Docker应用基础
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
每日一想:
互联网有这么典型的一句话:一般来讲,懂得越少的人越有自信,而懂得越多的人他越谦虚,这是由于每个人认知不同! 这句话很熟悉啊,毕竟和我高中的化学老师的口头禅很像,我记得他经常说我们:哎,懂得少就是幸福啊!
一.容器
1>.什么是 Linux 容器?
Linux®容器是与系统其他部分隔离开的一系列进程。运行这些进程所需的所有文件都由另一个镜像提供,这意味着从开发到测试再到生产的整个过程中,Linux 容器都具有可移植性和一致性。因而,相对于依赖重复传统测试环境的开发渠道,容器的运行速度要快得多。
假设您在开发一个应用。您使用的是一台笔记本电脑,而且您的开发环境具有特定的配置。其他开发人员身处的环境配置可能稍有不同。您正在开发的应用不止依赖于您当前的配置,还需要某些特定的库、依赖项和文件。与此同时,您的企业还拥有标准化的开发和生产环境,有着自己的配置和一系列支持文件。您希望尽可能多在本地模拟这些环境,而不产生重新创建服务器环境的开销。因此,您要如何确保应用能够在这些环境中运行和通过质量检测,并且在部署过程中不出现令人头疼的问题,也无需重新编写代码和进行故障修复?答案就是使用容器。
容器可以确保您的应用拥有必需的库、依赖项和文件,让您可以在生产中自如地迁移这些应用,无需担心会出现任何负面影响。实际上,您可以将容器镜像中的内容,视为 Linux 发行版的一个安装实例,因为其中完整包含 RPM 软件包、配置文件等内容。但是,安装容器镜像发行版,要比安装新的操作系统副本容易得多。这样可以避免危机,做到皆大欢喜。详情请参考:https://www.redhat.com/zh/topics/containers/whats-a-linux-container。
2>.容器不就是虚拟化吗?
不完全如此。更确切的说法应该是:两者为互补关系。我们用一种简单方式来思考一下:
- 虚拟化使得您的操作系统(Windows 或 Linux)可同时在单个硬件系统上运行。
- 容器则可共享同一个操作系统内核,将应用进程与系统其他部分隔离开。例如:ARM Linux 系统运行 ARM Linux 容器,x86 Linux 系统运行 x86 Linux 容器,x86 Windows 系统运行 x86 Windows 容器。Linux 容器具有极佳的可移植性,但前提是它们必须与底层系统兼容。、
这意味着什么?虚拟化会使用虚拟机监控程序模拟硬件,从而使多个操作系统能够并行运行。但这不如容器轻便。事实上,在仅拥有容量有限的有限资源时,您需要能够可以进行密集部署的轻量级应用。Linux 容器在本机操作系统上运行,与所有容器中共享该操作系统,因此应用和服务能够保持轻巧,并行化快速运行。
Linux 容器是我们开发、部署和管理应用方式的又一次飞跃。Linux 容器镜像提供了可移植性和版本控制,确保能够在开发人员的笔记本电脑上运行的应用,同样也能在生产环境中正常运行。相较于虚拟机,Linux 容器在运行时所占用的资源更少,使用的是标准接口(启动、停止、环境变量等),并会与应用隔离开;此外,作为(包含多个容器)大型应用的一部分时更加易于管理,而且这些多容器应用可以跨多个云环境进行编排。
3>.容器简史
容器并非起源于 Linux,但开源世界的最精彩之处就在于借鉴、修改和改进,容器也不例外。
我们现在称为容器技术的概念最初出现在 2000 年,时称 FreeBSD jail,这种技术可将 FreeBSD 系统分区为多个子系统(也称为 Jail)。Jail 是作为安全环境而开发的,系统管理员可与企业内部或外部的多个用户共享这些 Jail。Jail 的目的是让进程在经过修改的 chroot 环境中创建,而不会脱离和影响整个系统 — 在 chroot 环境中,对文件系统、网络和用户的访问都实现了虚拟化。尽管 Jail 在实施方面存在局限性,但最终人们找到了脱离这种隔离环境的方法。
但这个概念非常有吸引力。
2001 年,通过 Jacques Gélinas 的 VServer 项目,隔离环境的实施进入了 Linux 领域。正如 Gélinas 所说,这项工作的目的是“在高度独立且安全的单一环境中运行多个通用 Linux 服务器 [sic]。” 在完成了这项针对 Linux 中多个受控制用户空间的基础性工作后,Linux 容器开始逐渐成形并最终发展成了现在的模样。
4>.容器变得具有实用性
很快,更多技术结合进来,让这种隔离方法从构想变为现实。控制组 (cgroups) 是一项内核功能,能够控制和限制一个进程或多组进程的资源使用。而 systemd 初始化系统可设置用户空间,并且管理它们的进程,cgroups 使用该系统来更严密地控制这些隔离进程。这两种技术在增加对 Linux 的整体控制的同时,也成为了保持环境隔离的重要框架。
内核命名空间的改进,推动了容器的进一步发展。利用内核命名空间,从进程 ID 到网络名称,一切都可在 Linux 内核中实现虚拟化。新增的用户命名空间“使得用户和组 ID 可以按命名空间进行映射。对于容器而言,这意味着用户和组可以在容器内部拥有执行某些操作的特权,而在容器外部则没有这种特权。”Linux 容器项目 (LXC) 还添加了用户急需的一些工具、模板、库和语言绑定,从而推动了这些进步,进而改善了使用容器的用户体验。LXC 使得用户能够通过简单的命令行界面轻松地启动容器。
5>.进入 Docker 技术时代
2008 年,Docker 公司凭借与公司同名的容器技术通过 dotCloud 登上了舞台。Docker 技术带来了很多新的概念和工具,包括可运行和构建新的分层镜像的简单命令行界面、服务器守护进程、含有预构建容器镜像的库以及注册表服务器概念。通过综合运用这些技术,用户可以快速构建新的分层容器,并轻松地与他人共享这些容器。
红帽意识到了在这个全新的生态系统中协作能够产生的巨大力量,因而在我们的 OpenShift 容器平台中采用了底层技术。为了避免如此重要的技术被单个供应商掌控,Docker Inc. 向社区主导型开源项目提供了很多底层组件(runc 源自开放容器计划,containerd 已移交给 CNCF)。
我们可通过三个主要标准,来确保各种容器技术间的互操作性,即 OCI 镜像、分发和运行时规范。通过遵循上述规范,社区项目、商用产品和云技术提供商可以构建可互操作的容器技术(可将您自行构建的镜像,推送至云技术提供商的注册表服务器——完成这一操作后,镜像才能正常工作)。当前,红帽和 Docker 等公司都是开放容器计划(OCI)的成员,致力于实现容器技术的开放行业标准化。
6>.Linux Namespaces种类
从内核版本4.10开始,有7种命名空间。命名空间功能在所有类型中都是相同的:每个进程都与命名空间相关联,并且只能查看或使用与该命名空间关联的资源,以及适用的后代命名空间。这样,每个进程(或其组)可以具有关于资源的唯一视图。隔离哪个资源取决于为给定进程组创建的命名空间的类型。以下内容参考自:https://en.wikipedia.org/wiki/Linux_namespaces。
1>.装载(Mount ,简称:mnt) 挂载命名空间控制挂载点。创建后,当前mount命名空间中的挂载将复制到新的命名空间,但之后创建的挂载点不会在命名空间之间传播(使用共享子树,可以在命名空间之间传播挂载点)。 用于创建此类型的新命名空间的克隆标志是CLONE_NEWNS - “NEW NameSpace”的缩写。这个术语不是描述性的(因为它没有说明要创建哪种命名空间),因为mount命名空间是第一种命名空间,设计者没有预料到会有其他命名空间。 2>.进程ID(Process ID 简称:pid) PID命名空间为进程提供来自其他命名空间的独立进程ID(PID)集。PID名称空间是嵌套的,这意味着在创建新进程时,它将为每个名称空间从其当前名称空间到初始PID名称空间具有PID。因此,初始PID命名空间能够查看所有进程,尽管具有与其他命名空间不同的PID将看到进程。 在PID命名空间中创建的第一个进程被分配了进程ID号1,并且接收了大多数与正常init进程相同的特殊处理,最值得注意的是命名空间中的孤立进程被附加到它。这也意味着此PID 1进程的终止将立即终止其PID命名空间和任何后代中的所有进程。 3>.网络(Network 简称:net) 网络命名空间虚拟化网络堆栈。在创建时,网络命名空间仅包含环回接口。 每个网络接口(物理或虚拟)都存在于1个命名空间中,可以在命名空间之间移动。 每个命名空间都有一组私有IP地址,自己的路由表,套接字列表,连接跟踪表,防火墙和其他与网络相关的资源。 销毁网络命名空间会破坏其中的任何虚拟接口,并将其中的任何物理接口移回初始网络命名空间。 4>.进程间通信(Interprocess Communication 简称:ipc) IPC名称空间将进程与SysV样式的进程间通信隔离开来。这可以防止不同IPC名称空间中的进程使用例如SHM系列函数在两个进程之间建立一系列共享内存。相反,每个进程将能够为共享内存区域使用相同的标识符,并生成两个这样的不同区域。同一机器之间进程通信的方式有很多,比如消息队列(message queues),共享内存(shared memory)等等。跨主机之间的通信我们称之为套接字通信,也是我们应用最多的! 5>.悉尼科技大学(简称:UTS) UTS名称空间允许单个系统看起来具有不同进程的主机名和域名。 6>.用户ID(User ID 简称:user) 用户命名空间是一种在多组进程中提供权限隔离和用户标识隔离的功能。通过管理帮助,可以构建具有看似管理权限的容器,而无需实际提升用户进程的权限。与PID命名空间一样,用户命名空间是嵌套的,并且每个新用户命名空间都被视为创建它的用户命名空间的子节点。 用户命名空间包含一个映射表,用于将用户ID从容器的角度转换为系统的角度。例如,这允许root用户在容器中具有用户id 0,但实际上系统将其视为用户ID 1,400,000以进行所有权检查。类似的表用于组ID映射和所有权检查。 为了促进管理操作的权限隔离,每个命名空间类型在创建时基于活动用户命名空间被用户命名空间认为。在相应的用户命名空间中具有管理权限的用户将被允许在该其他命名空间类型中执行管理操作。例如,如果进程具有更改网络接口的IP地址的管理权限,则只要其自己的用户命名空间与拥有网络命名空间的用户命名空间(或其祖先)相同,它就可以这样做。因此,初始用户命名空间具有对系统中所有命名空间类型的管理控制。 7>.对照组(Control group 简称:cgroup) cgroup命名空间类型隐藏了进程所属的控制组的标识。在这样的命名空间中的进程,检查任何进程所属的控制组,将看到实际上相对于在创建时设置的控制组的路径,隐藏其真实的控制组位置和身份。此命名空间类型自Linux 4.6以来就已存在。
7>.什么是Docker
“Docker” 一词指代了多个概念,包括开源社区项目、开源项目使用的工具、主导支持此类项目的公司 Docker Inc. 以及该公司官方支持的工具。技术产品和公司使用同一名称,的确让人有点困惑。
我们来简单说明一下:
- IT 软件中的 “Docker” 是指容器化技术,用于创建和使用 Linux® 容器。
- 开源 Docker 社区致力于改进这类技术,并免费提供给所有用户,互利共赢。
- Docker Inc. 公司凭借 Docker 社区产品起家,它主要负责提升社区版本的安全性,并将技术进步与广大技术社区分享。此外,它还专门对这些技术产品进行完善和安全加固,服务于企业客户。
借助 Docker,您可将容器当做轻巧、模块化的虚拟机使用。同时,您还将获得高度的灵活性,从而可以高效地创建、部署和复制容器,并能将其从一个环境顺利迁移至另一个环境。详情请参考:https://www.redhat.com/zh/topics/containers/what-is-docker。
docker 在最初设计时只关注了单一容器该如何更好的运行,随后不久他们意识到了单一容器本身的管理是没有太大价值的。换句话说,docker自己的价值在单一的docker中并没有发挥出来,而是需要用容器编排系统的支撑他才能发挥出来。因此想法设法的,既要维护容器技术,另外一方面开始去开发容器编排系统。于是就有了docker容器编排三剑客,即docker-machine,docker-swarm以及docker-compose等技术都是docker的容器编排系统。
而在Google公司也不甘示弱,开源了kubernetes容器编排技术,这对Docker简直就是降维打击!这让docker自研的容器编排招架不住。而kubernetes的在谷歌公司内部得到了很广泛的应用。容器技术很多公司都在搞,Google 再用,阿里也在用,只不过阿里有他们自己的容器化技术,应用的广泛性和Docker还没法比!
二.Docker架构
Docker 采用的是 Client/Server 架构。客户端向服务器发送请求,服务器负责构建、运行和分发容器。客户端和服务器可以运行在同一个 Host 上,客户端也可以通过 socket 或 REST API 与远程的服务器通信。参考链接:https://www.cnblogs.com/CloudMan6/p/6763789.html
一.Client: Docker 客户端,最常用的 Docker 客户端是 docker 命令。通过docker我们可以方便地在Host上构建和运行容器。 docker 支持很多操作( docker 命令行工具),用户也可以通过 REST API 与服务器通信。 二.Docker daemon: Docker daemon 是服务器组件(Docker 服务器 ),以 Linux 后台服务的方式运行。 Docker daemon 运行在 Docker host 上,负责创建、运行、监控容器,构建、存储镜像。默认配置下,Docker daemon 只能响应来自本地 Host 的客户端请求。如果要允许远程客户端请求,需要在配置文件中打开 TCP 监听 三.Image: 可将Docker镜像看着只读模板,通过它可以创建 Docker 容器。例如某个镜像可能包含一个 Ubuntu 操作系统、一个 Apache HTTP Server 以及用户开发的 Web 应用。 镜像有多种生成方法: 可以从无到有开始创建镜像; 也可以下载并使用别人创建好的现成的镜像 还可以在现有镜像上创建新的镜像 我们可以将镜像的内容和创建步骤描述在一个文本文件中,这个文件被称作 Dockerfile,通过执行 docker build <docker-file> 命令可以构建出 Docker 镜像。 四.Registry: Docker 仓库,Registry 是存放 Docker 镜像的仓库,Registry 分私有和公有两种。Registry 是存放 Docker 镜像的仓库,Registry 分私有和公有两种。 五.Container: Docker 容器,用于加载Docker镜像。换句话说,Docker 容器就是 Docker 镜像的运行实例。
三.安装Docker
1>.查看Docker-ce的官方文档(https://docs.docker.com/install/)
2>.下载docker的yum的阿里云源
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install wget Loaded plugins: fastestmirror base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/4): base/7/x86_64/group_gz | 166 kB 00:00:00 (2/4): extras/7/x86_64/primary_db | 187 kB 00:00:00 (3/4): updates/7/x86_64/primary_db | 3.3 MB 00:00:02 (4/4): base/7/x86_64/primary_db | 6.0 MB 00:00:05 Determining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.neusoft.edu.cn * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package wget.x86_64 0:1.14-18.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================================================================================================== Installing: wget x86_64 1.14-18.el7 base 547 k Transaction Summary ========================================================================================================================================================================================================================== Install 1 Package Total download size: 547 k Installed size: 2.0 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-18.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY================================================- ] 0.0 B/s | 511 kB --:--:-- ETA Public key for wget-1.14-18.el7.x86_64.rpm is not installed wget-1.14-18.el7.x86_64.rpm | 547 kB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wget-1.14-18.el7.x86_64 1/1 Verifying : wget-1.14-18.el7.x86_64 1/1 Installed: wget.x86_64 0:1.14-18.el7 Complete! [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo --2019-03-23 07:45:05-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 116.136.134.81, 27.221.93.97, 27.221.93.93, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|116.136.134.81|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2640 (2.6K) [application/octet-stream] Saving to: ‘/etc/yum.repos.d/docker-ce.repo’ 100%[================================================================================================================================================================================>] 2,640 --.-K/s in 0s 2019-03-23 07:45:07 (41.1 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [2640/2640] [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
3>.安装docker
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install docker-ce Loaded plugins: fastestmirror docker-ce-stable | 3.5 kB 00:00:00 (1/2): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:00 (2/2): docker-ce-stable/x86_64/primary_db | 25 kB 00:00:00 Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.neusoft.edu.cn * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package docker-ce.x86_64 3:18.09.3-3.el7 will be installed --> Processing Dependency: container-selinux >= 2.9 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: containerd.io >= 1.2.2-3 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libseccomp >= 2.3 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: docker-ce-cli for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libcgroup for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libseccomp.so.2()(64bit) for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Running transaction check ---> Package container-selinux.noarch 2:2.74-1.el7 will be installed --> Processing Dependency: selinux-policy-targeted >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: selinux-policy-base >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: selinux-policy >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: policycoreutils >= 2.5-11 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.74-1.el7.noarch ---> Package containerd.io.x86_64 0:1.2.4-3.1.el7 will be installed ---> Package docker-ce-cli.x86_64 1:18.09.3-3.el7 will be installed ---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed ---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed --> Running transaction check ---> Package policycoreutils.x86_64 0:2.2.5-20.el7 will be updated ---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update --> Processing Dependency: libsepol >= 2.5-10 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsepol.so.1(LIBSEPOL_1.1)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsepol.so.1(LIBSEPOL_1.0)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage.so.1(LIBSEMANAGE_1.1)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 ---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be installed --> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 ---> Package selinux-policy.noarch 0:3.13.1-60.el7 will be updated ---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.9 will be an update ---> Package selinux-policy-targeted.noarch 0:3.13.1-60.el7 will be updated ---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 will be an update --> Running transaction check ---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed --> Processing Dependency: audit-libs(x86-64) = 2.8.4-4.el7 for package: audit-libs-python-2.8.4-4.el7.x86_64 ---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed ---> Package libselinux-utils.x86_64 0:2.2.2-6.el7 will be updated ---> Package libselinux-utils.x86_64 0:2.5-14.1.el7 will be an update --> Processing Dependency: libselinux(x86-64) = 2.5-14.1.el7 for package: libselinux-utils-2.5-14.1.el7.x86_64 ---> Package libsemanage.x86_64 0:2.1.10-18.el7 will be updated ---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update ---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed ---> Package libsepol.x86_64 0:2.1.9-3.el7 will be updated ---> Package libsepol.x86_64 0:2.5-10.el7 will be an update ---> Package python-IPy.noarch 0:0.75-6.el7 will be installed ---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed --> Running transaction check ---> Package audit-libs.x86_64 0:2.4.1-5.el7 will be updated --> Processing Dependency: audit-libs = 2.4.1-5.el7 for package: audit-2.4.1-5.el7.x86_64 ---> Package audit-libs.x86_64 0:2.8.4-4.el7 will be an update ---> Package libselinux.x86_64 0:2.2.2-6.el7 will be updated --> Processing Dependency: libselinux = 2.2.2-6.el7 for package: libselinux-python-2.2.2-6.el7.x86_64 ---> Package libselinux.x86_64 0:2.5-14.1.el7 will be an update --> Running transaction check ---> Package audit.x86_64 0:2.4.1-5.el7 will be updated ---> Package audit.x86_64 0:2.8.4-4.el7 will be an update ---> Package libselinux-python.x86_64 0:2.2.2-6.el7 will be updated ---> Package libselinux-python.x86_64 0:2.5-14.1.el7 will be an update --> Processing Conflict: libselinux-2.5-14.1.el7.x86_64 conflicts systemd < 219-20 --> Restarting Dependency Resolution with new changes. --> Running transaction check ---> Package systemd.x86_64 0:219-19.el7 will be updated --> Processing Dependency: systemd = 219-19.el7 for package: systemd-sysv-219-19.el7.x86_64 ---> Package systemd.x86_64 0:219-62.el7_6.5 will be an update --> Processing Dependency: systemd-libs = 219-62.el7_6.5 for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Running transaction check ---> Package cryptsetup-libs.x86_64 0:1.6.7-1.el7 will be updated ---> Package cryptsetup-libs.x86_64 0:2.0.3-3.el7 will be an update ---> Package lz4.x86_64 0:1.7.5-2.el7 will be installed ---> Package systemd-libs.x86_64 0:219-19.el7 will be updated --> Processing Dependency: systemd-libs = 219-19.el7 for package: libgudev1-219-19.el7.x86_64 ---> Package systemd-libs.x86_64 0:219-62.el7_6.5 will be an update ---> Package systemd-sysv.x86_64 0:219-19.el7 will be updated ---> Package systemd-sysv.x86_64 0:219-62.el7_6.5 will be an update --> Running transaction check ---> Package libgudev1.x86_64 0:219-19.el7 will be updated ---> Package libgudev1.x86_64 0:219-62.el7_6.5 will be an update --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================================================================================================== Installing: docker-ce x86_64 3:18.09.3-3.el7 docker-ce-stable 19 M Updating: systemd x86_64 219-62.el7_6.5 updates 5.1 M Installing for dependencies: audit-libs-python x86_64 2.8.4-4.el7 base 76 k checkpolicy x86_64 2.5-8.el7 base 295 k container-selinux noarch 2:2.74-1.el7 extras 38 k containerd.io x86_64 1.2.4-3.1.el7 docker-ce-stable 22 M docker-ce-cli x86_64 1:18.09.3-3.el7 docker-ce-stable 14 M libcgroup x86_64 0.41-20.el7 base 66 k libseccomp x86_64 2.3.1-3.el7 base 56 k libsemanage-python x86_64 2.5-14.el7 base 113 k lz4 x86_64 1.7.5-2.el7 base 98 k policycoreutils-python x86_64 2.5-29.el7_6.1 updates 456 k python-IPy noarch 0.75-6.el7 base 32 k setools-libs x86_64 3.3.8-4.el7 base 620 k Updating for dependencies: audit x86_64 2.8.4-4.el7 base 250 k audit-libs x86_64 2.8.4-4.el7 base 100 k cryptsetup-libs x86_64 2.0.3-3.el7 base 338 k libgudev1 x86_64 219-62.el7_6.5 updates 96 k libselinux x86_64 2.5-14.1.el7 base 162 k libselinux-python x86_64 2.5-14.1.el7 base 235 k libselinux-utils x86_64 2.5-14.1.el7 base 151 k libsemanage x86_64 2.5-14.el7 base 151 k libsepol x86_64 2.5-10.el7 base 297 k policycoreutils x86_64 2.5-29.el7_6.1 updates 916 k selinux-policy noarch 3.13.1-229.el7_6.9 updates 483 k selinux-policy-targeted noarch 3.13.1-229.el7_6.9 updates 6.9 M systemd-libs x86_64 219-62.el7_6.5 updates 407 k systemd-sysv x86_64 219-62.el7_6.5 updates 84 k Transaction Summary ========================================================================================================================================================================================================================== Install 1 Package (+12 Dependent packages) Upgrade 1 Package (+14 Dependent packages) Total download size: 72 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/28): audit-libs-python-2.8.4-4.el7.x86_64.rpm | 76 kB 00:00:00 (2/28): audit-libs-2.8.4-4.el7.x86_64.rpm | 100 kB 00:00:00 (3/28): container-selinux-2.74-1.el7.noarch.rpm | 38 kB 00:00:00 (4/28): audit-2.8.4-4.el7.x86_64.rpm | 250 kB 00:00:00 (5/28): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00 (6/28): cryptsetup-libs-2.0.3-3.el7.x86_64.rpm | 338 kB 00:00:00 warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-18.09.3-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY ] 4.4 MB/s | 38 MB 00:00:07 ETA Public key for docker-ce-18.09.3-3.el7.x86_64.rpm is not installed (7/28): docker-ce-18.09.3-3.el7.x86_64.rpm | 19 MB 00:00:07 (8/28): libseccomp-2.3.1-3.el7.x86_64.rpm | 56 kB 00:00:00 (9/28): libselinux-2.5-14.1.el7.x86_64.rpm | 162 kB 00:00:00 (10/28): libcgroup-0.41-20.el7.x86_64.rpm | 66 kB 00:00:00 (11/28): libgudev1-219-62.el7_6.5.x86_64.rpm | 96 kB 00:00:00 (12/28): libselinux-utils-2.5-14.1.el7.x86_64.rpm | 151 kB 00:00:00 (13/28): libselinux-python-2.5-14.1.el7.x86_64.rpm | 235 kB 00:00:00 (14/28): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00 (15/28): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00 (16/28): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00 (17/28): lz4-1.7.5-2.el7.x86_64.rpm | 98 kB 00:00:00 (18/28): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00 (19/28): containerd.io-1.2.4-3.1.el7.x86_64.rpm | 22 MB 00:00:08 (20/28): policycoreutils-2.5-29.el7_6.1.x86_64.rpm | 916 kB 00:00:00 (21/28): selinux-policy-3.13.1-229.el7_6.9.noarch.rpm | 483 kB 00:00:00 (22/28): policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm | 456 kB 00:00:00 setools-libs-3.3.8-4.el7.x86_6 FAILED http://mirrors.aliyun.com/centos/7.6.1810/os/x86_64/Packages/setools-libs-3.3.8-4.el7.x86_64.rpm: [Errno 14] curl#18 - "transfer closed with 110896 bytes remaining to read" ] 4.9 MB/s | 47 MB 00:00:05 ETA Trying other mirror. (23/28): systemd-libs-219-62.el7_6.5.x86_64.rpm | 407 kB 00:00:00 (24/28): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00 (25/28): systemd-219-62.el7_6.5.x86_64.rpm | 5.1 MB 00:00:02 (26/28): systemd-sysv-219-62.el7_6.5.x86_64.rpm | 84 kB 00:00:02 (27/28): docker-ce-cli-18.09.3-3.el7.x86_64.rpm | 14 MB 00:00:05 (28/28): selinux-policy-targeted-3.13.1-229.el7_6.9.noarch.rpm | 6.9 MB 00:00:06 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 4.6 MB/s | 72 MB 00:00:15 Retrieving key from https://mirrors.aliyun.com/docker-ce/linux/centos/gpg Importing GPG key 0x621E9F35: Userid : "Docker Release (CE rpm) <docker@docker.com>" Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35 From : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : libsepol-2.5-10.el7.x86_64 1/43 Updating : libselinux-2.5-14.1.el7.x86_64 2/43 Updating : audit-libs-2.8.4-4.el7.x86_64 3/43 Updating : libsemanage-2.5-14.el7.x86_64 4/43 Updating : libselinux-utils-2.5-14.1.el7.x86_64 5/43 Updating : policycoreutils-2.5-29.el7_6.1.x86_64 6/43 Updating : selinux-policy-3.13.1-229.el7_6.9.noarch 7/43 Installing : lz4-1.7.5-2.el7.x86_64 8/43 Updating : systemd-libs-219-62.el7_6.5.x86_64 9/43 Updating : selinux-policy-targeted-3.13.1-229.el7_6.9.noarch 10/43 Installing : libsemanage-python-2.5-14.el7.x86_64 11/43 Installing : audit-libs-python-2.8.4-4.el7.x86_64 12/43 Installing : setools-libs-3.3.8-4.el7.x86_64 13/43 Updating : libselinux-python-2.5-14.1.el7.x86_64 14/43 Installing : 1:docker-ce-cli-18.09.3-3.el7.x86_64 15/43 Installing : checkpolicy-2.5-8.el7.x86_64 16/43 Installing : python-IPy-0.75-6.el7.noarch 17/43 Updating : cryptsetup-libs-2.0.3-3.el7.x86_64 18/43 Updating : systemd-219-62.el7_6.5.x86_64 19/43 Installing : libcgroup-0.41-20.el7.x86_64 20/43 Installing : policycoreutils-python-2.5-29.el7_6.1.x86_64 21/43 Installing : 2:container-selinux-2.74-1.el7.noarch 22/43 Updating : systemd-sysv-219-62.el7_6.5.x86_64 23/43 Installing : containerd.io-1.2.4-3.1.el7.x86_64 24/43 Installing : libseccomp-2.3.1-3.el7.x86_64 25/43 Installing : 3:docker-ce-18.09.3-3.el7.x86_64 26/43 Updating : audit-2.8.4-4.el7.x86_64 27/43 Updating : libgudev1-219-62.el7_6.5.x86_64 28/43 Cleanup : audit-2.4.1-5.el7.x86_64 29/43 Cleanup : selinux-policy-targeted-3.13.1-60.el7.noarch 30/43 Cleanup : selinux-policy-3.13.1-60.el7.noarch 31/43 Cleanup : systemd-sysv-219-19.el7.x86_64 32/43 Cleanup : policycoreutils-2.2.5-20.el7.x86_64 33/43 Cleanup : systemd-219-19.el7.x86_64 34/43 Cleanup : libsemanage-2.1.10-18.el7.x86_64 35/43 Cleanup : libselinux-utils-2.2.2-6.el7.x86_64 36/43 Cleanup : libselinux-python-2.2.2-6.el7.x86_64 37/43 Cleanup : libgudev1-219-19.el7.x86_64 38/43 Cleanup : systemd-libs-219-19.el7.x86_64 39/43 Cleanup : libselinux-2.2.2-6.el7.x86_64 40/43 Cleanup : libsepol-2.1.9-3.el7.x86_64 41/43 Cleanup : audit-libs-2.4.1-5.el7.x86_64 42/43 Cleanup : cryptsetup-libs-1.6.7-1.el7.x86_64 43/43 Verifying : libcgroup-0.41-20.el7.x86_64 1/43 Verifying : libseccomp-2.3.1-3.el7.x86_64 2/43 Verifying : 2:container-selinux-2.74-1.el7.noarch 3/43 Verifying : policycoreutils-2.5-29.el7_6.1.x86_64 4/43 Verifying : cryptsetup-libs-2.0.3-3.el7.x86_64 5/43 Verifying : audit-libs-2.8.4-4.el7.x86_64 6/43 Verifying : audit-2.8.4-4.el7.x86_64 7/43 Verifying : python-IPy-0.75-6.el7.noarch 8/43 Verifying : setools-libs-3.3.8-4.el7.x86_64 9/43 Verifying : systemd-219-62.el7_6.5.x86_64 10/43 Verifying : policycoreutils-python-2.5-29.el7_6.1.x86_64 11/43 Verifying : libgudev1-219-62.el7_6.5.x86_64 12/43 Verifying : systemd-libs-219-62.el7_6.5.x86_64 13/43 Verifying : libsemanage-python-2.5-14.el7.x86_64 14/43 Verifying : selinux-policy-3.13.1-229.el7_6.9.noarch 15/43 Verifying : libsemanage-2.5-14.el7.x86_64 16/43 Verifying : selinux-policy-targeted-3.13.1-229.el7_6.9.noarch 17/43 Verifying : lz4-1.7.5-2.el7.x86_64 18/43 Verifying : libsepol-2.5-10.el7.x86_64 19/43 Verifying : checkpolicy-2.5-8.el7.x86_64 20/43 Verifying : systemd-sysv-219-62.el7_6.5.x86_64 21/43 Verifying : libselinux-python-2.5-14.1.el7.x86_64 22/43 Verifying : audit-libs-python-2.8.4-4.el7.x86_64 23/43 Verifying : libselinux-utils-2.5-14.1.el7.x86_64 24/43 Verifying : 1:docker-ce-cli-18.09.3-3.el7.x86_64 25/43 Verifying : libselinux-2.5-14.1.el7.x86_64 26/43 Verifying : 3:docker-ce-18.09.3-3.el7.x86_64 27/43 Verifying : containerd.io-1.2.4-3.1.el7.x86_64 28/43 Verifying : systemd-sysv-219-19.el7.x86_64 29/43 Verifying : selinux-policy-targeted-3.13.1-60.el7.noarch 30/43 Verifying : libsemanage-2.1.10-18.el7.x86_64 31/43 Verifying : libgudev1-219-19.el7.x86_64 32/43 Verifying : systemd-219-19.el7.x86_64 33/43 Verifying : selinux-policy-3.13.1-60.el7.noarch 34/43 Verifying : systemd-libs-219-19.el7.x86_64 35/43 Verifying : libselinux-utils-2.2.2-6.el7.x86_64 36/43 Verifying : cryptsetup-libs-1.6.7-1.el7.x86_64 37/43 Verifying : libsepol-2.1.9-3.el7.x86_64 38/43 Verifying : libselinux-python-2.2.2-6.el7.x86_64 39/43 Verifying : audit-libs-2.4.1-5.el7.x86_64 40/43 Verifying : policycoreutils-2.2.5-20.el7.x86_64 41/43 Verifying : audit-2.4.1-5.el7.x86_64 42/43 Verifying : libselinux-2.2.2-6.el7.x86_64 43/43 Installed: docker-ce.x86_64 3:18.09.3-3.el7 Dependency Installed: audit-libs-python.x86_64 0:2.8.4-4.el7 checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.74-1.el7 containerd.io.x86_64 0:1.2.4-3.1.el7 docker-ce-cli.x86_64 1:18.09.3-3.el7 libcgroup.x86_64 0:0.41-20.el7 libseccomp.x86_64 0:2.3.1-3.el7 libsemanage-python.x86_64 0:2.5-14.el7 lz4.x86_64 0:1.7.5-2.el7 policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7 Updated: systemd.x86_64 0:219-62.el7_6.5 Dependency Updated: audit.x86_64 0:2.8.4-4.el7 audit-libs.x86_64 0:2.8.4-4.el7 cryptsetup-libs.x86_64 0:2.0.3-3.el7 libgudev1.x86_64 0:219-62.el7_6.5 libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7 libselinux-utils.x86_64 0:2.5-14.1.el7 libsemanage.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7 policycoreutils.x86_64 0:2.5-29.el7_6.1 selinux-policy.noarch 0:3.13.1-229.el7_6.9 selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 systemd-libs.x86_64 0:219-62.el7_6.5 systemd-sysv.x86_64 0:219-62.el7_6.5 Complete! [root@node101.yinzhengjie.org.cn ~]#
4>.使用案例的镜像加速器(需要登录阿里云账号)
5>.Docker 中国官方镜像加速(不需要登录)
除了使用阿里云账号的加速器,咱们还可以使用 其他的加速方式:https://www.docker-cn.com/registry-mirror。
6>.启动docker
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# mkdir /etc/docker [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# vi /etc/docker/daemon.json [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"] } [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# systemctl start docker [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker Usage: docker [OPTIONS] COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/root/.docker") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: builder Manage builds config Manage Docker configs container Manage containers engine Manage the docker engine image Manage images network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes Run 'docker COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
7>.查看docker信息
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker version Client: Version: 18.09.3 API version: 1.39 Go version: go1.10.8 Git commit: 774a1f4 Built: Thu Feb 28 06:33:21 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 18.09.3 API version: 1.39 (minimum version 1.12) Go version: go1.10.8 Git commit: 774a1f4 Built: Thu Feb 28 06:02:24 2019 OS/Arch: linux/amd64 Experimental: false [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.09.3 Storage Driver: devicemapper Pool Name: docker-8:3-134564763-pool Pool Blocksize: 65.54kB Base Device Size: 10.74GB Backing Filesystem: xfs Udev Sync Supported: true Data file: /dev/loop0 Metadata file: /dev/loop1 Data loop file: /var/lib/docker/devicemapper/devicemapper/data Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 11.8MB Data Space Total: 107.4GB Data Space Available: 49.96GB Metadata Space Used: 581.6kB Metadata Space Total: 2.147GB Metadata Space Available: 2.147GB Thin Pool Minimum Free Space: 10.74GB Deferred Removal Enabled: true Deferred Deletion Enabled: true Deferred Deleted Device Count: 0 Library Version: 1.02.107-RHEL7 (2015-10-14) Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: e6b3f5632f50dbc4e9cb6288d911bf4f5e95b18e runc version: 6635b4f0c6af3810594d2770f662f34ddc15b40d init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-327.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.688GiB Name: node101.yinzhengjie.org.cn ID: BHP7:OYDA:JWKP:ALPE:E7PX:RVJV:HHXC:JIJ6:IOCV:AWMK:LQFI:7IYH Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://tuv7rqqq.mirror.aliyuncs.com/ Live Restore Enabled: false Product License: Community Engine WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release. WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. [root@node101.yinzhengjie.org.cn ~]#
四.Docker的常用操作
1>.查看命令的帮助信息
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image --help Usage: docker image COMMAND Manage images Commands: build Build an image from a Dockerfile history Show the history of an image import Import the contents from a tarball to create a filesystem image inspect Display detailed information on one or more images load Load an image from a tar archive or STDIN ls List images prune Remove unused images pull Pull an image or a repository from a registry push Push an image or a repository to a registry rm Remove one or more images save Save one or more images to a tar archive (streamed to STDOUT by default) tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE Run 'docker image COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker container --help Usage: docker container COMMAND Manage containers Commands: attach Attach local standard input, output, and error streams to a running container commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem exec Run a command in a running container export Export a container's filesystem as a tar archive inspect Display detailed information on one or more containers kill Kill one or more running containers logs Fetch the logs of a container ls List containers pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container prune Remove all stopped containers rename Rename a container restart Restart one or more containers rm Remove one or more containers run Run a command in a new container start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers wait Block until one or more containers stop, then print their exit codes Run 'docker container COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
2>.docker event state
3>.获取docker镜像-redis(docker官方的镜像下载地址:https://hub.docker.com/)
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker search redis NAME DESCRIPTION STARS OFFICIAL AUTOMATED redis Redis is an open source key-value store that… 6677 [OK] bitnami/redis Bitnami Redis Docker Image 107 [OK] sameersbn/redis 76 [OK] grokzen/redis-cluster Redis cluster 3.0, 3.2, 4.0 & 5.0 44 hypriot/rpi-redis Raspberry Pi compatible redis image 33 kubeguide/redis-master redis-master with "Hello World!" 28 rediscommander/redis-commander Alpine image for redis-commander - Redis man… 21 [OK] redislabs/redis Clustered in-memory database engine compatib… 19 redislabs/redisearch Redis With the RedisSearch module pre-loaded… 15 arm32v7/redis Redis is an open source key-value store that… 14 oliver006/redis_exporter Prometheus Exporter for Redis Metrics. Supp… 10 webhippie/redis Docker images for Redis 10 [OK] insready/redis-stat Docker image for the real-time Redis monitor… 7 [OK] s7anley/redis-sentinel-docker Redis Sentinel 7 [OK] rtoma/logspout-redis-logstash Logspout including Redis adapter for sending… 5 arm64v8/redis Redis is an open source key-value store that… 5 centos/redis-32-centos7 Redis in-memory data structure store, used a… 4 redislabs/redisgraph A graph database module for Redis 4 [OK] wodby/redis Redis container image with orchestration 2 [OK] frodenas/redis A Docker Image for Redis 2 [OK] circleci/redis CircleCI images for Redis 2 [OK] tiredofit/redis Redis Server w/ Zabbix monitoring and S6 Ove… 1 [OK] cflondonservices/redis Docker image for running redis 0 xetamus/redis-resource forked redis-resource 0 [OK] iadvize/redis 0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker pull redis:4-alpine 4-alpine: Pulling from library/redis 8e402f1a9c57: Pull complete 4c2113a1bbc9: Pull complete a4b5ad98d179: Pull complete 41457a7cc0c5: Pull complete f987c6e1a2b3: Pull complete 2a3ef38f1fd4: Pull complete Digest: sha256:7a543f606ea3e055a18ccbda719fb1e04f6922078f733cb39863619983e05031 Status: Downloaded newer image for redis:4-alpine [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE redis 4-alpine adbfeec2927e 3 days ago 36.2MB [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE redis 4-alpine adbfeec2927e 3 days ago 36.2MB [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image inspect redis:4-alpine [ { "Id": "sha256:adbfeec2927ea132da957bac11f683ae695bbcbf65afc9d60020f9d1ad95668a", "RepoTags": [ "redis:4-alpine" ], "RepoDigests": [ "redis@sha256:7a543f606ea3e055a18ccbda719fb1e04f6922078f733cb39863619983e05031" ], "Parent": "", "Comment": "", "Created": "2019-03-19T21:38:25.77087877Z", "Container": "b6c63fa16c4cbd45cf0e3c1d96845cf4316b7c43fdcadf22617c7fc60f365e3f", "ContainerConfig": { "Hostname": "b6c63fa16c4c", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ "/bin/sh", "-c", "#(nop) ", "CMD [\"redis-server\"]" ], "ArgsEscaped": true, "Image": "sha256:44db1a08fc16d4dfbf4519cbd8d0ca0a33cd3871d0e92ba8c74bf177f356e889", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": {} }, "DockerVersion": "18.06.1-ce", "Author": "", "Config": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ "redis-server" ], "ArgsEscaped": true, "Image": "sha256:44db1a08fc16d4dfbf4519cbd8d0ca0a33cd3871d0e92ba8c74bf177f356e889", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": null }, "Architecture": "amd64", "Os": "linux", "Size": 36192469, "VirtualSize": 36192469, "GraphDriver": { "Data": { "DeviceId": "7", "DeviceName": "docker-8:3-134564763-f6b941f961280569e170c2ba9ebe9ec5d849609596eb865fdf58d14282279955", "DeviceSize": "10737418240" }, "Name": "devicemapper" }, "RootFS": { "Type": "layers", "Layers": [ "sha256:bcf2f368fe234217249e00ad9d762d8f1a3156d60c442ed92079fa5b120634a1", "sha256:53b9ee4aa890cdf6fb54072145bc91e6e9f75aa37f49eeef7e177503449f4124", "sha256:abd36062f9fec1abd0b1a104476b3700763a9fdf6ea8ddc18687dea0609bb864", "sha256:f55d74f1440715c06b12175fc1afbfa9e872d3b9cceb4194e3f13640b8aef100", "sha256:8e10865a11e52a9812472898d45d46a151c71aef4aa20e361d1ce92790891056", "sha256:84b5f025422880a5dbb6536ef9053cfa515e09fb46bd6bf3b92c8e6f29fcdaf2" ] }, "Metadata": { "LastTagTime": "0001-01-01T00:00:00Z" } } ] [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
4>.启获取docker镜像-CentOS
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker container run --help Usage: docker container run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container Options: --add-host list Add a custom host-to-IP mapping (host:ip) -a, --attach list Attach to STDIN, STDOUT or STDERR --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) --blkio-weight-device list Block IO weight (relative device weight) (default []) --cap-add list Add Linux capabilities --cap-drop list Drop Linux capabilities --cgroup-parent string Optional parent cgroup for the container --cidfile string Write the container ID to the file --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota --cpu-rt-period int Limit CPU real-time period in microseconds --cpu-rt-runtime int Limit CPU real-time runtime in microseconds -c, --cpu-shares int CPU shares (relative weight) --cpus decimal Number of CPUs --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) -d, --detach Run container in background and print container ID --detach-keys string Override the key sequence for detaching a container --device list Add a host device to the container --device-cgroup-rule list Add a rule to the cgroup allowed devices list --device-read-bps list Limit read rate (bytes per second) from a device (default []) --device-read-iops list Limit read rate (IO per second) from a device (default []) --device-write-bps list Limit write rate (bytes per second) to a device (default []) --device-write-iops list Limit write rate (IO per second) to a device (default []) --disable-content-trust Skip image verification (default true) --dns list Set custom DNS servers --dns-option list Set DNS options --dns-search list Set custom DNS search domains --entrypoint string Overwrite the default ENTRYPOINT of the image -e, --env list Set environment variables --env-file list Read in a file of environment variables --expose list Expose a port or a range of ports --group-add list Add additional groups to join --health-cmd string Command to run to check health --health-interval duration Time between running the check (ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy --health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) --health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name --init Run an init inside the container that forwards signals and reaps processes -i, --interactive Keep STDIN open even if not attached --ip string IPv4 address (e.g., 172.30.100.104) --ip6 string IPv6 address (e.g., 2001:db8::33) --ipc string IPC mode to use --isolation string Container isolation technology --kernel-memory bytes Kernel memory limit -l, --label list Set meta data on a container --label-file list Read in a line delimited file of labels --link list Add link to another container --link-local-ip list Container IPv4/IPv6 link-local addresses --log-driver string Logging driver for the container --log-opt list Log driver options --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory bytes Memory limit --memory-reservation bytes Memory soft limit --memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) --mount mount Attach a filesystem mount to the container --name string Assign a name to the container --network string Connect a container to a network (default "default") --network-alias list Add network-scoped alias for the container --no-healthcheck Disable any container-specified HEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) --pid string PID namespace to use --pids-limit int Tune container pids limit (set -1 for unlimited) --privileged Give extended privileges to this container -p, --publish list Publish a container's port(s) to the host -P, --publish-all Publish all exposed ports to random ports --read-only Mount the container's root filesystem as read only --restart string Restart policy to apply when a container exits (default "no") --rm Automatically remove the container when it exits --runtime string Runtime to use for this container --security-opt list Security Options --shm-size bytes Size of /dev/shm --sig-proxy Proxy received signals to the process (default true) --stop-signal string Signal to stop a container (default "SIGTERM") --stop-timeout int Timeout (in seconds) to stop a container --storage-opt list Storage driver options for the container --sysctl map Sysctl options (default map[]) --tmpfs list Mount a tmpfs directory -t, --tty Allocate a pseudo-TTY --ulimit ulimit Ulimit options (default []) -u, --user string Username or UID (format: <name|uid>[:<group|gid>]) --userns string User namespace to use --uts string UTS namespace to use -v, --volume list Bind mount a volume --volume-driver string Optional volume driver for the container --volumes-from list Mount volumes from the specified container(s) -w, --workdir string Working directory inside the container [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image pull centos:7 7: Pulling from library/centos 8ba884070f61: Pull complete Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861 Status: Downloaded newer image for centos:7 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker run -it --name test-centos7 centos:7 /bin/bash docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:293: copying bootstrap data to pipe caused \"write init-p: broken pipe\"": unknown. [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# docker run -it --name test centos:7 /bin/bash [root@d833df2d9ded /]# [root@d833df2d9ded /]# hostname d833df2d9ded [root@d833df2d9ded /]# [root@d833df2d9ded /]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@d833df2d9ded /]# [root@d833df2d9ded /]# exit exit [root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node101.yinzhengjie.org.cn ~/Downloads]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker run -it --name test centos:7 /bin/bash [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# yum -y install net-tools Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.nwsuaf.edu.cn * extras: mirrors.nwsuaf.edu.cn * updates: mirrors.nwsuaf.edu.cn base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/4): base/7/x86_64/primary_db | 6.0 MB 00:00:00 (2/4): extras/7/x86_64/primary_db | 187 kB 00:00:04 (3/4): base/7/x86_64/group_gz | 166 kB 00:00:06 (4/4): updates/7/x86_64/primary_db | 3.4 MB 00:01:30 Resolving Dependencies --> Running transaction check ---> Package net-tools.x86_64 0:2.0-0.24.20131004git.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================= Installing: net-tools x86_64 2.0-0.24.20131004git.el7 base 306 k Transaction Summary ============================================================================================================================================================================= Install 1 Package Total download size: 306 k Installed size: 918 k Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.24.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for net-tools-2.0-0.24.20131004git.el7.x86_64.rpm is not installed net-tools-2.0-0.24.20131004git.el7.x86_64.rpm | 306 kB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-6.1810.2.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Verifying : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Installed: net-tools.x86_64 0:2.0-0.24.20131004git.el7 Complete! [root@d7a717a5f2fd /]#
[root@d7a717a5f2fd /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) RX packets 3175 bytes 10682718 (10.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3174 bytes 174670 (170.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# exit exit [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:c5:a1:05:86 txqueuelen 0 (Ethernet) RX packets 3179 bytes 130434 (127.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3175 bytes 10682718 (10.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 00:0c:29:fe:9b:ef txqueuelen 1000 (Ethernet) RX packets 148755 bytes 181214006 (172.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 48024 bytes 3569703 (3.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 64 bytes 5792 (5.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 64 bytes 5792 (5.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 54 packets, 3711 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 2 packets, 464 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 79 packets, 5930 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 79 packets, 5930 bytes) pkts bytes target prot opt in out source destination 52 3247 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# iptables -t filter -vnL Chain INPUT (policy ACCEPT 26257 packets, 98M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5751 9807K DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0 5751 9807K DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0 2885 9689K ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 2866 118K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 25740 packets, 1159K bytes) pkts bytes target prot opt in out source destination Chain DOCKER (1 references) pkts bytes target prot opt in out source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 2866 118K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 5751 9807K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0 2866 118K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 5751 9807K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
5>.查看docker容器的运行状态
[root@node101.yinzhengjie.org.cn ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" 12 seconds ago Up 10 seconds test2 d7a717a5f2fd centos:7 "/bin/bash" 7 minutes ago Exited (127) 5 minutes ago test [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# docker container ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" 55 seconds ago Up 54 seconds test2 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" About a minute ago Up About a minute test2 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#