docker
- 删除旧版本的docker包!
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
配置docker阿里云镜像
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
安装docker
yum install docker-ce docker-ce-cli containerd.io -y
systemctl start docker 启动docker
安装完成后检查版本
docker version
卸载、删除docker
yum remove docker-ce docker-ce-cli containerd.io 删除依赖
rm -rf /var/lib/docker 删除目录
配置阿里云镜像加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://9ei5z6re.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
docker的常用命令
搜索镜像 docker search xxx
按照浏览量查找 docker search xxx --filter=STARS=3000
分层下载
docker pull mysql
docker pull mysql:5.7
docker 命令
--name=“NAME” 容器名字 xxx01 xxx02 用于区分容器
-d 以后台方式运行
-it 使用交互式,进入容
-p
-p ip:主机端口:容器端口
-p 主机端口:容器端口
-p 容器端口-
-P 随机指定端口
docker -rmi 镜像id
docker rmi -f $(docker images -aq) 递归删除(全部)镜像
docker rmi -f id id id 删除多个镜像
新建容器并启动
docker run -it centos /bin/bash 启动并进如容器
root@localhost ~]# docker run -it centos /bin/bash
[root@a50cb69507f1 /]#
从容器中退回主机
[root@a50cb69507f1 /]# exit
exit
[root@localhost ~]#
[root@a50cb69507f1 /]# exit
exit
[root@localhost ~]#
docke ps
-a 列出当前正运行的容器+历史运行过的参数
-n=? 显示最近创建的容器
-q 只显示容器的编号
exit 直接停止容器并退出
ctrl + P + Q 后台运行
删除容器
docker rm -f e4 指定删除容器 (强制删除)
#去除-f 则不能强制删除运行的容器
docker rm -f $(docker ps -aq) 删除全部容器
docker start 容器id
docker restart 重启容器
docker stop 停止容器
docker kill 强制停止
其他命令
docker run -d 后台运行容器
docker logs -tf --tail 10 容器id 查看某容器最近十条的日志
docker logs -tf 容器id 查看某个容器的日志
docker run -d centos /bin/bash -c "while true;do echo huweiqi;sleep 1;done;" 循环日志
[root@localhost ~]# docker inspect 0 查看元数据
[
{
"Id": "0dba2e18e81d9a124d748d193fe762000314fe4d575dcd6acc369d23e54a173c",
"Created": "2021-02-18T12:18:01.002338206Z",
"Path": "/bin/sh",
"Args": [],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-02-18T12:18:01.478411996Z",
"FinishedAt": "2021-02-18T12:18:01.498675035Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/0dba2e18e81d9a124d748d193fe762000314fe4d575dcd6acc369d23e54a173c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/0dba2e18e81d9a124d748d193fe762000314fe4d575dcd6acc369d23e54a173c/hostname",
"HostsPath": "/var/lib/docker/containers/0dba2e18e81d9a124d748d193fe762000314fe4d575dcd6acc369d23e54a173c/hosts",
"LogPath": "/var/lib/docker/containers/0dba2e18e81d9a124d748d193fe762000314fe4d575dcd6acc369d23e54a173c/0dba2e18e81d9a124d748d193fe762000314fe4d575dcd6acc369d23e54a173c-json.log",
"Name": "/affectionate_hofstadter",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/6ba71a06cbcfc83c8f87730f313caf1c5da4ada26ea8fc0e364e3432a76df360-init/diff:/var/lib/docker/overlay2/00f6ff497936b8100f9e40286fed4bfa80bc4ca63a81607e9395d4b99a0432b0/diff",
"MergedDir": "/var/lib/docker/overlay2/6ba71a06cbcfc83c8f87730f313caf1c5da4ada26ea8fc0e364e3432a76df360/merged",
"UpperDir": "/var/lib/docker/overlay2/6ba71a06cbcfc83c8f87730f313caf1c5da4ada26ea8fc0e364e3432a76df360/diff",
"WorkDir": "/var/lib/docker/overlay2/6ba71a06cbcfc83c8f87730f313caf1c5da4ada26ea8fc0e364e3432a76df360/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "0dba2e18e81d",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "57ad3e2e7dc79a8235458b1a8982cf74b1c5fae1cf764ba607d3bce407b218f3",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/57ad3e2e7dc7",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "638a672d15d813f1a517990b72ebc02846de7b74c59623c572f1b21abc1e42bd",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
[root@localhost ~]#
进入当前正在运行的容器
命令
docker exec -it 容器id /bin/bash 启动一个新的终端,可以在里面进行操作
docker attach 容器id 进如容器正在执行的终端,不会新开终端
测试
root@localhost ~]# docker exec -it 3880f3 /bin/bash
[root@3880f387fa93 /]#
从容器内拷贝到本地
命令
docker cp 容器ID:/容器内路径 /本地路径下
实列
在容器内新建文件
[root@localhost ~]# docker exec -it 3 /bin/bash
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@3880f387fa93 /]# touch /home/huweqi
在本地拷贝
[root@localhost ~]# docker cp 388:/home/huweiqi /home/
Error: No such container:path: 388:/home/huweiqi
[root@localhost ~]# docker cp 388:/home/huweqi /home/
[root@localhost ~]# ll /home/
total 0
-rw-r--r--. 1 root root 0 Feb 18 20:38 huweqi
[root@localhost ~]#
部署nginx、tomcat
docker search nginx 搜索一个镜像
docker pull nginx 拉去镜像
docker run -d --name nginx -p 3344:80 nginx 以后台运行一个容器 指定name 本地端口:容器端口
---
[root@localhost ~]# docker run -d --name tomcat01 -p 3355:8080 tomcat 运行一个tomcat容器
b5b3af64737c918bcd799372036006ae3eccbb925eb3ad251a3b6de3bafe40f2
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# docker exec -it tomcat01 /bin/bash
root@b5b3af64737c:/usr/local/tomcat#
root@b5b3af64737c:/usr/local/tomcat#
root@b5b3af64737c:/usr/local/tomcat# ls
BUILDING.txt CONTRIBUTING.md LICENSE NOTICE README.md RELEASE-NOTES RUNNING.txt bin conf lib logs native-jni-lib temp webapps webapps.dist work
root@b5b3af64737c:/usr/local/tomcat# cd weapps
bash: cd: weapps: No such file or directory
root@b5b3af64737c:/usr/local/tomcat# cd webapps
root@b5b3af64737c:/usr/local/tomcat/webapps# ls
root@b5b3af64737c:/usr/local/tomcat/webapps# cd ..
root@b5b3af64737c:/usr/local/tomcat# ls
BUILDING.txt CONTRIBUTING.md LICENSE NOTICE README.md RELEASE-NOTES RUNNING.txt bin conf lib logs native-jni-lib temp webapps webapps.dist work
默认tomcat容器内是最小化的:webapps内无内容 。可以拷贝webapps.dist内的内容
root@b5b3af64737c:/usr/local/tomcat# cd webapps.dist/
root@b5b3af64737c:/usr/local/tomcat/webapps.dist# ls
ROOT docs examples host-manager manager
root@b5b3af64737c:/usr/local/tomcat/webapps.dist# cp ./* ../webapps
cp: -r not specified; omitting directory './ROOT'
cp: -r not specified; omitting directory './docs'
cp: -r not specified; omitting directory './examples'
cp: -r not specified; omitting directory './host-manager'
cp: -r not specified; omitting directory './manager'
root@b5b3af64737c:/usr/local/tomcat/webapps.dist# cp -r ./* ../webapps
root@b5b3af64737c:/usr/local/tomcat/webapps.dist# ls
ROOT docs examples host-manager manager
root@b5b3af64737c:/usr/local/tomcat/webapps.dist# cd ..
root@b5b3af64737c:/usr/local/tomcat# ls webapps
ROOT docs examples host-manager manager
root@b5b3af64737c:/usr/local/tomcat#
当前方法是每次修改内容都必须进去容器!要是可以在外部映射一个文件就可以避免每次进入容器内部修改?
安装elasticsearch
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch 拉取运行
查看docker运行内存
docker stats
测试se是否安装成功
[root@localhost ~]# curl localhost:9200
{
"name" : "AtYxnIo",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "0H7wRCHyTVmFkTdHZmHqnQ",
"version" : {
"number" : "5.6.12",
"build_hash" : "cfe3d9f",
"build_date" : "2018-09-10T20:12:43.732Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}
安装可视化面板
docker run -d -p 8088:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainer
commit镜像
docker commit -m "提交的信息描述" -a “作者” 容器id 目标镜像名:[TAG]
[root@localhost ~]# docker commit -a="huweqii" -m="xiugaiguo" 0e65034f7d49 nginx:v02
sha256:ef5df12d240cd2b4ba530596f354a477b13eb762facbaf4f05b68b0fb63f2307
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dd86d09a287 portainer/portainer "/portainer" 54 minutes ago Up 54 minutes 0.0.0.0:8088->9000/tcp epic_bassi
483295b95881 elasticsearch "/docker-entrypoint.…" About an hour ago Exited (143) 57 minutes ago elasticsearch
b5b3af64737c tomcat "catalina.sh run" 2 hours ago Exited (143) About an hour ago tomcat01
0e65034f7d49 nginx "/docker-entrypoint.…" 2 hours ago Up 49 minutes 0.0.0.0:3344->80/tcp nginx
0dba2e18e81d 300e315adb2f "/bin/sh" 14 hours ago Exited (0) 14 hours ago affectionate_hofstadter
825e102dae8c 300e315adb2f "/bin/bash" 15 hours ago Exited (0) 15 hours ago optimistic_lederberg
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v02 ef5df12d240c 41 seconds ago 184MB
tomcat latest 040bdb29ab37 5 weeks ago 649MB
nginx latest f6d0b4767a6c 5 weeks ago 133MB
<none> <none> 300e315adb2f 2 months ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
elasticsearch latest 5acf0e8da90b 2 years ago 486MB
[root@localhost ~]#
docker内部安装软件
进去到容器内部
chmod -R 777 /tmp
apt-get update
apt-get install vim -y
docker 数据卷
数据持久化
docker run -it -v 本地路径:容器内路径 -p 80:80 nginx /bin/bash
docker inspect 容器id
"Mounts": [
{
"Type": "bind",
"Source": "/html",
"Destination": "/usr/share/nginx/html",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
mysql 数据同步
安装拉去mysql 要设置密码
-e MYSQL_ROOT_PASSWORD=qweqwe
运行容器 做挂载点
docker run -d -p 3310:3306 -v /home/mysql/conf:/etc/mysql/conf.d -v /home/mysql/date:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=qweqwe --name=mysql01 mysql:5.7
docker run -d -p 3311:3306 --volumes-from mysql01 -e MYSQL_ROOT_PASSWORD=qweqwe --name=mysql02 mysql:5.7
具名挂载和匿名挂载
-v 容器内路径
docker run -d -P --name nginx02 -v /etc/nginx nginx
查看所有volume 情况
docker volume ls
具名挂载
-v 卷名:容器内名字
docker run -d -P --name nginx03 -v name_nginx:/etc/nginx nginx
docker run -d -P --name nginx04 -v name_nginx:/etc/nginx:ro nginx
docker run -d -P --name nginx04 -v name_nginx:/etc/nginx:rw nginx
一旦设置了这个,权限就限制了
数据卷容器
容器间数据同步
利用一个容器给其他容器共享数据
启动一个容器
docker run -it --name=centos02 --volumes-from centos01 huweiqi/centos:latest
完成数据基本同步
dockerfile
初识dockefile
dockerfile就是用来构建镜像的脚本文件!
通过脚本生成镜像,镜像是一层一层的,脚本
FROM centos
VOLUME ["volume'01","volume02"]
CMD echo "```````end``````````"
CMD /bin/bash
docker build -f /home/docker_file/dockerfile1 -t huweiqi/centos .
最后的点不要丢
~
dicker build 构建docker file
docker build file文件目录 -t 标签:v0.1 打包的目录
Docker file 文件格式
docker file 开头字母必须大写 。docker file 文件中的文件传参放于当前目录
-------
内容
语法:
FROM 指令
FROM 镜像名:TAG 不加tag 默认latest
MANINTANIER 名称<联系方式>"" “huweiqi<huweiqi@qq.com>” (基本已经不用)
#LABEL mantainer=huweiqi<huweiqi@qq.com> 使用一种
语法
COPY 指令
COPY <SRC> <DEST>
COPY ["<SRC>,..多个源路径.. "<DEST>"]
COPY yum.repos.d /etc/yum.repos.d/
1 如果指定了多个SRC 或使用了通配符,则dest必须是一个目录,且必须以 / 结尾
COPY /源目录 /容器内目录
2 SRC 中的目录文件必须是build上下文中的路径,不能说其父目录中的文件
3 当前的CPOPY 复制的源目录是指 该目录下的内所有内容,并不会将该目录复制过去
4如果DEST 实现不存在,他将自动被创建
ADD 指令
ADD RUL /容器内目标路径
ADD http://nginx.org/download/nginx-1.18.0.tar.gz /usr/local/src/
自动下载并传入在容器内/usr/local/src/目录录下(自动创建目录,必须以/结尾)
ADD nginx-xxxx.tar.gz /usr/local/src/
#下载nginx.tar.gz 到build目录 自动解压至/usr/local/src/目录
ADD nginx.xxx.tar.gz ./ (这里的当前目录是指WORKDIR 指定的目录)
RUN指令
RUN 基本shell命令
RUN cd /usr/src && \
tar xf nginx-xxx.tar.gz && \
xxxxxx
WORKDIR 指令
指定当前目录 (随后的引用,逆序向上找,取最近)
WORKDRIR /usr/local/src/ (可以不写/src)
WORKDRIR /usr/local/
ADD nginx.xxx.tar.gz ./src/ (引用src)
VOLUME 指令
VOLUME /容器内路径
不加外部路径,则默认可用 (docker insept 容器名来查看)
EXPOSE 指令
用于为容器打开指定要监听的端口。实现与外部通信
EXPOSE 80/tcp
暴露容器内的端口
运行时时加 -P 可随机将80端口映射至宿主机的随机端口
ENV 指令
用于为镜像定义所需要的环境变量,
ENV ENV_NAME=/data/web/html/ (将/data/web/html 赋值给ENV_NAME。后续 使用/data/web/html/ 时可直接调用 $ENV_NAME 后面又内容 加${ENV_NAME} 大括号)
如果ENV是空值
使用: ${EVN_NAME:-/目录/} 如果是控制则使用这个路径
${EVN_NAME:+/目录/} 使用此目录
多个变量赋值
ENV EVN1=xxxx \ (\表示转意)
EVN2=xxxx \
.......
**在外部给容器内中ENV传参 (环境变量)** 第二阶段 build完成之后
* 如果dockerfile中存在EVN_NAME 可在外部
-e ENV_NAME="xxxxxxx" 定义变量
docker run --name envtest -d -e ENV_NAME="xxxxxxx" nginx printenv
CMD 指令
CMD指令只有最后一个生效
CMD /bin/httpd -f -h ${EVN环境变量}
CMD [“/bin/bash","-f","-h ${EVM变量}"] 注:这个默认不是以shell运行 所以不认识${环境变量}
在docker run 时指定参数时会被覆盖
以shell运行
CMD ["/bin/bash","-c","bin/httpd","-f","-h ${EVN变量}"]
CMD /bin/bash
ENTRYPOINT 指令
在docker run 容器后面传参数时不会被覆盖
--entrypoint
将CMD的命令传给ENTRYPOINT
CMD ["/bin/httpd","-f","-h 目录"]
ENTRYPOINT /bin/sh -c
一般与CMD联合使用.
USER指令
HEALTHCHECK 指令
ARG 指令
在build时传参数
ARG 变量名=${xxxxx}
文件中 定义ARG变量
ARG zuozhe="xiaofupo<xfp@qq.com>"
LABEL mainatainer=${zuozhe}
docker build --build-arg zuozhe="xxxxxxx<xxxx." -t xxx:v1 ./
UNBUILD
在自身的dockerfille在做成镜像时不执行,在别人用用此镜像做基础镜像时执行
ONBUILD ADD http://nginx.org/download/nginx-1.18.0.tar.gz /var/local/src/
摘要
CMD与ENTRYPONINT互相结合
CMD 将参数传给 ENTRYPOINT 这里为默认值
在docker run 时 如果定义要执行的命令
ENTRYPOINT 会认为有定义的值而舍去CMD的默认值 此时被覆盖的值是CMD 的值
测试效果
docker run --name xxx --rm 容器id:v?? cat /xxx
docker run --name=xxx --rm xxx/xxx:v1 /bin/httpd -f -h /data/web/html
-h 指定家目录
-f 前台运行
启动自己写的容器
docker run -it --name=centos01 huweiqi/centos /bin/bash
查看挂在点
docker inspect 容器id
重点
dockerfile 的构建过程
- 每个指令必须大写
- 执行从上倒下,顺序执行
- #表示注释
docker file的指令
FROM 基础镜像 centos 、ubantu一切从这里开始构建
MAINTAINER 镜像是谁写的,姓名+邮箱 (标准)
RUN 镜像在构建的时候运行的命令
ADD 步骤:添加内容
WORFDIR 镜像的工作目录
VOLUME 挂载的目录位置
EXPOSE 暴露端口位置
CMD 容器启动时要运行的命令,只有最后一个会生效,可被替代
COPY 将文件拷贝到镜像中
EVN 构建时设置环境变量
实战测试
FROM centos
MAINTAINER huweiqi<2425328600@qq.com>
ENV MYPATH /usr/local
WORKDIR $MYPATH
CMD echo "默认工作路径已设置"
RUN yum install -y vim
RUN yum install -y net-tools
CMD echo "软件包安装完成"
EXPOSE 80
CMD echo $MYPATH
CMD echo "````构建完成````"
CMD /bin/bash
docker build -f /home/docker_file/dockerfile2 -t mycentos:v1 .
cmd 与ENTRYPOINT区别
测试CMD
[root@localhost docker_file]# cat dockerfile3
FROM centos
CMD ["ls","-a"]
[root@localhost docker_file]#
[root@localhost docker_file]# docker run cmd2 ls -al
total 0
drwxr-xr-x. 1 root root 6 Feb 19 08:57 .
drwxr-xr-x. 1 root root 6 Feb 19 08:57 ..
-rwxr-xr-x. 1 root root 0 Feb 19 08:57 .dockerenv
lrwxrwxrwx. 1 root root 7 Nov 3 15:22 bin -> usr/bin
drwxr-xr-x. 5 root root 340 Feb 19 08:57 dev
drwxr-xr-x. 1 root root 66 Feb 19 08:57 etc
drwxr-xr-x. 2 root root 6 Nov 3 15:22 home
lrwxrwxrwx. 1 root root 7 Nov 3 15:22 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Nov 3 15:22 lib64 -> usr/lib64
drwx------. 2 root root 6 Dec 4 17:37 lost+found
drwxr-xr-x. 2 root root 6 Nov 3 15:22 media
drwxr-xr-x. 2 root root 6 Nov 3 15:22 mnt
drwxr-xr-x. 2 root root 6 Nov 3 15:22 opt
dr-xr-xr-x. 161 root root 0 Feb 19 08:57 proc
[root@localhost docker_file]# docker run cmd2 -l 不可以直接追加命令
docker: Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: exec: "-l": executable file not found in $PATH: unknown.
测试ENTRYPOINT
[root@localhost docker_file]# cat dockerfile3
FROM centos
ENTRYPOINT ["ls","-a"]
[root@localhost docker_file]# docker run entrypoint
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
[root@localhost docker_file]# docker run entrypoint -l 可以直接追加命令
total 0
drwxr-xr-x. 1 root root 6 Feb 19 09:03 .
drwxr-xr-x. 1 root root 6 Feb 19 09:03 ..
-rwxr-xr-x. 1 root root 0 Feb 19 09:03 .dockerenv
lrwxrwxrwx. 1 root root 7 Nov 3 15:22 bin -> usr/bin
drwxr-xr-x. 5 root root 340 Feb 19 09:03 dev
drwxr-xr-x. 1 root root 66 Feb 19 09:03 etc
drwxr-xr-x. 2 root root 6 Nov 3 15:22 home
lrwxrwxrwx. 1 root root 7 Nov 3 15:22 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Nov 3 15:22 lib64 -> usr/lib64
drwx------. 2 root root 6 Dec 4 17:37 lost+found
drwxr-xr-x. 2 root root 6 Nov 3 15:22 media
传镜像至dockerhab
阿里云也相同
在docker hab上创建用户名
并创建仓库名
登陆到dockerhab
docker login -u huweiqi1999
密码 xxxxxxx
docker push huweiqi1999/web01
这里的tag名称必须与hab仓库名称一致
下载
登陆至hab
docker pull huweiqi1999/web01:v1
打包镜像
命令
docker save -o 【指定保存位置】 镜像1 镜像2
docker save -o /home/tag.gz nginx:latest mysql:latest
解压
docker load -i /home/tag.gz
docker commit
docker commit -p 镜像名
-p 使镜像暂停后再创建
docker 网络
iproute
检查iproute是否被安装
rpm -q iproute
[root@localhost ~]# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id
[root@localhost ~]#
ip netns add r3 添加一个网络名称空间
[root@localhost ~]# ip netns list 查看
r3
r2
r1
查看r1 的网卡
[root@localhost ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
默认只有lo网卡
ip netns exec r1 ifconfig lo up 启动网卡
ip link
ip link add name veth1.1 type veth peer name veth1.2 创建虚拟网卡
[root@localhost ~]# ip link add name veth1.1 type veth peer name veth1.2
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:33:a1:5a brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:0b:04:9d:96 brd ff:ff:ff:ff:ff:ff
4: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether c6:26:c6:3c:9d:a0 brd ff:ff:ff:ff:ff:ff
成对出现的
~~5: veth1.1@veth1.2: <BROADCAST,MULTICA~~ ST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ba:6f:76:d1:01:08 brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip link add name veth1.1 type veth peer name veth1.2
将veth1.2挪到r1中
[root@localhost ~]# ip link set veth1.2 netns r1
[root@localhost ~]# ip link s
Not enough information: "dev" argument is required.
[root@localhost ~]# ip link sh
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:33:a1:5a brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:0b:04:9d:96 brd ff:ff:ff:ff:ff:ff
5: veth1.1@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ba:6f:76:d1:01:08 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@localhost ~]#
ip netns exec r1 set dev veth1.2 name eth 修改r1中veth.2名字为eth0
[root@localhost ~]# ip netns exec r1 ifconfig -a
eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether c6:26:c6:3c:9d:a0 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
激活本地
[root@localhost ~]# ifconfig veth1.1 10.0.0.1/24 up
veth1.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
ether ba:6f:76:d1:01:08 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
激活r1中地址
[root@localhost ~]# ip netns exec r1 ifconfig eth0 10.0.0.2/24 up
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# ip netns exec r1 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.2 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::c426:c6ff:fe3c:9da0 prefixlen 64 scopeid 0x20<link>
ether c6:26:c6:3c:9d:a0 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 656 (656.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker run -it --name t1 --network bridge -h huweiqi --dns 8.8.8.8 --rm busybox:latest
指定主机名与dns
指定hosts文件
[root@localhost ~]# docker run -it --name t1 --network bridge -h huweiqi --add-host huweiqi:1.1.1.1 --dns 8.8.8.8 --rm busybox:latest
/ # cat /etc/host
cat: can't open '/etc/host': No such file or directory
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
1.1.1.1 huweiqi
172.17.0.2 huweiqi
共享网络
参数 --network container:镜像1
命令 docker run --name t2 --network container:t1 -it --rm busybox:latest
共享主机网络
docker run --name t2 --network host -it --rm busybox
修改docker0默认网络
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://9ei5z6re.mirror.aliyuncs.com"],
"bip": "10.0.0.1/16" #自定义网段
}
重启docker
systemctl restart docker
“hosts”: [“tcp://0.0.0.0:2375”,“unix:///var/run/docker.sock”]
使用 --link 添加hosts文件[root@localhost ~]# docker run -d -P --name="tomcar002" --link tomcar001 tomcat c375c9753d5785dc361f206443aca351c6134cf91269c3913a5f0adb8a594428 [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# docker exec -it tomcar002 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 10.0.0.2 tomcar001 d805637831dd 10.0.0.5 c375c9753d57 [root@localhost ~]#
自定义网络
docker network ls
网络模式
birdge 桥接模式
none 不配置网络
host 宿主机共享网络
创建一个自己的桥接网络
--driver bridge 类型 birdge
--subnet 192.168.0.0/16 网络地址池
--gateway 192.168.0.1 网关
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
通过docker network ls 查看
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
a64bec1f71b4 bridge bridge local
65886a5dd05c host host local
4bd43dc7b8df mynet bridge local
e4ebebbdcf77 none null local
docker network inspect mynet
创建俩镜像添加至自己的网络
[root@localhost ~]# docker run -d -P --name tomcat01 --network mynet tomcat
d257d816839fc1ddf9edc8f020e0ac19e817c07ee95b4e61b947fbd3bb3c61fa
[root@localhost ~]# docker run -d -P --name tomcat02 --network mynet tomcat
672083298b316f13eda3588090776811538a70ec5b44bf54f913b9e74f40b4a8
[root@localhost ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "4bd43dc7b8df10477b166df58665c2b0812302e2222d6df9376b0e9c9d50d593",
"Created": "2021-02-20T20:11:35.571296231+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"672083298b316f13eda3588090776811538a70ec5b44bf54f913b9e74f40b4a8": {
"Name": "tomcat02",
"EndpointID": "bb56b1bbf6eebc5c6c2410f0b6e2fed63276eacf906c477c5e6dc2942be11be5",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"d257d816839fc1ddf9edc8f020e0ac19e817c07ee95b4e61b947fbd3bb3c61fa": {
"Name": "tomcat01",
"EndpointID": "344a2d3e7fc83f65e397c653bbeb9baaf8a6c1855d2b724fd28878d3b3de3910",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@localhost ~]#
测试
[root@localhost ~]# docker exec -it tomcat01 ping tomcat02
PING tomcat02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.066 ms
64 bytes from tomcat02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.120 ms
^C
--- tomcat02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.066/0.093/0.120/0.027 ms
[root@localhost ~]#
网络联通
docker network 自定义网卡 容器
connect Connect a container to a network
[root@localhost ~]# docker network --help
Usage: docker network COMMAND
docker network connect mynet nginx_v34
将nginx_v34 加入到mynet网络中
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run ‘docker network COMMAND --help’ for more information on a command.
[root@localhost ~]#
私有仓库registry
registry
新建一台服务器
yum install docker-registry.x86_64 -y
root@localhost ~]# rpm -ql docker-distribution-2.6.2-2.git48294d9.el7.x86_64
/etc/docker-distribution/registry/config.yml 主配置文件
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry 所有的镜像存放位置(建议路径做挂载点)
在其他主机上配置 客户端上配置
但凡需要与registry相连接的都必须修改vim /etc/docker/daemon.json 文件
由于默认链接为https 所以添加配置
"insecure-registries":["registry主机:5000"]
主机A
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://9ei5z6re.mirror.aliyuncs.com"],
"bip": "10.0.0.1/16",
"insecure-registries":["registry主机:5000"]
}
docker tag nginx:latest 192.168.1.23:5000/nginx_v1 tag名称必须以服务器端的IP端口开头
[root@localhost ~]# docker push 192.168.1.23:5000/nginx_v1
Using default tag: latest
The push refers to repository [192.168.1.23:5000/nginx_v1]
2acf82036f38: Pushed
9f65d1d4c869: Pushed
0f804d36244d: Pushed
9b23c8e1e6f9: Pushed
ffd3d6313c9b: Pushed
9eb82f04c782: Pushed
latest: digest: sha256:b08ecc9f7997452ef24358f3e43b9c66888fadb31f3e5de22fec922975caa75a size: 1570
~
主机B
[root@localhost ~]# docker pull 192.168.1.23:5000/nginx_v1
Using default tag: latest
latest: Pulling from nginx_v1
45b42c59be33: Pull complete
8acc495f1d91: Pull complete
ec3bd7de90d7: Pull complete
19e2441aeeab: Pull complete
f5a38c5f8d4e: Pull complete
83500d851118: Pull complete
Digest: sha256:b08ecc9f7997452ef24358f3e43b9c66888fadb31f3e5de22fec922975caa75a
Status: Downloaded newer image for 192.168.1.23:5000/nginx_v1:latest
192.168.1.23:5000/nginx_v1:latest
[root@localhost ~]#
私有harbor
yum install -y docker-compose
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
tar -xf harbor-offline-installer-v2.2.0-rc3.tgz ./
cd harbor/
vim harbor.yml.tmpl
cp harbor.yml.tmpl harbor.yml
hostname: 192.168.1.23
harbor_admin_password: qweqwe
# Harbor DB configuration
database:
password: qweqwe
完成后
运行 install.sh
[Step 5]: starting Harbor ...
Creating harbor-log ... done
Creating redis ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
运行成功
默认账号密码
admin
Harbor12345
重启 停止harbor
docker-compose stop
docker-compose up -d
练习
[root@localhost centos]# vim Dockerfile
FROM centos:7
LABEL mantainer=huweiqi<huweiqi@qq.com>
#RUN mkdir /etc/yum.repos.d/.bak && mv /etc/yum.repos.d/* /etc/yum.repos.d/.bak
#COPY yum.repos.d /etc/yum.repos.d/
RUN yum clean all && \
yum makecache && \
yum install -y bash-completion && \
yum install vim openssh-server yum -y
RUN /usr/bin/ssh-keygen -A && \
echo "qweqwe" | passwd --stdin root
WORKDIR /usr/local
EXPOSE 80
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
docker build -t centos_8 ./
[root@localhost centos]# docker run -d -P
192.168.1.24/centos/centos centos_8:latest
192.168.1.24/centos/centos_ssh centos:v1
192.168.1.24/centos/centos:ssh_v1 centos:v2
192.168.1.24/centos/centos_ssh:v2 centos:v3
centos centos:v4
centos:7 centos:v5
centos_8 centos:v7
[root@localhost centos]# docker run -d -P centos_8
f67ef9cc36444bee02a4e93656adc65c551f2ad96a03623128acbd90c50a8046
[root@localhost centos]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f67ef9cc3644 centos_8 "/usr/sbin/sshd -D" 3 seconds ago Up 2 seconds 0.0.0.0:49156->22/tcp, 0.0.0.0:49155->80/tcp funny_snyder
9f78038bc26a centos:v7 "/usr/sbin/sshd -D" 18 minutes ago Up 18 minutes 0.0.0.0:49154->22/tcp, 0.0.0.0:49153->80/tcp objective_meitner
[root@localhost centos]#
上传