docker

第一问：什么是容器

容器就是在一个隔离的环境中运行的一个进程。注意关键词，隔离和进程。如果进程停止，那么容器就销毁。因为具有隔离的特点，所以每个容器都拥有自己的文件系统：包括IP地址、主机名等。什么是进程呢？简单理解就是一个程序。一条命令就是一个程序，比如ls,df -h

既然是隔离的环境，那docker容器和虚拟化有啥区别呢？？

第二问：容器和虚拟化的区别

Linux容器技术，容器虚拟化和KVM虚拟化的区别

KVM虚拟化：需要硬件的支持，需要模拟硬件（qemu），可以运行不同的操作系统，启动时间分钟级，需要一个正常的开机流程（1、BIOS开机硬件自检；2、根据BIOS设置的开机启动顺序；3、读取MBR引导（分区、内核）。。。。）

容器：容器属于Linux内核的一个技术，不需要硬件支持，公用宿主机内核，所以容器内的系统只能是Linux，启动时间秒级（公用宿主机的内核，不用前面BIOS自检的过程）

容器和虚拟化的优缺点总结：

容器：性能好，轻量化，启动快，只能运行在Linux上；

虚拟机：性能损耗多，启动慢，能够运行多个操作系统平台；

3、容器的发展

其实容器的早期雏形是chroot技术，新建一个子系统，改变根目录来运行多个系统，并实现一定程度隔离；

Linux container（LXC）

然后发展出了Linux container（LXC），Lxc是最接近虚拟机的容器技术，基于ubantu，对centos的支持不是特别友好：

1、拥有独立的namespace命名空间，可提供隔离环境；

2、cgroup，用来用限制一个进程能使用的系统资源或计算资源；

LXC容器创建过程：

1、修改base yum源，wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

2、添加epel源，wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

3、安装LXC需要的软件，yum install lxc-* -y && yum install libcgroup* -y && yum install bridge-utils.x86_64 -y 因为是centos系统，所以后面两个包是需要安装的；

4、创建桥接网卡，这是因为在lxc的初始配置文件中要求的网卡信息有规定：

[root@LXC-10 yum.repos.d]# cat /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
[root@LXC-10 yum.repos.d]#

其实在ubantu系统里面，安装完LXC后，自己就会建立相应的桥接网卡，只不过在centos系统中，需要自己去创建

echo 'TYPE=Ethernet
BOOTPROTO=none
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=virbr0' > /etc/sysconfig/network-scripts/ifcfg-ens32

echo 'TYPE=Bridge
BOOTPROTO=none
NAME=virbr0
DEVICE=virbr0
ONBOOT=yes
IPADDR=10.0.0.16
NETMASK=255.255.255.0
GATEWAY=10.0.0.2
DNS=114.114.114.114' >/etc/sysconfig/network-scripts/ifcfg-virbr0

5、启动cgroup、lxc服务，systemctl start cgconfig.service && systemctl start lxc.service && systemctl enable cgconfig.service && systemctl enable lxc.service

6、创建LXC容器，可参见https://mirror.tuna.tsinghua.edu.cn/help/lxc-images/，lxc-create -t download -n my-container -- --server mirrors.tuna.tsinghua.edu.cn/lxc-images -d centos -r 6 -a amd64这几个参数用来指定发行版、版本号和架构三个参数

Downloading the image index   会在/tmp下生成临时目录

[root@LXC-10 ~]# cd /tmp/
[root@LXC-10 tmp]# ll
total 0
drwx------. 2 root root 24 Sep 6 05:06 ssh-3rTdYpl9wI
drwx------. 3 root root 17 Sep 6 06:29 systemd-private-f3a031d2b1c24651a394c24d0e6fae8c-vmtoolsd.service-nKQxYw
drwx------. 3 root root 47 Sep 6 06:59 tmp.MDcEY1DJq4
[root@LXC-10 tmp]# cd tmp.MDcEY1DJq4/
[root@LXC-10 tmp.MDcEY1DJq4]# ll
total 32
drwx------. 2 root root 83 Sep 6 06:59 gpg
-rw-r--r--. 1 root root 28139 Aug 26 18:16 index
-rw-r--r--. 1 root root 833 Aug 26 18:16 index.asc

Downloading the rootfs 下载文件系统，并保存在临时目录下

[root@LXC-10 tmp.MDcEY1DJq4]# ll
total 44
drwx------. 2 root root 83 Sep 6 07:06 gpg
-rw-r--r--. 1 root root 28139 Aug 26 18:16 index
-rw-r--r--. 1 root root 833 Aug 26 18:16 index.asc
-rw-r--r--. 1 root root 924 Aug 25 15:30 meta.tar.xz
-rw-r--r--. 1 root root 833 Aug 25 15:30 meta.tar.xz.asc
-rw-r--r--. 1 root root 833 Aug 25 15:30 rootfs.tar.xz.asc

Downloading the metadata
The image cache is now ready
Unpacking the rootfs             #解压，缓存在缓存目录中 /var/cashe，解压后存放在/var/lib/lxc

---
You just created a Centos 6 x86_64 (20200825_07:08) container.

下载完成后就会删除/tmp下的目录

[root@LXC-10 default]# pwd
/var/cache/lxc/download/centos/6/amd64/default
[root@LXC-10 default]# ls
build_id config.2 config-user config-user.3 excludes-user templates _______config config.3 config-user.1 config-user.4 expiry ___________config.1 config.4 config-user.2 create-message rootfs.tar.xz

[root@LXC-10 rootfs]# pwd
/var/lib/lxc/my-container/rootfs
[root@LXC-10 rootfs]# ls
bin dev home lib64 mnt proc run selinux sys usr
boot etc lib media opt root sbin srv tmp var
[root@LXC-10 rootfs]#

[root@LXC-10 tmp]# ll
total 0
drwx------. 2 root root 24 Sep 6 05:06 ssh-3rTdYpl9wI
drwx------. 3 root root 17 Sep 6 06:29 systemd-private-f3a031d2b1c24651a394c24d0e6fae8c-vmtoolsd.service-nKQxYw
[root@LXC-10 tmp]#

这样一个容器就创建完成了！

常用命令可通过table补全

[root@LXC-10 yum.repos.d]# lxc-
lxc-attach lxc-config lxc-execute lxc-snapshot lxc-unfreeze
lxc-autostart lxc-console lxc-freeze lxc-start lxc-unshare
lxc-cgroup lxc-create lxc-info lxc-start-ephemeral lxc-usernsexec
lxc-checkconfig lxc-destroy lxc-ls lxc-stop lxc-wait
lxc-clone lxc-device lxc-monitor lxc-top
[root@LXC-10 yum.repos.d]# lxc-ls
centos7 my-container
[root@LXC-10 yum.repos.d]# lxc-ls --help
usage: lxc-ls [-h] [-1] [-P PATH] [--active] [--frozen] [--running]
[--stopped] [-f] [-F FANCY_FORMAT] [--nesting] [--version]
[FILTER]

LXC: List containers

由于lxc容器连用户名和密码都没配置，需要手动进行配置

[root@LXC-10 ~]# cd /var/lib/lxc/centos7/
[root@LXC-10 centos7]# ll
total 4
-rw-r--r--. 1 root root 560 Sep 5 23:26 config
drwxr-xr-x. 18 root root 259 Sep 5 23:37 rootfs
lrwxrwxrwx. 1 root root 34 Sep 5 23:37 rootfs.dev -> /dev/.lxc/centos7.f29e3af285394b5f [root@LXC-10 centos7]# cd rootfs
[root@LXC-10 rootfs]# chroot . passwd
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
Sorry, passwords do not match.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

[root@LXC-10 ~]# lxc-start -n centos7
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!

Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.
[ OK ] Reached target Remote File Systems.
[ OK ] Created slice Root Slice.
[ OK ] Created slice System Slice.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Reached target Swap.
[ OK ] Reached target Local Encrypted Volumes.
[ OK ] Created slice User and Session Slice.
[ OK ] Reached target Slices.
[ OK ] Created slice system-getty.slice.
[ OK ] Listening on Journal Socket.
[ OK ] Reached target Local File Systems (Pre).
Starting Configure read-only root support…
Starting Read and set NIS domainname from /etc/sysconfig/network…
Starting Journal Service…
Mounting Huge Pages File System…
Mounting POSIX Message Queue File System…
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Started Read and set NIS domainname from /etc/sysconfig/network.
[ OK ] Mounted Huge Pages File System.
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage…
[ OK ] Started Configure read-only root support.
Starting Load/Save Random Seed…
[ OK ] Reached target Local File Systems.
[ OK ] Started Load/Save Random Seed.
<46>systemd-journald[16]: Received request to flush runtime journal from PID 1
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories…
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown…
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Reached target Basic System.
[ OK ] Started D-Bus System Message Bus.
Starting Turn off network device…
Starting LSB: Bring up/down networking…
Starting Permit User Sessions…
Starting Login Service…
Starting Cleanup of Temporary Directories…
[ OK ] Started Turn off network device.
[ OK ] Started Permit User Sessions.
[ OK ] Started Cleanup of Temporary Directories.
[ OK ] Started Console Getty.
[ OK ] Reached target Login Prompts.
[ OK ] Started Command Scheduler.
[ OK ] Started Login Service.

CentOS Linux 7 (Core)
Kernel 3.10.0-514.el7.x86_64 on an x86_64

centos7 login: