Docker的基本用法
什么是Docker
docker中的容器:
lxc --> libcontainer --> runC
OCI&OCF
OCI
开源的容器协议(Open Container-initiative)
- 由Linux基金会主导于2015年6月创立
- 旨在围绕容器格式和运行时制定一个开放的工业化标准
- 包含以下两个标准
- 运行规范(runtime-spec)
- 图像规范(image-spec)
OCF
开源的容器格式(Open Container Format)
runC 是一个命令行工具,运行容器记录的一个标准
- 容器是以runC为子进程的方式启动,并且可以被其他的系统引用,不需要启动为守护模式进程
- runC 可以构建我们的容器,并且可以被数以百万的存储引擎使用
docker提供了一个专门容纳容器镜像的站点:https://hub.docker.com
以下是网站的注册与使用步骤
打开上面这个网址
点击右上角的sign up注册,填写信息即可
点击sign up进入网站之后,可以搜索你需要的镜像仓库
以httpd为例,可以自行选择
Docker架构
-
这里的Client和DOCKER_HOST(docker server)都是在本地的,docker仓库Registry是在远程的,也可以在本地
-
Client的docker命令通过Docker daemon与docker server镜像交互
-
images镜像是由应用已经被docker打包好的镜像,如java、nginx的镜像,这些镜像可以运行在容器containers里
-
每一个container容器都是运行在docker server(宿主机)上的,每一个container容器都是隔离的、独立的
-
每一个container容器相当于一个Linux操作系统,每一个container容器都有自己的ip地址,所以可以在不同的container上设置相同的端口号
Docker镜像与镜像仓库
为什么镜像仓库名字是Registry而不是repository?在docker中仓库的名字是以应用的名称取名的。
镜像是静态的,而容器是动态的,容器有其生命周期,镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件,而容器则类似于将一个程序运行起来的状态,也即进程。所以容器是可以删除的,容器被删除后其镜像是不会被删除的。
Docker对象
当您使用docker时,您可以创建和使用镜像、容器、网络、存储卷、插件和其他对象。
- 镜像
- 一个镜像是只读的模板,是用来创建docker容器的
- 经常情况, 一个镜像是基于另外一个镜像生成的,加上一些特定的内同
- 您可以创建您自己的镜像,也可以使用别人在网站上传的镜像
- 容器
- 容器是一个用镜像运行的实例
- 您可以使用命令行模式或者API进行创建,运行,停止,移动,删除容器
- 您可以将容器连接到一个或多个网络,将存储连接到容器,甚至可以基于其当前状态创建新映像。
安装及使用Docker
Docker安装
//进入目录
[root@localhost ~]# cd /etc/yum.repos.d/
//下载
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1919 100 1919 0 0 347 0 0:00:05 0:00:05 --:--:-- 431
//查看一下
[root@localhost yum.repos.d]# ls
CentOS-Base.repo epel-playground.repo epel-testing.repo
docker-ce.repo epel.repo redhat.repo
epel-modular.repo epel-testing-modular.repo
//清理缓存
[root@localhost yum.repos.d]# yum clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
34 files removed
//查看一些docker有哪些包
[root@localhost yum.repos.d]# yum list all|grep docker
containerd.io.x86_64 1.4.3-3.1.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.3-3.el8 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.3-3.el8 docker-ce-stable
docker-ce-rootless-extras.x86_64 20.10.3-3.el8 docker-ce-stable
pcp-pmda-docker.x86_64 5.1.1-3.el8 AppStream
podman-docker.noarch 2.2.1-7.module_el8.3.0+699+d61d9c41 AppStream
python2-dockerpty.noarch 0.4.1-18.el8 epel
python3-dockerpty.noarch 0.4.1-18.el8 epel
standard-test-roles-inventory-docker.noarch 4.10-1.el8 epel
//安装docker-ce包
[root@localhost yum.repos.d]# yum -y install docker-ce
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
AppStream 1.7 MB/s | 6.3 MB 00:03
BaseOS 1.4 MB/s | 2.3 MB 00:01
Docker CE Stable - x86_64 103 B/s | 9.2 kB 01:31
epel 3.8 MB/s | 8.9 MB 00:02
Last metadata expiration check: 0:00:01 ago on Thu 25 Feb 2021 09:22:09 PM CST.
Dependencies resolved.
=====================================================================================
Package Arch Version Repository Size
=====================================================================================
Installing:
docker-ce x86_64 3:20.10.3-3.el8 docker-ce-stable 27 M
Upgrading:
libsemanage x86_64 2.9-3.el8 BaseOS 165 k
Installing dependencies:
checkpolicy x86_64 2.9-1.el8 BaseOS 348 k
Installed:
checkpolicy-2.9-1.el8.x86_64
docker-ce-3:20.10.3-3.el8.x86_64
......
python3-setools-4.3.0-2.el8.x86_64
slirp4netns-1.1.8-1.module_el8.3.0+699+d61d9c41.x86_64
Complete!
//启动docker
[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
//查看docker运行状态
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: d>
Active: active (running) since Thu 2021-02-25 21:36:19 CST; 12s ago
Docs: https://docs.docker.com
Main PID: 13448 (dockerd)
Tasks: 12
Memory: 48.6M
CGroup: /system.slice/docker.service
└─13448 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.2105>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.2400>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.2401>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.2403>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.4002>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.4721>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.4919>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.4921>
Feb 25 21:36:19 localhost.localdomain systemd[1]: Started Docker Application Contain>
Feb 25 21:36:19 localhost.localdomain dockerd[13448]: time="2021-02-25T21:36:19.5139>
Docker加速
docker-ce的配置文件是/etc/docker/daemon.json,此文件默认不存在,需要我们手动创建并进行配置,而docker的加速就是通过配置此文件来实现的。
docker的加速有多种方式:
- docker cn
- 中国科技大学加速器
- 阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
这里使用的是阿里云加速器,获取加速方式如下
登录账号
点击右上角我的阿里云,点击我的账号,看到下面的画面
点击左上方的橙色图标,点击产品与服务,选择容器镜像服务
点击左侧镜像加速器
复制加速地址,粘贴到daemon.json文件中即可
设置加速器
//编辑daemon.json
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://zyva0762.mirror.aliyuncs.com"]
}
//重读一下文件,重启rocker
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
//查看一下docker的信息
[root@localhost ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
....
....
....
Registry Mirrors:
https://zyva0762.mirror.aliyuncs.com/ #已经修改成我的加速器了
Live Restore Enabled: false
WARNING: No blkio weight support
WARNING: No blkio weight_device support
Docker的常用操作
| 命令 | 功能 |
|---|---|
| docker search | Search the Docker Hub for images |
| docker pull | Pull an image or a repository from a registry |
| docker images | List images |
| docker create | Create a new conntainer |
| docker start | Start one or more stopped containers |
| docker run | Run a command in a new container |
| docker attach | Attach to a runninng container |
| docker ps | List containers |
| docker logs | Fetch the logs of a container |
| docker restart | Restart a container |
| docker stop | Stop one or more running containers |
| docker kill | Kill one or more running containers |
| docker rm | Remove onne or more containers |
| docker exec | Run a command in a running container |
| docker info | Display system-wide information |
| docker inspect | Return low-level information on Docker objects |
演示如下:
- docker search 在官网上搜索镜像
[root@localhost ~]# docker search httpd
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
httpd The Apache HTTP Server Project 3371 [OK]
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 36
centos/httpd 33 [OK]
polinux/httpd-php Apache with PHP in Docker (Supervisor, CentO… 4 [OK]
salim1983hoop/httpd24 Dockerfile running apache config 2 [OK]
lead4good/httpd-fpm httpd server which connects via fcgi proxy h… 1 [OK]
solsson/httpd-openidc mod_auth_openidc on official httpd image, ve… 1 [OK]
inanimate/httpd-ssl A play container with httpd, ssl enabled, an… 1 [OK]
- docker pull 下载官网的镜像,不加版本号默认下载最新版本
[root@localhost ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
a076a628af6f: Pull complete
e444656f7792: Pull complete
0ec35e191b09: Pull complete
4aad5d8db1a6: Pull complete
eb1da3ea630f: Pull complete
Digest: sha256:2fab99fb3b1c7ddfa99d7dc55de8dad0a62dbe3e7c605d78ecbdf2c6c49fd636
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
//下载2.4版本
[root@localhost ~]# docker pull httpd:2.4-alpine
2.4-alpine: Pulling from library/httpd
801bfaa63ef2: Pull complete
ac8f86b44b17: Pull complete
078b6c86de97: Pull complete
55f318a9c48a: Pull complete
5da5afdb6ea0: Pull complete
Digest: sha256:17e9cafb91cbe2388a685d74c3ee2084d3bfbd144f839a5f2245b7f8ef350564
Status: Downloaded newer image for httpd:2.4-alpine
docker.io/library/httpd:2.4-alpine
- docker images 查看有哪些镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest 683a7aad17d3 6 weeks ago 138MB
httpd 2.4-alpine 5d779ff71c18 2 months ago 55.5MB
- docker create 创建一个容器
[root@localhost ~]# docker create httpd:2.4-alpine
479549495e63afa91382de2f073d3a4d5592ce03eac899f4eefda883ed86d1b5
- docker ps 查看正在运行的容器;-a 表示所有的容器
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
479549495e63 httpd:2.4-alpine "httpd-foreground" 16 seconds ago Created dreamy_zhukovsky
- docker start 启动容器
[root@localhost ~]# docker start 479549495e63
479549495e63
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
479549495e63 httpd:2.4-alpine "httpd-foreground" 2 minutes ago Up 11 seconds 80/tcp dreamy_zhukovsky
- docker stop 停止容器运行
[root@localhost ~]# docker stop 479549495e63
479549495e63
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- docker restart 重启容器
[root@localhost ~]# docker start 479549495e63
479549495e63
[root@localhost ~]# docker restart 479549495e63
479549495e63
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
479549495e63 httpd:2.4-alpine "httpd-foreground" 4 minutes ago Up 5 seconds 80/tcp dreamy_zhukovsky
- docker kill 强制终止一个容器;不推荐使用,使用docker stop就可以了
[root@localhost ~]# docker kill 479549495e63
479549495e63
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- docker rm 删除一个容器,不能删除正在运行的容器;-f可以删除正在运行的容器;rmi删除镜像
[root@localhost ~]# docker rm 479549495e63
479549495e63
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
//docker rm -f 加ID
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f129d2d151f2 httpd:latest "httpd-foreground" 3 minutes ago Up 3 minutes 80/tcp amazing_easley
[root@localhost ~]# docker rm -f f129d2d151f2
f129d2d151f2
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
//docker rmi 镜像,镜像在被容器使用的时候是不能被删除的
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest 683a7aad17d3 6 weeks ago 138MB
httpd 2.4-alpine 5d779ff71c18 2 months ago 55.5MB
[root@localhost ~]# docker rmi httpd:2.4-alpine
Untagged: httpd:2.4-alpine
Untagged: httpd@sha256:17e9cafb91cbe2388a685d74c3ee2084d3bfbd144f839a5f2245b7f8ef350564
Deleted: sha256:5d779ff71c188aa6da896ffdab929ca0cb1d859dc74650e57b9d8ce2bb6debff
Deleted: sha256:7ff2770ecf5a3570c9ba55503b58520ebac9d4a1d84e5eb3b693060d337cdd69
Deleted: sha256:9a48afd4f32baa214eb8c5bdf7012db015d2b08f788e72a67034fb42154d5497
Deleted: sha256:af27dad83ccfd6e69381c331c1065c5f3673f0ffdff9497561c54dbfad8c072a
Deleted: sha256:1e8b3e8b01c784685f9aea947db87649956275ee322a06461deba37bf969ae91
Deleted: sha256:777b2c648970480f50f5b4d0af8f9a8ea798eea43dbcf40ce4a8c7118736bdcf
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest 683a7aad17d3 6 weeks ago 138MB
- docker run 直接运行一个容器;-d在后台运行
[root@localhost ~]# docker run httpd:latest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Feb 25 16:55:11.715951 2021] [mpm_event:notice] [pid 1:tid 139832154334336] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Feb 25 16:55:11.716402 2021] [core:notice] [pid 1:tid 139832154334336] AH00094: Command line: 'httpd -D FOREGROUND'
//在另一个终端上查看,正在运行
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f129d2d151f2 httpd:latest "httpd-foreground" 19 seconds ago Up 18 seconds 80/tcp amazing_easley
//docker run -d 加ID
[root@localhost ~]# docker run -d httpd:latest
7e9aac433228658270891940761d3f913405d2d98b79e150e7de57faee162cfc
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7e9aac433228 httpd:latest "httpd-foreground" 9 seconds ago Up 7 seconds 80/tcp adoring_keldysh
- docker logs 查看容器日志
[root@localhost ~]# docker logs 7e9aac433228
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Feb 25 17:01:08.595134 2021] [mpm_event:notice] [pid 1:tid 140342005355648] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Feb 25 17:01:08.595473 2021] [core:notice] [pid 1:tid 140342005355648] AH00094: Command line: 'httpd -D FOREGROUND'
//在一台终端上访问IP
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
//生成新的日志
[root@localhost ~]# docker logs 7e9aac433228
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Feb 25 17:01:08.595134 2021] [mpm_event:notice] [pid 1:tid 140342005355648] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Feb 25 17:01:08.595473 2021] [core:notice] [pid 1:tid 140342005355648] AH00094: Command line: 'httpd -D FOREGROUND'
172.17.0.1 - - [25/Feb/2021:17:04:59 +0000] "GET / HTTP/1.1" 200 45
- docker inspect 查看容器的各种信息
[root@localhost ~]# docker inspect 7e9aac433228
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
- docker info 查看docker整个的信息
[root@localhost ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 2
Server Version: 20.10.3
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
.....
.....
WARNING: No blkio weight support
WARNING: No blkio weight_device support
- docker attach 进入容器内部,但是不能操作,退出会终止容器,不推荐使用
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest 683a7aad17d3 6 weeks ago 138MB
[root@localhost ~]# docker run -d httpd
61a144d4c0400fa09d3c14ed3ef0e18cf063e277624cd42d93a9d5186e4c610f
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
61a144d4c040 httpd "httpd-foreground" 5 seconds ago Up 4 seconds 80/tcp stoic_hofstadter
//在另外一个终端查看网站
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
//进入容器可以看见有人在访问容器,但是不能进行任何操作,只可以观察,而且不方便退出
[root@localhost ~]# docker attach 61a144d4c040
172.17.0.1 - - [25/Feb/2021:17:23:21 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [25/Feb/2021:17:23:21 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [25/Feb/2021:17:23:22 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [25/Feb/2021:17:23:22 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [25/Feb/2021:17:23:23 +0000] "GET / HTTP/1.1" 200 45
- docker exec 进入容器;-it 表示交互模式,可以执行命令并且退出不会停止容器,exit退出
//后面加上bin/bash 可以执行命令
[root@localhost ~]# docker exec -it 61a144d4c040 /bin/bash
root@61a144d4c040:/usr/local/apache2# ls
bin build cgi-bin conf error htdocs icons include logs modules
root@61a144d4c040:/usr/local/apache2# cd bin/
root@61a144d4c040:/usr/local/apache2/bin# ls
ab apxs dbmmanage envvars-std htcacheclean htdigest httpd logresolve suexec
apachectl checkgid envvars fcgistarter htdbm htpasswd httxt2dbm rotatelogs
root@61a144d4c040:/usr/local/apache2# exit
exit
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
61a144d4c040 httpd "httpd-foreground" 13 minutes ago Up 5 minutes 80/tcp stoic_hofstadter
Docker event state
一个容器在某个时刻可能处于以下几种状态之一:
- created:已经被创建 (使用 docker ps -a 命令可以列出)但是还没有被启动 (使用 docker ps 命令还无法列出)
- running:运行中
- paused:容器的进程被暂停了
- restarting:容器的进程正在重启过程中
- exited:上图中的 stopped 状态,表示容器之前运行过但是现在处于停止状态(要区别于 created 状态,它是指一个新创出的尚未运行过的容器)。可以通过 start 命令使其重新进入 running 状态
- destroyed:容器被删除了,再也不存在了