Docker技术入门与实战 第9章 操作系统

目前常用的Linux发行版主要包括Debian/Ubuntu系列和CentOS/Fedora系统。前者以自带软件包版本较新而出名,后者则宣称运行更稳定一些。选择哪个操作系统取决于读者的具体需求。同时,社区学推出了完全基于Docker的Linux发行版CentOS。

使用Docker,只需要一个命令就能快速获取一个Linux发行版镜像,这是以往包括各种虚拟化技术都难以实现的。这些镜像一般都很精简,但是可以支持完整Linux系统的大部分功能。

本章将介绍如何使用Docker安装和使用BusyBox、Alphine、Debin/Ubuntu、CentOS/Fedora等操作系统。

9.1 BusyBox

BusyBox是一个集成了一百多个最常用Linux命令和工具的精简工具箱,它只有几MB的大小,很方便进行各种快速验证。

在Docker Hub中搜索busybox相关的镜像:

[root@localhost ~]# docker search busybox
NAME                        DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
busybox                     Busybox base image.                             1251                [OK]                
progrium/busybox                                                            66                                      [OK]
hypriot/rpi-busybox-httpd   Raspberry Pi compatible Docker Image with a …   40                                      
radial/busyboxplus          Full-chain, Internet enabled, busybox made f…   19                                      [OK]
hypriot/armhf-busybox       Busybox base image for ARM.                     9                                       
arm32v7/busybox             Busybox base image.                             5                                       
armhf/busybox               Busybox base image.                             4                                       
i386/busybox                Busybox base image.                             2                                       
p7ppc64/busybox             Busybox base image for ppc64.                   2                                       
prom/busybox                Prometheus Busybox Docker base images           2                                       [OK]
aarch64/busybox             Busybox base image.                             2                                       
yauritux/busybox-curl       Busybox with CURL                               2                                       
sequenceiq/busybox                                                          2                                       [OK]
s390x/busybox               Busybox base image.                             2                                       
armel/busybox               Busybox base image.                             2                                       
onsi/grace-busybox                                                          2                                       
ppc64le/busybox             Busybox base image.                             1                                       
arm64v8/busybox             Busybox base image.                             1                                       
spotify/busybox             Spotify fork of https://hub.docker.com/_/bus…   1                                       
odise/busybox-curl                                                          1                                       [OK]
concourse/busyboxplus                                                       0                                       
ggtools/busybox-ubuntu      Busybox ubuntu version with extra goodies       0                                       [OK]
cfgarden/garden-busybox                                                     0                                       
trollin/busybox                                                             0                                       
amd64/busybox               Busybox base image.                             0                                       

用户可以使用docker pull指令下载镜像busybox:latest

[root@localhost ~]# dockekr pull busybox:latlst

下载后,可以看到busybox镜像只有1.15M

[root@localhost ~]# docker images
REPOSITORY                                   TAG                 IMAGE ID            CREATED             SIZE                                     7                   e934aafc2206        4 weeks ago         199MB
busybox                                      latest              8ac48589692a        5 weeks ago         1.15MB

启动一人busybox容器,并在容器内查看挂载信息,如下所示:

[root@localhost ~]# docker run -it busybox
/ # mount
rootfs on / type rootfs (rw)
/dev/mapper/docker-253:0-68001902-e3fbd5b445be3be17b7696e714f4b5619c86aefd2960655c6f7eae2898558734 on / type xfs (rw,seclabel,relatime,nouuid,attr2,inode64,logbsize=64k,sunit=128,swidth=128,noquota)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
sysfs on /sys type sysfs (ro,seclabel,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,seclabel,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/net_cls type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (ro,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
mqueue on /dev/mqueue type mqueue (rw,seclabel,nosuid,nodev,noexec,relatime)
/dev/mapper/centos-root on /etc/resolv.conf type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hostname type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hosts type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
shm on /dev/shm type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=65536k)
devpts on /dev/console type devpts (rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
proc on /proc/sysrq-trigger type proc (ro,relatime)
tmpfs on /proc/kcore type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/keys type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/timer_list type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/timer_stats type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/sched_debug type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/scsi type tmpfs (ro,seclabel,relatime)
tmpfs on /sys/firmware type tmpfs (ro,seclabel,relatime)
/ # 

busybox镜像虽然小巧,但包括了大量常见的Linux命令,读者可以用它快速熟悉Linux命令。

9.2 Alpine

包管理工具:

https://pkgs.alpinelinux.org/packages 查询包信息。

通过apk命令直接查询安装各种软件。

1.使用官方镜像

[root@localhost ~]# docker run alpine echo '123'
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
ff3a5c916c92: Pull complete 
Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0
Status: Downloaded newer image for alpine:latest
123

用了7s

[root@localhost ~]# time docker run alpine echo '123'  
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
ff3a5c916c92: Pull complete 
Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0
Status: Downloaded newer image for alpine:latest
123

real    0m7.072s
user    0m0.139s
sys     0m0.038s

9.3 Debian/Ubuntu

1.Debian系统简介和使用

搜索debian镜像

[root@localhost ~]# docker search debian
NAME                                DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
ubuntu                              Ubuntu is a Debian-based Linux operating sys…   7657                [OK]                
debian                              Debian is a Linux distribution that's compos…   2567                [OK]                
google/debian                                                                       52                                      [OK]
neurodebian                         NeuroDebian provides neuroscience research s…   50                  [OK]                
arm32v7/debian                      Debian is a Linux distribution that's compos…   35                                      
armhf/debian                        Debian is a Linux distribution that's compos…   31                                      
itscaro/debian-ssh                  debian:jessie                                   23                                      [OK]
resin/armv7hf-debian                Debian is a Linux distro composed entirely o…   18                                      
samueldebruyn/debian-git            a minimal docker container with debian and g…   16                                      [OK]
eboraas/debian                      Debian base images, for all currently-availa…   8                                       [OK]
i386/debian                         Debian is a Linux distribution that's compos…   7                                       
rockyluke/debian                    Docker images of Debian.                        5                                       
smartentry/debian                   debian with smartentry                          4                                       [OK]
vergissberlin/debian-development    Docker debian image to use for development, …   4                                       [OK]
vicamo/debian                       Debian docker images for all versions/archit…   3                                       
ppc64le/debian                      Debian is a Linux distribution that's compos…   2                                       
s390x/debian                        Debian is a Linux distribution that's compos…   2                                       
vpgrp/debian                        Docker images of Debian.                        1                                       
holgerimbery/debian                 debian multiarch docker base image              1                                       
dockershelf/debian                  Repository for docker images of Debian. Test…   1                                       [OK]
jdub/debian-sources-resource        Concourse CI resource to check for updated D…   0                                       [OK]
trollin/debian                                                                      0                                       
igneoussystems/base-debian-client   Base image for debian clients                   0                                       
casept/debian-amd64                 A debian image built from scratch. Mostly fo…   0                                       
fleshgrinder/debian                 Debian base images for production and multis…   0                                       [OK]
[root@localhost ~]# 
面向科研领域neurodebin镜像
[root@localhost ~]# docker run -it debian bash  
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
cc1a78bfd46b: Pull complete 
Digest: sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f
Status: Downloaded newer image for debian:latest
root@f4d68aee7222:/# 
debian镜像很适合作为基础镜像,用于构建自定义镜像。

2.ubuntu系统简介和使用

ubuntu相关镜像有很多,在docker hub 上使用-s 10 参数进行搜索,只搜索那些收藏10次以上的镜像:

[root@localhost ~]# docker search -s 10 ubuntu
Flag --stars has been deprecated, use --filter=stars=3 instead
NAME                                                   DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
ubuntu                                                 Ubuntu is a Debian-based Linux operating sys…   7657                [OK]                
dorowu/ubuntu-desktop-lxde-vnc                         Ubuntu with openssh-server and NoVNC            180                                     [OK]
rastasheep/ubuntu-sshd                                 Dockerized SSH service, built on top of offi…   146                                     [OK]
ansible/ubuntu14.04-ansible                            Ubuntu 14.04 LTS with ansible                   91                                      [OK]
ubuntu-upstart                                         Upstart is an event-based replacement for th…   86                  [OK]                
neurodebian                                            NeuroDebian provides neuroscience research s…   50                  [OK]                
ubuntu-debootstrap                                     debootstrap --variant=minbase --components=m…   38                  [OK]                
1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5   ubuntu-16-nginx-php-phpmyadmin-mysql-5          34                                      [OK]
nuagebec/ubuntu                                        Simple always updated Ubuntu docker images w…   23                                      [OK]
tutum/ubuntu                                           Simple Ubuntu docker images with SSH access     18                                      
i386/ubuntu                                            Ubuntu is a Debian-based Linux operating sys…   13                                      
ppc64le/ubuntu                                         Ubuntu is a Debian-based Linux operating sys…   12  

下面以Ubuntu 14.04为例,演示如何使用该容器安装一些常用软件。

    首先使用-ti参数启动容器,登录bash,查看ubuntu的发行版本号:

[root@localhost ~]# docker run -ti ubuntu:14.04 /bin/bash
root@b412a5b98153:/# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.5 LTS
Release:        14.04
Codename:       trusty
root@b412a5b98153:/# 

当月试图直接使用apt-get安装一个软件的时候,会提示E: Unable to locate package curl

root@b412a5b98153:/# apt-get install curl
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package curl

怕并非系统不支持apt-get命令。Docker镜像在制作时为了精简清除了apt仓库信息,因此需要执行apt-get update命令来更新仓库信息。更新信息后,即可成功通过apt-get命令安装软件:

root@b412a5b98153:/# apt-get update
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]           
Ign http://archive.ubuntu.com trusty InRelease             
Get:2 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:3 http://security.ubuntu.com trusty-security/universe Sources [88.0 kB]    
Get:4 http://archive.ubuntu.com trusty-backports InRelease [65.9 kB]           
Get:5 http://archive.ubuntu.com trusty Release.gpg [933 B]                     
Get:6 http://security.ubuntu.com trusty-security/main amd64 Packages [913 kB]  
Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [252 kB]       
Get:8 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1339 kB]   
Get:9 http://security.ubuntu.com trusty-security/restricted amd64 Packages [18.1 kB]
Get:10 http://security.ubuntu.com trusty-security/universe amd64 Packages [289 kB]
Get:11 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [21.4 kB]
Get:12 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [584 kB]
Get:13 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4725 B]
Get:14 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [16.0 kB]
Get:15 http://archive.ubuntu.com trusty-backports/main amd64 Packages [14.7 kB]
Get:16 http://archive.ubuntu.com trusty-backports/restricted amd64 Packages [40 B]
Get:17 http://archive.ubuntu.com trusty-backports/universe amd64 Packages [52.5 kB]
Get:18 http://archive.ubuntu.com trusty-backports/multiverse amd64 Packages [1392 B]
Get:19 http://archive.ubuntu.com trusty Release [58.5 kB]                      
Get:20 http://archive.ubuntu.com trusty/universe Sources [7926 kB]             
Get:21 http://archive.ubuntu.com trusty/main amd64 Packages [1743 kB]          
Get:22 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0 kB]    
Get:23 http://archive.ubuntu.com trusty/universe amd64 Packages [7589 kB]      
Get:24 http://archive.ubuntu.com trusty/multiverse amd64 Packages [169 kB]     
Fetched 21.3 MB in 40s (523 kB/s)                                              
Reading package lists... Done
root@b412a5b98153:/# 

安装curl 工具

root@b412a5b98153:/# apt-get install curl -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
...
Processing triggers for libc-bin (2.19-0ubuntu6.14) ...
Processing triggers for ca-certificates (20170717~14.04.1) ...
Updating certificates in /etc/ssl/certs... 148 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
root@b412a5b98153:/# 

接下来,再安装apache服务:

root@b412a5b98153:/# apt-get install -y apache2

启动这个apache服务,然后使用curl来测试本地访问:

root@b412a5b98153:/# service apache2 start
 * Starting web server apache2                                                                                                                                                  AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
 * 

配合使用-p参数对外映射服务端口,可以允许外来容器访问该服务。

9.4 Centos/Fedora

在Docker Hub上使用docker search命令搜索标星至少为25的CentOS相关镜像,如下所示:

[root@localhost ~]# docker search -f stars=25 centos
NAME                              DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
centos                            The official build of CentOS.                   4275                [OK]                
ansible/centos7-ansible           Ansible on Centos7                              109                                     [OK]
jdeathe/centos-ssh                CentOS-6 6.9 x86_64 / CentOS-7 7.4.1708 x86_…   95                                      [OK]
consol/centos-xfce-vnc            Centos container with "headless" VNC session…   52                                      [OK]
imagine10255/centos6-lnmp-php56   centos6-lnmp-php56                              40                                      [OK]
tutum/centos                      Simple CentOS docker image with SSH access      39                                      
gluster/gluster-centos            Official GlusterFS Image [ CentOS-7 +  Glust…   30                                      [OK]
centos/mysql-57-centos7           MySQL 5.7 SQL database server                   27                                      

2.Fedora系统简介及使用

在Docker Hub 上使用docker search命令来搜索标星至少为2的Fedrora相关镜像,结果如下:

[root@localhost ~]# docker search -f stars=2 fedora 
NAME                      DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
fedora                    Official Docker builds of Fedora                657                 [OK]                
mattdm/fedora             A basic Fedora image corresponding roughly t…   49                                      
fedora/apache                                                             34                                      [OK]
mattsch/fedora-nzbhydra   Fedora NZBHydra                                 5                                       [OK]
darksheer/fedora22        Base Fedora 22 Image -- Updated hourly          2                                       [OK]
vbatts/fedora-varnish     https://github.com/vbatts/laughing-octo/tree…   2                                       [OK]

使用docker run 命令直接运行Fedora官方镜像,并登录bash:

[root@localhost ~]# docker run -it fedora bash
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
e71c36a80ba9: Pull complete 
Digest: sha256:74d8985b737de78af3d06450b8e48768b66fedf8868684e8fcf47c8253f84282
Status: Downloaded newer image for fedora:latest
[root@6811667a13ac /]# cat /etc/redhat-release 
Fedora release 28 (Twenty Eight)
[root@6811667a13ac /]# 

9.5 本章小结

    本章讲解了典型操作系统镜像的下载和使用,除了官方的镜像之外,在Docker Hub上还有许多第三方组织或个人上传的Docker镜像。读者可以根据具体情况来选择。一般来说注意如下 几点:

    官方镜像体积都比较小,只带有一些基本的组件。精简的系统有利于安全、稳定和高效运行,也适合进行定制。

    个别第三方镜像(如tutum,已被Docker收购)质量非常高。这些镜像通常针对某个具体应用进行配置,比如、包含LAMP组件的Ubuntu镜像。

    出于安全考虑,几乎所有的官方制作的镜像都没有安装SSH服务,无法使用用户名和密码直接登录。

    后续章节中,笔者将介绍如何创建一个带SSH服务的Docker镜像。

你可能感兴趣的:(Docker技术入门与实战)