docker学习(三)—— docker镜像概念,镜像的基本操作
docker参考手册:https://docs.docker.com/engine/reference/commandline/dockerd/
daemon.json参考:https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
docker网络的参考:https://docs.docker.com/network/
容器构建实例:https://github.com/mysql/mysql-docker
限制容器的资源:https://docs.docker.com/config/containers/resource_constraints/#memory
docker-distribution配置:https://docs.docker.com/registry/configuration/#list-of-configuration-options
本文讲述了以下内容:
docker常用命令
docker镜像的一些概念
docker hub的类型
拉取镜像的命令
基于容器制作镜像
把镜像推到docker hub
把镜像推到aliyun镜像仓库
本地打包镜像
docker常用命令
docker search:Search the Docker Hub for images.
docker pull:Pull an image or a repository from a registry. docker image pull
docker images:List images. docker image ls
docker create:Create a container. docker container create
docker start:Start one or more stopped containers. docker container start
docker run:Run a command in a new container. docker container run
docker attach:Attach to a running container. docker container attach
docker ps:List containers. docker container ls
docker logs:Fetch the logs of a container. docker container logs
docker restart:restart Restart one or more containers. docker container restart
docker stop:Stop one or more running containers. docker container stop
docker kill:Kill one or more running containers. docker container kill
docker rm:Remove one or more containers. docker container rm
About Docker images
Docker镜像含有启动容器所需要的文件系统及其内容,因此,其用于创建并启动docker容器
Docker image 采用分层构建机制,最底层为bootfs,其之为rootfs
- bootfs:用于系统引导的文件系统,包括bootloader和kernel,容器启动完成 会被卸载以节约内存资源;
- rootfs:位于bootfs之上,表现为docker容器的根文件系统;传统模式中,系统启动时,内核挂载rootfs时会首先将其挂载为“只读”模式,完整性自检完成后将其重新挂载为读写模式;docker中,rootfs由内核挂载为“只读”模式,而后通过“联合挂载”技术额外挂载一个“可写”层。
Docker Image Layer
- 位于下层的镜像称为父镜像(parent image),最底层的镜像成为基础镜像(base image)。
- 最上层为“可读写层”,其下的均为“只读”层
Aufs
- advanced multi-layered unifaction filesystem :高级多层统一文件系统。
- 用于为Linux文件系统实现“联合挂载”
- aufs是之前的UnionFS的重新实现,2006年由Junjiro Okajima开发
- Docker最初使用aufs作为容器文件系统层,它目前仍作为存储后端之一来支持
- aufs的竞争产品是overlayfs,后者自从3.18版本开始被合并到Linux内核
- Docker的分层镜像,除了aufs,docker还支持btrfs,devicemapper和vfs等
- 在Ubuntu系统下,docker默认ubuntu的aufs;而在centos7上,用的是devicemapper
Docker registry
启动容器时,docker daemon 会试图从本地获取相关的镜像;本地镜像不存在时,其将从Registry中下载镜像到本地。
Docker Registry 分为Public Docker Registry(Docker Hub)和Private Docker Registry
Registry用于保存docker镜像,包括镜像的层结构与元数据
用户可以自建Registry,也可以使用官方的Docker Hub
分类:
- Sponsor Registry:第三方的registry,供客户和Docker社区使用
- Mirrors Registry:第三方的Registry,只让客户使用
- Vendor Registry:由发布Docker镜像的供应商提供的registry
- Private Registry:通过设有防火墙和额外安全层的私有实体提供的registry
Repository and index:
Repository:
- 由某个特定的docker镜像的所有迭代版本组成的镜像仓库
- 一个Registory中可以存在多个Repository;Repository分为“顶层仓库”和用户仓库;每个仓库可以包含多个tag,每个tag对应一个image
index:
- 维护用户账户、镜像的校验以及公共命名空间的 信息
- 相当于为Registry提供了一个完成用户认证等功能的检索接口
Docker Registry中的镜像通常由开发人员制作,而后推送到“公共”或“私有”registry上保存,供其他人员使用,利润部署到生产环境。
Docker Hub
Docker Hub provides the following major features:
- Image Repositories
- Automated Builds
- WebHooks
- Organitions
- Github and Bitbucket Integration
Getting images from remote Docker registires.
[root@docker2 ~]# docker pull :[:]/[namespace/]: [root@docker2 ~]# docker pull quay.io/coreos/flannel
Using default tag: latest
Error response from daemon: manifest for quay.io/coreos/flannel:latest not found
[root@docker2 ~]# docker pull quay.io/coreos/flannel:v0.10.0-amd64
v0.10.0-amd64: Pulling from coreos/flannel
ff3a5c916c92: Pull complete
8a8433d1d437: Pull complete
306dc0ee491a: Pull complete
856cbd0b7b9c: Pull complete
af6d1e4decc6: Pull complete
Digest: sha256:88f2b4d96fae34bfff3d46293f7f18d1f9f3ca026b4a4d288f28347fcb6580ac
Status: Downloaded newer image for quay.io/coreos/flannel:v0.10.0-amd64
镜像的生成途径:
- Dockerfile
- 基于容器制作
- Docker Hub automated builds
基于容器制作镜像:
创建一个基于busybox镜像,名字为b2的容器:
创建个目录和文件
[root@docker2 ~]# docker container run --name b2 -it busybox
/ #
/ # ls /
bin dev etc home proc root sys tmp usr var
/ # mkdir -p /data/html
/ # echo "Welcome to busybox!" > /data/html/index.html
/ #
新开终端,创建镜像:
[root@docker2 ~]# docker commit --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
Options:
-a, --author string Author (e.g., "John Hannibal Smith ")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
[root@docker2 ~]# docker commit -p b2
sha256:71e8e2f3a3a5154940dbb3a7926d2a084bb253eb90b4f1759f9a420610b5a7ca
[root@docker2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
71e8e2f3a3a5 5 seconds ago 1.15MB
redis 5 5d2989ac9711 32 hours ago 95MB
nginx 1.15-alpine 315798907716 3 days ago 17.8MB
busybox latest 758ec7f3a1ee 4 days ago 1.15MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 11 months ago 44.6MB 打标签:
[root@docker2 ~]# docker tag --help
Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
[root@docker2 ~]# docker tag 71e8e2f3a3a5 uscwifi/httpd:v0.1-1
[root@docker2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd v0.1-1 71e8e2f3a3a5 3 minutes ago 1.15MB
redis 5 5d2989ac9711 32 hours ago 95MB
nginx 1.15-alpine 315798907716 3 days ago 17.8MB
busybox latest 758ec7f3a1ee 4 days ago 1.15MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 11 months ago 44.6MB[root@docker2 ~]# docker tag uscwifi/httpd:v0.1-1 uscwifi/httpd:latest
[root@docker2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd latest 71e8e2f3a3a5 4 minutes ago 1.15MB
uscwifi/httpd v0.1-1 71e8e2f3a3a5 4 minutes ago 1.15MB
redis 5 5d2989ac9711 32 hours ago 95MB
nginx 1.15-alpine 315798907716 3 days ago 17.8MB
busybox latest 758ec7f3a1ee 4 days ago 1.15MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 11 months ago 44.6MB查看镜像详情:
[root@docker2 ~]# docker inspect uscwifi/httpd:latest 用此镜像创建容器测试:
[root@docker2 ~]# docker container run --name t1 -it uscwifi/httpd:latest
/ # ls /
bin data dev etc home proc root sys tmp usr var
/ # cat /data/html/index.html
Welcome to busybox!
/ #
基于容器制作第二个镜像:
-a指定作者为uscwifi.cn,-c指定了启动容器运行的命令为/bin/httpd -f -h /data/html,-p指定创建镜像时暂停容器,指定容器b2,镜像标签为uscwifi/httpd:v0.2
[root@docker2 ~]# docker commit --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
Options:
-a, --author string Author (e.g., "John Hannibal Smith ")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
[root@docker2 ~]# docker commit -a "uscwifi.cn" -c 'CMD ["/bin/httpd","-f","-h","/data/html"]' -p b2 uscwifi/httpd:v0.2
sha256:a83a2c1ac8b323164e6143d302ee9c9d2e380956181390c67d38b5454ba4883c
[root@docker2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd v0.2 a83a2c1ac8b3 5 seconds ago 1.15MB
uscwifi/httpd latest 71e8e2f3a3a5 21 minutes ago 1.15MB
uscwifi/httpd v0.1-1 71e8e2f3a3a5 21 minutes ago 1.15MB
redis 5 5d2989ac9711 32 hours ago 95MB
nginx 1.15-alpine 315798907716 3 days ago 17.8MB
busybox latest 758ec7f3a1ee 4 days ago 1.15MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 11 months ago 44.6MB 利用该镜像创建一个容器:
[root@docker2 ~]# docker run --name t2 uscwifi/httpd:v0.2新开shell查看:
[root@docker2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b4c9c77e60c0 uscwifi/httpd:v0.2 "/bin/httpd -f -h /d…" 56 seconds ago Up 53 seconds t2
8ab7e978debc busybox "sh" 29 minutes ago Up 29 minutes b2
b2a481f1fde0 redis:5 "docker-entrypoint.s…" 3 hours ago Up 3 hours 6379/tcp kvstor1
aa7f935730ed nginx:1.15-alpine "nginx -g 'daemon of…" 3 hours ago Up 3 hours 80/tcp web1
[root@docker2 ~]# docker inspect t2 | grep -i ipaddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.5",
"IPAddress": "172.17.0.5",
[root@docker2 ~]# curl 172.17.0.5
Welcome to busybox!
推镜像到dockerhub:
得先在dockerhub注册账号并创建仓库
登陆docker:
[root@docker2 ~]# docker login --help
Usage: docker login [OPTIONS] [SERVER]
Log in to a Docker registry
Options:
-p, --password string Password
--password-stdin Take the password from stdin
-u, --username string Username
[root@docker2 ~]# docker login -u uscwifi
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded开始推镜像:
[root@docker2 ~]# docker push uscwifi/httpd
The push refers to repository [docker.io/uscwifi/httpd]
07e1846f60c6: Pushed
23bc2b70b201: Mounted from library/busybox
latest: digest: sha256:7a97db1f2b88d5a4ac5d873f91ef33284f6ea1f49538ce20fe2168b586a79b11 size: 734
07e1846f60c6: Layer already exists
23bc2b70b201: Layer already exists
v0.1-1: digest: sha256:7a97db1f2b88d5a4ac5d873f91ef33284f6ea1f49538ce20fe2168b586a79b11 size: 734
c8afcb5503d3: Pushed
23bc2b70b201: Layer already exists
v0.2: digest: sha256:7bc2e3c0bca86a692501522ff7adf637c1fcda87fca23a754e7db68f00c80f54 size: 734web界面查看:
阿里云镜像仓库:
创建仓库:
登陆docker
[root@docker2 ~]# docker logout
Removing login credentials for https://index.docker.io/v1/
[root@docker2 ~]# docker login --username=156****8129 registry.cn-shanghai.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded打tag,并push:
[root@docker2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd v0.2 a83a2c1ac8b3 37 minutes ago 1.15MB
uscwifi/httpd latest 71e8e2f3a3a5 About an hour ago 1.15MB
uscwifi/httpd v0.1-1 71e8e2f3a3a5 About an hour ago 1.15MB
redis 5 5d2989ac9711 33 hours ago 95MB
nginx 1.15-alpine 315798907716 3 days ago 17.8MB
busybox latest 758ec7f3a1ee 4 days ago 1.15MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 11 months ago 44.6MB
[root@docker2 ~]# docker tag uscwifi/httpd:v0.2 registry.cn-shanghai.aliyuncs.com/uscwifi/httpd:v0.2
[root@docker2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd v0.2 a83a2c1ac8b3 38 minutes ago 1.15MB
registry.cn-shanghai.aliyuncs.com/uscwifi/httpd v0.2 a83a2c1ac8b3 38 minutes ago 1.15MB
uscwifi/httpd latest 71e8e2f3a3a5 About an hour ago 1.15MB
uscwifi/httpd v0.1-1 71e8e2f3a3a5 About an hour ago 1.15MB
redis 5 5d2989ac9711 33 hours ago 95MB
nginx 1.15-alpine 315798907716 3 days ago 17.8MB
busybox latest 758ec7f3a1ee 4 days ago 1.15MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 11 months ago 44.6MB
[root@docker2 ~]# docker push registry.cn-shanghai.aliyuncs.com/uscwifi/httpd
The push refers to repository [registry.cn-shanghai.aliyuncs.com/uscwifi/httpd]
c8afcb5503d3: Pushed
23bc2b70b201: Pushed
v0.2: digest: sha256:7bc2e3c0bca86a692501522ff7adf637c1fcda87fca23a754e7db68f00c80f54 size: 734web界面查看:
本地打包镜像传到另一机器测试
docker save -o
[root@docker2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd v0.2 a83a2c1ac8b3 About an hour ago 1.15MB
registry.cn-shanghai.aliyuncs.com/uscwifi/httpd v0.2 a83a2c1ac8b3 About an hour ago 1.15MB
uscwifi/httpd latest 71e8e2f3a3a5 About an hour ago 1.15MB
uscwifi/httpd v0.1-1 71e8e2f3a3a5 About an hour ago 1.15MB
redis 5 5d2989ac9711 33 hours ago 95MB
nginx 1.15-alpine 315798907716 3 days ago 17.8MB
busybox latest 758ec7f3a1ee 4 days ago 1.15MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 11 months ago 44.6MB
[root@docker2 ~]# docker save -o myimages.gz uscwifi/httpd:v0.1-1 uscwifi/httpd:v0.2
[root@docker2 ~]# ls
anaconda-ks.cfg myimages.gz
[root@docker2 ~]# scp myimages.gz [email protected]:/root
The authenticity of host '192.168.2.163 (192.168.2.163)' can't be established.
ECDSA key fingerprint is SHA256:zPzQZA1fX/6pjipdAJc7Q4dPC6kHUTXdsf39ACWl1Ho.
ECDSA key fingerprint is MD5:44:99:bb:dc:09:65:2f:34:53:32:f6:77:c1:7d:7e:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.163' (ECDSA) to the list of known hosts.
[email protected]'s password:
myimages.gz load镜像:
[root@docker1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker1 ~]# ls
anaconda-ks.cfg myimages.gz
[root@docker1 ~]# docker load --help
Usage: docker load [OPTIONS]
Load an image from a tar archive or STDIN
Options:
-i, --input string Read from tar archive file, instead of STDIN
-q, --quiet Suppress the load output
[root@docker1 ~]# docker load -i myimages.gz
23bc2b70b201: Loading layer [==================================================>] 1.37MB/1.37MB
07e1846f60c6: Loading layer [==================================================>] 5.12kB/5.12kB
Loaded image: uscwifi/httpd:v0.1-1
c8afcb5503d3: Loading layer [==================================================>] 5.12kB/5.12kB
Loaded image: uscwifi/httpd:v0.2
[root@docker1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd v0.2 a83a2c1ac8b3 About an hour ago 1.15MB
uscwifi/httpd v0.1-1 71e8e2f3a3a5 About an hour ago 1.15MB