docker 是什么?
docker是一个软件,使用go语言开发,作用是对容器进行管理。
docker是容器技术的经典代表,docker 容器启动软件,颠覆了我们传统的软件安装的方式。
使用容器的好处
1.成本低廉
2.管理方便
容器和虚拟机的区别?
docker的优势:
1.启动速度快
2.资源消耗小
3.扩展方便
docker的缺点:
1. app隔离没有虚拟机彻底
2. 虚拟机的安全性要高一些
3. 层次不一样:虚拟机多一层封装
docker底层是如何做隔离的?
name space;kernel lxc;control groups;lxc+namespace+cgroups
Docker Engine 使用了以下 Linux 的隔离技术:
The pid namespace: 管理 PID 命名空间 (PID: Process ID)
The network namespace: 管理网络命名空间(NET: Networking)
The ipc namespace: 管理进程间通信命名空间(IPC: InterProcess Communication)
The mount namespace: 管理文件系统挂载点命名空间 (MNT: Mount)
The uts namespace: Unix 时间系统隔离. (UTS: Unix Timesharing System)
The user namespace:管理用户命令空间
namespace有什么作用?
1.隔离资源
2.是内存里存放数据的一个空间
关闭防火墙对docker的影响?
关闭防火墙或者清除防火墙规则,会导致iptables里的docker相关SNAT或者DNAT等策略失效,导致容器不能和外面的机器通信。
重启docker服务,会自动添加docker相关的iptables规则。
docker在centos7系统的安装过程:
1.卸载原来安装过的docker,如果没有安装可以不需要卸载。
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#The Docker Engine package is now called docker-ce.
2.安装yum相关的工具,下载docker-ce.repo文件
yum install -y yum-utils
yum-config-manager \
> --add-repo \
> https://download.docker.com/linux/centos/docker-ce.repo
添加docker官方的yum仓库文件,一会需要去docker官方的yum仓库下载软件。
如果下载比较慢的话,可以自己更改下载源。
[root@sc-docker yum.repos.d]# cd /etc/yum.repos.d/ # 存放所有的yum仓库文件的
[root@sc-docker yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo docker-ce.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo CentOS-x86_64-kernel.repo nginx.repo
docker-ce.repo # 就是我们刚刚下载的
3.安装docker-ce软件
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
# container engine 容器引擎
# docker是一个容器管理的软件
# docker-ce 是服务器端软件 server
# docker-ce-cli 是客户端软件 client
# docker-compose-plugin 是compose插件,用来批量启动很多容器,在单台机器上
# containerd.io 底层用来启动容器的
4.启动docker,并且设置docker开机启动
[root@sc-docker yum.repos.d]# systemctl start docker
[root@sc-docker yum.repos.d]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@sc-docker yum.repos.d]# ps aux|grep docker
root 16210 0.4 2.0 1368904 79400 ? Ssl 17:29 0:00 /usr/bin/dockerd-H fd:// --containerd=/run/containerd/containerd.sock
root 16363 0.0 0.0 12348 1112 pts/0 S+ 17:30 0:00 grep --color=auto docker
docker的一个容器,背后就是一个进程。
5.测试运行一个docker容器,下载nginx镜像并且启动一个nignx的服务。
[root@sc-docker yum.repos.d]# docker pull nginx # 下载nginx的镜像
Using default tag: latest
latest: Pulling from library/nginx
7a6db449b51b: Pull complete
ca1981974b58: Pull complete
d4019c921e20: Pull complete
7cb804d746d4: Pull complete
e7a561826262: Pull complete
7247f6e5c182: Pull complete
Digest: sha256:b95a99feebf7797479e0c5eb5ec0bdfa5d9f504bc94da550c2f58e839ea6914f
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@sc-docker yum.repos.d]# docker images # 查看已经下载的镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 2b7d6430f78d 2 days ago 142MB
# 使用docker启动一个容器,可以理解为开启一台虚拟机
[root@sc-docker yum.repos.d]# docker run -d -p 8090:80 --name sc-nginx nginx
bda1e5c73838b5e48e711f27f3473f1749006786c28e061a9469f49e93439e32
# docker run 是启动容器的命令
# -d 在后台运行 daemon 守护进程
# -p 8090:80 指定端口映射 DNAT 访问本机的8090端口,转发到docker容器的80端口
# --name sc-nginx 指定容器的名字
# nginx 是镜像的名字
# 在windows浏览器上测试能否访问宿主机的8090端口
# http://192.168.1.183:8090/
使用容器启动一个MySQL的服务:
1.下载镜像
[root@sc-docker ~]# docker pull mysql:5.7.39
5.7.39: Pulling from library/mysql
9815334b7810: Pull complete
f85cb6fccbfd: Pull complete
b63612353671: Pull complete
447901201612: Pull complete
9b6bc806cc29: Pull complete
24ec1f4b3b0d: Pull complete
207ed1eb2fd4: Pull complete
27cbde3edd97: Pull complete
0a5aa35cc154: Pull complete
e6c92bf6471b: Pull complete
07b80de0d1af: Pull complete
Digest: sha256:c1bda6ecdbc63d3b0d3a3a3ce195de3dd755c4a0658ed782a16a0682216b9a48
Status: Downloaded newer image for mysql:5.7.39
docker.io/library/mysql:5.7.39
2.启动容器
[root@sc-docker ~]# docker run -d --name sc-mysql-1 -p 3306:3306 -e MYSQL_ROOT_PASSWORD="sc123456
3d15dbc364ac4ed187ceb68c1a2215c33b6512680864cc49a31bf799052b277c
[root@sc-docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3d15dbc364ac mysql:5.7.39 "docker-entrypoint.s…" 3 seconds ago Up 3 seconds 0.0.0.0:330cp, 33060/tcp sc-mysql-1
73e618b7f293 nginx "/docker-entrypoint.…" 3 hours ago Up 3 hours 0.0.0.0:809 sc-nginx
3.进入mysql容器里
docker exec 进入容器内容,执行命令 execute
-it 开启一个终端,交互式登陆进入
sc-mysql-1 容器的名字
bash 进入容器里运行的程序
[root@sc-docker ~]# docker exec -it sc-mysql-1 bash
bash-4.2# ls
bin dev entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint-initdb.d etc lib media opt root sbin sys usr
bash-4.2# cat /etc/re
redhat-release resolv.conf
bash-4.2# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)
bash-4.2# mysql -uroot -p"sc123456"
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.39 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql> exit
Bye
bash-4.2# exit
exit
[root@sc-docker ~]#
# 启动失败的排错过程
[root@sc-docker yum.repos.d]# docker logs a5b752cc4485 # 查看容器启动失败的日志
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [ERROR] [Entrypoint]: Database is uninitialized and password option is not specified
You need to specify one of the following:
- MYSQL_ROOT_PASSWORD
- MYSQL_ALLOW_EMPTY_PASSWORD
- MYSQL_RANDOM_ROOT_PASSWORD
[root@sc-docker yum.repos.d]# docker logs sc-mysql-1
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [ERROR] [Entrypoint]: Database is uninitialized and password option is not specified
You need to specify one of the following:
- MYSQL_ROOT_PASSWORD
- MYSQL_ALLOW_EMPTY_PASSWORD
- MYSQL_RANDOM_ROOT_PASSWORD
# docker rmi nginx 删除镜像
[root@sc-docker yum.repos.d]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a5b752cc4485 mysql:5.7.39 "docker-entrypoint.s…" 6 minutes ago Exited (1) 6 minutes ago sc-mysql-1
bda1e5c73838 nginx "/docker-entrypoint.…" 3 hours ago Up 3 hours 0.0.0.0:8090->80/tcp, :::8090->80/tcp sc-nginx
[root@sc-docker yum.repos.d]# docker rm sc-mysql-1 # 删除启动失败的容器,正在运行的容器不能直接删除 sc-mysql-1
docker常用命令
docker images # 查看已经下载的镜像
docker search # 查找镜像
docker rmi # 删除镜像
docker pull # 拉取镜像
docker save # 导出镜像
docker load # 导入镜像;
docker run = docker create + docker start # 启动容器
docker stop # 停止容器
docker rm # 删除容器
docker restart # 重启容器
docker ps # 查看容器状态
docker ps -a # 查看所有的容器进程
docker inspect # 查看详细信息
docker logs # 查看日志
docker network ls # 查看网络类型
docker top # 查看docker运行的进程信息
docker version # 查看版本
docker stat # 显示容器使用的系统资源
docker volume # 查看卷
docker --help 查看docker 帮助文档
[root@sc-docker ~]# docker --help
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes