aws docker
Container virtualization — most visibly represented by Docker — is a server paradigm that will likely drive enterprise computing for years to come.
容器虚拟化(以Docker最明显地代表)是一种服务器范例,可能会在未来几年推动企业计算。
The Cloud is the most obvious and logical platform for containerdeployment.
云是用于容器部署的最显而易见的逻辑平台。
Amazon Web Services largely dominates the cloud computing world. Add it up. If you’re interested in getting a piece of all this action, you’ll definitely want to figure out how it all works.
亚马逊网络服务在云计算领域占据了主导地位。 加起来 如果您有兴趣采取所有这些措施,那么您肯定会想出所有方法的工作原理。
First, though, let’s quickly define some key terms.
首先,让我们快速定义一些关键术语。
Virtualization is the division of physical computer and networking resources into smaller, more flexible units, presenting these smaller units to users as though each was a discrete resource.
虚拟化是将物理计算机和网络资源划分为更小,更灵活的单元,将这些较小的单元呈现给用户,就好像每个都是离散资源一样。
The idea is that, instead of assigning specific computing tasks to individual physical servers — which may sometimes end up being over- or underused — a single physical server can be logically divided into as few or as many virtual servers as needed.
这个想法是,不是将特定的计算任务分配给单个物理服务器(有时可能最终被过度使用或使用不足),而是可以将单个物理服务器从逻辑上划分为所需的虚拟服务器个数。
That means, as the figure below illustrates, there can be dozens of individually installed operating systems (OS) running side by side on the same hard drive. Each OS is effectively unaware that it isn’t all alone in its local environment.
如下图所示,这意味着在同一个硬盘驱动器上可以同时运行数十个单独安装的操作系统(OS)。 每个操作系统实际上都没有意识到自己在本地环境中并不孤单。
Practically, each operating system instance can be accessed remotely by both administrators and customers in exactly the same way as any other server.
实际上,管理员和客户都可以使用与任何其他服务器完全相同的方式远程访问每个操作系统实例。
In this kind of environment, as soon as your virtual server completes its task or becomes unnecessary, you can instantly delete it. This will free up the resources it was using for the next task in the queue.
在这种环境中,一旦您的虚拟服务器完成其任务或变得不必要时,您可以立即将其删除。 这将释放它用于队列中下一个任务的资源。
There’s no need to over-provision virtual servers to anticipate possible future needs, because future needs can be easily met whenever they arrive.
无需过度配置虚拟服务器即可预测未来可能的需求,因为只要它们出现就可以轻松满足未来的需求。
In fact, today’s virtual server might only live a few minutes or even seconds before, having completed its task, being shut down for good to make room for whatever’s next. All this allows for far more efficient use of expensive hardware. It provides the ability to provision and launch new servers at will, either to test new configurations or add fresh power to your production services.
实际上,今天的虚拟服务器可能仅在几分钟或什至几秒钟之前就已存在,它已经完成了其任务,被永久关闭以腾出空间来容纳下一个下一步。 所有这些都可以使昂贵的硬件得到更有效的利用。 它提供了随意配置和启动新服务器的能力,以测试新配置或为生产服务增加新的功能。
Cloud computing providers like AWS use virtualized computers of one kind or another. The hundreds of thousands of Amazon EC2 instances, for example, all run on top of the open source Xen or KVM hypervisors — which are themselves installed and running on many thousands of physical servers maintained in Amazon’s vast server farms.
像AWS这样的云计算提供商会使用一种或另一种虚拟化计算机。 例如,成千上万个Amazon EC2实例都在开源Xen或KVM 虚拟机管理程序之上运行,而这些Xen或KVM 虚拟机管理程序本身已安装并在Amazon庞大的服务器场中维护的数千个物理服务器上运行。
Whatever hypervisor technology is being used, the goal is to provide a largely automated hosting environment for multiple complete, self-contained virtual computers.
无论使用哪种系统管理程序技术,目标都是为多个完整的独立虚拟机提供高度自动化的托管环境。
Containers like Docker, on the other hand, aren’t standalone virtual machines but are modified file systems sharing the operating system kernel of their physical host. That’s what we’ll discuss next.
另一方面,像Docker这样的容器并不是独立的虚拟机,而是经过修改的文件系统,它们共享其物理主机的操作系统内核。 这就是我们接下来要讨论的内容。
What are containers? Well, for one thing, they’re not hypervisors. Instead, they’re extremely lightweight virtual servers that, as you can see from the figure, rather than running as full operating systems, share the underlying kernel of their host OS.
什么是容器? 好吧,一方面,他们不是管理程序。 相反,它们是极其轻巧的虚拟服务器,从图中可以看出,它们不是作为完整的操作系统运行,而是共享其主机OS的底层内核。
Containers can be built from plain-text scripts, created and launched in seconds, and easily and reliably shared across networks. Container technologies include the Linux Container project, which was Docker’s original inspiration.
可以使用纯文本脚本构建容器,可以在几秒钟内创建和启动容器,并且可以在网络之间轻松可靠地共享它们。 容器技术包括Linux容器项目,这是Docker的最初灵感。
The script-friendly container design makes it easy to automate and remotely manage complex clusters of containers, often deployed as microservices.
脚本友好的容器设计使其易于自动化和远程管理通常作为微服务部署的复杂容器集群。
Microservices is a compute services architecture where multiple containers are deployed, each with a distinct yet complementary role. You might, therefore, launch one container as a database back-end, another as a file server, and a third as a web server.
微服务是一种计算服务体系结构,其中部署了多个容器,每个容器都具有独特但互补的作用。 因此,您可以将一个容器启动为数据库后端,将另一个容器启动为文件服务器,将第三个容器启动为Web服务器。
As I explore in one or two of my Pluralsight courses, a Docker container is an image whose behavior is defined by a script. The container is launched as a software process that’s cunningly disguised as a server.
正如我在一两个Pluralsight课程中所探索的那样,Docker容器是一个映像,其行为由脚本定义。 容器是作为软件过程启动的,它被巧妙地伪装成服务器。
But what’s an image? It’s a software file containing a snapshot of a full operating system file system. Everything necessary to launch a viable virtual server is included.
但是什么是图像? 这是一个包含完整操作系统文件系统快照的软件文件。 包括启动可行的虚拟服务器所需的一切。
An image might consist of just a base operating system like Ubuntu Linux, or the tiny and super-fast Alpine Linux. But an image could also include additional layers with software applications like web servers and databases. No matter how many layers an image has and how complicated the relationships between them might be, the image itself never changes.
映像可能仅包含基本操作系统(如Ubuntu Linux)或超快速的微型Alpine Linux。 但是,映像也可以包含带有Web服务器和数据库之类的软件应用程序的附加层。 无论图像有多少层,它们之间的关系有多复杂,图像本身都不会改变。
When, as shown in the next figure, an image is launched as a container, an extra writable layer is automatically added into which the record of any ongoing system activity is saved.
如下图所示,当将映像作为容器启动时,将自动添加一个额外的可写层,其中将保存任何正在进行的系统活动的记录。
What do folks commonly do with their Docker containers? Often, they’ll load up some kind of app development project to test how it will work, and then share it with team members for feedback and updates. When the app is complete, it can be launched as a cluster of containers (or “swarm” as Docker calls it) that can be programmatically and instantly scaled up or down according to user demand.
人们通常使用他们的Docker容器做什么? 通常,他们会加载某种应用程序开发项目以测试其工作方式,然后与团队成员共享以获取反馈和更新。 应用程序完成后,可以将其作为一组容器(或Docker称为“ swarm”)启动,并可以根据用户需求以编程方式立即放大或缩小。
While Docker is a Linux-based technology and requires a Linux kernel to run, running remote or even local Docker containers on Mac or Windows machines is possible through either the Docker for Mac or Docker for Windows apps or for older machines, through the Docker Machine tool.
尽管Docker是一项基于Linux的技术,并且需要运行Linux内核,但可以通过Mac的Docker或Windows应用的Docker或旧机器通过Docker Machine在Mac或Windows计算机上运行远程甚至本地Docker容器。工具。
Cloud computing is the provision of on-demand, self-service compute, memory, and storage resources remotely over a network.
云计算是通过网络远程提供按需,自助服务计算,内存和存储资源。
Since cloud-based services are billed in very small increments, you can quickly configure and launch a wide range of projects. And since the resources are all virtual, launching them as part of an experiment or to solve some short-term problem will often make lots of sense. When the work’s all done, the resource is shut down.
由于基于云的服务以很小的增量计费,因此您可以快速配置和启动广泛的项目。 而且由于资源都是虚拟的,因此将它们作为实验的一部分或解决一些短期问题而启动通常很有意义。 工作全部完成后,资源将关闭。
Cloud platforms let you do things that would be impossible — or impossibly expensive — anywhere else.
使用云平台,您可以在其他任何地方做不可能或昂贵的事情。
Unsure how long your project will run or how much demand it will attract? Perhaps purchasing, building, and housing all the expensive hardware you’d need to properly support your project in-house can’t be justified.
不确定您的项目将运行多长时间或将吸引多少需求? 也许没有理由为内部购买,建造和容纳所有需要适当支持项目所需的昂贵硬件。
Investing heavily in server, cooling, and routing equipment might just not make sense.
大量投资服务器,散热和路由设备可能没有任何意义。
But if you could rent just enough of someone else’s equipment to match fast-changing demand levels and pay only for what you actually use, then it might work.
但是,如果您可以租用别人足够的设备来适应快速变化的需求水平,并且只为您实际使用的设备付费,那么它可能会起作用。
There’s no shortage of ways to manage Docker containers on AWS. In fact, between frameworks, orchestration interfaces, image repositories,and hybrid solutions, the variety can get confusing.
在AWS上管理Docker容器的方法不乏。 实际上,在框架,业务流程界面,图像存储库和混合解决方案之间,种类可能会引起混淆。
This article won’t dive deeply into every option, but you should at least be aware of all your choices:
本文不会深入探讨所有选项,但您至少应该了解所有选择:
Amazon’s EC2 Container Service (ECS) leverages specially configured EC2 instances as hosts for integrated Docker containers. You don’t have to get your hands dirty on the EC2 instance itself, as you can provision and administrate your containers through the ECS framework. ECS now offers greater abstraction (and simplicity) through their Fargate mode option.
亚马逊的EC2容器服务 (ECS)将经过特殊配置的EC2实例用作集成Docker容器的主机。 您不必麻烦EC2实例本身,因为可以通过ECS框架配置和管理容器。 现在,ECS通过其Fargate模式选项提供了更好的抽象(和简便性)。
AWS CloudFormation allows you to configure any combination of AWS resources into a template that can be deployed one or many times. You can include specified dependencies and custom parameters in the template. Given its self-contained and scriptable design, CloudFormation is a natural environment for Docker deployments. In fact, Docker itself offers its Docker for AWS service (currently in beta), that will automatically generate a CloudFormation template to orchestrate a swarm of Docker containers to run on AWS infrastructure within your account.
AWS CloudFormation允许您将AWS资源的任何组合配置到可以部署一次或多次的模板中。 您可以在模板中包括指定的依赖项和自定义参数。 鉴于其独立且可编写脚本的设计,CloudFormation是Docker部署的自然环境。 实际上,Docker本身提供了其Docker for AWS服务(当前处于beta版),该服务将自动生成CloudFormation模板,以编排大量Docker容器以在您账户内的AWS基础设施上运行。
AWS Elastic Beanstalk effectively sits on top of ECS. It allows you to deploy your application across all the AWS resources normally used by ECS, but with virtually all of the logistics neatly abstracted away. Effectively, all you need in order to launch a fully scalable, complex microservices environment is a declarative JSON-formatted script in a file called Dockerrun.aws.json
. You can either upload your script to the GUI or, from an initialized local directory using the AWS Beanstalk CLI.
AWS Elastic Beanstalk有效地位于ECS之上。 它使您可以跨ECS通常使用的所有AWS资源部署应用程序,但实际上可以将所有物流整齐地抽象掉。 实际上,启动一个完全可扩展的复杂微服务环境所需的全部工作就是在一个名为Dockerrun.aws.json
的文件中使用声明性JSON格式的脚本。 您可以将脚本上传到GUI,也可以使用AWS Beanstalk CLI从初始化的本地目录上传脚本。
Amazon Elastic Container Service for Kubernetes (EKS) is currently still in preview. It’s a tool allowing you to manage containers using the open source Kubernetes orchestrator, but without having to install your own clusters. Like ECS, EKS will deploy all the necessary AWS infrastructure for your clusters without manual intervention.
Kubernetes的Amazon Elastic Container Service (EKS)当前仍在预览中。 它是一个工具,使您可以使用开源Kubernetes Orchestrator来管理容器,而不必安装自己的集群。 与ECS一样,EKS将为您的集群部署所有必要的AWS基础架构,而无需人工干预。
Docker for AWS is, at the time of writing, still in beta. Using its browser interface, you can use the service to install and run a “swarm of Docker Engines” that are fully integrated with AWS infrastructure services like auto scaling, load balancing (ELB), and block storage.
在撰写本文时, 适用于AWS的Docker仍处于测试阶段。 通过其浏览器界面,您可以使用该服务来安装和运行与“自动扩展,负载平衡(ELB)和块存储”之类的AWS基础设施服务完全集成的“大量Docker引擎”。
Docker Datacenter (now marketed as part of Docker Enterprise Edition) is a joint AWS/Docker project that provides commercial customers with a more customizable interface for integrating Docker with AWS, Azure, and IBM infrastructures.
Docker Datacenter(现已作为Docker Enterprise Edition的一部分销售)是一个AWS / Docker联合项目,为商业客户提供了更加可定制的界面,用于将Docker与AWS,Azure和IBM基础架构集成。
Docker Cloud, much like Docker Datacenter, offers a GUI, browser-based console for managing all aspects of your Docker deployments. This includes administration for your host nodes running in public clouds. The big difference is that, unlike Datacenter, the Docker Cloud administration service is hosted from its own site. There’s no server software to install on your own equipment.
Docker Cloud与Docker Datacenter一样,提供了一个基于GUI的基于浏览器的控制台,用于管理Docker部署的各个方面。 这包括对在公共云中运行的主机节点的管理。 最大的区别在于,与数据中心不同,Docker Cloud管理服务是从其自己的站点托管的。 您无需在自己的设备上安装服务器软件。
Docker Hub is probably the obvious first place to look for and to share Docker images. Provided by Docker itself, Docker Hub holds a vast collection of images that come pre-loaded to support all kinds of application projects. You can find and research images on the hub.docker.com web site, and then pull them directly into your own Docker Engine environment.
Docker Hub可能是寻找和共享Docker映像的明显首选。 Docker Hub由Docker本身提供,其中包含大量映像,这些映像已预先加载以支持各种应用程序项目。 您可以在hub.docker.com网站上找到并研究图像,然后将其直接拉入您自己的Docker Engine环境。
EC2 Container Registry (ECR) is Amazon’s own image registry to go with their EC2 Container Service platform. Images can be pushed, pulled, and managed through the AWS GUI or CLI tool. Permissions policies can closely control image access only to the people you select.
EC2容器注册表 (ECR)是Amazon自己的映像注册表,与EC2 Container Service平台一起使用。 可以通过AWS GUI或CLI工具推,拉和管理图像。 权限策略可以仅对所选人员严格控制图像访问。
I think you’re ready to start. If you haven’t yet, do head over to theAmazon Web Services site to create an AWS account. In case you’re not yet familiar with how this all works, new accounts get a generous full year of experimentation with any service level that’s eligible for the Free Tier. Assuming you’re still in your first year, nothing we’re going to do in this course should cost you a penny.
我认为您已准备好开始。 如果您还没有,请前往Amazon Web Services网站创建一个AWS账户。 如果您还不熟悉这一切的工作原理,那么新帐户将在整个年度进行大量的试验,以试用符合免费套餐资格的任何服务级别。 假设您还在第一年,那么我们在本课程中要做的任何事情都不会花费您一分钱。
Next, we’ll pop the lid off Docker and see how it works at its most basic level: your laptop command line. Technically, this has very little relevance to AWS workloads, but it’ll be a great way to better understand the workflow.
接下来,我们将揭开Docker的神秘面纱,看看它在最基本的水平上是如何工作的:您的笔记本电脑命令行。 从技术上讲,这与AWS工作负载无关紧要,但这将是更好地了解工作流程的好方法。
Properly visualizing how all the many AWS parts work will probably be easier if you first understand what’s going on under the hood with Docker itself. So in this article I’ll walk you through launching and configuring a simple Docker container on my local workstation.
如果您首先了解Docker本身的内幕,那么正确可视化许多AWS部件的工作方式可能会更容易。 因此,在本文中,我将引导您在本地工作站上启动和配置一个简单的Docker容器。
Ready to go?
准备好出发?
Let’s see how this thing actually works. I’m going to get Docker up and running on my local workstation and then test it out with a quick hello-world operation. I will then pull a real working Ubuntu image and run it.
让我们看看这东西实际上是如何工作的。 我将在本地工作站上启动并运行Docker,然后通过快速的hello-world操作对其进行测试。 然后,我将拉出一个真正有效的Ubuntu映像并运行它。
I won’t go through the process of installing Docker on your machine here for a few reasons. First of all, the specifics will vary greatly depending on the operating system you’re running. But they’re also likely to frequently change, so anything I write here will probably be obsolete within a short while. And finally, none of this is all that relevant to AWS. Check out Docker’s own instructions at docs.docker.com/install.
由于某些原因,我不会在此处将Docker安装到您的计算机上。 首先,具体细节将根据您所运行的操作系统而有很大差异。 但是它们也可能会经常更改,因此我在这里写的任何内容都可能在短时间内过时。 最后,所有这些都与AWS无关。 在docs.docker.com/install中查看Docker自己的说明。
Along the way I’ll try out some of Docker’s command line tools, including creating a new network interface and associating a container with it. This is the kind of environment configuration that can be very useful for real-world deployments involving multiple tiers of resources that need to be logically separated.
在此过程中,我将尝试一些Docker的命令行工具,包括创建一个新的网络接口以及将容器与之关联。 这种环境配置对于涉及需要逻辑上分离的多层资源的实际部署非常有用。
Most Linux distributions now use systemd via the systemctl command to handle processes. In this case systemctl start docker
will launch the Docker daemon if it’s not already running. systemctl status docker
will return some useful information, including in-depth error messages if something has gone wrong. In this case, everything looks healthy.
现在,大多数Linux发行版都通过systemctl命令使用systemd处理进程。 在这种情况下,如果systemctl start docker
尚未运行,它将启动Docker守护进程。 systemctl status docker
将返回一些有用的信息,包括发生错误时的深入错误消息。 在这种情况下,一切看起来都很健康。
# systemctl start docker# systemctl status docker
That’s the only Linux-specific bit. From here on in we’ll be using commands that’ll work anywhere Docker’s properly installed.
那是唯一的Linux专用位。 从这里开始,我们将使用在正确安装Docker的任何地方都可以使用的命令。
Running commands from the Docker command line always begins with the word “docker”. The normal first test of a newly installed system is touse docker run
to launch a small image — the purpose-built “hello-world” image in this case.
从Docker命令行运行命令始终以单词“ docker”开头。 对于新安装的系统,通常的第一个测试是使用docker docker run
启动一个小映像-在这种情况下,是专门构建的“ hello-world”映像。
As you can tell from the output below, Docker first looked for the image on the local system. Docker is particularly efficient in that way. It will always try to reuse locally available elements before turning to remote sources.
从下面的输出可以看出,Docker首先在本地系统上查找映像。 Docker以这种方式特别有效。 在转向远程源之前,它将始终尝试重用本地可用的元素。
In this case, since there are no existing images in this new environment, Docker goes out to pull hello-world from the official Docker library.
在这种情况下,由于在此新环境中不存在现有映像,因此Docker退出了正式Docker库中的问候世界。
$ docker run hello-world
Unable to find image ‘hello-world:latest’ locally
latest: Pulling from library/hello-world
ca4f61b1923c: Pull complete
Digest: sha256:66ef312bbac49c39a89aa9bcc3cb4f3c9e7de3788c9
44158df3ee0176d32b751
Status: Downloaded newer image for hello-world:latest2.1.
Hello from Docker!
This message shows that your installation appears to be
working correctly. To generate this message, Docker took the
following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the “hello-world” image
from the Docker Hub. (amd64)
3. The Docker daemon created a new container from that
image which runs the executable that produces the output you
are currently reading.
4. The Docker daemon streamed that output to the Docker client,
which sent it to your terminal.
To try something more ambitious, you can run an Ubuntu container
with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/
The full output of this command includes a useful four part description of what just happened. The Docker client contacted the Docker daemon which proceeded to download the hello-world image from the repository. The image is converted to a running container by the docker run command whose output is streamed to our command line shell — the Docker client.
该命令的完整输出包括一个有用的四部分说明了刚刚发生的事情。 Docker客户端联系了Docker守护程序,该守护程序继续从存储库下载hello-world映像。 该映像通过docker run命令转换为正在运行的容器,该命令的输出将流式传输到我们的命令行外壳Docker客户端。
Let me break that jargon down for you just a bit:
让我为您分解一下这个行话:
Docker client — the command line shell activated by running docker
Docker客户端 -通过运行docker激活的命令行外壳
commands
命令
Docker daemon — the local Docker process we started just before
Docker守护进程 -我们之前开始的本地Docker进程
with the
与
systemctl
command
systemctl
命令
Image — a file containing the data that will be used to make up an
图像 -包含将用于构成图像的数据的文件
operating system
操作系统
Typing just docker
will print a useful list of common commands alongwith brief descriptions, and docker info
will return information aboutthe current state of our Docker client.
仅键入docker
将打印有用的常用命令列表以及简短说明,而ocker info
将返回有关我们Docker客户端当前状态的信息。
Notice how we’ve currently got one container and one image (the hello-world container) and that there are zero containers running right now.
请注意,我们目前是如何获得一个容器和一个图像(hello-world容器)的,现在有零个容器在运行。
$ docker info
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 3
Server Version: 1.13.1
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 28
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Let’s try out the “more ambitious” docker run -it ubuntu bash
command that the Docker documentation previously suggested. This will download the latest official base Ubuntu image and run it as a container.
让我们尝试一下Docker文档先前建议的“更雄心勃勃”的docker run -it ubuntu bash
命令。 这将下载最新的官方基础Ubuntu映像并将其作为容器运行。
The -i
option will make the session interactive, meaning you’ll be dropped into a live shell within the running container where you’ll be able to control things like you would on any other server. The -t
argument will open a TTY shell.
-i
选项将使会话具有交互性,这意味着您将被放到正在运行的容器中的实时shell中,在那里您可以像在其他任何服务器上一样控制事情。 -t
参数将打开一个TTY shell。
$ docker run -it ubuntu bash
Unable to find image ‘ubuntu:latest’ locally
latest: Pulling from library/ubuntu
1be7f2b886e8: Pull complete
6fbc4a21b806: Pull complete
c71a6f8e1378: Pull complete
4be3072e5a37: Pull complete
06c6d2f59700: Pull complete
Digest: sha256:e27e9d7f7f28d67aa9e2d7540bdc2b33254
b452ee8e60f388875e5b7d9b2b696
Status: Downloaded newer image for ubuntu:latest
root@c81a051f6f03:/#
Note the new command line prompt root@c81a051f6f03:/#
. We’renow actually inside a minimal but working Docker container.
注意新的命令行提示符root@c81a051f6f03:/#
。 我们现在实际上位于一个最小但可以正常工作的Docker容器中。
We can, for instance, update our software repository indexes .
例如,我们可以更新软件存储库索引。
# ls
bin dev home lib64 mnt proc run srv tmp var boot etc lib media opt root sbin sys usr
# apt update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease
[…]
Fetched 24.8 MB in 48s (515 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
6 packages can be upgraded. Run ‘apt list — upgradable’ to
see them.
If I exit the container, it will shut down and I’ll find myself back in my host server. Typing docker info
once more now shows me two stopped containers rather than just one.
如果退出该容器,它将关闭,并且我将回到自己的主机服务器中。 现在再次输入docker info
显示两个停止的容器,而不仅仅是一个。
$ docker infoContainers: 2Running: 0Paused: 0Stopped: 2Images: 4[…]
I could launch a container in the background by adding the detach=true
option which will return a container ID. Listing all active docker containers with ps
will then show me my new running container.
我可以通过添加detach=true
选项在后台启动容器,该选项将返回容器ID。 用ps
列出所有活动的docker容器将向我展示我新的运行容器。
$ docker info
Containers: 2
Running: 0
Paused: 0
Stopped: 2
Images: 4
[…]
As you can see from the wizardly_pasteur
name, the people who designed Docker compiled a rather eccentric pool of names to assign to your containers. If you’d like to rename a container — perhaps so managing it will require less typing — run docker rename
, followed by the current container name and the new name you’d like to give it. I’ll run docker ps
once again to show the update in action.
从wizardly_pasteur
名称中可以看到,设计Docker的人编译了一个相当古怪的名称池以分配给您的容器。 如果您想重命名一个容器(也许要对它进行管理,则需要更少的键入操作),请运行docker rename
,然后输入当前容器名称和您想要为其赋予的新名称。 我将再次运行docker ps
来显示运行中的更新。
$ docker rename wizardly_pasteur MyContainer
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
232a83013d39 ubuntu “bash” 3 minutes ago Up 5 minutes MyContainer
docker inspect
followed by a container name, will return pages and pages of useful information about that container’s configuration and environment. The output snippet I’ve included below displays the container’s network environment details. Note that the network gateway is 172.17.0.1
and the container’s actual IP address is 172.17.0.2
— that will be useful later.
docker inspect
后跟容器名称,将返回页面和有关该容器的配置和环境的有用信息页面。 我下面包含的输出代码片段显示了容器的网络环境详细信息。 请注意,网络网关为172.17.0.1
,容器的实际IP地址为172.17.0.2
,这将在以后使用。
$ docker inspect MyContainer
[...]
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
[...]
docker network ls
will list all the network interfaces currently associated with our Docker client. Note in particular the bridge
interface which connects a container to the Docker host
, allowing network communication into and out of the container.
docker network ls
将列出当前与我们的Docker客户端关联的所有网络接口。 特别要注意的是将容器连接到Docker host
的bridge
接口,允许网络通信进出容器。
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
fa4da6f158de bridge bridge local
18385f695b4e host host local
6daa514c5756 none null local
We can create a new network interface by running docker network create
followed by the name we’d like to give our new interface. Running inspect
against the new interface shows us — through the Driver
value — that this new interface has been automatically associated with the network bridge
we saw earlier, but exists on its own 172.18.0.x
network. You’ll remember that our default network used 172.17.0.x
.
我们可以通过运行docker network create
来创建一个新的网络接口,后跟我们想要为其提供新接口的名称。 通过Driver
值对新接口运行inspect
,向我们显示了该新接口已自动与我们之前看到的bridge
相关联,但存在于它自己的172.18.0.x
网络中。 您会记得我们的默认网络使用的是172.17.0.x
$ docker network create newNet
715f775551522c43104738dfc2043b66aca6f2946919b39ce
06961f3f86e33bb
$ docker network inspect newNet
[
{
"Name": "newNet",
[...]
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
[...]
]
Confused? My Solving for Technology book has a chapter on basic TCP/IP networking.
困惑? 我的技术求解书中有一章介绍了基本的TCP / IP网络 。
You might sometimes want to move an existing container from one network to another — perhaps you need to reorganize and better secure your resources. Try it out by moving that Ubuntu container to a different network, like the newNet
interface we just created. Use docker network connect
followed by the network name newNet
and then the container name MyContainer
.
有时您可能需要将现有容器从一个网络移动到另一个网络-也许您需要重组并更好地保护资源。 通过将该Ubuntu容器移动到另一个网络(例如我们刚刚创建的newNet
接口)来进行尝试。 使用newNet
docker network connect
然后使用网络名称newNet
,然后使用容器名称MyContainer
。
$ docker network connect newNet MyContainer
Running inspect
on the container once again will show you that MyContainer
is now connected to both the bridge
interface with its 172.17.0.2
address, and the newNet
interface on 172.18.0.2
. It’s now like a computer with two network interface cards physically connected to separate networks.
运行inspect
容器上再次会显示该MyContainer
现在已经连接到两个 bridge
接口,其172.17.0.2
地址和 newNet
接口172.18.0.2
。 现在就像一台具有两个物理连接到单独网络的网络接口卡的计算机。
Don’t believe me? You can successfully ping
both interfaces from the command line, so we can see they’re both active. All this was possible, by the way, despite the fact that the container was up and running all along. Don’t try that on a physical machine!
不相信我吗 您可以从命令行成功ping
这两个接口,因此我们可以看到它们都处于活动状态。 顺便说一下,尽管容器一直都在运行,但所有这些都是可能的。 不要在物理机上尝试!
$ ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.103 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.070 ms
^C
— — 172.17.0.2 ping statistics — -
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.070/0.086/0.103/0.018 ms
$ ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.062 ms
^C
— — 172.18.0.2 ping statistics — -
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.062/0.070/0.079/0.011 ms
While containers can be defined and controlled from the command line, the process can be largely automated through scripts called Dockerfiles. Running Dockerfile
as part of a docker build operation will tell Docker to create a container using the configurations specified by the script.
尽管可以从命令行定义和控制容器,但是可以通过称为Dockerfiles的脚本在很大程度上实现该过程的自动化。 作为Docker构建操作的一部分运行Dockerfile
将告诉Docker使用脚本指定的配置创建容器。
In the simple dockerfile
example displayed below, the FROM
line tells the docker host to use Ubuntu version 16.04 as the base operating system. If there isn’t already an Ubuntu 16.04 image on the local system, Docker will download one.
在下面显示的simple dockerfile
示例中, FROM
行告诉simple dockerfile
主机使用Ubuntu 16.04版本作为基本操作系统。 如果本地系统上还没有Ubuntu 16.04映像,则Docker将下载一个。
# Simple Dockerfile
FROM ubuntu:16.04
RUN apt-get update
RUN apt-get install -y apache2
RUN echo “Welcome to my web site” > /var/www/html/index.html
EXPOSE 80
Each of the RUN
lines launches a command within the operating system whose results will be included in the container — even before it’s actually launched as a live virtual machine.
每条RUN
行都会在操作系统内启动一个命令,其结果将包含在容器中-甚至在实际将其作为实时虚拟机启动之前也是如此。
In this case, apt-get update
updates the local repository indexes to permit software downloads, apt-get install apache2
will download and install the Apache webserver package. The -y
will automatically answer “yes” to any prompts included in the installation process.
在这种情况下, apt-get update
更新本地存储库索引以允许下载软件, apt-get install apache2
将下载并安装Apache Webserver软件包。 -y
将自动对安装过程中包含的所有提示回答“是”。
The echo
command will replace the contents of the index.html
file with my customized Welcome
text. index.html
is, of course, the first file a browser will look for and then load when it visits a new site.
echo
命令将用我自定义的“ Welcome
文本替换index.html
文件的内容。 当然, index.html
是浏览器将在访问新站点时查找并加载的第一个文件。
Finally, EXPOSE 80
opens up port 80 on the container to allow HTTP traffic — necessary because this will be a web server. This will allow us to access the web server from the Docker host machine. It’ll be your responsibility to provide access to your host for any remote clients you might want to invite in.
最后, EXPOSE 80
在容器上打开端口80以允许HTTP通信-必要的,因为这将是Web服务器。 这将使我们能够从Docker主机访问Web服务器。 您有责任为您可能想邀请的任何远程客户端提供对主机的访问权限。
If you’re up on the latest Ubuntu package management news, you’ll know that there’s been a shift away from apt-get
to its new apt
replacement. So why did I use apt-get
in that Dockerfile
? Because it’s still more reliable for use in scripted settings.
如果您了解最新的Ubuntu软件包管理新闻,您将知道已经从apt-get
转移到了新的apt
替代品。 那么,为什么在该Dockerfile
使用apt-get
? 因为它在脚本设置中使用仍然更加可靠。
To actually create a container based on this Dockerfile, you run docker build
with -t
to create a name (or “tag”) for the container. I’ll go with webserver
. You add a space and then a dot to tell Docker to read the file named Dockerfile
found in this current directory. Docker will immediately get to work building a container on top of the Ubuntu image we pulled earlier, and running the apt-get
and echo
commands.
要实际基于此Dockerfile创建一个容器,请使用-t
run docker build
docker run docker build
来为该容器创建一个名称(或“标签”)。 我将使用webserver
。 您添加一个空格,然后添加一个点,以告诉Docker读取在当前目录中找到的名为Dockerfile
的文件。 Docker将立即开始在我们之前提取的Ubuntu映像之上构建一个容器,并运行apt-get
和echo
命令。
$ docker build -t “webserver” .
Sending build context to Docker daemon 2.048 kB
Step 1/5 : FROM ubuntu:16.04
16.04: Pulling from library/ubuntu
Digest: sha256:e27e9d7f7f28d67aa9e2d7540bdc2b33254b452ee8e
60f388875e5b7d9b2b696
Status: Downloaded newer image for ubuntu:16.04
— -> 0458a4468cbc
Step 2/5 : RUN apt-get update
— -> Running in c25f5462e0f2
[…]
Processing triggers for systemd (229–4ubuntu21) …
Processing triggers for sgml-base (1.26+nmu4ubuntu1) …
— -> 3d9f2f14150e
Removing intermediate container 42cd3a92d3ca
Step 4/5 : RUN echo “Welcome to my web site” >
/var/www/html/index.html
— -> Running in ddf45c195467
— -> a1d21f1ba1f6
Removing intermediate container ddf45c195467
Step 5/5 : EXPOSE 80
— -> Running in af639e6b1c85
— -> 7a206b180a62
Removing intermediate container af639e6b1c85
Successfully built 7a206b180a62
If I run docker images
, I’ll now see a version of my Ubuntu image with the name webserver
.
如果我运行docker images
,我现在将看到一个名为webserver
Ubuntu镜像版本。
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
webserver latest 7a206b180a62 3 minutes ago 250 MB
ubuntu 16.04 0458a4468cbc 12 days ago 112 MB
hello-world latest f2a91732366c 2 months ago 1.85 kB
Now we’re ready to launch the container using docker run
.
现在我们准备使用docker run
启动容器。
Structuring this command properly is a bit of a delicate process and there’s a lot that can go wrong. The -d
argument tells Docker to run this container detached, meaning we won’t find ourselves on the container’s command line but it will be running in the background. -p
tells Docker to forward any traffic coming on port 80
(the default HTTP port) through to port 80
on the container. This allows external access to the web server. I can’t say that I understand why, but the order here is critical: only add the -p
argument after -d
. Next, we tell Docker the name of the container we’d like to launch, webserver
in our case. And after that, we tell Docker to run a single command once the container is running to get the Apache webserver up.
正确构造此命令是一个微妙的过程,并且可能会出错。 -d
参数告诉Docker以分离的方式运行此容器,这意味着我们不会在容器的命令行中找到自己,但是它将在后台运行。 -p
告诉泊坞窗转发任何流量来端口 80
通过(默认HTTP端口) 到端口80
在容器上。 这允许从外部访问Web服务器。 我不能说我理解为什么,但是这里的顺序很关键:仅在 -d
之后添加-p
参数。 接下来,我们告诉Docker我们要启动的容器的名称,在本例中为webserver
。 然后,我们告诉Docker一旦容器运行就运行一个命令来启动Apache Web服务器。
$ docker run -d -p 80:80 webserver \ /usr/sbin/apache2ctl -D FOREGROUND
Perhaps you’re wondering why I didn’t use the more modern Systemd
command systemctl start apache
. Well I tried it, and discovered that, at this point at least, systemd is good and broken in Ubuntu Docker containers. Stay away if you know what’s good for you. -D FOREGROUND
ensures that Apache — and the container as a whole — will remain running even once the launch has completed. Run it for yourself.
也许您想知道为什么我不使用更现代的Systemd
命令systemctl start apache
。 好吧,我尝试了一下,发现至少在这一点上,systemd很好并且在Ubuntu Docker容器中损坏了。 如果您知道对自己有好处,请远离。 -D FOREGROUND
确保即使启动完成,Apache以及整个容器也将保持运行。 自己运行。
We’re given an ID for the new container, but nothing else. You can run docker ps
and you should see our webserver
among the list of all running containers. You should also be able to open webserver’s index.html
page by pointing your browser to the container’s IP address.
我们获得了新容器的ID,但没有别的。 您可以运行docker ps
并且应该在所有正在运行的容器列表中看到我们的webserver
。 通过将浏览器指向容器的IP地址,您还应该能够打开Web服务器的index.html
页面。
What’s that? You don’t know your container’s IP address? Well, since the container will have been associated with the default bridge
network, you can use docker network inspect bridge
and, within the Containers section of the output, you should find what you’re after. In my case, that was 172.17.0.3
.
那是什么? 您不知道容器的IP地址吗? 好吧,由于容器已经与默认bridge
网络相关联,因此您可以使用docker network inspect bridge
并且在输出的“容器”部分中,您应该找到要使用的内容。 就我而言,就是172.17.0.3
。
We’ve already enjoyed some of the benefits Docker Hub has to offer. The images we used to build the containers on the previous clips were all seamlessly downloaded from Docker Hub behind the scenes.
我们已经享受了Docker Hub提供的一些好处。 我们用于在先前剪辑上构建容器的图像都是从后台从Docker Hub无缝下载的。
In fact, using something like docker search apache2
, you can manually comb through the repository for publicly available images that come with Apache pre-installed. You can also browse through what’s available on the Docker Hub web site.
实际上,使用诸如docker search apache2
,您可以手动浏览存储库中预装Apache附带的公共可用映像。 您还可以浏览Docker Hub网站上的可用内容。
However, you should remember that not all of those images are reliable or even safe. You’ll want to look for results that have earned lots of review stars and, in particular, are designated as “official.” Running docker search ubuntu
returns at least a few official images.
但是,您应该记住,并非所有这些图像都是可靠的甚至是安全的。 您将要寻找获得许多评论明星好评的结果,尤其是被指定为“官方”的结果。 运行docker search ubuntu
至少返回一些官方映像。
Find something that interests you? You can add it to your local collection using docker pull
. Once the download is complete, you can view your images using docker images
.
找到您感兴趣的东西? 您可以使用ocker pull
将其添加到本地集合中。 下载完成后,您可以使用docker images
查看docker images
。
$ docker pull ubuntu-upstart
While you’re on the Docker Hub site, take the time to create a free account. That’ll allow you to store and share your own images much the way you might use a tool like GitHub. This is probably the most popular use-case for Docker, as it allows team members working remotely — or lazy devs working in the same office — to get instant and reliable access to the exact environments being used at every stage of a project’s progress.
在Docker Hub站点上时,花时间创建一个免费帐户。 这样一来,您可以像使用GitHub之类的工具一样存储和共享自己的图像。 这可能是Docker最受欢迎的用例,因为它允许远程工作的团队成员(或在同一办公室工作的懒惰的开发人员)即时可靠地访问在项目进度的每个阶段使用的确切环境。
Those are the bare-bone basics, and it’s important to understand them clearly. But, because of the complexity involved in coordinating clusters of dozens or thousands of containers all at once, most serious container workloads won’t use those particular command line tools.
这些是准基本知识,清楚理解它们很重要。 但是,由于一次协调数十个或数千个容器的群集涉及的复杂性,因此大多数严重的容器工作负载将不会使用那些特定的命令行工具。
Instead, you’re most likely going to want a more robust and feature-rich framework. You can read about some of those tools — including Docker’s own Docker Swarm Mode, Docker Enterprise Edition, or Docker Cloud, and Kubernetes — in my article, “Too Many Choices: how to pick the right tool to manage your Docker clusters”.
取而代之的是,您最有可能想要一个更强大且功能更丰富的框架。 您可以在我的文章“ 太多选择:如何选择正确的工具来管理Docker集群 ”中了解其中一些工具,包括Docker自己的Docker Swarm模式,Docker企业版或Docker Cloud和Kubernetes。
This article is largely based on video courses I authored for Pluralsight. I’ve also got loads of Docker, AWS, and Linux content available through my website, including links to my book, Linux in Action, and a hybrid course called Linux in Motion that’s made up of more than two hours of video and around 40% of the text of Linux in Action.
本文主要基于我为Pluralsight编写的视频课程 。 我还可以通过我的网站获得大量Docker,AWS和Linux内容,包括到我的书《 Linux in Action》的链接以及名为Linux in Motion的混合课程,该课程由两个多小时的视频和大约40个小时组成Linux in Action文本的百分比。
翻译自: https://www.freecodecamp.org/news/an-in-depth-introduction-to-docker-on-aws-f373ff97da0e/
aws docker