Docker 入坑指南
Docker学习路线
本文知识整理来源于视频狂神docker入门
Docker 概述
-
项目+配置统一打包部署保证环境一致,避免环境差异导致的问题 如“在我的环境是可以运行的”
-
便于多环境安装部署(镜像)
-
Docker思想来源于集装箱 核心思想是隔离机制(容器)
Docker历史
2010年美国创业公司初始名字dotcloud
2013年项目开源
2014年4月9号 发布第一个版本Docker 1.0
Docker 与传统虚拟机的区别
虚拟机缺点:
- 资源占用多
- 冗余步骤
- 启动速度慢
- lib依赖库共用体积大
容器技术:
- 容器化技术没有自己的内核,是基于宿主的内核运行
- 每个容器都是隔离的,都有属于自己的一套lib依赖库
传统虚拟机:
容器化技术:
DevOps(开发与运维)优势:
- 应用交付部署更快速
- 更便捷的升级和扩容
- 更简单的系统运维
- 更搞笑的计算资源利用
Docker 安装
Docker是基于go语言开发
Docker官网地址:https://www.docker.com/
Docker-hub地址:https://hub.docker.com/
Docker 架构图
镜像【image】:
Docker镜像类似模板,通过模板创建容器服务,镜像通过run运行。镜像可以创建多个容器(最终服务运行在容器中)
容器【container】:
Docker利用容器技术,独立运行一个或一组应用 。类似为简易版的Linux系统
仓库【repository]:
仓库就是存放镜像的地方,并分为公有和私有仓库 如Docker Hub【默认是国外】阿里云(配置镜像加速)
安装Docker
环境准备
1、查看CentOS 7系统内核命令 uname -r 建议大于3.10
[root@iZw ~]# uname -r
4.18.0-193.28.1.el8_2.x86_64
2、系统版本 CentOS 7 及以上
[root@iZw ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="8 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
安装
# 1、卸载旧版本的Docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# 2、 安装utils安装包
yum install -y yum-utils
# 3、 设置镜像的仓库
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo # 国外仓库地址
yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 阿里云镜像加速包 【推荐】
# 更新yum缓存索引
yum makecache fast
# 4、安装docker引擎
yum install docker-ce docker-ce-cli containerd.io
# 5、启动docker
systemctl restart docker
# 6、查看docker版本
dokcer version
# 7、测试hello-world
docker run hello-world
# 8、查看已下载镜像hello-world
docker images
# ------ 卸载docker ------
yum remove docker-ce docker-ce-cli containerd.io # 1、移除引擎
rm -rf /var/lib/docker # 2、删除dokcer资源库
rm -rf /var/lib/containerd # 3、删除dokcer容器
阿里云镜像加速配置【只适合自身账号内网用】:
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://4exkyib7.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
run命令流程分析图
Docker 工作原理:
Docker 相当于是client-server结构的系统,Docker守护进程运行在主机撒花姑娘。通过socket从客户端访问
docker-server服务端接收到docker-client 的指令,便会执行
Docker 为啥比VM快
1、Docker抽象层更少
2、Docker利用的是宿主机的内核 (启动秒级),vm需要Guest OS (启动分钟级)
Docker 命令
帮助命令
docker version # 显示版本信息
docker info # 显示docker的系统信息,包括镜像和容器
docker 命令 --help # 帮助命令
镜像命令
docker images 查看镜像
[root@iZw ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest ccee4cdf984f 3 months ago 105MB
# 解释
REPOSITORY 镜像的仓库源
TAG 镜像的标签
IMAGE ID 镜像的id
CREATED 镜像的创建时间
SIZE 镜像的大小
# 可选参数
-a, --all # 列出所有镜像
-q, --quiet # 只显示镜像id
docker search 搜索镜像
[root@iZw ~]# clear
[root@iZw ~]# docker search mysql
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 11197 [OK]
# 可选项
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print search using a Go template
--limit int Max number of search results (default 25)
--no-trunc Don't truncate output
# 示例 查找mysql中stars大于3000的结果
docker search mysql --filter=STARS=3000
docker pull 下载镜像
# docker pull 镜像名 [:tag]
[root@iZw ~]# docker pull mysql
Using default tag: latest # 如果不写tag 默认为latest最新
latest: Pulling from library/mysql
33847f680f63: Pull complete # 分层下载
5cb67864e624: Pull complete
1a2b594783f5: Pull complete
b30e406dd925: Pull complete
48901e306e4c: Pull complete
603d2b7147fd: Pull complete
802aa684c1c4: Pull complete
715d3c143a06: Pull complete
6978e1b7a511: Pull complete
f0d78b0ac1be: Pull complete
35a94d251ed1: Pull complete
36f75719b1a9: Pull complete
Digest: sha256:8b928a5117cf5c2238c7a09cd28c2e801ac98f91c3f8203a8938ae51f14700fd # 签名
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest # 真实地址
# 等价
docker pull mysql
docker pull docker.io/library/mysql:latest
# 指定版本下载
docker pull mysql:5.7 # 5.7 为hub上存在版本
[root@iZw ~]# docker pull mysql:5.7
5.7: Pulling from library/mysql
33847f680f63: Already exists # docker核心分层技术 共用库
5cb67864e624: Already exists
1a2b594783f5: Already exists
b30e406dd925: Already exists
48901e306e4c: Already exists
603d2b7147fd: Already exists
802aa684c1c4: Already exists
5b5a19178915: Pull complete
f9ce7411c6e4: Pull complete
f51f6977d9b2: Pull complete
aeb6b16ce012: Pull complete
Digest: sha256:be70d18aedc37927293e7947c8de41ae6490ecd4c79df1db40d1b5b5af7d9596
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7
docker rmi 删除镜像
# docker rmi 容器id或能标识出容器的字段 删除指定的容器
[root@iZw~]# docker rmi php:5.6 # 删除指定容器 仓库名为php ,tag等于5.6的php
[root@iZw~]# docker rmi 容器A B C ... # 删除多个容器用空格隔开
[root@iZw~]# docker rmi -f $(docker images -aq) # 删除全部容器
容器命令
docker pull centos 下载centos镜像测试学习
新建容器并启动
docker run [可选参数] image
# 参数说明
--name="Name" 容器名字
-d 后台方式运行
-it 使用交互式运行,进去容器查看内容
-p 指定容器的端口 -p 8080:8080
-p ip:主机端口:容器端口
-p 主机端口:容器端口 【常用】
-p 容器端口
容器端口
-p 随机端口
# 测试, 启动并进去容器
[root@iZwz9 ~]# docker run -it centos /bin/bash # -it 选择为交互命令 需要指定控制台进行交互 故加 /bin/bash 参数作为交互控制台
[root@e70dd7fd4384 /]# ls # 查看容器内的centos ,基础版本【很多命令不完善】
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@e70dd7fd4384 /]# exit # 退出容器
exit
列出所有运行的容器
# docker ps 命令
# 列出当前正在运行的容器
-a # 列出正在运行的容器 + 历史运行的容器
-n=? # 显示最近显示的容器个数
-q # 只显示容器的编号
[root@iZw ~]# docker ps # 查看正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03234cbf43f0 portainer/portainer "/portainer" 2 months ago Up About an hour 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp friendly_euler
[root@iZw ~]# docker ps -a # 查看历史运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e70dd7fd4384 centos "/bin/bash" 8 minutes ago Exited (127) 25 seconds ago pedantic_babbage
b9c461b76bf0 d1165f221234 "/hello" 4 hours ago Exited (0) 4 hours ago kind_bartik
退出容器
exit # 直接退出容器
Ctrl + P + Q # 容器不停止退出
删除容器
docker rm 容器id # 只能删除未运行的, 添加-f 可强制删除
docker rm -f $(docker ps -aq) #删除所有容器
docker ps -a -q |xargs docker rm #删除所有的容器
启动和停止容器
docker start 容器id # 启动容器
docker restart 容器id # 重启容器
docker stop 容器id #停止当前正在运行的容器
docker kill 容器id # 强制停止当前容器
常用其他命令
# 命令 docker run -d 镜像名
# 问题 docker ps时 centos停止了
# 问题原因:docker 容器使用后台运行,就必须要有一个前台进程, docker 发现没有应用,就会自动停止
# 如 nginx 容器启动后,发现自身没有提供服务,就立即停止
查看日志
docker logs -tf --tail number 容器id
# 显示日志
-tf # 显示日志
--tail number # 日志要显示的条数
# 测试 自己写一段shell脚本
[root@iZw ~]# docker run -d centos /bin/bash -c "while true;do echo timor;sleep 1; done"
# -c string 表示将string写入shell脚本
[root@iZw ~]# docker log -tf --tail 10 bb263e0235d4
2021-08-03T07:52:25.643831551Z timor
2021-08-03T07:52:26.736491767Z timor
2021-08-03T07:52:27.738364187Z timor
2021-08-03T07:52:28.740332652Z timor
2021-08-03T07:52:29.742330578Z timor
2021-08-03T07:52:30.744788403Z timor
2021-08-03T07:52:31.746605192Z timor
2021-08-03T07:52:32.748453454Z timor
2021-08-03T07:52:33.750448963Z timor
2021-08-03T07:52:34.752685712Z timor
查看容器中进程信息
docker top 容器id
查看容器的元数据
# 命令 docker inspect 容器id
# 测试
[root@iZw ~]# docker inspect a4c688ec5cb0
[
{
"Id": "a4c688ec5cb0215bbc4a531d46816cee93bbcf8937bcbb8a97223e5d904264da",
"Created": "2021-08-03T08:05:02.506806935Z",
"Path": "/bin/bash",
"Args": [
"-c",
"while true;do echo timor;sleep 1; done"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 454489,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-08-03T08:05:02.891407085Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/a4c688ec5cb0215bbc4a531d46816cee93bbcf8937bcbb8a97223e5d904264da/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/a4c688ec5cb0215bbc4a531d46816cee93bbcf8937bcbb8a97223e5d904264da/hostname",
"HostsPath": "/var/lib/docker/containers/a4c688ec5cb0215bbc4a531d46816cee93bbcf8937bcbb8a97223e5d904264da/hosts",
"LogPath": "/var/lib/docker/containers/a4c688ec5cb0215bbc4a531d46816cee93bbcf8937bcbb8a97223e5d904264da/a4c688ec5cb0215bbc4a531d46816cee93bbcf8937bcbb8a97223e5d904264da-json.log",
"Name": "/elastic_chaum",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a31523b7413a47f250e573520b010c788efbc6e66957a07894369f7e3c4123e1-init/diff:/var/lib/docker/overlay2/6bb1f25f4fac0320ae245ad02b2ec32489b0f9233ed5552c09bfc00a8722f934/diff",
"MergedDir": "/var/lib/docker/overlay2/a31523b7413a47f250e573520b010c788efbc6e66957a07894369f7e3c4123e1/merged",
"UpperDir": "/var/lib/docker/overlay2/a31523b7413a47f250e573520b010c788efbc6e66957a07894369f7e3c4123e1/diff",
"WorkDir": "/var/lib/docker/overlay2/a31523b7413a47f250e573520b010c788efbc6e66957a07894369f7e3c4123e1/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "a4c688ec5cb0",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash",
"-c",
"while true;do echo timor;sleep 1; done"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a32f9e0f849152f4bf61dfdcf863cccc198f82a8c673ee3b29195cdaaf00b377",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/a32f9e0f8491",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "f9d12b8737a4173e876469cf189e0b5c01c1a715ead2cc9b36b7de5c37fac522",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "466017f6869758ecf3817f41e573742039cef1d89e1e6cc2972ac0d2aa0db290",
"EndpointID": "f9d12b8737a4173e876469cf189e0b5c01c1a715ead2cc9b36b7de5c37fac522",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
进去当前正在运行的容器
# 命令
docker exec -it 容器id bashShell
# 测试
# 方式1:
[root@iZw ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a4c688ec5cb0 centos "/bin/bash -c 'while…" 5 minutes ago Up 5 minutes elastic_chaum
[root@iZw ~]# docker exec -it a4c688ec5cb0 /bin/bash
[root@a4c688ec5cb0 /]# ls
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@a4c688ec5cb0 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 08:05 ? 00:00:00 /bin/bash -c while true;do echo timor;sleep 1; done
root 351 0 0 08:10 pts/0 00:00:00 /bin/bash
root 430 1 0 08:11 ? 00:00:00 /usr/bin/coreutils --coreutils-prog-shebang=sleep /usr/bin/sleep 1
root 431 351 0 08:11 pts/0 00:00:00 ps -ef
# 方式2:
docker attach 容器id
# 测试
[root@a4c688ec5cb0 /]# docker attach a4c688ec5cb0
正在执行的代码...
# 区别
# docker exec # 进入容器开启一个新终端,可在里面操作【常用】
# docker attach # 进入正在执行的终端,不启动新的进程
从容器拷贝文件到主机上
# docker cp 容器id:文件路径 主机路径
# 测试
[root@iZw ~]# docker run -it centos /bin/bash # 运行容器 Ctrl+P+Q 退出不停止
[root@iZw ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
909720477cd4 centos "/bin/bash" 17 seconds ago Up 16 seconds xenodochial_bassi
[root@iZw ~]# docker attach 909720477cd4 # 进入容器
[root@909720477cd4 /]# cd home/
[root@909720477cd4 home]# touch timor.txt
[root@909720477cd4 home]# ls
timor.txt
[root@909720477cd4 home]# exit # 退出容器
exit
# 从容器中拷贝手动到主机
[root@iZw ~]# docker cp 909720477cd4:/home/timor.txt /home
[root@iZw ~]# cd /home/
[root@iZw home]# ls
mysql timor.txt
docker 命令小结
部署nginx练习
-
搜索镜像
docker search nginx -
下载镜像
docker pull nginx -
运行镜像
docker run -d --name nignx01 -p 9000:80 nginx # 参数说明 -d # 表示后台运行 --name # 取别名 -p # 指定端口 外网端口:内部镜像端口 -
查看正在运行的镜像
docker ps[root@iZw ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5070fe4768b1 nginx "/docker-entrypoint.…" 25 seconds ago Up 23 seconds 0.0.0.0:9000->80/tcp, :::9000->80/tcp nginx01 -
测试nginx是否有效
curl ip地址:端口检查[root@iZwz ~]# curl localhost:9000 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
端口暴露概念
查看cpu消耗情况
[root@iZwz ~]# docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
5070fe4768b1 nginx01 0.00% 2.191MiB / 818.7MiB 0.27% 2.33kB / 0B 0B / 0B 2
可视化
-
portainer (平时不使用)
docker run -d -p 8080:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainer
访问 http://ip:8080
默认账号名: admin
登录后界面:
- Rancher (CI/Cd时用)
Docker镜像
镜像定义
镜像是一种轻量级的、可执行的软件包
镜像加载原理
联合文件系统([UnionFS]
联合文件系统(UnionFS)是一种分层、轻量级并且高性能的文件系统,它支持对文件系统的修改作为一次提交来一层层的叠加,同时可以将不同目录挂载到同一个虚拟文件系统下。
联合文件系统是 Docker 镜像的基础。镜像可以通过分层来进行继承,基于基础镜像(没有父镜像),可以制作各种具体的应用镜像
Docker镜像加载原理
最大好处就是资源共享,节省内存
Docker 中使用的 AUFS(AnotherUnionFS)就是一种联合文件系统。
Docker的镜像实际上由一层一层的文件系统组成,这种层级的文件系统UnionFS。
bootfs(boot file system)主要包含bootloader和kernel, bootloader主要是引导加载kernel, Linux刚启动时会加载bootfs文件系统,在Docker镜像的最底层是bootfs。这一层与我们典型的Linux/Unix系统是一样的,包含boot加载器和内核。当boot加载完成之后整个内核就都在内存中了,此时内存的使用权已由bootfs转交给内核,此时系统也会卸载bootfs。
rootfs (root file system) ,在bootfs之上。包含的就是典型 Linux 系统中的 /dev, /proc, /bin, /etc 等标准目录和文件。rootfs就是各种不同的操作系统发行版,比如Ubuntu,Centos等等
特点
Docker 镜像是只读的,当容器启动是,一个新的容器层会被加载到镜像顶部!
这一层即为容器层,容器之下都叫镜像层,所有的操作都是基于容器层
commit 镜像
docker commit -m ='注释' -a='作者' 容器id 目标镜像:[Tag]
Docker容器数据卷
容器数据卷来源
来源:,防止删除容器时数据丢失【删除跑路】
作用:数据持久化和同步操作,容器之间数据共享 。类似数据双向绑定
方式1 :直接用命令挂载 -v
# 命令 docker run -d -it -v 主机目录:容器目录 容器id /bin/bash
# 测试
[root@iZw ~]# docker run -it -v /home/ceshi:/home centos /bin/bash
# 容器内
[root@18463983bd63 /]# ls
bin etc lib lost+found mnt proc run srv tmp var
dev home lib64 media opt root sbin sys usr
[root@18463983bd63 /]# cd home/
[root@18463983bd63 home]# ls
[root@18463983bd63 home]# touch timor.go
[root@18463983bd63 home]# ls
timor.go
# 主机
[root@iZw~]# cd /home/ceshi/
[root@iZw ceshi]# ls
timor.go
mysql数据库挂载实战
彻底删除容器 docker rm -f 容器id,本地挂载卷数据仍可保留,不受影响
# 测试
[root@iZw ~]# docker pull mysql:5.7
# 启动mysql 并挂载目录
[root@iZw ~]# docker run -d -p 3306:3306 -v /home/mysql/conf:/etc/mysql/conf.d -v /home/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7
23c07240f477ae808d35eb4d7961c6be0d16a11a0454f2eaf8c7e1fff33ecd9d
# 参数说明
-d 后台运行
-p 外网端口:内网端口
-v 数据卷挂载 主机目录:容器目录
-e 设置账户
--name 设置容器名称
具名挂载和匿名挂载
#匿名挂载
-v 容器内路径
-P 大写P表示随机端口
docker run -d -P --name nginx01 -v /etc/nginx nginx
# 查看所有的volume情况
[root@iZwz ~]# docker volume ls
DRIVER VOLUME NAME
local 4d84be7aaaeed1b956ff12a7ec6dd871c522062a2cb54273e8ce83107c6cecda
# 具名挂载
[root@iZw ~]# docker run -d -P --name nginx03 -v juming-nginx:/etc/nginx nginx
[root@iZw~]# docker volume ls
DRIVER VOLUME NAME
local juming-nginx
# 通过-v 卷名:容器内路径
[root@iZw ~]# docker volume inspect juming-nginx
[
{
"CreatedAt": "2021-08-04T14:36:38+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/juming-nginx/_data",
"Name": "juming-nginx",
"Options": null,
"Scope": "local"
}
]
所有的Docker 容器内的卷,没指定目录情况下都在/var/lib/docker/volumes/xxxx/_data,大多数情况都是使用具名挂载
# 区分匿名挂载和具名挂载、指定挂载
-v 容器内路径 # 匿名挂载
-v 卷名:
# 扩展
ro readonly # 只读 ro说明这个路径只能通过宿主机操作,容器无法操作
rw readwrite # 读写均有 默认
# 设定容器权限,容器对挂载出来的内容就限定
docker run -d -P --name nginx03 -v juming-nginx:/etc/nginx:ro nginx
docker run -d -P --name nginx03 -v juming-nginx:/etc/nginx:rw nginx
DockerFile
Dockerfile就是用来构建Docker镜像的文件
步骤:
- 编写一个dockerfile文件
- docker build 构建镜像
- docker run 运行镜像
- docker push 发布镜像
#命令 结尾的一个“ . ”不能省略!
docker build -f dockerfilePath -t newImageName .
# 编写dockerfile 文件
[root@iZw home]# mkdir docker-volume
[root@iZw docker-volume]# vim dockerfile01
# dockerfile内容
[root@iZw docker-volume]# cat dockerfile01
FROM centos
VOLUME ["volume01", "volume02"]
CMD echo "--------end-------"
CMD /bin/bash
# 打包生成镜像
[root@iZw docker-volume]# docker build -f /home/docker-volume/dockerfile01 -t timor/centos:1.0 .
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM centos
---> 300e315adb2f
Step 2/4 : VOLUME ["volume01", "volume02"]
---> Running in 223fdbe40446
Removing intermediate container 223fdbe40446
---> 1706f3254d94
Step 3/4 : CMD echo "--------end-------"
---> Running in 486f1f5df851
Removing intermediate container 486f1f5df851
---> e66099b304c7
Step 4/4 : CMD /bin/bash
---> Running in 0d6c8abc9c4b
Removing intermediate container 0d6c8abc9c4b
---> b63cea5bd3b0
Successfully built b63cea5bd3b0
Successfully tagged timor/centos:1.0
# 查看镜像列表,新生成镜像显示在列表中
[root@iZw docker-volume]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
timor/centos 1.0 b63cea5bd3b0 5 minutes ago 209MB
# 运行刚生成的镜像
[root@iZw docker-volume]# docker run -it b63cea5bd3b0 /bin/bash
# 通过inspect 命令照看容器详情
[root@iZw ~]# docker inspect 84fc50bc2693
# 切换到对应主机挂载目录可查看到容器内新增的文件 即同步
[root@iZw ~]# cd /var/lib/docker/volumes/cf3c917015165d4e808247c59e83dc6c78433dd5a41acfd35d8bbde6e0758f36/_data
[root@iZw _data]# ls
test.txt
数据卷容器
父级容器docker01 删除后,子容器docker02 中已同步的数据不会丢失 。【数据类拷贝概念】
# 1、启动一个容器 并在挂载卷中创建文件
[root@iZw ~]# docker run -it --name docker01 b63cea5bd3b0 /bin/bash
[root@92344ab255c6 /]# ls
bin etc lib lost+found mnt proc run srv tmp var volume02
dev home lib64 media opt root sbin sys usr volume01
[root@92344ab255c6 /]# cd volume01
[root@92344ab255c6 volume01]# ls
[root@92344ab255c6 volume01]# touch test.go
[root@92344ab255c6 volume01]# ls
test.go
#2、 创建继承容器 继承docker01 并给予镜像 b63cea5bd3b0 执行, 可以看到对应目录下同步了test.go文件
[root@iZw ~]# docker run -it --name docker02 --volumes-from docker01 b63cea5bd3b0
[root@6923f33e05bf /]# ls
bin etc lib lost+found mnt proc run srv tmp var volume02
dev home lib64 media opt root sbin sys usr volume01
[root@6923f33e05bf /]# cd volume01
[root@6923f33e05bf volume01]# ls
test.go
多个mysql数据卷共享:
[root@iZw ~]# docker run -d -p 3306:3306 -v /etc/mysql/conf.d -v /var/lib/mysql -e MSYQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7
[root@iZw ~]# docker run -d -p 3306:3306 -v /etc/mysql/conf.d -v /var/lib/mysql -e MSYQL_ROOT_PASSWORD=123456 --name mysql02 mysql:5.7
# 这时候两个mysql容器卷数据就共享
DockerFile 构建过程
- 每个保留关键字(指令)必须是大写
- 执行顺序自上而下
- #表示注释
- 每个指令都会创建一个新的镜像层,并提交
dockerfile是面向开发的,发布项目,做镜像即需要编写dockerfile文件
dockerFile: 构建文件
dockerImages: 通过dockerfile构建生成的镜像,最终发布和运行的产品
docker 容器: 容器就是镜像运行提供的服务
DockerFIle指令
FROM # 基础镜像
MAINRAINER # 镜像作者是谁, 姓名 + 邮箱
RUN # 镜像构建时需要运行的命令
ADD # 步骤: nginx镜像,添加内容
WORKDIR # 镜像的工作目录
VOLUME # 挂载的目录
EXPOSE # 指定对外暴露的端口
CMD # 指定容器启动时要执行的命令,只有最后一个会生效,可被替代
ENTRYPOINT # 指定容器启动时要执行的命令,追加而非替代
ONBUILD # 当构建一个被继承Dockerfile就会执行ONBUILD指令
COPY # 类似ADD, 经文件拷贝到镜像中
ENV # 构建的时候设置环境变量
DockerFile实战
# 编写dockerfile文件
[root@iZw dockerfile]# vim mycentos
[root@iZw dockerfile]# cat mycentos
FROM centos
MAINTAINER timor<16969@qq.com>
# 基础centos镜像没有vim和ifconfig命令。
RUN yum install -y vim
RUN yum install -y net-tools
ENV MYPATH /usr/local
WORKDIR $MYPATH
EXPOSE 80
CMD echo $MYPATH
CMD echo ’----------end-------‘
CMD /bin/bash
# 编译dockerfile文件
[root@iZw dockerfile]# docker build -f mycentos -t mycentos:0.1 .
Sending build context to Docker daemon 2.048kB
Step 1/10 : FROM centos
---> 300e315adb2f
Step 2/10 : MAINTAINER timor<1696968727@qq.com>
---> Running in c5b9d73e23db
Removing intermediate container c5b9d73e23db
---> ad4de13d3581
Step 3/10 : RUN yum install -y vim
---> Running in 6c5be1d940fa
CentOS Linux 8 - AppStream 2.9 MB/s | 8.3 MB 00:02
CentOS Linux 8 - BaseOS 298 kB/s | 4.5 MB 00:15
CentOS Linux 8 - Extras 15 kB/s | 10 kB 00:00
...
Successfully built ff79668e12e3
Successfully tagged mycentos:0.1
# 查看镜像列表
[root@iZw dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mycentos 0.1 ff79668e12e3 24 seconds ago 302MB
# 测试执行创建的镜像
[root@iZw dockerfile]# docker run -it ff79668e12e3
[root@23f123e9a6ce local]# pwd
/usr/local
# 分别检验vim和ifconfig命令均生效,dockerfile构建完成
查看镜像构建历史
[root@iZwz ~]# docker history ff79668e12e3
IMAGE CREATED CREATED BY SIZE COMMENT
ff79668e12e3 11 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "/bin… 0B
1316723a1c88 11 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo… 0B
95b7ae9f6dba 11 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo… 0B
d26a8bcd5ae0 11 minutes ago /bin/sh -c #(nop) EXPOSE 80 0B
2740de604ce2 11 minutes ago /bin/sh -c #(nop) WORKDIR /usr/local 0B
e98a3dc69cc3 11 minutes ago /bin/sh -c #(nop) ENV MYPATH=/usr/local 0B
f8ee70dc74da 11 minutes ago /bin/sh -c yum install -y net-tools 27.7MB
01168d76b938 11 minutes ago /bin/sh -c yum install -y vim 65.2MB
ad4de13d3581 12 minutes ago /bin/sh -c #(nop) MAINTAINER timor<16969687… 0B
300e315adb2f 8 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 8 months ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 8 months ago /bin/sh -c #(nop) ADD file:bd7a2aed6ede423b7… 209MB
镜像发布
- 登录自己 hub.docker.com 账号 docker login -u xxx -p xxx
- 镜像名称规则
自己账户名/镜像名不满足规则时可以用docker tag复制镜像并重命名 - 镜像发布
docker push userName/imageName
[root@iZwz ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mycentos 0.1 ff79668e12e3 42 minutes ago 302MB
[root@iZw ~]# docker tag mycentos:0.1 yuli/mycentos
# 发布镜像
[root@iZw ~]# docker push yuli/mycentos
Using default tag: latest
The push refers to repository [docker.io/yuli/mycentos]
fca9070a0165: Pushing [=====================> ] 12.08MB/27.73MB
d1d0f6a6ec55: Pushing [======================> ] 29.21MB/65.19MB
...
阿里云docker镜像发布
参考官方阿里云文档
小结 Docker全流程
自定义网络
查看所有的docker网络
docker network ls
网络模式:
bridge : 桥接
none: 不配置
host: 和宿主机共享配置
container: 容器网络连通 (局限很大)
# 自定义网络
[root@iZw ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
c14311ffc36dc96e41f120ffba34e4df418dd4bc18b5cdd061cc6b20a481dc80
[root@iZw ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
466017f68697 bridge bridge local
6c37b27bd514 host host local
c14311ffc36d mynet bridge local
9c3112e80c5c none null local
ae77f0470a3d redis bridge local
# 参数说明
--driver # 连接驱动 默认桥接 bridge
--subnet # 子网
--gateway # 网关
# 查看我们自定义的网络信息
[root@iZwz ~]# docker network inspect c14311ffc36d
[
{
"Name": "mynet",
"Id": "c14311ffc36dc96e41f120ffba34e4df418dd4bc18b5cdd061cc6b20a481dc80",
"Created": "2021-08-06T08:56:09.208338106+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
# 启动nginx 并使用自定义网络进行连接
[root@iZwz ~]# docker run -d -P --name nginx01 --net mynet nginx
d17f6dd632a015c74b167b8e2972066db54e3488f0f76681a21f0261724c96a7
[root@iZwz ~]# docker run -d -P --name nginx02 --net mynet nginx
a3928f6605daa17c4a91f9b18f2192422359cbc9b5eb95bf221a896ff3e9614a
# 自定义网络信息中Containers 包含我们启动的容器ip信息
[root@iZwz ~]# docker network inspect c14311ffc36d
[
{
"Name": "mynet",
"Id": "c14311ffc36dc96e41f120ffba34e4df418dd4bc18b5cdd061cc6b20a481dc80",
"Created": "2021-08-06T08:56:09.208338106+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"a3928f6605daa17c4a91f9b18f2192422359cbc9b5eb95bf221a896ff3e9614a": {
"Name": "nginx02",
"EndpointID": "5e6a49ef567809d98dc77d3c104651cb912f936e6ebaa8fa875333aa83fec288",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"d17f6dd632a015c74b167b8e2972066db54e3488f0f76681a21f0261724c96a7": {
"Name": "nginx01",
"EndpointID": "5a06feb740383ea7d0ff5ef29dc6471f3c4ac399445a5f4a958c4400cd6e7e91",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
# 运行nginx01容器 能直接ping nginx02 而解决了docker0 的缺点,也不需要使用--link 逐一连接
[root@iZwz ~]# docker exec -it nginx01 ping nginx02
PING nginx02 (192.168.0.3) 56(84) bytes of data.
64 bytes from nginx02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from nginx02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.088 ms
64 bytes from nginx02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.087 ms
# 期间如果遇到 bash: ping: command not found 错误.因为nginx镜像只包含基本的命令包
# 解决方式 【容器内执行或者自定义Dockerfile 创建】
apt-get update
apt install iputils-ping
网络连通
# 命令 docker network connect [OPTIONS] NETWORK CONTAINER
# 连通之前 无法ping通
[root@iZwz ~]# docker exec -it nginx01 ping nginx03
ping: nginx03: Name or service not known
# 新建nginx03 使用默认docker0网络
docker run -d -P --name nginx03 nginx
# 连接mynet 和容器nginx03
docker network connect mynet nginx03
# 查看 mynet网络信息 新建容器nginx03 网络
docker network inspect mynet
# 连通之后 可以ping通
[root@iZwz ~]# docker exec -it nginx01 ping nginx03
PING nginx03 (192.168.0.4) 56(84) bytes of data.
64 bytes from nginx03.mynet (192.168.0.4): icmp_seq=1 ttl=64 time=0.111 ms
64 bytes from nginx03.mynet (192.168.0.4): icmp_seq=2 ttl=64 time=0.089 ms
Docker 部署Redis集群
实现:分片+ 高可用+负载均衡
# 创建redis网卡
docker network create redis --subnet 172.38.0.0/16
# 通过脚本创建6个redis配置
for port in $(seq 1 6);\
do \
mkdir -p /mydata/redis/node-${port}/conf
touch /mydata/redis/node-${port}/conf/redis.conf
cat << EOF > /mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-bus-port 16739
appendonly yes
EOF
done
启动redis:
# 开启reids-1
docker run -p 6371:6379 -p 16371:16379 --name redis-1 \
-v /mydata/redis/node-1/data:/data \
-v /mydata/redis/node-1/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.11 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
# 开启reids-2
docker run -p 6372:6379 -p 16372:16379 --name redis-2 \
-v /mydata/redis/node-2/data:/data \
-v /mydata/redis/node-2/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.12 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
# ...依次修改参数开启至redis-6
docker run -p 6376:6379 -p 16376:16379 --name redis-6 \
-v /mydata/redis/node-6/data:/data \
-v /mydata/redis/node-6/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.16 redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
# 参数说明
-p # 指定端口
--name # 设置名称
-v # 目录挂载
-d # 后台运行
-net # 指定网络
--ip # 指定ip地址
redis:5.0.9-alpine3.11 # 指定的redis镜像 不存在则会自动下载
设置集群
# 进去任一redis容器
docker exec -it redis-1 /bin/sh # redis 没有/bin/bash命令
# 创建集群
/data # redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.
0.16:6379 --cluster-replicas 1
>>> Performing hash slots allocation on 6 nodes...
Master[0] -> Slots 0 - 5460
Master[1] -> Slots 5461 - 10922
Master[2] -> Slots 10923 - 16383
Adding replica 172.38.0.15:6379 to 172.38.0.11:6379
Adding replica 172.38.0.16:6379 to 172.38.0.12:6379
Adding replica 172.38.0.14:6379 to 172.38.0.13:6379
M: 2cde7d676d8b79176f02e23546b3f8a234e8f94b 172.38.0.11:6379
slots:[0-5460] (5461 slots) master
M: 9f1092966be3bf1eb8a657839800e8ac22d8414f 172.38.0.12:6379
slots:[5461-10922] (5462 slots) master
M: 7dad54e21da352aacecfff195046fe3399cd0416 172.38.0.13:6379
slots:[10923-16383] (5461 slots) master
S: 416892e4e95a6d402c8b49eeafefc23c5793c914 172.38.0.14:6379
replicates 7dad54e21da352aacecfff195046fe3399cd0416
S: 18c22d05343ba0e3965311fb3b74b6ca712819e5 172.38.0.15:6379
replicates 2cde7d676d8b79176f02e23546b3f8a234e8f94b
S: 6b5db90b18fc43c3b4145548647ea31c2d9a81b9 172.38.0.16:6379
replicates 9f1092966be3bf1eb8a657839800e8ac22d8414f
Can I set the above configuration? (type 'yes' to accept): yes
>>> Nodes configuration updated
>>> Assign a different config epoch to each node
>>> Sending CLUSTER MEET messages to join the cluster
Waiting for the cluster to join
测试:
/data # redis-cli -c # 添加参数 -c才是集群否则是单机
127.0.0.1:6379> cluster info # 查看主从情况
cluster_state:ok
cluster_slots_assigned:16384
cluster_slots_ok:16384
cluster_slots_pfail:0
cluster_slots_fail:0
cluster_known_nodes:6
cluster_size:3
cluster_current_epoch:6
cluster_my_epoch:1
cluster_stats_messages_ping_sent:249
cluster_stats_messages_pong_sent:1892
cluster_stats_messages_sent:2141
cluster_stats_messages_ping_received:1887
cluster_stats_messages_meet_received:5
cluster_stats_messages_received:1892
# 测试
set a b
# 把其中一个redis主库服务停止,redis对应的从库会替换为主库
get a
b