Docker就不多介绍了，大家可以理解为是他是一个虚拟集装箱，将原来以服务器为基础单元的集群，细化到以每个服务进程为单元。这样的优点在于：

1. 隔离开发环境和具体可执行进程，可跨平台跨主机使用，统一开发环境

2. 节约时间成本，硬件成本，秒级别快速部署启动

3. 支持持续集成，可利用相关部署工具(Ansible, saltstack)进行快速部署

4. 可作为轻量级别主机或节点部署应用

5. 未来可能代替虚拟机的虚拟容器

最后利用Ansible去对Docker容器进行具体服务的部署，最大限度的体现轻量级，统一开发部署环境的好处。

在部署之前首先给大家介绍一下我的部署结构:

dockerfiles
├── mariadb
│   ├── Dockerfile
│   ├── ansible
│   │   ├── mariadb-install-container.yml
│   │   ├── mariadb.sh
│   │   ├── mariadb.sql
│   │   └── my.cnf
│   └── run.sh
├── nginx
│   ├── Dockerfile
│   ├── ansible
│   │   ├── default.conf
│   │   ├── nginx-container.yml
│   │   └── nginx.conf
│   └── run.sh
└── php
    ├── Dockerfile
    ├── ansible
    │   ├── info.php
    │   ├── php-container.yml
    │   ├── test-db-conn.php
    │   ├── wp-config.php
    │   └── http://www.conf
    └── run.sh

Dockerfiles主目录下面分别是3个服务所对应的目录，每个目录大致分为Dockerfile配置文件, ansible目录，以及run.sh

Dockerfile这个大家都清楚，用来Build容器镜像的配置脚本。

ansible目录下保存需要在容器内使用到的ansible playbook相应配置文件。

run.sh则是创建和运行容器的启动脚本，我们分别去执行对应目录的执行脚本用来构建Docker容器所对应的服务。

这里给大家提供一个我的gitlab私人仓库的链接，方便大家去下载这个部署脚本：

https://git.showerlee.com/showerlee/ansible-docker-wp

大家如果想对Docker和Ansible有不太明白的地方可以先阅读我之前写的文章。

Docker: http://www.showerlee.com/archives/1758

Ansible: http://www.showerlee.com/archives/1649

一.环境部署

Local system:  MAC OS X 10.12.1
Docker:   Docker 1.12.3

Tip: 这里说明一下，较早版本的Docker若在非Linux内核下去安装需要去配合安装virtualbox虚拟机才能正常使用，这里我们使用的最新版本Docker配合MAC OS 10.12.1最新开放出来的内核接口，可无需调用额外虚拟机直接安装使用即可。

二.Docker部署

Mariadb container

Mariadb是Mysql在CentOS7上的一个开源分支, 大家可以理解就是一个mysql. 这里首先我们为什么先去部署并启动Mariadb, 是因为我们后面启动Docker时会用到它的一个Link参数，这个参数不仅保证两台容器会安全的利用这个Link去传输数据，而且还会在被Link主机内创建一个host记录，方便我们直接用FQDN名去访问相应主机。

Dockerfile

FROM ansible/centos7-ansible/:stable

ADD ansible /data/ansible

WORKDIR /data/ansible

RUN ansible-playbook mariadb-install-container.yml -c local

# Initialize and start mariadb
RUN chmod +x mariadb.sh

CMD ["./mariadb.sh"]

EXPOSE 3306

这里简单来说就是下载集成Ansible的CentOS7容器镜像，并将ansible playbook及相应配置文件复制到容器内去部署MariaDB初始环境，最终启动服务，并开启3306DB端口.

ansible/mariadb-install-container.yml

- name: Install Mariadb container
  hosts: local
  vars:
    conf_path: /etc/my.cnf
    src_socket: /data/mariadb_data/mysql.sock
    link_socket: /var/lib/mysql/mysql.sock
    user: mysql
  tasks:
  - name: Install epel-release package
    yum: name=epel-release state=latest

  - name: Install required packages
    yum: name={{ item }} state=latest
    with_items:
      - net-tools
      - lsof 
      - nmap
      - mariadb-server
      - MySQL-python

  - name: Copy mariadb conf
    copy: src=my.cnf dest={{ conf_path }} mode=0644

  - name: Link mysql socket
    file: 
      src={{ src_socket }} dest={{ link_socket }} state=link force=yes

这里是ansible playbook, 基本上就是利用ansible本地安装Epel源以及Mariadb相应的安装包，然后进行DB的相关配置。

ansible/mariadb.sh

#!/bin/sh
 chown -R mysql:mysql /var/lib/mysql

 mysql_install_db --user=mysql --datadir=/data/mariadb_data > /dev/null

 mysqld_safe &

 sleep 5s

 mysql -v < mariadb.sql

 sleep 5s

 ps -wef | grep mysql | grep -v grep | awk '{print $2}' | xargs kill -9

 mysqld_safe --user mysql

这里是对Mariadb进行初始化安装，并使用sql脚本更改root密码及相应权限和创建Wordpress数据库，最终重启DB服务。

ansible/Mariadb.sql

USE mysql;
 GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
 FLUSH PRIVILEGES;
 UPDATE user SET password=PASSWORD("123456") WHERE user='root';
 FLUSH PRIVILEGES;
 CREATE DATABASE wordpress;
 FLUSH PRIVILEGES;

ansible/my.cnf

[mysqld]
datadir=/data/mariadb_data
socket=/data/mariadb_data/mysql.sock
port=3306
bind-address = 0.0.0.0

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

Mariadb的DB配置.

run.sh

#/bin/bash

IMAGE="leon/mariadb"
Container="mariadb"

docker build -t ${IMAGE} .

docker run -d -p 3306:3306 --name ${Container} ${IMAGE}

最终我们使用docker build去创建一个基于Dockerfile配置的MariaDB容器镜像，并用docker run去启动这个容器镜像。

Tip: -d为后台启动容器，-p为打开端口，--name 为创建容器名，-t为打一个镜像标签。

PHP container

接下来我们会部署启动php-fpm服务，作为解析Wordpress网站的php服务, 它会开启9000端口，方便后面的nginx container去进行反向连接。

Dockerfile

FROM ansible/centos7-ansible:stable

ADD ansible /data/ansible

WORKDIR /data/ansible

RUN ansible-playbook php-container.yml -c local

# Add the volume to php application
VOLUME ["/data/app"]

# CMD ["php-fpm", "--nodaemonize"]
ENTRYPOINT ["/usr/sbin/php-fpm", "-F"]

EXPOSE 9000

这里的配置基本上和MariaDB类似，区别在于我们会在这里去创建一个与nginx共同使用的共享网站目录，里面会保存Wordpress源代码和相关php测试文件。

ansible/php-container.yml

- name: Create PHP container
  hosts: local
  vars:
    app_dir: /data/app
    src_dir: /data/src
    phpfpm_path: /etc/php-fpm.d/www.conf
    info_path: /data/app/info.php
    test_path: /data/app/test-db-conn.php
    wp_url: https://cn.wordpress.org/wordpress-4.5.3-zh_CN.tar.gz
    wp_config: /data/app/wp-config.php
  tasks:
  - name: Install epel-release packages
    yum: name=epel-release state=latest 

  - name: Install required packages
    yum: name={{ item }} state=latest
    with_items:
      - net-tools
      - lsof
      - nmap
      - unzip
      - mariadb

  - name: Install php packages
    yum: name={{ item }} state=latest
    with_items:
      - php
      - php-mysql
      - php-fpm
      - php-gd
      - php-mbstring

  - name: Create dir
    file: path={{ item }} state=directory mode=0755
    with_items:
      - "{{ app_dir }}"
      - "{{ src_dir }}"

  - name: Unpack WP package
    unarchive: src={{ wp_url }} dest={{ src_dir }} remote_src=yes

  - name: Move WP source code to app_dir
    shell: "shopt -s dotglob && mv {{ src_dir }}/wordpress/* {{ app_dir }}" 

  - name: Copy wp configuration
    copy: src=wp-config.php dest={{ wp_config }}

  - name: Copy php info page
    copy: src=info.php dest={{ info_path }} mode=0755

  - name: Copy test-db-conn page
    copy: src=test-db-conn.php dest={{ test_path }} mode=0755

  - name: Copy nginx configuration
    copy: src=www.conf dest={{ phpfpm_path }} mode=0755

这里playbook配置内容较多，不过基本上就是安装php-fpm以及相应安装包，配置php-fpm配置项，并下载Wordpress源代码并将DB信息写入WP配置文件，复制php测试脚本等。

ansible/info.php

<?php
phpinfo();
?>

ansible/test-db-conn.php

<html><body><h1>The page to test Mariadb connection.</h1></body></html>
<?php
 $conn=mysql_connect('mariadb','root','123456');
 if ($conn)
   echo "<h2>Success...</h2>";
 else
   echo "<h2>Failure...</h2>";
 
?>

ansible/wp-config.php

<?php
/**
 * WordPress基础配置文件。
 *
 * 这个文件被安装程序用于自动生成wp-config.php配置文件，
 * 您可以不使用网站，您需要手动复制这个文件，
 * 并重命名为“wp-config.php”，然后填入相关信息。
 *
 * 本文件包含以下配置选项：
 *
 * * MySQL设置
 * * 密钥
 * * 数据库表名前缀
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/zh-cn:%E7%BC%96%E8%BE%91_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');

/** MySQL数据库用户名 */
define('DB_USER', 'root');

/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');

/** MySQL主机 */
define('DB_HOST', 'mariadb');

/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');

/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');

/**#@+
 * 身份认证密钥与盐。
 *
 * 修改为任意独一无二的字串！
 * 或者直接访问{@link https://api.wordpress.org/secret-key/1.1/salt/
 * WordPress.org密钥生成服务}
 * 任何修改都会导致所有cookies失效，所有用户将必须重新登录。
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

/**#@-*/

/**
 * WordPress数据表前缀。
 *
 * 如果您有在同一数据库内安装多个WordPress的需求，请为每个WordPress设置
 * 不同的数据表前缀。前缀名只能为数字、字母加下划线。
 */
$table_prefix  = 'wp_';

/**
 * 开发者专用：WordPress调试模式。
 *
 * 将这个值改为true，WordPress将显示所有用于开发的提示。
 * 强烈建议插件开发者在开发环境中启用WP_DEBUG。
 *
 * 要获取其他能用于调试的信息，请访问Codex。
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define('WP_DEBUG', false);

/**
 * zh_CN本地化设置：启用ICP备案号显示
 *
 * 可在设置→常规中修改。
 * 如需禁用，请移除或注释掉本行。
 */
define('WP_ZH_CN_ICP_NUM', true);

/* 好了！请不要再继续编辑。请保存本文件。使用愉快！ */

/** WordPress目录的绝对路径。 */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** 设置WordPress变量和包含文件。 */
require_once(ABSPATH . 'wp-settings.php');

ansible/www.conf

; Start a new pool named 'www'.
[www]

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses on a
;                            specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 0.0.0.0:9000

; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1
 
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = any

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. 
; Default Values: user and group are set as the running user
;                 mode is set to 0666
listen.owner = nobody
listen.group = nobody
listen.mode = 0666

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nobody
; RPM: Keep a group allowed to write in log dir.
group = nobody

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives:
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to either 'static' or 'dynamic'
; Note: This value is mandatory.
pm.max_children = 5

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
 
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. By default, the status page shows the following
; information:
;   accepted conn    - the number of request accepted by the pool;
;   pool             - the name of the pool;
;   process manager  - static or dynamic;
;   idle processes   - the number of idle processes;
;   active processes - the number of active processes;
;   total processes  - the number of idle + active processes.
; The values of 'idle processes', 'active processes' and 'total processes' are
; updated each second. The value of 'accepted conn' is updated in real time.
; Example output:
;   accepted conn:   12073
;   pool:             www
;   process manager:  static
;   idle processes:   35
;   active processes: 65
;   total processes:  100
; By default the status page output is formatted as text/plain. Passing either
; 'html' or 'json' as a query string will return the corresponding output
; syntax. Example:
;   http://www.foo.bar/status
;   http://www.foo.bar/status?json
;   http://www.foo.bar/status?html
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set 
;pm.status_path = /status
 
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
 
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
 
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
 
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log
 
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
 
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
 
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: chrooting is a great security feature and should be used whenever 
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot = 
 
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
;chdir = /var/www
 
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Default Value: no
;catch_workers_output = yes
 
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'. 
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M

; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

run.sh

#/bin/bash

IMAGE="leon/php"
Container="php"
Link="mariadb"

docker build -t ${IMAGE} .

docker run -d -p 9000:9000 --name ${Container} --link ${Link}:${Link} ${IMAGE}

这里去创建PHP并启动镜像，需要提到这里的link就是文章开头说到的需要与DB进行安全传输，并在php容器内创建一个DB的host记录。

我们可以使用这个命令去进入容器，查看该记录。

# docker exec -it php bash
[root@7e6188415cb2 ansible]# cat /etc/hosts
127.0.0.1      	localhost
::1    	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.2     mariadb 29ae9593fbfc
172.17.0.3     7e6188415cb2

Tip: 这里可以看到mariadb的内网ip为172.17.0.2, php-fpm的为172.17.0.3, 我们MAC本机作为Docker主机与容器间会进行DNAT通信，容器因为在同一内网，可自由通信，前提是需要在创建和启动镜像前打开相应服务端口。

Nginx container

这里最终我们会利用Nginx作为一个反向代理，配置www.example.com去访问我们的PHP容器下的Wordpress页面.

Dockerfile

FROM ansible/centos7-ansible/epel:stable

ADD ansible /data/ansible

WORKDIR /data/ansible

RUN ansible-playbook nginx-container.yml -c local

VOLUME ["/data/app"]

# CMD ["nginx", "-g", "daemon off;"]
ENTRYPOINT [ "/usr/sbin/nginx" ]

EXPOSE 80
EXPOSE 443

这里基本与PHP的容器配置类似，执行playbook，共享网站目录，启动nginx服务并打开80，443端口。

ansible/nginx-container.yml

- name: Create Nginx container
  hosts: local
  vars:
    global_conf_path: /etc/nginx/nginx.conf
    server_conf_path: /etc/nginx/conf.d/default.conf
  tasks:
  - name: Install epel-release package
    yum: name=epel-release state=latest

  - name: Install required packages
    yum: name={{ item }} state=latest
    with_items:
      - net-tools
      - lsof
      - nmap
      - nginx

  - name: Copy nginx global conf
    copy: src=nginx.conf dest={{ global_conf_path }} mode=0644

  - name: Copy nginx server conf
    copy: src=default.conf dest={{ server_conf_path }} mode=0644

这里安装nginx，并将配置文件复制到对应nginx目录.

ansible/defalut.conf

# The default server
#

upstream backend {
    server php:9000;
}

server {
    listen 80;
    server_name http://www.example.com;
    root /data/app;
    index index.php index.html index.htm;

    location / {
          try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        fastcgi_pass backend;
        fastcgi_index index.php;
        include fastcgi.conf;
    }

}

ansible/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
daemon off;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 768;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

run.sh

#/bin/bash

IMAGE="leon/nginx"
Container="nginx"
Link="php"
Volume="php"

docker build -t ${IMAGE} .

docker run -d -p 80:80 -p 443:443 --name ${Container} --link ${Link}:${Link} --volumes-from ${Volume} ${IMAGE}

这里需要注意的是我们添加了一个--volumes-from参数用来调用PHP share出来的网站目录。

这里我们分别执行3个目录下的执行脚本(run.sh)后，效果如下:

# docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                      NAMES
7e6188415cb2        leon/php            "/usr/sbin/php-fpm -F"   2 hours ago         Up About an hour    0.0.0.0:9000->9000/tcp                     php
29ae9593fbfc        leon/mariadb        "./mariadb.sh"           2 hours ago         Up About an hour    0.0.0.0:3306->3306/tcp                     mariadb
d07bb4aea5c1        leon/nginx          "/usr/sbin/nginx"        3 days ago          Up 4 hours          0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   nginx

# docker images

REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
leon/php                       latest              f243f43c99a2        3 hours ago         883 MB
leon/mariadb                   latest              7046c76b434a        3 hours ago         1.694 GB
leon/nginx                     latest              d588d0a73eee        7 days ago          737.6 MB
ansible/centos7-ansible        stable              5108f665e079        3 weeks ago         433.3 MB

到这里我们就成功创建并启动了我们Wordpress所需要的三个基础服务。

我们可以利用Docker start "容器名"或者Docker stop "容器名" 去启动或者关闭这个包含具体服务的容器，可以作为我们在Docker服务器下重启服务的命令。

如果需要进入容器进行调测，我们也可以使用Docker exec -it "容器名" bash

测试结果

我们给MAC主机添加一个host记录

# cat /etc/hosts

127.0.0.1 http://www.example.com

然后使用PHP测试文件分别测试PHP是否部署成功以及PHP与MariaDB是否联通

最终我们访问www.example.com查看wordpress是否部署成功。

至此使用Docker+Ansible部署Wordpress大功告成。。。 

这里我们先给大家介绍一些常用Dockerfile编写规范.

Docker配置传送门: http://www.showerlee.com/archives/1758

1.FROM 

FROM <image>:<tag>

FROM会使用当前本地或者远程Docker仓库的image, 这个要首先写到该脚本的第一行.

例:

FROM centos67base/apache:apache_base

这里代表我们使用本地的centos67base/apache镜像.

查看本地缓存镜像可以使用

# docker images

2.MAINTAINER

MAINTAINER <name>

这个会给生成的镜像创建一个作者名

3.RUN

RUN <command> (命令行格式, 执行一段shell命令)

RUN ["executable", "param1", "param2"] (列表格式, "executable"可以更改不同shell格式, 例如/bin/sh或/bin/bash, "param1"代表shell参数)

这个可以理解为执行shell命令到image, 一般来说用来给镜像安装package, 或者更改系统配置等.

例:

RUN /bin/bash -c echo 123
RUN ["/bin/bash" "-c" "echo 123"]

4.CMD

CMD ["executable","param1","param2"] (同RUN)

CMD ["param1","param2"] (使用系统默认shell)

CMD command param1 param2 (命令行格式)

这个CMD基本使用格式与RUN类似, 区别在于如果存在多个CMD行, 则只有最后一行生效, 这个我们常用执行默认的shell命令给该容器.

5.LABEL

LABEL <key>=<value> <key>=<value> <key>=<value> ...

例:

LABEL "com.example.vendor"="ACME Incorporated"
LABEL com.example.label-with-value="foo"
LABEL version="1.0"
LABEL description="This text illustrates \
that label-values can span multiple lines."

这个可以理解为给image传送一个键值对.

可以使用如下命令查看已Build好的image LABEL

# docker inspect

6.EXPOSE

EXPOSE <port> [<port>...]

这个用来通知容器在某一具体端口进行监听, 但不会打开该端口, 如需打开要在创建容器容器的时候配合-P参数使用.

7.ENV

ENV <key> <value>

ENV <key>=<value> ...

例如:

ENV myName="John Doe" myDog=Rex\ The\ Dog \
       myCat=fluffy

相当于给镜像添加环境变量.

8.ADD

ADD <src>... <dest>

ADD ["<src>",... "<dest>"] (这种写法会避免路径名含有空格而报错)

ADD命令会copy本地目录, 文件或远程URL到容器目的路径, <src>, <dest>支持通配符和绝对相对路径.

例如:

ADD hom* /mydir/        # adds all files starting with "hom"
ADD hom?.txt /mydir/    # ? is replaced with any single character, e.g., "home.txt"
ADD test relativeDir/   # adds "test" to `WORKDIR`/relativeDir/
ADD test /absoluteDir   # adds "test" to /absoluteDir

9.COPY

COPY <src>... <dest>

COPY ["<src>",... "<dest>"] (这种写法会避免路径名含有空格而报错)

本身用法和ADD类似, 唯独不能使用远程URL

10.VOLUME

VOLUME ["/data"]
VOLUME会给该image创建一个挂载点.

11.WORKDIR

WORKDIR /path/to/workdir

顾名思义, 指定一个当前的工作目录.

12.Dockerfile实例

# Nginx
#
# VERSION               0.0.1

FROM      ubuntu
MAINTAINER Victor Vieux <victor@docker.com>

LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0"
RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server


# Firefox over VNC
#
# VERSION               0.3

FROM ubuntu

# Install vnc, xvfb in order to create a 'fake' display and firefox
RUN apt-get update && apt-get install -y x11vnc xvfb firefox
RUN mkdir ~/.vnc
# Setup a password
RUN x11vnc -storepasswd 1234 ~/.vnc/passwd
# Autostart firefox (might not be the best way, but it does the trick)
RUN bash -c 'echo "firefox" >> /.bashrc'

EXPOSE 5900
CMD    ["x11vnc", "-forever", "-usepw", "-create"]

更多详细配置请参考: http://www.showerlee.com/archives/1758 第10项

Docker源意码头工人, 是一款更轻量级的虚拟化快速部署工具, 他的优点在于非常傻瓜的配置和管理, CPU/内存的低消耗, 快速开/关机, 可以非常方便的运行和释放容器, 便捷的连接宿主机器和容器以及0成本的commit and export到其他任意环境, 绝对是一款优于vagrant等同类型工具的SA居家旅行必备利器.

通俗来讲Docker其实就是将我们在虚拟机上定制的系统打包成一个私有Docker镜像, 然后通过将镜像传到本地, Docker本身会利用Vbox创建一个虚拟机实例(该虚拟机内核支持Docker)并与本地共享同一个目录结构, 最终利用docker内嵌命令使用我们的私有镜像创建若干子虚拟容器, 从而实现本地虚拟化部署.

Windows与MAC平台内核因为本身与Docker不兼容, 所以我们需要本地安装VirtualBox+Docker, 利用VirtualBox创建一个可兼容Docker的虚拟机.

Linux内核为3.0以上的发行版可直接安装Docker, 无需安装第三方虚拟机.

本文将详细介绍如何创建一个私有的Docker容器, 并部署到不同环境中, 使用Windows和Linux平台的同学也可以参考本文的配置.

话说一开始我是拒绝的, 但经过2天的研究和部署, 我震精了, 这他喵的绝对是神一般的利器, 他的跨平台的一些功能(有待挖掘)绝对可以成为未来的运维部署发展趋势.

还有不得不佩服老外的想象力, 这官网的动物代表不同的系统环境, Docker代表码头工人的对不同系统环境的迁移整合, 整得都成动物世界了, 不过还真别说, 这码头工人的效率还真不错, 动物园的动物们对这小哥的发货效率绝对满意, 必须五星好评.

不说了, 我去啃老外的面包去了.... 

官方文档: https://docs.docker.com

一.环境部署

Local system:  MAC OS X 10.10.5
VirtualBox:    VirtualBox-5.0.10
docker:   DockerToolbox-1.9.1b.pkg
Docker sample system: CentOS6.7 x64 minimal (docker.example.com)

本机需安装Virtualbox和Docker,  安装过程(略).

TIP:本机为ubuntu或其他Linux发行版内核为3.0以上的朋友因为本地系统内嵌KVM, Docker可直接调用KVM, 所以无需安装Virtualbox作为Docker虚拟机.

二.Docker配置

1.在Virtualbox新建虚拟机并安装CentOS 6.7 x64(略)

2.安装openssh-clients (VirtualBox虚拟机)

# yum install openssh-clients -y

3.登陆CentOS虚拟机并安装EPEL YUM源 (VirtualBox虚拟机)

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

4.配置yum (VirtualBox虚拟机)

# cd /etc/yum.repos.d
# vi CentOS-Base.repo
找到[centosplus]源下,修改enabled=1
# sed -i 's/$releasever/6/g' CentOS-Base.repo
# sed -i 's/$basearch/x86_64/g' CentOS-Base.repo

5.安装Docker并开启Docker服务 (VirtualBox虚拟机)

# yum install docker-io -y
# service docker start

6.部署docker

1).常用命令(本地)

# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE

# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

可以看到目前docker并未有可用的镜像.

2).配置脚本目录 (VirtualBox虚拟机)

# cd /root

# mkdir scripts

# cd scripts

# vi createimg.sh

源自:https://github.com/docker/docker/blob/master/contrib/mkimage-yum.sh

#!/usr/bin/env bash
#
# Create a base CentOS Docker image.
#
# This script is useful on systems with yum installed (e.g., building
# a CentOS image on CentOS).  See contrib/mkimage-rinse.sh for a way
# to build CentOS images on other systems.

usage() {
    cat <<EOOPTS
$(basename $0) [OPTIONS] <name>
OPTIONS:
  -y <yumconf>  The path to the yum config to install packages from. The
                default is /etc/yum.conf for Centos/RHEL and /etc/dnf/dnf.conf for Fedora
EOOPTS
    exit 1
}

# option defaults
yum_config=/etc/yum.conf
if [ -f /etc/dnf/dnf.conf ] && command -v dnf &> /dev/null; then
yum_config=/etc/dnf/dnf.conf
alias yum=dnf
fi 
while getopts ":y:h" opt; do
    case $opt in
        y)
            yum_config=$OPTARG
            ;;
        h)
            usage
            ;;
        \?)
            echo "Invalid option: -$OPTARG"
            usage
            ;;
    esac
done
shift $((OPTIND - 1))
name=$1

if [[ -z $name ]]; then
    usage
fi

target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)

set -x

mkdir -m 755 "$target"/dev
mknod -m 600 "$target"/dev/console c 5 1
mknod -m 600 "$target"/dev/initctl p
mknod -m 666 "$target"/dev/full c 1 7
mknod -m 666 "$target"/dev/null c 1 3
mknod -m 666 "$target"/dev/ptmx c 5 2
mknod -m 666 "$target"/dev/random c 1 8
mknod -m 666 "$target"/dev/tty c 5 0
mknod -m 666 "$target"/dev/tty0 c 4 0
mknod -m 666 "$target"/dev/urandom c 1 9
mknod -m 666 "$target"/dev/zero c 1 5

# amazon linux yum will fail without vars set
if [ -d /etc/yum/vars ]; then
mkdir -p -m 755 "$target"/etc/yum
cp -a /etc/yum/vars "$target"/etc/yum/
fi

yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
    --setopt=group_package_types=mandatory -y groupinstall Core
yum -c "$yum_config" --installroot="$target" -y clean all

cat > "$target"/etc/sysconfig/network <<EOF
NETWORKING=yes
HOSTNAME=localhost.localdomain
EOF

# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target".
#  locales
rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
#  docs and man pages
rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
#  cracklib
rm -rf "$target"/usr/share/cracklib
#  i18n
rm -rf "$target"/usr/share/i18n
#  yum cache
rm -rf "$target"/var/cache/yum
mkdir -p --mode=0755 "$target"/var/cache/yum
#  sln
rm -rf "$target"/sbin/sln
#  ldconfig
rm -rf "$target"/etc/ld.so.cache "$target"/var/cache/ldconfig
mkdir -p --mode=0755 "$target"/var/cache/ldconfig

version=
for file in "$target"/etc/{redhat,system}-release
do
    if [ -r "$file" ]; then
        version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$file")"
        break
    fi
done

if [ -z "$version" ]; then
    echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
    version=$name
fi

tar --numeric-owner -c -C "$target" . | docker import - $name:$version

docker run -i -t $name:$version echo success

rm -rf "$target"

# chmod +x createimg.sh

3).执行脚本(VirtualBox虚拟机)

该脚本将自动生成docker镜像,centos6.7base为镜像名,脚本执行log保存在/tmp下

# ./createimg.sh centos6.7base

4).查看生成的docker镜像(VirtualBox虚拟机)

# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos6.7base       6.7                 8355bdcdcde0        5 minutes ago       166.3 MB

5).查看生成的docker容器(VirtualBox虚拟机)

# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS                          PORTS               NAMES
a7392bd18606        centos6.7base:6.7   "echo success"      About a minute ago   Exited (0) About a minute ago                       sleepy_swartz 

6).删除容器(VirtualBox虚拟机)

# docker rm a7392bd18606

7).导出Docker缓存镜像到磁盘(VirtualBox虚拟机)

# docker save 8355bdcdcde0 > /tmp/centos67base.tar
# ll /tmp

-rw-r--r--  1 root root 174095360 Dec 14 04:23 centos67base.tar
-rw-r--r--  1 root root     20284 Oct 16 03:21 vboxguest-Module.symvers
-rw-------. 1 root root         0 Oct 16 00:21 yum.log

8).拷贝该镜像到本地(本地)

Tip: 因为笔者是MAC系统, 所以系统自带CLI scp命令, windows用户可以使用winscp进行ssh传输.

# cd ~/Work/Docker/centos67base

# scp root@docker.example.com:/tmp/centos67base.tar .

7.使用MAC下的docker加载该镜像

在MAC Application/Docker目录下运行Docker Quickstart Terminal, 会弹出Terminal并运行docker的相应初始化配置, 完成后会进入CLI界面.

TIP: 这里实际上是Docker调用了本地VirtualBox, 并在其创建了一个新的Docker虚拟机instance(可以通过打开VBOX GUI查看), 所以我们实际上已经进入了这个instance CLI界面, 但笔者惊奇的发现这里的目录结构和MAC本地是一致的, 可以得出来的结论是Docker和MAC共同share一个CLI. 所以大家可能会有错觉自己还在本地, 实际情况是我们已经登录到Docker母虚拟机, 随后我们会在这个母机上创建多个容器(子虚拟机).

Windows平台下该执行文件可在开始菜单获取

1).加载刚才制作的镜像(Docker CLI)

# docker load < centos67base.tar
# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
<none>              <none>              8355bdcdcde0        21 hours ago        166.3 MB

2).添加Repository和tag(Docker CLI)

默认这两项都为空,所以可以根据IMAGE ID去给这个image添加相关的标注
# docker tag 8355bdcdcde0 centos67base:6.7
# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos67base        6.7                 8355bdcdcde0        21 hours ago        166.3 MB

3).创建docker容器并加载该镜像(Docker CLI)

# docker run -i -t --privileged 8355bdcdcde0 /bin/bash

Tip: -i和-t配合使用实际上是为了保持一个TTY标准输入处于一个LISTEN状态无论是否被连接, 简单来说就是创建一个CLI终端连接.

       --privileged用来开启扩展权限给容器, 主要开启容器iptables等类似内核集成模块, 默认无此参数使用iptables会报错.

       8355bdcdcde0为IMAGE ID, /bin/bash表示使用bash shell格式进入终端.

已成功登录子虚拟容器

# uname -a    

Linux 33e93edb56e3 4.1.13-boot2docker #1 SMP Fri Nov 20 19:05:50 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/system-release

CentOS release 6.7 (Final)

可以看到已经登陆到子虚拟容器, 至此我们就成功制作并加载了我们私有的docker镜像.

4).关闭子虚拟容器

# exit
# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
33e93edb56e3        8355bdcdcde0        "/bin/bash"         16 minutes ago      Exited (0) 8 seconds ago                       awesome_joliot

这里可以看到这个容器在16分钟前生成, 现已经关闭了8秒钟, 简单来说这里去退出Docker容器可以理解为虚拟机的保存状态(挂起), 在我们创建这个容器后的所有的change都不会丢失, 除非你删除这个容器, 但之前开启的服务socket会丢失, 所以重新打开这个容器需重启该服务.

5).重新开启并连接该容器(Docker CLI)

# docker start 33e93edb56e3

# docker attach 33e93edb56e3

Tip: 这里执行attach后不会立即进入容器命令行,需要再回车才能显示.

6).断开该容器(Docker CLI)

这里可以在CLI下利用快捷键ctrl+P, 然后Ctrl+Q去快速切回本地环境.

# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
33e93edb56e3        8355bdcdcde0        "/bin/bash"         33 minutes ago      Up 7 minutes                            awesome_joliot

这里可以看到容器并没有退出, 其状态显示为已运行7分钟.

8).重命名该容器(Docker CLI)

# docker rename awesome_joliot centos6.7_base

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
33e93edb56e3        8355bdcdcde0        "/bin/bash"         35 minutes ago      Up 9 minutes                            centos6.7_base

9).重新连接该容器(Docker CLI)

# docker attach 33e93edb56e3

这里也可以直接使用刚才修改后的容器名登陆 

# docker attach centos6.7_base

所以实际上整个Docker的运行步骤:
加载tar包到docker缓存镜像 => 利用该镜像创建容器 => 启动容器 => 连接容器

8).删除并重新创建容器(Docker CLI)

# docker rm 33e93edb56e3

# docker run -i -t --privileged 8355bdcdcde0 /bin/bash

# exit

$ docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
861dd99563ef        8355bdcdcde0        "/bin/bash"         18 seconds ago      Exited (0) 2 seconds ago                       gloomy_lovelace

我们可以看到容器ID变成861dd99563ef, 之前的容器和容器的所有change已经彻底删除.

到这里我们介绍了Docker的使用, 基本上公司sa会将一份基本的Docker系统镜像分发给每位开发人员, 开发人员会利用这个统一的系统环境去coding, 如果在开发过程中遇到了一个BUG或者问题无法修复, 如何将当前的状态备份并分发给其他同事去处理? 这里就可以利用Dock commit去保存我们的系统状态到镜像中, 利用之前的命令export and transfer该镜像给相应Programmer进行进一步的处理, 当然我们也可以利用该功能去保存不同开发产品的版本状态.

8.Commit Docker镜像(Docker CLI)

我们可以安装一个apache并commit镜像来模拟上述情况.

# docker start 861dd99563ef

e8b478f41b5c

# docker attach 861dd99563ef

# exit

# docker commit 861dd99563ef centos67base/apache:apache_base

d9aef85ea282439634c36b3e8d51356396bb116c6ea51f11f8b128bf1fdb89a6

# docker images

REPOSITORY            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos67base/apache   apache_base         d9aef85ea282        7 seconds ago       233.6 MB
centos67base          6.7                 8355bdcdcde0        23 hours ago        166.3 MB

我们可以看到我们生成了一个基于centos67base的apache版本镜像

9.导出该新版本镜像(Docker CLI)

# docker save centos67base/apache > centos67_apache.tar

# ll

-rw-r--r-- 1 XXX staff 242053632 Dec 15 16:34 centos67_apache.tar
-rw-r--r-- 1 XXX staff 174095360 Dec 15 13:26 centos67base.tar

TIP: 由于Docker虚拟机与本地MAC share一个CLI, 这里相当于这个镜像已经保存在本地.

10.通过Dockerfile Build虚拟镜像(Docker CLI)

1).这里我们通过Docker脚本在原有centos67base/apache镜像基础上安装vim, 实现一个简单的自动化部署.

# cd ~/Work/Docker/Build

# vi Dockerfile

FROM centos67base/apache:apache_base
RUN yum install vim -y

TIP: 这里centos67base/apache:apache_base对应REPOSITORY:TAG

2).开始Build

# docker build -t centos67base/apache/vim .

Sending build context to Docker daemon 416.2 MB
Step 1 : FROM centos67base/apache:apache_base
 ---> d9aef85ea282
Step 2 : RUN yum install vim -y
 ---> Running in 721c0cd73025
Loaded plugins: fastestmirror
Setting up Install Process
Determining fastest mirrors
 * base: mirrors.yun-idc.com
 * extras: mirrors.yun-idc.com
 * updates: mirrors.yun-idc.com
Resolving Dependencies
--> Running transaction check
---> Package vim-enhanced.x86_64 2:7.4.629-5.el6 will be installed
--> Processing Dependency: vim-common = 2:7.4.629-5.el6 for package: 2:vim-enhanced-7.4.629-5.el6.x86_64
--> Processing Dependency: which for package: 2:vim-enhanced-7.4.629-5.el6.x86_64
--> Processing Dependency: perl(:MODULE_COMPAT_5.10.1) for package: 2:vim-enhanced-7.4.629-5.el6.x86_64
--> Processing Dependency: libperl.so()(64bit) for package: 2:vim-enhanced-7.4.629-5.el6.x86_64
--> Processing Dependency: libgpm.so.2()(64bit) for package: 2:vim-enhanced-7.4.629-5.el6.x86_64
--> Running transaction check
---> Package gpm-libs.x86_64 0:1.20.6-12.el6 will be installed
---> Package perl.x86_64 4:5.10.1-141.el6_7.1 will be installed
--> Processing Dependency: perl(version) for package: 4:perl-5.10.1-141.el6_7.1.x86_64
--> Processing Dependency: perl(Pod::Simple) for package: 4:perl-5.10.1-141.el6_7.1.x86_64
--> Processing Dependency: perl(Module::Pluggable) for package: 4:perl-5.10.1-141.el6_7.1.x86_64
---> Package perl-libs.x86_64 4:5.10.1-141.el6_7.1 will be installed
---> Package vim-common.x86_64 2:7.4.629-5.el6 will be installed
--> Processing Dependency: vim-filesystem for package: 2:vim-common-7.4.629-5.el6.x86_64
---> Package which.x86_64 0:2.19-6.el6 will be installed
--> Running transaction check
---> Package perl-Module-Pluggable.x86_64 1:3.90-141.el6_7.1 will be installed
---> Package perl-Pod-Simple.x86_64 1:3.13-141.el6_7.1 will be installed
--> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.13-141.el6_7.1.x86_64
---> Package perl-version.x86_64 3:0.77-141.el6_7.1 will be installed
---> Package vim-filesystem.x86_64 2:7.4.629-5.el6 will be installed
--> Running transaction check
---> Package perl-Pod-Escapes.x86_64 1:1.04-141.el6_7.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch      Version                    Repository  Size
================================================================================
Installing:
 vim-enhanced             x86_64    2:7.4.629-5.el6            base       1.0 M
Installing for dependencies:
 gpm-libs                 x86_64    1.20.6-12.el6              base        28 k
 perl                     x86_64    4:5.10.1-141.el6_7.1       updates     10 M
 perl-Module-Pluggable    x86_64    1:3.90-141.el6_7.1         updates     40 k
 perl-Pod-Escapes         x86_64    1:1.04-141.el6_7.1         updates     33 k
 perl-Pod-Simple          x86_64    1:3.13-141.el6_7.1         updates    213 k
 perl-libs                x86_64    4:5.10.1-141.el6_7.1       updates    579 k
 perl-version             x86_64    3:0.77-141.el6_7.1         updates     52 k
 vim-common               x86_64    2:7.4.629-5.el6            base       6.7 M
 vim-filesystem           x86_64    2:7.4.629-5.el6            base        15 k
 which                    x86_64    2.19-6.el6                 base        38 k

Transaction Summary
================================================================================
Install      11 Package(s)

Total download size: 19 M
Installed size: 59 M
Downloading Packages:
--------------------------------------------------------------------------------
Total                                           7.0 MB/s |  19 MB     00:02     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 1:perl-Pod-Escapes-1.04-141.el6_7.1.x86_64                  1/11 
  Installing : 1:perl-Module-Pluggable-3.90-141.el6_7.1.x86_64             2/11 
  Installing : 3:perl-version-0.77-141.el6_7.1.x86_64                      3/11 
  Installing : 4:perl-libs-5.10.1-141.el6_7.1.x86_64                       4/11 
  Installing : 1:perl-Pod-Simple-3.13-141.el6_7.1.x86_64                   5/11 
  Installing : 4:perl-5.10.1-141.el6_7.1.x86_64                            6/11 
  Installing : 2:vim-filesystem-7.4.629-5.el6.x86_64                       7/11 
  Installing : 2:vim-common-7.4.629-5.el6.x86_64                           8/11 
  Installing : which-2.19-6.el6.x86_64                                     9/11 
  Installing : gpm-libs-1.20.6-12.el6.x86_64                              10/11 
  Installing : 2:vim-enhanced-7.4.629-5.el6.x86_64                        11/11 
  Verifying  : 1:perl-Pod-Simple-3.13-141.el6_7.1.x86_64                   1/11 
  Verifying  : 1:perl-Pod-Escapes-1.04-141.el6_7.1.x86_64                  2/11 
  Verifying  : gpm-libs-1.20.6-12.el6.x86_64                               3/11 
  Verifying  : which-2.19-6.el6.x86_64                                     4/11 
  Verifying  : 2:vim-enhanced-7.4.629-5.el6.x86_64                         5/11 
  Verifying  : 2:vim-filesystem-7.4.629-5.el6.x86_64                       6/11 
  Verifying  : 1:perl-Module-Pluggable-3.90-141.el6_7.1.x86_64             7/11 
  Verifying  : 2:vim-common-7.4.629-5.el6.x86_64                           8/11 
  Verifying  : 3:perl-version-0.77-141.el6_7.1.x86_64                      9/11 
  Verifying  : 4:perl-libs-5.10.1-141.el6_7.1.x86_64                      10/11 
  Verifying  : 4:perl-5.10.1-141.el6_7.1.x86_64                           11/11 

Installed:
  vim-enhanced.x86_64 2:7.4.629-5.el6                                           

Dependency Installed:
  gpm-libs.x86_64 0:1.20.6-12.el6                                               
  perl.x86_64 4:5.10.1-141.el6_7.1                                              
  perl-Module-Pluggable.x86_64 1:3.90-141.el6_7.1                               
  perl-Pod-Escapes.x86_64 1:1.04-141.el6_7.1                                    
  perl-Pod-Simple.x86_64 1:3.13-141.el6_7.1                                     
  perl-libs.x86_64 4:5.10.1-141.el6_7.1                                         
  perl-version.x86_64 3:0.77-141.el6_7.1                                        
  vim-common.x86_64 2:7.4.629-5.el6                                             
  vim-filesystem.x86_64 2:7.4.629-5.el6                                         
  which.x86_64 0:2.19-6.el6                                                     

Complete!
 ---> dfd4d0e4442c
Removing intermediate container 721c0cd73025
Successfully built dfd4d0e4442c

# docker images

REPOSITORY                TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos67base/apache/vim   latest              dfd4d0e4442c        10 seconds ago      327 MB
centos67base/apache       apache_base         d9aef85ea282        2 weeks ago         233.6 MB

这里我们就在之前镜像的基础上Build出一个新的image, 有特殊需求的同学可以在此脚本的基础上编写更加详细的部署步骤.

更多配置可以参考官方文档: https://docs.docker.com/engine/reference/builder/ 

11. 本地与容器间传输文件

我们可以通过docker内建命令docker cp对已创建好的容器来进行文件传输.

# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
3d9136b53a7f        8355bdcdcde0        "/bin/bash"         6 minutes ago       Up 6 minutes                            centos67base

# ls

Dockerfile 

# docker cp Dockerfile centos67base:/Dockerfile

# docker attach centos67base

# ls

Dockerfile  boot  etc   lib    media  opt   root  selinux  sys  usr
bin         dev   home  lib64  mnt    proc  sbin  srv      tmp  var

12. 访问容器端口

如果我们需要在本地MAC访问容器的具体服务, 我们可以通过DOCKER的NAT Forwarding来实现访问该容器端口服务.

这里我们可以利用之前安装的apache实现MAC本地访问容器的apache web服务.

1). 创建apache容器, 并打开其80 NAT Forwarding (Docker CLI)

# docker run -i -t --privileged -p 80:80 d9aef85ea282 /bin/bash

Tip: 80:80 前者为母虚拟机端口, 后者为子虚拟容器端口

2). 登陆进容器, 开启apache服务并登出(子虚拟容器)

# service httpd start

# echo "This is a test web page" > /var/www/html/index.html

Ctrl+P, 然后Ctrl+Q登出

3).访问该服务(Docker CLI)

查看Docker母虚拟机IP信息

# docker-machine ls

NAME      ACTIVE   DRIVER       STATE     URL                         SWARM   ERRORS
default   *        virtualbox   Running   tcp://192.168.99.101:2376

查看子容器NAT配置

# docker ps -a

# docker port cce502d8a21a

80/tcp -> 0.0.0.0:80

这里可以看到NAT已配置成功

成功访问web服务

# curl http://192.168.99.101/

This is a test web page!!!!

TIP: 这里由于我们实际上是在VirtualBox下的一个Docker instance虚拟机下, 所以访问的IP为192.168.99.101, 而不是本地127.0.0.1.

这里再次给同学们强调虽然我们的目录结构感觉是在本地, 但实际上我们处在Docker虚拟机下, 只是这个虚拟机嵌入到本地目录中.

至此我们大致将SA的Docker原理, 制作过程和配置使用详细讲解给大家, 其中借鉴了很多老外的部署经验, 希望有英语基础的同学可以去国外的技术网站去获取相关的知识. 随后我会陆续更新Docker自动化部署等文档.

Hope you enjoy…