docker学习(三)—— docker镜像概念,镜像的基本操作

docker参考手册:https://docs.docker.com/engine/reference/commandline/dockerd/

daemon.json参考:https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file

docker网络的参考:https://docs.docker.com/network/

容器构建实例:https://github.com/mysql/mysql-docker

限制容器的资源:https://docs.docker.com/config/containers/resource_constraints/#memory

docker-distribution配置:https://docs.docker.com/registry/configuration/#list-of-configuration-options


本文讲述了以下内容:

docker常用命令

docker镜像的一些概念

docker hub的类型

拉取镜像的命令

基于容器制作镜像

把镜像推到docker hub

把镜像推到aliyun镜像仓库

本地打包镜像


docker常用命令

docker search:Search the Docker Hub for images.

docker pull:Pull an image or a repository  from a registry.        docker image pull

docker images:List images.        docker image ls

docker create:Create a container.        docker container create

docker start:Start one or more stopped containers.        docker container start

docker run:Run a command in a new container.        docker container run

docker attach:Attach to a running container.        docker container attach

docker ps:List containers.        docker container ls

docker logs:Fetch the logs of a container.        docker container logs

docker restart:restart     Restart one or more containers.        docker container restart

docker stop:Stop one or more running containers.        docker container stop

docker kill:Kill one or more running containers.        docker container kill

docker rm:Remove one or more containers.        docker container rm


About Docker images

Docker镜像含有启动容器所需要的文件系统及其内容,因此,其用于创建并启动docker容器

Docker image  采用分层构建机制,最底层为bootfs,其之为rootfs

  • bootfs:用于系统引导的文件系统,包括bootloader和kernel,容器启动完成 会被卸载以节约内存资源;
  • rootfs:位于bootfs之上,表现为docker容器的根文件系统;传统模式中,系统启动时,内核挂载rootfs时会首先将其挂载为“只读”模式,完整性自检完成后将其重新挂载为读写模式;docker中,rootfs由内核挂载为“只读”模式,而后通过“联合挂载”技术额外挂载一个“可写”层。

Docker Image Layer

  • 位于下层的镜像称为父镜像(parent image),最底层的镜像成为基础镜像(base image)。
  • 最上层为“可读写层”,其下的均为“只读”层

Aufs

  • advanced multi-layered unifaction filesystem :高级多层统一文件系统。
  • 用于为Linux文件系统实现“联合挂载”
  • aufs是之前的UnionFS的重新实现,2006年由Junjiro Okajima开发
  • Docker最初使用aufs作为容器文件系统层,它目前仍作为存储后端之一来支持
  • aufs的竞争产品是overlayfs,后者自从3.18版本开始被合并到Linux内核
  • Docker的分层镜像,除了aufs,docker还支持btrfs,devicemapper和vfs等
  • 在Ubuntu系统下,docker默认ubuntu的aufs;而在centos7上,用的是devicemapper

Docker registry

启动容器时,docker daemon 会试图从本地获取相关的镜像;本地镜像不存在时,其将从Registry中下载镜像到本地。

 

Docker Registry 分为Public Docker Registry(Docker Hub)和Private Docker Registry

Registry用于保存docker镜像,包括镜像的层结构与元数据

用户可以自建Registry,也可以使用官方的Docker Hub

分类:

  • Sponsor Registry:第三方的registry,供客户和Docker社区使用
  • Mirrors Registry:第三方的Registry,只让客户使用
  • Vendor Registry:由发布Docker镜像的供应商提供的registry
  • Private Registry:通过设有防火墙和额外安全层的私有实体提供的registry

Repository and index:

Repository:

  • 由某个特定的docker镜像的所有迭代版本组成的镜像仓库
  • 一个Registory中可以存在多个Repository;Repository分为“顶层仓库”和用户仓库;每个仓库可以包含多个tag,每个tag对应一个image

index:

  • 维护用户账户、镜像的校验以及公共命名空间的 信息
  • 相当于为Registry提供了一个完成用户认证等功能的检索接口

Docker Registry中的镜像通常由开发人员制作,而后推送到“公共”或“私有”registry上保存,供其他人员使用,利润部署到生产环境。


Docker Hub

Docker Hub provides the following major features:

  • Image Repositories
  • Automated Builds
  • WebHooks
  • Organitions
  • Github and Bitbucket Integration

Getting images from remote Docker registires.

[root@docker2 ~]# docker pull :[:]/[namespace/]:
[root@docker2 ~]# docker pull quay.io/coreos/flannel
Using default tag: latest
Error response from daemon: manifest for quay.io/coreos/flannel:latest not found
[root@docker2 ~]# docker pull quay.io/coreos/flannel:v0.10.0-amd64
v0.10.0-amd64: Pulling from coreos/flannel
ff3a5c916c92: Pull complete 
8a8433d1d437: Pull complete 
306dc0ee491a: Pull complete 
856cbd0b7b9c: Pull complete 
af6d1e4decc6: Pull complete 
Digest: sha256:88f2b4d96fae34bfff3d46293f7f18d1f9f3ca026b4a4d288f28347fcb6580ac
Status: Downloaded newer image for quay.io/coreos/flannel:v0.10.0-amd64

 


镜像的生成途径:

  • Dockerfile
  • 基于容器制作
  • Docker Hub automated builds

基于容器制作镜像:

创建一个基于busybox镜像,名字为b2的容器:

创建个目录和文件

[root@docker2 ~]# docker container run --name b2 -it busybox
/ # 
/ # ls /
bin   dev   etc   home  proc  root  sys   tmp   usr   var
/ # mkdir -p /data/html
/ # echo "

Welcome to busybox!

" > /data/html/index.html / #

新开终端,创建镜像:

[root@docker2 ~]# docker commit --help

Usage:	docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]

Create a new image from a container's changes

Options:
  -a, --author string    Author (e.g., "John Hannibal Smith ")
  -c, --change list      Apply Dockerfile instruction to the created image
  -m, --message string   Commit message
  -p, --pause            Pause container during commit (default true)
[root@docker2 ~]# docker commit -p b2
sha256:71e8e2f3a3a5154940dbb3a7926d2a084bb253eb90b4f1759f9a420610b5a7ca
[root@docker2 ~]# docker image ls
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
                                 71e8e2f3a3a5        5 seconds ago       1.15MB
redis                    5                   5d2989ac9711        32 hours ago        95MB
nginx                    1.15-alpine         315798907716        3 days ago          17.8MB
busybox                  latest              758ec7f3a1ee        4 days ago          1.15MB
quay.io/coreos/flannel   v0.10.0-amd64       f0fad859c909        11 months ago       44.6MB

打标签:

[root@docker2 ~]# docker tag --help

Usage:	docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
[root@docker2 ~]# docker tag 71e8e2f3a3a5 uscwifi/httpd:v0.1-1
[root@docker2 ~]# docker image ls
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
uscwifi/httpd            v0.1-1              71e8e2f3a3a5        3 minutes ago       1.15MB
redis                    5                   5d2989ac9711        32 hours ago        95MB
nginx                    1.15-alpine         315798907716        3 days ago          17.8MB
busybox                  latest              758ec7f3a1ee        4 days ago          1.15MB
quay.io/coreos/flannel   v0.10.0-amd64       f0fad859c909        11 months ago       44.6MB
[root@docker2 ~]# docker tag uscwifi/httpd:v0.1-1 uscwifi/httpd:latest
[root@docker2 ~]# docker image ls
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
uscwifi/httpd            latest              71e8e2f3a3a5        4 minutes ago       1.15MB
uscwifi/httpd            v0.1-1              71e8e2f3a3a5        4 minutes ago       1.15MB
redis                    5                   5d2989ac9711        32 hours ago        95MB
nginx                    1.15-alpine         315798907716        3 days ago          17.8MB
busybox                  latest              758ec7f3a1ee        4 days ago          1.15MB
quay.io/coreos/flannel   v0.10.0-amd64       f0fad859c909        11 months ago       44.6MB

查看镜像详情:

[root@docker2 ~]# docker inspect uscwifi/httpd:latest 

用此镜像创建容器测试:

[root@docker2 ~]# docker container run --name t1 -it uscwifi/httpd:latest 
/ # ls /
bin   data  dev   etc   home  proc  root  sys   tmp   usr   var
/ # cat /data/html/index.html 

Welcome to busybox!

/ #

基于容器制作第二个镜像:

-a指定作者为uscwifi.cn,-c指定了启动容器运行的命令为/bin/httpd -f -h /data/html,-p指定创建镜像时暂停容器,指定容器b2,镜像标签为uscwifi/httpd:v0.2

[root@docker2 ~]# docker commit --help

Usage:	docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]

Create a new image from a container's changes

Options:
  -a, --author string    Author (e.g., "John Hannibal Smith ")
  -c, --change list      Apply Dockerfile instruction to the created image
  -m, --message string   Commit message
  -p, --pause            Pause container during commit (default true)
[root@docker2 ~]# docker commit -a "uscwifi.cn" -c 'CMD ["/bin/httpd","-f","-h","/data/html"]' -p b2 uscwifi/httpd:v0.2
sha256:a83a2c1ac8b323164e6143d302ee9c9d2e380956181390c67d38b5454ba4883c
[root@docker2 ~]# docker image ls
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
uscwifi/httpd            v0.2                a83a2c1ac8b3        5 seconds ago       1.15MB
uscwifi/httpd            latest              71e8e2f3a3a5        21 minutes ago      1.15MB
uscwifi/httpd            v0.1-1              71e8e2f3a3a5        21 minutes ago      1.15MB
redis                    5                   5d2989ac9711        32 hours ago        95MB
nginx                    1.15-alpine         315798907716        3 days ago          17.8MB
busybox                  latest              758ec7f3a1ee        4 days ago          1.15MB
quay.io/coreos/flannel   v0.10.0-amd64       f0fad859c909        11 months ago       44.6MB

利用该镜像创建一个容器:

[root@docker2 ~]# docker run --name t2 uscwifi/httpd:v0.2

新开shell查看:

[root@docker2 ~]# docker ps
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS               NAMES
b4c9c77e60c0        uscwifi/httpd:v0.2   "/bin/httpd -f -h /d…"   56 seconds ago      Up 53 seconds                           t2
8ab7e978debc        busybox              "sh"                     29 minutes ago      Up 29 minutes                           b2
b2a481f1fde0        redis:5              "docker-entrypoint.s…"   3 hours ago         Up 3 hours          6379/tcp            kvstor1
aa7f935730ed        nginx:1.15-alpine    "nginx -g 'daemon of…"   3 hours ago         Up 3 hours          80/tcp              web1
[root@docker2 ~]# docker inspect t2 | grep -i ipaddress
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.5",
                    "IPAddress": "172.17.0.5",
[root@docker2 ~]# curl 172.17.0.5

Welcome to busybox!


推镜像到dockerhub:

得先在dockerhub注册账号并创建仓库

docker学习(三)—— docker镜像概念,镜像的基本操作_第1张图片

登陆docker:

[root@docker2 ~]# docker login --help

Usage:	docker login [OPTIONS] [SERVER]

Log in to a Docker registry

Options:
  -p, --password string   Password
      --password-stdin    Take the password from stdin
  -u, --username string   Username
[root@docker2 ~]# docker login -u uscwifi
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

开始推镜像:

[root@docker2 ~]# docker push uscwifi/httpd
The push refers to repository [docker.io/uscwifi/httpd]
07e1846f60c6: Pushed 
23bc2b70b201: Mounted from library/busybox 
latest: digest: sha256:7a97db1f2b88d5a4ac5d873f91ef33284f6ea1f49538ce20fe2168b586a79b11 size: 734
07e1846f60c6: Layer already exists 
23bc2b70b201: Layer already exists 
v0.1-1: digest: sha256:7a97db1f2b88d5a4ac5d873f91ef33284f6ea1f49538ce20fe2168b586a79b11 size: 734
c8afcb5503d3: Pushed 
23bc2b70b201: Layer already exists 
v0.2: digest: sha256:7bc2e3c0bca86a692501522ff7adf637c1fcda87fca23a754e7db68f00c80f54 size: 734

 web界面查看:

docker学习(三)—— docker镜像概念,镜像的基本操作_第2张图片


阿里云镜像仓库:

创建仓库:

docker学习(三)—— docker镜像概念,镜像的基本操作_第3张图片

docker学习(三)—— docker镜像概念,镜像的基本操作_第4张图片

登陆docker

[root@docker2 ~]# docker logout 
Removing login credentials for https://index.docker.io/v1/
[root@docker2 ~]# docker login --username=156****8129 registry.cn-shanghai.aliyuncs.com
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

打tag,并push:

[root@docker2 ~]# docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
uscwifi/httpd            v0.2                a83a2c1ac8b3        37 minutes ago      1.15MB
uscwifi/httpd            latest              71e8e2f3a3a5        About an hour ago   1.15MB
uscwifi/httpd            v0.1-1              71e8e2f3a3a5        About an hour ago   1.15MB
redis                    5                   5d2989ac9711        33 hours ago        95MB
nginx                    1.15-alpine         315798907716        3 days ago          17.8MB
busybox                  latest              758ec7f3a1ee        4 days ago          1.15MB
quay.io/coreos/flannel   v0.10.0-amd64       f0fad859c909        11 months ago       44.6MB
[root@docker2 ~]# docker tag uscwifi/httpd:v0.2 registry.cn-shanghai.aliyuncs.com/uscwifi/httpd:v0.2
[root@docker2 ~]# docker images
REPOSITORY                                        TAG                 IMAGE ID            CREATED             SIZE
uscwifi/httpd                                     v0.2                a83a2c1ac8b3        38 minutes ago      1.15MB
registry.cn-shanghai.aliyuncs.com/uscwifi/httpd   v0.2                a83a2c1ac8b3        38 minutes ago      1.15MB
uscwifi/httpd                                     latest              71e8e2f3a3a5        About an hour ago   1.15MB
uscwifi/httpd                                     v0.1-1              71e8e2f3a3a5        About an hour ago   1.15MB
redis                                             5                   5d2989ac9711        33 hours ago        95MB
nginx                                             1.15-alpine         315798907716        3 days ago          17.8MB
busybox                                           latest              758ec7f3a1ee        4 days ago          1.15MB
quay.io/coreos/flannel                            v0.10.0-amd64       f0fad859c909        11 months ago       44.6MB
[root@docker2 ~]# docker push registry.cn-shanghai.aliyuncs.com/uscwifi/httpd
The push refers to repository [registry.cn-shanghai.aliyuncs.com/uscwifi/httpd]
c8afcb5503d3: Pushed 
23bc2b70b201: Pushed 
v0.2: digest: sha256:7bc2e3c0bca86a692501522ff7adf637c1fcda87fca23a754e7db68f00c80f54 size: 734

web界面查看:

docker学习(三)—— docker镜像概念,镜像的基本操作_第5张图片


本地打包镜像传到另一机器测试

docker save -o

[root@docker2 ~]# docker image ls
REPOSITORY                                        TAG                 IMAGE ID            CREATED             SIZE
uscwifi/httpd                                     v0.2                a83a2c1ac8b3        About an hour ago   1.15MB
registry.cn-shanghai.aliyuncs.com/uscwifi/httpd   v0.2                a83a2c1ac8b3        About an hour ago   1.15MB
uscwifi/httpd                                     latest              71e8e2f3a3a5        About an hour ago   1.15MB
uscwifi/httpd                                     v0.1-1              71e8e2f3a3a5        About an hour ago   1.15MB
redis                                             5                   5d2989ac9711        33 hours ago        95MB
nginx                                             1.15-alpine         315798907716        3 days ago          17.8MB
busybox                                           latest              758ec7f3a1ee        4 days ago          1.15MB
quay.io/coreos/flannel                            v0.10.0-amd64       f0fad859c909        11 months ago       44.6MB
[root@docker2 ~]# docker save -o myimages.gz uscwifi/httpd:v0.1-1 uscwifi/httpd:v0.2
[root@docker2 ~]# ls
anaconda-ks.cfg  myimages.gz
[root@docker2 ~]# scp myimages.gz [email protected]:/root
The authenticity of host '192.168.2.163 (192.168.2.163)' can't be established.
ECDSA key fingerprint is SHA256:zPzQZA1fX/6pjipdAJc7Q4dPC6kHUTXdsf39ACWl1Ho.
ECDSA key fingerprint is MD5:44:99:bb:dc:09:65:2f:34:53:32:f6:77:c1:7d:7e:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.163' (ECDSA) to the list of known hosts.
[email protected]'s password: 
myimages.gz                       

load镜像:

[root@docker1 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@docker1 ~]# ls
anaconda-ks.cfg  myimages.gz
[root@docker1 ~]# docker load --help

Usage:	docker load [OPTIONS]

Load an image from a tar archive or STDIN

Options:
  -i, --input string   Read from tar archive file, instead of STDIN
  -q, --quiet          Suppress the load output
[root@docker1 ~]# docker load -i myimages.gz 
23bc2b70b201: Loading layer [==================================================>]   1.37MB/1.37MB
07e1846f60c6: Loading layer [==================================================>]   5.12kB/5.12kB
Loaded image: uscwifi/httpd:v0.1-1
c8afcb5503d3: Loading layer [==================================================>]   5.12kB/5.12kB
Loaded image: uscwifi/httpd:v0.2
[root@docker1 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
uscwifi/httpd       v0.2                a83a2c1ac8b3        About an hour ago   1.15MB
uscwifi/httpd       v0.1-1              71e8e2f3a3a5        About an hour ago   1.15MB

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

你可能感兴趣的:(CentOS,docker)