前言
在实际的docker 操作中,我们会遇到各种各样的问题:
1.连接不上网络该咋办? 2.如何去创建和使用卷呢? 3.什么是volume 和 mount?
那么我们该如何解决呢? 别着急,接下来由我一 一解答哈!
提示:以下是本篇文章正文内容,下面案例可供参考
一、容器上不了网的问题的解决方法:
开启路由功能
echo 1 >/proc/sys/net/ipv4/ip_forward
[root@sc-docker ~]# echo 1 >/proc/sys/net/ipv4/ip_forward
[root@sc-docker ~]#service docker restart 重启docker ,会到iptables里去添加相关规则
临时
[root@sc-docker ~]# echo 1 >/proc/sys/net/ipv4/ip_forward
[root@sc-docker ~]#
永久:
[root@sc-docker ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@sc-docker ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@sc-docker ~]#
1.启动容器限制容器可以使用的cpu和内存资源**
cpu-shares 30 限制使用cpu cpu的计算资源: 1 --》1000份 --》1m 1s -->1000ms
不管你有多少个核心,都是看做一个整体来计算
8核 --》1 --》30m
-m 100000000 限制内存 byte
--memory bytes
[root@sc-docker ~]# docker run -it --cpu-shares 30 -m 100000000 -d --name luojiajun11 centos:7
[root@sc-docker ~]# docker run -it --cpu-shares 30 -m 100000000 -d --name luojiajun11 centos:7
a28681b066cd4c6e598006761119f3aa47296ad6d8fa502dfbed5247e7899bde
[root@sc-docker ~]# docker container inspect luojiajun11
oom --》out of memory 内存溢出
====
2.问题:如何限制一个进程可以使用多少cpu和多少内存?
创建一个容器,让这个进程在容器里run,这样可以限制容器所使用的cpu和内存,从而可以达到限制这个进程的cpu和内存的使用。
3.docker 容器起的mysql,可以使用root用户直接去连接
[root@firewall 8-13]# cat snat_dnat.sh
#!/bin/bash
#open route function
echo 1 >/proc/sys/net/ipv4/ip_forward
#clear iptables rules
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
#start snat
#iptables -t nat -A POSTROUTING -s 192.168.170.0/24 -o ens33 -j SNAT --to-source 192.168.0.204
iptables -t nat -A POSTROUTING -s 192.168.170.0/24 -o ens33 -j MASQUERADE
#dnat
#dnat web
iptables -t nat -A PREROUTING -i ens33 -d 192.168.0.204 -p tcp --dport 80 -j DNAT --to-destination 192.168.170.1:80
#dnat mysql 192.168.170.2
iptables -t nat -A PREROUTING -i ens33 -d 192.168.0.204 -p tcp --dport 3306 -j DNAT --to-destination 192.168.170.2:3306
#dnat mysql 192.168.170.1 docker
iptables -t nat -A PREROUTING -i ens33 -d 192.168.0.204 -p tcp --dport 3309 -j DNAT --to-destination 192.168.170.1:3306
[root@firewall 8-13]#
====
二、volume + mount 问题
1.容器的数据保存-数据持久化 (data persistence )
数据持久化 --》保存到磁盘里 容器 --》进程 单进程思想–》容器
[root@sc-docker ~]# ps aux|grep containerd-shi
root 27539 0.0 0.4 712176 17216 ? Sl 12:15 0:01 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 69eb9fc6eef84d79b1e006598d3808bdafd9ed7a3994bd707a0a54b7b918ff0d -address /run/containerd/containerd.sock
root 27820 0.0 0.4 713328 18512 ? Sl 13:01 0:01 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 3ea804c5dd0cf36d641eeaf9dfdad7ce7b273c2d5187159207a3fdcb66f554cc -address /run/containerd/containerd.sock
root 28225 0.0 0.4 713584 18652 ? Sl 14:41 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 822a3a150d08e0b42c08fe3879f797b4598b364f4a77f3f38f289aa793016772 -address /run/containerd/containerd.sock
root 28341 0.0 0.4 713328 17708 ? Sl 14:50 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 3af5f37ee5925249aa6d0fd51c7b6cb7689a8aaf4b054e64f472303e5206f9b0 -address /run/containerd/containerd.sock
root 28446 0.0 0.5 713328 19960 ? Sl 14:52 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id a9db103780634654c8958d9c3103e76a45935d03708822e174383d4c905d2fc8 -address /run/containerd/containerd.sock
root 28530 0.0 0.4 713328 18104 ? Sl 14:53 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id c604138fd8f9a69970e4ebaa10b2d5c9391d8f4e715671aaa6d9e6173a8dd29e -address /run/containerd/containerd.sock
root 28774 0.0 0.4 713328 16648 ? Sl 15:14 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id a28681b066cd4c6e598006761119f3aa47296ad6d8fa502dfbed5247e7899bde -address /run/containerd/containerd.sock
root 28969 0.0 0.0 12348 1148 pts/0 S+ 15:55 0:00 grep --color=auto containerd-shi
[root@sc-docker ~]# ps aux|grep containerd-shi|wc -l
8
[root@sc-docker ~]#
=====
2.volume + mount
volumes 数据卷 --》存放数据的地方 Mount 挂载
创建卷,查看卷,使用卷
[root@sc-docker sc-web]# docker run -d --name xuzz-2 -p 7789:80 -v /sc-web/:/usr/share/nginx/html/ nginx
b63a108a9eb82aa324106aa20094ae7e5c2a347baee3e390de594aa4c8485ca0
[root@sc-docker sc-web]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b63a108a9eb8 nginx "/docker-entrypoint.…" 2 seconds ago Up 1 second 0.0.0.0:7789->80/tcp, :::7789->80/tcp xuzz-2
e9602a507295 nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 0.0.0.0:7788->80/tcp, :::7788->80/tcp xuzz-1
a4078e1a7ea1 mysql:5.7.35 "docker-entrypoint.s…" 23 hours ago Up 17 minutes 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp sc-mysql-1
[root@sc-docker sc-web]#
创建卷
[root@sc-docker sc-web]# docker volume create sc
sc
[root@sc-docker sc-web]#
查看卷
[root@sc-docker _data]# docker volume ls
DRIVER VOLUME NAME
local a112a3c96f69a0df6e0be0dd156d8752c79d42a48917ea13c5a7f239c39056f0
local sc
[root@sc-docker _data]#
[root@sc-docker _data]# docker volume inspect sc 查看卷的路径
[
{
"CreatedAt": "2021-08-12T16:30:30+08:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/sc/_data",
"Name": "sc",
"Options": {},
"Scope": "local"
}
]
[root@sc-docker _data]# cp /sc-web/* .
[root@sc-docker _data]# ls
feng.jpg index.html sc.html xiong.jpg
[root@sc-docker _data]#
[root@sc-docker _data]#
使用卷: 容器去使用卷
docker run -d \
--name fan-nginx-1 \
--mount source=sc,target=/usr/share/nginx/html \
-p 7790:80 \
nginx:latest
使用docker 来运行
[root@sc-docker _data]# docker run -d --name fan-nginx-1 --mount source=sc,target=/usr/share/nginx/html -p 7790:80 nginx:latest
ed4d7192e658d9f327ebee8bcdaaedb36f78dffe0c5666d32b7b3c831343fbaa
[root@sc-docker _data]#
docker run -d --name wangll-nginx-1 --mount source=sc,target=/usr/share/nginx/html -p 7791:80 nginx:latest
docker run -d \
--name xuzz-3 \
-v sc:/usr/share/nginx/html \
nginx:latest
docker run -d --name xuzz-2 -p 7789:80 -v /sc-web/:/usr/share/nginx/html/ nginx
3.练习:
1.创建一个卷: sanchuang,在sanchuang卷里创建一个index.html首页文件,内容welcome to sanchuang 2.创建2个容器名字自己定义:rose-1 rose-2,启动nginx,使用sanchuang这个卷 3.测试访问
具体操作:
(1)创建卷,并且往卷里新建文件index.html
[root@sc-docker _data]# docker volume ls
DRIVER VOLUME NAME
local a112a3c96f69a0df6e0be0dd156d8752c79d42a48917ea13c5a7f239c39056f0
local sc
[root@sc-docker _data]# docker volume create sanchuang
sanchuang
[root@sc-docker _data]# docker volume ls
DRIVER VOLUME NAME
local a112a3c96f69a0df6e0be0dd156d8752c79d42a48917ea13c5a7f239c39056f0
local sanchuang
local sc
[root@sc-docker _data]# docker volume inspect sanchaung
[]
Error: No such volume: sanchaung
[root@sc-docker _data]# docker volume inspect sanchuang
[
{
"CreatedAt": "2021-08-12T17:16:26+08:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/sanchuang/_data",
"Name": "sanchuang",
"Options": {},
"Scope": "local"
}
]
[root@sc-docker _data]#
[root@sc-docker _data]# cd /var/lib/docker/volumes/sanchuang/_data/
[root@sc-docker _data]# ls
[root@sc-docker _data]# vim index.html
[root@sc-docker _data]# cat index.html
welcome to sanchuang
[root@sc-docker _data]#
(2)启动容器使用卷
[root@sc-docker _data]# docker run -d --name rose-nginx-1 -p 6688:80 --mount source=sanchuang,target=/usr/share/nginx/html nginx
2d269942c411213d41b63bb1596113b7eb854313beb05e14101a1dfbc4448896
[root@sc-docker _data]# docker run -d --name rose-nginx-2 -p 6689:80 --mount source=sanchuang,target=/usr/share/nginx/html nginx
75db457a31e0c36caeddcedce84bb1171d06c9afed2d01d4e176a5f0a1ea1731
[root@sc-docker _data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
75db457a31e0 nginx "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 0.0.0.0:6689->80/tcp, :::6689->80/tcp rose-nginx-2
2d269942c411 nginx "/docker-entrypoint.…" 20 seconds ago Up 19 seconds 0.0.0.0:6688->80/tcp, :::6688->80/tcp rose-nginx-1
efec9667c9d1 nginx:latest "/docker-entrypoint.…" 42 minutes ago Up 42 minutes 0.0.0.0:7791->80/tcp, :::7791->80/tcp wangll-nginx-1
ed4d7192e658 nginx:latest "/docker-entrypoint.…" 46 minutes ago Up 46 minutes 0.0.0.0:7790->80/tcp, :::7790->80/tcp fan-nginx-1
b63a108a9eb8 nginx "/docker-entrypoint.…" 56 minutes ago Up 56 minutes 0.0.0.0:7789->80/tcp, :::7789->80/tcp xuzz-2
e9602a507295 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:7788->80/tcp, :::7788->80/tcp xuzz-1
a4078e1a7ea1 mysql:5.7.35 "docker-entrypoint.s…" 24 hours ago Up About an hour 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp sc-mysql-1
[root@sc-docker _data]#
总结
1.这里出现的问题都是面试中的经典考题,可以好好整理一下答案.
2.对于volume 和 mount 的实验,创建和挂载卷的操作是经常使用的,可以做做练习熟练一下.
3.如果你看到这里了,麻烦👍 + 关注哈,感谢支持,码字不易,谢谢理解.*
|