一、使用Docker的限制
1、要想使用linux容器,内核版本要高于3.8以上,并且至少在linux内核级要支持两种技术,namespaces和CGroups。接着借助于在用户空间组织一些工具,利用内核级所提供的这些技术, 从而实现容器运行的目的,Docker在容器运行使用简化的道路上又近了一步,Docker提供了镜像,而且是分层构建联合挂载的方式,使得容器技术的使用更加被简化。后来在Docker的主导下,又有了OCI和OCF标准。
OCI(Open Container Initiative):由Linux基金会主导于2015年6月创立,OCI定义了容器运行时的标准,
OCI有两部分组成:
the Runtime Specification:运行时标准
the image Specification:镜像格式标准
OCF(Open Container Format):runC是Docker按照开放容器格式标准(OCF)制定的一种具体实现,runC是从Docker的libcontainer中迁移而来的,实现了容器启停,资源隔离等功能,Docker默认提供了docker-runc实现。
二、Docker的镜像
默认Docker的镜像是集中放置在Docker Hub上的,docker在创建容器时,Docker会先检查本地是否有镜像,如果没有会到docker hub上去下载指定的镜像到本地,并且下载下来的镜像在容器使用结束后不会删除,镜像是不可修改的,只能重构。下面是docker的整体架构
三、Docker的安装及使用
3.1、依赖及基础环境:
1、64 bits CPU
2、Linux Kernel 3.10+
3、 Linux Kernel cgroups and namespaces
3.2、centos 7安装方式
1、extras repository;默认centos7的yum仓库extras就有docker,版本比较老,下载新版本的docker的yum仓库
[root@MiWiFi-R3L-srv ~]# cd /etc/yum.repos.d/ [root@MiWiFi-R3L-srv yum.repos.d]# wget https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo [root@MiWiFi-R3L-srv yum.repos.d]# sed -i 's#https://download.docker.com#https://mirrors.tuna.tsinghua.edu.cn/docker-ce#g' docker-ce.repo [root@MiWiFi-R3L-srv yum.repos.d]# yum update [root@MiWiFi-R3L-srv yum.repos.d]# yum install docker-ce
2、docker-ce的配置文件;需要手动创建
[root@MiWiFi-R3L-srv yum.repos.d]# mkdir /etc/docker/ [root@MiWiFi-R3L-srv docker]# echo -e '{\n\t"registry-mirrors": ["https://registry.docker-cn.com"]\n}' >/etc/docker/daemon.json [root@MiWiFi-R3L-srv docker]# systemctl start docker.service [root@MiWiFi-R3L-srv docker]# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.06.1-ce Storage Driver: overlay2 # docker要实现分层构建,联合挂载。必须使用这种文件系统来支持。在centos7.4以前用的是device mapper,这种是lvm的实现,在docker上性能极差,还不稳定,已经废弃。 ...... ...... ......
在能看到上面的一系列信息,说明docker已经安装成功并可以使用了
3、docker 仓库格式
[root@MiWiFi-R3L-srv docker]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 10034 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con?? 1440 [OK] richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of?? 633 [OK] jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as p?? 428 [OK] kong Open-source Microservice & API Management la?? 237 [OK] webdevops/php-nginx Nginx with PHP-FPM 117 [OK] kitematic/hello-world-nginx A light-weight nginx container that demonstr?? 112 zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server wi?? 74 [OK] bitnami/nginx Bitnami nginx Docker Image 58 [OK] 1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 48 [OK] linuxserver/nginx An Nginx container, brought to you by LinuxS?? 42 tobi312/rpi-nginx NGINX on Raspberry Pi / armhf 23 [OK] blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 12 [OK] wodby/drupal-nginx Nginx for Drupal container image 11 [OK] centos/nginx-18-centos7 Platform for running nginx 1.8 or building n?? 8 webdevops/nginx Nginx container 8 [OK] nginxdemos/hello NGINX webserver that serves a simple page co?? 8 [OK] centos/nginx-112-centos7 Platform for running nginx 1.12 or building ?? 5 1science/nginx Nginx Docker images that include Consul Temp?? 4 [OK] travix/nginx NGinx reverse proxy 2 [OK] mailu/nginx Mailu nginx frontend 2 [OK] pebbletech/nginx-proxy nginx-proxy sets up a container running ngin?? 2 [OK] toccoag/openshift-nginx Nginx reverse proxy for Nice running on same?? 1 [OK] ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 0 [OK] wodby/nginx Generic nginx 0 [OK]
上面列表中,没有/分隔开的仓库是顶级仓库,一般是docker hub官方的。带/分隔开的是个人用户创建的镜像
4、启动一个docker镜像
docker run命令启动容器时会先在本地仓库查找镜像,如果没有在去docker hub仓库中下载镜像并启动
[root@MiWiFi-R3L-srv docker]# docker container run --name nginx1 -d nginx:stable Unable to find image 'nginx:stable' locally # 说明本地仓库中没有nginx:stable镜像 stable: Pulling from library/nginx f17d81b4b692: Pull complete 3df1ab0a1750: Pull complete 576b56a453df: Pull complete Digest: sha256:8b600a4d029481cc5b459f1380b30ff6cb98e27544fc02370de836e397e34030 Status: Downloaded newer image for nginx:stable # 从docker hub仓库中下载nginx:stable镜像成功 d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1 [root@MiWiFi-R3L-srv docker]# docker container ls # 查看正在运行的容器,发现nginx:stable已经正常运行 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 4 minutes ago Up 4 minutes 80/tcp nginx1
查看正在运行的容器详细信息
[root@MiWiFi-R3L-srv docker]# docker container inspect nginx1 [ { "Id": "d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1", "Created": "2018-10-31T13:45:39.761183953Z", "Path": "nginx", "Args": [ "-g", "daemon off;" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 30605, "ExitCode": 0, "Error": "", "StartedAt": "2018-10-31T13:45:40.064902138Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:ecc98fc2f376d6560311b66d6958e4350a5a485ee07aa2d1235842d0bce440da", "ResolvConfPath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/resolv.conf", "HostnamePath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/hostname", "HostsPath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/hosts", "LogPath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1-json.log", "Name": "/nginx1", "RestartCount": 0, "Driver": "overlay2", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "default", "PortBindings": {}, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0, "MaskedPaths": [ "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware" ], "ReadonlyPaths": [ "/proc/asound", "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ] }, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b-init/diff:/var/lib/docker/overlay2/30039edd43cad0ec36a0fb2e546da0b33bb38336d2fa548e2cfca11a382b1ecb/diff:/var/lib/docker/overlay2/3e588e0ac8a29338bf759041cee08eff0bc955e47f7f32b0fe65c6536cb83a2b/diff:/var/lib/docker/overlay2/c80f5826b0afb09f3cd5ff12fa5a16e67aa2aaed0ae7ea0b36aeffc218559abd/diff", "MergedDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b/merged", "UpperDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b/diff", "WorkDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b/work" }, "Name": "overlay2" }, "Mounts": [], "Config": { "Hostname": "d5eb28ecbc5c", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.14.0-1~stretch", "NJS_VERSION=1.14.0.0.2.0-1~stretch" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "ArgsEscaped": true, "Image": "nginx:stable", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "NGINX Docker Maintainers" }, "StopSignal": "SIGTERM" }, "NetworkSettings": { "Bridge": "", "SandboxID": "045cba9e5a6f39424dfb35c57d0ca43c9e335004d76c3dda36552aac740e014f", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": null }, "SandboxKey": "/var/run/docker/netns/045cba9e5a6f", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "3c28fb379c1c2018d05ae03ff163aae9a0c5c12621282e0d98f803daadaf97a6", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:02", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "0a0cc62c3f1fba5667917f833b002ad0f5c1342acb61ff67317e17544e7a7ea1", "EndpointID": "3c28fb379c1c2018d05ae03ff163aae9a0c5c12621282e0d98f803daadaf97a6", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } } } } ]
IPAddress是当前容器监听的网络地址,下面尝试访问nginx
[root@MiWiFi-R3L-srv docker]# curl 172.17.0.2Welcome to nginx! Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.Thank you for using nginx.
5、停止一个容器
[root@MiWiFi-R3L-srv docker]# docker container stop nginx1 # 停止一个运行中的容器,kill相当于 kill -9 ,stop相当于kill -15 nginx1 [root@MiWiFi-R3L-srv docker]# docker container ls # ls 只能看到正在运行中的容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@MiWiFi-R3L-srv docker]# docker container ls -a # ls -a 可以看到停止状态的容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 11 minutes ago Exited (0) 10 seconds ago nginx1
6、启动一个停止的容器
[root@MiWiFi-R3L-srv docker]# docker container start nginx1 nginx1 [root@MiWiFi-R3L-srv docker]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 14 minutes ago Up 3 seconds 80/tcp nginx1
7、暂停/取消暂停一个运行中的容器
[root@MiWiFi-R3L-srv docker]# docker container pause nginx1 # 暂停一个nginx容器 nginx1 [root@MiWiFi-R3L-srv docker]# docker container ls # 可以看到nginx的容器现在处于Paused状态 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 15 minutes ago Up About a minute (Paused) 80/tcp nginx1 [root@MiWiFi-R3L-srv docker]# [root@MiWiFi-R3L-srv docker]# docker container unpause nginx1 # 取消一个容器的暂停状态 nginx1 [root@MiWiFi-R3L-srv docker]# docker container ls # nginx容器的状态又恢复运行 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 16 minutes ago Up About a minute 80/tcp nginx1
8、在容器中执行交互命令
[root@MiWiFi-R3L-srv docker]# docker container exec -it redis1 /bin/sh
/data # ps
PID USER TIME COMMAND
1 redis 0:00 redis-server
25 root 0:00 /bin/sh
29 root 0:00 ps
9、在终端查看容器中进程的日志
[root@MiWiFi-R3L-srv docker]# docker container logs nginx1 172.17.0.1 - - [31/Oct/2018:13:54:40 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 172.17.0.1 - - [31/Oct/2018:14:02:19 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 172.17.0.1 - - [31/Oct/2018:14:14:17 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
四、docker容器的状态转换和各常用命令