Linking Containers Together
In the Using Docker section we touched on connecting to a service running inside a Docker container via a network port.
This is one of the ways that you can interact with services and applications running inside Docker containers. In this section we‘re going to give you a refresher on connecting to a Docker container via a network port as well as introduce you to the concepts
of container linking.
之前我们介绍了怎样通过一个网络port来訪问一个容器的应用。下一段我们要介绍一个新方法。
Network port mapping refresher
In the Using Docker section we created a container that ran a Python Flask application.
之前我们创建了一个flask应用
$ sudo docker run -d -P training/webapp python app.pyNote: Containers have an internal network and an IP address (remember we used the
dockercommand to show the container‘s IP address in the Using Docker section). Docker can have a variety of
inspect
network configurations. You can see more information on Docker networking here.注意:容器有自己的内部网络和ip地址(使用 docker inspect 能够获取全部的变量)docker还能够有一个可变的网络配置。很多其它信息看上面这个链接)
When we created that container we used the -P flag
to automatically map any network ports inside that container to a random high port from the range 49000 to 49900 on our Docker host. When we subsequently ran docker we saw that port 5000 was bound to port 49155.
ps
当我们使用-P 标记时,docker 会随机映射一个49000 到49900的port到内部容器的port,使用docker ps 能够看到 这次是49155映射到了5000
$ sudo docker ps nostalgic_morse
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc533791f3f5 training/webapp:latest python app.py 5 seconds ago Up 2 seconds 0.0.0.0:49155->5000/tcp nostalgic_morseWe also saw how we can bind a container‘s ports to a specific port using the -p flag.
-p(小写的P)能够指定我们要映射的port。
$ sudo docker run -d -p 5000:5000 training/webapp python app.pyAnd we saw why this isn‘t such a great idea because it constrains us to only one container on that specific port.
这样的方法限制了我们仅仅能够绑定一个容器到一个指定port
There are also a few other ways we can configure the -p flag.
By default the -p flag will bind
the specified port to all interfaces on the host machine. But we can also specify a binding to a specific interface, for example only to the localhost.
-p默认会绑定本地全部接口地址,所以我们一般指定一个地址,比方localhost
$ sudo docker run -d -p 127.0.0.1:5000:5000 training/webapp python app.pyThis would bind port 5000 inside the container to port 5000 on the localhost or 127.0.0.1 interface
on the host machine.
Or to bind port 5000 of the container to a dynamic port but only on the localhost we
could:
$ sudo docker run -d -p 127.0.0.1::5000 training/webapp python app.pyWe can also bind UDP ports by adding a trailing /udp,
for example:
还能够使用upd标记来指定udp
$ sudo docker run -d -p 127.0.0.1:5000:5000/udp training/webapp python app.pyWe also saw the useful docker port shortcut
which showed us the current port bindings, this is also useful for showing us specific port configurations. For example if we‘ve bound the container port to thelocalhost on
the host machine this will be shown in the docker output.
port
使用dicker port 来查看当前绑定的端口配置,也能够查看到绑定的地址
$ docker port nostalgic_morse 5000
127.0.0.1:49155Note: The
-pflag
can be used multiple times to configure multiple ports.注意:-p标记能够多次使用来绑定多个port
Docker Container Linking
dcoker 容器链接
Network port mappings are not the only way Docker containers can connect to one another. Docker also has a linking system that allows you to link multiple containers together and share connection information between them. Docker linking will create a parent
child relationship where the parent container can see selected information about its child.
网络port映射不是docker容器互联的唯一方法。docker有一个linking 系统能够链接多个容器,并在期间共享信息。它会创建一个父子关系,父容器能够看到所选择的子容器的信息。
Container naming
容器命名
To perform this linking Docker relies on the names of your containers. We‘ve already seen that each container we create has an automatically created name, indeed we‘ve become familiar with our old friendnostalgic_morse during
this guide. You can also name containers yourself. This naming provides two useful functions:
linking系统根据容器的名称来运行。当我们创建容器的时候,它会有一个系统为我们取好的名字。
当然我们也能够自己来命名容器。这样做有2个优点:
1、It‘s useful to name containers that do specific functions in a way that makes it easier for you to remember them, for example naming a container with a web application in it web.
当我们自己指定名称的时候,比較好记。比方一个web应用我们能够给它起名叫web
2、It provides Docker with a reference point that allows it to refer to other containers, for example link container web to
container db.
当我们要连接其它容器时候。能够作为一个实用的參考点,比方连接web容器到db容器
You can name your container by using the --name flag,
for example:
使用--name标记能够为容器命名
$ sudo docker run -d -P --name web training/webapp python app.pyYou can see we‘ve launched a new container and used the --name flag
to call the container web. We can
see the container‘s name using the docker command.
ps
使用docker -ps 来验证我们设定的命名
$ sudo docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aed84ee21bde training/webapp:latest python app.py 12 hours ago Up 2 seconds 0.0.0.0:49154->5000/tcp webWe can also use docker inspect to
return the container‘s name.
使用docker inspect来返回容器的名字
$ sudo docker inspect -f "{{ .Name }}" aed84ee21bde
/webNote: Container names have to be unique. That means you can only call one container
web.
If you want to re-use a container name you must delete the old container with thedockercommand before you can create a new container with the same name. As an alternative you can use the
rm--rmflag
with thedocker runcommand. This
will delete the container immediately after it stops.注意:容器的名称是唯一的。假设你命名了一个叫web的容器,当你要再次使用web这个名称的时候,你须要用docker rm来删除之前创建的容器,也能够再运行docker run的时候 加--rm标记来停止旧的容器。并删除。
Container Linking
Links allow containers to discover and securely communicate with each other. To create a link you use the--link flag.
Let‘s create a new container, this one a database.
links能够让容器之间安全的交互。使用--link标记。以下先创建一个新的数据库容器。
$ sudo docker run -d --name db training/postgresHere we‘ve created a new container called db using
the training/postgres image, which
contains a PostgreSQL database.
We need to delete the web container
we created previously so we can replace it with a linked one:
删除之前创建的web容器
$ docker rm -f webNow let‘s create a new web container
and link it with our db container.
创建一个新的web容器,并将它link到db容器
$ sudo docker run -d -P --name web --link db:db training/webapp python app.pyThis will link the new web container
with the db container we created
earlier. The --link flag takes the
form:
--link标记的格式
--link name:aliasWhere name is the name of the container
we‘re linking to and alias is an
alias for the link name. We‘ll see how that alias gets used shortly.
name是我们要链接的容器的名称。alias是这个链接的别名。
Let‘s look at our linked containers using docker.
ps
使用docker ps来查看容器的链接
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
349169744e49 training/postgres:latest su postgres -c ‘/usr About a minute ago Up About a minute 5432/tcp db, web/db
aed84ee21bde training/webapp:latest python app.py 16 hours ago Up 2 minutes 0.0.0.0:49154->5000/tcp webWe can see our named containers, db and web,
and we can see that the db containers
also showsweb/db in the NAMES column.
This tells us that the web container
is linked to the db container in
a parent/child relationship.
我们能够看到我们命名的容器。db和web,db容器的names列有db也有web/db。
这表示web容器链接到db容器,他们是一个父子关系。
So what does linking the containers do? Well we‘ve discovered the link creates a parent-child relationship between the two containers. The parent container, here web,
can access information on the child container db.
To do this Docker creates a secure tunnel between the containers without the need to expose any ports externally on the container. You‘ll note when we started the db container
we did not use either of the -P or -p flags.
As we‘re linking the containers we don‘t need to expose the PostgreSQL database via the network.
在这个link中。2个容器中有一对父子关系。
docker在2个容器之间创建了一个安全的连接,而不用公开映射他们的port到外部。
在启动db容器的时候也不用-p和-P标记。使用链接之后我们就能够不用暴露数据库port到网络上。
Docker exposes connectivity information for the parent container inside the child container in two ways:
docker 为父子关系的容器公开连接信息有2种方法:
- Environment variables,环境变量
- Updating the
/etc/hostsfile.更新/etc/hosts文件
Let‘s look first at the environment variables Docker sets. Let‘s run the env command
to list the container‘s environment variables.
我们先来看看容器中变量,使用env命令来查看容器的环境变量
$ sudo docker run --rm --name web2 --link db:db training/webapp env
. . .
DB_NAME=/web2/db
DB_PORT=tcp://172.17.0.5:5432
DB_PORT_5000_TCP=tcp://172.17.0.5:5432
DB_PORT_5000_TCP_PROTO=tcp
DB_PORT_5000_TCP_PORT=5432
DB_PORT_5000_TCP_ADDR=172.17.0.5
. . .Note: These Environment variables are only set for the first process in the container. Similarly, some daemons (such as
sshd)
will scrub them when spawning shells for connection.
We can see that Docker has created a series of environment variables with useful information about ourdb container.
Each variable is prefixed with DB_ which
is populated from the alias we specified
above. If our alias were db1 the
variables would be prefixed with DB1_.
You can use these environment variables to configure your applications to connect to the database on the db container.
The connection will be secure, private and only the linked web container
will be able to talk to the dbcontainer.
In addition to the environment variables Docker adds a host entry for the linked parent to the /etc/hostsfile.
Let‘s look at this file on the web container
now.
除了环境变量,docker还加入host信息到父容器的/etc/hosts的文件。以下是父容器web的hosts文件
$ sudo docker run -t -i --rm --link db:db training/webapp /bin/bash
[email protected]:/opt/webapp# cat /etc/hosts
172.17.0.7 aed84ee21bde
. . .
172.17.0.5 dbWe can see two relevant host entries. The first is an entry for the web container
that uses the Container ID as a host name. The second entry uses the link alias to reference the IP address of the db container.
Let‘s try to ping that host now via this host name.
这里有2个hosts。第一个是web容器。web容器用id作为他的主机名,第二个是db容器的ip和主机名
[email protected]:/opt/webapp# apt-get install -yqq inetutils-ping
[email protected]:/opt/webapp# ping db
PING db (172.17.0.5): 48 data bytes
56 bytes from 172.17.0.5: icmp_seq=0 ttl=64 time=0.267 ms
56 bytes from 172.17.0.5: icmp_seq=1 ttl=64 time=0.250 ms
56 bytes from 172.17.0.5: icmp_seq=2 ttl=64 time=0.256 msNote: We had to install
pingbecause
our container didn‘t have it.注意:默认没有安装ping
We‘ve used the ping command to ping
the db container using it‘s host
entry which resolves to172.17.0.5.
We can make use of this host entry to configure an application to make use of our dbcontainer
用ping来ping db容器。它会解析成172.17.0.5 。
.
Note: You can link multiple child containers to a single parent. For example, we could have multiple web containers attached to our
dbcontainer.注意:你能够链接多个子容器到父容器,比方我们能够链接多个web到db容器上。
Next step
Now we know how to link Docker containers together the next step is learning how to manage data, volumes and mounts inside our containers.
Go to Managing Data in Containers.