单机
	Bridge Network
	Host Network
	None 
多机
	Overlay Network

https://www.wireshark.org

yujiangdeMBP-13:docker-network yujiang$ cat Vagrantfile 
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.require_version ">= 1.6.0"
boxes = [
    {
        :name => "docker-node1",
        :eth1 => "192.168.56.61",
        :mem => "1024",
        :cpu => "1"
    },
    {
        :name => "docker-node2",
        :eth1 => "192.168.56.62",
        :mem => "1024",
        :cpu => "1"
    },
]

Vagrant.configure(2) do |config|
    config.vm.box = "centos/centos7"
    boxes.each do |opts|
        config.vm.define opts[:name] do |config|
            config.vm.hostname = opts[:name]
            config.vm.provider "vmware_fusion" do |v|
                v.vmx["memsize"] = opts[:mem]
                v.vmx["numvcpus"] = opts[:cpu]
            end
    
            config.vm.provider "virtualbox" do |v|
                v.customize ["modifyvm", :id, "--memory", opts[:mem]]
                v.customize ["modifyvm", :id, "--cpus", opts[:cpu]]
            end
            config.vm.network :private_network, ip:opts[:eth1]
        end
    end
    config.vm.provision "shell", inline: <<-SHELL
        sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
        sudo yum install -y yum-utils device-mapper-persistent-data lvm2
        sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
        sudo yum install docker-ce -y
        sudo systemctl start docker
        sudo systemctl enable docker
        sudo groupadd docker
        sudo gpasswd -a vagrant docker
    SHELL

	# 问题 mount: unnown filesystem type 'vboxsf'
    #config.vm.synced_folder "./share", "/Users/yujiang/Vagrant/docker-network"
    #config.vm.provision "shell", privileged: true, path: "./setup.sh"
end

[vagrant@docker-node1 ~]$ docker run -d --name test1 busybox /bin/sh -c "while true;do sleep 3600; done"
[vagrant@docker-node1 ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
f9a344634aab        busybox             "/bin/sh -c 'while t…"   11 seconds ago      Up 10 seconds                           test1

[vagrant@docker-node1 ~]$ sudo ip netns list
[vagrant@docker-node1 ~]$ sudo ip netns add test1
[vagrant@docker-node1 ~]$ sudo ip netns add test2
[vagrant@docker-node1 ~]$ sudo ip netns list
test2
test1
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ip link set dev lo up
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

[vagrant@docker-node1 ~]$ sudo ip link add veth-test1 type veth peer name veth-test2
[vagrant@docker-node1 ~]$ ip link
5: veth-test2@veth-test1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 96:92:53:64:58:17 brd ff:ff:ff:ff:ff:ff
6: veth-test1@veth-test2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 3e:20:9c:b8:9c:2b brd ff:ff:ff:ff:ff:ff

[vagrant@docker-node1 ~]$ sudo ip link set veth-test1 netns test1
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6: veth-test1@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 3e:20:9c:b8:9c:2b brd ff:ff:ff:ff:ff:ff link-netnsid 0
[vagrant@docker-node1 ~]$ ip link
5: veth-test2@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 96:92:53:64:58:17 brd ff:ff:ff:ff:ff:ff link-netnsid 0

[vagrant@docker-node1 ~]$ sudo ip link set veth-test2 netns test2
[vagrant@docker-node1 ~]$ ip link
5: veth-test2@if6也不见了
[vagrant@docker-node1 ~]$ sudo ip netns exec test2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth-test2@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 96:92:53:64:58:17 brd ff:ff:ff:ff:ff:ff link-netnsid 0

分配IP地址
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ip addr add 192.168.1.2/24 dev veth-test1
[vagrant@docker-node1 ~]$ sudo ip netns exec test2 ip addr add 192.168.1.3/24 dev veth-test2
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ip link set dev veth-test1 up
[vagrant@docker-node1 ~]$ sudo ip netns exec test2 ip link set dev veth-test2 up
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
6: veth-test1@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3e:20:9c:b8:9c:2b brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.1.2/24 scope global veth-test1
       valid_lft forever preferred_lft forever
    inet6 fe80::3c20:9cff:feb8:9c2b/64 scope link 
       valid_lft forever preferred_lft forever
[vagrant@docker-node1 ~]$ sudo ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth-test2@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 96:92:53:64:58:17 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.3/24 scope global veth-test2
       valid_lft forever preferred_lft forever
    inet6 fe80::9492:53ff:fe64:5817/64 scope link 
       valid_lft forever preferred_lft forever

互ping
[vagrant@docker-node1 ~]$ sudo ip netns exec test1 ping 192.168.1.3
PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.051 ms
[vagrant@docker-node1 ~]$ sudo ip netns exec test2 ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.035 ms

[vagrant@docker-node1 ~]$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
36c9fe545daf        bridge              bridge              local
39385556d8cd        host                host                local
7828c2433efd        none                null                local
[vagrant@docker-node1 ~]$ docker network inspect 36c9fe545daf
[
    {
        "Name": "bridge",
        "Id": "36c9fe545daf2ab0917fce9b1a8edee5ebdd4cb375b1083439212506f3fe179c",
        "Created": "2018-12-15T19:24:36.985544361Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": { # test1这个container连到了bridge这个网络
            "f6c6d9b55defc79cf5a39feff1dde1da336f3aa29e68a7577428aefab0196f6b": {
                "Name": "test1",
                "EndpointID": "12a9fa5786c42c486e46bb058e44eb811f8d293ca4a89e1203df134c393d0254",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
[vagrant@docker-node1 ~]$ ip a
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:42:8b:4b:10 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:42ff:fe8b:4b10/64 scope link 
       valid_lft forever preferred_lft forever
8: veth2657408@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether a2:0b:d6:4a:77:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::a00b:d6ff:fe4a:77e5/64 scope link 
       valid_lft forever preferred_lft forever
[vagrant@docker-node1 ~]$ docker exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
veth2657408负责连到docker0，test1 container中有一个接口，test1 container中的eth0与外面的veth2657408是一对。
[vagrant@docker-node1 ~]$ sudo yum install bridge-utils -y
[vagrant@docker-node1 ~]$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242428b4b10	no		veth2657408
同一台宿主机上的container是通过docker0相互通信的。docker0通过NAT来使container访问Internet。

[vagrant@docker-node1 ~]$ docker network create -d bridge my-bridge
7cbd844d6e4cf262eba12277a3e8b4c475a1fb6aa73b9ea312d113d6c519284a
[vagrant@docker-node1 ~]$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
36c9fe545daf        bridge              bridge              local
39385556d8cd        host                host                local
7cbd844d6e4c        my-bridge           bridge              local
7828c2433efd        none                null                local
[vagrant@docker-node1 ~]$ brctl show
bridge name			bridge id			STP enabled		interfaces
br-7cbd844d6e4c		8000.02425dd71cb3	no				
docker0				8000.0242428b4b10	no				veth2657408
														veth7687c87
[vagrant@docker-node1 ~]$ docker run -d --name test3 --network my-bridge busybox /bin/sh -c "while true; do sleep 3600; done"
[vagrant@docker-node1 ~]$ brctl show
bridge name			bridge id			STP enabled		interfaces
br-7cbd844d6e4c		8000.02425dd71cb3	no				vetha530f6b
docker0				8000.0242428b4b10	no				veth2657408
														veth7687c87
[vagrant@docker-node1 ~]$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
36c9fe545daf        bridge              bridge              local
39385556d8cd        host                host                local
7cbd844d6e4c        my-bridge           bridge              local
7828c2433efd        none                null                local
[vagrant@docker-node1 ~]$ docker network inspect 7cbd844d6e4c
[
    {
        "Name": "my-bridge",
        "Id": "7cbd844d6e4cf262eba12277a3e8b4c475a1fb6aa73b9ea312d113d6c519284a",
        "Created": "2018-12-16T13:17:25.765613424Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "5adef860247e056b8f8d2fab89892e10573daff5ea598482f53cefe3152700e0": {
                "Name": "test3",
                "EndpointID": "19f5d575ad3ff8602c7342f036f024e88c4b97c33a68efa206bd810128b82ddc",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
连接到test2上
[vagrant@docker-node1 ~]$ docker network connect my-bridge test2
[vagrant@docker-node1 ~]$ docker network inspect 7cbd844d6e4c
[
    {
        "Name": "my-bridge",
        "Id": "7cbd844d6e4cf262eba12277a3e8b4c475a1fb6aa73b9ea312d113d6c519284a",
        "Created": "2018-12-16T13:17:25.765613424Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "4b7db28e2a457ea6102fd8f06b512041e502dcf54c6d7c362fc5e39f7a0cdf23": {
                "Name": "test2",
                "EndpointID": "cf4a07fff8a8684cd179ae747630ceeef32ebd38b2fb5eb9db4d2d35759970fb",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            },
            "5adef860247e056b8f8d2fab89892e10573daff5ea598482f53cefe3152700e0": {
                "Name": "test3",
                "EndpointID": "19f5d575ad3ff8602c7342f036f024e88c4b97c33a68efa206bd810128b82ddc",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
查看默认的bridge，都有test2，说明test2 Container及连到了默认的bridge又连到了my-bridge。
[vagrant@docker-node1 ~]$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
36c9fe545daf        bridge              bridge              local
39385556d8cd        host                host                local
7cbd844d6e4c        my-bridge           bridge              local
7828c2433efd        none                null                local
[vagrant@docker-node1 ~]$ docker network inspect 36c9fe545daf
[
    {
        "Name": "bridge",
        "Id": "36c9fe545daf2ab0917fce9b1a8edee5ebdd4cb375b1083439212506f3fe179c",
        "Created": "2018-12-15T19:24:36.985544361Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "4b7db28e2a457ea6102fd8f06b512041e502dcf54c6d7c362fc5e39f7a0cdf23": {
                "Name": "test2",
                "EndpointID": "4ba2bbe1ee63a797b528e25533fd09dda8921cf5f688d4a5a24db4efed7410e2",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            },
            "f6c6d9b55defc79cf5a39feff1dde1da336f3aa29e68a7577428aefab0196f6b": {
                "Name": "test1",
                "EndpointID": "12a9fa5786c42c486e46bb058e44eb811f8d293ca4a89e1203df134c393d0254",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
[vagrant@docker-node1 ~]$ docker exec test2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
14: eth1@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.3/16 brd 172.18.255.255 scope global eth1
       valid_lft forever preferred_lft forever

[vagrant@docker-node1 ~]$ docker exec -it test3 /bin/sh
/ # ping 172.18.0.3
PING 172.18.0.3 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.727 ms
/ # ping test2
PING test2 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.058 ms
Container连接到用户自己创建的bridge上，默认是link好的。所以使用Container name也能通。如果连接到docker0则不是。

[vagrant@docker-node1 ~]$ docker run -d --name test1 busybox /bin/sh -c "while true;do sleep 3600; done"
[vagrant@docker-node1 ~]$ sudo docker run -d --name test2 --link test1 busybox /bin/sh -c "while true; do sleep 3600; done"

[vagrant@docker-node1 ~]$ docker exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[vagrant@docker-node1 ~]$ docker exec test2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

[vagrant@docker-node1 ~]$ docker exec -it test2 /bin/sh
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.419 ms
/ # ping test1     (ping Container名字也是通的)
PING test1 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.082 ms

docker run --name nginx -d -p <容器中端口>:<宿主机端口> nginx
[vagrant@docker-node1 ~]$ docker run --name nginx -d -p 80:80 nginx
[vagrant@docker-node1 ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
82d01fa9a547        nginx               "nginx -g 'daemon of…"   14 seconds ago      Up 13 seconds       0.0.0.0:80->80/tcp   nginx
[vagrant@docker-node1 ~]$ curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

[vagrant@docker-node1 ~]$ docker run -d --name test1 --network none busybox /bin/sh -c "while true;do sleep 3600;done"
005cd306dc9e51a50a9bff5a2f2a9c54297c2dfe786443787d54df1d0a10e8bb
[vagrant@docker-node1 ~]$ docker network inspect none
[
    {
        "Name": "none",
        "Id": "7828c2433efde412a4e8d4ffa9a92e121fb6391a37687fda9e2b09f8304ff12b",
        "Created": "2018-12-15T18:17:04.614441655Z",
        "Scope": "local",
        "Driver": "null",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "005cd306dc9e51a50a9bff5a2f2a9c54297c2dfe786443787d54df1d0a10e8bb": {
                "Name": "test1",
                "EndpointID": "46a077f2a809d0073a6c9251897e4dd1e47dd785c6f13f32056dfb13e32f0ded",
                "MacAddress": "",
                "IPv4Address": "",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
[vagrant@docker-node1 ~]$ docker exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

[vagrant@docker-node1 ~]$ docker run -d --name test1 --network host busybox /bin/sh -c "while true;do sleep 3600;done"
0bf2514b4ce329a56491409d6470b0bc8374824be805bec6c5e387ecbb10713f
[vagrant@docker-node1 ~]$ docker network inspect host
[
    {
        "Name": "host",
        "Id": "39385556d8cda0864b8911f06c7c0b79d1858f2d16b6b31fd34e5e87cb8ac08b",
        "Created": "2018-12-15T18:17:04.625179187Z",
        "Scope": "local",
        "Driver": "host",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "0bf2514b4ce329a56491409d6470b0bc8374824be805bec6c5e387ecbb10713f": {
                "Name": "test1",
                "EndpointID": "adfa701db6a153c3fafd4b9fb4d10b35b47872afd9f7595f0b5ee7b9089d59df",
                "MacAddress": "",
                "IPv4Address": "",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
[vagrant@docker-node1 ~]$ docker  exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 52:54:00:47:2c:0d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 84405sec preferred_lft 84405sec
    inet6 fe80::5054:ff:fe47:2c0d/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 02:42:20:4d:38:8a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:20ff:fe4d:388a/64 scope link 
       valid_lft forever preferred_lft forever
4: br-7cbd844d6e4c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue 
    link/ether 02:42:be:6a:02:b8 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-7cbd844d6e4c
       valid_lft forever preferred_lft forever
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 08:00:27:2a:89:41 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.61/24 brd 192.168.56.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe2a:8941/64 scope link 
       valid_lft forever preferred_lft forever
7: vethd963769@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0 
    link/ether ee:f6:51:e6:91:e3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ecf6:51ff:fee6:91e3/64 scope link 
       valid_lft forever preferred_lft forever

Overlay
 +
VXLAN(VXLAN，https://cizixs.com/2017/09/25/vxlan-protocol-introduction/)
 +
隧道(Ethernet、IPV4、UDP)

搭建etcd集群
[vagrant@docker-node1 ~]$ sudo yum install wget -y && wget https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz && tar zxvf etcd-v3.3.10-linux-amd64.tar.gz && cd etcd-v3.3.10-linux-amd64/
[vagrant@docker-node2 ~]$ sudo yum install wget -y && wget https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz && tar zxvf etcd-v3.3.10-linux-amd64.tar.gz && cd etcd-v3.3.10-linux-amd64/

[vagrant@docker-node1 etcd-v3.3.10-linux-amd64]$ nohup ./etcd --name docker-node1 \
--initial-advertise-peer-urls http://192.168.56.61:2380 \
--listen-peer-urls http://192.168.56.61:2380 \
--listen-client-urls http://192.168.56.61:2379,http://127.0.0.1:2379 \
--advertise-client-urls http://192.168.56.61:2379 \
--initial-cluster-token etcd-cluster \
--initial-cluster docker-node1=http://192.168.56.61:2380,docker-node2=http://192.168.56.62:2380 \
--initial-cluster-state new&
[vagrant@docker-node2 etcd-v3.3.10-linux-amd64]$ nohup ./etcd --name docker-node2 \
--initial-advertise-peer-urls http://192.168.56.62:2380 \
--listen-peer-urls http://192.168.56.62:2380 \
--listen-client-urls http://192.168.56.62:2379,http://127.0.0.1:2379 \
--advertise-client-urls http://192.168.56.62:2379 \
--initial-cluster-token etcd-cluster \
--initial-cluster docker-node1=http://192.168.56.61:2380,docker-node2=http://192.168.56.62:2380 \
--initial-cluster-state new&

[vagrant@docker-node1 etcd-v3.3.10-linux-amd64]$ ./etcdctl cluster-health
member 14192bed1b668a6 is healthy: got healthy result from http://192.168.56.61:2379
member 80c395b734da48f6 is healthy: got healthy result from http://192.168.56.62:2379
cluster is healthy
[vagrant@docker-node2 etcd-v3.3.10-linux-amd64]$ ./etcdctl cluster-health
member 14192bed1b668a6 is healthy: got healthy result from http://192.168.56.61:2379
member 80c395b734da48f6 is healthy: got healthy result from http://192.168.56.62:2379
cluster is healthy

[vagrant@docker-node1 etcd-v3.3.10-linux-amd64]$ sudo service docker stop
[vagrant@docker-node1 etcd-v3.3.10-linux-amd64]$ sudo /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=etcd://192.168.56.61:2379 --cluster-advertise=192.168.56.61:2375&
[vagrant@docker-node1 etcd-v3.3.10-linux-amd64]$ sudo docker version

[vagrant@docker-node2 etcd-v3.3.10-linux-amd64]$ sudo service docker stop
[vagrant@docker-node2 etcd-v3.3.10-linux-amd64]$ sudo /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=etcd://192.168.56.62:2379 --cluster-advertise=192.168.56.62:2375&
[vagrant@docker-node2 etcd-v3.3.10-linux-amd64]$ sudo docker version

[vagrant@docker-node1 ~]$ sudo docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
6a9dcf7a7d0a        bridge              bridge              local
39385556d8cd        host                host                local
7828c2433efd        none                null                local
[vagrant@docker-node2 ~]$ sudo docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
e93dec4d4089        bridge              bridge              local
199f9936292d        host                host                local
4a55973792c6        none                null                local
在docker-node1机器上创建overlay网络，名字为demo。会自动同步到docker-node2机器上，这个就是etcd做的。
[vagrant@docker-node1 ~]$ sudo docker network create -d overlay demo
d0cf99b69499e384b52854e852b0c734ebae3f039fdacd762e5347de18454fda
[vagrant@docker-node1 ~]$ sudo docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
6a9dcf7a7d0a        bridge              bridge              local
d0cf99b69499        demo                overlay             global
39385556d8cd        host                host                local
7828c2433efd        none                null                local
[vagrant@docker-node2 ~]$ sudo docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
e93dec4d4089        bridge              bridge              local
d0cf99b69499        demo                overlay             global
199f9936292d        host                host                local
4a55973792c6        none                null                local
[vagrant@docker-node1 etcd-v3.3.10-linux-amd64]$ ./etcdctl ls /docker/network/v1.0/network
/docker/network/v1.0/network/d0cf99b69499e384b52854e852b0c734ebae3f039fdacd762e5347de18454fda
[vagrant@docker-node1 ~]$ docker network inspect demo
[
    {
        "Name": "demo",
        "Id": "d0cf99b69499e384b52854e852b0c734ebae3f039fdacd762e5347de18454fda",
        "Created": "2018-12-17T15:00:39.903457425Z",
        "Scope": "global",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.0.0.0/24",
                    "Gateway": "10.0.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

创建Container测试，在不同的机器上创建相同名字的Container会有报错，当在第二个机器上创建test1 Container时，会去etcd中查找。
[vagrant@docker-node1 ~]$ sudo docker run -d --name test1 --net demo busybox sh -c "while true; do sleep 3600; done"
fabfd6aab82b692d0d59ba5ca61d0315fced0fa459510ebe1d17fe8eacd71882
[vagrant@docker-node2 ~]$ sudo docker run -d --name test1 --net demo busybox sh -c "while true; do sleep 3600; done"
docker: Error response from daemon: Conflict. The container name "/test1" is already in use by container "74d40e80850ca8b95f6c43b7c78f755811e71892116428b1108a1f62553dbf7f". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.
[vagrant@docker-node2 ~]$ sudo docker run -d --name test2 --net demo busybox sh -c "while true; do sleep 3600; done"
09ab0bd6131b7bebbadf7183a4ab6179fd4fea2fe1322c38437e2043bf7b0b43
再次查看网络信息
[vagrant@docker-node1 ~]$ docker network inspect demo
[
    {
        "Name": "demo",
        "Id": "d0cf99b69499e384b52854e852b0c734ebae3f039fdacd762e5347de18454fda",
        "Created": "2018-12-17T15:00:39.903457425Z",
        "Scope": "global",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.0.0.0/24",
                    "Gateway": "10.0.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "ep-596086a2ecffec95d85529df2e24016ac62c8448466f60454e61567482faf02f": {
                "Name": "test2",
                "EndpointID": "596086a2ecffec95d85529df2e24016ac62c8448466f60454e61567482faf02f",
                "MacAddress": "02:42:0a:00:00:03",
                "IPv4Address": "10.0.0.3/24",
                "IPv6Address": ""
            },
            "fabfd6aab82b692d0d59ba5ca61d0315fced0fa459510ebe1d17fe8eacd71882": {
                "Name": "test1",
                "EndpointID": "36027fb8100351e24db8e5691a70420413a5e02d6f397af3794cb2eabdc71fb8",
                "MacAddress": "02:42:0a:00:00:02",
                "IPv4Address": "10.0.0.2/24",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
[vagrant@docker-node1 ~]$ docker exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue 
    link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
15: eth1@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:13:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.2/16 brd 172.19.255.255 scope global eth1
       valid_lft forever preferred_lft forever
[vagrant@docker-node2 ~]$ docker exec test2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue 
    link/ether 02:42:0a:00:00:03 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
10: eth1@if11: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1
       valid_lft forever preferred_lft forever
每个Container中两个接口，这时docker network会多出一个docker_gwbridge，Container内其中一个接口连接的就是docker_gwbridge。
[vagrant@docker-node1 ~]$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
d0cf99b69499        demo                overlay             global
c43108631ed7        docker_gwbridge     bridge              local

[vagrant@docker-node1 ~]$ docker exec test1 ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3): 56 data bytes
64 bytes from 10.0.0.3: seq=0 ttl=64 time=10.259 ms
[vagrant@docker-node1 ~]$ docker exec test1 ping test2
PING test2 (10.0.0.3): 56 data bytes
64 bytes from 10.0.0.3: seq=0 ttl=64 time=5.188 ms

[vagrant@docker-node2 ~]$ docker exec test2 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=8.995 ms
[vagrant@docker-node2 ~]$ docker exec test2 ping test1
PING test1 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=5.485 ms

[vagrant@localhost ~]$ sudo yum install glibc-static gcc -y

[vagrant@localhost ~]$ cat helloworld.c 
#include <stdio.h>

int main() {
    printf("hello world!\n");
    return 0;
}

# 不加-static编译，docker run会报错，为什么？后续再查... ...
# standard_init_linux.go:190: exec user process caused "no such file or directory"
[vagrant@localhost ~]$ gcc -static helloworld.c -o helloworld

[vagrant@localhost ~]$ cat Dockerfile 
FROM scratch
ADD helloworld /
CMD ["/helloworld"]

[vagrant@localhost ~]$ docker build -t yujiang/helloworld .
Sending build context to Docker daemon  19.97kB
Step 1/3 : FROM scratch
 ---> 
Step 2/3 : ADD helloworld /
 ---> 2949199fbdb8
Step 3/3 : CMD ["/helloworld"]
 ---> Running in 3af2e910629e
Removing intermediate container 3af2e910629e
 ---> b898a6498b21
Successfully built b898a6498b21
Successfully tagged yujiang/helloworld:latest

[vagrant@localhost ~]$ docker image ls
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
yujiang/helloworld   latest              b898a6498b21        21 seconds ago      857kB

查看分层
[vagrant@localhost ~]$ docker history yujiang/helloworld
IMAGE               CREATED              CREATED BY                                      SIZE                COMMENT
b898a6498b21        About a minute ago   /bin/sh -c #(nop)  CMD ["/helloworld"]          0B                  
2949199fbdb8        About a minute ago   /bin/sh -c #(nop) ADD file:5e0b91d4866514aa0…   857kB              

[vagrant@localhost ~]$ ll -h
total 848K
-rw-rw-r--. 1 vagrant vagrant   50 Dec 13 16:41 Dockerfile
-rwxrwxr-x. 1 vagrant vagrant 837K Dec 13 16:47 helloworld
-rw-rw-r--. 1 vagrant vagrant   79 Dec 13 16:11 helloworld.c

[vagrant@localhost ~]$ docker run yujiang/helloworld
hello world!

docker container commit

[vagrant@localhost ~]$ docker run -it centos
[root@b2985a1be234 /]# yum install vim -y
[root@b2985a1be234 /]# exit
[vagrant@localhost ~]$ docker container ls -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                          PORTS               NAMES
b2985a1be234        centos              "/bin/bash"         3 minutes ago       Exited (0) About a minute ago                       nervous_haslett

[vagrant@localhost ~]$ docker commit b2985a1be234 yujiang/centos-vim
sha256:d0a8856e664eb754f9854c0c27a92c7d01623d2087a77269fbd12ba5021e6e13
[vagrant@localhost ~]$ docker image ls
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
yujiang/centos-vim    latest              d0a8856e664e        59 seconds ago      327MB
centos                latest              1e1148e4cc2c        7 days ago          202MB

[vagrant@localhost ~]$ docker history 1e1148e4cc2c
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
1e1148e4cc2c        7 days ago          /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B                  
<missing>           7 days ago          /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B                  
<missing>           7 days ago          /bin/sh -c #(nop) ADD file:6f877549795f4798a…   202MB               
[vagrant@localhost ~]$ docker history d0a8856e664e
IMAGE               CREATED              CREATED BY                                      SIZE                COMMENT
d0a8856e664e        About a minute ago   /bin/bash                                       126MB               
1e1148e4cc2c        7 days ago           /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B                  
<missing>           7 days ago           /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B                  
<missing>           7 days ago           /bin/sh -c #(nop) ADD file:6f877549795f4798a…   202MB 

[vagrant@localhost ~]$ mkdir centos-vim && cd centos-vim

[vagrant@localhost centos-vim]$ vim Dockerfile
FROM centos
RUN yum install vim -y	

[vagrant@localhost centos-vim]$ docker build -t yujiang/centos-vim .
Sending build context to Docker daemon  2.048kB
Step 1/2 : FROM centos
 ---> 1e1148e4cc2c
Step 2/2 : RUN yum install vim -y
 ---> Running in 8122262ff02a

...安装过程省略...

Complete!
Removing intermediate container 8122262ff02a
 ---> e00635baf672
Successfully built e00635baf672
Successfully tagged yujiang/centos-vim:latest



Step 1/2 直接引用centos这层image(1e1148e4cc2c)
Step 2/2 生成了一个临时的image(8122262ff02a)，在临时的image里面通过yum安装vim，安装完以后临时的image会被remove掉（Removing intermediate container 8122262ff02a），最后根据刚才临时的image commit成为一个新的image。如果build过程中报错，可以使用这个debug(docker run -it 8122262ff02a /bin/bash)

[vagrant@localhost centos-vim]$ docker image ls
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
yujiang/centos-vim    latest              e00635baf672        6 minutes ago       327MB
centos                latest              1e1148e4cc2c        7 days ago          202MB

官方文档：https://docs.docker.com/engine/reference/builder/

FROM scratch		# 制作base image
FROM centos			# 使用base image
FROM ubuntu:14.04	
尽量使用官方的image作为base image

LABEL maintainer="lnsyyj@xxx.com"
LABEL version="1.0"
LABEL description="Tish is description"
定义image的metadata

RUN yum update && yum install -y vim \
	python-devel # 反斜线换行
RUN apt-get update && apt-get install -y perl \
	pwgen --no-install-recommends && rm -rf \
	/var/lib/apt/lists/* # 注意清理cache
RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME'
为了美观，复杂的RUN请用反斜杠换行，避免无用分层，合并多条命令成一行。

WORKDIR /root

WORKDIR /test	# 如果没有会自动创建test目录
WORKDIR demo
RUN pwd		# 输出结果应该是/test/demo
用WORKDIR，不要用RUN cd，尽量使用绝对路径！

ADD hello /

ADD test.tar.gz /	# 添加到根目录并解压

WORKDIR /root
ADD hello test/		# /root/test/hello

WORKDIR /root
COPY hello test/
大部分情况，COPY优于ADD！ADD除了COPY还有额外功能(解压)！添加远程文件/目录请使用curl或者wget下载到docker中！

ENV MYSQL_VERSION 5.6	# 设置常量
RUN apt-get install -y mysql-server="${MYSQL_VERSION}" \
	&& rm -rf /var/lib/apt/lists/*	# 引用常量
尽量使用ENV增加可维护性！

（存储和网络），后面我们单独讲！

后面我们单独讲！

RUN：执行命令并创建新的Image Layer
CMD：设置容器启动后默认执行的命令和参数
ENTRYPOINT：设置容器启动时运行的命令

RUN apt-get install -y vim
CMD echo "hello docker"
ENTRYPOINT echo "hello docker"

RUN [ "apt-get", "install", "-y", "vim" ]
CMD [ "/bin/echo", "hello docker" ]
ENTRYPOINT [ "/bin/echo", "hello docker" ]

Dockerfile1：
FROM centos
ENV name Docker
ENTRYPOINT echo "hello $name"

Dockerfile2：
FROM centos
ENV name Docker
ENTRYPOINT [ "/bin/echo", "hello $name" ]

Dockerfile2会原样输出"hello $name"，不会像Dockerfile1那样输出"hello Docker"。如何使Dockerfile2像Dockerfile1那样输出的？请看Dockerfile3

Dockerfile3：
FROM centos
ENV name Docker
ENTRYPOINT [ "/bin/bash", "-c", "echo hello $name" ] # 指定-c参数，后面的命令需要放在一个""中，作为一条命令

FROM centos
ENV name Docker
CMD echo "hello $name"

docker run [image]输出？打印"hello Docker"
Docker run -it [image] /bin/bash输出？不会打印"hello Docker"，/bin/bash覆盖了CMD

COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT [ "docker-entrypoint.sh" ]

EXPOSE 27017
CMD [ "mongod" ]

[vagrant@localhost ~]$ docker build -t lnsyyj/helloworld .
[vagrant@localhost ~]$ docker images
lnsyyj/helloworld     latest              1a8620e6d6de        46 hours ago        857kB

[vagrant@localhost ~]$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: lnsyyj
Password: 
Login Succeeded

[vagrant@localhost ~]$ docker push lnsyyj/helloworld:latest
The push refers to repository [docker.io/lnsyyj/helloworld]
a9094ec14918: Pushed 
latest: digest: sha256:dd740db962a1e3a8fb74461505f539248b7c88de80b133db612c22e80d7b2d17 size: 527

删除本地镜像，测试下载镜像
[vagrant@localhost ~]$ docker rmi lnsyyj/helloworld
[vagrant@localhost ~]$ docker pull lnsyyj/helloworld

https://hub.docker.com/_/registry

[vagrant@localhost ~]$ docker run -d -p 5000:5000 --restart always --name registry registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
d6a5679aa3cf: Pull complete 
ad0eac849f8f: Pull complete 
2261ba058a15: Pull complete 
f296fda86f10: Pull complete 
bcd4a541795b: Pull complete 
Digest: sha256:5a156ff125e5a12ac7fdec2b90b7e2ae5120fa249cf62248337b6d04abc574c8
Status: Downloaded newer image for registry:2
2707d472d3dba19f366c7ca51e621b83a63975492152880e01268a326d34bf50

[vagrant@localhost ~]$ docker build -t 10.0.2.15:5000/helloworld .
Sending build context to Docker daemon  873.5kB
Step 1/3 : FROM scratch
 ---> 
Step 2/3 : ADD helloworld /
 ---> Using cache
 ---> 1b468168e95e
Step 3/3 : CMD ["/helloworld"]
 ---> Using cache
 ---> 1a8620e6d6de
Successfully built 1a8620e6d6de
Successfully tagged 10.0.2.15:5000/helloworld:latest

[vagrant@localhost ~]$ cat /etc/docker/daemon.json 
{ "insecure-registries": ["10.0.2.15:5000"] }

[vagrant@localhost ~]$ sudo vim /lib/systemd/system/docker.service 
添加
EnvironmentFile=-/etc/docker/daemon.json
[vagrant@localhost ~]$ sudo systemctl daemon-reload
[vagrant@localhost ~]$ service docker restart

push到私有镜像仓库
[vagrant@localhost ~]$ docker images
10.0.2.15:5000/helloworld   latest              1a8620e6d6de        47 hours ago        857kB
[vagrant@localhost ~]$ curl http://10.0.2.15:5000/v2/_catalog
{"repositories":[]}
[vagrant@localhost ~]$ docker push 10.0.2.15:5000/helloworld
The push refers to repository [10.0.2.15:5000/helloworld]
a9094ec14918: Pushed 
latest: digest: sha256:dd740db962a1e3a8fb74461505f539248b7c88de80b133db612c22e80d7b2d17 size: 527
[vagrant@localhost ~]$ curl http://10.0.2.15:5000/v2/_catalog
{"repositories":["helloworld"]}
验证
[vagrant@localhost ~]$ docker rmi 10.0.2.15:5000/helloworld
[vagrant@localhost ~]$ docker pull 10.0.2.15:5000/helloworld

docker exec -it <container ID> /bin/bash

docker stop <container ID>

docker inspect <container ID>

docker logs <container ID>

[vagrant@localhost ~]$ mkdir stress && cd stress/
[vagrant@localhost stress]$ cat Dockerfile 
FROM ubuntu
RUN apt-get update && apt-get install -y stress
ENTRYPOINT ["/usr/bin/stress"]
CMD []
[vagrant@localhost stress]$ docker build -t lnsyyj/ubuntu-stress  .

[vagrant@localhost stress]$ docker run -it lnsyyj/ubuntu-stress --vm 1 --verbose
stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd
stress: dbug: [1] using backoff sleep of 3000us
stress: dbug: [1] --> hogvm worker 1 [6] forked
stress: dbug: [6] allocating 268435456 bytes ...
stress: dbug: [6] touching bytes in strides of 4096 bytes ...
stress: dbug: [6] freed 268435456 bytes
stress: dbug: [6] allocating 268435456 bytes ...
stress: dbug: [6] touching bytes in strides of 4096 bytes ...
stress: dbug: [6] freed 268435456 bytes

--vm 1 --verbose是通过Dockerfile中的CMD []接收的。ENTRYPOINT+CMD这种方式是非常流行的。

[vagrant@localhost stress]$ docker run --memory=200M  -it lnsyyj/ubuntu-stress --vm 1 --vm-bytes 500M --verbose
stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd
stress: dbug: [1] using backoff sleep of 3000us
stress: dbug: [1] --> hogvm worker 1 [6] forked
stress: dbug: [6] allocating 524288000 bytes ...
stress: dbug: [6] touching bytes in strides of 4096 bytes ...
stress: FAIL: [1] (415) <-- worker 6 got signal 9
stress: WARN: [1] (417) now reaping child worker processes
stress: FAIL: [1] (421) kill error: No such process
stress: FAIL: [1] (451) failed run completed in 1s

https://docs.docker.com/install/linux/docker-ce/centos/

[root@docker ~]# adduser docker
[root@docker ~]# hostnamectl set-hostname docker
[root@docker ~]# vi /etc/sudoers
添加
docker  ALL=(ALL)       ALL
[root@docker ~]# su - docker
上一次登录：三 12月 12 10:26:46 EST 2018pts/0 上
[docker@docker ~]$ 
[docker@docker ~]$ sudo yum install epel-release vim -y

卸载已安装的docker
sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine

安装required packages
sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2

安装docker源
sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

安装docker
[docker@docker ~]$ sudo yum install docker-ce -y

启动docker进程，并设置开机启动
[docker@docker ~]$ sudo systemctl start docker
[docker@docker ~]$ sudo systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

测试docker安装
[docker@docker ~]$ sudo docker run hello-world

yujiangdeMBP-13:centos7 yujiang$ ls ~/.vagrant.d/downloadboxes/centos7/
virtualbox.box

yujiangdeMBP-13:centos7 yujiang$ vagrant box add centos/centos7 ~/.vagrant.d/downloadboxes/centos7/virtualbox.box 
==> box: Box file was not detected as metadata. Adding it directly...
==> box: Adding box 'centos/centos7' (v0) for provider: 
    box: Unpacking necessary files from: file:///Users/yujiang/.vagrant.d/downloadboxes/centos7/virtualbox.box
==> box: Successfully added box 'centos/centos7' (v0) for 'virtualbox'!

yujiangdeMBP-13:centos7 yujiang$ vagrant box list
centos/centos7 (virtualbox, 0)

yujiangdeMBP-13:~ yujiang$ mkdir Vagrant && cd Vagrant/
yujiangdeMBP-13:Vagrant yujiang$ vagrant init centos/centos7
yujiangdeMBP-13:Vagrant yujiang$ vagrant up
yujiangdeMBP-13:Vagrant yujiang$ vagrant ssh
[vagrant@localhost ~]$ exit
yujiangdeMBP-13:Vagrant yujiang$ vagrant destroy

# -*- mode: ruby -*-
Vagrant.configure("2") do |config|
  config.vm.box = "centos/centos7"
  config.vm.provision "shell", inline: <<-SHELL
  sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
  sudo yum install -y yum-utils device-mapper-persistent-data lvm2
  sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  sudo yum install docker-ce -y
  sudo systemctl start docker
  sudo systemctl enable docker
  sudo groupadd docker
  sudo gpasswd -a vagrant docker
  SHELL
end

yujiangdeMBP-13:Vagrant yujiang$ vagrant up
yujiangdeMBP-13:Vagrant yujiang$ vagrant ssh
[vagrant@localhost ~]$ sudo docker version
Client:
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:48:22 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:19:08 2018
  OS/Arch:          linux/amd64
  Experimental:     false

[vagrant@localhost ~]$ sudo groupadd docker
groupadd: group 'docker' already exists

[vagrant@localhost ~]$ sudo gpasswd -a vagrant docker
Adding user vagrant to group docker

[vagrant@localhost ~]$ exit

yujiangdeMBP-13:Vagrant yujiang$ vagrant ssh

[vagrant@localhost ~]$ docker version
Client:
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:48:22 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:19:08 2018
  OS/Arch:          linux/amd64
  Experimental:     false

安装jenkins
sudo yum install wget -y
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins java -y

启动jenkins
sudo systemctl start jenkins
sudo systemctl enable jenkins
sudo systemctl status jenkins

设置防火墙
sudo firewall-cmd --permanent --new-service=jenkins
sudo firewall-cmd --permanent --service=jenkins --set-short="Jenkins Service Ports"
sudo firewall-cmd --permanent --service=jenkins --set-description="Jenkins service firewalld port exceptions"
sudo firewall-cmd --permanent --service=jenkins --add-port=8080/tcp
sudo firewall-cmd --permanent --add-service=jenkins
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --reload

sudo yum install -y curl policycoreutils-python openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=httpsudo systemctl reload firewalld
sudo systemctl reload firewalld

安装Postfix以发送通知电子邮件
sudo yum install postfix
sudo systemctl enable postfix
sudo systemctl start postfix

安装gitbla
wget https://mirror.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-11.5.1-ce.0.el7.x86_64.rpm
rpm -i gitlab-ce-11.5.1-ce.0.el7.x86_64.rpm


gitlab-ctl reconfigure

vi /etc/gitlab/gitlab.rb
unicorn['port'] = 80

gitlab-ctl reconfigure
gitlab-ctl restart

ssh {hostname}

ssh node1

ls /etc/ceph

sudo vim /etc/ceph/ceph.conf

uuidgen

fsid = {UUID}

fsid = a7f64266-0894-4f1e-a635-d0aeaca0e993

mon initial members = {hostname}[,{hostname}]

mon initial members = node1

mon host = {ip-address}[,{ip-address}]

mon host = 192.168.0.1

ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'

sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'

sudo ceph-authtool --create-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd'

sudo ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring
sudo ceph-authtool /tmp/ceph.mon.keyring --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring

monmaptool --create --add {hostname} {ip-address} --fsid {uuid} /tmp/monmap

monmaptool --create --add node1 192.168.0.1 --fsid a7f64266-0894-4f1e-a635-d0aeaca0e993 /tmp/monmap

sudo mkdir /var/lib/ceph/mon/{cluster-name}-{hostname}

sudo -u ceph mkdir /var/lib/ceph/mon/ceph-node1

sudo -u ceph ceph-mon [--cluster {cluster-name}] --mkfs -i {hostname} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring

sudo -u ceph ceph-mon --mkfs -i node1 --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring

[global]
fsid = {cluster-id}
mon initial members = {hostname}[, {hostname}]
mon host = {ip-address}[, {ip-address}]
public network = {network}[, {network}]
cluster network = {network}[, {network}]
auth cluster required = cephx
auth service required = cephx
auth client required = cephx
osd journal size = {n}
osd pool default size = {n}  # Write an object n times.
osd pool default min size = {n} # Allow writing n copies in a degraded state.
osd pool default pg num = {n}
osd pool default pgp num = {n}
osd crush chooseleaf type = {n}

[global]
fsid = a7f64266-0894-4f1e-a635-d0aeaca0e993
mon initial members = node1
mon host = 192.168.0.1
public network = 192.168.0.0/24
auth cluster required = cephx
auth service required = cephx
auth client required = cephx
osd journal size = 1024
osd pool default size = 3
osd pool default min size = 2
osd pool default pg num = 333
osd pool default pgp num = 333
osd crush chooseleaf type = 1

sudo systemctl start ceph-mon@node1

sudo /etc/init.d/ceph start mon.node1

ceph -s

cluster:
  id:     a7f64266-0894-4f1e-a635-d0aeaca0e993
  health: HEALTH_OK

services:
  mon: 1 daemons, quorum node1
  mgr: node1(active)
  osd: 0 osds: 0 up, 0 in

data:
  pools:   0 pools, 0 pgs
  objects: 0 objects, 0 bytes
  usage:   0 kB used, 0 kB / 0 kB avail
  pgs:

ssh {node-name}
sudo ceph-volume lvm create --data {data-path}

ssh node1
sudo ceph-volume lvm create --data /dev/hdd1

ssh {node-name}
sudo ceph-volume lvm prepare --data {data-path} {data-path}

ssh node1
sudo ceph-volume lvm prepare --data /dev/hdd1

sudo ceph-volume lvm list

sudo ceph-volume lvm activate {ID} {FSID}

sudo ceph-volume lvm activate 0 a7f64266-0894-4f1e-a635-d0aeaca0e993

ssh {node-name}
sudo ceph-volume lvm create --filestore --data {data-path} --journal {journal-path}

ssh node1
sudo ceph-volume lvm create --filestore --data /dev/hdd1 --journal /dev/hdd2

ssh {node-name}
sudo ceph-volume lvm prepare --filestore --data {data-path} --journal {journal-path}

ssh node1
sudo ceph-volume lvm prepare --filestore --data /dev/hdd1 --journal /dev/hdd2

sudo ceph-volume lvm list

sudo ceph-volume lvm activate --filestore {ID} {FSID}

sudo ceph-volume lvm activate --filestore 0 a7f64266-0894-4f1e-a635-d0aeaca0e993

注意：此过程没有描述使用dm-crypt“lockbox”在dm-crypt之上的部署。

ssh {node-name}
sudo bash

UUID=$(uuidgen)

OSD_SECRET=$(ceph-authtool --gen-print-key)

ID=$(echo "{\"cephx_secret\": \"$OSD_SECRET\"}" | \
   ceph osd new $UUID -i - \
   -n client.bootstrap-osd -k /var/lib/ceph/bootstrap-osd/ceph.keyring)

mkdir /var/lib/ceph/osd/ceph-$ID

mkfs.xfs /dev/{DEV}
mount /dev/{DEV} /var/lib/ceph/osd/ceph-$ID

ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-$ID/keyring \
     --name osd.$ID --add-key $OSD_SECRET

ceph-osd -i $ID --mkfs --osd-uuid $UUID

chown -R ceph:ceph /var/lib/ceph/osd/ceph-$ID

systemctl enable ceph-osd@$ID
systemctl start ceph-osd@$ID

systemctl enable ceph-osd@12
systemctl start ceph-osd@12

mkdir -p /var/lib/ceph/mds/{cluster-name}-{id}

ceph-authtool --create-keyring /var/lib/ceph/mds/{cluster-name}-{id}/keyring --gen-key -n mds.{id}

ceph auth add mds.{id} osd "allow rwx" mds "allow" mon "allow profile mds" -i /var/lib/ceph/mds/{cluster}-{id}/keyring

[mds.{id}]
host = {id}

ceph-mds --cluster {cluster-name} -i {id} -m {mon-hostname}:{mon-port} [-f]

service ceph start

mds.-1.0 ERROR: failed to authenticate: (22) Invalid argument

ceph -w

ceph osd tree

# id    weight  type name       up/down reweight
-1      2       root default
-2      2               host node1
0       1                       osd.0   up      1
-3      1               host node2
1       1                       osd.1   up      1

[root@cephlm ~]# vi /etc/yum.repos.d/ceph.repo 
[ceph]
name=Ceph
baseurl=http://mirrors.163.com/ceph/rpm-luminous/el7/x86_64/
# baseurl=https://download.ceph.com/rpm-luminous/el7/x86_64/
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=http://mirrors.163.com/ceph/keys/release.asc
# gpgkey=https://download.ceph.com/keys/release.asc

[1]epel参考：https://blog.csdn.net/yasi_xi/article/details/11746255
EPEL的全称叫 Extra Packages for Enterprise Linux 。EPEL是由 Fedora 社区打造，为 RHEL 及衍生发行版如 CentOS、Scientific Linux 等提供高质量软件包的项目。装上了 EPEL之后，就相当于添加了一个第三方源。

[root@cephlm ~]# yum install epel-release -y && yum install ceph -y

[root@cephlm ~]# ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'
creating /tmp/ceph.mon.keyring
[root@cephlm ~]# cat /tmp/ceph.mon.keyring
[mon.]
	key = AQAgbv1bc62FBBAAvuCz2a5EDtbAmy9ep1Dxxw==
	caps mon = "allow *"

[root@cephlm ~]# sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'
creating /etc/ceph/ceph.client.admin.keyring
[root@cephlm ~]# cat /etc/ceph/ceph.client.admin.keyring
[client.admin]
	key = AQBFbv1bImaJCxAAYUiUCuia//zZSMIPyOHJuA==
	caps mds = "allow *"
	caps mgr = "allow *"
	caps mon = "allow *"
	caps osd = "allow *"

[root@cephlm ~]# sudo ceph-authtool --create-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd'
creating /var/lib/ceph/bootstrap-osd/ceph.keyring
[root@cephlm ~]# cat /var/lib/ceph/bootstrap-osd/ceph.keyring
[client.bootstrap-osd]
	key = AQBQbv1bXv0WAhAAo/hv7OOaftMHOovHNeyOFg==
	caps mon = "profile bootstrap-osd"

[root@cephlm ~]# sudo ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring
[root@cephlm ~]# sudo ceph-authtool /tmp/ceph.mon.keyring --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring

[root@cephlm ~]# cat /tmp/ceph.mon.keyring
[mon.]
	key = AQAgbv1bc62FBBAAvuCz2a5EDtbAmy9ep1Dxxw==
	caps mon = "allow *"
[client.admin]
	key = AQBFbv1bImaJCxAAYUiUCuia//zZSMIPyOHJuA==
	caps mds = "allow *"
	caps mgr = "allow *"
	caps mon = "allow *"
	caps osd = "allow *"
[client.bootstrap-osd]
	key = AQBQbv1bXv0WAhAAo/hv7OOaftMHOovHNeyOFg==
	caps mon = "profile bootstrap-osd"

[root@cephlm ~]# monmaptool --create --add cephlm 192.168.0.10 --fsid c8b0b137-1ba7-4c1f-a514-281139c35233 /tmp/monmap
monmaptool: monmap file /tmp/monmap
monmaptool: set fsid to c8b0b137-1ba7-4c1f-a514-281139c35233
monmaptool: writing epoch 0 to /tmp/monmap (1 monitors)

更改权限，可是使ceph用户有读该文件的权限
[root@cephlm ~]# chmod +r /tmp/monmap && chmod +r /tmp/ceph.mon.keyring

[root@cephlm ~]# monmaptool --print /tmp/monmap
monmaptool: monmap file /tmp/monmap
epoch 0
fsid c8b0b137-1ba7-4c1f-a514-281139c35233
last_changed 2018-11-28 10:55:11.677288
created 2018-11-28 10:55:11.677288
0: 192.168.56.205:6789/0 mon.cephlm

[root@cephlm ~]# vi /etc/ceph/ceph.conf 
[global]
fsid = c8b0b137-1ba7-4c1f-a514-281139c35233
mon initial members = cephlm
mon host = 192.168.0.10
public network = 192.168.0.0/24
cluster network = 192.168.0.0/24
auth cluster required = cephx
auth service required = cephx
auth client required = cephx
osd pool default size = 1
osd pool default min size = 1
osd pool default pg num = 16
osd pool default pgp num = 16

[root@cephlm ~]# sudo -u ceph ceph-mon --cluster ceph --mkfs -i cephlm --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring

[root@cephlm ~]# systemctl enable ceph-mon@cephlm
[root@cephlm ~]# systemctl start ceph-mon@cephlm

[root@cephlm ~]# ceph -s
  cluster:
    id:     c8b0b137-1ba7-4c1f-a514-281139c35233
    health: HEALTH_OK
 
  services:
    mon: 1 daemons, quorum cephlm
    mgr: no daemons active
    osd: 0 osds: 0 up, 0 in
 
  data:
    pools:   0 pools, 0 pgs
    objects: 0 objects, 0B
    usage:   0B used, 0B / 0B avail
    pgs: