MAC下初次玩耍Docker

作者: LiHui 分类: Docker/Kubernetes,Virtualization 发布时间: 2015-11-25 23:02

Github上是给出了MAC下一个快速一键工具,toolbox,会安装Docker Client,Docker Machine,Docker Compose, Docker Kitematic和VirtualBox,因为我本身已经安装了VMware Fusion,因此还是手动体会一下每个部件的作用

安装docker,boot2docker,至于后者是什么,可以当成kvm和qemu的关系好了

$ brew install boot2docker
$ brew install docker

初始化一个虚拟机

$ boot2docker init

这里首先我命令行接口过时了,然后居然在Download最新的1.9.1版本,但是不停换下载链接,等到花儿都谢了也啥都没有,还是果断放弃,重新试试toolbox好了,按照docker的官方文档http://docs.docker.com/engine/installation/mac/

首先,下载toolbox并安装:

https://www.docker.com/docker-toolbox

假如实在抽经的厉害,我已经传到网盘上了,童嫂无欺

http://pan.baidu.com/s/1hqLfIpm

安装完之后(VirtualBox是可以自定义Skip掉的),选Docker Quickstart Terminal,因为我用的是iTerm,因此选择iTerm(Always),就安装完成啦

然后,命令行上,它会后台干一些事情,最终背满箱子的鲸鱼会出现

                        ##         .
                  ## ## ##        ==
               ## ## ## ## ##    ===
           /"""""""""""""""""\___/ ===
      ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
           \______ o           __/
             \    \         __/
              \____\_______/


docker is configured to use the default machine with IP 192.168.99.100
For help getting started, check out the docs at https://docs.docker.com

接着,初始化一个虚拟机

boot2docker init

然后,将这个虚拟机启动,可以看到,虚拟机名字应该是boot2docker-vm

$ boot2docker up

  WARNING: The 'boot2docker' command line interface is officially deprecated.

  Please switch to Docker Machine (https://docs.docker.com/machine/) ASAP.

  Docker Toolbox (https://docker.com/toolbox) is the recommended install method.

Waiting for VM and Docker daemon to start...
.........................oooooooooooooo
Started.
Writing /Users/lihui/.boot2docker/certs/boot2docker-vm/ca.pem
Writing /Users/lihui/.boot2docker/certs/boot2docker-vm/cert.pem
Writing /Users/lihui/.boot2docker/certs/boot2docker-vm/key.pem

To connect the Docker client to the Docker daemon, please set:
    export DOCKER_CERT_PATH=/Users/lihui/.boot2docker/certs/boot2docker-vm
    export DOCKER_TLS_VERIFY=1
    export DOCKER_HOST=tcp://192.168.59.103:2376

Or run: `eval "$(boot2docker shellinit)"`

既然最后提示配置一下环境变量,就照抄了

~ on  master! ⌚ 23:32:54
$ eval "$(boot2docker shellinit)"
Writing /Users/lihui/.boot2docker/certs/boot2docker-vm/ca.pem
Writing /Users/lihui/.boot2docker/certs/boot2docker-vm/cert.pem
Writing /Users/lihui/.boot2docker/certs/boot2docker-vm/key.pem

~ on  master! ⌚ 23:36:23
$ echo $DOCKER_CERT_PATH
/Users/lihui/.boot2docker/certs/boot2docker-vm

~ on  master! ⌚ 23:36:38
$ echo $DOCKER_TLS_VERIFY
1

~ on  master! ⌚ 23:36:44
$ echo $DOCKER_HOST
tcp://192.168.59.103:2376

这时候先用ps确认一下docker进程在后台已经起来了,然后直接ssh登陆

$ boot2docker ssh
                        ##         .
                  ## ## ##        ==
               ## ## ## ## ##    ===
           /"""""""""""""""""\___/ ===
      ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
           \______ o           __/
             \    \         __/
              \____\_______/
 _                 _   ____     _            _
| |__   ___   ___ | |_|___ \ __| | ___   ___| | _____ _ __
| '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__|
| |_) | (_) | (_) | |_ / __/ (_| | (_) | (__|   <  __/ |
|_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_|
Boot2Docker version 1.9.1, build master : cef800b - Fri Nov 20 19:33:59 UTC 2015
Docker version 1.9.1, build a34a1d5
docker@boot2docker:~$

可能会奇怪,这个虚拟机是啥,都没有指定镜像创建,可以简单看看

docker@boot2docker:~$ cat /etc/issue
Core Linux
docker@boot2docker:~$ uname -a
Linux boot2docker 4.1.13-boot2docker #1 SMP Fri Nov 20 19:05:50 UTC 2015 x86_64 GNU/Linux

是一个Tiny Core Linux,小巧的玩意,活动在VirtualBox里;可以简单查看一下进程,

$ ps aux | grep boot2docker
lihui            5954   1.3  6.0  3040188 501612   ??  S    11:32下午   0:29.94 /Applications/VirtualBox.app/Contents/MacOS/VBoxHeadless --comment boot2docker-vm --startvm 44d49d98-e2d1-4f8e-9289-ac987da081de --vrde config
lihui            6267   0.0  0.0  2434836    764 s004  S+   11:45下午   0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn boot2docker
lihui            6186   0.0  0.1  2456224   4216 s003  S+   11:38下午   0:00.03 ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -p 2022 -i /Users/lihui/.ssh/id_boot2docker docker@localhost
lihui            6184   0.0  0.0 573396560   3992 s003  S+   11:38下午   0:00.01 boot2docker ssh

可以看到一个VirtualBox的进程,启动的虚拟机是boot2docker-vm;还有一个ssh的进程,也就是我们登陆的进程

最后来看一下网络,首先是虚拟机内部网络和路由信息

docker@boot2docker:~$ ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: dummy0:  mtu 1500 qdisc noop state DOWN group default
    link/ether 3e:bb:13:3a:53:18 brd ff:ff:ff:ff:ff:ff
3: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:1b:f8:26 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe1b:f826/64 scope link
       valid_lft forever preferred_lft forever
4: eth1:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:2c:dc:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.59.103/24 brd 192.168.59.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe2c:dc24/64 scope link
       valid_lft forever preferred_lft forever
5: docker0:  mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:a5:47:f2:eb brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
docker@boot2docker:~$ ip r
default via 10.0.2.2 dev eth0  metric 1
10.0.2.0/24 dev eth0  proto kernel  scope link  src 10.0.2.15
127.0.0.1 dev lo  scope link
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1
192.168.59.0/24 dev eth1  proto kernel  scope link  src 192.168.59.103

根据这路由规则,看上去感觉如果能通外网,应该是eth0做了一层NAT, 虚拟机发送ICMP,在MAC上面进行抓包

虚拟机内部

docker@boot2docker:~$ ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114): 56 data bytes
64 bytes from 114.114.114.114: seq=0 ttl=63 time=9.930 ms
64 bytes from 114.114.114.114: seq=1 ttl=63 time=13.525 ms
64 bytes from 114.114.114.114: seq=2 ttl=63 time=11.460 ms
64 bytes from 114.114.114.114: seq=3 ttl=63 time=10.323 ms
64 bytes from 114.114.114.114: seq=4 ttl=63 time=10.443 ms
64 bytes from 114.114.114.114: seq=5 ttl=63 time=18.575 ms
64 bytes from 114.114.114.114: seq=6 ttl=63 time=14.410 ms

MAC

~ on  master! ⌚ 23:54:39
$ sudo tshark -i en0 icmp
Password:
Capturing on 'Wi-Fi'
  1   0.000000  192.168.1.6 -> 114.114.114.114 ICMP 98 Echo (ping) request  id=0x0f09, seq=0/0, ttl=63
  2   0.007442 114.114.114.114 -> 192.168.1.6  ICMP 98 Echo (ping) reply    id=0x0f09, seq=0/0, ttl=70 (request in 1)
  3   1.005122  192.168.1.6 -> 114.114.114.114 ICMP 98 Echo (ping) request  id=0x0f09, seq=1/256, ttl=63
  4   1.015212 114.114.114.114 -> 192.168.1.6  ICMP 98 Echo (ping) reply    id=0x0f09, seq=1/256, ttl=82 (request in 3)
  5   2.006348  192.168.1.6 -> 114.114.114.114 ICMP 98 Echo (ping) request  id=0x0f09, seq=2/512, ttl=63
  6   2.015235 114.114.114.114 -> 192.168.1.6  ICMP 98 Echo (ping) reply    id=0x0f09, seq=2/512, ttl=75 (request in 5)
  7   3.010346  192.168.1.6 -> 114.114.114.114 ICMP 98 Echo (ping) request  id=0x0f09, seq=3/768, ttl=63
  8   3.019061 114.114.114.114 -> 192.168.1.6  ICMP 98 Echo (ping) reply    id=0x0f09, seq=3/768, ttl=73 (request in 7)
  9   4.014568  192.168.1.6 -> 114.114.114.114 ICMP 98 Echo (ping) request  id=0x0f09, seq=4/1024, ttl=63
 10   4.023377 114.114.114.114 -> 192.168.1.6  ICMP 98 Echo (ping) reply    id=0x0f09, seq=4/1024, ttl=81 (request in 9)

记得以前看过,容器之间namespace隔离,应该是通过Linux Bridge连通的 ,下次再研究研究 

纯属恶搞

浙ICP备16024533号

浙公网安备 33010802007459号