft forever preferred_lft forever
[[email protected] netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc5dee66 no enp0s25
docker0 8000.024241e13709 no
virbr0 8000.525400c2e396 yes virbr0-nic
virbr1 8000.52540005d6c1 yes virbr1-nic
[[email protected] netns]# brctl addif docker0 veth0
[[email protected] netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc5dee66 no enp0s25
docker0 8000.024241e13709 no veth0
virbr0 8000.525400c2e396 yes virbr0-nic
virbr1 8000.52540005d6c1 yes virbr1-nic
[[email protected] netns]# ip link set veth1 netns 4648
[[email protected] netns]# docker attach vm3
[email protected]:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: [email protected]: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff
[[email protected] netns]# ip netns exec 4648 ip link set veth1 name eth0
[[email protected] netns]# ip netns exec 4648 ip link set up eth0
[[email protected] netns]# ip netns exec 4648 ip addr add 192.168.15.115/24 dev eth0
[[email protected] netns]# ip netns exec 4648 ip route add default via 192.168.15.1
[[email protected] netns]# docker attach vm3
[email protected]:/#
[email protected]:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 96:7e:83:ec:4c:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.15.115/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::947e:83ff:feec:4cfc/64 scope link
valid_lft forever preferred_lft forever
[email protected]:/# ip route show
default via 192.168.15.1 dev eth0
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.115
[email protected]:/# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0 0 eth0
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[email protected]:/# ping 192.168.15.1
PING 192.168.15.1 (192.168.15.1) 56(84) bytes of data.
--- 192.168.15.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
[email protected]:/# ping 172.25.254.251
PING 172.25.254.251 (172.25.254.251) 56(84) bytes of data.
--- 172.25.254.251 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
[email protected]:/# ping 172.25.254.15
PING 172.25.254.15 (172.25.254.15) 56(84) bytes of data.
^C
--- 172.25.254.15 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
(7)容器间互联
[[email protected] Desktop]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 4 months ago 55.5 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[[email protected] Desktop]# docker run -d game2048
25c89dfe2e6fa670613e0386de8f05284dd74c017426dc7087e897df44284135
[[email protected] Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
25c89dfe2e6f game2048 "/bin/sh -c ‘sed -i \"" 32 seconds ago Up 30 seconds 80/tcp, 443/tcp boring_newton
[[email protected] Desktop]# docker run -it --link boring_newton:WQ ubuntu ##两个容器间建立安全连接, --link 参数可以连接一个
或多个容器到将要创建的容器
[email protected]:/#
[email protected]:/# env |grep WQ
WQ_PORT_443_TCP_ADDR=192.168.60.2
WQ_ENV_NGINX_VERSION=1.11.7
WQ_NAME=/prickly_poincare/WQ
WQ_PORT_80_TCP_PROTO=tcp
WQ_PORT_80_TCP=tcp://192.168.60.2:80
WQ_PORT_443_TCP_PORT=443
WQ_PORT_80_TCP_PORT=80
WQ_PORT_443_TCP=tcp://192.168.60.2:443
WQ_PORT_443_TCP_PROTO=tcp
WQ_PORT_80_TCP_ADDR=192.168.60.2
WQ_PORT=tcp://192.168.60.2:80
(8)基于rhel7镜像,搭建自己的镜像 搭建appache
[[email protected] Desktop]$ cd /tmp/docker/
[[email protected] docker]$ cd apache/
[[email protected] apache]# vim Dockerfile
[[email protected] apache]# docker build -t rhel7:v1 .
[[email protected] apache]# ls
Dockerfile
[[email protected] apache]# du -h Dockerfile
4.0K Dockerfile
[[email protected] apache]# docker run -d -p 8000:80 --name apache rhel7:v1
410b97e65f58d824bad92b7824d01c7cc11a3aafe5614133bcddb4bb8c6f6159
vm1
[[email protected] apache]# docker kill apache
apache
[[email protected] apache]# docker rm apache
apache
[[email protected] apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v1
a8248ed115240b4d840c586402ced465477e3893f95c330b9b4365f5a120c3aa
[[email protected] apache]# vim index.html
[[email protected] apache]# ls
Dockerfile index.html
[[email protected] apache]# docker kill apache
apache
[[email protected] apache]# docker rm apache
apache
[[email protected] apache]# docker run -d -p 8000:80 --name apache rhel7:v2
Unable to find image ‘rhel7:v2‘ locally
Pulling repository docker.io/library/rhel7
^C[[email protected] apache]# docker build -t rhel7:v2 .
Sending build context to Docker daemon 3.072 kB
Step 1 : FROM rhel7:v1
---> c7728e4708e3
Step 2 : MAINTAINER [email protected]
---> Running in c433f5e76e66
---> 573359cb1d1f
Removing intermediate container c433f5e76e66
Step 3 : ENV hostname ll
---> Running in 440673aa5929
---> d3a6eb82360a
Removing intermediate container 440673aa5929
Step 4 : EXPOSE 80
---> Running in 59142267cc63
---> 54f13e0b05b1
Removing intermediate container 59142267cc63
Step 5 : RUN yum install -y httpd && yum clean all
---> Running in 84ce816c5092
Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘
Package httpd-2.4.6-40.el7.x86_64 already installed and latest version
Nothing to do
Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘
Cleaning repos: rhel7.2
Cleaning up everything
---> 8d81b8881a9f
Removing intermediate container 84ce816c5092
Step 6 : CMD /usr/sbin/httpd -D FOREGROUND
---> Running in c9a98b333e16
---> 5ab0460229f8
Removing intermediate container c9a98b333e16
Successfully built 5ab0460229f8
[[email protected] apache]# docker run -d -p 8000:80 --name apache rhel7:v2
43ecdd284a6a5a51c1186c0849c9d16f70d05e128806be36bfdacce48997641a
[[email protected] apache]#
[[email protected] apache]# curl localhost:8000
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
..........
[[email protected] apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v2
docker: Error response from daemon: Conflict. The name "/apache" is already in use by container 43ecdd284a6a5a51c1186c0849c9d16f70d05e128806be36bfdacce48997641a. You have to remove (or rename) that container to be able to reuse that name..
See ‘docker run --help‘.
[[email protected] apache]# docker kill apache
apache
[[email protected] apache]# docker rm apache
apache
[[email protected] apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache/:/var/www/html rhel7:v2
ce6b701984229e411ca8dcb07fef754106d9118a22000078b4655fb5f4f08e63
[[email protected] apache]# curl localhost:8000
<h1>hello world</h1>
[[email protected] apache]# netstat -antlp |grep :80
tcp6 0 0 :::80 :::* LISTEN 1204/httpd
[[email protected] apache]# which ip
/usr/sbin/ip
[[email protected] apache]# rpm -qf /usr/sbin/ip ##查看/usr/sbin/ip属于哪个安装包
iproute-3.10.0-54.el7.x86_64
(9)搭建ssh镜像
[[email protected] docker]#mkdir ssh
[[email protected] docker]#cd ssh/
[[email protected] ssh]#cp ../apache/Dockerfile .
bash-4.2# yum install -y openssh-clients
bash-4.2# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
bash-4.2# cd /etc/ssh/
bash-4.2# ls
moduli ssh_config sshd_config
bash-4.2# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N ""
bash-4.2# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""
bash-4.2# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""
bash-4.2# ls
moduli ssh_host_ecdsa_key.pub ssh_host_rsa_key
ssh_config ssh_host_ed25519_key ssh_host_rsa_key.pub
ssh_host_ecdsa_key ssh_host_ed25519_key.pub sshd_config
bash-4.2# netstat -antlp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 39/sshd
tcp6 0 0 :::22 :::* LISTEN 39/sshd
bash-4.2# ssh localhost
The authenticity of host ‘localhost (::1)‘ can‘t be established.
ECDSA key fingerprint is 32:79:e7:50:20:0e:0d:c8:e5:ab:55:17:5a:b3:61:f1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
bash-4.2# echo root:westos |chpasswd
bash-4.2# ssh localhost
[email protected]‘s password:
-bash-4.2# [[email protected] ssh]#
[[email protected] ssh]# vim Dockerfile
[[email protected] ssh]# cat Dockerfile
FROM rhel7:v1 ##指定基础镜像
MAINTAINER [email protected] ##作者信息(可不写)
ENV hostname lll ##设置容器主机名(可不写)
EXPOSE 22 ##暴露容器端口
RUN yum install -y openssh-server openssh-clients && yum clean all
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd ##镜像操作命令
CMD ["/usr/sbin/sshd", "-D"] ##镜像启动命令,默认只能启动一条
[[email protected] ssh]# docker build -t rhel7:v6 . ##创建镜像 rhel7:v6
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM rhel7:v1
---> c7728e4708e3
Step 2 : MAINTAINER [email protected]
---> Using cache
---> 573359cb1d1f
Step 3 : ENV hostname lll
---> Using cache
---> 0445caf75265
Step 4 : EXPOSE 22
---> Using cache
---> c31fe7ee8a78
Step 5 : RUN yum install -y openssh-server openssh-clients && yum clean all
---> Using cache
---> 9ec68f83787d
Step 6 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd
---> Using cache
---> 66d55ef13f55
Step 7 : CMD /usr/sbin/sshd -D
---> Running in c1da2a758664
---> 0df474967f24
Removing intermediate container c1da2a758664
Successfully built 0df474967f24
[[email protected] ssh]# docker run -d --name ssh -p 2222:22 rhel7:v6
9e9b9180bdf7eb7029dccafa22a88c4ba14ec10b36ea0a40a15961ea718c6f47
[[email protected] ssh]# ssh localhost -p 2222
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
74:5d:6e:b3:fa:e7:80:6b:8a:e8:13:d2:85:cc:f5:c2.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:11
ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.
Host key verification failed.
[[email protected] ssh]# vim /root/.ssh/known_hosts
[[email protected] ssh]# rm -fr /root/.ssh/known_hosts
[[email protected] ssh]# ssh localhost -p 2222 ##连接物理机2222端口
The authenticity of host ‘[localhost]:2222 ([::1]:2222)‘ can‘t be established.
ECDSA key fingerprint is 74:5d:6e:b3:fa:e7:80:6b:8a:e8:13:d2:85:cc:f5:c2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[localhost]:2222‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
-bash-4.2# exit
logout
Connection to localhost closed.
(10)多服务
bash-4.2# yum install supervisor -y
bash-4.2# cat dvd.repo
[rhel7.2]
name=rhel7.2
baseurl=http://172.25.254.250/rhel7.2
gpgcheck=0
[update]
name=update
baseurl=ftp://172.25.254.250/pub/docker
gpgcheck=0
bash-4.2# vi /etc/supervisord.conf
[[email protected] ssh]# cd ..
[[email protected] docker]# mkdir super
[[email protected] docker]# cd super/
[[email protected] super]# cp ../ssh/Dockerfile .
[[email protected] super]# ls
Dockerfile
[[email protected] super]# vim update.repo
[[email protected] super]# ls
Dockerfile update.repo
[[email protected] super]# vim Dockerfile
[[email protected] super]# vim supervisord.conf
[[email protected] super]# docker build -t rhel7:v7 .
Sending build context to Docker daemon 4.096 kB
Step 1 : FROM rhel7:v1
---> c7728e4708e3
Step 2 : MAINTAINER [email protected]
---> Using cache
---> 573359cb1d1f
Step 3 : ENV hostname llll
---> Running in 2bcc58c208a6
---> c52c29905899
Removing intermediate container 2bcc58c208a6
Step 4 : EXPOSE 22 80
---> Running in b0f255eee335
---> ad02a414cb33
Removing intermediate container b0f255eee335
Step 5 : COPY update.repo /etc/yum.repos.d
---> 96ecee8435d0
Removing intermediate container 95bde59e0de3
Step 6 : RUN yum install -y openssh-server openssh-clients httpd supervisor&& yum clean all
---> Running in f50c57b7f861
Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘
Package httpd-2.4.6-40.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
---> Package supervisor.noarch 0:3.1.3-3.el7 will be installed
--> Processing Dependency: python-meld3 >= 0.6.5 for package: supervisor-3.1.3-3.el7.noarch
--> Processing Dependency: python-setuptools for package: supervisor-3.1.3-3.el7.noarch
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package python-meld3.x86_64 0:0.6.10-1.el7 will be installed
---> Package python-setuptools.noarch 0:0.9.8-4.el7 will be installed
--> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-4.el7.noarch
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7 will be installed
--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
openssh-clients x86_64 6.6.1p1-22.el7 rhel7.2 638 k
openssh-server x86_64 6.6.1p1-22.el7 rhel7.2 436 k
supervisor noarch 3.1.3-3.el7 update 445 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 rhel7.2 21 k
fipscheck-lib x86_64 1.4.1-5.el7 rhel7.2 11 k
libedit x86_64 3.0-12.20121213cvs.el7 rhel7.2 92 k
openssh x86_64 6.6.1p1-22.el7 rhel7.2 435 k
python-backports x86_64 1.0-8.el7 rhel7.2 5.8 k
python-backports-ssl_match_hostname
noarch 3.4.0.2-4.el7 rhel7.2 12 k
python-meld3 x86_64 0.6.10-1.el7 update 73 k
python-setuptools noarch 0.9.8-4.el7 rhel7.2 397 k
tcp_wrappers-libs x86_64 7.6-77.el7 rhel7.2 66 k
Transaction Summary
================================================================================
Install 3 Packages (+9 Dependent packages)
Total download size: 2.6 M
Installed size: 9.3 M
Downloading packages:
--------------------------------------------------------------------------------
Total 2.2 MB/s | 2.6 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/12
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/12
Installing : openssh-6.6.1p1-22.el7.x86_64 3/12
Installing : python-meld3-0.6.10-1.el7.x86_64 4/12
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 5/12
Installing : python-backports-1.0-8.el7.x86_64 6/12
Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 7/12
Installing : python-setuptools-0.9.8-4.el7.noarch 8/12
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 9/12
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 10/12
Installing : supervisor-3.1.3-3.el7.noarch 11/12
Installing : openssh-server-6.6.1p1-22.el7.x86_64 12/12
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/12
Verifying : python-setuptools-0.9.8-4.el7.noarch 2/12
Verifying : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 3/12
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 4/12
Verifying : openssh-6.6.1p1-22.el7.x86_64 5/12
Verifying : python-backports-1.0-8.el7.x86_64 6/12
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 7/12
Verifying : python-meld3-0.6.10-1.el7.x86_64 8/12
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 9/12
Verifying : supervisor-3.1.3-3.el7.noarch 10/12
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 11/12
Verifying : fipscheck-1.4.1-5.el7.x86_64 12/12
Installed:
openssh-clients.x86_64 0:6.6.1p1-22.el7
openssh-server.x86_64 0:6.6.1p1-22.el7
supervisor.noarch 0:3.1.3-3.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7
fipscheck-lib.x86_64 0:1.4.1-5.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7
openssh.x86_64 0:6.6.1p1-22.el7
python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7
python-meld3.x86_64 0:0.6.10-1.el7
python-setuptools.noarch 0:0.9.8-4.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
Skipping unreadable repository ‘///etc/yum.repos.d/rhel7.repo‘
Cleaning repos: rhel7.2 update
Cleaning up everything
---> 1f29557e45b4
Removing intermediate container f50c57b7f861
Step 7 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd
---> Running in b6eaedc8e112
---> ea220bf69ab3
Removing intermediate container b6eaedc8e112
Step 8 : COPY supervisord.conf /etc/supervisord.conf
---> 68350609a0b1
Removing intermediate container ff06da275cf9
Step 9 : CMD /usr/bin/supervisord
---> Running in aa6a51911b44
---> cb4316476c0c
Removing intermediate container aa6a51911b44
Successfully built cb4316476c0c vm1
[[email protected] super]# docker kill `docker ps -aq`
9e9b9180bdf7
ce6b70198422
52bbe0b717f2
Failed to kill container (239358aff01d): Error response from daemon: Cannot kill container 239358aff01d: Container 239358aff01d676cfaccece93e631e7530fdab787920e37c74490c8d1bd4df6b is not running
[[email protected] super]# docker rm `docker ps -aq`
9e9b9180bdf7
239358aff01d
ce6b70198422
52bbe0b717f2
[[email protected] super]#
[[email protected] super]# docker run -d --name super -p 2222:22 -p 8000:80 -v /tmp/docker/apache:/var/www/html rhel7:v7
e23cc1d8c9faeb569c30fdca824c9609a7cd5cf2f4bbf02452991293de96344d
[[email protected] super]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e23cc1d8c9fa rhel7:v7 "/usr/bin/supervisord" 14 seconds ago Up 11 seconds 0.0.0.0:2222->22/tcp, 0.0.0.0:8000->80/tcp super
[[email protected] super]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:22
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:172.17.0.2:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:172.17.0.2:22
[[email protected] super]# ssh localhost -p 2222 -l root
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
e0:5a:77:37:14:bf:ac:58:1f:8c:e2:a8:ab:1b:6f:58.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.
Host key verification failed.
[[email protected] super]# rm -fr /root/.ssh/known_hosts
[[email protected] super]# ssh localhost -p 2222 -l root
The authenticity of host ‘[localhost]:2222 ([::1]:2222)‘ can‘t be established.
ECDSA key fingerprint is e0:5a:77:37:14:bf:ac:58:1f:8c:e2:a8:ab:1b:6f:58.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[localhost]:2222‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
-bash-4.2# ls
anaconda-ks.cfg
-bash-4.2# logout
Connection to localhost closed.
[[email protected] super]# curl localhost:8000
<h1>hello world</h1>
[[email protected] super]# ls
Dockerfile supervisord.conf update.repo
[[email protected] super]# cat Dockerfile
FROM rhel7:v1
MAINTAINER [email protected]
ENV hostname llll
EXPOSE 22 80
COPY update.repo /etc/yum.repos.d
RUN yum install -y openssh-server openssh-clients httpd supervisor&& yum clean all
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" &&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""&&echo root:westos |chpasswd
COPY supervisord.conf /etc/supervisord.conf
CMD ["/usr/bin/supervisord"]
[[email protected] super]# cat update.repo
[update]
name=update
baseurl=ftp://172.25.254.250/pub/docker
gpgcheck=0
[[email protected] super]# cat supervisord.conf
[supervisord]
nodaemon=true
[program:httpd]
command=/usr/sbin/httpd
[program:sshd]
command=/usr/sbin/sshd -D
[[email protected] super]# docker inspect rhel7:v7 ##查看暴露的端口
"ExposedPorts": {
"22/tcp": {},
"80/tcp": {}