1.dorcker简介
docker是容器技术的一个前端工具,容器是内核的一项技术,docker只是把这一项技术的使用得以简化,使之普及而已。(dorcker是管理容器的工具)
docker中的容器:
- lxc --> libcontainer --> runC
2.OCI&OCF
OCI
Open Container-initiative
- 由Linux基金会主导于2015年6月创立
- 旨在围绕容器格式和运行时制定一个开放的工业化标准
- contains two specifications
- the Runtime Specification(runtime-spec)运行时的规范
- the Image Specification(image-spec) 镜像的规范
OCF
Open Container Format
runC is a CLI tool for spawning and running containers according to the OCI
- specification(命令行工具 用于创建运行容器 根据OCI的标准)
- Containers are started as a child process of runC and can be embedded
into various other systems without having to run a
daemon(将容器启动为runC的子进程 可以嵌入到其他各种系统中,而无需运行守护进程) - runC is built on libcontainer, the same container technology powering
millions of Docker Engine installations(runC构建在libcontainer上
提供给很多人使用) docker提供了一个专门容纳容器镜像的站点:https://hub.docker.com
3.docker架构
- 客户端和主机在同一台主机上 客户机执行命令 向主机发送请求寻找服务 查找本地有无此服务 有的话就启动 没有去镜像中下载启动
- docker-ee 付费
- docker-ce 开源
4.docker镜像与镜像仓库
为什么镜像仓库名字是Registry而不是repository?在docker中仓库的名字是以应用的名称取名的。
镜像是静态的,而容器是动态的,容器有其生命周期,镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件,而容器则类似于将一个程序运行起来的状态,也即进程。所以容器是可以删除的,容器被删除后其镜像是不会被删除的。
5.docker对象
When you use docker, you are creating and using images, containers, networks, volumes, pluginns, and other objects.(当你使用docker时,你是在创建和使用图像、容器、网络、卷、插件和其他对象。)
- IMAGES
- An image is a read-only template with instructions for creating a
docker container.(镜像是一个只读的模板 用于创建dorker容器) - Often, an image is based on another image, with some additional
customization.(通常,一个镜像基于另一个镜像,并带有一些额外的定制。) - You might create your own images or you might only use those created
by others and published in a
registry.(您可以创建自己的图像,也可以只使用其他人创建并在注册表中发布的图像。) - CONTAINERS
A conntainer is a runnable instance of an image.(容器是镜像的可运行实例。)
- You can create, run, stop, move, or delete a container using the
docker API or CLI.(您可以使用docker API或CLI创建、运行、停止、移动或删除容器。) - You can connect a container to one or more networks, attach storage
to it, or even create a new image based on its current
state.(您可以将一个容器连接到一个或多个网络,将存储附加到它,甚至根据它的当前状态创建一个新镜像)
常用命令
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# dnf clean all
0 文件已删除
[root@localhost yum.repos.d]# dnf makecache
CentOS-8.5.2111 - Base - mirrors.aliyun.com 1.8 MB/s | 4.6 MB 00:02
CentOS-8.5.2111 - Extras - mirrors.aliyun.com 92 kB/s | 10 kB 00:00
CentOS-8.5.2111 - AppStream - mirrors.aliyun.com 1.4 MB/s | 8.4 MB 00:05
元数据缓存已建立。
[root@localhost yum.repos.d]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@localhost yum.repos.d]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@localhost yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@localhost yum.repos.d]# ls
CentOS-Base.repo epel.repo epel-testing.repo
epel-modular.repo epel-testing-modular.repo
[root@localhost yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost yum.repos.d]# ls
CentOS-Base.repo epel-modular.repo epel-testing-modular.repo
docker-ce.repo epel.repo epel-testing.repo
[root@localhost yum.repos.d]# dnf -y install --allowerasing docker-ce
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# cd /etc/docker/
[root@localhost docker]# ls
key.json
[root@localhost docker]# vi daemon.json
[root@localhost docker]# cat daemon.json
{
"registry-mirrors": ["https://6somtdrl.mirror.aliyuncs.com"]
}
[root@localhost ~]# docker info
Client: //客户端
Context: default //上下文(默认不打开)
Debug Mode: false //测试bug模式(没打开)
Plugins: //插件
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server: //服务端
Containers: 0 //容器
Running: 0 //正在运行的
Paused: 0 //暂停的
Stopped: 0 //停止的
Images: 0 //镜像
Server Version: 20.10.14 //sever的版本
Storage Driver: overlay2 //存储的驱动
Backing Filesystem: xfs //客户端的存储
Supports d_type: true //支持d的类型
Native Overlay Diff: true //本机叠加差异
userxattr: false //用户的属性
Logging Driver: json-file //日志驱动
Cgroup Driver: cgroupfs //控制组
Cgroup Version: 1 //控制组的版本
Plugins: //插件
Volume: local //卷在本地的
Network: bridge host ipvlan macvlan null overlay //网络支持的模式
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog //日志
Swarm: inactive // Swarm功能默认没打开
Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2 //运行时
Default Runtime: runc //默认的运行时
Init Binary: docker-init //初始化的程序
containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8 //容器的版本号
runc version: v1.0.3-0-gf46b6ba //runc的版本号
init version: de40ad0 //初始化的版本号
Security Options: //安全的选项
seccomp
Profile: default
Kernel Version: 4.18.0-365.el8.x86_64 //内核版本号
Operating System: CentOS Stream 8 //操作系统
OSType: linux //系统类型
Architecture: x86_64 //平台
CPUs: 4 //中央处理器个数
Total Memory: 3.618GiB //总内存
Name: localhost.localdomain //主机名
ID: 6ML2:FXNO:6LP7:AJL6:QONR:3BVF:TXUK:HKEZ:QFMS:DYI5:PWIO:CACX
Docker Root Dir: /var/lib/docker //docker的家目录
Debug Mode: false //bug测试模式默认关闭的
Registry: https://index.docker.io/v1/ //仓库
Labels: //标签
Experimental: false
Insecure Registries: //不完整的仓库
127.0.0.0/8 //本机
Registry Mirrors: //加速器
https://6somtdrl.mirror.aliyuncs.com/
Live Restore Enabled: false
[root@localhost ~]# docker version //查看版本号
Client: Docker Engine - Community
Version: 20.10.14
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 24 01:47:44 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.14
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 87a90dc
Built: Thu Mar 24 01:46:10 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.11
GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@localhost ~]# docker search seancheng1002/httpd
//忘情老师做的httpd镜像包
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
seancheng1002/httpd 0
[root@localhost ~]# docker search httpd //在官网上查看httpd的包
NAME DESCRIPTION STARS(星星) OFFICIAL(官方) AUTOMATED
httpd (官方的) The Apache HTTP Server Project 3976 [OK]
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 44
centos/httpd 35 [OK]
solsson/httpd-openidc mod_auth_openidc on official httpd image, ve… 2 [OK]
hypoport/httpd-cgi httpd-cgi 2 [OK]
dariko/httpd-rproxy-ldap Apache httpd reverse proxy with LDAP authent… 1 [OK]
manageiq/httpd Container with httpd, built on CentOS for Ma… 1 [OK]
dockerpinata/httpd 1
publici/httpd httpd:latest 1 [OK]
clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser… 1
jonathanheilmann/httpd-alpine-rewrite httpd:alpine with enabled mod_rewrite 1 [OK]
inanimate/httpd-ssl A play container with httpd, ssl enabled, an… 1 [OK]
centos/httpd-24-centos8 1
lead4good/httpd-fpm httpd server which connects via fcgi proxy h… 1 [OK]
manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK]
e2eteam/httpd 0
paketobuildpacks/httpd 0
httpdocker/kubia-unhealthy 0
httpdss/archerysec ArcherySec repository 0 [OK]
19022021/httpd-connection_test This httpd image will test the connectivity … 0
patrickha/httpd-err 0
httpdocker/kubia 0
sandeep1988/httpd-new httpd-new 0
itsziget/httpd24 Extended HTTPD Docker image based on the off… 0 [OK]
manasip/httpd 0
[root@localhost ~]# docker images //查看当前所有镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# docker pull httpd //拉镜像下来,不接版本号表示下载最新
Using default tag: latest
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete
dcc4698797c8: Pull complete
41c22baa66ec: Pull complete
67283bbdd4a0: Pull complete
d982c879c57e: Pull complete
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[root@localhost ~]# docker images //查看当前所有镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest dabbfbe0c57b 4 months ago 144MB
(名称) (版本) (镜像id) (4个月前) (大小)
[root@localhost ~]# docker pull httpd:2.4.53 //拉取指定的版本
2.4.53: Pulling from library/httpd
1fe172e4850f: Pull complete
e2fa1fe9b1ec: Pull complete
60dd7398e74e: Pull complete
ea2ca81c6d4c: Pull complete
f646c69a26ec: Pull complete
Digest: sha256:e02a2ef36151905c790efb0a8472f690010150f062639bd8c0760e7b1e884c07
Status: Downloaded newer image for httpd:2.4.53
docker.io/library/httpd:2.4.53
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@localhost ~]# docker create --help //查看帮助
[root@localhost ~]# docker create --name test -p 80:80 httpd
//创建容器
2966d272d96ac4a1cac8d1d1704c4e32705701e0a4ee8fbb4a88c905a22c0e0d
[root@localhost ~]# docker ps //列出当前正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker ps -a //查看所有容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2966d272d96a httpd "httpd-foreground" About a minute ago Created test
[root@localhost ~]# docker start test //启动test
test
[root@localhost ~]# docker start 2966d272d96a //id启动也是相当于启动test
2966d272d96a
[root@localhost ~]# docker ps //查看正在运行,发现有了,表示启动成功
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2966d272d96a httpd "httpd-foreground" 3 minutes ago Up About a minute 0.0.0.0:80->80/tcp, :::80->80/tcp test
关掉防火墙:
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# setenforce 0
验证:
[root@localhost ~]# docker stop test //停用test
test
[root@localhost ~]# docker ps //发现没有了,表示停用成功
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker start test //重新启动报错,因为新版本的需要打开防火墙并允许放行才能启动
Error response from daemon: driver failed programming external connectivity on endpoint test (594aeb3548ee6e987e96d9e4f9aef0260dfdb4311e223966825410cf766e32c9): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1))
Error: failed to start containers: test
[root@localhost ~]# systemctl start firewalld.service //开启防火墙
[root@localhost ~]# docker start test //启动成功
test
[root@localhost ~]# firewall-cmd --list-all //看放行规则,发现没放行
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 service name=http accept' --permanent
success
//放行防火墙规则
[root@localhost ~]# firewall-cmd --reload
success
//重新加载规则
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
//看最后一个,能看到这个的富规则
//此时回到浏览器刷新依然可以访问
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2966d272d96a httpd "httpd-foreground" 24 minutes ago Up 6 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp test
[root@localhost ~]# docker kill test
test
//杀死进程test
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2966d272d96a httpd "httpd-foreground" 25 minutes ago Exited (137) 44 seconds ago test
//停止了
[root@localhost ~]# docker logs test //查看test的日志
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 12:58:32.908639 2022] [mpm_event:notice] [pid 1:tid 140395278413120] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 12:58:32.908833 2022] [core:notice] [pid 1:tid 140395278413120] AH00094: Command line: 'httpd -D FOREGROUND'
172.17.0.1 - - [24/Apr/2022:13:04:28 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [24/Apr/2022:13:04:29 +0000] "GET /favicon.ico HTTP/1.1" 404 196
172.17.0.1 - - [24/Apr/2022:13:05:20 +0000] "-" 408 -
[Sun Apr 24 13:08:06.683872 2022] [mpm_event:notice] [pid 1:tid 140395278413120] AH00492: caught SIGWINCH, shutting down gracefully
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 13:11:32.293776 2022] [mpm_event:notice] [pid 1:tid 140324335148352] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 13:11:32.293925 2022] [core:notice] [pid 1:tid 140324335148352] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.142.1 - - [24/Apr/2022:13:19:03 +0000] "GET / HTTP/1.1" 304 -
192.168.142.1 - - [24/Apr/2022:13:19:55 +0000] "-" 408 -
[Sun Apr 24 13:20:20.701817 2022] [mpm_event:notice] [pid 1:tid 140324335148352] AH00492: caught SIGWINCH, shutting down gracefully
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 13:20:22.107629 2022] [mpm_event:notice] [pid 1:tid 140706569719104] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 13:20:22.107704 2022] [core:notice] [pid 1:tid 140706569719104] AH00094: Command line: 'httpd -D FOREGROUND'
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 13:23:15.147255 2022] [mpm_event:notice] [pid 1:tid 140264953384256] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 13:23:15.147422 2022] [core:notice] [pid 1:tid 140264953384256] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.142.1 - - [24/Apr/2022:13:23:35 +0000] "GET / HTTP/1.1" 304 -
192.168.142.1 - - [24/Apr/2022:13:23:36 +0000] "GET / HTTP/1.1" 304 -
192.168.142.1 - - [24/Apr/2022:13:23:39 +0000] "GET / HTTP/1.1" 304 -
192.168.142.1 - - [24/Apr/2022:13:23:44 +0000] "GET /sdhkahd HTTP/1.1" 404 196
192.168.142.1 - - [24/Apr/2022:13:23:46 +0000] "GET /sdhkahd HTTP/1.1" 404 196
[root@localhost ~]# docker rm -f test //强制删除正在运行时的test,默认是不能直接删除正在运行的
test
[root@localhost ~]# docker ps -a //查看,成功删除
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker images //镜像还在,虽然容器被删除了
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@localhost ~]# docker run -it --name test busybox /bin/sh
//这个命令是如果没有这个容器则自动创建并启用容器,进到/bin/sh下
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
//执行了exit后不是删除了,只是被停掉了
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7162fbc3c9a busybox "/bin/sh" 2 minutes ago Exited (0) 56 seconds ago test
[root@localhost ~]# docker start test //虽然现在能启动,但是进不去了
test
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7162fbc3c9a busybox "/bin/sh" 3 minutes ago Up 4 seconds test
[root@localhost ~]# docker attach test
/ #
//如果还想进去则学这个命令(依然是退出停掉)
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]#
[root@localhost ~]# docker start test
test
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7162fbc3c9a busybox "/bin/sh" 7 minutes ago Up 9 seconds test
[root@localhost ~]# docker exec -it test /bin/sh
/ # exit
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7162fbc3c9a busybox "/bin/sh" 7 minutes ago Up 52 seconds test
//虽然已经退出,但他并没有停掉