可以断开一个Container的网络,来将一个Container从一个Docker网络中移除,只需要指定网络名称和Container名称即可(或者Container的ID),命令如下所示:
1 docker network disconnect bridge pgdb 2 或 3 docker network disconnect bridge 5ab157767bbd991401c351cfb452d663f5cd93dd1edc56767372095a5c2e7f73 连通处于两个子网中的Docker Container下面,运行一个Web application,默认使用bridge网络:
1 docker run -d --name myweb training/webapp python app.py通过命令:
1 docker inspect --format='{{json .NetworkSettings.Networks}}' myweb可以查看该应用连接网络的状况,如下所示(结果格式化过):
01 { 02 "bridge": { 03 "IPAMConfig": null, 04 "Links": null, 05 "Aliases": null, 06 "NetworkID": "2872de41fddddc22420eecad253107e09a305f3512ade31d4172d3b80723d8b6", 07 "EndpointID": "a4e66b540e632c346f345c7972617ccdfaa4ef36eefbdc3a298d524b5cf13897", 08 "Gateway": "172.17.0.1", 09 "IPAddress": "172.17.0.4", 10 "IPPrefixLen": 16, 11 "IPv6Gateway": "", 12 "GlobalIPv6Address": "", 13 "GlobalIPv6PrefixLen": 0, 14 "MacAddress": "02:42:ac:11:00:04" 15 } 16 }或者,获取直接Container的IP地址,执行命令:
1 docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' myweb结果如下:
1 172.17.0.4接着,我们再在my-bridge-network网络中启动一个Container,名称为mydb,执行如下命令:
1 docker run -d --name mydb --network my-bridge-network training/postgres查看mydb应用连接网络的状态(结果格式化过):
01 { 02 "my-bridge-network": { 03 "IPAMConfig": null, 04 "Links": null, 05 "Aliases": [ 06 "fbfbad9e0bd3" 07 ], 08 "NetworkID": "fc19452525e5d2f5f1fc109656f0385bf2f268b47788353c3d9ee672da31b33a", 09 "EndpointID": "49c7afbf24be165b98ea29dbfd7b1e2c0eecd9c1ef16a7efde00ab92d0563985", 10 "Gateway": "172.18.0.1", 11 "IPAddress": "172.18.0.2", 12 "IPPrefixLen": 16, 13 "IPv6Gateway": "", 14 "GlobalIPv6Address": "", 15 "GlobalIPv6PrefixLen": 0, 16 "MacAddress": "02:42:ac:12:00:02" 17 } 18 }应用mydb所在网络为my-bridge-network,IP地址为172.18.0.2。 下面,测试从我们的mydb应用所在Container,连接到myweb应用所在的Container(,实际是跨了2个子网,即从my-bridge-network网络连接到bridge网络)。执行如下命令,使得可以在默认的bridge网络中的Container连接到my-bridge-network中的Container,执行如下命令:
1 docker network connect my-bridge-network myweb这样,就可以进入到在my-bridge-network网络中的mydb应用所在Container中,通过ping命令,来ping另一个默认bridge网络中myweb应用:
01 [root@localhost mydockerbuild]# docker exec -it mydb bash 02 root@fbfbad9e0bd3:/# ifconfig 03 eth0 Link encap:Ethernet HWaddr 02:42:ac:12:00:02 04 inet addr:172.18.0.2 Bcast:0.0.0.0 Mask:255.255.0.0 05 inet6 addr: fe80::42:acff:fe12:2/64 Scope:Link 06 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 07 RX packets:36 errors:0 dropped:0 overruns:0 frame:0 08 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 09 collisions:0 txqueuelen:0 10 RX bytes:3530 (3.5 KB) TX bytes:1124 (1.1 KB) 11 12 lo Link encap:Local Loopback 13 inet addr:127.0.0.1 Mask:255.0.0.0 14 inet6 addr: ::1/128 Scope:Host 15 UP LOOPBACK RUNNING MTU:65536 Metric:1 16 RX packets:26 errors:0 dropped:0 overruns:0 frame:0 17 TX packets:26 errors:0 dropped:0 overruns:0 carrier:0 18 collisions:0 txqueuelen:1 19 RX bytes:2274 (2.2 KB) TX bytes:2274 (2.2 KB) 20 root@fbfbad9e0bd3:/# ping myweb 21 PING myweb (172.18.0.3) 56(84) bytes of data. 22 64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=1 ttl=64 time=0.318 ms 23 64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=2 ttl=64 time=2.06 ms 24 64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=3 ttl=64 time=0.506 ms 25 64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=4 ttl=64 time=0.404 ms 26 ^C 27 --- myweb ping statistics --- 28 4 packets transmitted, 4 received, 0% packet loss, time 3003ms 29 rtt min/avg/max/mdev = 0.318/0.822/2.061/0.718 ms可见,在不同Docker网络的两个Container之间的网络是连通的。
Docker Data Volumes
一个Data Volume是在一个或多个Container里面的特定的目录,它能够绕过Union Filesystem,提供持久化或共享数据的特性。 添加一个Data Volume,执行如下命令:
1 docker run -d -P --name vweb -v /webapp training/webapp python app.py添加一个Data Volume,使用-v选项,目录名为/webapp,该目录是在Container内部的目录,可以通过执行命令docker inspect vweb查看当前Container中对应的信息,如下所示:
001 [ 002 { 003 "Id": "fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33", 004 "Created": "2017-03-05T16:53:12.614318467Z", 005 "Path": "python", 006 "Args": [ 007 "app.py" 008 ], 009 "State": { 010 "Status": "running", 011 "Running": true, 012 "Paused": false, 013 "Restarting": false, 014 "OOMKilled": false, 015 "Dead": false, 016 "Pid": 7555, 017 "ExitCode": 0, 018 "Error": "", 019 "StartedAt": "2017-03-05T16:53:13.380982103Z", 020 "FinishedAt": "0001-01-01T00:00:00Z" 021 }, 022 "Image": "sha256:6fae60ef344644649a39240b94d73b8ba9c67f898ede85cf8e947a887b3e6557", 023 "ResolvConfPath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/resolv.conf", 024 "HostnamePath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/hostname", 025 "HostsPath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/hosts", 026 "LogPath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33-json.log", 027 "Name": "/vweb", 028 "RestartCount": 0, 029 "Driver": "overlay", 030 "MountLabel": "", 031 "ProcessLabel": "", 032 "AppArmorProfile": "", 033 "ExecIDs": null, 034 "HostConfig": { 035 "Binds": null, 036 "ContainerIDFile": "", 037 "LogConfig": { 038 "Type": "json-file", 039 "Config": {} 040 }, 041 "NetworkMode": "default", 042 "PortBindings": {}, 043 "RestartPolicy": { 044 "Name": "no", 045 "MaximumRetryCount": 0 046 }, 047 "AutoRemove": false, 048 "VolumeDriver": "", 049 "VolumesFrom": null, 050 "CapAdd": null, 051 "CapDrop": null, 052 "Dns": [], 053 "DnsOptions": [], 054 "DnsSearch": [], 055 "ExtraHosts": null, 056 "GroupAdd": null, 057 "IpcMode": "", 058 "Cgroup": "", 059 "Links": null, 060 "OomScoreAdj": 0, 061 "PidMode": "", 062 "Privileged": false, 063 "PublishAllPorts": true, 064 "ReadonlyRootfs": false, 065 "SecurityOpt": null, 066 "UTSMode": "", 067 "UsernsMode": "", 068 "ShmSize": 67108864, 069 "Runtime": "runc", 070 "ConsoleSize": [ 071 0, 072 0 073 ], 074 "Isolation": "", 075 "CpuShares": 0, 076 "Memory": 0, 077 "NanoCpus": 0, 078 "CgroupParent": "", 079 "BlkioWeight": 0, 080 "BlkioWeightDevice": null, 081 "BlkioDeviceReadBps": null, 082 "BlkioDeviceWriteBps": null, 083 "BlkioDeviceReadIOps": null, 084 "BlkioDeviceWriteIOps": null, 085 "CpuPeriod": 0, 086 "CpuQuota": 0, 087 "CpuRealtimePeriod": 0, 088 "CpuRealtimeRuntime": 0, 089 "CpusetCpus": "", 090 "CpusetMems": "", 091 "Devices": [], 092 "DiskQuota": 0, 093 "KernelMemory": 0, 094 "MemoryReservation": 0, 095 "MemorySwap": 0, 096 "MemorySwappiness": -1, 097 "OomKillDisable": false, 098 "PidsLimit": 0, 099 "Ulimits": null, 100 "CpuCount": 0, 101 "CpuPercent": 0, 102 "IOMaximumIOps": 0, 103 "IOMaximumBandwidth": 0 104 }, 105 "GraphDriver": { 106 "Name": "overlay", 107 "Data": { 108 "LowerDir": "/var/lib/docker/overlay/59f20340fa5232f5b13300a715b6d422acc32d21385f48336cead00c3227c63a/root", 109 "MergedDir": "/var/lib/docker/overlay/9c602e4263c42984824b7f1e3c62416cb6056332e6447e65c3d08de7c1f50cd6/merged", 110 "UpperDir": "/var/lib/docker/overlay/9c602e4263c42984824b7f1e3c62416cb6056332e6447e65c3d08de7c1f50cd6/upper", 111 "WorkDir": "/var/lib/docker/overlay/9c602e4263c42984824b7f1e3c62416cb6056332e6447e65c3d08de7c1f50cd6/work" 112 } 113 }, 114 "Mounts": [ 115 { 116 "Type": "volume", 117 "Name": "228bc2018d65523797450822a068550fb8afbdf6ca2e4010a32cbb36961e3d5f", 118 "Source": "/var/lib/docker/volumes/228bc2018d65523797450822a068550fb8afbdf6ca2e4010a32cbb36961e3d5f/_data", 119 "Destination": "/webapp", 120 "Driver": "local", 121 "Mode": "", 122 "RW": true, 123 "Propagation": "" 124 } 125 ], 126 "Config": { 127 "Hostname": "fcea99542d4d", 128 "Domainname": "", 129 "User": "", 130 "AttachStdin": false, 131 "AttachStdout": false, 132 "AttachStderr": false, 133 "ExposedPorts": { 134 "5000/tcp": {} 135 }, 136 "Tty": false, 137 "OpenStdin": false, 138 "StdinOnce": false, 139 "Env": [ 140 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 141 ], 142 "Cmd": [ 143 "python", 144 "app.py" 145 ], 146 "Image": "training/webapp", 147 "Volumes": { 148 "/webapp": {} 149 }, 150 "WorkingDir": "/opt/webapp", 151 "Entrypoint": null, 152 "OnBuild": null, 153 "Labels": {} 154 }, 155 "NetworkSettings": { 156 "Bridge": "", 157 "SandboxID": "3f2f86ae96ec76c08e8841c7b8eb75e586000397a8acef9a0098ddf02f2c7da7", 158 "HairpinMode": false, 159 "LinkLocalIPv6Address": "", 160 "LinkLocalIPv6PrefixLen": 0, 161 "Ports": { 162 "5000/tcp": [ 163 { 164 "HostIp": "0.0.0.0", 165 "HostPort": "32768" 166 } 167 ] 168 }, 169 "SandboxKey": "/var/run/docker/netns/3f2f86ae96ec", 170 "SecondaryIPAddresses": null, 171 "SecondaryIPv6Addresses": null, 172 "EndpointID": "39693d7b104dab973e7ed27d16bb71b290be39aa83cce5e78f8b80de35309c5a", 173 "Gateway": "172.17.0.1", 174 "GlobalIPv6Address": "", 175 "GlobalIPv6PrefixLen": 0, 176 "IPAddress": "172.17.0.5", 177 "IPPrefixLen": 16, 178 "IPv6Gateway": "", 179 "MacAddress": "02:42:ac:11:00:05", 180 "Networks": { 181 "bridge": { 182 "IPAMConfig": null, 183 "Links": null, 184 "Aliases": null, 185 "NetworkID": "2872de41fddddc22420eecad253107e09a305f3512ade31d4172d3b80723d8b6", 186 "EndpointID": "39693d7b104dab973e7ed27d16bb71b290be39aa83cce5e78f8b80de35309c5a", 187 "Gateway": "172.17.0.1", 188 "IPAddress": "172.17.0.5", 189 "IPPrefixLen": 16, 190 "IPv6Gateway": "", 191 "GlobalIPv6Address": "", 192 "GlobalIPv6PrefixLen": 0, 193 "MacAddress": "02:42:ac:11:00:05" 194 } 195 } 196 } 197 } 198 ]从上面可以看到,在应用vweb所在Container内部的Data Volume为/webapp。 也可以mount一个宿主机的目录,作为Docker Container的Data Volume:
1 docker run -d -P --name vvweb -v /src/webapp:/webapp training/webapp python app.py上面命令行中,-v选项的值通过冒号分隔,前半部分是宿主机的目录,而后半部分是Container中的相对目录,并且要求宿主机的目录一定包含Container中的Data Volume的路径。 Docker的Data Volume默认是read-write模式,可以手动指定为只读模型,执行如下命令:
1 docker run -d -P --name web -v /src/webapp:/webapp:ro training/webapp python app.py另外,也可以创建一个用来存储的Data Volume Container,便于多个Container中的应用共享数据。例如创建一个用来存储数据库数据的Data Volume Container,执行如下命令:
1 docker create -v /dbdata --name dbstore training/postgres /bin/true创建了一个名称为dbstore的Container。如果其他应用想要共享我们创建的用于存储的Data Volume Container,可以在启动应用Container的时候指定Data Volume,例如启动下面两个Container使用我们创建的dbstore作为共享Data Volume:
1 docker run -d --volumes-from dbstore --name db1 training/postgres 2 docker run -d --volumes-from dbstore --name db2 training/postgresdb1和db2这两个Container共享我们创建的dbstore Data Volume Container,查看这两个Container对应的Volume信息,执行如下命令行:
1 docker inspect db1 2 docker inspect db2结果分别取出两个Container的Mounts信息,对比发现内容是相同的,如下所示:
01 "Mounts": [ 02 { 03 "Name": "741950cc3ef8d901dc6cfdbebf8450082a0d22b07957f43bd0de73d05447b365", 04 "Source": "/var/lib/docker/volumes/741950cc3ef8d901dc6cfdbebf8450082a0d22b07957f43bd0de73d05447b365/_data", 05 "Destination": "/dbdata", 06 "Driver": "local", 07 "Mode": "", 08 "RW": true, 09 "Propagation": "" 10 } 11 ]可见,只能作为Data Volume使用的Container,可以被其他多个应用所共享。
hu_wenjie 认证博客专家 Kubernetes/容器 Linux/CentOS 系统架构 运维开发工程师,负责系统各层级的自动化监控开发、系统的自动化巡检开发、熟悉微服务项目的自动化部署、集群方案部署、熟练掌握故障分析定位等。