-
IPC:进程间通信ƒ
-
user隔离是在内核3.8+以上才实现
centos初始化配置docker
uname -a
cat /etc/redhat-release
getenforce
systemctl status firewalld
systemctl stop firewalld
cat /etc/yum.repos.d/CentOS-Base.repo
yum list docker --show-duplicates
yum install yum-utils -y
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --show-duplicates
yum install docker-ce -y
systemctl enable docker
systemctl start docker
docker info
[root@huan ~]# vim /etc/docker/daemon.json
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.91.245.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
参数 | 作用 |
---|---|
graph | 工作目录 |
storage-driver | 存储驱动 |
insecure-registries | 私有仓库 |
registry-mirrors | 镜像源 |
bip | docker地址网段,中间两位 改成和IP地址后两个 方便排查 |
exec-opts | 额外的参数,cgroupdriver设置成systemd |
live-restore | 配置成true 当docker服务挂掉后,docker容器还能存活 不依赖于docker服务本身 |
docker容器、镜像、仓库之间的关系
创建hub.docker.com账号
[root@huan ~]# docker login docker.io
[root@huan ~]# docker search alpine
[root@huan ~]# docker pull alpine
只是删除标签
[root@huan ~]# docker rmi docker.io/xxxxxxxxxxxx/alpine:latest
Untagged: xxxxxxxxxxxx/alpine:latest
删除镜像需要带上镜像id
docker rmi a24bb4013296
Error response from daemon: conflict: unable to delete a24bb4013296 (must be forced) - image is referenced in multiple repositories
# 有其他镜像关联到此镜像,加上-f是强制删除
docker rmi -f a24bb4013296
Untagged: alpine:latest
Untagged: alpine@sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Untagged: xxxxxxxxxxxx/alpine:v3.10.3
Untagged: xxxxxxxxxxxx/alpine:v3.10.3
Untagged: xxxxxxxxxxxx/alpine@sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Deleted: sha256:a24bb4013296f61e89ba57005a7b3e52274d8edd3ae2077d04395f806b63d83e
Deleted: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a
从自己的镜像仓库下载下来
[root@huan ~]# docker pull docker.io/xxxxxxxxxxxx/alpine:latest
docker镜像特性
AUSS
如果base image很大,每次变更的增量部分很小, 1个G那也能接受,镜像绝对大小毫无意义。
启动容器(运行镜像)
[root@huan ~]# docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
OPTIONS选项
-i:表示启动一个可交互的容器,并持续打开标准输入
-t:表示使用终端关联到容器的标准输入上输出
-d:表示将容器放置后台运行
-p:表示容器运行时所需要的端口号
-v:表示需要将容器运行时所需要挂载到宿主机的目录
--rm:退出后即删除容器
--name:给容器自定义一个唯一名称,如果不指定随机生成一个名字
IMAGE:表示要运行的镜像
COMMAND:表示启动容器时要运行的命令
启动
[root@huan ~]# docker run -it xxxxxxxxxxxx/alpine
/ # cat /etc/issue
Welcome to Alpine Linux 3.12
Kernel
on an m (l)
/ # exit
[root@huan ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
68376c046405 xxxxxxxxxxxx/alpine "/bin/sh" 33 seconds ago Up 33 seconds intelligent_leakey
[root@huan ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
68376c046405 xxxxxxxxxxxx/alpine "/bin/sh" 2 minutes ago Exited (0) 5 seconds ago intelligent_leakey
[root@huan ~]# docker run --rm xxxxxxxxxxxx/alpine:latest /bin/echo hello
hello
# 批量删除已退出的容器
[root@huan ~]# for i in `docker ps -a|grep -i exit|awk '{print $1}'`;do docker rm -f $i;done
docker容器有自己的文件系统树,做了文件系统之间的隔离,文件隔离,网络隔离,ipc隔离等等
[root@huan ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine 3.10.1 b7b28af77ffe 13 months ago 5.58MB
提交容器
[root@huan ~]# docker commit
[root@huan ~]# docker commit -p myalpine oldboy1103/alpine:v3.10.3_with_1.txt
固化到只读层了
docker导出镜像到宿主机
[root@huan ~]# docker save b7b28af77ffe > alpine:v3.10.3_with_1.txt.tar
[root@huan ~]# ll
-rw-r--r-- 1 root root 5852160 8月 15 20:03 alpine:v3.10.3_with_1.txt.tar
导入镜像
[root@huan ~]# docker load < alpine:v3.10.3_with_1.txt.tar
[root@huan ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> b7b28af77ffe 13 months ago 5.58MB
使用docker images发现REPOSITORY和TAG都是none,使用tag即可打标签
[root@huan ~]# docker tag b7b28af77ffe oldboy1103/alpine:v3.10.3_with_1.txt
[root@huan ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy1103/alpine v3.10.3_with_1.txt b7b28af77ffe 13 months ago 5.58MB
把标准输出重定向到日志
docker run hello-world 2>&1 >>/dev/null
查看日志,不加-f也可以
docker logs -f 容器镜像ID
docker容器的高级操作
不是因为难,而是因为特别重要。
下载nginx
[root@huan ~]# docker pull nginx:1.12.2
[root@huan ~]# docker tag 4037a5562b03 oldboy1103/nginx:v1.12.2
[root@huan ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldboy1103/alpine v3.10.3_with_1.txt b7b28af77ffe 13 months ago 5.58MB
nginx 1.12.2 4037a5562b03 2 years ago 108MB
oldboy1103/nginx v1.12.2 4037a5562b03 2 years ago 108MB
端口映射,容器外端口:容器内端口
[root@huan ~]# docker run --rm --name mynginx -d -p81:80 oldboy1103/nginx:v1.12.2
下载百度首页进行演示
[root@huan ~]# mkdir html
[root@huan html]# wget www.baidu.com -O index.html
[root@huan html]# docker run -d --rm --name nginx_with_baidu -d -p82:80 -v /root/html:/usr/share/nginx/html oldboy1103/nginx:v1.12.2
inspect命令
docker inspect 容器ID
容器传递环境变量
[root@huan ~]# docker run --rm -e E_OPTS=abcdefg oldboy1103/alpine:latest printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=b6759d28963f
E_OPTS=abcdefg
HOME=/root
进入容器
[root@huan ~]# docker exec -ti nginx_with_baidu /bin/bash
root@0ffcc450e2f6:/# tee /etc/apt/sources.list << EOF
> deb http://mirrors.163.com/debian/ jessie main non-free contrib
> deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
> EOF
deb http://mirrors.163.com/debian/ jessie main non-free contrib
deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
root@0ffcc450e2f6:/# apt-get update && apt-get install curl -y
开始固化
[root@huan ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0ffcc450e2f6 oldboy1103/nginx:v1.12.2 "nginx -g 'daemon of…" 5 minutes ago Up 4 minutes 0.0.0.0:82->80/tcp nginx_with_baidu
[root@huan ~]# docker commit -p 0ffcc450e2f6 xxxxxxxxxxxx/nginx:curl
[root@huan ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
xxxxxxxxxxxx/nginx curl 6f10e7047510 2 minutes ago 136MB
[root@huan ~]# docker push xxx/nginx:curl
The push refers to repository [docker.io/xxxxxxxxxxxx/nginx]
761966e456bc: Pushed
4258832b2570: Mounted from library/nginx
mounted在push的时候,就会从公网的library/nginx中mount过来一层,这样就会节省网络流量z
容器内安装软件(工具)
生产干货:公司用的容器最多的发行版本是debian系,生产上大量的都是用的debian系,反而红帽系很少,包括老外。