Docker镜像容器及基础操作
docker概述
Docker 是一个开源容器项目,诞生于 2013 年初,最初是 dotCloud 公司内部的一个业余项目。基于 Google公司推出的 Go 语言实现。 项目后来加入了 Linux 基金会,遵从了 Apache 2.0 协议,项目代码在 GitHub上进行维护。
Docker 自开源后受到广泛的关注和讨论,以至于 dotCloud 公司后来都改名为 Docker Inc。Redhat 已经在其 RHEL6.5 中集中支持 Docker;Google 也在其 PaaS 产品中广泛应用。
Docker 项目的目标是实现轻量级的操作系统虚拟化解决方案。 Docker 的基础是 Linux 容器(LXC)等技术。在 LXC 的基础上 Docker 进行了进一步的封装,让用户不需要去关心容器的管理,使得操作更为简便。用户操作 Docker 的容器就像操作一个快速轻量级的虚拟机一样简单。
左边是传统虚拟化技术实现的示例图,右边是容器虚拟化技术的示例图。
左边传统的虚拟化技术,底层是服务器硬件,硬件上运行宿主机的操作系统,在宿主机的操作系统之上,虚拟化出虚拟硬件设备,在虚拟硬件之上运行虚拟化操作系统,再在虚拟的操作系统之上运行应用服务。而中间这段,虚拟化出来的操作系统大大占用了服务器的硬件资源。
而容器虚拟化技术就不同了,我们看一下右边这张图。在底层硬件上运行宿主机操作系统,在宿主机上运行docker引擎,无需虚拟化硬件,也不用操作系统,而是直接运行容器,提供所需的应用服务,大大减降低了服务器资源的占用。
作为一种新兴的虚拟化方式, Docker 跟传统的虚拟化方式相比具有众多的优势。首先, Docker 容器的启动可以在秒级实现, 这相比传统的虚拟机方式要快得多。 其次, Docker 对系统资源的利用率很高, 一台主机上可以同时运行数千个 Docker 容器。
容器除了运行其中应用外, 基本不消耗额外的系统资源, 使得应用的性能很高, 同时系统的开销尽量小。传统虚拟机方式运行 10 个不同的应用就要起 10 个虚拟机, 而Docker 只需要启动 10 个隔离的应用即可。
二、Docker的优点
1、快速的交付和部署
对开发和运维(devop)人员来说,最希望的就是一次创建或配置,可以在任意地方正常运行。开发者可以使用一个标准的镜像来构建一套开发容器,开发完成之后,运维人员可以直接使用这个容器来部署代码。 Docker 可以快速创建容器,快速迭代应用程序,并让整个过程全程可见,使团队中的其他成员更容易理解应用程序是如何创建和工作的。 Docker 容器很轻很快!容器的启动时间是秒级的,大量地节约开发、测试、部署的时间。
2、更高效的虚拟化
Docker 容器的运行不需要额外的管理系统支持,它是内核级的虚拟化,因此可以实现更高的性能和效率。
3、更轻松的迁移和扩展
Docker 容器几乎可以在任意的平台上运行,包括物理机、虚拟机、公有云、私有云、个人电脑、服务器等。 这种兼容性可以让用户把一个应用程序从一个平台直接迁移到另外一个。
4、简单的管理
使用 Docker,只需要小小的修改,就可以替代以往大量的更新工作。所有的修改都以增量的方式被分发和更新,从而实现自动化并且高效的管理。
对比传统虚拟机
特性 | 容器 | 虚拟机 |
启动 | 秒级 | 分钟级 |
硬盘使用 | 一般为MB | 一般为GB |
系统支持量 | 单机支持上千个容器 | 一般为几十个 |
性能 | 接近原生 | 弱于 |
三、Docker的基本概念
1、镜像(Image)
Docker 镜像就是一个只读的模板。例如:一个镜像可以包含一个完整的 ubuntu 操作系统环境,里面仅安装了 Apache 或用户需要的其它应用程序。
镜像可以用来创建 Docker 容器。Docker 提供了一个很简单的机制来创建镜像或者更新现有的镜像,用户甚至可以直接从其他人那里下载一个已经做好的镜像来直接使用。
2、容器(Container)
Docker 利用容器来运行应用。容器是从镜像创建的运行实例。它可以被启动、开始、停止、删除。每个容器都是相互隔离的、保证安全的平台。可以把容器看做是一个简易版的 Linux 环境(包括root用户权限、进程空间、用户空间和网络空间等)和运行在其中的应用程序。
*注:镜像是只读的,容器在启动的时候创建一层可写层作为最上层。
3、仓库(Repository)
仓库是集中存放镜像文件的场所。有时候会把仓库和仓库注册服务器(Registry)混为一谈,并不严格区分。实际上,仓库注册服务器上往往存放着多个仓库,每个仓库中又包含了多个镜像,每个镜像有不同的标签(tag)。仓库分为公开仓库(Public)和私有仓库(Private)两种形式。最大的公开仓库是 Docker Hub,存放了数量庞大的镜像供用户下载。 国内的公开仓库包括 Docker Pool等,可以提供大陆用户更稳定快速的访问。当然,用户也可以在本地网络内创建一个私有仓库。当用户创建了自己的镜像之后就可以使用 push 命令将它上传到公有或者私有仓库,这样下次在另外一台机器上使用这个镜像时候,只需要从仓库上 pull 下来就可以了。
*注:Docker 仓库的概念跟 Git 类似,注册服务器可以理解为 GitHub 这样的托管服务。
四、Docker的安装
1、Windows安装Docker(作为了解)
本次选用win7系统安装,虚拟硬件如下:
运行DockerToolbox-1.11.2
一路下一步
所有都安装
点击完成
运行Docker Quickstart Terminal
2、Linux安装Docker
安装环境:CentOS-7.2 1511 x86_64位操作系统,kernel 3.10.0
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="no"
IPV6_DEFROUTE="no"
IPV6_PEERDNS="no"
IPV6_PEERROUTES="no"
IPV6_FAILURE_FATAL="no"
UUID="532635cd-06e8-4371-a509-db91e5e002d8"
DEVICE=" eno16777736"
NAME=" eno16777736"
ONBOOT="yes"
IPADDR=192.168.200.11
NETMASK=255.255.255.0
GATEWAY=192.168.200.1
DNS1=202.106.0.20
安装前准备:
[root@localhost ~]# systemctl restart network.service //重启网络服务
[root@localhost ~]# systemctl stop firewilld.service //临时关闭防火墙
[root@localhost ~]# systemctl disable firewilld.service //永久关闭防火墙
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config
7 SELINUX=disabled
启动一个服务:systemctl start firewalld.service
关闭一个服务:systemctl stop firewalld.service
重启一个服务:systemctl restart firewalld.service
显示一个服务的状态:systemctl status firewalld.service
在开机时启用一个服务:systemctl enable firewalld.service
在开机时禁用一个服务:systemctl disable firewalld.service
查看服务是否开机启动:systemctl is-enabled firewalld.service;echo $?
查看已启动的服务列表:systemctl list-unit-files|grep enabled
保证可以访问互联网
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data.
64 bytes from 61.135.169.125: icmp_seq=1 ttl=57 time=3.61 ms
64 bytes from 61.135.169.125: icmp_seq=2 ttl=57 time=3.33 ms
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir bak
[root@localhost yum.repos.d]# mv *.repo bak
[root@localhost yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost yum.repos.d]# yum clean all && yum makecache
[root@localhost ~]# yum -y install docker
启动docker并设置开机启动
[root@localhost ~]# systemctl start docker.service
[root@localhost ~]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
3、Docker基础命令
1、docker search //从Docker Hub搜索镜像
用法: docker search TERM
参数:
--automated=false 仅显示自动创建的镜像
--no-trunc=false 输出信息不截断显示
-s, --stars=0 指定仅显示评价为指定星级以上的镜像
[root@localhost ~]# docker search centos
[root@localhost ~]# docker search -s 500 nginx //搜索星级为500以上的镜像
2、docker info //查看当前信息
[root@localhost ~]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.10.3
Storage Driver: devicemapper
Pool Name: docker-253:0-68034649-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 11.8 MB
Data Space Total: 107.4 GB
Data Space Available: 51.84 GB
Metadata Space Used: 581.6 kB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.147 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on
_loop_devices=true` to suppress this warning. Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2015-10-14)
Execution Driver: native-0.2
Logging Driver: journald
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 2
CPUs: 1
Total Memory: 1.939 GiB
Name: docker
ID: J4TT:AUQW:BFFD:PW7W:FHJP:4NHU:XBI7:KO46:247Z:IGJM:EXIO:ZR6Z
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Registries: docker.io (secure)
3、docker pull //下载镜像
[root@localhost ~]# docker pull docker.io/nginx
Using default tag: latest
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
51f5c6a04d83: Pull complete
a3ed95caeb02: Pull complete
51d229e136d0: Pull complete
bcd41daec8cc: Pull complete
Digest: sha256:0fe6413f3e30fcc5920bc8fa769280975b10b1c26721de956e1428b9e2f29d04
Status: Downloaded newer image for docker.io/nginx:latest
4、docker push //上传镜像
[root@localhost ~]# docker push crushlinux/nginx //没有crushlinux仓库上传失败
Do you really want to push to public registry? [y/n]: n
Nothing pushed.
5、docker images //显示当前系统镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/nginx latest 89732b811e7f 3 weeks ago 182.7 MB
6、cat 本地容器快照名 |docker import - 自定义容器名:自定义标记名 //导入本地容器快照
[root@localhost ~]# ls
anaconda-ks.cfg centos.tar mysql5.tar nginx.tar tomcat.tar
[root@localhost ~]# cat centos.tar |docker import - centos:1
sha256:f4581438dc0c3261dd2396eeaa5b47fbc5d6df504ac9c0f91c9bba5159348009
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 1 f4581438dc0c 16 seconds ago 196.7 MB
7、docker run //运行一个容器,-i 交互式,-t 获得一个终端,-d 守护进程形式运行
[root@localhost ~]# docker run -it centos:1 /bin/bash
[root@4ce4920e7c4f /]# exit
[root@localhost ~]# docker run -d centos:1 /bin/bash -c "while :; do echo hello; sleep 1; done"
359f023ec2fd4d775f6c7336803f7b53e48dd669447f74797f6a6de6b733db73
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
359f023ec2fd centos:1 "/bin/bash -c 'while " 19 seconds ago Up 17 seconds boring_hypatia
[root@localhost ~]# docker logs 359 //查看容器内标准输出的内容
hello
hello
hello
hello
hello
……
8、退出容器
(1)exit 或 ctrl + d //退出并停止容器
(2)先按ctrl + p 再按 ctrl + q //退出伪终端,容器后台运行
[root@localhost ~]# docker run -it centos:1 /bin/bash
[root@b1ecd7068048 /]# ctrl +p ;ctrl+q
[root@localhost ~]#
[root@localhost ~]# docker attach b1e //输入容器ID,若没有重名的,输入第一个字母即可
[root@b1ecd7068048 /]#
9、docker ps //查看容器,-a 查看所有容器,-q 只查看容器ID
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
359f023ec2fd centos:1 "/bin/bash -c 'while " 5 minutes ago Up 5 minutes boring_hypatia
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1ecd7068048 centos:1 "/bin/bash" 3 minutes ago Exited (0) 5 seconds ago sick_bhabha
359f023ec2fd centos:1 "/bin/bash -c 'while " 5 minutes ago Up 5 minutes boring_hypatia
4ce4920e7c4f centos:1 "/bin/bash" 6 minutes ago Exited (0) 5 minutes ago tender_spence
[root@localhost ~]# docker ps -q
359f023ec2fd
10、docker rm //删除一个容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1ecd7068048 centos:1 "/bin/bash" 5 minutes ago Exited (0) About a minute ago sick_bhabha
359f023ec2fd centos:1 "/bin/bash -c 'while " 7 minutes ago Up 7 minutes boring_hypatia
4ce4920e7c4f centos:1 "/bin/bash" 8 minutes ago Exited (0) 7 minutes ago tender_spence
[root@localhost ~]# docker rm 4ce
4ce
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1ecd7068048 centos:1 "/bin/bash" 5 minutes ago Exited (0) About a minute ago sick_bhabha
359f023ec2fd centos:1 "/bin/bash -c 'while " 7 minutes ago Up 7 minutes boring_hypatia
11、docker rmi //删除一个或多个镜像,-f 强制删除
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 1 f4581438dc0c 10 minutes ago 196.7 MB
[root@localhost ~]# docker rmi centos:1
Failed to remove image (centos:1): Error response from daemon: conflict: unable to remove repository reference "centos:1" (must force) - container 359f023ec2
fd is using its referenced image f4581438dc0c
[root@localhost ~]# docker rmi -f centos:1
Untagged: centos:1
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
12、docker create //创建一个容器,但不运行
[root@localhost ~]# docker create -it centos:1 /bin/bash
53da7cba59946628305c763ba2162c30759c5b38f55a733fc700ed41ef9b3029
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53da7cba5994 centos:1 "/bin/bash" 36 seconds ago Created suspicious_kilby
b1ecd7068048 f4581438dc0c "/bin/bash" 24 minutes ago Exited (0) 21 minutes ago sick_bhabha
359f023ec2fd f4581438dc0c "/bin/bash -c 'while " 26 minutes ago Up 26 minutes boring_hypatia
13、docker start|stop|restart|kill //运行已停止的容器|停止一个正在运行的容器|重启一个容器|杀死一个正在运行的容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53da7cba5994 centos:1 "/bin/bash" About a minute ago Created suspicious_kilby
b1ecd7068048 f4581438dc0c "/bin/bash" 25 minutes ago Exited (0) 22 minutes ago sick_bhabha
359f023ec2fd f4581438dc0c "/bin/bash -c 'while " 28 minutes ago Up 28 minutes boring_hypatia
[root@localhost ~]# docker start b1e
b1e
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53da7cba5994 centos:1 "/bin/bash" 2 minutes ago Created suspicious_kilby
b1ecd7068048 f4581438dc0c "/bin/bash" 26 minutes ago Up 1 seconds sick_bhabha
359f023ec2fd f4581438dc0c "/bin/bash -c 'while " 28 minutes ago Up 28 minutes boring_hypatia
[root@localhost ~]# docker stop b1e
b1e
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53da7cba5994 centos:1 "/bin/bash" 3 minutes ago Created suspicious_kilby
b1ecd7068048 f4581438dc0c "/bin/bash" 27 minutes ago Exited (137) 8 seconds ago sick_bhabha
359f023ec2fd f4581438dc0c "/bin/bash -c 'while " 29 minutes ago Up 29 minutes boring_hypatia
[root@localhost ~]# docker kill 359
359
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53da7cba5994 centos:1 "/bin/bash" 3 minutes ago Created suspicious_kilby
b1ecd7068048 f4581438dc0c "/bin/bash" 28 minutes ago Exited (137) 52 seconds ago sick_bhabha
359f023ec2fd f4581438dc0c "/bin/bash -c 'while " 30 minutes ago Exited (137) 2 seconds ago boring_hypatia
14、docker save |load //存储镜像|载入镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 1 bdd1f8043fec 5 minutes ago 196.7 MB
[root@localhost ~]# docker save -o centos-6.5.tar centos:1
[root@localhost ~]# ls
anaconda-ks.cfg centos-6.5.tar centos.tar mysql5.tar nginx.tar tomcat.tar
[root@localhost ~]# docker rmi centos:1
Failed to remove image (centos:1): Error response from daemon: conflict: unable to remove repository reference "centos:1" (must force) - container 53da7cba59
94 is using its referenced image bdd1f8043fec
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53da7cba5994 centos:1 "/bin/bash" 10 minutes ago Created suspicious_kilby
b1ecd7068048 f4581438dc0c "/bin/bash" 34 minutes ago Exited (137) 7 minutes ago sick_bhabha
[root@localhost ~]# docker stop 53da7cba5994
53da7cba5994
[root@localhost ~]# docker rm 53da7cba5994
53da7cba5994
[root@localhost ~]# docker rm b1ecd7068048
b1ecd7068048
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker rmi centos:1
Untagged: centos:1
Deleted: sha256:bdd1f8043fec96ffc95b121f6d19ba0504467788598ec1c8553e19c0549c92a7
Deleted: sha256:d9dba0848bcd83558f89fcb0533f7095d769ac7245a7f2f8682773049b1ffed8
[root@localhost ~]# docker load < centos-6.5.tar
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 1 bdd1f8043fec 14 minutes ago 196.7 MB
15、docker export //导出容器快照
[root@localhost ~]# docker load < centos-6.5.tar
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED
centos 1 bdd1f8043fec 14 minutes ago
[root@localhost ~]# docker run -it centos:1 /bin/bash
[root@75ef62770df1 /]# touch aaa
[root@75ef62770df1 /]# ls
aaa dev lib media proc sbin tmp
anaconda-post.log etc lib64 mnt root srv usr
bin home lost+found opt run sys var
[root@75ef62770df1 /]# exit
exit
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
75ef62770df1 centos:1 "/bin/bash" 53 seconds ago Exited (0) 22 seconds ago reverent_fermi
[root@localhost ~]# docker export -o centos-aaa.tar 75e
[root@localhost ~]# ls
anaconda-ks.cfg centos-6.5.tar centos-aaa.tar centos.tar mysql5.tar nginx.tar tomcat.tar
[root@localhost ~]# cat centos-aaa.tar |docker import - centos-aaa
sha256:958391d905c7d52276fa36ec4ce916a1914b2b05688a7d8f99ef9a758f2053e8
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-aaa latest 958391d905c7 8 seconds ago 196.7 MB
centos 1 bdd1f8043fec 17 minutes ago 196.7 MB
[root@localhost ~]# docker run -it centos-aaa /bin/bash
[root@bbde5e27f8fa /]# ls
aaa anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@bbde5e27f8fa /]# exit
exit
4、创建私有仓库
仓库(Repository)是集中存放镜像的地方。
注册服务器才是存放仓库具体的服务器(Registry),每个服务器上都可以放置多个仓库,而每个仓库下可以放置多个镜像,每个镜像上可以运行多个容器,每个容器上可以跑一个应用或应用组。
仓库自身可以分为:公共仓库和私有仓库
比如共有仓库: http://hub.docker.com 或国内的: dl.dockerpool.com
安装docker后,可以通过官方提供的registry镜像来简单搭建一套本地仓库环境
[root@localhost ~]# vim /etc/sysconfig/docker
23 # INSECURE_REGISTRY='--insecure-registry'
24 INSECURE_REGISTRY='--insecure-registry 192.168.200.11:5000' //添加
[root@localhost ~]# systemctl restart docker.service
方法一:
[root@localhost ~]# docker run -d -p 5000:5000 registry
Unable to find image 'registry:latest' locally
Trying to pull repository docker.io/library/registry ... latest: Pulling from library/registry
92ec6d044cb3: Pull complete
2ef91804894a: Pull complete
f80999a1f330: Pull complete
6cc0fc2a5ee3: Pull complete
b1b7b289cac8: Pull complete
e069a62e38e4: Pull complete
c0c46f77fcda: Pull complete
cf2862c72200: Pull complete
03c1b93c72ce: Pull complete
2ac83b3fc6bb: Pull complete
389485c88f53: Pull complete
21e4836796d3: Pull complete
35496fe90d67: Pull complete
061610023430: Pull complete
Digest: sha256:f374c0d9b59e6fdf9f8922d59e946b05fbeabaed70b0639d7b6b524f3299e87b
Status: Downloaded newer image for docker.io/registry:latest
653df2114c34351390466c4201d7bc24fb55fae9ffb24a6c46f9ceccd81bcd7e
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
……
docker.io/registry latest 061610023430 5 months ago 422.8 MB
方法二:
[root@localhost ~]# mkdir -pv /opt/data/registry
mkdir: 已创建目录 "/opt/data"
mkdir: 已创建目录 "/opt/data/registry"
[root@localhost ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry
通过这种方式可以将上传的镜像放到本地的: /opt/data/registry
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
653df2114c34 registry "docker-registry" 9 minutes ago Exited (0) 2 minutes ago cocky_perlman
[root@localhost ~]# docker start 653
653
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
653df2114c34 registry "docker-registry" 11 minutes ago Up 3 seconds 0.0.0.0:5000->5000/tcp cocky_perlman
[root@localhost ~]# cat nginx.tar | docker import - nginx:1
sha256:bde88d3477d0fb797f76084b465533e15e98e0b39c6f1323667d46bfda317b26
[root@localhost ~]# docker run -p 5500:80 -it nginx:1 /bin/bash //将宿主机5500端口映射给容器的80端口
root@2e8ed3b4f5b4:/# nginx //启动nginx服务
宿主机(192.168.200.11)访问5500端口测试:
root@a2017f9d1060:/# 192.168.200.2 - - [30/Dec/2016:12:19:21 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KH
TML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"2016/12/30 12:19:21 [error] 8#8: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.200.2, server: localhos
t, request: "GET /favicon.ico HTTP/1.1", host: "192.168.200.11:5500", referrer: "http://192.168.200.11:5500/"192.168.200.2 - - [30/Dec/2016:12:19:21 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.200.11:5500/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"
按ctrl+p再按ctrl+q,使服务保持后台运行
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2017f9d1060 nginx:1 "/bin/bash" About a minute ago Up About a minute 0.0.0.0:5500->80/tcp pedantic_euclid
[root@localhost ~]# docker tag nginx 192.168.200.11:5000/nginx-test //将修改过的nginx镜像做标记封装,准备上传到私有仓库
[root@localhost ~]# docker images
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos 1 6d625a82c584 41 hours ago 196.7 MB
192.168.200.11:5000/nginx-test latest 89732b811e7f 3 weeks ago 182.7 MB
docker.io/nginx latest 89732b811e7f 3 weeks ago 182.7 MB
docker.io/registry latest 061610023430 5 months ago 422.8 MB
[root@localhost ~]# docker push 192.168.200.11:5000/nginx-test //上传到私有仓库
The push refers to a repository [192.168.200.11:5000/nginx-test] (len: 1)
Sending image list
Pushing repository 192.168.200.11:5000/nginx-test (1 tags)
23286f48d129: Image successfully pushed
cbee5247e891: Image successfully pushed
358fca72eb67: Image successfully pushed
70f682aa6f8b: Image successfully pushed
d92c26bdbb83: Image successfully pushed
f10563ca252d: Image successfully pushed
b96018ff7ebe: Image successfully pushed
89732b811e7f: Image successfully pushed
Pushing tag for rev [89732b811e7f] on {http://192.168.200.11:5000/v1/repositories/nginx-test/tags/latest}
另外打开一台CentOS-7.2 (192.168.200.12)安装好docker
[root@localhost-2 ~]# systemctl stop firewalld.service
[root@localhost-2 ~]# setenforce 0
[root@localhost-2 ~]# systemctl start docker.service
[root@localhost-2 ~]# vim /etc/sysconfig/docker
23 INSECURE_REGISTRY='--insecure-registry 192.168.200.11:5000'
[root@localhost-2 ~]# systemctl restart docker.service
[root@localhost-2 ~]# docker pull 192.168.200.11:5000/nginx-test //从私有仓库下载镜像
Using default tag: latest
6685b2154893: Pulling image (latest) from 192.168.200.11:5000/nginx-test, endpoint: http
6685b2154893: Download complete
a2295636c7aa: Download complete
3035387b9e83: Download complete
968c69f18673: Download complete
963493e54e68: Download complete
755b4eb93a9e: Download complete
f3b2532b0301: Download complete
f3bf4daa2ff2: Download complete
Status: Downloaded newer image for 192.168.200.11:5000/nginx-test:latest
192.168.200.11:5000/nginx-test: this image was pulled from a legacy registry. Important: This registry version will not be supported in future versions of docker.
[root@localhost-2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
192.168.200.11:5000/nginx-test latest 6685b2154893 3 weeks ago 182.7 MB
附录:修改网卡名并配置IP地址
1.首先编辑网卡的配置文件 vi /etc/sysconfig/network-scripts/ifcfg-eno16777736 将里面的NAME和DEVICE项修改为eth0
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="no"
IPV6_DEFROUTE="no"
IPV6_PEERDNS="no"
IPV6_PEERROUTES="no"
IPV6_FAILURE_FATAL="no"
UUID="532635cd-06e8-4371-a509-db91e5e002d8"
DEVICE="eth0"
NAME="eth0"
ONBOOT="yes"
IPADDR=192.168.200.11
NETMASK=255.255.255.0
GATEWAY=192.168.200.1
DNS1=202.106.0.20
重命名配置文件。
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# mv ifcfg-eno16777736 ifcfg-eth0
然后,禁用预测命名规则。对于这一点,你可以在启动时传递“net.ifnames=0 biosdevname=0 ”的内核参数。这是通过编辑/etc/default/grub并加入“net.ifnames=0 biosdevname=0 ”到GRUBCMDLINELINUX变量来实现的。
[root@localhost ~]# vim /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/root rd.lvm.lv=centos/swap net.ifnames=0 biosdevname=0 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
运行命令grub2-mkconfig -o /boot/grub2/grub.cfg 来重新生成GRUB配置并更新内核参数。
[root@localhost ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-bc1f9d0957ea4eaabe341ae15ec0aac9
Found initrd image: /boot/initramfs-0-rescue-bc1f9d0957ea4eaabe341ae15ec0aac9.img
done
其实到第5步的时候,重启在ifconfig查看应该就已经生效了。
注意:根据Centos 官方WIKI的FAQ中得知,如果你有多个接口,并且想要控制其设备名,而不是让内核以它自己的方式命名,创建,/etc/udev/rules.d/XXX-net.rules规则是必要的!那么这里我们也创建好规则吧。
注意:以前系统的net规则名称是70-persistent-net.rules,这里我也按照这个名字定义规则!
[root@localhost ~]# cat /etc/udev/rules.d/70-persistent-net.rules
ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTR{type}=="1", ATTR{address}=="00:0c:29:33:f5:58", NAME="eth0", KERNEL=="eth*"
[root@localhost ~]# rebootd