Docker是一种基于开源容器的技术。
它为我们提供了一个易于使用的容器工作流。
Docker使用容器技术将应用程序与基础操作系统分离，类似于虚拟机如何将操作系统与基础硬件分离。

Docker容器与虚拟机

虚拟机包括应用程序，必要的二进制文件和库，以及可能重约10s GB的整个来宾操作系统。

而Docker Engine容器仅包含应用程序及其依赖项。
它在主机操作系统的用户空间中作为隔离的进程运行，与其他容器共享内核。
因此，它享有VM的资源隔离和分配优势，但速度更快，可移植性，可扩展性和效率更高。

Docker的好处

可伸缩性：这些容器非常轻巧，可以快速地进行缩放，并且可以很容易地根据需要启动更多的容器，也可以在不再需要时关闭它们。

可移植性：我们可以非常轻松地移动它们。
我们将研究镜像和注册表。
但从本质上讲，我们可以拍摄环境快照，然后将其上传到公共/私有注册表，然后下载该镜像以在任何地方制作它的容器。

部署：我们几乎可以在任何位置运行这些容器以进行部署，例如台式机，笔记本电脑，虚拟机，公共/私有云等。

在本文中，我将解释如何在Ubuntu 1604服务器上安装Docker以及如何在Docker容器中运行Puppet。

安装Docker

几乎所有操作系统都支持它。
要将Docker安装在Ubuntu服务器上，它需要64位体系结构和至少3.10或者更高版本的内核版本。
让我们从安装准备工作开始。

准备工作

检查内核版本和体系结构

我们可以使用此命令来确认操作系统的体系结构和内核版本。

root@ubuntu:~# arch
x86_64
root@ubuntu:~# uname -r
4.4.0-21-generic

现在，下一步是更新APT存储库软件包。
另外，我们需要确保它与https一起运行并安装所需的CA证书。
运行以下命令以实现此目的。

root@ubuntu:~# apt-get update
root@ubuntu:~# apt-get install apt-transport-https ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20150104ubuntu1).
The following packages will be upgraded:
apt-transport-https
1 upgraded, 0 newly installed, 0 to remove and 54 not upgraded.
Need to get 25.7 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.linode.com/ubuntu xenial-updates/main amd64 apt-transport-https amd64 1.2.12~ubuntu16.04.1 [25.7 kB]
Fetched 25.7 kB in 0s (2,540 kB/s)
(Reading database ... 25186 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_1.2.12~ubuntu16.04.1_amd64.deb ...
Unpacking apt-transport-https (1.2.12~ubuntu16.04.1) over (1.2.10ubuntu1) ...
Setting up apt-transport-https (1.2.12~ubuntu16.04.1) ...

为Docker创建存储库文件

确保正确配置存储库配置文件以下载Docker的软件包。

root@ubuntu:/etc/apt/sources.list.d# cat /etc/apt/sources.list.d/docker.list
deb https://apt.dockerproject.org/repo ubuntu-xenial main

添加后，我们可以通过运行“ apt-get update”来再次更新软件包。
确保它从正确的存储库中获取更新。
删除所有旧的docker软件包（如果存在）。

root@ubuntu:/etc/apt/sources.list.d# apt-get purge lxc-docker
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'lxc-docker' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 54 not upgrad
root@ubuntu:~# apt-cache policy docker-engine
docker-engine:
Installed: (none)
Candidate: 1.11.2-0~xenial
Version table:
1.11.2-0~xenial 500
500 https://apt.dockerproject.org/repo ubuntu-xenial/main amd64 Packages
1.11.1-0~xenial 500
500 https://apt.dockerproject.org/repo ubuntu-xenial/main amd64 Packages
1.11.0-0~xenial 500
500 https://apt.dockerproject.org/repo ubuntu-xenial/main amd64 Packages

安装内核软件包

对于Ubuntu Xenial 16.04版本，建议安装与Kernel软件包兼容的linux_extra_image软件包。
该软件包启用了Aufs存储驱动程序。
AUFS存储驱动程序在单个主机上采用多个目录，将它们堆叠在一起，从而提供一个统一的视图。

root@ubuntu:~# apt-get install linux-image-extra-$(uname -r)
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
crda iw libnl-3-200 libnl-genl-3-200 wireless-regdb
The following NEW packages will be installed:
crda iw libnl-3-200 libnl-genl-3-200 linux-image-extra-4.4.0-21-generic wireless-regdb
0 upgraded, 6 newly installed, 0 to remove and 54 not upgraded.
Need to get 39.0 MB of archives.

安装

现在我们可以继续安装Docker。

root@ubuntu:~# apt-get install docker-engine
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
aufs-tools cgroupfs-mount git git-man liberror-perl libltdl7 libperl5.22 patch perl perl-modules-5.22 rename xz-utils
Suggested packages:
mountall git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-arch git-cvs git-mediawiki git-svn
diffutils-doc perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make
The following NEW packages will be installed:
aufs-tools cgroupfs-mount docker-engine git git-man liberror-perl libltdl7 libperl5.22 patch perl perl-modules-5.22 rename xz-utils
0 upgraded, 13 newly installed, 0 to remove and 54 not upgraded.
Need to get 24.8 MB of archives.
After this operation, 139 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
WARNING: The following packages cannot be authenticated!

启动并确认Docker状态

root@ubuntu:~# service docker start
root@ubuntu:~# docker version
Client:
Version: 1.11.2
API version: 1.23
Go version: go1.5.4
Git commit: b9f10c9
Built: Wed Jun 1 22:00:43 2015
OS/Arch: linux/amd64
Server:
Version: 1.11.2
API version: 1.23
Go version: go1.5.4
Git commit: b9f10c9
Built: Wed Jun 1 22:00:43 2015
OS/Arch: linux/amd64
root@ubuntu:~#

下面的命令从Docker注册表中下载一个测试镜像，即hello-world，并在容器中运行它。
容器运行时，它会打印参考消息。
然后，它退出。
因此，我们可以确认Docker是否正常工作。

root@ubuntu:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
4276590986f6: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:a7d7a8c072a36adb60f5dc932dd5caba8831ab53cbf016bcdd6772b3fbe8c362
Status: Downloaded newer image for hello-world:latest
Hello from Docker.
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account:
https://hub.docker.com
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/

现在我们准备开始使用Docker。
我们可以使用以下命令从Docker Hub下载所有必需的镜像

docker pull image_name。
例如，让我们看看我如何下载一些有用的镜像。

root@ubuntu:~# docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
5ba4f30e5bea: Pull complete
9d7d19c9dc56: Pull complete
ac6ad7efd0f9: Pull complete
e7491a747824: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:46fb5d001b88ad904c5c732b086b596b92cfb4a4840a3abd0e35dbb6870585e4
Status: Downloaded newer image for ubuntu:latest

这已经从Docker Hub下载了Ubuntu镜像，我们可以用它来创建带有该镜像的Ubuntu容器。

root@ubuntu:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 2fa927b5cdd3 11 days ago 122 MB
hello-world latest 94df4f0ce8a4 6 weeks ago 967 B

在Docker容器中创建Puppet

为了创建Puppet容器，首先我们需要从Docker中心下载Puppet软件包。

• Puppet/Puppet代理-ubuntu
• //p服务器
• //puppetdb
• up/puppetdb-postgres

让我们看看我是如何从Docker集线器下载这些镜像的。
我们可以使用命令docker pull Image_name来实现。

root@ubuntu:~# docker pull puppet/puppetserver
Using default tag: latest
latest: Pulling from puppet/puppetserver
5ba4f30e5bea: Already exists
9d7d19c9dc56: Already exists
ac6ad7efd0f9: Already exists
e7491a747824: Already exists
a3ed95caeb02: Already exists
158cd0fe54d8: Pull complete
7a15dfe1145a: Pull complete
0bb8d51ae57c: Pull complete
7b09944cb025: Pull complete
6bf96d82eed5: Pull complete
58fa7008c2bc: Pull complete
659b4b2b3359: Pull complete
0e205bb6d03b: Pull complete
915e3853b669: Pull complete
750b3208f97d: Pull complete
8fec247907de: Pull complete
Digest: sha256:c43290ca040a7693d9f41448eab4ff2444c61757aa303bd7979f7f1ef3e4ae95
Status: Downloaded newer image for puppet/puppetserver:latest
root@ubuntu:~# docker pull puppet/puppetdb
Using default tag: latest
latest: Pulling from puppet/puppetdb
0be59000882d: Pull complete
f20b6f990572: Pull complete
53662c966c9f: Pull complete
a3ed95caeb02: Pull complete
5eae59cbe62c: Pull complete
2b8ff6279504: Pull complete
612d7a4576b7: Pull complete
60577ed4c036: Pull complete
f99ad2d50f6f: Pull complete
9da7f43c61dc: Pull complete
e4c4271df64b: Pull complete
Digest: sha256:6532e4e3750183cd6951df6deb7bb1adb1e0e0ed37aa9e1e0294e257d73d9b1f
Status: Downloaded newer image for puppet/puppetdb:latest
root@ubuntu:~# docker pull puppet/puppetdb-postgres
Using default tag: latest
latest: Pulling from puppet/puppetdb-postgres
8b87079b7a06: Pull complete
a3ed95caeb02: Pull complete
ff6abb23e531: Pull complete
8364ca902ad3: Pull complete
84179c1b7ff6: Pull complete
be951654637c: Pull complete
4841dfc8333f: Pull complete
8e92fd62d485: Pull complete
13e5de4be2f2: Pull complete
d6aaf4d83b1c: Pull complete
3113f93aec6d: Pull complete
055e85b433f4: Pull complete
a97f9981bfe1: Pull complete
6c162fdd1104: Pull complete
Digest: sha256:d42428f0ecf75f7a0dbebee79cb45afaebfd193051fa1002e64fa026b2060f13
Status: Downloaded newer image for puppet/puppetdb-postgres:latest
root@ubuntu:~# docker pull puppet/puppet-agent-ubuntu
Using default tag: latest
latest: Pulling from puppet/puppet-agent-ubuntu
0be59000882d: Already exists
f20b6f990572: Already exists
53662c966c9f: Already exists
a3ed95caeb02: Already exists
576aca0f90fb: Pull complete
b1842b47756f: Pull complete
Digest: sha256:1867bcbe733adcbdfa004ec76ce8940a0927eef8877ee4f07b1ace4e68e7c5fa
Status: Downloaded newer image for puppet/puppet-agent-ubuntu:latest

现在，我们已经下载了所有必需的镜像。
我们可以通过运行docker images命令来查看它。

root@ubuntu:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
puppet/puppetserver latest 0ac3058fad18 4 days ago 379.9 MB
puppet/puppetdb latest f3f9d8b3e54f 6 days ago 368.4 MB
puppet/puppet-agent-ubuntu latest 57fe50639909 6 days ago 202.9 MB
puppet/puppetdb-postgres latest 4f4ed55af431 10 days ago 265.8 MB
ubuntu latest 2fa927b5cdd3 11 days ago 122 MB
hello-world latest 94df4f0ce8a4 6 weeks ago 967 B

在创建我们的Puppet容器之前，我们需要创建一个Docker网络来添加这些Puppet容器，如下所示。

root@ubuntu:~# docker network create puppet
e1ebd861dbb39be31da81a88e411e7f4762814ee203b371fca7643a7bb6840eb

创建Puppet Master服务器

我们可以在主机名为“ puppet-theitroad”的Puppet网络中使用名称为puppet的镜像“ puppet/puppetserver”创建Puppet服务器。

root@ubuntu:~# docker run --net puppet --name puppet --hostname puppet.theitroad puppet/puppetserver
Warning: The following options to parse-opts are unrecognized: :flag
2015-06-08 09:36:24,348 INFO [o.e.j.u.log] Logging initialized @27125ms
2015-06-08 09:36:36,393 INFO [p.s.v.versioned-code-service] No code-id-command set for versioned-code-service. Code-id will be nil.
2015-06-08 09:36:36,394 INFO [p.s.v.versioned-code-service] No code-content-command set for versioned-code-service. Attempting to fetch code content will fail.
2015-06-08 09:36:36,396 INFO [p.t.s.w.jetty9-service] Initializing web server(s).
2015-06-08 09:36:36,450 INFO [p.s.j.jruby-puppet-service] Initializing the JRuby service
2015-06-08 09:36:36,455 WARN [p.s.j.jruby-puppet-service] The 'jruby-puppet.use-legacy-auth-conf' setting is set to 'true'. Support for the legacy Puppet auth.conf file is deprecated and will be removed in a future release. Change this setting to 'false' and migrate your authorization rule definitions in the /etc/puppetlabs/puppet/auth.conf file to the /etc/puppetlabs/puppetserver/conf.d/auth.conf file.
2015-06-08 09:36:36,535 INFO [p.s.j.jruby-puppet-internal] Creating JRuby instance with id 1.
2015-06-08 09:36:53,825 WARN [puppetserver] Puppet Comparing Symbols to non-Symbol values is deprecated
(file & line not available)
2015-06-08 09:36:54,019 INFO [puppetserver] Puppet Puppet settings initialized; run mode: master
2015-06-08 09:36:56,811 INFO [p.s.j.jruby-puppet-agents] Finished creating JRubyPuppet instance 1 of 1
2015-06-08 09:36:56,849 INFO [p.s.c.puppet-server-config-core] Initializing webserver settings from core Puppet
2015-06-08 09:36:59,780 INFO [p.s.c.certificate-authority-service] CA Service adding a ring handler
2015-06-08 09:36:59,827 INFO [p.s.p.puppet-admin-service] Starting Puppet Admin web app
2015-06-08 09:37:06,473 INFO [p.s.m.master-service] Master Service adding ring handlers
2015-06-08 09:37:06,558 WARN [o.e.j.s.h.ContextHandler] Empty contextPath
2015-06-08 09:37:06,572 INFO [p.t.s.w.jetty9-service] Starting web server(s).
2015-06-08 09:37:06,606 INFO [p.t.s.w.jetty9-core] webserver config overridden for key 'ssl-cert'
2015-06-08 09:37:06,607 INFO [p.t.s.w.jetty9-core] webserver config overridden for key 'ssl-key'
2015-06-08 09:37:06,608 INFO [p.t.s.w.jetty9-core] webserver config overridden for key 'ssl-ca-cert'
2015-06-08 09:37:06,608 INFO [p.t.s.w.jetty9-core] webserver config overridden for key 'ssl-crl-path'
2015-06-08 09:37:07,037 INFO [p.t.s.w.jetty9-core] Starting web server.
2015-06-08 09:37:07,050 INFO [o.e.j.s.Server] jetty-9.2.z-SNAPSHOT
2015-06-08 09:37:07,174 INFO [o.e.j.s.h.ContextHandler] Started o.e.j.s.h.ContextHandler@18ee4ac3{/puppet-ca,null,AVAILABLE}
2015-06-08 09:37:07,175 INFO [o.e.j.s.h.ContextHandler] Started o.e.j.s.h.ContextHandler@4c1434a7{/puppet-admin-api,null,AVAILABLE}
2015-06-08 09:37:07,176 INFO [o.e.j.s.h.ContextHandler] Started o.e.j.s.h.ContextHandler@7eef9da2{/puppet,null,AVAILABLE}
2015-06-08 09:37:07,177 INFO [o.e.j.s.h.ContextHandler] Started o.e.j.s.h.ContextHandler@26ad2d06{/,null,AVAILABLE}
2015-06-08 09:37:07,364 INFO [o.e.j.s.ServerConnector] Started ServerConnector@66b8635c{SSL-HTTP/1.1}{0.0.0.0:8140}
2015-06-08 09:37:07,365 INFO [o.e.j.s.Server] Started @70146ms
2015-06-08 09:37:07,381 INFO [p.s.m.master-service] Puppet Server has successfully started and is now ready to handle requests
2015-06-08 09:37:07,393 INFO [p.s.l.legacy-routes-service] The legacy routing service has successfully started and is now ready to handle requests

现在，我们已经创建并运行了Puppet Server。

root@ubuntu:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4b9f456a4c2 puppet/puppetserver "dumb-init /docker-en" 3 minutes ago Up 3 minutes 8140/tcp puppet

创建Puppet客户端

通过运行此命令，我们将创建另一个容器作为Puppet客户端，其主机名为Puppeet-client-theitroad，并带有docker image puppet/puppet-agent-ubuntu代理。
我们可以使用此命令创建Puppet客户端，也可以只使用docker run --net puppet puppet/puppet-agent-ubuntu来构建一个。
如果我们正在运行此命令，并带有一次性标志，则表示Puppet在第一次运行后退出。

root@ubuntu:~# docker run --net puppet --name puppet-client --hostname puppet-client-theitroad puppet/puppet-agent-ubuntu agent --verbose --no-daemonize --summarize
Info: Creating a new SSL key for puppet-client-theitroad.members.linode.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-client-theitroad.members.linode.com
Info: Certificate Request fingerprint (SHA256): 62:E2:37:8A:6E:0D:18:AC:81:0F:F1:3E:D6:08:10:29:D4:D6:21:16:59:B7:6D:3F:AA:5C:7A:08:38:B6:6B:07
Info: Caching certificate for puppet-client-theitroad.members.linode.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Notice: Starting Puppet client version 4.5.1
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-client-theitroad.members.linode.com
Info: Applying configuration version '1465378896'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds
Changes:
Events:
Resources:
Total: 7
Time:
Schedule: 0.00
Config retrieval: 1.55
Total: 1.56
Last run: 1465378896
Filebucket: 0.00
Version:
Config: 1465378896
Puppet: 4.5.1

但是，如果我们使用上述命令，则该容器将不会退出，而是保持在线状态，并根据Puppet服务器上的最新内容每30分钟更新一次Puppet。
现在，我们在Docker上运行了我们的Puppet服务器/客户端。

root@ubuntu:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f29866a103b puppet/puppet-agent-ubuntu "/opt/puppetlabs/bin/" 8 minutes ago Up 8 minutes puppet-client
f4b9f456a4c2 puppet/puppetserver "dumb-init /docker-en" 13 minutes ago Up 13 minutes 8140/tcp puppet

创建PuppetDB

我们可以在Docker容器中运行PuppetDB服务器。
为了运行PuppetDB，我们需要运行Postgres Server。
Docker仅支持PostgreSQL服务器。
这也可以是另一个容器实例，RDS（关系数据库服务）端点或者某个位置的物理数据库。
另外，它需要一个Puppet Master运行。
为了在初始化期间使用SSL证书，我们将至少需要运行一个令牌p主机，容器可以连接该令牌p来初始化证书。

root@ubuntu:~# git clone https://github.com/tizzo/docker-puppetdb.git
Cloning into 'docker-puppetdb'...
remote: Counting objects: 12, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 12 (delta 3), reused 12 (delta 3), pack-reused 0
Unpacking objects: 100% (12/12), done.
Checking connectivity... done.
root@ubuntu:~# cd docker-puppetdb/

创建与Ubuntu 16.04兼容的Docker文件。
我得到了Dockerfile并运行docker build。

root@ubuntu:~/docker-puppetdb# docker build .
Sending build context to Docker daemon 68.1 kB
Step 1 : FROM ubuntu:16.04
16.04: Pulling from library/ubuntu
5ba4f30e5bea: Already exists
9d7d19c9dc56: Already exists
ac6ad7efd0f9: Already exists
e7491a747824: Already exists
a3ed95caeb02: Already exists
Digest: sha256:f5edf3b741a08b573eca6bf25257847613540538a17b86e2b76e14724a0be68a
Status: Downloaded newer image for ubuntu:16.04
---> 2fa927b5cdd3
Step 2 : MAINTAINER Gareth Rushgrove "[email protected]"
---> Running in 555edbbd1017
---> a3d4cea623ac
Removing intermediate container 555edbbd1017
Step 3 : ENV PUPPETDB_VERSION "4.1.0" PUPPET_AGENT_VERSION "1.5.1" DUMB_INIT_VERSION "1.0.2" UBUNTU_CODENAME "xenial" PUPPETDB_USER puppetdb PUPPETDB_PASSWORD puppetdb PUPPETDB_JAVA_ARGS "-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m" PATH /opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin:$PATH
---> Running in 4cb8a8220b1c

完成此操作后，我们可以创建我们的PuppetDB容器。

root@ubuntu:~# docker run --net puppet --name puppetdb-postgres -e POSTGRES_PASSWORD=puppetdb -e POSTGRES_USER=puppetdb -d postgres
855a6b13fefa4123d5e16cdde84ebc7174ba149e66699e4c94c14e8fbfcac22f
root@ubuntu:~# docker run --net puppet -d -P --name puppetdb --link puppetdb-postgres:postgres puppet/puppetdb
bfe56b64bd980d20570374ed8204136303d82de8cbf1a4279c2f2fd25a798f59

我们所有的容器都在运行，我们甚至可以通过以下命令docker ps确认其状态，如下所示：

我们可以通过URL >> http：//Docker-Server-IP：32771访问我们的PuppetDB仪表板