目录
一、 docker简介
二、 安装docker
三、 镜像管理
四、 通过容器创建镜像
五、 通过模板创建镜像
六、 容器管理
七、 仓库管理
八、 数据管理
九、 数据卷备份恢复
十、 docker网络模式
十一、 opration not permitted
十二、 配置桥接网络
十三、 Dockerfile格式
十四、 Dockerfile示例(安装nginx)
十五、 用docker compose部署服务
十六、 docker compose示例
一、 docker简介
Docker官网: www.docker.com
github地址:https://github.com/docker/docker.github.io
docker是一种开源的容器引擎,可以让开发者打包应用以及依赖的库,然后发布到任何流行的linux发行版上,移植很方便
由go语言编写,基于apache2.0协议发布。基于linux kernel,要想在win下运行需要借助一个vm(虚拟机)来实现
自2013年开始,发展迅猛,docker从1.13x开始,版本分为社区版ce和企业版ee,并且基于年月的时间线形式,当前最新稳定版为18.06
Docker和传统的虚拟化比较
Docker的优势
启动非常快,秒级实现
资源利用率高,一台高配置服务器可以跑上千个docker容器
更快的交付和部署,一次创建和配置后,可以在任意地方运行
内核级别的虚拟化,不需要额外的hypevisor支持,会有更高的性能和效率
易迁移,平台依赖性不强
Docker容器技术与传统虚拟机技术的特性比较
Docker核心概念
Docker镜像
Docker镜像 (镜像自身是只读的。容器从镜像启动的时候,会在镜像的最上层创建一个可写层。)
Docker镜像类似于虚拟机镜像,可以将它理解为一个只读的模板。例如,一个镜像可以包含一个基本的操作系统环境,里面仅安装了Apache应用程序(或用户需要的其他软件)。可以把它称为一个Apache镜像。
Docker容器
Docker容器类似于一个轻量级的沙箱,Docker利用容器来运行和隔离应用。容器是从镜像创建的应用运行实例。可以将其启动、开始、停止、删除,而这些容器都是彼此相互隔离的、互不可见的。可以把容器看做是一个简易版的Linux系统环境(包括root用户权限、进程空间、用户空间和网络空间等)以及运行在其中的应用程序打包而成的盒子。
Docker仓库
Docker仓库类似于代码仓库,它是Docker集中存放镜像文件的场所。根据所存储的镜像公开分享与否,Docker仓库可以分为公开仓库(Public)和私有仓库(Private)两种形式。目前,最大的公开仓库是官方提供的Docker Hub,其中存放了数量庞大的镜像供用户下载。
二、 安装docker
Centos下的安装方式有以下几种
1.yum安装
// 添加docker的yum源
[root@ansiblemanaged01 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 384 0 0:00:06 0:00:06 --:--:-- 506
// 查看docker安装包
[root@ansiblemanaged01 ~]# yum list | grep docker
cockpit-docker.x86_64 172-2.el7.centos extras
containerd.io.x86_64 1.2.0-1.2.beta.2.el7 docker-ce-stable
docker.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce-selinux.noarch 17.03.3.ce-1.el7 docker-ce-stable
docker-client.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-client-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-common.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-compose.noarch 1.18.0-1.el7 epel
docker-devel.x86_64 1.3.2-4.el7.centos extras
docker-distribution.x86_64 2.6.2-2.git48294d9.el7 extras
docker-forward-journald.x86_64 1.10.3-44.el7.centos extras
docker-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-logrotate.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-v1.10-migrator.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-logrotate.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-lvm-plugin.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-novolume-plugin.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-python.x86_64 1.4.0-115.el7 extras
docker-registry.x86_64 0.9.1-7.el7 extras
docker-unit-test.x86_64 2:1.13.1-68.gitdded712.el7.centos
docker-v1.10-migrator.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
golang-github-fsouza-go-dockerclient-devel.x86_64
kdocker.x86_64 4.9-1.el7 epel
pcp-pmda-docker.x86_64 3.12.2-5.el7 base
python-docker-py.noarch 1.10.6-4.el7 extras
python-docker-pycreds.noarch 1.10.6-4.el7 extras
python-docker-scripts.noarch 0.4.4-1.el7 epel
python-dockerfile-parse.noarch 0.0.5-1.el7 epel
python2-avocado-plugins-runner-docker.noarch
python2-dockerpty.noarch 0.4.1-9.el7 epel
python34-docker.noarch 2.6.1-1.el7 epel
python34-docker-pycreds.noarch 0.2.1-1.el7 epel
python34-dockerpty.noarch 0.4.1-9.el7 epel
[root@ansiblemanaged01 ~]#
// 安装
[root@ansiblemanaged01 ~]# yum -y install docker-ce.x86_64
// 启动docker
[root@ansiblemanaged01 ~]# systemctl start docker.service
// 验证docker已经正常启动
[root@ansiblemanaged01 ~]# ps aux | grep docker
root 18106 3.1 10.3 640616 49880 ? Ssl 09:56 0:00 /usr/bin/dockerd
root 18114 3.0 5.2 473812 25400 ? Ssl 09:56 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 18256 0.0 0.2 112704 972 pts/0 S+ 09:56 0:00 grep --color=auto docker
2.脚本安装
[root@lanquark local]# wget -qO- https://get.docker.com/ | sh
或者
[root@lanquark local]# curl -fsSL https://get.docker.com/ | sh
// 启动docker,
[root@lanquark local]# systemctl start docker.service
// 验证docker已经正常启动
[root@lanquark local]# docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:03 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:29 2018
OS/Arch: linux/amd64
Experimental: false
3.从官方下载二进制包安装(安装过程略)
下载地址:https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
三、 镜像管理
1.下载镜像
// 官方的下载服务器在国外,所以可能会很慢
// 如果下载慢可以使用加速器
// 加速器配置,参考http://blog.csdn.net/xlemonok/article/details/71403534
[root@ansiblemanaged02 src]# vim /etc/docker/daemon.json
// 添加如下内容
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
}
// 上面的加速地址可以向aliyum申请
// 实验环境下载速度很快,所以没有使用加速器
[root@ansiblemanaged02 src]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
256b176beaff: Pull complete
Digest: sha256:6f6d986d425aeabdc3a02cb61c02abb2e78e57357e92417d6d58332856024faf
Status: Downloaded newer image for centos:latest
2.查看本地镜像
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5182e96772bf 5 weeks ago 200MB
3.在官方镜像仓库搜索镜像
[root@ansiblemanaged02 src]# docker search centos7
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
ansible/centos7-ansible Ansible on Centos7 116 [OK]
centos/mysql-57-centos7 MySQL 5.7 SQL database server 39
openshift/base-centos7 A Centos7 derived base image for Source-To-I… 33
centos/python-35-centos7 Platform for building and running Python 3.5… 30
centos/postgresql-96-centos7 PostgreSQL is an advanced Object-Relational … 29
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 16
openshift/jenkins-2-centos7 A Centos7 based Jenkins v2.x image for use w… 15
centos/php-56-centos7 Platform for building and running PHP 5.6 ap… 14
openshift/mysql-55-centos7 DEPRECATED: A Centos7 based MySQL v5.5 image… 6
openshift/wildfly-101-centos7 A Centos7 based WildFly v10.1 image for use … 5
openshift/nodejs-010-centos7 DEPRECATED: A Centos7 based NodeJS v0.10 ima… 4
openshift/jenkins-1-centos7 DEPRECATED: A Centos7 based Jenkins v1.x ima… 4
openshift/ruby-20-centos7 DEPRECATED: A Centos7 based Ruby v2.0 image … 3
openshift/openldap-2441-centos7 A Centos7 based OpenLDAP v2.4.41image for us… 3
openshift/php-55-centos7 DEPRECATED: A Centos7 based PHP v5.5 image f… 1
openshift/mongodb-24-centos7 DEPRECATED: A Centos7 based MongoDB v2.4 ima… 1
openshift/wildfly-110-centos7 A Centos7 based WildFly v11.0 image for use … 1
openshift/wildfly-81-centos7 A Centos7 based WildFly v8.1 image for use w… 1
openshift/wildfly-120-centos7 A Centos7 based WildFly v12.0 image for use … 1
openshift/wildfly-100-centos7 A Centos7 based WildFly v10.0 image for use … 1
fortinj66/centos7-s2i-nodejs based off of ryanj/centos7-s2i-nodejs. Bigg… 0
openshift/python-33-centos7 DEPRECATED: A Centos7 based Python v3.3 imag… 0
openshift/postgresql-92-centos7 DEPRECATED: A Centos7 based PostgreSQL v9.2 … 0
openshift/wildfly-90-centos7 A Centos7 based WildFly v9.0 image for use w… 0
openshift/perl-516-centos7 DEPRECATED: A Centos7 based Perl v5.16 image… 0
4.给镜像打标签
[root@ansiblemanaged02 src]# docker tag centos:latest centos1
[root@ansiblemanaged02 src]# docker tag centos:latest centos1:0.1
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5182e96772bf 5 weeks ago 200MB
centos1 0.1 5182e96772bf 5 weeks ago 200MB
centos1 latest 5182e96772bf 5 weeks ago 200MB
5.把镜像做为容器启动
// 把镜像启动为容器,-i表示让容器的标准输入打开,-t表示分配一个伪终端,
// -d表示后台启动,要把-i -t -d 放到镜像名字前面
[root@ansiblemanaged02 src]# docker run -itd centos
1cb1b747c37a9c6c6f7bf152943330ea3adced83aa6fbac914e3279b72d5b732
// 查看运行的容器,加上-a选项后可以查看所有容器,包括未运行的
[root@ansiblemanaged02 src]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cb1b747c37a centos "/bin/bash" 39 seconds ago Up 36 seconds happy_euler
6.删除镜像
// 删除指定镜像, 其中后面的参数可以是tag,如果是tag时,实际上是删除该tag。
// 当后面的参数为镜像ID时,则会彻底删除整个镜像,所有标签也会一同删除
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos1 0.1 5182e96772bf 5 weeks ago 200MB
centos1 latest 5182e96772bf 5 weeks ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
[root@ansiblemanaged02 src]# docker rmi centos1:0.1
Untagged: centos1:0.1
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos1 latest 5182e96772bf 5 weeks ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
[root@ansiblemanaged02 src]# docker rmi centos1:latest
Untagged: centos1:latest
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5182e96772bf 5 weeks ago 200MB
四、 通过容器创建镜像
1.进入以守护进程模式启动的docker容器
[root@ansiblemanaged02 src]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cb1b747c37a centos "/bin/bash" 22 minutes ago Up 22 minutes happy_euler
// bash为进入容器后我们要执行的命令,这样就可以打开一个终端
[root@ansiblemanaged02 src]# docker exec -it 1cb1b747c37a bash
[root@1cb1b747c37a /]#
2.对容器进行变更
// 进入到该容器中,我们做一些变更,比如安装一些东西,然后针对这个容器进行创建新的镜像
[root@1cb1b747c37a /]# yum -y install net-tools
...略...
Installed:
net-tools.x86_64 0:2.0-0.22.20131004git.el7
Complete!
// 退出容器 ctrl + d也可以
[root@1cb1b747c37a /]# exit
exit
3.基础容器创建新镜像
// -m添加描述信息,-a 添加作者
[root@ansiblemanaged02 src]# docker commit -m "install net-tools" -a "kennminn" 1cb1b747c37a centos_with_networktools:0.1
sha256:5d996fd42473881b4f75ba062077282c7618d7996edae630b910049d7734e4ff
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_networktools 0.1 5d996fd42473 8 seconds ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
4.启动新的镜像,验证
[root@ansiblemanaged02 src]# docker run -itd centos_with_networktools:0.1 bash
e7a4b84cb0b3dacda99d56de58b94c9e8d9d9050232cd91cfae800510d3bcbd4
[root@ansiblemanaged02 src]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:5fff:fe20:a08a prefixlen 64 scopeid 0x20<link>
ether 02:42:5f:20:a0:8a txqueuelen 0 (Ethernet)
RX packets 1822 bytes 89000 (86.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1881 bytes 12430303 (11.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.53 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::5aa6:a381:30f7:b274 prefixlen 64 scopeid 0x20<link>
inet6 fe80::17fc:7047:6f8c:566d prefixlen 64 scopeid 0x20<link>
inet6 fe80::d68:dd57:4b1e:ac7e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:46:6e:72 txqueuelen 1000 (Ethernet)
RX packets 426715 bytes 205541570 (196.0 MiB)
RX errors 0 dropped 185 overruns 0 frame 0
TX packets 38760 bytes 3455578 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth0e4fb45: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e8ec:6bff:fea1:dae2 prefixlen 64 scopeid 0x20<link>
ether ea:ec:6b:a1:da:e2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 578 (578.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vetha04fd76: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::c4c3:9bff:fe89:7ef prefixlen 64 scopeid 0x20<link>
ether c6:c3:9b:89:07:ef txqueuelen 0 (Ethernet)
RX packets 1822 bytes 114508 (111.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1889 bytes 12430951 (11.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
五、 通过模板创建镜像
- 下载模板
// 模板下载地址:http://openvz.org/Download/templates/precreated
// 这里已经事先下载到本地了
[root@ansiblemanaged02 src]# wget http://192.168.1.9/SCode/docker/OPENVZ%e6%a8%a1%e6%9d%bf/centos-7-x86_64-minimal.tar.gz
--2018-09-11 17:46:52-- http://192.168.1.9/SCode/docker/OPENVZ%e6%a8%a1%e6%9d%bf/centos-7-x86_64-minimal.tar.gz
Connecting to 192.168.1.9:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 145639219 (139M) [application/x-gzip]
Saving to: ‘centos-7-x86_64-minimal.tar.gz’
100%[====================================================================================>] 145,639,219 13.6MB/s in 12s
2018-09-11 17:47:05 (11.9 MB/s) - ‘centos-7-x86_64-minimal.tar.gz’ saved [145639219/145639219]
2.导入模板
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_networktools 0.1 5d996fd42473 20 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
// 导入模板
[root@ansiblemanaged02 src]# cat centos-7-x86_64-minimal.tar.gz | docker import - centos7
sha256:87ccc675584ad676317bd8db8e0733b847c4f63191bb04dde76454cd6e527c73
// 检查
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7 latest 87ccc675584a 35 seconds ago 435MB
centos_with_networktools 0.1 5d996fd42473 21 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
3.导出现有镜像
[root@ansiblemanaged02 src]# docker save -o centos7.tar centos7
[root@ansiblemanaged02 src]# ll
total 613304
-rw------- 1 root root 446124032 Sep 11 17:52 centos7.tar
-rw-r--r-- 1 root root 145639219 Sep 11 10:28 centos-7-x86_64-minimal.tar.gz
-rw-r--r-- 1 root root 36254876 Jun 9 01:48 docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
4.恢复本地镜像
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7 latest 87ccc675584a 4 minutes ago 435MB
centos_with_networktools 0.1 5d996fd42473 25 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
[root@ansiblemanaged02 src]# docker rmi centos7
Untagged: centos7:latest
Deleted: sha256:87ccc675584ad676317bd8db8e0733b847c4f63191bb04dde76454cd6e527c73
Deleted: sha256:788edba9eaa8ade63d8ba9d5747281c5da2b34b12a6c80f4dffd8ad9e05f68c1
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_networktools 0.1 5d996fd42473 26 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
// 恢复本地镜像,dokcer load --input centos7.tar也可以
[root@ansiblemanaged02 src]# docker load < centos7.tar
788edba9eaa8: Loading layer [==================================================>] 446.1MB/446.1MB
Loaded image: centos7:latest
[root@ansiblemanaged02 src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7 latest 87ccc675584a 6 minutes ago 435MB
centos_with_networktools 0.1 5d996fd42473 27 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
5.上传镜像到dockerhub官方网站
// 需要先注册一个用户, 这里还没有帐户,暂时不做上传测试
docker push image_name
六、 容器管理
1.创建容器
[root@ansiblemanaged02 ~]# docker create -it centos:latest
bd130d81d16077a7a09365b443ad024b43fce0462eee3fe887463796a1662e1d
[root@ansiblemanaged02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bd130d81d160 centos:latest "/bin/bash" 23 seconds ago Created stoic_beaver
e7a4b84cb0b3 centos_with_networktools:0.1 "bash" 4 hours ago Exited (137) 7 minutes ago priceless_banach
1cb1b747c37a centos "/bin/bash" 4 hours ago Exited (137) 7 minutes ago happy_euler
2.启动容器
[root@ansiblemanaged02 ~]# docker start 5c61bbd70614
5c61bbd70614
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c61bbd70614 centos:latest "/bin/bash" About a minute ago Up 3 seconds inspiring_hypatia
3.停止容器
[root@ansiblemanaged02 ~]# docker stop 5c61bbd70614
5c61bbd70614
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4.重启容器
[root@ansiblemanaged02 ~]# docker start 5c61bbd70614
5c61bbd70614
[root@ansiblemanaged02 ~]# docker restart 5c61bbd70614
5c61bbd70614
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c61bbd70614 centos:latest "/bin/bash" 3 minutes ago Up 11 seconds inspiring_hypatia
5.从镜像直接启动容器
[root@ansiblemanaged02 ~]# docker run -it centos7 bash
[root@8902be3365d9 /]#
// 这样进入了一个虚拟终端里面,我们可以运行一些命令,使用命令exit或者ctrl d 退出该bash,当退出后这个容器也会停止。
6.让容器在后台运行
[root@8902be3365d9 /]# exit
exit
[root@ansiblemanaged02 ~]# docker run -d centos7:latest /bin/sh -c "while true;do echo hello world;sleep 1;done"
e3ea22331fd286679c60edc90ea4266a9058b9b974c5cdf5726f244564f97d7e
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3ea22331fd2 centos7:latest "/bin/sh -c 'while t…" 31 seconds ago Up 30 seconds suspicious_mahavira
5c61bbd70614 centos:latest "/bin/bash" 9 minutes ago Up 6 minutes inspiring_hypatia
// 查看输出
[root@ansiblemanaged02 ~]# docker logs e3ea22331fd2
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
...下略...
8.给容器自定义名字
[root@ansiblemanaged02 ~]# docker run --name cs7 -itd centos7 bash
58c0702291dfd5a511cc15645882ec6bb986d9b63cc22dc01d2939d96da60743
inspiring_hypatia
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58c0702291df centos7 "bash" 15 seconds ago Up 13 seconds cs7
5c61bbd70614 centos:latest "/bin/bash" 19 minutes ago Up 15 minutes inspiring_hypatia
9.删除容器
// 自动删除容器
[root@ansiblemanaged02 ~]# docker run --rm -it centos7 bash -c "sleep 30"
[root@ansiblemanaged02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58c0702291df centos7 "bash" 2 minutes ago Up 2 minutes cs7
e3ea22331fd2 centos7:latest "/bin/sh -c 'while t…" 12 minutes ago Exited (137) 9 minutes ago suspicious_mahavira
f2a14517b032 centos7 "bash" 14 minutes ago Exited (0) 14 minutes ago affectionate_fermat
8902be3365d9 centos7 "bash" 16 minutes ago Exited (0) 14 minutes ago adoring_hypatia
5c61bbd70614 centos:latest "/bin/bash" 21 minutes ago Up 17 minutes inspiring_hypatia
bd130d81d160 centos:latest "/bin/bash" 23 minutes ago Created stoic_beaver
e7a4b84cb0b3 centos_with_networktools:0.1 "bash" 4 hours ago Exited (137) 30 minutes ago priceless_banach
1cb1b747c37a centos "/bin/bash" 5 hours ago Exited (137) 30 minutes ago happy_euler
-
10.获取到容器的运行历史信息
[root@ansiblemanaged02 ~]# docker logs 58c0702291df
[root@58c0702291df /]# rpm -q net-tools
package net-tools is not installed
[root@58c0702291df /]# yum -y install net-tools
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates
...下略...
11.进入后台运行的容器
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58c0702291df centos7 "bash" 8 minutes ago Up 8 minutes cs7
// attach命令不算好用,比如我们想要退出终端,就得exit了,这样容器也就退出了,还有一种方法
[root@ansiblemanaged02 ~]# docker attach 58c0702291df
[root@58c0702291df /]# rpm -q net-tools
package net-tools is not installed
[root@58c0702291df /]# yum -y install net-tools
[root@58c0702291df /]# exit
exit
// docker exec 命令可以临时打开一个虚拟终端,并且exit后,容器依然运行着
[root@ansiblemanaged02 ~]# docker run -itd centos
0885fa165e3e22a9dff6da2d59d916854c40896c8d61a5f252ed1fe59443c9a5
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0885fa165e3e centos "/bin/bash" 17 seconds ago Up 16 seconds eloquent_vaughan
// 开启虚拟终端
[root@ansiblemanaged02 ~]# docker exec -it 0885fa165e3e bash
[root@0885fa165e3e /]#
[root@0885fa165e3e /]# exit
exit
// 退出后容器仍在运行
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0885fa165e3e centos "/bin/bash" About a minute ago Up About a minute eloquent_vaughan
12.导出容器
[root@ansiblemanaged02 ~]# docker export 0885fa165e3e > centos_with_nettools.tar
[root@ansiblemanaged02 ~]# ls -l !$
ls -l centos_with_nettools.tar
-rw-r--r-- 1 root root 208293888 Sep 11 21:51 centos_with_nettools.tar
// 生成镜像
[root@ansiblemanaged02 ~]# cat centos_with_nettools.tar | docker import - impt_test
sha256:e3e34d378c5a338626010b742c79f95a84c4ff8bfecac6db6ae7bcffc4473481
[root@ansiblemanaged02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 10 seconds ago 200MB
centos7 latest 87ccc675584a 4 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 4 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
七、 仓库管理
1.下载register仓库
[root@ansiblemanaged02 ~]# docker run -d -p 5000:5000 registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
4064ffdc82fe: Pull complete
c12c92d1c5a2: Pull complete
4fbc9b6835cc: Pull complete
765973b0f65f: Pull complete
3968771a7c3a: Pull complete
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest
999b12c996c7d073cd55a33ca3b061d83ed3f842785c1ca5212da92f0882409d
[root@ansiblemanaged02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 2 hours ago 200MB
centos7 latest 87ccc675584a 6 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 7 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
999b12c996c7 registry "/entrypoint.sh /etc…" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp festive_brahmagupta
0885fa165e3e centos "/bin/bash" 2 hours ago Up 2 hours
2.测试访问register仓库
[root@ansiblemanaged02 ~]# curl 127.0.0.1:5000/v2/_catalog
{"repositories":[]}
3.上传镜像到私有仓库
// 标记一下tag,必须要带有私有仓库的ip:port
[root@ansiblemanaged02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 13 hours ago 200MB
centos7 latest 87ccc675584a 17 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 18 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB
[root@ansiblemanaged02 ~]# docker tag centos7 192.168.1.53:5000/centos7
[root@ansiblemanaged02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 13 hours ago 200MB
192.168.1.53:5000/centos7 latest 87ccc675584a 17 hours ago 435MB
centos7 latest 87ccc675584a 17 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 18 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB
// 把标记的镜像给推送到私有仓库
[root@ansiblemanaged02 ~]# docker push 192.168.1.53:5000/centos7
The push refers to repository [192.168.1.53:5000/centos7]
Get https://192.168.1.53:5000/v2/: http: server gave HTTP response to HTTPS client
// 第一次推送不成功,因为https要求验证。这里取消ssl
[root@ansiblemanaged02 ~]# vi /etc/docker/daemon.json
{ "insecure-registries":["192.168.1.53:5000"] }
[root@ansiblemanaged02 ~]# systemctl restart docker.service
[root@ansiblemanaged02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
999b12c996c7 registry "/entrypoint.sh /etc…" 11 hours ago Exited (2) 55 seconds ago festive_brahmagupta
0885fa165e3e centos "/bin/bash" 14 hours ago Exited (137) 45 seconds ago eloquent_vaughan
82c2e774a526 centos "/bin/bash" 14 hours ago Exited (0) 14 hours ago optimistic_saha
adae9ffd8700 centos7 "bash" 14 hours ago Exited (0) 14 hours ago xenodochial_swartz
19b16e0925e2 centos7 "bash" 14 hours ago Exited (0) 14 hours ago objective_boyd
58c0702291df centos7 "bash" 14 hours ago Exited (0) 14 hours ago cs7
[root@ansiblemanaged02 ~]# docker start 999b12c996c7
999b12c996c7
[root@ansiblemanaged02 ~]# docker start 0885fa165e3e
0885fa165e3e
// 重新推送
[root@ansiblemanaged02 ~]# docker push 192.168.1.53:5000/centos7
The push refers to repository [192.168.1.53:5000/centos7]
788edba9eaa8: Pushed
latest: digest: sha256:1a692ac0e824dce870c5f94fabeb380b56490fc2bf0b6e6254aaec6ad296d4da size: 529
// 查看推送的镜像
[root@ansiblemanaged02 ~]# curl 192.168.1.53:5000/v2/_catalog
{"repositories":["centos7"]}
八、 数据管理
1.挂载本地的目录到容器里
// -v 用来指定挂载目录,:前面的/data/为宿主机本地目录,
// :后面的/data/为容器里的目录,会在容器中自动创建
[root@ansiblemanaged02 ~]# docker run -itd -v /data/:/data centos7 bash
8abe1bdc61d36f1d86bc17db5d25b892aa70e01807759279779ad1b5309fb3b3
[root@ansiblemanaged02 ~]# docker exec -it 8abe1bdc61d3 bash
[root@8abe1bdc61d3 /]# ls
bin data etc home lib64 media opt root sbin sys usr
boot dev fastboot lib lost+found mnt proc run srv tmp var
[root@8abe1bdc61d3 /]# echo '111111' > /data/test
[root@8abe1bdc61d3 /]# exit
[root@ansiblemanaged02 ~]# cat /data/test
111111
2.挂载数据卷
// 查看之前新建共享的容器的name为objective_agnesi, name在新建容器的时候可以通过
// --name指定,否则系统会随机生成
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8abe1bdc61d3 centos7 "bash" 23 minutes ago Up 23 minutes objective_agnesi
999b12c996c7 registry "/entrypoint.sh /etc…" 42 hours ago Up 30 hours 0.0.0.0:5000->5000/tcp festive_brahmagupta
0885fa165e3e centos "/bin/bash" 44 hours ago Up 30 hours
// 挂载共享的数据卷
[root@ansiblemanaged02 ~]# docker run -itd --volumes-from objective_agnesi centos bash
c7c69d2817a989731647b1f71d19febb6701d045c11c7a8678d8f248752e591f
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c7c69d2817a9 centos "bash" 21 seconds ago Up 19 seconds wizardly_johnson
8abe1bdc61d3 centos7 "bash" 24 minutes ago Up 24 minutes objective_agnesi
999b12c996c7 registry "/entrypoint.sh /etc…" 42 hours ago Up 31 hours 0.0.0.0:5000->5000/tcp festive_brahmagupta
0885fa165e3e centos "/bin/bash" 44 hours ago Up 31 hours eloquent_vaughan
// 验证
[root@ansiblemanaged02 ~]# docker exec -it c7c69d2817a9 bash
[root@c7c69d2817a9 /]# ls /
anaconda-post.log data etc lib media opt root sbin sys usr
bin dev home lib64 mnt proc run srv tmp var
[root@c7c69d2817a9 /]# cat /data/test
111111
3.定义数据卷容器
有时候,我们需要多个容器之间相互共享数据,类似于linux里面的NFS,所以就可以搭建一个专门的数据卷容器,然后其他容器直接挂载该数据卷。
// 首先建立数据卷容器
// 注意这里的/data/是容器的/data目录,并非本地的/data/目录。
[root@ansiblemanaged02 ~]# docker run -itd -v /data/ --name container_volume centos bash
473c2b1623ec9fbaf415d11e223be570c2141ba2b16b1055a70e39034cc0bd18
// 查看名称是否为container_volume
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
473c2b1623ec centos "bash" About a minute ago Up About a minute container_volume
8abe1bdc61d3 centos7 "bash" 37 minutes ago Up 37 minutes objective_agnesi
// 然后让其他容器挂载该数据卷
[root@ansiblemanaged02 ~]# docker run -itd --volumes-from container_volume impt_test bash
af2b1fe07cb0450c8e76ec9255ecd6687729f60f0da7a814357d00d7ae353be1
[root@ansiblemanaged02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af2b1fe07cb0 impt_test "bash" 8 seconds ago Up 7 seconds elastic_nightingale
473c2b1623ec centos "bash" 4 hours ago Up 4 hours container_volume
8abe1bdc61d3 centos7 "bash" 4 hours ago Up 4 hours objective_agnesi
九、 数据卷备份恢复
1.备份
// 如果已经将数据存储到了映射的宿主机目录,直接备份宿主机目录即可
// 如未进行宿主机的目录映射,备份过程如下
// 宿主机新建备份目录
[root@ansiblemanaged02 backup]# docker run --volumes-from container_volume -v /backup/:/backup centos tar cvf /backup/data.tar /data
tar: Removing leading `/' from member names
/data/
/data/1.txt
/data/2.txt
[root@ansiblemanaged02 ~]# ls /backup/
data.tar
// 说明:首先我们需要使用container_volume数据卷新开一个容器,同时我们还需要把本地的/backup/目录挂载到
// 该容器的/backup下,这样在容器中/backup目录里面新建的文件,我们就可以直接在/backup/目录中看到了。
// 然后再把/data/目录下面的文件打包到成data.tar文件放到/backup目录下面。
2.恢复
// 思路: 先新建一个数据卷容器,再建一个新的容器并挂载该数据卷容器,然后再把tar包解包。
[root@ansiblemanaged02 backup]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a92ea19981d9 centos "bash" 14 minutes ago Up 14 minutes container_volume
af2b1fe07cb0 impt_test "bash" 41 minutes ago Up 41 minutes elastic_nightingale
8abe1bdc61d3 centos7 "bash" 5 hours ago Up 5 hours objective_agnesi
// 删除原有容器
[root@ansiblemanaged02 backup]# docker stop container_volume
container_volume
[root@ansiblemanaged02 backup]# docker rm a92ea19981d9
a92ea19981d9
// 创建数据卷容器
[root@ansiblemanaged02 backup]# docker run -itd -v /data/ --name container_volume centos bash
4dc79895eac5d90a0eab50679995703e46784543d16a269663686cbdb0400967
// 恢复
[root@ansiblemanaged02 backup]# docker run --volumes-from container_volume -v /backup/:/backup centos tar xf /backup/data.tar
[root@ansiblemanaged02 backup]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4dc79895eac5 centos "bash" 30 seconds ago Up 28 seconds container_volume
af2b1fe07cb0 impt_test "bash" 44 minutes ago Up 44 minutes elastic_nightingale
8abe1bdc61d3 centos7 "bash" 5 hours ago Up 5 hours objective_agnesi
// 验证恢复成功
[root@ansiblemanaged02 backup]# docker exec -it 4dc79895eac5 bash
[root@4dc79895eac5 /]# ls /data/
1.txt 2.txt
十、 docker网络模式
host模式,使用docker run命令时,通过选项--net=host指定,docker使用的网络实际上和宿主机一样,在容器内看到的网卡ip是宿主机ip。
container模式,使用--net=container:container_id/container_name,多个容器使用共同的网络,看到的ip是一样的
none模式,使用--net=none指定,这种模式下,不会配置任何网络
bridge模式,使用--net=bridge指定默认模式,不用指定默认就是这种网络模式。这种模式会为每个容器分配一个独立的Network Namespace。类似于vmware的nat网络模式。同一个宿主机上的所有容器会在同一个网段下,相互之间是可以通信的。
外部访问容器演示
1.这里将一个安装了nginx的容器导成一个新的镜像(centos-httpd),然后再使用新镜像创建容器
// 在一容器中安装nginx,过程略
// 以该容器为基础制作镜像
^C
[root@ansiblemanaged02 backup]# docker commit -m "install nginx" -a "hjm" 8abe1bdc61d3 centos_with_nginx
sha256:4a6315cd5829061cab339e24005a194138d97b807d9b15f3813446b5a99c68ac
[root@ansiblemanaged02 backup]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_nginx latest 4a6315cd5829 8 seconds ago 613MB
<none> <none> a20e52891eea 32 seconds ago 613MB
impt_test latest e3e34d378c5a 2 days ago 200MB
192.168.1.53:5000/centos7 latest 87ccc675584a 2 days ago 435MB
centos7 latest 87ccc675584a 2 days ago 435MB
centos_with_networktools 0.1 5d996fd42473 2 days ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB
2.使用新镜像创建容器,并指定端口映射
// -p后面也支持IP:port:ip:port 的格式,比如 -p 127.0.0.1:8080:80
// 也可以不写本地的端口,只写ip,这样会随意分配一个端口
// -p 127.0.0.1::80 注意这里是两个冒号
[root@ansiblemanaged02 backup]# docker run -itd -p 8080:80 centos_with_nginx bash
381d00bae20f06d27be927547da0ea22562607ffd8a9186141afe8ed4ac7c3c5
[root@ansiblemanaged02 backup]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 769/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 852/master
tcp6 0 0 :::8080 :::* LISTEN 33124/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 769/sshd
tcp6 0 0 ::1:25 :::* LISTEN 852/master
[root@ansiblemanaged02 backup]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
381d00bae20f centos_with_nginx "bash" 25 seconds ago Up 24 seconds 0.0.0.0:8080->80/tcp eloquent_neumann
4dc79895eac5 centos "bash" About an hour ago Up About an hour container_volume
af2b1fe07cb0 impt_test "bash" 2 hours ago Up 2 hours elastic_nightingale
8abe1bdc61d3 centos7 "bash" 6 hours ago Up 6 hours objective_agnesi
[root@ansiblemanaged02 backup]# docker exec -it 381d00bae20f bash
[root@381d00bae20f /]# systemctl start nginx
Failed to get D-Bus connection: Operation not permitted
// 解决方案
[root@381d00bae20f /]# exit
exit
[root@ansiblemanaged02 backup]# docker stop 381d00bae20f
381d00bae20f
[root@ansiblemanaged02 backup]# docker rm 381d00bae20f
381d00bae20f
// 以下列方式启动容器
[root@ansiblemanaged02 backup]# docker run -itd --privileged -e "container=docker" -p 8080:80 centos_with_nginx /usr/sbin/init
0c272e7b03c5cc940229d2184a1d87a888e1f7e6b48161e64ac1483c41e9d2e0
[root@ansiblemanaged02 backup]# docker exec -it 0c272e7b03c5cc94 bash
[root@0c272e7b03c5 /]# systemctl start nginx
[root@0c272e7b03c5 /]# netstat -nltup | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 224/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 224/nginx: master p
3.测试
// 本地访问
// 测试
</html>
[root@0c272e7b03c5 /]# curl 127.0.0.1 -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 13 Sep 2018 15:56:53 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes
// 宿主机访问
[root@ansiblemanaged02 backup]# curl 127.0.0.1:8080 -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 13 Sep 2018 15:58:26 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes
//远程主机访问
[root@ansiblemanaged01 src]# curl 192.168.1.53:8080 -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 13 Sep 2018 15:59:06 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes
十一、 配置桥接网络
为了使本地网络中的机器和Docker容器更方便的通信,我们经常会有将Docker容器配置到和主机同一网段的需求。这个需求其实很容易实现,我们只要将Docker容器和宿主机的网卡桥接起来,再给Docker容器配上IP就可以了。
// 创建网卡桥接配置文件
[root@ansiblemanaged02 network-scripts]# cp ifcfg-ens32 ifcfg-br0
[root@ansiblemanaged02 network-scripts]# vim ifcfg-br0
// 修改如下内容
TYPE=Bridge
NAME=br0
DEVICE=br0
[root@ansiblemanaged02 network-scripts]# vim ifcfg-ens32
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
DEVICE=ens32
ONBOOT=yes
#IPADDR=192.168.1.53
#PREFIX=24
#GATEWAY=192.168.1.1
#DNS1=223.5.5.5
IPV6_PRIVACY=no
#DNS2=223.6.6.6
BRIDGE=br0
"ifcfg-ens32" 21L, 350C written
[root@ansiblemanaged02 network-scripts]# systemctl restart network
[root@ansiblemanaged02 network-scripts]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.53 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:0c:29:46:6e:72 txqueuelen 1000 (Ethernet)
RX packets 26 bytes 2496 (2.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1958 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:5fff:fe20:a08a prefixlen 64 scopeid 0x20<link>
ether 02:42:5f:20:a0:8a txqueuelen 0 (Ethernet)
RX packets 22538 bytes 1274789 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30277 bytes 203018974 (193.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:46:6e:72 txqueuelen 1000 (Ethernet)
RX packets 682747 bytes 450416534 (429.5 MiB)
RX errors 0 dropped 185 overruns 0 frame 0
TX packets 70142 bytes 6836135 (6.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
...下略...
// 安装pipwork
[root@ansiblemanaged02 network-scripts]# cd pipework/
[root@ansiblemanaged02 pipework]# ll
total 60
-rw-r--r-- 1 root root 75 Sep 14 09:18 docker-compose.yml
drwxr-xr-x 2 root root 24 Sep 14 09:18 doctoc
-rw-r--r-- 1 root root 11358 Sep 14 09:18 LICENSE
-rwxr-xr-x 1 root root 14698 Sep 14 09:18 pipework
-rw-r--r-- 1 root root 827 Sep 14 09:18 pipework.spec
-rw-r--r-- 1 root root 22328 Sep 14 09:18 README.md
[root@ansiblemanaged02 pipework]# cp pipework /usr/local/bin/
// 开启一个没有网络的容器
[root@ansiblemanaged02 pipework]# docker run -itd --net=none --name centos_bri centos_with_nginx bash
61cc391d863cbd1d2825e4c3600e0f755136c55bc08d190952910f3f16c8add4
[root@ansiblemanaged02 pipework]# docker exec -it 61cc391d863cbd1 bash
[root@61cc391d863c /]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
// 设定桥接
[root@ansiblemanaged02 pipework]# pipework br0 centos_bri 192.168.1.55/24@192.168.1.1
[root@ansiblemanaged02 pipework]# docker exec -it 61cc391d863cbd1 bash
[root@61cc391d863c /]# ifconfig
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.55 netmask 255.255.255.0 broadcast 192.168.1.255
ether ba:b6:2b:8d:df:4c txqueuelen 1000 (Ethernet)
RX packets 28 bytes 6990 (6.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 42 (42.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@61cc391d863c /]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=1.51 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.04 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.048/1.282/1.516/0.234 ms
[root@61cc391d863c /]# ping www.163.com
PING www.163.com.lxdns.com (112.91.129.184) 56(84) bytes of data.
64 bytes from 112.91.129.184: icmp_seq=1 ttl=57 time=20.8 ms
^C64 bytes from 112.91.129.184: icmp_seq=2 ttl=57 time=21.1 ms
--- www.163.com.lxdns.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 20.880/21.018/21.157/0.200 ms
十二、 Dockerfile格式
1.FROM //指定基于哪个基础镜像
格式 FROM 或者 FROM
:
FROM centos
FROM centos:latest
2.MAINTAINER //指定作者信息
格式 MAINTAIN
MAINTAINER aming aming@aminglinux.com
3.RUN //镜像操作指令
格式为 RUN
RUN yum install httpd
RUN ["/bin/bash", "-c", "echo hello"]
4.CMD // 三种格式:
CMD ["executable", "param1", "param2"]
CMD command param1 param2
CMD ["param1", "param2"]
RUN和CMD看起来挺像,但是CMD用来指定容器启动时用到的命令,只能有一条。比如
CMD ["/bin/bash", "/usr/local/nginx/sbin/nginx", "-c", "/usr/local/nginx/conf/nginx.conf"]
5.EXPOSE
格式为 EXPOSE
EXPOSE 22 80 8443
这个用来指定要映射出去的端口,比如容器内部我们启动了sshd和nginx,所以我们需要把22和80端口暴漏出去。这个需要配合-P(大写)来工作,也就是说在启动容器时,需要加上-P,让它自动分配。如果想指定具体的端口,也可以使用-p(小写)来指定。
6.ENV
格式 ENV
ENV PATH /usr/local/mysql/bin:$PATH
它主要是为后续的RUN指令提供一个环境变量,我们也可以定义一些自定义的变量
ENV MYSQL_version 5.6
7.ADD 格式 add
将本地的一个文件或目录拷贝到容器的某个目录里。 其中src为Dockerfile所在目录的相对路径,它也可以是一个url。比如
ADD <conf/vhosts> </usr/local/nginx/conf>
8.COPY
格式同add
使用方法和add一样,不同的是,它不支持url
9.ENTRYPOINT 格式类似CMD
容器启动时要执行的命令,它和CMD很像,也是只有一条生效,如果写多个只有最后一条有效。和CMD不同是:
CMD 是可以被 docker run 指令覆盖的,而ENTRYPOINT不能覆盖。比如,容器名字为aming
我们在Dockerfile中指定如下CMD:
CMD ["/bin/echo", "test"]
启动容器的命令是 docker run aming 这样会输出 test
假如启动容器的命令是 docker run -it aming /bin/bash 什么都不会输出
ENTRYPOINT不会被覆盖,而且会比CMD或者docker run指定的命令要靠前执行
ENTRYPOINT ["echo", "test"]
docker run -it aming 123
则会输出 test 123 ,这相当于要执行命令 echo test 123
10.VOLUME
格式 VOLUME ["/data"]
创建一个可以从本地主机或其他容器挂载的挂载点。
11.USER
格式 USER daemon
指定运行容器的用户
12.WORKDIR
格式 WORKDIR /path/to/workdir
为后续的RUN、CMD或者ENTRYPOINT指定工作目录
十三、 Dockerfile示例(安装nginx)
1.下载nginx的配置文件
[root@lanquark ~]# mkdir container_build
[root@lanquark ~]# cd container_build/
[root@lanquark container_build]# wget http://www.apelearn.com/study_v2/.nginx_conf
--2018-09-14 15:16:48-- http://www.apelearn.com/study_v2/.nginx_conf
Resolving www.apelearn.com (www.apelearn.com)... 47.104.7.242
Connecting to www.apelearn.com (www.apelearn.com)|47.104.7.242|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1678 (1.6K) [application/octet-stream]
Saving to: ‘.nginx_conf’
100%[====================================================================================>] 1,678 --.-K/s in 0s
2018-09-14 15:16:53 (75.8 MB/s) - ‘.nginx_conf’ saved [1678/1678]
[root@lanquark container_build]# ls -a
. .. .nginx_conf
2.新建Dockerfile文件
[root@lanquark container_build]# vim Dockerfile
## Set the base image to CentOS
FROM centos
# File Author / Maintainer
MAINTAINER aming aming@aminglinux.com
# Install necessary tools
RUN yum install -y pcre-devel wget net-tools gcc zlib zlib-devel make openssl-devel
# Install Nginx
ADD http://nginx.org/download/nginx-1.8.0.tar.gz .
RUN tar zxvf nginx-1.8.0.tar.gz
RUN mkdir -p /usr/local/nginx
RUN cd nginx-1.8.0 && ./configure --prefix=/usr/local/nginx && make && make install
RUN rm -fv /usr/local/nginx/conf/nginx.conf
COPY .nginx_conf /usr/local/nginx/conf/nginx.conf
# Expose ports
EXPOSE 80
# Set the default command to execute when creating a new container
ENTRYPOINT /usr/local/nginx/sbin/nginx && tail -f /etc/passwd
3.创建镜像
[root@lanquark container_build]# docker build -t centos_nginx .
Sending build context to Docker daemon 5.12kB
Step 1/11 : FROM centos
---> 5182e96772bf
Step 2/11 : MAINTAINER aming aming@aminglinux.com
---> Running in 801ff2a17a66
Removing intermediate container 801ff2a17a66
---> b5845b5fa701
...中间略...
Step 11/11 : ENTRYPOINT /usr/local/nginx/sbin/nginx && tail -f /etc/passwd
---> Running in ee39e7614725
Removing intermediate container ee39e7614725
---> c381095f9de5
Successfully built c381095f9de5
Successfully tagged centos_nginx:latest
[root@lanquark container_build]# echo $?
0
// 可以查看新生成的镜像centos_nginx
[root@lanquark container_build]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_nginx latest c381095f9de5 2 minutes ago 364MB
centos-7 latest b9537a48e879 3 days ago 435MB
test 0.1 156fd25e15bf 3 days ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
// 以新建的镜像启动容器
[root@lanquark container_build]# docker run -itd -p 8081:80 centos_nginx bash
05872ac9cf5f24675597aebef7fe40ffbd4323a1ab356c2af3d6a83d77d48379
[root@lanquark container_build]# docker exec -it 05872ac9cf5f2 bash
[root@05872ac9cf5f /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11680 1348 pts/0 Ss+ 07:31 0:00 /bin/sh -c /usr/local/nginx/sbin/nginx && tail -f /etc/pass
root 9 0.0 0.0 24880 784 ? Ss 07:31 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 10 0.0 0.3 27324 3348 ? S 07:31 0:00 nginx: worker process
root 11 0.0 0.0 4400 348 pts/0 S+ 07:31 0:00 tail -f /etc/passwd
nobody 12 0.0 0.3 27324 3356 ? S 07:31 0:00 nginx: worker process
root 13 0.3 0.1 11820 1820 pts/1 Ss 07:31 0:00 bash
root 27 1.0 0.1 51708 1724 pts/1 R+ 07:32 0:00 ps aux
十四、 用docker compose部署服务
docker compose可以方便我们快捷高效地管理容器的启动、停止、重启等操作,它类似于linux下的shell脚本,基于yaml语法,在该文件里我们可以描述应用的架构,比如用什么镜像、数据卷、网络模式、监听端口等信息。我们可以在一个compose文件中定义一个多容器的应用(比如jumpserver),然后通过该compose来启动这个应用。
安装compose
[root@lanquark src]# curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 562 0 --:--:-- 0:00:01 --:--:-- 562
100 11.2M 100 11.2M 0 0 243k 0 0:00:47 0:00:47 --:--:-- 302k
[root@lanquark src]# chmod 755 !$
chmod 755 /usr/local/bin/docker-compose
[root@lanquark src]# docker-compose version
docker-compose version 1.22.0, build f46880fe
docker-py version: 3.4.1
CPython version: 3.6.6
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
// Compose区分Version 1和Version 2(Compose 1.6.0+,Docker Engine 1.10.0+)。Version 2支持更多的指令。Version 1没有声明版本默认是"version 1"。Version 1将来会被弃用。
十五、 docker compose示例
1.新建配置文件
[root@lanquark src]# vim docker-compose.yml
// 内容参考https://coding.net/u/aminglinux/p/yuanke_centos7/git/blob/master/25docker/docker-compose.yml
[root@lanquark src]# vim docker-compose.yml
version: "2"
services:
app1:
image: centos_nginx
ports:
- "8080:80"
networks:
- "net1"
volumes:
- /data/:/data
app2:
image: centos-7
networks:
- "net2"
volumes:
- /data/:/data1
entrypoint: tail -f /etc/passwd
networks:
net1:
driver: bridge
net2:
driver: bridge
2.使用脚本启动容器
[root@lanquark src]# docker-compose up -d
Creating network "src_net1" with driver "bridge"
Creating network "src_net2" with driver "bridge"
Creating src_app2_1 ... done
Creating src_app1_1 ... done
[root@lanquark src]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aa7d70f3b16f centos-7 "tail -f /etc/passwd" 35 seconds ago Up 34 seconds src_app2_1
cbe220f3f8ee centos_nginx "/bin/sh -c '/usr/lo…" 35 seconds ago Up 34 seconds 0.0.0.0:8080->80/tcp src_app1_1
05872ac9cf5f centos_nginx "/bin/sh -c '/usr/lo…" 4 hours ago Up 4 hours 0.0.0.0:8081->80/tcp loving_curie
// docker-compose帮助 docker-compose --help
// 常用命令docker-compose ps/down/stop/start/rm
// docker-compose语法的参考文档 :http://www.web3.xin/index/article/182.html