目前常用的Linux发行版主要包括Debian/Ubuntu系列和CentOS/Fedora系统。前者以自带软件包版本较新而出名,后者则宣称运行更稳定一些。选择哪个操作系统取决于读者的具体需求。同时,社区学推出了完全基于Docker的Linux发行版CentOS。
使用Docker,只需要一个命令就能快速获取一个Linux发行版镜像,这是以往包括各种虚拟化技术都难以实现的。这些镜像一般都很精简,但是可以支持完整Linux系统的大部分功能。
本章将介绍如何使用Docker安装和使用BusyBox、Alphine、Debin/Ubuntu、CentOS/Fedora等操作系统。
9.1 BusyBox
BusyBox是一个集成了一百多个最常用Linux命令和工具的精简工具箱,它只有几MB的大小,很方便进行各种快速验证。
在Docker Hub中搜索busybox相关的镜像:
[root@localhost ~]# docker search busybox
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 1251 [OK]
progrium/busybox 66 [OK]
hypriot/rpi-busybox-httpd Raspberry Pi compatible Docker Image with a … 40
radial/busyboxplus Full-chain, Internet enabled, busybox made f… 19 [OK]
hypriot/armhf-busybox Busybox base image for ARM. 9
arm32v7/busybox Busybox base image. 5
armhf/busybox Busybox base image. 4
i386/busybox Busybox base image. 2
p7ppc64/busybox Busybox base image for ppc64. 2
prom/busybox Prometheus Busybox Docker base images 2 [OK]
aarch64/busybox Busybox base image. 2
yauritux/busybox-curl Busybox with CURL 2
sequenceiq/busybox 2 [OK]
s390x/busybox Busybox base image. 2
armel/busybox Busybox base image. 2
onsi/grace-busybox 2
ppc64le/busybox Busybox base image. 1
arm64v8/busybox Busybox base image. 1
spotify/busybox Spotify fork of https://hub.docker.com/_/bus… 1
odise/busybox-curl 1 [OK]
concourse/busyboxplus 0
ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK]
cfgarden/garden-busybox 0
trollin/busybox 0
amd64/busybox Busybox base image. 0
用户可以使用docker pull指令下载镜像busybox:latest
[root@localhost ~]# dockekr pull busybox:latlst
下载后,可以看到busybox镜像只有1.15M
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE 7 e934aafc2206 4 weeks ago 199MB
busybox latest 8ac48589692a 5 weeks ago 1.15MB
启动一人busybox容器,并在容器内查看挂载信息,如下所示:
[root@localhost ~]# docker run -it busybox
/ # mount
rootfs on / type rootfs (rw)
/dev/mapper/docker-253:0-68001902-e3fbd5b445be3be17b7696e714f4b5619c86aefd2960655c6f7eae2898558734 on / type xfs (rw,seclabel,relatime,nouuid,attr2,inode64,logbsize=64k,sunit=128,swidth=128,noquota)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
sysfs on /sys type sysfs (ro,seclabel,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,seclabel,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/net_cls type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (ro,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
mqueue on /dev/mqueue type mqueue (rw,seclabel,nosuid,nodev,noexec,relatime)
/dev/mapper/centos-root on /etc/resolv.conf type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hostname type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hosts type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
shm on /dev/shm type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=65536k)
devpts on /dev/console type devpts (rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
proc on /proc/sysrq-trigger type proc (ro,relatime)
tmpfs on /proc/kcore type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/keys type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/timer_list type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/timer_stats type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/sched_debug type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755)
tmpfs on /proc/scsi type tmpfs (ro,seclabel,relatime)
tmpfs on /sys/firmware type tmpfs (ro,seclabel,relatime)
/ #
busybox镜像虽然小巧,但包括了大量常见的Linux命令,读者可以用它快速熟悉Linux命令。
9.2 Alpine
包管理工具:
https://pkgs.alpinelinux.org/packages 查询包信息。
通过apk命令直接查询安装各种软件。
1.使用官方镜像
[root@localhost ~]# docker run alpine echo '123'
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
ff3a5c916c92: Pull complete
Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0
Status: Downloaded newer image for alpine:latest
123
用了7s
[root@localhost ~]# time docker run alpine echo '123'
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
ff3a5c916c92: Pull complete
Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0
Status: Downloaded newer image for alpine:latest
123
real 0m7.072s
user 0m0.139s
sys 0m0.038s
9.3 Debian/Ubuntu
1.Debian系统简介和使用
搜索debian镜像
[root@localhost ~]# docker search debian
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
ubuntu Ubuntu is a Debian-based Linux operating sys… 7657 [OK]
debian Debian is a Linux distribution that's compos… 2567 [OK]
google/debian 52 [OK]
neurodebian NeuroDebian provides neuroscience research s… 50 [OK]
arm32v7/debian Debian is a Linux distribution that's compos… 35
armhf/debian Debian is a Linux distribution that's compos… 31
itscaro/debian-ssh debian:jessie 23 [OK]
resin/armv7hf-debian Debian is a Linux distro composed entirely o… 18
samueldebruyn/debian-git a minimal docker container with debian and g… 16 [OK]
eboraas/debian Debian base images, for all currently-availa… 8 [OK]
i386/debian Debian is a Linux distribution that's compos… 7
rockyluke/debian Docker images of Debian. 5
smartentry/debian debian with smartentry 4 [OK]
vergissberlin/debian-development Docker debian image to use for development, … 4 [OK]
vicamo/debian Debian docker images for all versions/archit… 3
ppc64le/debian Debian is a Linux distribution that's compos… 2
s390x/debian Debian is a Linux distribution that's compos… 2
vpgrp/debian Docker images of Debian. 1
holgerimbery/debian debian multiarch docker base image 1
dockershelf/debian Repository for docker images of Debian. Test… 1 [OK]
jdub/debian-sources-resource Concourse CI resource to check for updated D… 0 [OK]
trollin/debian 0
igneoussystems/base-debian-client Base image for debian clients 0
casept/debian-amd64 A debian image built from scratch. Mostly fo… 0
fleshgrinder/debian Debian base images for production and multis… 0 [OK]
[root@localhost ~]#
面向科研领域neurodebin镜像
[root@localhost ~]# docker run -it debian bash
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
cc1a78bfd46b: Pull complete
Digest: sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f
Status: Downloaded newer image for debian:latest
root@f4d68aee7222:/#
debian镜像很适合作为基础镜像,用于构建自定义镜像。
2.ubuntu系统简介和使用
ubuntu相关镜像有很多,在docker hub 上使用-s 10 参数进行搜索,只搜索那些收藏10次以上的镜像:
[root@localhost ~]# docker search -s 10 ubuntu
Flag --stars has been deprecated, use --filter=stars=3 instead
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
ubuntu Ubuntu is a Debian-based Linux operating sys… 7657 [OK]
dorowu/ubuntu-desktop-lxde-vnc Ubuntu with openssh-server and NoVNC 180 [OK]
rastasheep/ubuntu-sshd Dockerized SSH service, built on top of offi… 146 [OK]
ansible/ubuntu14.04-ansible Ubuntu 14.04 LTS with ansible 91 [OK]
ubuntu-upstart Upstart is an event-based replacement for th… 86 [OK]
neurodebian NeuroDebian provides neuroscience research s… 50 [OK]
ubuntu-debootstrap debootstrap --variant=minbase --components=m… 38 [OK]
1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 34 [OK]
nuagebec/ubuntu Simple always updated Ubuntu docker images w… 23 [OK]
tutum/ubuntu Simple Ubuntu docker images with SSH access 18
i386/ubuntu Ubuntu is a Debian-based Linux operating sys… 13
ppc64le/ubuntu Ubuntu is a Debian-based Linux operating sys… 12
下面以Ubuntu 14.04为例,演示如何使用该容器安装一些常用软件。
首先使用-ti参数启动容器,登录bash,查看ubuntu的发行版本号:
[root@localhost ~]# docker run -ti ubuntu:14.04 /bin/bash
root@b412a5b98153:/# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
root@b412a5b98153:/#
当月试图直接使用apt-get安装一个软件的时候,会提示E: Unable to locate package curl
root@b412a5b98153:/# apt-get install curl
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package curl
怕并非系统不支持apt-get命令。Docker镜像在制作时为了精简清除了apt仓库信息,因此需要执行apt-get update命令来更新仓库信息。更新信息后,即可成功通过apt-get命令安装软件:
root@b412a5b98153:/# apt-get update
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]
Ign http://archive.ubuntu.com trusty InRelease
Get:2 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:3 http://security.ubuntu.com trusty-security/universe Sources [88.0 kB]
Get:4 http://archive.ubuntu.com trusty-backports InRelease [65.9 kB]
Get:5 http://archive.ubuntu.com trusty Release.gpg [933 B]
Get:6 http://security.ubuntu.com trusty-security/main amd64 Packages [913 kB]
Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [252 kB]
Get:8 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1339 kB]
Get:9 http://security.ubuntu.com trusty-security/restricted amd64 Packages [18.1 kB]
Get:10 http://security.ubuntu.com trusty-security/universe amd64 Packages [289 kB]
Get:11 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [21.4 kB]
Get:12 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [584 kB]
Get:13 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4725 B]
Get:14 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [16.0 kB]
Get:15 http://archive.ubuntu.com trusty-backports/main amd64 Packages [14.7 kB]
Get:16 http://archive.ubuntu.com trusty-backports/restricted amd64 Packages [40 B]
Get:17 http://archive.ubuntu.com trusty-backports/universe amd64 Packages [52.5 kB]
Get:18 http://archive.ubuntu.com trusty-backports/multiverse amd64 Packages [1392 B]
Get:19 http://archive.ubuntu.com trusty Release [58.5 kB]
Get:20 http://archive.ubuntu.com trusty/universe Sources [7926 kB]
Get:21 http://archive.ubuntu.com trusty/main amd64 Packages [1743 kB]
Get:22 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0 kB]
Get:23 http://archive.ubuntu.com trusty/universe amd64 Packages [7589 kB]
Get:24 http://archive.ubuntu.com trusty/multiverse amd64 Packages [169 kB]
Fetched 21.3 MB in 40s (523 kB/s)
Reading package lists... Done
root@b412a5b98153:/#
安装curl 工具
root@b412a5b98153:/# apt-get install curl -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
...
Processing triggers for libc-bin (2.19-0ubuntu6.14) ...
Processing triggers for ca-certificates (20170717~14.04.1) ...
Updating certificates in /etc/ssl/certs... 148 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
root@b412a5b98153:/#
接下来,再安装apache服务:
root@b412a5b98153:/# apt-get install -y apache2
启动这个apache服务,然后使用curl来测试本地访问:
root@b412a5b98153:/# service apache2 start
* Starting web server apache2 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
*
配合使用-p参数对外映射服务端口,可以允许外来容器访问该服务。
9.4 Centos/Fedora
在Docker Hub上使用docker search命令搜索标星至少为25的CentOS相关镜像,如下所示:
[root@localhost ~]# docker search -f stars=25 centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 4275 [OK]
ansible/centos7-ansible Ansible on Centos7 109 [OK]
jdeathe/centos-ssh CentOS-6 6.9 x86_64 / CentOS-7 7.4.1708 x86_… 95 [OK]
consol/centos-xfce-vnc Centos container with "headless" VNC session… 52 [OK]
imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 40 [OK]
tutum/centos Simple CentOS docker image with SSH access 39
gluster/gluster-centos Official GlusterFS Image [ CentOS-7 + Glust… 30 [OK]
centos/mysql-57-centos7 MySQL 5.7 SQL database server 27
2.Fedora系统简介及使用
在Docker Hub 上使用docker search命令来搜索标星至少为2的Fedrora相关镜像,结果如下:
[root@localhost ~]# docker search -f stars=2 fedora
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
fedora Official Docker builds of Fedora 657 [OK]
mattdm/fedora A basic Fedora image corresponding roughly t… 49
fedora/apache 34 [OK]
mattsch/fedora-nzbhydra Fedora NZBHydra 5 [OK]
darksheer/fedora22 Base Fedora 22 Image -- Updated hourly 2 [OK]
vbatts/fedora-varnish https://github.com/vbatts/laughing-octo/tree… 2 [OK]
使用docker run 命令直接运行Fedora官方镜像,并登录bash:
[root@localhost ~]# docker run -it fedora bash
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
e71c36a80ba9: Pull complete
Digest: sha256:74d8985b737de78af3d06450b8e48768b66fedf8868684e8fcf47c8253f84282
Status: Downloaded newer image for fedora:latest
[root@6811667a13ac /]# cat /etc/redhat-release
Fedora release 28 (Twenty Eight)
[root@6811667a13ac /]#
9.5 本章小结
本章讲解了典型操作系统镜像的下载和使用,除了官方的镜像之外,在Docker Hub上还有许多第三方组织或个人上传的Docker镜像。读者可以根据具体情况来选择。一般来说注意如下 几点:
官方镜像体积都比较小,只带有一些基本的组件。精简的系统有利于安全、稳定和高效运行,也适合进行定制。
个别第三方镜像(如tutum,已被Docker收购)质量非常高。这些镜像通常针对某个具体应用进行配置,比如、包含LAMP组件的Ubuntu镜像。
出于安全考虑,几乎所有的官方制作的镜像都没有安装SSH服务,无法使用用户名和密码直接登录。
后续章节中,笔者将介绍如何创建一个带SSH服务的Docker镜像。