一、CentOS 安装 docker
1、yum 源安装
# 下载 repo 文件,repo saved to /etc/yum.repos.d/docker-ce.repo
[root@localhost ~]# yum-config-manager \ --add-repo \ https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
# 更新 yum 资源及安装 docker
[root@localhost ~]# yum makecache fast
[root@localhost ~]# yum install docker-ce
2、脚本安装
[root@localhost ~]# curl -fsSL get.docker.com -o get-docker.sh
[root@localhost ~]# sh get-docker.sh --mirror Aliyun
# Executing docker install script, commit: 0e685c6ac0bddd7b2ba7bcaaeb519746ad249a29
+ sh -c 'yum install -y -q yum-utils'
+ sh -c 'yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo'
Loaded plugins: fastestmirror, langpacks
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
+ '[' stable '!=' stable ']'
+ sh -c 'yum makecache'
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): docker-ce-stable/7/x86_64/filelists_db | 27 kB 00:00:00
(2/2): docker-ce-stable/7/x86_64/other_db | 120 kB 00:00:00
Metadata Cache Created
+ '[' -n '' ']'
+ sh -c 'yum install -y -q docker-ce'
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-20.10.8-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for docker-ce-20.10.8-3.el7.x86_64.rpm is not installed
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) "
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
setsebool: SELinux is disabled.
+ version_gte 20.10
+ '[' -z '' ']'
+ return 0
+ sh -c 'yum install -y -q docker-ce-rootless-extras'
Package docker-ce-rootless-extras-20.10.8-3.el7.x86_64 already installed and latest version
================================================================================
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:
dockerd-rootless-setuptool.sh install
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/
WARNING: Access to the remote API on a privileged Docker daemon is equivalent
to root access on the host. Refer to the 'Docker daemon attack surface'
documentation for details: https://docs.docker.com/go/attack-surface/
================================================================================
3、安装结果测试
#启动 docker
[root@localhost ~]# systemctl enable docker
[root@localhost ~]# systemctl start docker
# 建立 docker 用户组及将当前用户加入该用户组
[root@localhost ~]# groupadd docker
[root@localhost ~]# usermod -aG docker $USER
#测试
[root@localhost ~]# docker run hello-world
# 输出以下内容则说明已成功安装 docker
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:776b0895d5e2fcd5e80bcdd607adc45461ba11143ef3df531174bf00679f43fe
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
二、Docker 的使用
1、使用手册
[root@localhost ~]# docker --help
Usage: docker [OPTIONS] COMMAND
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
app* Docker App (Docker Inc., v0.9.1-beta3)
builder Manage builds
buildx* Build with BuildKit (Docker Inc., v0.6.1-docker)
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
scan* Docker Scan (Docker Inc., v0.8.0)
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
2、镜像拉取、列出、删除
- 配置镜像拉取加速
#编辑配置文件
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://registry.docker-cn.com" ]
}
#重启服务
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
- 从仓库拉取镜像
# docker pull [选项] [Docker Registry地址]<仓库名>:<标签>
docker pull ubuntu # 若不指定版本默认拉取最新镜像
# 输出结果
Using default tag: latest
latest: Pulling from library/ubuntu
16ec32c2132b: Pull complete
Digest: sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
Status: Downloaded newer image for ubuntu:latest
docker.io/library/ubuntu:latest
- 列出所有镜像
[root@localhost ~]# docker images
# 仓库名 标签 镜像ID 创建时间 占用空间
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 1318b700e415 2 weeks ago 72.8MB
registry 2 1fd8e1b0bb7e 3 months ago 26.2MB
hello-world latest d1165f221234 5 months ago 13.3kB
- 列出指定仓库名的镜像
[root@localhost ~]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 20.04 1318b700e415 2 weeks ago 72.8MB
ubuntu latest 1318b700e415 2 weeks ago 72.8MB
- 列出指定镜像
[root@localhost ~]# docker images ubuntu:20.04
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 20.04 1318b700e415 2 weeks ago 72.8MB
- 以特定格式列出镜像(GO语法)
# 仅打印 "ID" 和 "Repository" 信息并以 " : " 隔开
[root@localhost ~]# docker images --format "{{.ID}}: {{.Repository}}"
1318b700e415: ubuntu
1318b700e415: ubuntu
1fd8e1b0bb7e: registry
# 仅打印 "ID" 和 "Repository" 信息并等距显示
[root@localhost ~]# docker images --format "table{{.ID}}\t{{.Repository}}\t{{.Size}}"
IMAGE ID REPOSITORY SIZE
1318b700e415 ubuntu 72.8MB
1318b700e415 ubuntu 72.8MB
1fd8e1b0bb7e registry 26.2MB
- 删除镜像
# 用镜像的完整 ID(长 ID)来删除镜像,使用脚本的时候可能会用长 ID
# 用短 ID 来删除镜像,一般取前3个字符以上
[root@localhost ~]# docker rmi hello-world:latest
Untagged: hello-world:latest
Untagged: hello-world@sha256:776b0895d5e2fcd5e80bcdd607adc45461ba11143ef3df531174bf00679f43fe
Deleted: sha256:d1165f2212346b2bab48cb01c1e39ee8ad1be46b87873d9ca7a4e434980a7726
Deleted: sha256:f22b99068db93900abe17f7f5e09ec775c2826ecfe9db961fea68293744144bd
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 1318b700e415 2 weeks ago 72.8MB
registry 2 1fd8e1b0bb7e 3 months ago 26.2MB
ERROR
# Error response from daemon: conflict: unable to remove repository reference "hello-world:latest" (must force) - container 1b2fb7cdf07d is using its referenced image d1165f221234
SOLUTION
# 重复删除 ID 为 1b2fb7cdf07d 的 container
docker rm 1b2fb7cdf07d
- 查看镜像、容器、数据卷所占用的空间
[root@localhost ~]# docker system df
TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 2 1 99.02MB 72.78MB (73%)
Containers 1 0 0B 0B
Local Volumes 1 1 0B 0B
Build Cache 0 0 0B 0B
3、容器的启动、终止、进入、导入、导出
- 容器启动
-p 指定要映射的端口,一个指定端口上只可以绑定一个容器。支持格式 :ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort 。
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 20.04 1318b700e415 2 weeks ago 72.8MB
ubuntu 18.04 39a8cfeef173 2 weeks ago 63.1MB
registry latest 1fd8e1b0bb7e 3 months ago 26.2MB
# 通过指定的 REPOSITORY 和 TAG 运行容器,用户不可进行交互,但等同于在本地执行 echo 指令
[root@localhost ~]# docker run ubuntu:20.04 /bin/echo "NO PAIN,NO GAIN."
NO PAIN,NO GAIN.
# 通过指定的 IMAGE ID 运行,用户不可进行交互,但等同于在本地执行 echo 指令
[root@localhost ~]# docker run 39a8cfeef173 /bin/echo "NO PAIN,NO GAIN."
NO PAIN,NO GAIN.
# 启动一个终端,用户可进行交互
[args]:
-t, --tty Allocate a pseudo-TTY
-i, --interactive Keep STDIN open even if not attached
[root@localhost ~]# docker run -t -i ubuntu:18.04 /bin/bash
root@cc80f23bc9e4:/# echo "NO PAIN,NO GAIN."
NO PAIN,NO GAIN.
# 指定参数启动容器
[args]:
-d, --detach Run container in background and print container ID #后台运行,不进入交互模式
--name string Assign a name to the container
-p Publish a port(s) of container to the host
[root@localhost ~]# docker run -itd -p 5001:5001 --name=test1 ubuntu:20.04
62389f915096efde58d6fc6bf560085ccb91f7997a0229078d5df3057195957a
[root@localhost ~]# docker run -itd -p 5002:5002 --name=test2 ubuntu:18.04
c2e251801beaf0ffa5a1830f2d8e7c6906f764a922d2ec10de5e09209a750f41
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 16 seconds ago Up 15 seconds 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
62389f915096 ubuntu:20.04 "bash" 34 seconds ago Up 33 seconds 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
# 在使用 -d 参数时,容器启动后会进入后台。此时想要进入容器,可以通过以下指令进入:
# docker attach CONTAINER ID # 退出容器,容器终止
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 6 minutes ago Up 6 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
62389f915096 ubuntu:20.04 "bash" 6 minutes ago Up 8 seconds 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
[root@localhost ~]# docker attach test1
root@62389f915096:/# ls
bin boot dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
root@62389f915096:/# exit
exit
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 6 minutes ago Up 6 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffd257af6f34 registry "/entrypoint.sh /etc…" 3 minutes ago Exited (2) 2 minutes ago test3
c2e251801bea ubuntu:18.04 "bash" 7 minutes ago Up 7 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
62389f915096 ubuntu:20.04 "bash" 7 minutes ago Exited (0) 8 seconds ago test1
# docker exec CONTAINER ID #退出容器,容器终止
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 11 minutes ago Up 11 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
[root@localhost ~]# docker exec -it test2 /bin/bash
root@c2e251801bea:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@c2e251801bea:/# exit
exit
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 11 minutes ago Up 11 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
- 列出所有容器
[root@localhost ~]# docker ps --help
Usage: docker ps [OPTIONS]
Options:
-a, --all Show all containers (default shows just running)
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print containers using a Go template
-n, --last int Show n last created containers (includes all states) (default -1)
-l, --latest Show the latest created container (includes all states)
--no-trunc Don't truncate output
-q, --quiet Only display container IDs
-s, --size Display total file sizes
# 列出在运行的容器(默认)
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 11 minutes ago Up 11 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
# 列出所有容器(包括已退出的容器)
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffd257af6f34 registry "/entrypoint.sh /etc…" 9 minutes ago Exited (2) 8 minutes ago test3
c2e251801bea ubuntu:18.04 "bash" 12 minutes ago Up 12 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
62389f915096 ubuntu:20.04 "bash" 13 minutes ago Exited (0) 6 minutes ago test1
- 终止运行中的容器
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 14 minutes ago Up 14 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
[root@localhost ~]# docker stop test2
test2
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 启动终止状态容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffd257af6f34 registry "/entrypoint.sh /etc…" 16 minutes ago Exited (2) About a minute ago test3
c2e251801bea ubuntu:18.04 "bash" 19 minutes ago Exited (0) About a minute ago test2
62389f915096 ubuntu:20.04 "bash" 20 minutes ago Exited (0) 6 seconds ago test1
# 通过 NAMES 启动
[root@localhost ~]# docker start test1
test1
# 通过 CONTAINER ID 启动
[root@localhost ~]# docker start c2e251801bea
c2e251801bea
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 20 minutes ago Up 11 seconds 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
62389f915096 ubuntu:20.04 "bash" 20 minutes ago Up 26 seconds 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
- 导出、导入容器
# 进入 test1 容器,编辑 TEST.txt 文件作为后面导入容器验证比对参照
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2e251801bea ubuntu:18.04 "bash" 30 minutes ago Up 10 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
62389f915096 ubuntu:20.04 "bash" 30 minutes ago Up 10 minutes 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
[root@localhost ~]# docker exec -it test1 /bin/bash
root@62389f915096:/# cat > TEST.txt << EOF
> NO PAIN,NO GAIN!
> EOF
root@62389f915096:/# cat TEST.txt
NO PAIN,NO GAIN!
root@62389f915096:/# exit
exit
# 导出容器并命名为 DEMO.tar
[root@localhost ~]# docker export --help
Usage: docker export [OPTIONS] CONTAINER
Export a container's filesystem as a tar archive
Options:
-o, --output string Write to a file, instead of STDOUT
----------------------------------------------------------------------------------------
[root@localhost ~]# docker export test1 > DEMO.tar
[root@localhost ~]# ll -h DEMO.tar
-rw-r--r-- 1 root root 72M Aug 12 01:54 DEMO.tar
# 导入容器 DEMO.tar
[root@localhost ~]# docker import --help
Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
Import the contents from a tarball to create a filesystem image
Options:
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Set commit message for imported image
--platform string Set platform if server is multi-platform capable
----------------------------------------------------------------------------------------
[root@localhost ~]# ll -h DEMO.tar
-rw-r--r-- 1 root root 72M Aug 12 01:54 DEMO.tar
[root@localhost ~]# cat DEMO.tar | docker import - ubuntu:v01
sha256:00e53287c020f83d3a159d27f5b37aebb18f2ae6e187fdb76f6e7ab73f03786e
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v01 00e53287c020 51 seconds ago 72.8MB
ubuntu 20.04 1318b700e415 2 weeks ago 72.8MB
ubuntu 18.04 39a8cfeef173 2 weeks ago 63.1MB
registry latest 1fd8e1b0bb7e 3 months ago 26.2MB
# 验证导入容器 ubuntu:v01
[root@localhost ~]# docker run -itd -p 5003:5003 --name=test3 ubuntu:v01 /bin/bash
e259b5e999062d7966987cd4906f1524f4efdcb9425428640119986b8bbc9d6b
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e259b5e99906 ubuntu:v01 "/bin/bash" 11 seconds ago Up 5 seconds 0.0.0.0:5003->5003/tcp, :::5003->5003/tcp test3
c2e251801bea ubuntu:18.04 "bash" 49 minutes ago Up 29 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
62389f915096 ubuntu:20.04 "bash" 50 minutes ago Up 29 minutes 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
[root@localhost ~]# docker exec -it test3 /bin/bash
root@e259b5e99906:/# ls
TEST.txt bin boot dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
root@e259b5e99906:/# cat TEST.txt
NO PAIN,NO GAIN!
- 删除容器
# 删除对应容器 CONTAINER ID 或 NAMES 均可
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6373f20cccc0 registry "/entrypoint.sh --na…" 59 seconds ago Exited (0) 57 seconds ago agitated_cannon
bbbecf0ebe1f ubuntu:20.04 "/bin/bash" 2 minutes ago Up 2 minutes 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
e259b5e99906 ubuntu:v01 "/bin/bash" 11 minutes ago Up 11 minutes 0.0.0.0:5003->5003/tcp, :::5003->5003/tcp test3
c2e251801bea ubuntu:18.04 "bash" About an hour ago Up 40 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
[root@localhost ~]# docker rm -f test
Error: No such container: test
# 添加参数 -f 可删除运行态容器
[root@localhost ~]# docker rm -f test1
test1
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6373f20cccc0 registry "/entrypoint.sh --na…" About a minute ago Exited (0) About a minute ago agitated_cannon
e259b5e99906 ubuntu:v01 "/bin/bash" 11 minutes ago Up 11 minutes 0.0.0.0:5003->5003/tcp, :::5003->5003/tcp test3
c2e251801bea ubuntu:18.04 "bash" About an hour ago Up 41 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
# 删除指定终止态容器
[root@localhost ~]# docker rm agitated_cannon
agitated_cannon
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e259b5e99906 ubuntu:v01 "/bin/bash" 15 minutes ago Up 14 minutes 0.0.0.0:5003->5003/tcp, :::5003->5003/tcp test3
c2e251801bea ubuntu:18.04 "bash" About an hour ago Up 44 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
# 删除所有终止态容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e259b5e99906 ubuntu:v01 "/bin/bash" 17 minutes ago Exited (0) 6 seconds ago test3
c2e251801bea ubuntu:18.04 "bash" About an hour ago Exited (0) 12 seconds ago test2
[root@localhost ~]# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:
e259b5e999062d7966987cd4906f1524f4efdcb9425428640119986b8bbc9d6b
c2e251801beaf0ffa5a1830f2d8e7c6906f764a922d2ec10de5e09209a750f41
Total reclaimed space: 110B
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4、数据管理
1)数据卷(Volumes)
数据卷是一个可供一个或多个容器使用的特殊目录,特性:
- 数据卷可以在容器之间共享和重用
- 对数据卷的修改会立马生效
- 对数据卷的更新,不会影响镜像
- 数据卷默认会一直存在,即使容器被删除
注意: 数据卷的使用,类似于 Linux 下对目录或文件进行 mount,镜像中被指定为挂载点的目录中的文件会隐藏掉,能显示的是挂载的数据卷 。
- 创建、列出、查看、删除数据卷
[root@localhost docker]# docker volume --help
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove all unused local volumes
rm Remove one or more volumes
----------------------------------------------------------------------------------------
# 创建数据卷
[root@localhost ~]# docker volume create demo_vol
demo_vol
# 列出数据卷
[root@localhost ~]# docker volume ls
DRIVER VOLUME NAME
local demo_vol
# 查看数据卷信息(可同时是查看多个)
[root@localhost ~]# docker volume inspect demo_vol
[
{
"CreatedAt": "2021-08-12T18:39:59+08:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/demo_vol/_data",
"Name": "demo_vol",
"Options": {},
"Scope": "local"
}
]
# 删除数据卷(使用参数 prune 可同时删除多个)
[root@localhost ~]# docker volume rm demo_vol
demo_vol
- 启动挂载数据卷的容器
# 数据卷 demo_vol1 下新建文件做后面验证校验
root@localhost _data]# pwd
/var/lib/docker/volumes/demo_vol1/_data
[root@localhost _data]# touch demo{1..5}.txt
[root@localhost _data]# ll
total 0
-rw-r--r-- 1 root root 0 Aug 12 19:25 demo1.txt
-rw-r--r-- 1 root root 0 Aug 12 19:25 demo2.txt
-rw-r--r-- 1 root root 0 Aug 12 19:25 demo3.txt
-rw-r--r-- 1 root root 0 Aug 12 19:25 demo4.txt
-rw-r--r-- 1 root root 0 Aug 12 19:25 demo5.txt
# 启动挂载数据卷的容器
# 将数据卷 demo_vol1 挂载到容器 ubuntu:20.04 的 "/mnt" 目录
[root@localhost ~]# docker run -itd -p 5002:5002 --name test2 --mount source=demo_vol1,target=/mnt ubuntu:20.04 /bin/bash
3a1bdbd8c08c63a5f80d01da354f93d774f5f63455407c5a8736eb61877627b5
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a1bdbd8c08c ubuntu:20.04 "/bin/bash" 15 seconds ago Up 13 seconds 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
30fdb335add4 ubuntu:18.04 "/bin/bash" 2 hours ago Up 2 hours 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
# 查看已启动容器 ubuntu:20.04 数据卷挂载信息
[root@localhost ~]# docker inspect test2
[
{
"Id": "3a1bdbd8c08c63a5f80d01da354f93d774f5f63455407c5a8736eb61877627b5",
"Created": "2021-08-12T11:16:39.690901124Z",
"Path": "/bin/bash", ...
"Mounts": [
{
"Type": "volume",
"Name": "demo_vol1",
"Source": "/var/lib/docker/volumes/demo_vol1/_data",
"Destination": "/mnt",
"Driver": "local",
"Mode": "z",
"RW": true,
"Propagation": ""
}
]
# 进入容器 test2,校验挂载情况
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a1bdbd8c08c ubuntu:20.04 "/bin/bash" 18 minutes ago Up 18 minutes 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
30fdb335add4 ubuntu:18.04 "/bin/bash" 2 hours ago Up 2 hours 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
[root@localhost ~]# docker exec -it test2 /bin/bash
root@3a1bdbd8c08c:/# ll /mnt/
total 0
drwxr-xr-x 2 root root 91 Aug 12 11:25 ./
drwxr-xr-x 1 root root 18 Aug 12 11:16 ../
-rw-r--r-- 1 root root 0 Aug 12 11:25 demo1.txt
-rw-r--r-- 1 root root 0 Aug 12 11:25 demo2.txt
-rw-r--r-- 1 root root 0 Aug 12 11:25 demo3.txt
-rw-r--r-- 1 root root 0 Aug 12 11:25 demo4.txt
-rw-r--r-- 1 root root 0 Aug 12 11:25 demo5.txt
2)监听主机目录 (Bind mounts)
使用 --mount 标记可以指定挂载一个本地主机的目录到容器中去
# 挂载主机目录 "/root/demo",挂载点容器test3 "/mnt"
[root@localhost demo]# pwd
/root/demo
[root@localhost demo]# ll
total 73400
-rw-r--r-- 1 root root 75160576 Aug 12 01:54 DEMO.tar
# 启动挂载主机目录容器 test3
[root@localhost ~]# docker run -itd -p 5003:5003 --name test3 --mount type=bind,source=/root/demo,target=/mnt ubuntu:18.04 /bin/bash
064576cfc3884285309c344e103ab84bc51a1bf75c4686663c95e3d9bd5c6db8
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
064576cfc388 ubuntu:18.04 "/bin/bash" 7 seconds ago Up 4 seconds 0.0.0.0:5003->5003/tcp, :::5003->5003/tcp test3
3a1bdbd8c08c ubuntu:20.04 "/bin/bash" 2 hours ago Up 2 hours 0.0.0.0:5002->5002/tcp, :::5002->5002/tcp test2
30fdb335add4 ubuntu:18.04 "/bin/bash" 4 hours ago Up 4 hours 0.0.0.0:5001->5001/tcp, :::5001->5001/tcp test1
# 进入容器 test3 并验证
[root@localhost demo]# docker exec -it test3 /bin/bash
root@064576cfc388:~# ll /mnt/
total 73400
drwxr-xr-x 2 root root 22 Aug 12 11:40 ./
drwxr-xr-x 1 root root 6 Aug 12 13:44 ../
-rw-r--r-- 1 root root 75160576 Aug 11 17:54 DEMO.tar
注意:挂载的主机目录的默认有读写权限,增加 readonly 可指设定挂载主机目录为只读权限
[root@localhost ~]# docker run -itd -p 5004:5004 --name test4 --mount type=bind,source=/root/demo,target=/mnt,readonly ubuntu:20.04 /bin/bash
85ea1d3282b178334baffbe0dbd187f0dda8c2d6f2afeda8de3b309818719079
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
85ea1d3282b1 ubuntu:20.04 "/bin/bash" 4 minutes ago Up 4 minutes 0.0.0.0:5004->5004/tcp, :::5004->5004/tcp test4
[root@localhost ~]# docker inspect test4 | grep "Mounts" -A9
"Mounts": [
{
"Type": "bind",
"Source": "/root/demo",
"Target": "/mnt",
"ReadOnly": true
}
],
"MaskedPaths": [
"/proc/asound",
--
"Mounts": [
{
"Type": "bind",
"Source": "/root/demo",
"Destination": "/mnt",
"Mode": "",
"RW": false,
"Propagation": "rprivate"
}
],
# 进入容器 test4 新建文件夹 TEST 验证权限
[root@localhost ~]# docker exec -it test4 /bin/bash
root@85ea1d3282b1:~# cd /mnt/
root@85ea1d3282b1:/mnt# pwd
/mnt
root@85ea1d3282b1:/mnt# ll
total 73400
drwxr-xr-x 2 root root 22 Aug 12 11:40 ./
drwxr-xr-x 1 root root 6 Aug 12 14:00 ../
-rw-r--r-- 1 root root 75160576 Aug 11 17:54 DEMO.tar
root@85ea1d3282b1:/mnt# mkdir TEST
mkdir: cannot create directory 'TEST': Read-only file system
使用 --mount 标记从主机挂载单个文件到容器中
# 挂载主机上 .bash_history 文件到容器,记录容器内执行过的命令
[root@localhost ~]# docker run -itd -p 5005:5005 --name test5 --mount type=bind,source=$HOME/.bash_history,target=/root/.bash_history ubuntu:20.04 /bin/bash
92daee5c46fc895acb495d575437ef2c0ffac3002aec1578d6e0f5bedb143fb5
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
92daee5c46fc ubuntu:20.04 "/bin/bash" 17 seconds ago Up 16 seconds 0.0.0.0:5005->5005/tcp, :::5005->5005/tcp test5
[root@localhost ~]# echo '' > .bash_history
[root@localhost ~]# cat .bash_history
[root@localhost ~]# docker exec -it test5 /bin/bash
root@92daee5c46fc:/# apt-get update
Get:1 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:2 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:4 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [30.6 kB]
Get:5 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [990 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:10 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [787 kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [432 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:13 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1056 kB]
Get:14 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [1427 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [39.0 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [478 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [6319 B]
Get:18 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [2668 B]
Fetched 18.7 MB in 59s (315 kB/s)
Reading package lists... Done
root@92daee5c46fc:/# apt-get install net-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 196 kB of archives.
After this operation, 864 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/main amd64 net-tools amd64 1.60+git20180626.aebd88e-1ubuntu1 [196 kB]
Fetched 196 kB in 2s (93.4 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package net-tools.
(Reading database ... 4127 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20180626.aebd88e-1ubuntu1_amd64.deb ...
Unpacking net-tools (1.60+git20180626.aebd88e-1ubuntu1) ...
Setting up net-tools (1.60+git20180626.aebd88e-1ubuntu1) ...
root@92daee5c46fc:/# ifconfig
eth0: flags=4163 mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 12258 bytes 19688478 (19.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8201 bytes 589130 (589.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@92daee5c46fc:/# echo "NO PAIN,NO GAIN!"
NO PAIN,NO GAIN!
root@92daee5c46fc:/# exit
exit
# 验证
[root@localhost ~]# cat .bash_history
apt-get update
apt-get install net-tools
ifconfig
echo "NO PAIN,NO GAIN!"
exit
5、网络
1) 外部访问网络
要实现外部访问容器中运行的网络应用,可以通过 -P 或 -p 参数来指定端口映射。
-P:随机映射一个 49000~49900 的端口到内部容器开放的网络端 口
-p:指定要映射的端口,在一个指定端口上只可以绑定一个容器。
支持格式:
ip:hostPort:containerPort
ip::containerPort
hostPort:containerPort