【Docker】Docker学习② - Docker安装及基础命令介绍
【Docker】Docker学习② - Docker安装及基础命令介绍
- 二、Docker安装及基础命令介绍
-
- 1. Docker安装验证
- 2. Docker存储引擎
- 3 Docker服务进程
- 4. Docker镜像加速配置
二、Docker安装及基础命令介绍
1. Docker安装验证
- 官方网址:https://www.docker.com/
- 官方rpm包下载地址:https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
- 阿里镜像下载地址:https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/
yum install /usr/local/src/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
- yum源安装日志:
[root@gbase8c_1 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
--2023-11-20 21:57:05-- http://mirrors.aliyun.com/repo/Centos-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 58.30.206.165, 58.30.206.169, 58.30.206.170, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|58.30.206.165|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:2523 (2.5K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/CentOS-Base.repo”
100%[====================================================================================================================================================================================================================================>] 2,523 --.-K/s 用时 0s
2023-11-20 21:57:05 (232 MB/s) - 已保存 “/etc/yum.repos.d/CentOS-Base.repo” [2523/2523])
[root@gbase8c_1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
--2023-11-20 21:57:44-- http://mirrors.aliyun.com/repo/epel-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 58.30.206.164, 58.30.206.168, 58.30.206.166, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|58.30.206.164|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:664 [application/octet-stream]
正在保存至: “/etc/yum.repos.d/epel.repo”
100%[====================================================================================================================================================================================================================================>] 664 --.-K/s 用时 0s
2023-11-20 21:57:44 (123 MB/s) - 已保存 “/etc/yum.repos.d/epel.repo” [664/664])
[root@gbase8c_1 ~]# wget -O /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
--2023-11-20 21:58:21-- http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 58.30.206.167, 58.30.206.168, 58.30.206.166, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|58.30.206.167|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:2081 (2.0K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/docker-ce.repo”
100%[====================================================================================================================================================================================================================================>] 2,081 --.-K/s 用时 0s
2023-11-20 21:58:21 (224 MB/s) - 已保存 “/etc/yum.repos.d/docker-ce.repo” [2081/2081])
[root@gbase8c_1 ~]# yum imstall docker-ce
已加载插件:fastestmirror, langpacks
没有该命令:imstall。请使用 /usr/bin/yum --help
[root@gbase8c_1 ~]# yum install docker-ce
已加载插件:fastestmirror, langpacks
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/5): docker-ce-stable/7/x86_64/primary_db | 118 kB 00:00:00
(2/5): docker-ce-stable/7/x86_64/updateinfo | 55 B 00:00:00
(3/5): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(4/5): epel/x86_64/primary_db | 7.0 MB 00:00:01
(5/5): updates/7/x86_64/primary_db | 24 MB 00:00:03
正在解决依赖关系
--> 正在检查事务
---> 软件包 docker-ce.x86_64.3.24.0.7-1.el7 将被 安装
--> 正在处理依赖关系 container-selinux >= 2:2.74,它被软件包 3:docker-ce-24.0.7-1.el7.x86_64 需要
--> 正在处理依赖关系 containerd.io >= 1.6.4,它被软件包 3:docker-ce-24.0.7-1.el7.x86_64 需要
--> 正在处理依赖关系 docker-ce-cli,它被软件包 3:docker-ce-24.0.7-1.el7.x86_64 需要
--> 正在处理依赖关系 docker-ce-rootless-extras,它被软件包 3:docker-ce-24.0.7-1.el7.x86_64 需要
--> 正在检查事务
---> 软件包 container-selinux.noarch.2.2.119.2-1.911c772.el7_8 将被 安装
---> 软件包 containerd.io.x86_64.0.1.6.24-3.1.el7 将被 安装
---> 软件包 docker-ce-cli.x86_64.1.24.0.7-1.el7 将被 安装
--> 正在处理依赖关系 docker-buildx-plugin,它被软件包 1:docker-ce-cli-24.0.7-1.el7.x86_64 需要
--> 正在处理依赖关系 docker-compose-plugin,它被软件包 1:docker-ce-cli-24.0.7-1.el7.x86_64 需要
---> 软件包 docker-ce-rootless-extras.x86_64.0.24.0.7-1.el7 将被 安装
--> 正在处理依赖关系 fuse-overlayfs >= 0.7,它被软件包 docker-ce-rootless-extras-24.0.7-1.el7.x86_64 需要
--> 正在处理依赖关系 slirp4netns >= 0.4,它被软件包 docker-ce-rootless-extras-24.0.7-1.el7.x86_64 需要
--> 正在检查事务
---> 软件包 docker-buildx-plugin.x86_64.0.0.11.2-1.el7 将被 安装
---> 软件包 docker-compose-plugin.x86_64.0.2.21.0-1.el7 将被 安装
---> 软件包 fuse-overlayfs.x86_64.0.0.7.2-6.el7_8 将被 安装
--> 正在处理依赖关系 libfuse3.so.3(FUSE_3.2)(64bit),它被软件包 fuse-overlayfs-0.7.2-6.el7_8.x86_64 需要
--> 正在处理依赖关系 libfuse3.so.3(FUSE_3.0)(64bit),它被软件包 fuse-overlayfs-0.7.2-6.el7_8.x86_64 需要
--> 正在处理依赖关系 libfuse3.so.3()(64bit),它被软件包 fuse-overlayfs-0.7.2-6.el7_8.x86_64 需要
---> 软件包 slirp4netns.x86_64.0.0.4.3-4.el7_8 将被 安装
--> 正在检查事务
---> 软件包 fuse3-libs.x86_64.0.3.6.1-4.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
==============================================================================================================================================================================================================================================================================
Package 架构 版本 源 大小
==============================================================================================================================================================================================================================================================================
正在安装:
docker-ce x86_64 3:24.0.7-1.el7 docker-ce-stable 24 M
为依赖而安装:
container-selinux noarch 2:2.119.2-1.911c772.el7_8 extras 40 k
containerd.io x86_64 1.6.24-3.1.el7 docker-ce-stable 34 M
docker-buildx-plugin x86_64 0.11.2-1.el7 docker-ce-stable 13 M
docker-ce-cli x86_64 1:24.0.7-1.el7 docker-ce-stable 13 M
docker-ce-rootless-extras x86_64 24.0.7-1.el7 docker-ce-stable 9.1 M
docker-compose-plugin x86_64 2.21.0-1.el7 docker-ce-stable 13 M
fuse-overlayfs x86_64 0.7.2-6.el7_8 extras 54 k
fuse3-libs x86_64 3.6.1-4.el7 extras 82 k
slirp4netns x86_64 0.4.3-4.el7_8 extras 81 k
事务概要
==============================================================================================================================================================================================================================================================================
安装 1 软件包 (+9 依赖软件包)
总下载量:107 M
安装大小:378 M
Is this ok [y/d/N]: y
Downloading packages:
(1/10): container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 40 kB 00:00:00
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-buildx-plugin-0.11.2-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY ] 7.2 MB/s | 23 MB 00:00:11 ETA
docker-buildx-plugin-0.11.2-1.el7.x86_64.rpm 的公钥尚未安装
(2/10): docker-buildx-plugin-0.11.2-1.el7.x86_64.rpm | 13 MB 00:00:02
(3/10): containerd.io-1.6.24-3.1.el7.x86_64.rpm | 34 MB 00:00:06
(4/10): docker-ce-24.0.7-1.el7.x86_64.rpm | 24 MB 00:00:04
(5/10): docker-ce-cli-24.0.7-1.el7.x86_64.rpm | 13 MB 00:00:02
(6/10): docker-ce-rootless-extras-24.0.7-1.el7.x86_64.rpm | 9.1 MB 00:00:01
(7/10): fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm | 54 kB 00:00:00
(8/10): fuse3-libs-3.6.1-4.el7.x86_64.rpm | 82 kB 00:00:00
(9/10): slirp4netns-0.4.3-4.el7_8.x86_64.rpm | 81 kB 00:00:00
(10/10): docker-compose-plugin-2.21.0-1.el7.x86_64.rpm | 13 MB 00:00:01
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
总计 11 MB/s | 107 MB 00:00:09
从 https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 检索密钥
导入 GPG key 0x621E9F35:
用户ID : "Docker Release (CE rpm) "
指纹 : 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
来自 : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
是否继续?[y/N]:y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 1/10
setsebool: SELinux is disabled.
正在安装 : containerd.io-1.6.24-3.1.el7.x86_64 2/10
正在安装 : docker-buildx-plugin-0.11.2-1.el7.x86_64 3/10
正在安装 : fuse3-libs-3.6.1-4.el7.x86_64 4/10
正在安装 : fuse-overlayfs-0.7.2-6.el7_8.x86_64 5/10
正在安装 : slirp4netns-0.4.3-4.el7_8.x86_64 6/10
正在安装 : docker-compose-plugin-2.21.0-1.el7.x86_64 7/10
正在安装 : 1:docker-ce-cli-24.0.7-1.el7.x86_64 8/10
正在安装 : docker-ce-rootless-extras-24.0.7-1.el7.x86_64 9/10
正在安装 : 3:docker-ce-24.0.7-1.el7.x86_64 10/10
验证中 : 3:docker-ce-24.0.7-1.el7.x86_64 1/10
验证中 : docker-ce-rootless-extras-24.0.7-1.el7.x86_64 2/10
验证中 : containerd.io-1.6.24-3.1.el7.x86_64 3/10
验证中 : docker-compose-plugin-2.21.0-1.el7.x86_64 4/10
验证中 : slirp4netns-0.4.3-4.el7_8.x86_64 5/10
验证中 : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 6/10
验证中 : 1:docker-ce-cli-24.0.7-1.el7.x86_64 7/10
验证中 : fuse3-libs-3.6.1-4.el7.x86_64 8/10
验证中 : docker-buildx-plugin-0.11.2-1.el7.x86_64 9/10
验证中 : fuse-overlayfs-0.7.2-6.el7_8.x86_64 10/10
已安装:
docker-ce.x86_64 3:24.0.7-1.el7
作为依赖被安装:
container-selinux.noarch 2:2.119.2-1.911c772.el7_8 containerd.io.x86_64 0:1.6.24-3.1.el7 docker-buildx-plugin.x86_64 0:0.11.2-1.el7 docker-ce-cli.x86_64 1:24.0.7-1.el7 docker-ce-rootless-extras.x86_64 0:24.0.7-1.el7 docker-compose-plugin.x86_64 0:2.21.0-1.el7
fuse-overlayfs.x86_64 0:0.7.2-6.el7_8 fuse3-libs.x86_64 0:3.6.1-4.el7 slirp4netns.x86_64 0:0.4.3-4.el7_8
完毕!
- 启动日志:
[root@gbase8c_private src]# systemctl start docker
[root@gbase8c_private src]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2023-11-19 20:59:41 CST; 9s ago
Docs: https://docs.docker.com
Main PID: 8016 (dockerd)
Tasks: 17
Memory: 36.1M
CGroup: /system.slice/docker.service
├─8016 /usr/bin/dockerd
└─8023 docker-containerd --config /var/run/docker/containerd/containerd.toml
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41+08:00" level=info msg=serving... address="/var/run/docker/containerd/docker-containerd.sock" module="containerd/grpc"
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41+08:00" level=info msg="containerd successfully booted in 0.021966s" module=containerd
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41.186522047+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41.266509020+08:00" level=info msg="Loading containers: start."
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41.390935217+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41.437962512+08:00" level=info msg="Loading containers: done."
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41.449685623+08:00" level=info msg="Docker daemon" commit=9ee9f40 graphdriver(s)=overlay2 version=18.03.1-ce
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41.449763497+08:00" level=info msg="Daemon has completed initialization"
11月 19 20:59:41 gbase8c_private dockerd[8016]: time="2023-11-19T20:59:41.480231303+08:00" level=info msg="API listen on /var/run/docker.sock"
11月 19 20:59:41 gbase8c_private systemd[1]: Started Docker Application Container Engine.
[root@gbase8c_private src]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
- 验证docker版本:
[root@gbase8c_private usr]# docker version
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:20:16 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:23:58 2018
OS/Arch: linux/amd64
Experimental: false
- 验证docker0网卡:
在docker安装启动之后,默认会生成一个名称为docker0的网卡并且默认IP地址为172.0.0.1。
[root@gbase8c_private usr]# ifconfig
docker0: flags=4099 mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:8b:e2:0a:a4 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 验证docker信息:
[root@gbase8c_private usr]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.03.1-ce
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.71.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.638GiB
Name: gbase8c_private
ID: FO25:ABBW:RKB7:4BFV:R4QG:3RP4:JRHH:6DF5:5DFZ:XS2F:4MCM:SUU6
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
2. Docker存储引擎
目前docker的默认存储引擎为overlay2,需要磁盘分区支持d-type文件分层功能,因此需要系统磁盘的额外支持。
官方文档关于存储引擎的选择文档:https://docs.docker.com/storage/storagedriver/select-storage-driver/
Docker官方推荐首选存储引擎为overlay2其次为devicemapper,但是devicemapper存在使用空间方面的一些限制,虽然可以通过后期配置解决,但是官方依然推荐使用overlay2,以下是网上查到的部分资料:https://www.cnblogs.com/youruncloud/p/5736718.html
如果docker数据目录是一块单独的磁盘分区而且是xfs格式的,那么需要在格式化的时候加上参数-n ftype=1 ,否则后期在启动容器的时候会报错不支持d-type。
3 Docker服务进程
- 3.1 查看宿主机进程树:
[root@gbase8c_private usr]# pstree -p 1
systemd(1)─┬─ModemManager(703)─┬─{ModemManager}(706)
│ └─{ModemManager}(719)
├─dockerd(8016)─┬─docker-containe(8023)─┬─{docker-containe}(8024)
│ │ ├─{docker-containe}(8025)
│ │ ├─{docker-containe}(8026)
│ │ ├─{docker-containe}(8027)
│ │ ├─{docker-containe}(8029)
│ │ ├─{docker-containe}(8030)
│ │ ├─{docker-containe}(8031)
│ │ └─{docker-containe}(8862)
│ ├─{dockerd}(8019)
│ ├─{dockerd}(8020)
│ ├─{dockerd}(8021)
│ ├─{dockerd}(8022)
│ ├─{dockerd}(8028)
│ ├─{dockerd}(8032)
│ ├─{dockerd}(8033)
│ └─{dockerd}(8043)
-
3.2 查看containerd进程关系
有4个进程:- dockerd:被client直接访问,其父进程为宿主机的systemd守护进程
- docker-proxy:实现容器通信,其父进程为docker
- containerd:被docker进程调用以实现与runc交互
- containerd-shim:真正运行容器的载体,其父进程为containerd
-
3.3 containerd-shim命令使用
containerd-shim -h -
3.4 容器的创建与管理过程
通信流程:- 1.dockerd通过grpc和containerd模块通信,dockerd由libcontainerd负责和containerd进行交换,docker和containerd通信socket文件:/run/containerd/containerd.sock。
- 2.containerd在dockerd启动时被启动,然后containerd启动grpc请求监听,containerd处理grpc请求,根据请求做相应动作。
- 3.若是start或是exec容器,containerd拉起一个container-shim,并进行相应的操作。
- 4.container-shim被拉起后,start/exec/create拉起runc进程,通过exit、control文件和containerd通信,通过父子进程关系和SIGCHLD监控容器中进程状态。
- 5.在整个容器生命周期中,containerd通过epoll监控容器文件,监控容器事件。
grpc:是google开发的一款高性能、开源和通用的rpc框架,支持众多语言客户端。
4. Docker镜像加速配置
- 4.1 获取加速地址
浏览器打开 http://cr.console.aliyun.com ,注册或登录阿里云账号,点击左侧的镜像加速器,将会得到一个专属的加速地址,而且下面有使用配置说明 - 4.2 生成配置文件
mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors":["https://pkjijpqo.mirror.aliyuncs.com"]
}
EOF
日志:
[root@gbase8c_private docker]# sudo tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors":["https://pkjijpqo.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors":["https://pkjijpqo.mirror.aliyuncs.com"]
}
[root@gbase8c_private docker]# sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors":["https://pkjijpqo.mirror.aliyuncs.com"]
}
EOF
^C
[root@gbase8c_private docker]# cat /etc/docker/daemon.json
{
"registry-mirrors":["https://pkjijpqo.mirror.aliyuncs.com"]
}
- 4.3 重启docker服务
systemctl daemon-reload
sudo systemctl restart docker