阿里云docker镜像地址
https://cr.console.aliyun.com vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd-current --registry-mirror=https://bqr1dr1n.mirror.aliyuncs.com systemctl daemon-reload systemctl start docker
docker命令
搜索、下载、导入、导出、删除镜像。
下载镜像:
docker pull alpine
搜索镜像:
docker search nginx
[root@linux-host1 tmp]# docker pull nginx
Using default tag: latest
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
e7bb522d92ff: Pull complete
6edc05228666: Pull complete
cd866a17e81f: Pull complete
Digest: sha256:285b49d42c703fdf257d1e2422765c4ba9d3e37768d6ea83d7fe2043dad6e63d
必须是centos7,必须是3.8以后的内核才支持
查看镜像:
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/alpine latest e21c333399e0 5 weeks ago 4.139 MB
docker.io/mobz/elasticsearch-head 5 b19a5c98e43b 12 months ago 823.9 MB
latest使用docker一般使用最新版。
导出镜像:
docker save nginx > /tmp/nginx.tar.gz
tar -xf /tmp/nginx.tar.gz
vim /tmp/mainfest.json
删除本地镜像:
docker rmi nginx
导入镜像:
docker load < /tmp/docker.tar.gz
docker默认存放路径:
/var/lib/docker/image/devicemapper/layerdb
docker采用宿主机的hosts和dns,如果需要更改,则更改宿主机:
查看帮助:
docker deamon --help
启动镜像:
docker run alpine sh #run是两个参数的结合体create+start,这样操作是没有交互的,需要添加-it终端
docker run -it alpine sh # 可以在容器中增删改查
正在运行的容器有哪些:
docker ps
Ctrl不放手同时按下p和q
查看所有的容器,在运行或者不运行的:
docker ps -a
删除容器:
#查看在运行的容器
[root@VM_0_42_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1251d34659bc alpine "sh" About a minute ago Up About a minute prickly_golick
#执行删除操作,提示需要加-f命令
[root@VM_0_42_centos ~]# docker rm 1251d34659bc
Error response from daemon: You cannot remove a running container 1251d34659bcf46ba9000fd5262b03096ec361c6f6d48768e240e85fbbe1631c. Stop the container before attempting removal or use -f
#添加-f命令进行删除
[root@VM_0_42_centos ~]# docker rm 1251d34659bc -f
1251d34659bc
#再次进行查看
[root@VM_0_42_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#删除容器并不会删除镜像,这点要记住
[root@VM_0_42_centos ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 3f8a4339aadd 13 days ago 108.5 MB
docker.io/alpine latest e21c333399e0 5 weeks ago 4.139 MB
[root@VM_0_42_centos ~]#
启动容器:
docker run -it --name mynginx nginx
查看容器的详细信息:
docker inspect nginx
访问测试:
curl 172.17.0.2
程序停止后,即删除容器:
docker run -it --rm --name mynginx nginx
注意:
[root@VM_0_42_centos ~]# docker run -it --name mynginx nginx
/usr/bin/docker-current: Error response from daemon: Conflict. The name "/mynginx" is already in use by container 3c7819fcdb2813335dfc08d2cd57e00d700ba1ea2ff34613529e27f0cf2db573. You have to remove (or rename) that container to be able to reuse that name..
See '/usr/bin/docker-current run --help'.
解决:
docker rm -f mynginx
进入已运行的容器里边:
docker attach mynginx #后边加容器名或ID,实施操作,多终端显示,不推荐
docker exec -it mynginx sh #这种方式进容器里边,推荐。
sh docker_in.sh mynginx #这种方式进入容器,不推荐
vim docker_in.sh #需要安装util-linux
#!/bin/bash
pid=`docker inspect --format "{{.State.Pid}}" $1`
nsenter -t $pid -m -u -i -n -p
放入后台运行:
docker run -it -d --name mynginx nginx
查看后台里的日志:
docker logs mynginx
docker logs -f mynginx #动态显示
docker镜像制作
docker pull centos #原始镜像是哪个,以什么镜像为基础 docker run -it centos bash #进入镜像 yum install wget -y #安装wget 先备份原有yum文件: 使用aliyun地址: https://mirrors.aliyun.com/help/centos http://mirrors.aliyun.com/help/epel wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo 安装nginx软件: yum install nginx -y #制作镜像能少装包就少装 问题: 怎么做到docker挂,容器不挂。 web可以用,数据库是使用docker暂时不推荐。 docker kill xxx #相当于kill -9 xxx docker stop xxx #相当于kill xxx ,kill -15信号,正常关闭 后台运行docker是不允许的,配置nginx的前台运行: deamon off; 镜像名: docker commit -m 'add nginx images' mynginx luchuangao/my_nginx tag号: docker commit -m 'add nginx images' mynginx luchuangao/my_nginx:V1 [root@VM_0_42_centos ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luchuangao/my_nginx V1 38f6d7671959 1 seconds ago 108.5 MB luchuangao/my_nginx latest 46eef5402b8b 32 seconds ago 108.5 MB docker.io/centos latest ff426288ea90 43 hours ago 207.2 MB docker.io/nginx latest 3f8a4339aadd 2 weeks ago 108.5 MB docker.io/alpine latest e21c333399e0 5 weeks ago 4.139 MB 执行: docker run -d --name my_nginx luchuangao/my_nginx #会找luchuangao/my_nginx latest docker run -d --name my_nginx luchuangao/my_nginx:V1 #会找luchuangao/my_nginx V1 指定执行命令: docker run -d --name my_nginx luchuangao/my_nginx nginx #这样简单的方式,不推荐 docker镜像库: https://hub.docker.com #注册开发者账号、 搜索镜像: docker search aclstack/mysql docker login https://hub.docker.com #登录账号密码 cat .docker/config.json #查看相关认证信息 获取制作的镜像ID: [root@VM_0_42_centos ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luchuangao/my_nginx V1 38f6d7671959 10 minutes ago 108.5 MB luchuangao/my_nginx latest 46eef5402b8b 10 minutes ago 108.5 MB docker.io/centos latest ff426288ea90 43 hours ago 207.2 MB docker.io/nginx latest 3f8a4339aadd 2 weeks ago 108.5 MB docker.io/alpine latest e21c333399e0 5 weeks ago 4.139 MB 加tag: #docker search aclstack docker tag 38f6d7671959 docker.io/aclstack/my_nginx 上传官方库: docker push docker.io/aclstack/my_nginx 生产建议:虚拟机和容器混着用。 # -P 随机端口映射 docker run -d --name mynginx -P nginx [root@VM_0_42_centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a52a835daa0b nginx "nginx -g 'daemon off" 24 seconds ago Up 22 seconds 0.0.0.0:32768->80/tcp mynginx docker logs -f mynginx [root@VM_0_42_centos ~]# docker run -d -P nginx b5a142545ff6ac5e8bc497b9a1c5622ff1e1ff050815b7550dd6bf368b082a6e [root@VM_0_42_centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b5a142545ff6 nginx "nginx -g 'daemon off" 5 seconds ago Up 3 seconds 0.0.0.0:32769->80/tcp boring_euler a52a835daa0b nginx "nginx -g 'daemon off" 5 minutes ago Up 4 minutes 0.0.0.0:32768->80/tcp mynginx 可以通过docker的ip加端口进行访问。
程序间互联
全IP指定端口映射启动: docker run --name mynginx -d -p 80:80 mynginx nginx 指定IP地址指定端口映射启动: docker run --name mynginx -d -p 127.0.0.1:80:80 mynginx nginx docker run --name web1 -d -p 80:80 mynginx nginx docker run --name web2 --link web1 -p 8080:80 mynginx nginx [root@VM_0_42_centos ~]# docker exec -it web2 sh sh-4.2# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 web1 03f890733091 172.17.0.3 e3f6e49bf788 sh-4.2# ping web1 PING web1 (172.17.0.2) 56(84) bytes of data. 64 bytes from web1 (172.17.0.2): icmp_seq=1 ttl=64 time=0.073 ms ^C --- web1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.073/0.073/0.073/0.000 ms 另外一个方案,使用别名: docker run -d --name web2 --link web1:shop_web -p 8080:80 mynginx nginx [root@VM_0_42_centos ~]# docker exec -it web2 sh sh-4.2# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 shop_web 03f890733091 web1 172.17.0.3 11c9b731adf9
实现跨主机互联
网络模式:
[root@VM_0_42_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fe5a4af825cf bridge bridge local
c53aca7628e1 host host local
5d381722770c none null local
bridge、host、none
桥接是默认是nat,host通信走物理网卡
只能起一个对应端口的容器
[root@VM_0_42_centos ~]# docker run --rm --net=host nginx
2018/01/14 11:53:36 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/01/14 11:53:36 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
none是本地回环。
[root@VM_0_42_centos ~]# docker run -it --rm --net=none alpine sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
ExecStart=/usr/bin/dockerd-current --registry-mirror=https://bqr1dr1n.mirror.aliyuncs.com --bip=172.17.42.1/16
systemctl daemon-reload
systemctl restart docker
ExecStart=/usr/bin/dockerd-current --registry-mirror=https://bqr1dr1n.mirror.aliyuncs.com --bip=172.17.42.1/16
systemctl daemon-reload
systemctl restart docker
docker run -it --name node1 centos bash
yum install net-tools -y
docker run -it --name node2 centos bash
yum install net-tools -y
tcpdump -i eth0 -vnn icmp
添加路由:
route add -net 172.17.42.0/24 gw 10.31.0.42
tcpdump -i eth0 -vnn icmp
tcpdump -i docker0 -vnn icmp
ping -c 1 172.17.0.1
备注ttl
docker数据管理
1、数据卷
2、数据卷容器
docker rm -fv xxx 删除数据卷,必须加-v,不然数据始终保存 数据卷: [root@VM_0_42_centos ~]# docker run -it --name node --rm -v /data centos bash [root@8c5cffd7efd6 /]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/docker-253:1-451355-b997cafbd632109e323f54d24b66323c39b7c70d7410ade1302672556dbe9fcc 10G 250M 9.8G 3% / tmpfs 3.9G 0 3.9G 0% /dev tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup /dev/vda1 50G 3.5G 44G 8% /data shm 64M 0 64M 0% /dev/shm 它占用的是宿主机的根目录: [root@VM_0_42_centos ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/vda1 50G 3.5G 44G 8% / devtmpfs 3.9G 0 3.9G 0% /dev tmpfs 3.9G 24K 3.9G 1% /dev/shm tmpfs 3.9G 13M 3.9G 1% /run tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup tmpfs 783M 0 783M 0% /run/user/0 目录项目之间的映射挂载,到opt目录下【推荐】: [root@VM_0_42_centos opt]# docker run -it --name node --rm -v /opt/:/opt/ centos bash [root@4b412bc2cee2 /]# cd /opt/ [root@4b412bc2cee2 opt]# ls docker_test rh [root@4b412bc2cee2 opt]# touch aa 通过宿主机查看opt目录: [root@VM_0_42_centos ~]# cd /opt/ [root@VM_0_42_centos opt]# ls aa docker_test rh 文件相互之间的映射挂载: [root@VM_0_42_centos opt]# docker run -it --name node --rm -v /etc/hosts:/opt/hosts centos bash [root@f10decf1d2ea /]# cat /opt/hosts 127.0.0.1 localhost localhost.localdomain VM_0_42_centos 设置只读权限: [root@VM_0_42_centos opt]# docker run -it --name node --rm -v /etc/hosts:/opt/hosts:ro centos bash [root@168eed494898 /]# echo "123" >> /opt/hosts bash: /opt/hosts: Read-only file system 数据卷容器: docker run -it --name node01 -v /opt/:/opt/ centos bash [root@VM_0_42_centos opt]# docker run -it --name node01 --volumes-from node centos bash #--volumes-from 数据卷来自于node [root@4e7a39c2e0ea /]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/docker-253:1-451355-463759ca740da3920cd22536aa22f190d99a59b9886c19b0d9e06ffc176ff29c 10G 250M 9.8G 3% / tmpfs 3.9G 0 3.9G 0% /dev tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup /dev/vda1 50G 3.5G 44G 8% /opt shm 64M 0 64M 0% /dev/shm [root@VM_0_42_centos opt]# docker stop node [root@VM_0_42_centos opt]# docker exec -it node01 bash [root@4e7a39c2e0ea /]# cd /opt/ [root@4e7a39c2e0ea opt]# touch bb [root@VM_0_42_centos opt]# docker ps -a [root@VM_0_42_centos opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4e7a39c2e0ea centos "bash" 2 minutes ago Up 2 minutes node01 16f601cdd68a centos "bash" 3 minutes ago Exited (137) About a minute ago node [root@VM_0_42_centos opt]# docker rm node node [root@VM_0_42_centos opt]# docker exec -it node01 bash [root@4e7a39c2e0ea /]# cd /opt/ [root@4e7a39c2e0ea opt]# ls aa bb docker_test rh [root@4e7a39c2e0ea opt]# rm aa rm: remove regular empty file 'aa'? y [root@4e7a39c2e0ea opt]# 彻底删除数据卷数据: [root@VM_0_42_centos opt]# docker rm -fv node01 node01