Centos7 Docker基本特性入门实践-3_centos7中docker知识-优快云博客

本文介绍了如何在CentOS7中使用Docker进行网络管理和数据卷操作。内容包括断开Container网络，实现跨子网Container的连通，以及Data Volume的创建和共享。通过具体命令演示了如何连接和断开Docker网络，创建Data Volume并设置读写权限，以及创建共享的Data Volume Container。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

续CentOS 7 Docker基本特性入门实践-1

续CentOS 7 Docker基本特性入门实践-2

断开Container网络

可以断开一个Container的网络，来将一个Container从一个Docker网络中移除，只需要指定网络名称和Container名称即可（或者Container的ID），命令如下所示：

 
docker network disconnect bridge pgdb
 
或
 
docker network disconnect bridge 5ab157767bbd991401c351cfb452d663f5cd93dd1edc56767372095a5c2e7f73

连通处于两个子网中的Docker Container

下面，运行一个Web application，默认使用bridge网络：

`1`	`docker run -d --name myweb training/webapp python app.py`

通过命令：

`1`	`docker inspect --format='{{json .NetworkSettings.Networks}}'` `myweb`

可以查看该应用连接网络的状况，如下所示（结果格式化过）：

 
{
 
    "bridge": {
 
        "IPAMConfig": null,
 
        "Links": null,
 
        "Aliases": null,
 
        "NetworkID": "2872de41fddddc22420eecad253107e09a305f3512ade31d4172d3b80723d8b6",
 
        "EndpointID": "a4e66b540e632c346f345c7972617ccdfaa4ef36eefbdc3a298d524b5cf13897",
 
        "Gateway": "172.17.0.1",
 
        "IPAddress": "172.17.0.4",
 
        "IPPrefixLen": 16,
 
        "IPv6Gateway": "",
 
        "GlobalIPv6Address": "",
 
        "GlobalIPv6PrefixLen": 0,
 
        "MacAddress": "02:42:ac:11:00:04"
 
    }
 
}

或者，获取直接Container的IP地址，执行命令：

 
    1 docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' myweb

结果如下：

`1`	`172.17.0.4`

接着，我们再在my-bridge-network网络中启动一个Container，名称为mydb，执行如下命令：

`1`	`docker run -d --name mydb --network my-bridge-network training/postgres`

查看mydb应用连接网络的状态（结果格式化过）：

 
{
 
    "my-bridge-network": {
 
        "IPAMConfig": null,
 
        "Links": null,
 
        "Aliases": [
 
            "fbfbad9e0bd3"
 
        ],
 
        "NetworkID": "fc19452525e5d2f5f1fc109656f0385bf2f268b47788353c3d9ee672da31b33a",
 
        "EndpointID": "49c7afbf24be165b98ea29dbfd7b1e2c0eecd9c1ef16a7efde00ab92d0563985",
 
        "Gateway": "172.18.0.1",
 
        "IPAddress": "172.18.0.2",
 
        "IPPrefixLen": 16,
 
        "IPv6Gateway": "",
 
        "GlobalIPv6Address": "",
 
        "GlobalIPv6PrefixLen": 0,
 
        "MacAddress": "02:42:ac:12:00:02"
 
    }
 
}

应用mydb所在网络为my-bridge-network，IP地址为172.18.0.2。
下面，测试从我们的mydb应用所在Container，连接到myweb应用所在的Container（，实际是跨了2个子网，即从my-bridge-network网络连接到bridge网络）。执行如下命令，使得可以在默认的bridge网络中的Container连接到my-bridge-network中的Container，执行如下命令：

`1`	`docker network connect my-bridge-network myweb`

这样，就可以进入到在my-bridge-network网络中的mydb应用所在Container中，通过ping命令，来ping另一个默认bridge网络中myweb应用：

 
[root@localhost mydockerbuild]# docker exec -it mydb bash
 
root@fbfbad9e0bd3:/# ifconfig
 
eth0      Link encap:Ethernet  HWaddr 02:42:ac:12:00:02
 
          inet addr:172.18.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
 
          inet6 addr: fe80::42:acff:fe12:2/64 Scope:Link
 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
          RX packets:36 errors:0 dropped:0 overruns:0 frame:0
 
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
 
          collisions:0 txqueuelen:0
 
          RX bytes:3530 (3.5 KB)  TX bytes:1124 (1.1 KB)
 
 
 
lo        Link encap:Local Loopback
 
          inet addr:127.0.0.1  Mask:255.0.0.0
 
          inet6 addr: ::1/128 Scope:Host
 
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
 
          RX packets:26 errors:0 dropped:0 overruns:0 frame:0
 
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
 
          collisions:0 txqueuelen:1
 
          RX bytes:2274 (2.2 KB)  TX bytes:2274 (2.2 KB)
 
root@fbfbad9e0bd3:/# ping myweb
 
PING myweb (172.18.0.3) 56(84) bytes of data.
 
64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=1 ttl=64 time=0.318 ms
 
64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=2 ttl=64 time=2.06 ms
 
64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=3 ttl=64 time=0.506 ms
 
64 bytes from myweb.my-bridge-network (172.18.0.3): icmp_seq=4 ttl=64 time=0.404 ms
 
^C
 
--- myweb ping statistics ---
 
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
 
rtt min/avg/max/mdev = 0.318/0.822/2.061/0.718 ms

可见，在不同Docker网络的两个Container之间的网络是连通的。

Docker Data Volumes

一个Data Volume是在一个或多个Container里面的特定的目录，它能够绕过Union Filesystem，提供持久化或共享数据的特性。
添加一个Data Volume，执行如下命令：

`1`	`docker run -d -P --name vweb -v` `/webapp training/webapp python app.py`

添加一个Data Volume，使用-v选项，目录名为/webapp，该目录是在Container内部的目录，可以通过执行命令docker inspect vweb查看当前Container中对应的信息，如下所示：

 
[
 
    {
 
        "Id": "fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33",
 
        "Created": "2017-03-05T16:53:12.614318467Z",
 
        "Path": "python",
 
        "Args": [
 
            "app.py"
 
        ],
 
        "State": {
 
            "Status": "running",
 
            "Running": true,
 
            "Paused": false,
 
            "Restarting": false,
 
            "OOMKilled": false,
 
            "Dead": false,
 
            "Pid": 7555,
 
            "ExitCode": 0,
 
            "Error": "",
 
            "StartedAt": "2017-03-05T16:53:13.380982103Z",
 
            "FinishedAt": "0001-01-01T00:00:00Z"
 
        },
 
        "Image": "sha256:6fae60ef344644649a39240b94d73b8ba9c67f898ede85cf8e947a887b3e6557",
 
        "ResolvConfPath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/resolv.conf",
 
        "HostnamePath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/hostname",
 
        "HostsPath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/hosts",
 
        "LogPath": "/var/lib/docker/containers/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33/fcea99542d4d2838102fc4b627c68a201b868d85f229722325d83968b32c8b33-json.log",
 
        "Name": "/vweb",
 
        "RestartCount": 0,
 
        "Driver": "overlay",
 
        "MountLabel": "",
 
        "ProcessLabel": "",
 
        "AppArmorProfile": "",
 
        "ExecIDs": null,
 
        "HostConfig": {
 
            "Binds": null,
 
            "ContainerIDFile": "",
 
            "LogConfig": {
 
                "Type": "json-file",
 
                "Config": {}
 
            },
 
            "NetworkMode": "default",
 
            "PortBindings": {},
 
            "RestartPolicy": {
 
                "Name": "no",
 
                "MaximumRetryCount": 0
 
            },
 
            "AutoRemove": false,
 
            "VolumeDriver": "",
 
            "VolumesFrom": null,
 
            "CapAdd": null,
 
            "CapDrop": null,
 
            "Dns": [],
 
            "DnsOptions": [],
 
            "DnsSearch": [],
 
            "ExtraHosts": null,
 
            "GroupAdd": null,
 
            "IpcMode": "",
 
            "Cgroup": "",
 
            "Links": null,
 
            "OomScoreAdj": 0,
 
            "PidMode": "",
 
            "Privileged": false,
 
            "PublishAllPorts": true,
 
            "ReadonlyRootfs": false,
 
            "SecurityOpt": null,
 
            "UTSMode": "",
 
            "UsernsMode": "",
 
            "ShmSize": 67108864,
 
            "Runtime": "runc",
 
            "ConsoleSize": [
 
                0,
 
                0
 
            ],
 
            "Isolation": "",
 
            "CpuShares": 0,
 
            "Memory": 0,
 
            "NanoCpus": 0,
 
            "CgroupParent": "",
 
            "BlkioWeight": 0,
 
            "BlkioWeightDevice": null,
 
            "BlkioDeviceReadBps": null,
 
            "BlkioDeviceWriteBps": null,
 
            "BlkioDeviceReadIOps": null,
 
            "BlkioDeviceWriteIOps": null,
 
            "CpuPeriod": 0,
 
            "CpuQuota": 0,
 
            "CpuRealtimePeriod": 0,
 
            "CpuRealtimeRuntime": 0,
 
            "CpusetCpus": "",
 
            "CpusetMems": "",
 
            "Devices": [],
 
            "DiskQuota": 0,
 
            "KernelMemory": 0,
 
            "MemoryReservation": 0,
 
            "MemorySwap": 0,
 
            "MemorySwappiness": -1,
 
            "OomKillDisable": false,
 
            "PidsLimit": 0,
 
            "Ulimits": null,
 
            "CpuCount": 0,
 
            "CpuPercent": 0,
 
            "IOMaximumIOps": 0,
 
            "IOMaximumBandwidth": 0
 
        },
 
        "GraphDriver": {
 
            "Name": "overlay",
 
            "Data": {
 
                "LowerDir": "/var/lib/docker/overlay/59f20340fa5232f5b13300a715b6d422acc32d21385f48336cead00c3227c63a/root",
 
                "MergedDir": "/var/lib/docker/overlay/9c602e4263c42984824b7f1e3c62416cb6056332e6447e65c3d08de7c1f50cd6/merged",
 
                "UpperDir": "/var/lib/docker/overlay/9c602e4263c42984824b7f1e3c62416cb6056332e6447e65c3d08de7c1f50cd6/upper",
 
                "WorkDir": "/var/lib/docker/overlay/9c602e4263c42984824b7f1e3c62416cb6056332e6447e65c3d08de7c1f50cd6/work"
 
            }
 
        },
 
        "Mounts": [
 
            {
 
                "Type": "volume",
 
                "Name": "228bc2018d65523797450822a068550fb8afbdf6ca2e4010a32cbb36961e3d5f",
 
                "Source": "/var/lib/docker/volumes/228bc2018d65523797450822a068550fb8afbdf6ca2e4010a32cbb36961e3d5f/_data",
 
                "Destination": "/webapp",
 
                "Driver": "local",
 
                "Mode": "",
 
                "RW": true,
 
                "Propagation": ""
 
            }
 
        ],
 
        "Config": {
 
            "Hostname": "fcea99542d4d",
 
            "Domainname": "",
 
            "User": "",
 
            "AttachStdin": false,
 
            "AttachStdout": false,
 
            "AttachStderr": false,
 
            "ExposedPorts": {
 
                "5000/tcp": {}
 
            },
 
            "Tty": false,
 
            "OpenStdin": false,
 
            "StdinOnce": false,
 
            "Env": [
 
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
            ],
 
            "Cmd": [
 
                "python",
 
                "app.py"
 
            ],
 
            "Image": "training/webapp",
 
            "Volumes": {
 
                "/webapp": {}
 
            },
 
            "WorkingDir": "/opt/webapp",
 
            "Entrypoint": null,
 
            "OnBuild": null,
 
            "Labels": {}
 
        },
 
        "NetworkSettings": {
 
            "Bridge": "",
 
            "SandboxID": "3f2f86ae96ec76c08e8841c7b8eb75e586000397a8acef9a0098ddf02f2c7da7",
 
            "HairpinMode": false,
 
            "LinkLocalIPv6Address": "",
 
            "LinkLocalIPv6PrefixLen": 0,
 
            "Ports": {
 
                "5000/tcp": [
 
                    {
 
                        "HostIp": "0.0.0.0",
 
                        "HostPort": "32768"
 
                    }
 
                ]
 
            },
 
            "SandboxKey": "/var/run/docker/netns/3f2f86ae96ec",
 
            "SecondaryIPAddresses": null,
 
            "SecondaryIPv6Addresses": null,
 
            "EndpointID": "39693d7b104dab973e7ed27d16bb71b290be39aa83cce5e78f8b80de35309c5a",
 
            "Gateway": "172.17.0.1",
 
            "GlobalIPv6Address": "",
 
            "GlobalIPv6PrefixLen": 0,
 
            "IPAddress": "172.17.0.5",
 
            "IPPrefixLen": 16,
 
            "IPv6Gateway": "",
 
            "MacAddress": "02:42:ac:11:00:05",
 
            "Networks": {
 
                "bridge": {
 
                    "IPAMConfig": null,
 
                    "Links": null,
 
                    "Aliases": null,
 
                    "NetworkID": "2872de41fddddc22420eecad253107e09a305f3512ade31d4172d3b80723d8b6",
 
                    "EndpointID": "39693d7b104dab973e7ed27d16bb71b290be39aa83cce5e78f8b80de35309c5a",
 
                    "Gateway": "172.17.0.1",
 
                    "IPAddress": "172.17.0.5",
 
                    "IPPrefixLen": 16,
 
                    "IPv6Gateway": "",
 
                    "GlobalIPv6Address": "",
 
                    "GlobalIPv6PrefixLen": 0,
 
                    "MacAddress": "02:42:ac:11:00:05"
 
                }
 
            }
 
        }
 
    }
 
]

从上面可以看到，在应用vweb所在Container内部的Data Volume为/webapp。
也可以mount一个宿主机的目录，作为Docker Container的Data Volume：

 
    1 docker run -d -P --name vvweb -v /src/webapp:/webapp training/webapp python app.py

上面命令行中，-v选项的值通过冒号分隔，前半部分是宿主机的目录，而后半部分是Container中的相对目录，并且要求宿主机的目录一定包含Container中的Data Volume的路径。
Docker的Data Volume默认是read-write模式，可以手动指定为只读模型，执行如下命令：

 
    1 docker run -d -P --name web -v /src/webapp:/webapp:ro training/webapp python app.py

另外，也可以创建一个用来存储的Data Volume Container，便于多个Container中的应用共享数据。例如创建一个用来存储数据库数据的Data Volume Container，执行如下命令：

`1`	`docker create -v` `/dbdata --name dbstore training/postgres /bin/true`

创建了一个名称为dbstore的Container。如果其他应用想要共享我们创建的用于存储的Data Volume Container，可以在启动应用Container的时候指定Data Volume，例如启动下面两个Container使用我们创建的dbstore作为共享Data Volume：

 
docker run -d --volumes-from dbstore --name db1 training/postgres
 
docker run -d --volumes-from dbstore --name db2 training/postgres

db1和db2这两个Container共享我们创建的dbstore Data Volume Container，查看这两个Container对应的Volume信息，执行如下命令行：

 
docker inspect db1
 
docker inspect db2

结果分别取出两个Container的Mounts信息，对比发现内容是相同的，如下所示：

 
"Mounts": [
 
            {
 
                "Name": "741950cc3ef8d901dc6cfdbebf8450082a0d22b07957f43bd0de73d05447b365",
 
                "Source": "/var/lib/docker/volumes/741950cc3ef8d901dc6cfdbebf8450082a0d22b07957f43bd0de73d05447b365/_data",
 
                "Destination": "/dbdata",
 
                "Driver": "local",
 
                "Mode": "",
 
                "RW": true,
 
                "Propagation": ""
 
            }
 
        ]