*Linux Container(LXC) 와 Docker의 차이점
Docker = LXC + (Layers + Registry)
=>LXC에 MSA, Devops 방법론을 적용한 것!! (App Container)
=>LXC는 (OS Container)
*Registry 구성요소
Repository, Index
*Docker 환경
dockerd (net + volume + swarm ...)
containerd
runC
*Docker 컨테이너를 실행하면...
1 2 3 | [root@host01-2 tmp]# docker run -it reg.cloud.com/centos [root@a63244e84c0b /]# | cs |
*Docker Container 위치
1 | [root@host01-2 tmp]# ls /var/lib/docker/containers/ | cs |
*Docker Container 폴더 구조
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | [root@host01-2 tmp]# cd /var/lib/docker/containers/ [root@host01-2 a63244e84c0b71b01311d52eda786b395aa77f6510c32e08046d3beb8b1da095]# ls -al total 28 drwx------. 4 root root 237 May 23 09:36 . drwx------. 5 root root 222 May 23 09:35 .. -rw-r-----. 1 root root 1540 May 23 09:33 a63244e84c0b71b01311d52eda786b395aa77f6510c32e08046d3beb8b1da095-json.log drwx------. 2 root root 6 May 23 09:32 checkpoints -rw-------. 1 root root 2636 May 23 09:33 config.v2.json -rw-r--r--. 1 root root 1153 May 23 09:33 hostconfig.json -rw-r--r--. 1 root root 13 May 23 09:32 hostname -rw-r--r--. 1 root root 174 May 23 09:32 hosts drwx------. 3 root root 17 May 23 09:32 mounts -rw-r--r--. 1 root root 69 May 23 09:32 resolv.conf -rw-r--r--. 1 root root 71 May 23 09:32 resolv.conf.hash | cs |
a63244e84c0b71b01311d52eda786b395aa77f6510c32e08046d3beb8b1da095 = 로그
hostname=Container가 뜰 때 hostname
*Docker 이미지 조회(이미지 식별 = 이미지이름@...)
1 2 3 4 5 6 | [root@host01-2 /]# docker image ls --digests REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE registry 2.5 sha256:a3a4155bb8a3b32679c10451a55f9754f33b8620c1a8f316dfd913bb91ac746d 36e3b1f8d3f1 4 months ago 37.8MB reg.cloud.com/ubuntu latest <none> 20c44cd7596f 6 months ago 123MB reg.cloud.com/centos latest sha256:224d7b12549c04bba833d4626a5c51113290e55bd754d39f72d1a437539b3c68 d123f4e55e12 6 months ago 197MB | cs |
Docker 이미지 생성 시 - ID가 생성된다.
Repository 이름은 옵션임!
DIGEST 값이 없는것은 registry에서 만들어준다(registry에 등록되는 순간 digest가 만들어진다 = Commit + Push 필요!!).
*Docker History(이미지 생성이 어떻게 되었는지 확인 방법):
아래서 위로 순서대로 실행된다
1 2 3 4 5 6 7 8 9 | [root@host01-2 /]# docker history reg.cloud.com/ubuntu IMAGE CREATED CREATED BY SIZE COMMENT 20c44cd7596f 6 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B <missing> 6 months ago /bin/sh -c mkdir -p /run/systemd && echo 'do… 7B <missing> 6 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$… 2.76kB <missing> 6 months ago /bin/sh -c rm -rf /var/lib/apt/lists/* 0B <missing> 6 months ago /bin/sh -c set -xe && echo '#!/bin/sh' > /… 745B <missing> 6 months ago /bin/sh -c #(nop) ADD file:280a445783f309c90… 123MB | cs |
*Docker 이미지는 최소한의 툴만 가지고 뜬다 :
1 2 3 4 5 6 7 | [root@host01-2 /]# docker attach 07802d6d9bd9 [root@07802d6d9bd9 /]# ip addr bash: ip: command not found [root@07802d6d9bd9 /]# ifconfig bash: ifconfig: command not found [root@07802d6d9bd9 /]# | cs |
ifconfig = net-tool
ip addr = ip router
와 같은 툴이 필요하다
*Docker 이미지의 inspect
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 | [root@host01-2 /]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES aa5929e423cc reg.cloud.com/centos "/bin/bash" 18 seconds ago Up 17 seconds sad_kowalevski [root@host01-2 /]# docker inspect aa5929e423cc [ { "Id": "aa5929e423ccca7c4fe6f42559071f6a2b6b3ae4c8dfbac75c93eff06183384e", "Created": "2018-05-23T00:53:41.018342623Z", "Path": "/bin/bash", "Args": [], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 8735, "ExitCode": 0, "Error": "", "StartedAt": "2018-05-23T00:53:41.640998376Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:d123f4e55e1200156d9cbcf4421ff6d818576e4f1e29320a408c72f022cfd0b1", "ResolvConfPath": "/var/lib/docker/containers/aa5929e423ccca7c4fe6f42559071f6a2b6b3ae4c8dfbac75c93eff06183384e/resolv.conf", "HostnamePath": "/var/lib/docker/containers/aa5929e423ccca7c4fe6f42559071f6a2b6b3ae4c8dfbac75c93eff06183384e/hostname", "HostsPath": "/var/lib/docker/containers/aa5929e423ccca7c4fe6f42559071f6a2b6b3ae4c8dfbac75c93eff06183384e/hosts", "LogPath": "/var/lib/docker/containers/aa5929e423ccca7c4fe6f42559071f6a2b6b3ae4c8dfbac75c93eff06183384e/aa5929e423ccca7c4fe6f42559071f6a2b6b3ae4c8dfbac75c93eff06183384e-json.log", "Name": "/sad_kowalevski", "RestartCount": 0, "Driver": "overlay2", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "default", "PortBindings": {}, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/c1f9c94d4aedf4d4f41347837982600e70c211e9956521186a7938397f166ad5-init/diff:/var/lib/docker/overlay2/5654bedcae9b25c616faff203d638b355157830d5431e7fee474feea8d461338/diff", "MergedDir": "/var/lib/docker/overlay2/c1f9c94d4aedf4d4f41347837982600e70c211e9956521186a7938397f166ad5/merged", "UpperDir": "/var/lib/docker/overlay2/c1f9c94d4aedf4d4f41347837982600e70c211e9956521186a7938397f166ad5/diff", "WorkDir": "/var/lib/docker/overlay2/c1f9c94d4aedf4d4f41347837982600e70c211e9956521186a7938397f166ad5/work" }, "Name": "overlay2" }, "Mounts": [], "Config": { "Hostname": "aa5929e423cc", "Domainname": "", "User": "", "AttachStdin": true, "AttachStdout": true, "AttachStderr": true, "Tty": true, "OpenStdin": true, "StdinOnce": true, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/bash" ], "ArgsEscaped": true, "Image": "reg.cloud.com/centos", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "build-date": "20170911", "license": "GPLv2", "name": "CentOS Base Image", "vendor": "CentOS" } }, "NetworkSettings": { "Bridge": "", "SandboxID": "678fe422029b37a8872fc582881d83b6d3f0c10fdfd28c071458de1622be668c", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": {}, "SandboxKey": "/var/run/docker/netns/678fe422029b", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "71304bd92f81fc9cc2dc54b529533491949f89e0aeaa63a8f524ab7bb73454d4", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:02", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa", "EndpointID": "71304bd92f81fc9cc2dc54b529533491949f89e0aeaa63a8f524ab7bb73454d4", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } } } } ] | cs |
"NetworkID": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa",
"EndpointID": "71304bd92f81fc9cc2dc54b529533491949f89e0aeaa63a8f524ab7bb73454d4",
=> 종료되지 않은 Container는 위처럼 네트워크가 살아있다
*Docker 이미지란 :
- 읽기 전용 템플릿으로 컨테이너 인스턴스를 저장한 파일
- overlay라는 레이어 파일 시스템을 사용
- 호스트 사이에서 이동성을 제공
- Dockerfile로 자신만의 이미지 생성
1) Docker 이미지 조회 :
1 2 3 4 5 6 | [root@host01-2 docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry 2.5 36e3b1f8d3f1 4 months ago 37.8MB reg.cloud.com/ubuntu latest 20c44cd7596f 6 months ago 123MB reg.cloud.com/centos latest d123f4e55e12 6 months ago 197MB | cs |
2) Docker 레이어 파일 시스템 확인 :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | [root@host01-2 docker]# cd overlay2/ [root@host01-2 overlay2]# ls 14f7fd95b0bc618853bb4aba43a95e9d61e3ea1cbb45d0cf4b7752729995623c 923e521a724c0099b1a35f27383bb4ca484bb90b18a503b2ed468d084fa6dfe8 14f7fd95b0bc618853bb4aba43a95e9d61e3ea1cbb45d0cf4b7752729995623c-init ac0c9b3f9d8664c6df53bf4e863a78d107a5c054e5a9a277d32e31a0a1b8977b 336d5fadb8f0ac24b795420979393e4e1d54de4ad75ce3255eac00ede7349012 ba37afeb0b3b6b67fb8e9fdd1aaa75f41caff6b23f3b6bc8e76568e307ec6c8b 34dd34b11d511e3309acd2c978aba79f4ea5d218ab08289cff5bee1ef2362977 backingFsBlockDev 34dd34b11d511e3309acd2c978aba79f4ea5d218ab08289cff5bee1ef2362977-init c1f9c94d4aedf4d4f41347837982600e70c211e9956521186a7938397f166ad5 40b303daad22bc5c74373f2aab144a0109d680307364a4815c01d724be20eab5 c1f9c94d4aedf4d4f41347837982600e70c211e9956521186a7938397f166ad5-init 40b303daad22bc5c74373f2aab144a0109d680307364a4815c01d724be20eab5-init c228ec2be618735dac211a9b503c2aaea4e4a82943bfd27e0fad1239e83f610b 4ed4d836bf9086e79708240589b09e2a6a44e4e155c3ef06e617e84df7bbe88a ca77f99e41ba3db530bc57b1b66655a5a02e95120a27b6f609f4537cff456000 5654bedcae9b25c616faff203d638b355157830d5431e7fee474feea8d461338 fd2f482cf2042074824ab14c60d38a98dcaaf03acd41af9b3466f9d0dd9b87fa 7e51f10615f7bccd4c0a5bdfd9c5344d9cff32d78e72781fc325fef061fefeb6 l 90c35895a6516132fe8fcd791bfaa9fc42f9b131bb5ef1bf94cb45fab730e0e9 [root@host01-2 overlay2]# pwd /var/lib/docker/overlay2 | cs |
/var/lib/docker/overlay2 Path에 있는 레이어들을 합쳐서 단일 레이어로 만들어낸다.
*Container Lifecycle
Container 실행방법은 2가지
docker run
docker start
이 둘의 공통점은 container를 실행상태로 만드는것
그리고 새로운 Container로 실행되는것
Shutdown된 컨테이너를 다시 실행도 가능하다!
run을 하면 실행이된다
run => start => stop
run => start => kill
컨테이너 목록을 보려면 ps 명령어를 사용한다 :
1 2 3 4 | [root@host01-2 overlay2]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES aa5929e423cc reg.cloud.com/centos "/bin/bash" 35 minutes ago Up 35 minutes sad_kowalevski | cs |
Tag 형태로 이미지 버전 가져오기
1 2 3 4 5 6 7 8 9 10 11 12 | [root@host01-2 overlay2]# docker run ubuntu:14.04 Unable to find image 'ubuntu:14.04' locally 14.04: Pulling from library/ubuntu 324d088ce065: Pull complete 2ab951b6c615: Pull complete 9b01635313e2: Pull complete 04510b914a6c: Pull complete 83ab617df7b4: Pull complete Digest: sha256:b8855dc848e2622653ab557d1ce2f4c34218a9380cceaa51ced85c5f3c8eb201 Status: Downloaded newer image for ubuntu:14.04 [root@host01-2 overlay2]# ls | cs |
*Docker Shell 로 실행하기( -it : interactive 옵션)
1 2 3 | [root@host01-2 overlay2]# docker run -it reg.cloud.com/busybox sh / # | cs |
*모든 컨테이너 삭제 명령어
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [root@host01-2 overlay2]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 11259166b002 reg.cloud.com/busybox "sh" About a minute ago Exited (130) 3 seconds ago inspiring_sammet bb3c126f13d0 reg.cloud.com/busybox "bash" About a minute ago Created hardcore_lumiere 09c4e0da958a ubuntu:14.04 "/bin/bash" 4 minutes ago Exited (0) 4 minutes ago jolly_wright 18355d103192 ubuntu:latest "/bin/bash" 11 minutes ago Exited (127) 5 minutes ago determined_kalam aa5929e423cc reg.cloud.com/centos "/bin/bash" 41 minutes ago Up 41 minutes sad_kowalevski 07802d6d9bd9 reg.cloud.com/centos "/bin/bash" About an hour ago Exited (130) 42 minutes ago amazing_curran a63244e84c0b reg.cloud.com/centos "/bin/bash" About an hour ago Exited (0) About an hour ago sharp_mclean 3e5c8d877885 reg.cloud.com/centos "cat /etc/os-release" About an hour ago Exited (0) About an hour ago laughing_carson [root@host01-2 overlay2]# docker rm -f $(docker ps -aq) 11259166b002 bb3c126f13d0 09c4e0da958a 18355d103192 aa5929e423cc 07802d6d9bd9 a63244e84c0b 3e5c8d877885 | cs |
*이름과 함께 띄우기(docker run -it --name hong reg.cloud.com/busybox sh)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [root@host01-2 overlay2]# docker run -it --name hong reg.cloud.com/busybox sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 40: eth0@if41: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.17.0.1 0.0.0.0 UG 0 0 0 eth0 172.17.0.0 * 255.255.0.0 U 0 0 0 eth0 / # cat /etc/resolv.conf # Generated by NetworkManager search cloud.com nameserver 10.10.12.1 #호스트의 DNS 네임스페이스 값을 가져온다 | cs |
*Container Commit 하기
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | / # exit [root@host01-2 overlay2]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5bba4cbd910c reg.cloud.com/busybox "sh" About a minute ago Exited (130) 4 seconds ago hong [root@host01-2 overlay2]# docker commit hong hongImages invalid reference format: repository name must be lowercase [root@host01-2 overlay2]# docker commit hong hongimages sha256:f6d8cd4a7d7123996b50966b76c3aae5ad61e294fe0bae6bad451d52f241e27b [root@host01-2 overlay2]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hongimages latest f6d8cd4a7d71 6 seconds ago 1.13MB ubuntu 14.04 8cef1fa16c77 3 weeks ago 223MB ubuntu latest 452a96d81c30 3 weeks ago 79.6MB registry 2.5 36e3b1f8d3f1 4 months ago 37.8MB reg.cloud.com/ubuntu latest 20c44cd7596f 6 months ago 123MB reg.cloud.com/busybox latest 6ad733544a63 6 months ago 1.13MB reg.cloud.com/centos latest d123f4e55e12 6 months ago 197MB [root@host01-2 overlay2]# | cs |
*Commit 후 싱글 레이어로 뽑아내기(Export -> Import)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | [root@host01-2 ~]# docker run -it --name c3 reg.cloud.com/ubuntu bash root@9274dde20cf2:/# mkdir /test root@9274dde20cf2:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys test tmp usr var root@9274dde20cf2:/# cd /test root@9274dde20cf2:/test# ls root@9274dde20cf2:/test# exit exit [root@host01-2 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9274dde20cf2 reg.cloud.com/ubuntu "bash" 32 seconds ago Exited (0) 3 seconds ago c3 e1d6ad627dcc reg.cloud.com/busybox "ls /home" 4 minutes ago Exited (0) 4 minutes ago wizardly_engelbart 515222fedcc3 reg.cloud.com/busybox "ls /home" 4 minutes ago Exited (0) 4 minutes ago affectionate_archimedes 5bba4cbd910c reg.cloud.com/busybox "sh" 10 minutes ago Exited (130) 8 minutes ago hong [root@host01-2 ~]# docker export c3 > /tmp/ubuntu2.tar [root@host01-2 ~]# cd /tmp/ [root@host01-2 tmp]# ls 20c44cd7596ff4807aef84273c99588d22749e2a7e15a7545ac96347baa65eda.json 791a7c2dac840f5430500629700bfe3ba0cdb38a824c4623a96b8f95c94178d0 manifest.json ubuntu.tar 461feffa712154ef19f136c6eba8ede98241426c8cb3633f2c1da0d4e94770b3 b87aa680bd7b8e8cb13b55aa4024f1e0a08f8f81d1315188ac73685b5a295de4 repositories 4df5c9fd64c6dd1f92a0558541b73a813b77da868b19d58cb94cae42ba32c6a8 daee585a59213f889a01c1441466e0f0aeff76d6fc4d80e166145db3e779a3a5 ubuntu2.tar [root@host01-2 tmp]# docker import /tmp/ubuntu2.tar hongtest sha256:9a8341b96270a410180c6d176b63f9cf7f561b0f9bf1be5483355cbad66a9871 [root@host01-2 tmp]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hongtest latest 9a8341b96270 7 seconds ago 98.4MB <none> <none> ab0f85b7f2e6 4 minutes ago 1.13MB <none> <none> 9579d5ccef21 5 minutes ago 1.13MB hongimages latest f6d8cd4a7d71 9 minutes ago 1.13MB ubuntu 14.04 8cef1fa16c77 3 weeks ago 223MB ubuntu latest 452a96d81c30 3 weeks ago 79.6MB registry 2.5 36e3b1f8d3f1 4 months ago 37.8MB reg.cloud.com/ubuntu latest 20c44cd7596f 6 months ago 123MB reg.cloud.com/busybox latest 6ad733544a63 6 months ago 1.13MB reg.cloud.com/centos latest d123f4e55e12 6 months ago 197MB [root@host01-2 tmp]# docker history "docker history" requires exactly 1 argument. See 'docker history --help'. Usage: docker history [OPTIONS] IMAGE [flags] Show the history of an image [root@host01-2 tmp]# docker history hongtest IMAGE CREATED CREATED BY SIZE COMMENT 9a8341b96270 49 seconds ago 98.4MB Imported from - [root@host01-2 tmp]# docker run -it hongtest bash root@4cbd222f2ce3:/# ls /test/ root@4cbd222f2ce3:/# | cs |
*PID와 UTS 네임스페이스 공유하기
- 네임스페이스 공유 (컨테이너끼리 공유할 수 있다)
Why?=>컨테이너 안에 보안통제 어플리케이션을 띄운다고 가정했을 때 HOST의 프로세스를 모니터링/확인해야 하기 때문에 필요!
1) HOST와 네임스페이스 PID공유 방법 :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 | [root@host01-2 tmp]# docker run -it reg.cloud.com/ubuntu bash root@5c47432901b6:/# ps -ef PID TTY TIME CMD 2681 pts/0 00:00:00 bash 10149 pts/0 00:00:00 bash 10182 pts/0 00:00:00 ps #프로세스가 몇 개 안 root@a36e01acc480:/# exit exit [root@host01-2 tmp]# docker run -it --pid=host reg.cloud.com/ubuntu bash root@5c47432901b6:/# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 May20 ? 00:00:04 /usr/lib/systemd/systemd --system --deserialize 15 root 2 0 0 May20 ? 00:00:00 [kthreadd] root 3 2 0 May20 ? 00:00:00 [ksoftirqd/0] root 5 2 0 May20 ? 00:00:00 [kworker/0:0H] root 7 2 0 May20 ? 00:00:00 [migration/0] root 8 2 0 May20 ? 00:00:00 [rcu_bh] root 9 2 0 May20 ? 00:00:01 [rcu_sched] root 10 2 0 May20 ? 00:00:00 [watchdog/0] root 11 2 0 May20 ? 00:00:00 [watchdog/1] root 12 2 0 May20 ? 00:00:00 [migration/1] root 13 2 0 May20 ? 00:00:00 [ksoftirqd/1] root 15 2 0 May20 ? 00:00:00 [kworker/1:0H] root 17 2 0 May20 ? 00:00:00 [kdevtmpfs] root 18 2 0 May20 ? 00:00:00 [netns] root 19 2 0 May20 ? 00:00:00 [khungtaskd] root 20 2 0 May20 ? 00:00:00 [writeback] root 21 2 0 May20 ? 00:00:00 [kintegrityd] root 22 2 0 May20 ? 00:00:00 [bioset] root 23 2 0 May20 ? 00:00:00 [kblockd] root 24 2 0 May20 ? 00:00:00 [md] root 31 2 0 May20 ? 00:00:00 [kswapd0] root 32 2 0 May20 ? 00:00:00 [ksmd] root 33 2 0 May20 ? 00:00:00 [khugepaged] root 34 2 0 May20 ? 00:00:00 [crypto] root 42 2 0 May20 ? 00:00:00 [kthrotld] root 44 2 0 May20 ? 00:00:00 [kmpath_rdacd] root 45 2 0 May20 ? 00:00:00 [kpsmoused] root 47 2 0 May20 ? 00:00:00 [ipv6_addrconf] root 66 2 0 May20 ? 00:00:00 [deferwq] root 98 2 0 May20 ? 00:00:00 [kauditd] root 281 2 0 May20 ? 00:00:00 [scsi_eh_0] root 282 2 0 May20 ? 00:00:00 [scsi_tmf_0] root 283 2 0 May20 ? 00:00:00 [ata_sff] root 284 2 0 May20 ? 00:00:00 [vmw_pvscsi_wq_0] root 286 2 0 May20 ? 00:00:00 [scsi_eh_1] root 288 2 0 May20 ? 00:00:00 [scsi_tmf_1] root 289 2 0 May20 ? 00:00:00 [scsi_eh_2] root 290 2 0 May20 ? 00:00:00 [scsi_eh_3] root 291 2 0 May20 ? 00:00:00 [scsi_tmf_2] root 292 2 0 May20 ? 00:00:00 [scsi_tmf_3] root 293 2 0 May20 ? 00:00:00 [scsi_eh_4] root 294 2 0 May20 ? 00:00:00 [scsi_tmf_4] root 295 2 0 May20 ? 00:00:00 [scsi_eh_5] root 296 2 0 May20 ? 00:00:00 [scsi_tmf_5] root 297 2 0 May20 ? 00:00:00 [scsi_eh_6] root 298 2 0 May20 ? 00:00:00 [scsi_tmf_6] root 299 2 0 May20 ? 00:00:00 [scsi_eh_7] root 300 2 0 May20 ? 00:00:00 [scsi_tmf_7] root 301 2 0 May20 ? 00:00:00 [scsi_eh_8] root 302 2 0 May20 ? 00:00:00 [scsi_tmf_8] root 303 2 0 May20 ? 00:00:00 [scsi_eh_9] root 304 2 0 May20 ? 00:00:00 [scsi_tmf_9] root 305 2 0 May20 ? 00:00:00 [scsi_eh_10] root 306 2 0 May20 ? 00:00:00 [scsi_tmf_10] root 307 2 0 May20 ? 00:00:00 [scsi_eh_11] root 308 2 0 May20 ? 00:00:00 [scsi_tmf_11] root 309 2 0 May20 ? 00:00:00 [scsi_eh_12] root 310 2 0 May20 ? 00:00:00 [scsi_tmf_12] root 311 2 0 May20 ? 00:00:00 [scsi_eh_13] root 312 2 0 May20 ? 00:00:00 [scsi_tmf_13] root 313 2 0 May20 ? 00:00:00 [scsi_eh_14] root 314 2 0 May20 ? 00:00:00 [scsi_tmf_14] root 315 2 0 May20 ? 00:00:00 [scsi_eh_15] root 316 2 0 May20 ? 00:00:00 [scsi_tmf_15] root 317 2 0 May20 ? 00:00:00 [scsi_eh_16] root 318 2 0 May20 ? 00:00:00 [scsi_tmf_16] root 319 2 0 May20 ? 00:00:00 [scsi_eh_17] root 320 2 0 May20 ? 00:00:00 [scsi_tmf_17] root 321 2 0 May20 ? 00:00:00 [scsi_eh_18] root 322 2 0 May20 ? 00:00:00 [scsi_tmf_18] root 323 2 0 May20 ? 00:00:00 [scsi_eh_19] root 324 2 0 May20 ? 00:00:00 [scsi_tmf_19] root 325 2 0 May20 ? 00:00:00 [scsi_eh_20] root 326 2 0 May20 ? 00:00:00 [scsi_tmf_20] root 327 2 0 May20 ? 00:00:00 [scsi_eh_21] root 328 2 0 May20 ? 00:00:00 [scsi_tmf_21] root 329 2 0 May20 ? 00:00:00 [scsi_eh_22] root 330 2 0 May20 ? 00:00:00 [scsi_tmf_22] root 331 2 0 May20 ? 00:00:00 [scsi_eh_23] root 332 2 0 May20 ? 00:00:00 [scsi_tmf_23] root 333 2 0 May20 ? 00:00:00 [scsi_eh_24] root 335 2 0 May20 ? 00:00:00 [scsi_eh_25] root 336 2 0 May20 ? 00:00:00 [scsi_tmf_24] root 337 2 0 May20 ? 00:00:00 [scsi_eh_26] root 338 2 0 May20 ? 00:00:00 [scsi_tmf_26] root 339 2 0 May20 ? 00:00:00 [scsi_eh_27] root 340 2 0 May20 ? 00:00:00 [scsi_tmf_27] root 341 2 0 May20 ? 00:00:00 [scsi_eh_28] root 342 2 0 May20 ? 00:00:00 [scsi_tmf_28] root 343 2 0 May20 ? 00:00:00 [scsi_eh_29] root 344 2 0 May20 ? 00:00:00 [scsi_tmf_29] root 345 2 0 May20 ? 00:00:00 [scsi_eh_30] root 346 2 0 May20 ? 00:00:00 [scsi_tmf_30] root 347 2 0 May20 ? 00:00:00 [scsi_eh_31] root 348 2 0 May20 ? 00:00:00 [scsi_tmf_31] root 349 2 0 May20 ? 00:00:00 [scsi_eh_32] root 350 2 0 May20 ? 00:00:00 [scsi_tmf_32] root 378 2 0 May20 ? 00:00:00 [kworker/u4:30] root 379 2 0 May20 ? 00:00:39 [kworker/u4:31] root 380 2 0 May20 ? 00:00:00 [scsi_tmf_25] root 396 2 0 May20 ? 00:00:00 [ttm_swap] root 466 2 0 May20 ? 00:00:00 [kdmflush] root 467 2 0 May20 ? 00:00:00 [bioset] root 478 2 0 May20 ? 00:00:00 [kdmflush] root 479 2 0 May20 ? 00:00:00 [bioset] root 492 2 0 May20 ? 00:00:00 [bioset] root 493 2 0 May20 ? 00:00:00 [xfsalloc] root 494 2 0 May20 ? 00:00:00 [xfs_mru_cache] root 495 2 0 May20 ? 00:00:00 [xfs-buf/dm-0] root 496 2 0 May20 ? 00:00:00 [xfs-data/dm-0] root 497 2 0 May20 ? 00:00:00 [xfs-conv/dm-0] root 498 2 0 May20 ? 00:00:00 [xfs-cil/dm-0] root 499 2 0 May20 ? 00:00:00 [xfs-reclaim/dm-] root 500 2 0 May20 ? 00:00:00 [xfs-log/dm-0] root 501 2 0 May20 ? 00:00:00 [xfs-eofblocks/d] root 502 2 0 May20 ? 00:00:12 [xfsaild/dm-0] root 503 2 0 May20 ? 00:00:00 [kworker/0:1H] root 572 1 0 May20 ? 00:00:01 /usr/lib/systemd/systemd-journald root 592 1 0 May20 ? 00:00:00 /usr/sbin/lvmetad -f root 601 1 0 May20 ? 00:00:00 /usr/lib/systemd/systemd-udevd root 680 2 0 May20 ? 00:00:00 [xfs-buf/sda1] root 681 2 0 May20 ? 00:00:00 [xfs-data/sda1] root 682 2 0 May20 ? 00:00:00 [xfs-conv/sda1] root 683 2 0 May20 ? 00:00:00 [xfs-cil/sda1] root 684 2 0 May20 ? 00:00:00 [xfs-reclaim/sda] root 685 2 0 May20 ? 00:00:00 [xfs-log/sda1] root 686 2 0 May20 ? 00:00:00 [xfs-eofblocks/s] root 687 2 0 May20 ? 00:00:00 [xfsaild/sda1] root 716 2 0 May20 ? 00:00:01 [kworker/1:1H] 81 736 1 0 May20 ? 00:00:00 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 999 738 1 0 May20 ? 00:00:00 /usr/lib/polkit-1/polkitd --no-debug root 739 1 0 May20 ? 00:00:08 /usr/sbin/irqbalance --foreground root 742 1 0 May20 ? 00:00:09 /usr/sbin/rsyslogd -n root 743 1 0 May20 ? 00:00:00 /usr/lib/systemd/systemd-logind root 761 1 0 May20 ? 00:00:00 /sbin/agetty --noclear tty1 linux root 772 1 0 May20 ? 00:00:01 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid root 773 1 0 May20 ? 00:00:04 /usr/sbin/NetworkManager --no-daemon root 1065 1 0 May20 ? 00:00:00 /usr/sbin/sshd -D root 1066 1 0 May20 ? 00:00:25 /usr/bin/python -Es /usr/sbin/tuned -l -P root 1153 1 0 May20 ? 00:00:01 /usr/libexec/postfix/master -w 89 1167 1153 0 May20 ? 00:00:00 qmgr -l -t unix -u root 2675 1065 0 May21 ? 00:00:01 sshd: root@pts/0 root 2681 2675 0 May21 pts/0 00:00:00 -bash root 2894 1 0 May21 ? 00:00:00 /usr/sbin/crond -n root 3603 1 0 May21 ? 00:00:00 /sbin/auditd root 3912 1 0 May21 ? 00:03:55 /usr/bin/dockerd root 3917 3912 0 May21 ? 00:02:39 docker-containerd --config /var/run/docker/containerd/containerd.toml 89 8177 1153 0 00:27 ? 00:00:00 pickup -l -t unix -u root 8946 2 0 01:28 ? 00:00:00 [kworker/0:2] root 9186 2 0 01:33 ? 00:00:00 [kworker/0:3] root 9421 2 0 01:38 ? 00:00:00 [kworker/1:0] root 9668 1065 0 01:43 ? 00:00:00 sshd: root@pts/1 root 9672 9668 0 01:43 ? 00:00:00 -bash root 9878 2 0 01:47 ? 00:00:00 [kworker/1:1] root 9998 2 0 01:52 ? 00:00:00 [kworker/1:2] root 10029 2 0 01:54 ? 00:00:00 [kworker/0:0] root 10121 9672 2 01:56 ? 00:00:00 docker run -it --pid=host reg.cloud.com/ubuntu bash root 10133 3917 0 01:56 ? 00:00:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/5 root 10149 10133 0 01:56 pts/0 00:00:00 bash root 10183 10149 0 01:56 pts/0 00:00:00 ps -ef | cs |
2) Container와 HOST 간 hostname을(UTS) 공유할 수 있다:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | [root@host01-2 tmp]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ab0611fb1cc8 reg.cloud.com/ubuntu "bash" 5 minutes ago Exited (0) 23 seconds ago sharp_benz 5c47432901b6 reg.cloud.com/ubuntu "bash" 10 minutes ago Exited (130) 6 minutes ago zealous_beaver a36e01acc480 reg.cloud.com/ubuntu "bash" 13 minutes ago Exited (0) 11 minutes ago wonderful_gates 4cbd222f2ce3 hongtest "bash" 15 minutes ago Exited (127) 13 minutes ago romantic_chandrasekhar 9274dde20cf2 reg.cloud.com/ubuntu "bash" 21 minutes ago Exited (0) 20 minutes ago c3 e1d6ad627dcc reg.cloud.com/busybox "ls /home" 25 minutes ago Exited (0) 25 minutes ago wizardly_engelbart 515222fedcc3 reg.cloud.com/busybox "ls /home" 25 minutes ago Exited (0) 25 minutes ago affectionate_archimedes 5bba4cbd910c reg.cloud.com/busybox "sh" 30 minutes ago Exited (130) 28 minutes ago hong #--uts 옵션을 통해 host와 hostname을 공유하게 [root@host01-2 tmp]# docker run -it --uts=host reg.cloud.com/ubuntu root@host01-2:/# hostname host01-2.cloud.com root@host01-2:/# ^C root@host01-2:/# ^C root@host01-2:/# exit exit [root@host01-2 tmp]# hostname host01-2.cloud.com [root@host01-2 tmp]# | cs |
* Container IP 확인하기(inspect를 통해 얻은 json 포맷의 object에서 필요한 값을 2중 대괄호안에 입력 ) :
1 2 3 | [root@host01-2 tmp]# docker inspect -f '{{.NetworkSettings.IPAddress}}' ab0611fb1cc8 172.17.0.2 | cs |
* Container PID 확인하기 :
1 2 3 4 5 6 | [root@host01-2 tmp]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ab0611fb1cc8 reg.cloud.com/ubuntu "bash" About a minute ago Up 58 seconds sharp_benz [root@host01-2 tmp]# docker inspect -f '{{.State.Pid}}' ab0611fb1cc8 10301 | cs |
'Docker(도커) Kubernetes' 카테고리의 다른 글
| docker image tag 관리, dockerfile 생성하기, 인스트럭션 사용법 (0) | 2018.05.23 |
|---|---|
| Docker Container와 Host간 web server storage를 공유하도록 만들기 (0) | 2018.05.23 |
| docker 명령어, 프로세스 관리, 실행, 이미지/컨테이너 개념 (0) | 2018.05.21 |
| Docker Container 특징, 컨테이너 기반기술, VM과 컨테이너 차이 (0) | 2018.05.21 |
| Docker 개념, 베어메탈, VM, Docker Container 이해하기 (0) | 2018.05.21 |