文章目录
- Dockerfile
- docker inspect
- 将php项目打包docker镜像
- docker安装rocketmq
- docker安装es
- java中间价
- 查看容器详情
- docker设置文件共享
- docker run运行容器
- docker常用命令
- docker进入容器
- mac-docker服务停止启动
- Dockerfile用法
- docker打包springboot jar成镜像
- rm,rmi删除容器,镜像
- ps列出正在运行的容器
- logs -f查看日志
- exec -it进入容器
- run -itd -v首次启动容器
- docker-compose
- docker一键安装各个应用(单机版)
- docker重启开机自启
- docker 安装及换源
- docker制作镜像
- docker hub公有镜像仓库推拉镜像
- docker容器安全
Dockerfile
Dockerfile文件详解
https://www.cnblogs.com/panwenbin-logs/p/8007348.html
docker inspect
docker inspect 容器id
显示如下:
[
{
"Id": "21952e4828c83b2e8e2d95c3e844c5c54c53276928314e9d39cc5ccee3273151",
"Created": "2022-01-12T07:57:47.4547016Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 12200,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-01-12T07:57:48.2535483Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:a840c644625a5fd8439c1eb2a7ad71afa83cee2c48c26b34a64a6b7c0dc1f126",
"ResolvConfPath": "/var/lib/docker/containers/21952e4828c83b2e8e2d95c3e844c5c54c53276928314e9d39cc5ccee3273151/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/21952e4828c83b2e8e2d95c3e844c5c54c53276928314e9d39cc5ccee3273151/hostname",
"HostsPath": "/var/lib/docker/containers/21952e4828c83b2e8e2d95c3e844c5c54c53276928314e9d39cc5ccee3273151/hosts",
"LogPath": "/var/lib/docker/containers/21952e4828c83b2e8e2d95c3e844c5c54c53276928314e9d39cc5ccee3273151/21952e4828c83b2e8e2d95c3e844c5c54c53276928314e9d39cc5ccee3273151-json.log",
"Name": "/unifiable-service",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": [
"cf6830ec90418a2991e9d091624b7b5d548c300ccc25f352e9c4148330166872"
],
"HostConfig": {
"Binds": [
"/Users/lmj/E-disk/验证:/app"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"12000/tcp": [
{
"HostIp": "",
"HostPort": "12000"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/f540f/diff",
"MergedDir": "/var/lib/docker/overlay2/f54f6199a8c803245805192029b7493139d2e6c501b64839bf4c4e4e82062d9d/merged",
"UpperDir": "/var/lib/docker/overlay2/f54f6199a8c803245805192029b7493139d2e6c501b64839bf4c4e4e82062d9d/diff",
"WorkDir": "/var/lib/docker/overlay2/f54f6199a8c803245805192029b7493139d2e6c501b64839bf4c4e4e82062d9d/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/Users/lmj/E-disk/验证",
"Destination": "/app",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "21952e4828c8",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"12000/tcp": {}
},
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=en_US.UTF-8",
"LANGUAGE=en_US:en",
"LC_ALL=en_US.UTF-8",
"JAVA_VERSION=jdk8u272-b10",
"JAVA_HOME=/opt/java/openjdk",
"jar=docker_run.jar"
],
"Cmd": [
"/bin/bash"
],
"Image": "cloud3products-docker.pkg.coding.net/weda/release/unified-file-service-web:v1.0.0",
"Volumes": null,
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "fc7cbd0a3b911b4ee183aa08110e03501020890e7b785553638e1db6bdc6c035",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"12000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "12000"
},
{
"HostIp": "::",
"HostPort": "12000"
}
]
},
"SandboxKey": "/var/run/docker/netns/fc7cbd0a3b91",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "3cb33fc09197fe346a7834a2f5da27aace455bff664adf3aa0d458e29c0d2ae5",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "e7771cdb6938025eaa5a7e0c9b40bc46c2a752b0b83e52c78acf80bef41a103d",
"EndpointID": "3cb33fc09197fe346a7834a2f5da27aace455bff664adf3aa0d458e29c0d2ae5",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
获取容器ip
docker inspect --format=’{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}’ 容器id
获取日志
docker inspect --format=’{{.LogPath}}’ 容器id
将php项目打包docker镜像
https://www.cnblogs.com/waterlufei/p/6655918.html
docker安装rocketmq
docker pull报磁盘空间不足
docker设置broker jvm参数-Xms512M -Xmx512M报内存不足
/bin/runbroker.sh: line 158: 28 Killed $JAVA ${JAVA_OPT} $@
主要原因就是在这里
目录结构
broke.conf
brokerClusterName = DefaultCluster
brokerName = broker-a
brokerId = 0
deleteWhen = 04
fileReservedTime = 48
brokerRole = ASYNC_MASTER
flushDiskType = ASYNC_FLUSH
namesrvAddr=10.9.80.51:9876(换成本机ip/禁用127)
brokerIP1=10.9.80.51(换成本机ip/禁用127)
#在发送消息时,自动创建服务器不存在的topic,默认创建的队列数
defaultTopicQueueNums=8
#是否允许 Broker 自动创建Topic,建议线下开启,线上关闭
autoCreateTopicEnable=true
#是否允许 Broker 自动创建订阅组,建议线下开启,线上关闭
autoCreateSubscriptionGroup=true
docker-compose.yaml
version: '3'
services:
rmqserver:
image: foxiswho/rocketmq:server-4.5.1
container_name: rmqserver
ports:
- 9876:9876
rmqbroker:
mem_limit: 500m
image: foxiswho/rocketmq:broker-4.5.1
container_name: rmqbroker
ports:
- 10909:10909
- 10911:10911
volumes:
- "./logs:/opt/logs"
- "./conf/broker.conf:/etc/rocketmq/broker.conf"
links:
- rmqserver:rmqserver
command: ["sh","mqbroker","-c","/etc/rocketmq/broker.conf","-n","rmqserver:9876","autoCreateTopicEnable=true"]
#command: "sh mqbroker -n rmqserver:9876 -c /etc/rocketmq/broker.conf autoCreateTopicEnable=true"
environment:
NAMESRV_ADDR: rmqserver:9876
JAVA_OPTS: "-Duser:home=/opt -Drocketmq.broker.diskSpaceWarningLevelRatio=0.98"
JAVA_OPT_EXT: "-server -Xms512M -Xmx512M -Xmn128m -XX:ParallelGCThreads=1 -XX:MetaspaceSize=512m -XX:MaxMetaspaceSize=512m"
rmqconsole:
image: styletang/rocketmq-console-ng:latest
container_name: rmqconsole
ports:
- 18080:8080
volumes:
- /etc/localtime:/etc/localtime
links:
- rmqserver:rmqserver
environment:
JAVA_OPTS: "-Drocketmq.namesrv.addr=rmqserver:9876 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Duser.timezone='Asia/Shanghai'"
# rocketmq镜像安装参考文章:https://blog.csdn.net/fenglibing/article/details/92378090
然后在docker-compose.yaml同级目录下运行:
docker-compose up -d
docker安装es
- 创建文件
/data/ES/config/es1.yml
cluster.name: elasticsearch-cluster
node.name: es-node1
network.bind_host: 0.0.0.0
network.publish_host: 本机ip/不要写127.0.0.1
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true
mkdir -p /data/ES/config
mkdir -p /data/ES/data1
mkdir -p /usr/share/elasticsearch/plugins/ik
1.1 下载解压ik分词器在/data/usr/share/elasticsearch/plugins/ik目录下
https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v5.6.8/elasticsearch-analysis-ik-5.6.8.zip
- 拉取镜像
docker pull elasticsearch:5.6.8
- 运行镜像
docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9200:9200 -p 9300:9300 -v /data/ES/config/es1.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /data/ES/data1:/usr/share/elasticsearch/data --name es elasticsearch:5.6.8
- 安装可视化管理工具kibana
docker pull kibana:5.6.8
docker run --name kibana -e ELASTICSEARCH_URL=http://本机ip注127禁用:9200 -e KIBANA_INDEX=.kibana -p 5601:5601 -d kibana:5.6.8
- 安装分词器
plugin-des…/elas-ik.jar等应该在ik目录下,而不是在ik/elasticsearch目录下
在宿主机中将ik文件夹拷贝到容器内 /usr/share/elasticsearch/plugins 目录下
docker cp /data/usr/share/elasticsearch/plugins/ik es:/usr/share/elasticsearch/plugins/
重新启动,即可加载IK分词器
docker restart 容器id
查看:
http://192.168.43.232:5601/
http://192.168.43.232:9200/_cat/nodes?pretty
- 安装Kibana时出现:Please specify a default index pattern,解决办法如图:
mobz/elasticsearch-head:5 也是图像化管理工具和kibana一样,不过没有kibana强大
java中间价
网关:Nginx、Kong、Zuul
缓存:Redis、MemCached、OsCache、EhCache
搜索:ElasticSearch、Solr
熔断:Hystrix、resilience4j
负载均衡:DNS、F5、LVS、Nginx、OpenResty、HAproxy
注册中心:Eureka、Zookeeper、Redis、Etcd、Consul
认证鉴权:JWT、SpringSecurity
消费队列:RabbitMQ、Kafka、RocketMQ、ActiveMQ、Redis
系统监控:Grafana、Prometheus、Influxdb、Telegraf、Lepus
文件系统:OSS、NFS、FastDFS、MogileFS
RPC框架: Dubbo、Motan、Thrift、grpc
构建工具:Maven、Gradle
集成部署:Docker、Jenkins、Git、Maven
分布式配置:Disconf、Apollo、Spring Cloud Config、Diamond
压测:LoadRunner、JMeter、AB、webbench
数据库:MySQL、Redis、MongoDB、PostgreSQL、Memcache、HBase
网络:专用网络VPC、弹性公网IP、CDN
数据库中间件:DRDS、Mycat、360 Atlas、Cobar
分布式框架:Dubbo、Motan、Spring-Could
分布式任务:XXL-JOB、Elastic-Job、Saturn、Quartz
分布式追踪:Pinpoint、CAT、zipkin
分布式日志:elasticsearch、logstash、Kibana 、redis、kafka
版本发布:蓝绿部署、A/B测试、灰度发布/金丝雀发布
————————————————
版权声明:本文为CSDN博主「岛田悠米」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_44752641/article/details/115963763
docker run --net mynetwork --ip 10.9.80.43 --restart always -d -p 9200:9200 -p 9300:9300 -v /data/docker/elasticsearch6/config:/usr/share/elasticsearch/config -v /data/docker/elasticsearch6/data:/usr/share/elasticsearch/data -v /data/docker/elasticsearch6/plugins:/usr/share/elasticsearch/plugins -e "discovery.type=single-node" --name es elasticsearch:6.8.0
查看容器详情
docker inspect es
docker设置文件共享
docker run运行容器
-p是外部端口:内部端口—可以这样记忆 (杠p外交易py交易)
docker run --name my-tomcat -dit -p 19999:9999 镜像id或者镜像名
docker常用命令
docker tag打镜像
docker tag SOURCE_IMAGE_name[:TAG] TARGET_IMAGE_name[:TAG]
例如(也可重新修改镜像信息如仓库地址,端口,名字,版本):
docker tag nginx:latest my-nginx:v1
注意:这里的tag在命名的时候遵循 **仓库地址:端口/镜像所在路径:标签** 的规则(例如:10.12.1.202:8088/oascloud/openailab-authorization-management:v1.4.0),否则在镜像推送的时候会找不到仓库地址
docker进入容器
因为我们单独的使用run只会启动容器,他会立即启动,相应然后就自动消失。你在这个时候使用exec命令已经太迟了。所以,当我们启动容器的时候一定要加上–detach或者-d来保持容器在后台持续运行。那么我们重新来一次。
docker exec -it kali /bin/bash
mac-docker服务停止启动
其实点击那个docker des桌面就好
launchctl list|grep docker
launchctl stop com.docker.docker.6224 【停止docker】
open /Applications/Docker.app 【启动docker】
- macos命令行启动docker服务【https://cloud.tencent.com/developer/article/1531730】
Dockerfile用法
FROM openjdk:8-jdk-alpine //指定镜像,没有会创建
COPY ${jenkins_dir}target/hello-world-0.0.1-SNAPSHOT.jar /hello-world-0.0.1-SNAPSHOT.jar //本机目录(本机目录不能使用绝对路径,因为它本身就是一个相对路径
//本机目录直接从当前目录开始,所有需要复制的文件放在当前目录,如果目录不存在也不会创建目录) 容器目录
ENTRYPOINT ["java", "-jar","/hello-world-0.0.1-SNAPSHOT.jar"]
docker打包springboot jar成镜像
将SpringBoot Jar包打成Docker镜像,Dockerfile相关参数
FROM openjdk:8-jdk-alpine:使用 openjdk:8-jdk-alpine 环境创建(docker所在机器没有该镜像的话会自动进行创建)
docker推送镜像: https://www.cnblogs.com/makalochen/p/14240796.html
vi Dockerfile
内容如下(必须有Copy即将主机的jar的复制到镜像中去,否则运行回报容器里找不到jar)
FROM openjdk:8-jdk-alpine
COPY hello-world-0.0.1-SNAPSHOT.jar /hello-world-0.0.1-SNAPSHOT.jar
ENTRYPOINT ["java", "-jar","/hello-world-0.0.1-SNAPSHOT.jar"]
docker build -t hello-world:v1 .
docker run -it hello-world:v1
docker run -d -p 9999:9999 hello-world:v1
docker logs 5170409aef00465d02
docker port 5170409aef00465d02
表明镜像构建ok
去docker hub注册
https://hub.docker.com/ 注册下 得到docker id和密码
然后命令行
docker login
docker tag 7ce12aed7878 goodshred/hello-world:latest
docker push goodshred/hello-world:latest
备注: docker 需要按照用户名/仓库名(镜像名)----否则推送失败,成功之后如下:
docker 标记(Tag),推送(push),拉取(pull)你自己的镜像
rm,rmi删除容器,镜像
ps列出正在运行的容器
-a列出所有容器,包括未运行的
logs -f查看日志
实时列出redis容器的最后的100条日志数据,-t是时间戳
docker logs -f -t --tail 100 redis
exec -it进入容器
docker exec -it 775c7c9ee1e1 /bin/bash
run -itd -v首次启动容器
- 单杠参数
dit 后台启动运行容器
e 容器启动时可以传入的启动参数
v 容器文件挂载(容器和真机的文件的映射及内容的同步)
p 真机端口:容器端口映射 host:container【docker容器在启动的时候,如果不指定端口映射参数,在容器外部是无法通过网络来访问容器内的网络应用和服务的】 - 双杠参数
restart 开机自启
name 指定容器的名字
docker run -itd --name mongo --restart always -p 27017:27017 -v /data/db:/data/db mongo【镜像名】
docker-compose
docker-compose.yaml是docker多个服务一键安装的脚本
1.Dockerfile: 构建镜像;
2.docker run: 启动容器;
3.docker-compose: 启动服务;进入docker-compose.yaml 运行 docker-compose up -d 【-d参数是后台启动】
docker一键安装各个应用(单机版)
- mysql
docker pull mysql
docker run -d -p 3306:3306 --name mymysql -e MYSQL_ROOT_PASSWORD=root docker.io/mysql:latest
docker exec -it 83569d2048c610c /bin/sh
mysql -uroot -p (密码:root)
alter user 'root'@'%' identified with mysql_native_password by 'root';(修改权限允许远程访问)
- redis
docker pull redis
docker run -itd --name redis-test -p 6379:6379 redis
测试:
docker exec -it 容器id /bin/bash
find / -name redis-cli
/user/data/redis-cli -h {ip} -p {端口} 默认没有密码
- consul
docker pull consul
docker run --name consul1 -d -p 8500:8500 -p 8300:8300 -p 8301:8301 -p 8302:8302 -p 8600:8600 consul agent -server -bootstrap-expect 1 -ui -bind=0.0.0.0 -client=0.0.0.0
测试:http://192.168.153.135:8500/ui/dc1/services
- minio
docker pull minio/minio
docker run -dit -p 9000:9000 --name minio1 -e "MINIO_ACCESS_KEY=minio:admin" -e "MINIO_SECRET_KEY=minio:admin" -v /mnt/data:/data -v /mnt/config:/root/.minio minio/minio server /data
该版本最新版本命令为(我在mac上的安装):
docker pull minio/minio
docker run -dit -p 9005:9005 -p 9006:9006 --name minio1 -e "MINIO_ACCESS_KEY=minio:admin" -e "MINIO_SECRET_KEY=minio:admin123456" -v /Users/lmj/E-disk/data/mnt/data:/data -v /Users/lmj/E-disk/data/mnt/config:/root/.minio minio/minio server /data --console-address ":9006" --address ":9005"
- rabbitmq
docker pull rabbitmq:management
# 15672是管理界面的端口(界面用户名密码都是admin),5672是服务的端口
docker run -dit --name Myrabbitmq -e RABBITMQ_DEFAULT_USER=admin -e RABBITMQ_DEFAULT_PASS=admin -p 15672:15672 -p 5672:5672 rabbitmq:management
-
rocketmq
docker run -d --name es -p 9200:9200 -p 9300:9300 -e “discovery.type=single-node” -e ES_JAVA_OPTS="-Xms200m -Xmx200m" elasticsearch:6.8.0
docker run --name kibana -e ELASTICSEARCH_URL=http://10.9.80.43:9200 -p 5601:5601 -d kibana:6.8.0
- nginx
Docker 安装 Nginx - fastdfs
docker-compose在window上不能运行FastDFS
下载安装
docker pull delron/fastdfs
docker images
创建存储文件的地址
mkdir -p /var/fdfs/tracker
chmod a+rwx /var/fdfs/tracker
mkdir -p /var/fdfs/storage
chmod a+rwx /var/fdfs/storage
创建tracker容器:踪服务器,起到调度的作用
docker run -dti --network=host --privileged=true -p 22122:22122 --name tracker -v /var/fdfs/tracker:/var/fdfs -v /etc/localtime:/etc/localtime delron/fastdfs tracker
创建storage容器:存储服务器,提供容量和备份服务
docker run -p 8888:8888 -p 23000:23000 -dti --network=host --privileged=true --name storage -e TRACKER_SERVER=192.168.153.129:22122 -v /var/fdfs/storage:/var/fdfs -v /etc/localtime:/etc/localtime delron/fastdfs storage
过程中出现WARNING: Published ports are discarded when using host network mode不用管
- 测试
docker exec -it storage /bin/bash
cd /home
vi a.txt
/usr/bin/fdfs_upload_file /etc/fdfs/client.conf a.txt - 浏览器访问
http://192.168.153.136:8888/group1/M00/00/00/wKiZiF9lzVSAVrvvAAAABc5NQzc579.txt
注意点
本机ip要写成127.0.0.1
该镜像的nginx的配置文件在storage容器中的/usr/local/nginx下
FastDFS的三大核心配置文件在各自容器的/etc/fdfs下
关闭防火墙,关闭防火墙,关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld.service
Nginx的端口号需要和storage的端口号一致
docker重启开机自启
docker update --restart=always 容器id/容器名
docker update –restart=no 容器id/容器名
docker开机自启动: systemctl enable docker
手动启动:
service docker start
service docker stop
service docker restart
docker 安装及换源
启动docker:systemctl restart/start docker
开机重启:systemctl enable docker
- 2.1 安装
(1)yum 包更新到最新
sudo yum update
(2)安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
(3)设置yum源为阿里云
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(4)安装docker
sudo yum install docker-ce
(5)安装后查看docker版本
docker -v
- 2.2 设置ustc的镜像
ustc是老牌的linux镜像服务提供者了,还在遥远的ubuntu 5.04版本的时候就在用。ustc的docker镜像加速器速度很快。ustc docker mirror的优势之一就是不需要注册,是真正的公共服务。
https://lug.ustc.edu.cn/wiki/mirrors/help/docker
编辑该文件:
vi /etc/docker/daemon.json
在该文件中输入如下内容:
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
systemctl daemon-reload
systemctl restart docker
重启使其生效
docker制作镜像
docker commit -m ‘dz-lmj’ 【镜像描述】 -a ‘maojunli’ 【镜像作者】 3435ff34d168 【自制好的容器ID,容器名】 dz-lmj:1.0 【要发布的镜像名:版本号】
docker save -o dz-lmj.tar dz-lmj:1.0
可在当前目录查看到打好的镜像jar包
docker load < dz-lmj.tar
docker hub公有镜像仓库推拉镜像
比如docker id可以理解成用户名
https://hub.docker.com/
-
目录结构
-
编写 Dockerfile文件,用于镜像制作
# FROM openjdk:8-jdk-alpine
# 指定镜像,没有会创建
FROM java:8
# 本机目录(本机目录不能使用绝对路径,因为它本身就是一个相对路径
COPY target/demo-0.0.1-SNAPSHOT.jar /demo-0.0.1-SNAPSHOT.jar
# 本机目录直接从当前目录开始,所有需要复制的文件放在当前目录,如果目录不存在也不会创建目录) 容器目录
ENTRYPOINT ["java", "-jar","/demo-0.0.1-SNAPSHOT.jar"]
- 使用docker build 命令根据 Dockerfile文件创建镜像
- 使用 Docker Save 命令导出镜像文件
- 使用 Docker Load 命令
- 镜像推送
docker login -u 用户名 -p 密码 [镜像仓库地址,默认是index.docker.io,它是docker 的默认仓库地址]
例子:docker login -u xxx -p xxx https://index.docker.io
可使用docker logout
docker load -i demo.tar
docker tag demo:v1 index.docker.io/goodshred/demo:v1
docker push index.docker.io/goodshred/demo:v1
出现TLS handshake timeout,可以docker logout,在等一会,docker login
docker push出现denied: requested access to the resource is denied,这个说明镜像的命名不属于规则,命名必须用户名/应用名:版本号
docker容器安全
【Docker容器安全性分析】http://www.dockone.io/article/9817
761
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
