目录
一、Docker介绍
二、安装Docker
三、镜像管理
四、通过容器创建镜像
五、通过模板创建镜像
六、容器管理
七、仓库管理
一、Docke介绍
- Docke简介
官网 www.docker.com
github https://github.com/docker/docker.github.io
开源的容器引擎,可以让开发者打包应用以及依赖的库,然后发布到任何流行的linux发行版上,移植很方便
由go语言编写,基于apache2.0协议发布
基于linux kernel,要想在win下运行需要借助一个vm(虚拟机)来实现
自2013年开始,近些年发展迅猛
docker从1.13x开始,版本分为社区版ce和企业版ee,并且基于年月的时间线形式,当前最新稳定版为17.09 参考http://blog.csdn.net/chenhaifeng2016/article/details/68062414
- Docker和传统的虚拟化比较
image.png
image.png
- Docker的优势
启动非常快,秒级实现
资源利用率高,一台高配置服务器可以跑上千个docker容器
更快的交付和部署,一次创建和配置后,可以在任意地方运行
内核级别的虚拟化,不需要额外的hypevisor支持,会有更高的性能和效率
易迁移,平台依赖性不强
image.png
- Docker核心概念
镜像,是一个只读的模板,类似于安装系统用到的那个iso文件,我们通过镜像来完成各种应用的部署。
容器,镜像类似于操作系统,而容器类似于虚拟机本身。它可以被启动、开始、停止、删除等操作,每个容器都是相互隔离的。
仓库,存放镜像的一个场所,仓库分为公开仓库和私有仓库。 最大的公开仓库是Docker hub(hub.docker.com),国内公开仓库(dockerpool.com)
二、安装Docker
curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
yum install -y docker-ce
速度比较慢,可以直接下载rpm包
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
下载完,上传到linux下
也需要用yum安装,可以自动解决依赖关系
yum install -y docker-ce-xxxx.rpm
systemctl start docker 启动docker
#下载官方yum源
[root@minglinux-01 ~] curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
[root@minglinux-01 ~] yum list |grep docker
cockpit-docker.x86_64 176-4.el7.centos extras
containerd.io.x86_64 1.2.4-3.1.el7 docker-ce-stable
docker.x86_64 2:1.13.1-91.git07f3374.el7.centos
docker-ce.x86_64 3:18.09.3-3.el7 docker-ce-stable
docker-ce-cli.x86_64 1:18.09.3-3.el7 docker-ce-stable
docker-ce-selinux.noarch 17.03.3.ce-1.el7 docker-ce-stable
docker-client.x86_64 2:1.13.1-91.git07f3374.el7.centos
docker-client-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-common.x86_64 2:1.13.1-91.git07f3374.el7.centos
docker-compose.noarch 1.18.0-2.el7 epel
docker-distribution.x86_64 2.6.2-2.git48294d9.el7 extras
docker-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-logrotate.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-v1.10-migrator.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-logrotate.x86_64 2:1.13.1-91.git07f3374.el7.centos
docker-lvm-plugin.x86_64 2:1.13.1-91.git07f3374.el7.centos
docker-novolume-plugin.x86_64 2:1.13.1-91.git07f3374.el7.centos
docker-registry.x86_64 0.9.1-7.el7 extras
docker-v1.10-migrator.x86_64 2:1.13.1-91.git07f3374.el7.centos
golang-github-fsouza-go-dockerclient-devel.x86_64
kdocker.x86_64 4.9-1.el7 epel
pcp-pmda-docker.x86_64 4.1.0-5.el7_6 updates
podman-docker.noarch 0.12.1.2-2.git9551f6b.el7.centos
python-docker-py.noarch 1:1.10.6-8.el7_6 extras
python-docker-pycreds.noarch 1:0.3.0-8.el7_6 extras
python-docker-scripts.noarch 0.4.4-1.el7 epel
python-dockerfile-parse.noarch 0.0.5-1.el7 epel
python2-avocado-plugins-runner-docker.noarch
python2-dockerpty.noarch 0.4.1-9.el7 epel
python34-docker.noarch 2.6.1-1.el7 epel
python34-docker-pycreds.noarch 0.2.1-1.el7 epel
python34-dockerpty.noarch 0.4.1-9.el7 epel
#yum安装
[root@minglinux-01 ~] yum install -y docker-ce
#启动
[root@minglinux-01 ~] ps aux |grep docker
root 5212 3.3 2.8 354916 52888 ? Ssl 22:10 0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 5357 0.0 0.0 112720 984 pts/0 S+ 22:10 0:00 grep --color=auto docker
#看一下docker帮我们生成的iptables规则,每次启动都会自动生成,但不自动保存
[root@minglinux-01 ~] iptables -nvL
Chain INPUT (policy ACCEPT 148 packets, 11168 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 179 packets, 14932 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@minglinux-01 ~] cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Fri Dec 21 17:02:16 2018
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:172]
:POSTROUTING ACCEPT [1:172]
-A PREROUTING -d 192.168.162.130/32 -p tcp -m tcp --dport 1122 -j DNAT --to-destination 192.168.100.100:22
-A POSTROUTING -s 192.168.100.100/32 -j SNAT --to-source 192.168.162.130
COMMIT
# Completed on Fri Dec 21 17:02:16 2018
# Generated by iptables-save v1.4.21 on Fri Dec 21 17:02:16 2018
*filter
:INPUT ACCEPT [56:3696]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:2992]
COMMIT
# Completed on Fri Dec 21 17:02:16 2018
#可以保存规则
[root@minglinux-01 ~] service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 确定 ]
#规则清空后再重启docker就会恢复
[root@minglinux-01 ~] iptables -t nat -F
[root@minglinux-01 ~] iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 420 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 7 packets, 420 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (0 references)
pkts bytes target prot opt in out source destination
[root@minglinux-01 ~] systemctl restart docker
[root@minglinux-01 ~] iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 162 packets, 9720 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 162 packets, 9720 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
#一般docker服务器的iptables规则不要去动
三、镜像管理
docker pull centos//可以下载centos镜像,速度很慢
配置docker加速器(参考 http://blog.csdn.net/xlemonok/article/details/71403534)
vi /etc/docker/daemon.json//加入如下内容
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
}
说明:这个url为加速器地址,需要同学们自行到阿里云申请
配置完加速器,重启docker服务,再次docker pull centos会快很多
docker images 查看本地的镜像
docker search xxx //搜索镜像,其中xxx是关键词
docker tag centos aming123 //给镜像打标签
docker run -itd centos //把镜像启动为容器,-i表示让容器的标准输入打开,-t表示分配一个伪终端,-d表示后台启动,要把-i -t -d 放到镜像名字前面
docker ps //查看运行的容器,加上-a选项后可以查看所有容器,包括未运行的
docker rmi centos //用来删除指定镜像, 其中后面的参数可以是tag,如果是tag时,实际上是删除该tag。当后面的参数为镜像ID时,则会彻底删除整个镜像,所有标签也会一同删除
#下载centos镜像,下载慢的话可以配置加速器,重启docker服务再次pull
[root@minglinux-01 ~] docker pull centos
Using default tag: latest
latest: Pulling from library/centos
8ba884070f61: Pull complete
Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861
Status: Downloaded newer image for centos:latest
#查看本地镜像
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 9f38484d220f 18 hours ago 202MB
#搜索镜像
[root@minglinux-01 ~] docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 11064 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1558 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 689 [OK]
jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as p… 492 [OK]
webdevops/php-nginx Nginx with PHP-FPM 123 [OK]
kitematic/hello-world-nginx A light-weight nginx container that demonstr… 123
zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server wi… 91 [OK]
bitnami/nginx Bitnami nginx Docker Image 64 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 56
1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 49 [OK]
tobi312/rpi-nginx NGINX on Raspberry Pi / armhf 24 [OK]
nginx/nginx-ingress NGINX Ingress Controller for Kubernetes 17
nginxdemos/hello NGINX webserver that serves a simple page co… 12 [OK]
wodby/drupal-nginx Nginx for Drupal container image 12 [OK]
blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 12 [OK]
schmunk42/nginx-redirect A very simple container to redirect HTTP tra… 11 [OK]
centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 10
centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 7
nginxinc/nginx-unprivileged Unprivileged NGINX Dockerfiles 4
1science/nginx Nginx Docker images that include Consul Temp… 4 [OK]
mailu/nginx Mailu nginx frontend 3 [OK]
travix/nginx NGinx reverse proxy 2 [OK]
toccoag/openshift-nginx Nginx reverse proxy for Nice running on same… 1 [OK]
wodby/nginx Generic nginx 0 [OK]
ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 0 [OK]
[root@minglinux-01 ~] docker tag centos lucci_linux #给镜像打标签
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 9f38484d220f 18 hours ago 202MB
lucci_linux latest 9f38484d220f 18 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
[root@minglinux-01 ~] docker tag centos test1:123
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 9f38484d220f 18 hours ago 202MB
lucci_linux latest 9f38484d220f 18 hours ago 202MB
test1 123 9f38484d220f 18 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
#把镜像启动为容器
[root@minglinux-01 ~] docker run -itd centos
b5a7977de9e319b65e605c53e1e9ecee26d0d2871e4e7c2b863c4c173874501c
[root@minglinux-01 ~] docker ps #查看运行的容器,加-a查看全部包括启动的和停止的
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b5a7977de9e3 centos "/bin/bash" 11 seconds ago Up 10 seconds naughty_mclean
#删除指定镜像
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 9f38484d220f 18 hours ago 202MB
lucci_linux latest 9f38484d220f 18 hours ago 202MB
test1 123 9f38484d220f 18 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
[root@minglinux-01 ~] docker rmi test1:123 #相当于删除了一个tag ,真镜像是centos
Untagged: test1:123
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 9f38484d220f 18 hours ago 202MB
lucci_linux latest 9f38484d220f 18 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
四、通过容器创建镜像
docker run启动容器后,可以通过下面命令进入容器
docker exec -it xxxxx bash//其中xxxxx为容器id,这个id可以用docker ps查看,最后面的bash为进入容器后我们要执行的命令,这样就可以打开一个终端
进入到该容器中,我们做一些变更,比如安装一些东西,然后针对这个容器进行创建新的镜像
在容器中执行 yum install -y net-tools,然后ctrl d退出容器
docker commit -m "change somth" -a "somebody info" container_id new_image_name //container_id通过docker ps -a获取,后面的new_image_name为新镜像名字
例如: docker commit -m "install net-tools" -a "ming" 2c74d574293f centos_with_nettool 这个命令有点像svn的提交,-m 加一些改动信息,-a 指定作者相关信息 2c74d这一串为容器id,再后面为新镜像的名字
#根据个人需求创建自己的镜像
#进入容器并执行bash开启一个新终端
[root@minglinux-01 ~] docker exec -it b5a797 bash
[root@b5a7977de9e3 /]#
[root@b5a7977de9e3 /]# ls
anaconda-post.log dev home lib64 mnt proc run srv tmp var
bin etc lib media opt root sbin sys usr
[root@b5a7977de9e3 /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 28G 9.6G 19G 35% /
tmpfs 64M 0 64M 0% /dev
tmpfs 911M 0 911M 0% /sys/fs/cgroup
/dev/sda3 28G 9.6G 19G 35% /etc/hosts
shm 64M 0 64M 0% /dev/shm
tmpfs 911M 0 911M 0% /proc/asound
tmpfs 911M 0 911M 0% /proc/acpi
tmpfs 911M 0 911M 0% /proc/scsi
tmpfs 911M 0 911M 0% /sys/firmware
[root@b5a7977de9e3 /]# free
total used free shared buff/cache available
Mem: 1865276 751940 161204 9904 952132 855116
Swap: 2097148 0 2097148
#容器就像是被阉割过的系统,有很多东西是没有的
[root@b5a7977de9e3 /]# ifconfig
bash: ifconfig: command not found
[root@b5a7977de9e3 /]# ip addr
bash: ip: command not found
[root@b5a7977de9e3 /]# yum install -y net-tools #安装net-tools
[root@b5a7977de9e3 /]# ifconfig
eth0: flags=4163 mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 2135 bytes 9667371 (9.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2138 bytes 119365 (116.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 将容器做成镜像
[root@minglinux-01 ~] docker commit -m "install net-tools" -a "lucci" b5a7977de9e3 centos_with_net
sha256:9655a540a99e8a775cf5e8654e622373d9f3543138706db42dcfad8e350c5a08
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_net latest 9655a540a99e 9 seconds ago 280MB
centos latest 9f38484d220f 19 hours ago 202MB
lucci_linux latest 9f38484d220f 19 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
#将新建镜像启动为容器并进入
[root@minglinux-01 ~] docker run -itd centos_with_net
3da5abccfd8d85b9ca96ac0829f10dff3c5b16a40802455a326bdbd3bdc52788
[root@minglinux-01 ~] docker exec -it 3da5a bash #也可以使用docker ps中的NAMES来启动
[root@3da5abccfd8d /]#
[root@3da5abccfd8d /]# ifconfig #ip变0.3了
eth0: flags=4163 mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
RX packets 15 bytes 1242 (1.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 530 (530.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#然后推到宿主机查看网卡信息发现有多了一个网卡
[root@3da5abccfd8d /]# exit
[root@minglinux-01 ~] ifconfig
docker0: flags=4163 mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:38ff:fe57:43ae prefixlen 64 scopeid 0x20
ether 02:42:38:57:43:ae txqueuelen 0 (Ethernet)
RX packets 2147 bytes 89933 (87.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2135 bytes 9667359 (9.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163 mtu 1500
inet 192.168.162.130 netmask 255.255.255.0 broadcast 192.168.162.255
inet6 fe80::20c:29ff:fede:c112 prefixlen 64 scopeid 0x20
ether 00:0c:29:de:c1:12 txqueuelen 1000 (Ethernet)
RX packets 158154 bytes 196994901 (187.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 54587 bytes 3737463 (3.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 6790 bytes 597408 (583.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6790 bytes 597408 (583.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth4a0a7c8: flags=4163 mtu 1500
inet6 fe80::3cd5:94ff:fe00:4cf6 prefixlen 64 scopeid 0x20
ether 3e:d5:94:00:4c:f6 txqueuelen 0 (Ethernet)
RX packets 2140 bytes 119461 (116.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2137 bytes 9667455 (9.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth55a4193: flags=4163 mtu 1500
inet6 fe80::c008:cfff:fea0:53b8 prefixlen 64 scopeid 0x20
ether c2:08:cf:a0:53:b8 txqueuelen 0 (Ethernet)
RX packets 7 bytes 530 (530.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1242 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
五、通过模板创建镜像
首先去下载一个模板
http://openvz.org/Download/templates/precreated //下载一个centos6的模板centos-6-x86-minimal.tar.gz
导入该镜像的命令为:
cat centos-6-x86-minimal.tar.gz|docker import - centos6
docker images查看导入的镜像
把现有镜像,导出为一个文件:
docker save -o ming-centos.tar ming
我们还可以用该文件恢复本地镜像:
docker load --input ming-centos.tar 或者
docker load < ming-centos.tar
docker push image_name //可以把自己的镜像传到dockerhub官方网站上去,但前提是需要先注册一个用户,后续如果有需求再研究吧
#使用rz命令将下载好的模板上传到虚拟机
[root@minglinux-01 ~] rz
[root@minglinux-01 ~] ls centos-6-x86-minimal.tar.gz
centos-6-x86-minimal.tar.gz
[root@minglinux-01 ~] du -h centos-6-x86-minimal.tar.gz
201M centos-6-x86-minimal.tar.gz
#导入该镜像到docker
[root@minglinux-01 ~] cat centos-6-x86-minimal.tar.gz|docker import - centos6
sha256:28927c522726ae66450cc0de22216e8dc8aa78ace2eaa15533ed283c481784fe
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 28927c522726 37 seconds ago 512MB
centos_with_net latest 9655a540a99e About an hour ago 280MB
centos latest 9f38484d220f 20 hours ago 202MB
lucci_linux latest 9f38484d220f 20 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
#启动镜像,进入容器
[root@minglinux-01 ~] docker run -itd centos6 bash
13109a927747652594e794eeec79c1a97154519f468e4c12772920ac4797529c
[root@minglinux-01 ~] docker exec -it 13109a bash
[root@13109a927747 /]#
[root@13109a927747 /]# cat /etc/issue
CentOS release 6.8 (Final)
Kernel \r on an \m
[root@13109a927747 /]# uname -a
Linux 13109a927747 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@13109a927747 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
#把现有镜像,导出为一个文件
[root@13109a927747 /]# exit
[root@minglinux-01 ~] docker save -o centos7_withnettool.tar centos_with_net
[root@minglinux-01 ~] du -sh centos7_withnettool.tar
275M centos7_withnettool.tar
#用该文件恢复为本地镜像,先删除,后导入
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 28927c522726 11 minutes ago 512MB
centos_with_net latest 9655a540a99e 2 hours ago 280MB
centos latest 9f38484d220f 20 hours ago 202MB
lucci_linux latest 9f38484d220f 20 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
[root@minglinux-01 ~] docker rmi 9655a540a99e
Error response from daemon: conflict: unable to delete 9655a540a99e (cannot be forced) - image is being used by running container 3da5abccfd8d
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
13109a927747 centos6 "bash" 10 minutes ago Up 10 minutes elated_kowalevski
3da5abccfd8d centos_with_net "/bin/bash" 2 hours ago Up 2 hours infallible_yalow
b5a7977de9e3 centos "/bin/bash" 2 hours ago Up 2 hours naughty_mclean
[root@minglinux-01 ~] docker rm -f 3da5abccfd8d
3da5abccfd8d
[root@minglinux-01 ~] docker rmi 9655a540a99e
Untagged: centos_with_net:latest
Deleted: sha256:9655a540a99e8a775cf5e8654e622373d9f3543138706db42dcfad8e350c5a08
Deleted: sha256:74b73c8cc0bca12cac68112602778d255d2e34f4d879a54a69abe7bec658bfa8
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 28927c522726 15 minutes ago 512MB
centos latest 9f38484d220f 20 hours ago 202MB
lucci_linux latest 9f38484d220f 20 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
#从文件导入恢复镜像
[root@minglinux-01 ~] docker load < centos7_withnettool.tar
66c1740fd4c5: Loading layer 78.01MB/78.01MB
Loaded image: centos_with_net:latest
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 28927c522726 16 minutes ago 512MB
centos_with_net latest 9655a540a99e 2 hours ago 280MB
centos latest 9f38484d220f 20 hours ago 202MB
lucci_linux latest 9f38484d220f 20 hours ago 202MB
ubuntu latest 94e814e2efa8 3 days ago 88.9MB
六、容器管理
docker create -it centos6 bash //这样可以创建一个容器,但该容器并没有启动
docker start container_id //启动容器后,可以使用 docker ps 查看到,有start 就有stop,和restart
之前我们使用的docker run 相当于先create再start
docker run -it centos bash
这样进入了一个虚拟终端里面,我们可以运行一些命令,使用命令exit或者ctrl d 退出该bash,当退出后这个容器也会停止。
docker run -d 可以让容器在后台运行
比如:docker run -d centos bash -c "while :; do echo "123"; sleep 2; done"
docker run -itd --name centos6_1 centos6 bash // --name 给容器自定义名字
docker run --rm -it centos bash -c "sleep 30" //--rm 可以让容器退出后
直接删除,在这里命令执行完容器就会退出
[root@minglinux-01 ~] docker create -it centos6 bash ##创建容器,未启动
9d87507b2fcd81fe46a97d4ef85b5322e00ba21c4a9e95b25fdfec946153953f
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@minglinux-01 ~] docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d87507b2fcd centos6 "bash" 14 seconds ago Created adoring_perlman
13109a927747 centos6 "bash" 15 hours ago Exited (137) 15 hours ago elated_kowalevski
b5a7977de9e3 centos "/bin/bash" 17 hours ago Exited (137) 15 hours ago naughty_mclean
[root@minglinux-01 ~] docker start 9d87507b2fcd #启动镜像
9d87507b2fcd
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d87507b2fcd centos6 "bash" 2 minutes ago Up 3 seconds adoring_perlman
#不加-d启动centos镜像
[root@minglinux-01 ~] docker run -it centos bash
[root@a74baaff6908 /]# ifconfig
bash: ifconfig: command not found
[root@a74baaff6908 /]# exit
exit
[root@minglinux-01 ~] docker ps #仅有上一个9d875容器在运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d87507b2fcd centos6 "bash" 7 minutes ago Up 4 minutes adoring_perlman
[root@minglinux-01 ~] docker ps -a #退出该bash后这个容器就会停止,启动时加-d则容器会继续在后台运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a74baaff6908 centos "bash" About a minute ago Exited (127) 30 seconds ago pensive_mcclintock
9d87507b2fcd centos6 "bash" 8 minutes ago Up 5 minutes adoring_perlman
13109a927747 centos6 "bash" 15 hours ago Exited (137) 15 hours ago elated_kowalevski
b5a7977de9e3 centos "/bin/bash" 17 hours ago Exited (137) 15 hours ago naughty_mclean
#启动时给容器及自定义名字
[root@minglinux-01 ~] docker run -itd --name centos6_1 centos6 bash
9ac1becfb0018f06f41e79f0303a6f349d3c1055e33edb69b73badcda3359169
[root@minglinux-01 ~] docker exec -it centos6_1 bash #使用自定义名字进入容器开启终端,比使用容器id更舒服
[root@9ac1becfb001 /]#
[root@9ac1becfb001 /]# exit
#运行容器然后让容器退出后直接删除,好像没什么用
[root@minglinux-01 ~] docker run --rm -it centos bash -c "sleep 30"
[root@minglinux-01 ~] docker ps #命令执行过程中centos镜像启动
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
598e42c7d359 centos "bash -c 'sleep 30'" 3 seconds ago Up 3 seconds loving_ramanujan
9ac1becfb001 centos6 "bash" 23 minutes ago Up 23 minutes centos6_1
9d87507b2fcd centos6 "bash" About an hour ago Up About an hour adoring_perlman
[root@minglinux-01 ~] docker ps -a#30s过后命令执行完容器退出并删除,所以这里没有记录
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9ac1becfb001 centos6 "bash" 27 minutes ago Up 27 minutes centos6_1
848c8a6e82f7 centos "bash" 32 minutes ago Exited (0) 32 minutes ago jolly_kepler
712acdc9dea5 centos "bash" 33 minutes ago Exited (0) 32 minutes ago silly_spence
84c9aa678fbb centos "bash -c 'while :; d…" About an hour ago Exited (137) 44 minutes ago recursing_allen
a74baaff6908 centos "bash" About an hour ago Exited (127) About an hour ago pensive_mcclintock
9d87507b2fcd centos6 "bash" About an hour ago Up About an hour adoring_perlman
13109a927747 centos6 "bash" 16 hours ago Exited (137) 16 hours ago elated_kowalevski
b5a7977de9e3 centos "/bin/bash" 18 hours ago Exited (137) 16 hours ago naughty_mclean
docker logs 可以获取到容器的运行历史信息,用法如下
docker logs container_id
docker attach 可以进入一个后台运行的容器,比如
docker attach container_id //但是attach命令不算好用,比如我们想要退出终端,就得exit了,这样容器也就退出了,还有一种方法
docker exec -it container_id bash //可以临时打开一个虚拟终端,并且exit后,容器依然运行着
docker rm container_id //container_id是ps的时候查看到的,这样就可以把container删除,如果是运行的容器,可以加-f
docker export container_id > file.tar // 导出容器,可以迁移到其他机器上,需要导入
cat file.tar |docker import - test //这样会生成test的镜像
#查看容器的运行历史信息
[root@minglinux-01 ~] docker run -itd centos bash -c "echo hello world"
815faf4812be06de33c838696dab641cac552f1237e2fddb8e0ae3125bae20ef
[root@minglinux-01 ~] docker logs 815faf4
hello world
#进入一个后台运行的容器方法1(exit后容器也一起退出)
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9ac1becfb001 centos6 "bash" 34 minutes ago Up 34 minutes centos6_1
9d87507b2fcd centos6 "bash" About an hour ago Up About an hour adoring_perlman
[root@minglinux-01 ~] docker attach 9ac1becfb001
[root@9ac1becfb001 /]# exit
exit
[root@minglinux-01 ~] docker ps #这个方法exit后容器也一起退出了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d87507b2fcd centos6 "bash" About an hour ago Up About an hour adoring_perlman
#进入一个后台运行的容器方法1(exit后容器不退出)
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d87507b2fcd centos6 "bash" About an hour ago Up About an hour adoring_perlman
[root@minglinux-01 ~] docker exec -it 9d87507b2fcd bash
[root@9d87507b2fcd /]# exit
exit
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d87507b2fcd centos6 "bash" About an hour ago Up About an hour adoring_perlman
#删除所有未运行容器
[root@minglinux-01 ~] docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
815faf4812be centos "bash -c 'echo hello…" 4 hours ago Exited (0) 4 hours ago stupefied_hypatia
9ac1becfb001 centos6 "bash" 4 hours ago Exited (0) 4 hours ago centos6_1
848c8a6e82f7 centos "bash" 4 hours ago Exited (0) 4 hours ago jolly_kepler
712acdc9dea5 centos "bash" 4 hours ago Exited (0) 4 hours ago silly_spence
84c9aa678fbb centos "bash -c 'while :; d…" 5 hours ago Exited (137) 5 hours ago recursing_allen
a74baaff6908 centos "bash" 5 hours ago Exited (127) 5 hours ago pensive_mcclintock
9d87507b2fcd centos6 "bash" 5 hours ago Up 5 hours adoring_perlman
13109a927747 centos6 "bash" 20 hours ago Exited (137) 20 hours ago elated_kowalevski
b5a7977de9e3 centos "/bin/bash" 22 hours ago Exited (137) 20 hours ago naughty_mclean
[root@minglinux-01 ~] docker rm 815faf4812be
815faf4812be
[root@minglinux-01 ~] docker rm 9ac1becfb001
9ac1becfb001
···
···
[root@minglinux-01 ~] docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d87507b2fcd centos6 "bash" 5 hours ago Up 5 hours adoring_perlman
#删除正在运行的容器需要加-f
[root@minglinux-01 ~] docker rm 9d87507b2fcd
Error response from daemon: You cannot remove a running container 9d87507b2fcd81fe46a97d4ef85b5322e00ba21c4a9e95b25fdfec946153953f. Stop the container before attempting removal or force remove
[root@minglinux-01 ~] docker rm -f 9d87507b2fcd
9d87507b2fcd
[root@minglinux-01 ~] docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#导出容器,可以迁移到其他机器上再导入
#使用export和import
七、仓库管理
docker pull registry //下载registry 镜像,registy为docker官方提供的一个镜像,我们可以用它来创建本地的docker私有仓库。
docker run -d -p 5000:5000 registry //以registry镜像启动容器,-p会把容器的端口映射到宿主机上,:左边为宿主机监听端口,:右边为容器监听端口
curl 127.0.0.1:5000/v2/_catalog //可以访问它
下面我们来把其中一个镜像上传到私有仓库
docker tag aming_test 192.168.162.130:5000/centos //标记一下tag,必须要带有私有仓库的ip:port
docker push 192.168.162.130:5000/centos //把标记的镜像给推送到私有仓库
此时并不会成功,Get https://192.168.162.130:5000/v2/: http: server gave HTTP response to HTTPS client
更改配置文件,vi /etc/docker/daemon.json//更改为
{ "insecure-registries":["192.168.162.130:5000"] }
systemctl restart docker
docker ps -a //查看容器已经关闭,还需要启动
docker start id //这里的id为registry容器id
再次push
docker push 192.168.162.130:5000/centos
curl 127.0.0.1:5001/v2/_catalog //可以查看到推送上来的镜像
#下载registry 镜像
[root@minglinux-01 ~] docker pull registry
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 28927c522726 20 hours ago 512MB
centos_with_net latest 9655a540a99e 22 hours ago 280MB
centos latest 9f38484d220f 41 hours ago 202MB
lucci_linux latest 9f38484d220f 41 hours ago 202MB
ubuntu latest 94e814e2efa8 4 days ago 88.9MB
registry latest f32a97de94e1 8 days ago 25.8MB
#以registry镜像启动容器
[root@minglinux-01 ~] docker run -d -p 5000:5000 registry #-p选项会把容器的端口映射到宿主机上,:左边为宿主机监听端口,:右边为容器监听端口
ef8c00af1fd7c29770631105745cb14e90ba9482c507fcf96e35bb3cf3f246d2
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef8c00af1fd7 registry "/entrypoint.sh /etc…" 9 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp awesome_heyrovsky
#测试5000端口联通性
[root@minglinux-01 ~] netstat -lntp | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 36966/docker-proxy
[root@minglinux-01 ~] telnet 127.0.0.1 5000
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
#访问仓库
[root@minglinux-01 ~] curl 127.0.0.1:5000/v2/_catalog
{"repositories":[]} #现在是空的
#上传镜像到私有仓库
[root@minglinux-01 ~] docker tag centos6 192.168.162.130:5000/centos6 #标记一下tag,必须要带有私有仓库的ip:port
[root@minglinux-01 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 28927c522726 21 hours ago 512MB
192.168.162.130:5000/centos6 latest 28927c522726 21 hours ago 512MB
centos_with_net latest 9655a540a99e 22 hours ago 280MB
centos latest 9f38484d220f 41 hours ago 202MB
lucci_linux latest 9f38484d220f 41 hours ago 202MB
ubuntu latest 94e814e2efa8 4 days ago 88.9MB
registry latest f32a97de94e1 8 days ago 25.8MB
[root@minglinux-01 ~] docker push 192.168.162.130:5000/centos6
The push refers to repository [192.168.162.130:5000/centos6]
Get https://192.168.162.130:5000/v2/: http: server gave HTTP response to HTTPS client
#修改daemon.json文件指定私有仓库的地址
[root@minglinux-01 ~] vim /etc/docker/daemon.json
1 { "insecure-registries":["192.168.162.130:5000"] }
#重启操作
[root@minglinux-01 ~] systemctl restart docker
[root@minglinux-01 ~] docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da9add7e5695 registry "/entrypoint.sh /etc…" 19 minutes ago Exited (2) 33 seconds ago jovial_sammet
ef8c00af1fd7 registry "/entrypoint.sh /etc…" 29 minutes ago Exited (2) 20 minutes ago awesome_heyrovsky
[root@minglinux-01 ~] docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@minglinux-01 ~] docker start da9add7e5695
da9add7e5695
#再次push
[root@minglinux-01 ~] docker push 192.168.162.130:5000/centos6
The push refers to repository [192.168.162.130:5000/centos6]
0a2f11f7b1ef: Pushed
latest: digest: sha256:3620c309f7a611a0f3a28af82ed0a7069e0307de6bee01defc93f483c48e93d4 size: 529
[root@minglinux-01 ~] curl 127.0.0.1:5000/v2/_catalog #访问私有仓库
{"repositories":["centos6"]}
#使用其他机器pull
[root@minglinux-02 ~] curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
[root@minglinux-02 ~] yum install -y docker-ce
[root@minglinux-02 ~] vim /etc/docker/daemon.json #指定私有仓库的地址
{ "insecure-registries":["192.168.162.130:5000"] }
[root@minglinux-02 ~] systemctl restart docker #要重启
[root@minglinux-02 ~] curl 192.168.162.130:5000/v2/_catalog
{"repositories":["centos6"]}
[root@minglinux-02 ~] docker pull 192.168.162.130:5000/centos6
Using default tag: latest
latest: Pulling from centos6
58cc42c750fa: Pull complete
Digest: sha256:3620c309f7a611a0f3a28af82ed0a7069e0307de6bee01defc93f483c48e93d4
Status: Downloaded newer image for 192.168.162.130:5000/centos6:latest
[root@minglinux-02 ~] docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.162.130:5000/centos6 latest 28927c522726 30 hours ago 512MB
#pull后面直接加镜像名仍是从官方仓库下载,daemon.json改动无影响
[root@minglinux-02 ~] docker pull docker