1.Docker简介
Docker作用在于快速交付
github https://github.com/docker/docker.github.io
开源的容器引擎,可以让开发者打包应用以及依赖的库,然后发布到任何流行的linux发行版上,移植很方便
由go语言编写,基于apache2.0协议发布
基于linux kernel,要想在win下运行需要借助一个vm(虚拟机)来实现
自2013年开始,近些年发展迅猛
docker从1.13x开始,版本分为社区版ce和企业版ee,并且基于年月的时间线形式,当前最新稳定版为17.09 参考http://blog.csdn.net/chenhaifeng2016/article/details/68062414
Docker和传统的虚拟化对比
Docker优势
启动非常快,秒级实现;资源利用率高,一台高配置服务器可以跑上千个docker容器;更快的交付和部署,一次创建和配置后,可以在任意地方运行;内核级别的虚拟化,不需要额外的hypevisor支持,会有更高的性能和效率;易迁移,平台依赖性不强。
Docker核心概念
镜像,是一个只读的模板,类似于安装系统用到的那个iso文件,我们通过镜像来完成各种应用的部署。
容器,镜像类似于操作系统,而容器类似于虚拟机本身。它可以被启动、开始、停止、删除等操作,每个容器都是相互隔离的。
仓库,存放镜像的一个场所,仓库分为公开仓库和私有仓库。 最大的公开仓库是Docker hub(hub.docker.com),国内公开仓库(dockerpool.com)
2.安装Docker
下载yum源
[root@chenshi src]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 2276 0 0:00:01 0:00:01 --:--:-- 2276
[root@chenshi src]# ls /etc/yum.repos.d/
CentOS7-Base-163.repo CentOS-Debuginfo.repo CentOS-Sources.repo epel.repo nginx.ngx
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo epel-testing.repo
CentOS-CR.repo CentOS-Media.repo docker.repo mongodb-org-3.4.repo
安装docker(社区版)
[root@chenshi src]# yum list |grep docker
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
https://download.docker.com/linux/centos/7/x86_64/stable/repodata/2e99c4bb54f31baca7f32738cb8fbeff20a1770a092e97ec878880fbc9145ecc-primary.sqlite.bz2: [Errno 14] curl#52 - "Empty reply from server"
正在尝试其它镜像。
cockpit-docker.x86_64 172-2.el7.centos extras
containerd.io.x86_64 1.2.0-1.2.beta.2.el7 docker-ce-stable
docker.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-ce.x86_64 18.06.1.ce-3.el7
[root@chenshi src]# yum install -y docker-ce 需要使用ssr
启动docker ;会自动生成iptables规则,尽量不要改动
[root@chenshi ~]# systemctl start docker.service
[root@chenshi ~]# ps aux|grep docker
root 17853 2.1 0.5 419968 50512 ? Ssl 11:10 0:00 /usr/bin/dockerd
root 17860 0.4 0.2 327148 27888 ? Ssl 11:10 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 18012 0.0 0.0 112720 972 pts/0 S+ 11:10 0:00 grep --color=auto docker
3.镜像管理
使用docker pull命令来下载镜像
[root@chenshi ~]# vi /etc/docker/deamon.json
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
}
配置加速器
--------------------------------------------------------
[root@chenshi ~]# systemctl restart docker.service
[root@chenshi ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
256b176beaff: Pull complete
Digest: sha256:6f6d986d425aeabdc3a02cb61c02abb2e78e57357e92417d6d58332856024faf
Status: Downloaded newer image for centos:latest
docker pull centos//可以下载centos镜像,速度很慢
配置docker加速器(参考 http://blog.csdn.net/xlemonok/article/details/71403534)
vi /etc/docker/daemon.json//加入如下内容
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
}
说明:这个url为加速器地址,需要自行到阿里云申请
配置完加速器,重启docker服务,再次docker pull centos会快很多
docker images 查看本地的镜像
docker search xxx //搜索镜像,其中xxx是关键词
docker tag centos aming123 //给镜像打标签
docker run -itd centos //把镜像启动为容器,-i表示让容器的标准输入打开,-t表示分配一个伪终端,-d表示后台启动,要把-i -t -d 放到镜像名字前面
docker ps //查看运行的容器,加上-a选项后可以查看所有容器,包括未运行的
docker rmi centos //用来删除指定镜像, 其中后面的参数可以是tag,如果是tag时,实际上是删除该tag。当后面的参数为镜像ID时,则会彻底删除整个镜像,所有标签也会一同删除
查看本地镜像
[root@chenshi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5182e96772bf 5 weeks ago 200MB
使用docker search搜索镜像
[root@chenshi ~]# docker search jumpserver
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
jumpserver/jumpserver 10
jiaxiangkong/jumpserver_docker 开源跳板机(堡垒机):认证,授权,审计,自动化运维 10
hhding/jumpserver-docker ssh proxy node 3 [OK]
njqaaa/jumpserver jumpserver 2 [OK]
baselibrary/jumpserver jumpserver 1 [OK]
zhegao/jumpserver Jumpserver 1.4.0 1
jumpserver/allinone jumpserver all in one 1 [OK]
zqiannnn/jumpserver-ansible JumpServer Ansible Addon 1 [OK]
jumpserver/guacamole guacamole for jumpserver 1 [OK]
kubernetesio/sshd-jumpserver sshd-jumpserver 0 [OK]
vikings/jumpserver 0
satoms/jumpserver 0
zsjohny/jumpserver bastion web ui 0 [OK]
jumpserver/python 0
qiwihui/jumpserver jumpserver docker 0 [OK]
jumpserver/coco 0
qq58945591/jumpserver JumpServer集成coco和luna,使用nginx进行反向代… 0 [OK]
jumpserver/luna 0
lc13579443/jumpserver Jumpserver all in one Dockerfile 0 [OK]
ibuler/jumpserver 0
qbtrade/jumpserver 0
jumpserver/core Jumpserver Official Docker Image 0 [OK]
qbtrade/jumpserver_coco 0
jumpserver/base-env-alpine 0
mapsic/jumpserver jumpserver 0 [OK]
使用docker tag给镜像打标签(重命名) image id是唯一标识(相同的镜像id相同)
[root@chenshi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 6 days ago 84.1MB
centos latest 5182e96772bf 5 weeks ago 200MB
[root@chenshi ~]# docker tag centos xiaoqi_centos
您在 /var/spool/mail/root 中有邮件
[root@chenshi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 6 days ago 84.1MB
centos latest 5182e96772bf 5 weeks ago 200MB
xiaoqi_centos latest 5182e96772bf 5 weeks ago 200MB
修改TAG栏的方法
[root@chenshi ~]# docker tag centos test:18912
您在 /var/spool/mail/root 中有邮件
[root@chenshi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 6 days ago 84.1MB
centos latest 5182e96772bf 5 weeks ago 200MB
test 18912 5182e96772bf 5 weeks ago 200MB
xiaoqi_centos latest 5182e96772bf 5 weeks ago 200MB
启动镜像
把镜像启动为容器,-i表示让容器的标准输入打开,-t表示分配一个伪终端,-d表示后台启动,要把-i -t -d 放到镜像名字前面
[root@chenshi ~]# docker run -itd centos
fe68d6a9d9aeb3babf4ed742d917018cb5af95e93158e7e8022704107bddfe4a
--------------------------------------------------------------
查看已经启动的容器
[root@chenshi ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe68d6a9d9ae centos "/bin/bash" 9 seconds ago Up 7 seconds lucid_clarke
查看全部容器,包括停止的
[root@chenshi1 src]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b3a906d1c099 centos "/bin/bash" About a minute ago Up About a minute awesome_golick
删除镜像
用来删除指定镜像, 其中后面的参数可以是tag,如果是tag时,实际上是删除该tag。当后面的参数为镜像ID时,则会彻底删除整个镜像,所有标签也会一同删除
[root@chenshi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 6 days ago 84.1MB
test 18912 5182e96772bf 5 weeks ago 200MB
xiaoqi_centos latest 5182e96772bf 5 weeks ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
您在 /var/spool/mail/root 中有邮件
[root@chenshi ~]# docker rmi test
Error: No such image: test
默认是找test:latest
[root@chenshi ~]# docker rmi test:18912
Untagged: test:18912
[root@chenshi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest cd6d8154f1e1 6 days ago 84.1MB
centos latest 5182e96772bf 5 weeks ago 200MB
xiaoqi_centos latest 5182e96772bf 5 weeks ago 200MB
4.通过容器创建镜像
进入启动容器
docker exec -it xxxxx bash//其中xxxxx为容器id,这个id可以用docker ps查看,最后面的bash为进入容器后我们要执行的命令,这样就可以打开一个终端进入到该容器中,我们做一些变更,比如安装一些东西,然后针对这个容器进行创建新的镜像
[root@chenshi1 src]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b3a906d1c099 centos "/bin/bash" About a minute ago Up About a minute awesome_golick
[root@chenshi1 src]# docker exec -it b3a906d1c099 bash
[root@b3a906d1c099 /]#
进入容器之后可以执行一些操作
[root@b3a906d1c099 ~]# history
1 ip addr
2 yum install -y net-tools
3 ping www.baidu.com
4 ll
5 cd
6 who
7 pwd
8 history
使用ctrl d退出容器
[root@b3a906d1c099 ~]# exit
[root@chenshi1 src]#
保存修改后的启动容器为其他镜像
docker commit -m "change somth" -a "somebody info" container_id new_image_name//container_id通过docker ps -a获取,后面的new_image_name为新镜像名字例如: docker commit -m "install net-tools" -a "xiaoqi" fe68d6a9d9ae centos_with_net这个命令有点像svn的提交,-m 加一些改动信息,-a 指定作者相关信息 fe68d6a9d9ae这一串为容器id,再后面为新镜像的名字
[root@chenshi ~]# docker commit -m "install net-tools" -a "xiaoqi" fe68d6a9d9ae centos_with_net
sha256:0c5dfa7d19b37bdc128294cc2da831e34f3431fa80ee66c8c503edb9ee7528f3
[root@chenshi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_net latest 0c5dfa7d19b3 8 seconds ago 293MB
ubuntu latest cd6d8154f1e1 6 days ago 84.1MB
centos latest 5182e96772bf 5 weeks ago 200MB
xiaoqi_centos latest 5182e96772bf 5 weeks ago 200MB
每开启一个虚拟机(镜像)都会增加一个虚拟网卡
[root@chenshi1 src]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:e5ff:fe50:e326 prefixlen 64 scopeid 0x20<link>
ether 02:42:e5:50:e3:26 txqueuelen 0 (Ethernet)
RX packets 1883 bytes 79028 (77.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1894 bytes 13542207 (12.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0