Docker Network and Data Volume Settings [3]

Keywords: Docker Nginx Linux CentOS

I. Docker Network Settings

By default, docker creates a bridge network card [docker 0]. docker has two mapping modes: random mapping and specified mapping.

Tip: Random mapping is not commonly used in production scenarios, but the advantage of random mapping is that it is allocated by docker and ports do not conflict.

Case 1: Start nginx random mapping configuration with docker



    

  1. [root@linux-node1 ~]# docker run -d -P nginx
    2. 

  2. 63cbe30165c8fb2ce7789a8173db6f2060705028ce6c326d1f0cd467bdee583c
    3. 

  3. [root@linux-node1 ~]# docker ps 
    4. 

  4. CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                           NAMES
    5. 

  5. 63cbe30165c8        nginx               "nginx -g 'daemon off"   8 seconds ago       Up 7 seconds        0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp   drunk_bhabha
    6. 

  6. [root@linux-node1 ~]#
    7. 

  7. 

  8. Tip: 32769 of the physical machine is mapped to port 80
    9. 

  9. - P Represents Random Mapping
    10. 



Visit
1.png-48.8kB
We can view our ports.






    

  1. [root@linux-node1 ~]# netstat -lntup
    2. 

  2. Active Internet connections (only servers)
    3. 

  3. Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    4. 

  4. tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      19995/mysqld        
    5. 

  5. tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      21574/epmd          
    6. 

  6. tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1094/sshd           
    7. 

  7. tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      21557/beam          
    8. 

  8. tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1372/master         
    9. 

  9. tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      21557/beam          
    10. 

  10. tcp6       0      0 :::4369                 :::*                    LISTEN      21574/epmd          
    11. 

  11. tcp6       0      0 :::22                   :::*                    LISTEN      1094/sshd           
    12. 

  12. tcp6       0      0 ::1:25                  :::*                    LISTEN      1372/master         
    13. 

  13. tcp6       0      0 :::32768                :::*                    LISTEN      55956/docker-proxy  
    14. 

  14. tcp6       0      0 :::32769                :::*                    LISTEN      55963/docker-proxy  
    15. 

  15. tcp6       0      0 :::5672                 :::*                    LISTEN      21557/beam          
    16. 

  16. udp        0      0 0.0.0.0:123             0.0.0.0:*                           19389/chronyd       
    17. 

  17. udp        0      0 127.0.0.1:323           0.0.0.0:*                           19389/chronyd       
    18. 

  18. udp6       0      0 ::1:323                 :::*                                19389/chronyd   
    19. 



Let's take a look at iptables to see the Nat table.






    

  1. [root@linux-node1 ~]# iptables -t nat -vnL
    2. 

  2. Chain PREROUTING (policy ACCEPT 2 packets, 473 bytes)
    3. 

  3.  pkts bytes target     prot opt in     out     source               destination         
    4. 

  4.    13   664 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
    5. 

    6. 

  6. Chain INPUT (policy ACCEPT 2 packets, 473 bytes)
    7. 

  7.  pkts bytes target     prot opt in     out     source               destination         
    8. 

    9. 

  9. Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
    10. 

  10.  pkts bytes target     prot opt in     out     source               destination         
    11. 

  11.     0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL
    12. 

    13. 

  13. Chain POSTROUTING (policy ACCEPT 11 packets, 584 bytes)
    14. 

  14.  pkts bytes target     prot opt in     out     source               destination         
    15. 

  15.     0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    16. 

  16.     0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:443
    17. 

  17.     0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:80
    18. 

    19. 

  19. Chain DOCKER (2 references)
    20. 

  20.  pkts bytes target     prot opt in     out     source               destination         
    21. 

  21.     0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    22. 

  22.     9   456 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:32768 to:172.17.0.2:443
    23. 

  23. 1    52 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:32769 to:172.17.0.2:80
    24. 



Container entry






    

  1. [root@linux-node1 ~]# docker ps
    2. 

  2. CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                           NAMES
    3. 

  3. 63cbe30165c8        nginx               "nginx -g 'daemon off"   6 minutes ago       Up 6 minutes        0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp   drunk_bhabha
    4. 

  4. [root@linux-node1 ~]# ./docker_in.sh 63cbe30165c8
    5. 

  5. Tip: The script can view our basic introduction
    6. 



Tip: Because we don't name the container, we need to use ID to enter it.


The pid of the first process that docker runs is 1






    

  1. root@63cbe30165c8:/# ps aux
    2. 

  2. USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    3. 

  3. root          1  0.0  0.1  31752  2872 ?        Ss   22:53   0:00 nginx: master process nginx -g daemon off;
    4. 

  4. nginx         6  0.0  0.1  32144  1908 ?        S    22:53   0:00 nginx: worker process
    5. 

  5. root          7  0.0  0.1  20252  1916 ?        S    23:01   0:00 -bash
    6. 

  6. root         11  0.0  0.0  17492  1156 ?        R+   23:01   0:00 ps aux
    7. 



dockerDefault will be used dhcp distribution IP Address, but we need to set it if we want to access itiptables






    

  1. root@63cbe30165c8:/# ip a
    2. 

  2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    3. 

  3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    4. 

  4.     inet 127.0.0.1/8 scope host lo
    5. 

  5.        valid_lft forever preferred_lft forever
    6. 

  6.     inet6 ::1/128 scope host 
    7. 

  7.        valid_lft forever preferred_lft forever
    8. 

  8. 22: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    9. 

  9.     link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    10. 

  10.     inet 172.17.0.2/16 scope global eth0
    11. 

  11.        valid_lft forever preferred_lft forever
    12. 

  12.     inet6 fe80::42:acff:fe11:2/64 scope link 
    13. 

  13.        valid_lft forever preferred_lft forever
    14. 



We can use docker logs [ID/Name] to view logs






    

  1. [root@linux-node1 ~]# docker logs 63cbe30165c8
    2. 

  2. 192.168.56.1 - - [19/Oct/2016:22:56:00 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
    3. 

  3. 192.168.56.1 - - [19/Oct/2016:22:56:00 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
    4. 

  4. 2016/10/19 22:56:00 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.56.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.56.11:32769"
    5. 

  5. 192.168.56.1 - - [19/Oct/2016:22:56:00 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
    6. 

  6. 2016/10/19 22:56:00 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.56.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.56.11:32769"
    7. 





Case 2: Use docker Start a nginxļ¼ŒAppoint81port






    

  1. [root@linux-node1 ~]# docker run -d -p 192.168.56.11:81:80 --name mynginx nginx
    2. 

  2. 65439bce352e712597f5a74dcf6c9978458fd02e6ed0f243fe87cad8c690d855
    3. 

  3. [root@linux-node1 ~]# docker ps -l
    4. 

  4. CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
    5. 

  5. 65439bce352e        nginx               "nginx -g 'daemon off"   10 seconds ago      Up 9 seconds        443/tcp, 192.168.56.11:81->80/tcp   mynginx
    6. 

  6. Tip: - d represents the background run - p specified port - name specified name
    7. 



Visit

Through port mapping, we can easily access the service inside the container.




Case 3: docker Start Mapping Multiport






    

  1. [root@linux-node1 ~]# docker run -d -p 443:443 -p 82:80 --name nginxv2 nginx
    2. 

  2. 865aed79c5ec875c5d7a033267c9d124324201f92d66382a152d1743533a586b
    3. 

  3. [root@linux-node1 ~]# docker port nginxv2
    4. 

  4. 443/tcp -> 0.0.0.0:443
    5. 

  5. 80/tcp -> 0.0.0.0:82
    6. 






Two. Docker data management


Docker There are two types of data:






    

  1. Data Volume: -v/data
    2. 

  2.          -v src:dst
    3. 

  3. 

  4. Data Volume Container: -- volumes-from
    5. 



Data volume can be understood as mounting, data can be mounted into the docker image, so that when I write data in the docker image, what I actually write is in the physical host. If there are too many containers, it is inconvenient to manage.




Data Volume Settings


Case: Let's create a container named nginx-volume-test and mount it in the / data directory of the container.






  1. root@linux-node1 ~]# docker run -d --name nginx-volume-time -v /data nginx


Enter the container. We already have our data directory under the directory.






    

  1. [root@linux-node1 ~]# ./docker_in.sh nginx-volume-time
    2. 

  2. root@e3356d281a09:/# ls /
    3. 

  3. bin  boot  data  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
    4. 



We can view the current mount directory






    

  1. root@e3356d281a09:/# mount
    2. 

  2. /dev/mapper/docker-253:0-134820964-eacae32f571b8595b10bac6c082732e75497540886e8c3ac72baa62d493a973e on / type xfs (rw,relatime,nouuid,attr2,inode64,logbsize=64k,sunit=128,swidth=128,noquota)
    3. 

  3. proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
    4. 

  4. tmpfs on /dev type tmpfs (rw,nosuid,mode=755)
    5. 

  5. devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
    6. 

  6. mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
    7. 

  7. sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
    8. 

  8. tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
    9. 

  9. cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
    10. 

  10. cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
    11. 

  11. cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
    12. 

  12. cgroup on /sys/fs/cgroup/cpuacct,cpu type cgroup (ro,nosuid,nodev,noexec,relatime,cpuacct,cpu)
    13. 

  13. cgroup on /sys/fs/cgroup/hugetlb type cgroup (ro,nosuid,nodev,noexec,relatime,hugetlb)
    14. 

  14. cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
    15. 

  15. cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
    16. 

  16. cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
    17. 

  17. cgroup on /sys/fs/cgroup/net_cls type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls)
    18. 

  18. cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
    19. 

  19. /dev/mapper/centos-root on /data type xfs (rw,relatime,attr2,inode64,noquota)
    20. 

  20. /dev/mapper/centos-root on /run/secrets type xfs (rw,relatime,attr2,inode64,noquota)
    21. 

  21. /dev/mapper/centos-root on /etc/resolv.conf type xfs (rw,relatime,attr2,inode64,noquota)
    22. 

  22. /dev/mapper/centos-root on /etc/hostname type xfs (rw,relatime,attr2,inode64,noquota)
    23. 

  23. /dev/mapper/centos-root on /etc/hosts type xfs (rw,relatime,attr2,inode64,noquota)
    24. 

  24. shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
    25. 

  25. proc on /proc/asound type proc (ro,nosuid,nodev,noexec,relatime)
    26. 

  26. proc on /proc/bus type proc (ro,nosuid,nodev,noexec,relatime)
    27. 

  27. proc on /proc/fs type proc (ro,nosuid,nodev,noexec,relatime)
    28. 

  28. proc on /proc/irq type proc (ro,nosuid,nodev,noexec,relatime)
    29. 

  29. proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime)
    30. 

  30. proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime)
    31. 

  31. tmpfs on /proc/kcore type tmpfs (rw,nosuid,mode=755)
    32. 

  32. tmpfs on /proc/timer_stats type tmpfs (rw,nosuid,mode=755)
    33. 



Tips:Although we don't know mount Where to go, but there are date CatalogĀ 
/dev/mapper/centos-root on /data type xfs (rw,relatime,attr2,inode64,noquota)






    

  1. root@e3356d281a09:/# ls
    2. 

  2. bin  boot  data  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
    3. 



We can view mount through docker inspect






    

  1. [root@linux-node1 ~]# docker inspect -f {{.Mounts}} nginx-volume-time
    2. 

  2. [{a6310b873c068834dd267a94c9a8173b8a6b21f2251066218ba3deb819705d36 /var/lib/docker/volumes/a6310b873c068834dd267a94c9a8173b8a6b21f2251066218ba3deb819705d36/_data /data local  true }]
    3. 



mount The mount is what we have in the following path






    

  1. [root@linux-node1 _data]# pwd
    2. 

  2. /var/lib/docker/volumes/a6310b873c068834dd267a94c9a8173b8a6b21f2251066218ba3deb819705d36/_data
    3. 



We can create a file under this file and view it in the container.






    

  1. [root@linux-node1 _data]# touch abcdocker.txt
    2. 

  2. [root@linux-node1 _data]#
    3. 

  3. ------------------------------------- Container partition line---------------------------------------------------------------------------------------------------
    4. 

  4. root@e3356d281a09:/# ls /data/
    5. 

  5. abcdocker.txt
    6. 



We can also use - v to specify a volume for storage.
We can create a directory to specify.






    

  1. [root@linux-node1 _data]# mkdir -p /data/docker-volume-nginx
    2. 

  2. [root@linux-node1 _data]# docker run -d --name nginx-volume-test2 -v /data/docker-volume-nginx/:/data nginx
    3. 

  3. b2bef96c8330583b555b576134e3f32db02050eb2bd3bb09defcfe89d4b72862
    4. 

  4. 

  5. Tip: - v/data/docker-volume-nginx storage file directory
    6. 

  6. Directories in data containers
    7. 



See






    

  1. [root@linux-node1 _data]# echo "123" >>/data/docker-volume-nginx/1.txt
    2. 

  2. root@b2bef96c8330:/# cat /data/1.txt 
    3. 

  3. 123
    4. 



Tip: This method will be more practical in production, but it is not supported in dockerfile because it is not portable.


We can add a few parameters






    

  1. [root@linux-node1 _data]# docker run -d --name nginx-volume-test2 -v /data/docker-volume-nginx/:/data:ro nginx
    2. 

  2. # Adding ro represents read-only and can be mounted in a read-only manner
    3. 



Containers can also mount files




For example, we mount a. bash_history, mount it and delete it.






    

  1. [root@linux-node1 ~]# docker run --rm -it -v /root/.bash_history:/.bash_history nginx /bin/bash
    2. 

  2. root@63ed2c5eef1c:/# head .bash_history 
    3. 

  3. ifcon
    4. 

  4. Now if we exit this container, it will close.
    5. 



3.png-60.2kB




Synchronization case between container data:






    

  1. [root@linux-node1 ~]# docker run -d --name nfs -v /root/nfs-data:/data nginx 
    2. 

  2. 30c74a55685050027316347b6de20058af3665fb87b1fd7bca14e7316e8e900e
    3. 

  3. [root@linux-node1 ~]# docker ps 
    4. 

  4. CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                      NAMES
    5. 

  5. 30c74a556850        nginx               "nginx -g 'daemon off"   4 seconds ago       Up 4 seconds        80/tcp, 443/tcp                            nfs
    6. 

  6. b2bef96c8330        nginx               "nginx -g 'daemon off"   2 hours ago         Up 2 hours          80/tcp, 443/tcp                            nginx-volume-test2
    7. 

  7. e3356d281a09        nginx               "nginx -g 'daemon off"   3 days ago          Up 3 days           80/tcp, 443/tcp                            nginx-volume-time
    8. 

  8. 

  9. [root@linux-node1 ~]# docker run --rm -it  --volumes-from nfs centos /bin/bash
    10. 

  10. [root@1a29a9cdffdf /]# cd /data/
    11. 

  11. [root@1a29a9cdffdf data]# ls
    12. 

  12. [root@1a29a9cdffdf data]# touch 123456567
    13. 

  13. Switch in to view
    14. 

  14. 

  15. [root@linux-node1 ~]# cd nfs-data/
    16. 

  16. [root@linux-node1 nfs-data]# ls
    17. 

  17. 123456567
    18. 






Data Volume Container


A data volume container is a volume that allows one container to access another container, regardless of whether the container is running or not.  
The simple explanation of a data volume container is that it allows this data to be shared in multiple containers.






    

  1. [root@linux-node1 ~]# docker run -it --rm --name volume-test3 --volumes-from nginx-volume-test2 centos /bin/bash
    2. 

  2. 

  3. --The name of another container--volume-from
    4. 



At this point we can see that there is a data directory under the root directory, because by default there is no data directory.






    

  1. [root@f06ca39d6090 /]# ls /data/1.txt 
    2. 

  2. /data/1.txt
    3. 



Now we can access the directory mounted under nginx-volume-test2, which implements nfs-like functions.
Tip: If we can access the data volume container now as we do when we stop test2, another advantage of the data volume container is that it will work regardless of whether the container is running or not. As long as there are containers in use, the data volume container can not be deleted.
            


        
    

    
Posted by mammy on Fri, 17 May 2019 23:50:54 -0700


    
        

            
Hot Keywords


                                    

                                

    




    ©2024 Programmer Group