Docker坑 启动
https://www.jianshu.com/p/93518610eea1
Docker镜像下载慢的问题
配置完 数据源 需要重启docker
https://blog.csdn.net/zhengchaooo/article/details/80566722
Docker 拉取镜像报错
https://segmentfault.com/a/1190000016083023?utm_source=tag-newest
其他概括
docker: 容器 www.docker.com
image: 镜像 ,存储状态 不可修改
container: 单进程,运行状态 可修改
mage可以理解为一个系统镜像 (centos.iso),
container是image的在运行时的一个状态。
安装yum源
yum install -y yum-utils
yum-config-manager --add-repo http://download.docker.com/linux/centos/docker-ce.repo
yum源路径
cd /etc/yum.repos.d/
设置缓存
[root@hadoop002 yum.repos.d]# yum makecache
移除历史docker
首先查看Docker版本
# yum list installed | grep docker
docker-ce.x86_64 18.05.0.ce-3.el7.centos @docker-ce-edge
执行卸载
# yum -y remove docker-ce.x86_64
删除存储目录
# rm -rf /etc/docker
# rm -rf /run/docker
# rm -rf /var/lib/dockershim
# rm -rf /var/lib/docker
如果发现删除不掉,需要先 umount,如
# umount /var/lib/docker/devicemapper
https://docs.docker.com/install/linux/docker-ce/centos/
查看Docker状态
service docker status
systemctl status docker
service docker status 只能查看一个组件的状态
service sshd status
systemctl status docker sshd 可以同时查看多个组件状态
[root@docker001 ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:2557e3c07ed1e38f26e389462d03ed943586f744621577a99efb77324b0fe535
Status: Downloaded newer image for hello-world:latest
这时,已经下载完成,开始运行image为一个container 进程
Hello from Docker!
输出一句话
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@docker001 ~]#
docker pull jwilder/nginx-proxy
docker \
run -d \
-p 80:80 \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
[root@docker001 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f193fc172ed jwilder/nginx-proxy "/app/docker-entrypo…" About a minute ago Up About a minute 0.0.0.0:80->80/tcp quirky_wescoff
[root@docker001 ~]#
docker run --name ruozedata-nginx-v1 \
-d -p 801:80 nginx
docker ps
docker run --name ruozedata-mysql-v1 \
-e MYSQL_ROOT_PASSWORD=123456 \
-d mysql:5.7
[root@docker001 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
db7e1b5e4b35 mysql:5.7 "docker-entrypoint.s…" 4 seconds ago Up 4 seconds 3306/tcp, 33060/tcp ruozedata-mysql-v1
b12d70d7da18 nginx "nginx -g 'daemon of…" 9 minutes ago Up 9 minutes 0.0.0.0:801->80/tcp ruozedata-nginx-v1
5f193fc172ed jwilder/nginx-proxy "/app/docker-entrypo…" 14 minutes ago Up 14 minutes 0.0.0.0:80->80/tcp quirky_wescoff
[root@docker001 ~]#
运行容器
docker run --name ruozedata-mysql-v2 \
-e MYSQL_ROOT_PASSWORD=123456 \
-p 33061:3306 \
-d mysql:5.7
[root@docker001 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37169ea9a8b0 mysql:5.7 "docker-entrypoint.s…" 4 seconds ago Up 3 seconds 33060/tcp, 0.0.0.0:33061->3306/tcp ruozedata-mysql-v2
[root@docker001 ~]#
进入 docker内部
docker exec -it ruozedata-mysql-v2 bash
常用的docker命令
[root@docker001 ~]# docker
Usage: docker [OPTIONS] COMMAND
Commands:
build Build an image from a Dockerfile
diff Inspect changes to files or directories on a container's filesystem
exec Run a command in a running container
history Show the history of an image
images List images
kill Kill one or more running containers
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
[root@docker001 ~]# docker top db7e1b5e4b35
UID PID PPID C STIME TTY TIME CMD
systemd+ 22950 22917 2 15:51 ? 00:00:00 mysqld
一个容器中只有一个进程
[root@docker001 ~]#
如何企业定制自己的image?
github下载zip包
上传zip包
解压zip
制作自己的镜像
docker build -t ruozedata-mysql:5.7 .(当前目录,必须有Dockfile)
1.部署docker
[root@docker002 ~]# ll
total 41712
-rw-r--r-- 1 root root 42712724 Mar 31 16:03 docker-ce-18.06.1.ce-3.el7.x86_64.rpm
[root@docker002 ~]# yum install ./docker-ce-18.06.1.ce-3.el7.x86_64.rpm
[root@docker002 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker002 ~]# systemctl start docker
2安装部署Harbor
DOCKER hub
VM harbor 港湾 安全
goharbor.io
1).环境要求
On a Linux host: docker 17.03.0-ce+ and docker-compose 1.10.0+ .
2).下载docker-compose
docker-compose 对docker命令的编排
安装 docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
3).下载harbor 解压
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-online-installer-v1.7.5.tgz
tar -zxvf harbor-online-installer-v1.7.5.tgz -C /usr/local/
4).生产认证文件,配置ssl
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=docker001" \
-key ca.key \
-out ca.crt
openssl genrsa -out docker001.key 4096
openssl req -sha512 -new \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=docker001" \
-key docker001.key \
-out docker001.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=docker001
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in docker001.csr \
-out docker001.crt
openssl x509 -inform PEM -in docker001.crt -out docker001.cert
cp docker001.cert /etc/docker/certs.d/docker001/
cp docker001.key /etc/docker/certs.d/docker001/
cp ca.crt /etc/docker/certs.d/docker001/
新增机器 拷贝以上三个文件
admin/Harbor12345
配置文件
不信任节点
LDAP
6.)安装harbor
7).浏览器打开 https://docker001/ admin/Harbor12345
https://blog.csdn.net/summerxiachen/article/details/82594992
3.尝试登陆172.19.48.84
[root@docker002 ~]# docker login 172.19.48.84
Username: jepson
Password:
Error response from daemon: Get https://172.19.48.84/v2/: x509: cannot validate certificate for 172.19.48.84 because it doesn't contain any IP SANs
[root@docker002 ~]#
[root@docker002 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.19.48.84 docker001
172.19.48.85 docker002
4.尝试登陆docker001
[root@docker002 ~]# docker login docker001
Username: jepson
Password:
Error response from daemon: Get https://docker001/v2/: x509: certificate signed by unknown authority
5.认证文件和daemon.json
[root@docker002 ~]# mkdir -p /etc/docker/certs.d/docker001/
传输
[root@docker001 ~]# cd /etc/docker/certs.d/docker001/
[root@docker001 docker001]# ll
total 12
-rw-r--r-- 1 root root 2017 Mar 31 15:13 ca.crt
-rw-r--r-- 1 root root 2045 Mar 31 15:13 docker001.cert
-rw-r--r-- 1 root root 3243 Mar 31 15:13 docker001.key
[root@docker001 docker001]# scp * 172.19.48.85:/etc/docker/certs.d/docker001/
root@172.19.48.85's password:
ca.crt 100% 2017 2.0KB/s 00:00
docker001.cert 100% 2045 2.0KB/s 00:00
docker001.key 100% 3243 3.2KB/s 00:00
[root@docker002 ~]# ll /etc/docker/certs.d/docker001/
total 12
-rw-r--r-- 1 root root 2017 Mar 31 16:10 ca.crt
-rw-r--r-- 1 root root 2045 Mar 31 16:10 docker001.cert
-rw-r--r-- 1 root root 3243 Mar 31 16:10 docker001.key
[root@docker002 ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker001"],
"insecure-registries":["172.19.48.84"]
}
6.重启生效,再次登陆
再次登录出现问题
https://blog.csdn.net/wxb880114/article/details/85703198
[root@docker002 ~]# systemctl restart docker
[root@docker002 ~]# docker login docker001
Username: jepson
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker002 ~]# docker login 172.19.48.84
Username: jepson
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
7.查看 docker001和172.19.48.84 都OK
[root@docker002 ~]# cat /root/.docker/config.json
{
"auths": {
"172.19.48.84": {
"auth": "amVwc29uOlJ1b3plZGF0YTEyMw=="
},
"docker001": {
"auth": "amVwc29uOlJ1b3plZGF0YTEyMw=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.06.1-ce (linux)"
}
}
8.pull镜像
[root@docker002 ~]# docker pull 172.19.48.84/g5private/ruozedatag5:v1
v1: Pulling from g5private/ruozedatag5
27833a3ba0a5: Pull complete
f30b0de0fe20: Pull complete
3ec4edcb2e20: Pull complete
Digest: sha256:796f4d27c079764433cd40ffbee435de369eba4148cc50bfc167ab290bf93496
Status: Downloaded newer image for 172.19.48.84/g5private/ruozedatag5:v1
9.push镜像
[root@docker002 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.19.48.84/g5private/ruozedatag5 v1 11109979b6fa 24 hours ago 109MB
[root@docker002 ~]# docker tag 172.19.48.84/g5private/ruozedatag5:v1 172.19.48.84/g5private/ruozedatag5:v2
[root@docker002 ~]# docker push 172.19.48.84/g5private/ruozedatag5:v2
The push refers to repository [172.19.48.84/g5private/ruozedatag5]
16fb54cacc34: Layer already exists
1723fb2f7bd2: Layer already exists
5dacd731af1b: Layer already exists
v2: digest: sha256:796f4d27c079764433cd40ffbee435de369eba4148cc50bfc167ab290bf93496 size: 948
[root@docker002 ~]#