Docker介绍
- 官网: www.docker.com
- github: https://github.com/docker/docker.github.io
- 开源的容器引擎,可以让开发者打包应用以及依赖的库,然后发布到任何流行的linux发行版上,移植很方便 由go语言编写,基于apache2.0协议发布
- 基于linux kernel,要想在win下运行需要借助一个vm(虚拟机)来实现
- 自2013年开始,近些年发展迅猛
- docker从1.13x开始,版本分为社区版ce和企业版ee,并且基于年月的时间线形式,当前最新稳定版为17.09 参考http://blog.csdn.net/chenhaifeng2016/article/details/68062414
Docker和传统的虚拟化比较
Docker的优势
- 启动非常快,秒级实现
- 资源利用率高,一台高配置服务器可以跑上千个docker容器
- 更快的交付和部署,一次创建和配置后,可以在任意地方运行
- 内核级别的虚拟化,不需要额外的hypevisor支持,会有更高的性能和效率
- 易迁移,平台依赖性不强
Docker核心概念
- 镜像,是一个只读的模板,类似于安装系统用到的那个iso文件,我们通过镜像来完成各种应用的部署。
- 容器,镜像类似于操作系统,而容器类似于虚拟机本身。它可以被启动、开始、停止、删除等操作,每个容器都是相互隔离的。
- 仓库,存放镜像的一个场所,仓库分为公开仓库和私有仓库。 最大的公开仓库是Docker hub(hub.docker.com),国内公开仓库(dockerpool.com)
Docker安装
[root@cm-vpn1 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 8654 0 --:--:-- --:--:-- --:--:-- 8688
[root@cm-vpn1 ~]# yum install -y docker-ce
启动Docker
[root@cm-vpn1 ~]# systemctl start docker
[root@cm-vpn1 ~]# ps aux |grep docker
root 26558 1.6 3.6 386596 74140 ? Ssl 04:45 0:00 /usr/bin/dockerd
root 26562 0.3 1.1 289844 24284 ? Ssl 04:45 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 26689 0.0 0.1 112716 2208 pts/1 S+ 04:45 0:00 grep --color=auto docker
#启动docker后,docker会自动创建iptables 规则
[root@cm-vpn1 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 474 packets, 219K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 485 packets, 216K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Docker镜像管理
下载镜像
[root@cm-vpn1 ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
7dc0dca2b151: Pull complete
Digest: sha256:369d6aa8915bc6723aaa0e40de86d1b4f4efe1bae5ce07e851fc567417a640e7
Status: Downloaded newer image for centos:latest
查看本地的镜像
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 49f7960eb7e4 7 hours ago 200MB
docker search xxx
说明:其中xxx是关键词
[root@cm-vpn1 ~]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 8564 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1340 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 547 [OK]
jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as p… 374 [OK]
kong Open-source Microservice & API Management la… 190 [OK]
webdevops/php-nginx Nginx with PHP-FPM 104 [OK]
kitematic/hello-world-nginx A light-weight nginx container that demonstr… 99
bitnami/nginx Bitnami nginx Docker Image 52 [OK]
zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server wi… 52 [OK]
1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 35 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 35
tobi312/rpi-nginx NGINX on Raspberry Pi / armhf 19 [OK]
nginxdemos/nginx-ingress NGINX Ingress Controller for Kubernetes . Th… 11
blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 9 [OK]
wodby/drupal-nginx Nginx for Drupal container image 9 [OK]
webdevops/nginx Nginx container 8 [OK]
centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 6
nginxdemos/hello NGINX webserver that serves a simple page co… 6 [OK]
1science/nginx Nginx Docker images that include Consul Temp… 4 [OK]
centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 3
pebbletech/nginx-proxy nginx-proxy sets up a container running ngin… 2 [OK]
travix/nginx NGinx reverse proxy 1 [OK]
toccoag/openshift-nginx Nginx reverse proxy for Nice running on same… 1 [OK]
ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 0 [OK]
mailu/nginx Mailu nginx frontend 0 [OK]
给镜像打标签
说明:例如给centos 打标签,打完标签就会生成另外一个镜像.
可以看到test的IMAGE ID 和Centos是一样.
[root@cm-vpn1 ~]# docker tag centos test
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test latest 49f7960eb7e4 7 hours ago 200MB
centos latest 49f7960eb7e4 7 hours ago 200MB
docker run -itd centos 把镜像启动为容器
说明:-i表示让容器的标准输入打开,-t表示分配一个伪终端,-d表示后台启动,要把-i -t -d 放到镜像名字前面
[root@cm-vpn1 ~]# docker run -itd centos
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
Digest: sha256:369d6aa8915bc6723aaa0e40de86d1b4f4efe1bae5ce07e851fc567417a640e7
Status: Downloaded newer image for centos:latest
e0f6b631726bcced72bf6be8d85b3b5e309d2966881341d8db38808b85b6e03e
docker ps 查看运行的容器
说明:加上-a选项后可以查看所有容器,包括未运行的
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0f6b631726b centos "/bin/bash" About a minute ago Up About a minute zen_yalow
docker rmi centos 用来删除指定镜像
说明:其中后面的参数可以是tag,如果是tag时,实际上是删除该tag。当后面的参数为镜像ID时,则会彻底删除整个镜像,所有标签也会一同删除
[root@cm-vpn1 ~]# docker rmi test
Untagged: test:latest
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 49f7960eb7e4 10 hours ago 200MB
通过容器创建镜像
docker exec -it xxxxx bash
说明:其中xxxxx为容器id,这个id可以用docker ps查看,最后面的bash为进入容器后我们要执行的命令,这样就可以打开一个终端 进入到该容器中,我们做一些变更,比如安装一些东西,然后针对这个容器进行创建新的镜像
[root@cm-vpn1 ~]# docker exec -it e0f6b631726b bash
[root@e0f6b631726b /]#
#进入容器之后可以执行一些命令,磁盘 & 内存实际上用的也是宿主机的磁盘 &内存
[root@e0f6b631726b /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 30G 4.1G 24G 15% /
tmpfs 64M 0 64M 0% /dev
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/root 30G 4.1G 24G 15% /etc/hosts
shm 64M 0 64M 0% /dev/shm
tmpfs 994M 0 994M 0% /sys/firmware
[root@e0f6b631726b /]# free -m
total used free shared buff/cache available
Mem: 1987 712 96 105 1178 1110
Swap: 255 0 255
#查看IP地址
#说明:很明显没有这个命令
[root@e0f6b631726b /]# ifconfig
bash: ifconfig: command not found
#安装net-tools
[root@e0f6b631726b /]# yum install -y net-tools
#再执行ifconfig 就可以看IP地址信息,这里的IP地址是docker生成的
[root@e0f6b631726b /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 626 bytes 8965597 (8.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 646 bytes 45888 (44.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#ctrl d 退出容器,敲ifconfig命令,可以看到docker0 一个网卡,这个类似VMware 里面的一个vmnet8,它用的是nat模式
[root@cm-vpn1 ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:13ff:fe8f:b757 prefixlen 64 scopeid 0x20<link>
ether 02:42:13:8f:b7:57 txqueuelen 0 (Ethernet)
RX packets 650 bytes 37396 (36.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 632 bytes 8966113 (8.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.104.167.55 netmask 255.255.255.0 broadcast 172.104.167.255
inet6 fe80::f03c:91ff:feb6:e092 prefixlen 64 scopeid 0x20<link>
inet6 2400:8901::f03c:91ff:feb6:e092 prefixlen 64 scopeid 0x0<global>
ether f2:3c:91:b6:e0:92 txqueuelen 1000 (Ethernet)
RX packets 102699948 bytes 83112818007 (77.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60560071 bytes 77995656790 (72.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 106 bytes 12139 (11.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 106 bytes 12139 (11.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethaa7b3ab: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether ce:90:a7:75:f8:4b txqueuelen 0 (Ethernet)
RX packets 646 bytes 45888 (44.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 626 bytes 8965597 (8.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
容器做成镜像
说明:ctrl d 退出容器,然后保存新的镜像里去,也就是说把centos 这个容器里面变更保存到一个新的镜像里去
参数详解:-m 加一些改动信息,-a 指定作者相关信息 2c74d这一串为容器id,再后面为新镜像的名字
[root@cm-vpn1 ~]# docker commit -m "install net-tools" -a "anna" e0f6b631726b centos_new
sha256:47d06ed1ec0aa65853ba6550a786cbafc142a7d267f9fb6fce516ee955acabfe
#可以看新的镜像
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_new latest 47d06ed1ec0a 8 minutes ago 272MB
centos latest 49f7960eb7e4 11 hours ago 200MB
#启动centos_new
[root@cm-vpn1 ~]# docker run -itd centos_new bash
23f897d2593897c593f34417bfc831d4e4ec62439f2e7e7acd3c2b75c7558809
#进入centos_new 容器
[root@cm-vpn1 ~]# docker exec -it 23f897d25938 bash
[root@23f897d25938 /]#
#就可以在centos_new容器直接执行ifconfig 命令
[root@23f897d25938 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
RX packets 1 bytes 90 (90.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 432 (432.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
通过模板创建镜像
首先去openvz 官方下载,网址:http://openvz.org/Download/templates/precreated
#下载模板
[root@cm-vpn1 ~]# wget http://download.openvz.org/template/precreated/centos-6-x86_64-minimal.tar.gz
#使用模板创建镜像
[root@cm-vpn1 ~]# cat centos-6-x86_64-minimal.tar.gz|docker import - centos6
sha256:7b2c8df58b342522d77c835eb9e77c9cbd1c573e89d29cf5de02a961db0e884c
#查看导入的镜像
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 12 seconds ago 553MB
<none> <none> a9218cdeb003 11 minutes ago 0B
centos_new latest 47d06ed1ec0a About an hour ago 272MB
centos latest 49f7960eb7e4 12 hours ago 200MB
#把centos6 镜像启动为容器
[root@cm-vpn1 ~]# docker run -itd centos6 bash
e7ed62423732f39a4e5235f980f6fa7def02f0eefa15ed68dae469d9fc0fdc68
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 5 seconds ago Up 4 seconds nostalgic_fermat
23f897d25938 centos_new "bash" 45 minutes ago Up 45 minutes cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 2 hours ago Up 2 hours zen_yalow
#进入centos6容器
[root@cm-vpn1 ~]# docker exec -it e7ed62423732 bash
#ifconfig 命令查看IP
[root@e7ed62423732 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:90 (90.0 b) TX bytes:522 (522.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
#查看内核信息,内核信息和宿主机是一样的,除了主机名不同
[root@e7ed62423732 /]# uname -a
Linux e7ed62423732 4.15.8-x86_64-linode103 #1 SMP Fri Mar 9 21:02:39 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
#查看版本信息
[root@e7ed62423732 /]# cat /etc/issue
CentOS release 6.8 (Final)
Kernel \r on an \m
把现有镜像,导出为一个文件
说明:把centos 导出为一个文件centos.tar
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 20 minutes ago 553MB
<none> <none> a9218cdeb003 32 minutes ago 0B
centos_new latest 47d06ed1ec0a About an hour ago 272MB
centos latest 49f7960eb7e4 12 hours ago 200MB
[root@cm-vpn1 ~]# docker save -o centos.tar centos
[root@cm-vpn1 ~]# ls -lh
total 546M
-rw-------. 1 root root 1.2K Sep 18 2017 anaconda-ks.cfg
-rw------- 1 root root 199M Jun 5 10:15 centos.tar
docker load < centos.tar 可以用该文件恢复本地镜像
说明:先停掉容器
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 19 hours ago Up 19 hours nostalgic_fermat
23f897d25938 centos_new "bash" 20 hours ago Up 20 hours cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 21 hours ago Up 21 hours zen_yalow
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 19 hours ago 553MB
<none> <none> a9218cdeb003 19 hours ago 0B
centos_new latest 47d06ed1ec0a 20 hours ago 272MB
centos latest 49f7960eb7e4 31 hours ago 200MB
#停止容器
[root@cm-vpn1 ~]# docker stop e0f6b631726b
e0f6b631726b
#查看容器停止是否成功
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 19 hours ago Up 19 hours
#删除镜像
[root@cm-vpn1 ~]# docker rmi -f 49f7960eb7e4
Untagged: centos:latest
Untagged: centos@sha256:369d6aa8915bc6723aaa0e40de86d1b4f4efe1bae5ce07e851fc567417a640e7
Deleted: sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5
#centos_new 镜像就不存在
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 19 hours ago 553MB
<none> <none> a9218cdeb003 19 hours ago 0B
#使用docker load 把centos.tar恢复为镜像
[root@cm-vpn1 ~]# docker load < centos.tar
Loaded image: centos:latest
#
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 24 hours ago 553MB
<none> <none> a9218cdeb003 24 hours ago 0B
centos latest 49f7960eb7e4 35 hours ago 200MB
容器管理
docker create -it centos6 bash
说明:这样可以创建一个容器,但该容器并没有启动,docker ps -a 可以看到新创建的容器
[root@cm-vpn1 ~]# docker create -it centos6 bash
c2ac437944b84f0b54f8ee1eaa11bbf2daf980f6f7df167f2f6b8c4e8c2aa556
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 24 hours ago Up 24 hours nostalgic_fermat
[root@cm-vpn1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2ac437944b8 centos6 "bash" 14 minutes ago Created thirsty_bhabha
e7ed62423732 centos6 "bash" 24 hours ago Up 24 hours nostalgic_fermat
23f897d25938 47d06ed1ec0a "bash" 25 hours ago Exited (137) 5 hours ago cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 26 hours ago Exited (137) 23 minutes ago zen_yalow
docker start 跟 CONTAINER ID
说明:把刚创建的容器起起来
[root@cm-vpn1 ~]# docker start c2ac437944b8
c2ac437944b8
#查看刚起来的容器
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2ac437944b8 centos6 "bash" 20 minutes ago Up About a minute thirsty_bhabha
e7ed62423732 centos6 "bash" 24 hours ago Up 24 hours nostalgic_fermat
docker run -it centos bash
说明:没有加-d 的话可以自动进入到容器.docker run -d 可以让容器在后台运行
docker run -it 这样进入了一个虚拟终端里面,我们可以运行一些命令,使用命令exit或者ctrl d 退出该bash,当退出后这个容器也会停止
[root@cm-vpn1 ~]# docker run -it centos6 bash
[root@f752c7fb16e5 /]#
#运行命令
[root@f752c7fb16e5 /]# ls
bin boot dev etc fastboot home lib lib64 lost+found media mnt opt proc root sbin selinux srv sys tmp usr var
[root@f752c7fb16e5 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:05
inet addr:172.17.0.5 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:432 (432.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
#退出容器后,docker ps -a 可以看到f752c7fb16e5容器的状态 Exited
[root@cm-vpn1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f752c7fb16e5 centos6 "bash" 36 minutes ago Exited (130) 18 seconds ago condescending_liskov
132804cfa465 centos6 "bash" 39 minutes ago Up 39 minutes upbeat_lamport
fe3a2352b60b centos6 "bash \u00a0" 44 minutes ago Exited (127) 44 minutes ago dazzling_ritchie
6efa15b16767 centos "bash \u00a0" 45 minutes ago Exited (127) 45 minutes ago nifty_mendeleev
50a311433c39 centos6 "bash \u00a0" 45 minutes ago Exited (127) 45 minutes ago condescending_swirles
c2ac437944b8 centos6 "bash" About an hour ago Up About an hour thirsty_bhabha
e7ed62423732 centos6 "bash" 25 hours ago Up 25 hours nostalgic_fermat
23f897d25938 47d06ed1ec0a "bash" 26 hours ago Exited (137) 6 hours ago cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 27 hours ago Exited (137) 2 hours ago zen_yalow
35cddbfe6018 centos "//把镜像启动为容器…" 30 hours ago Created suspicious_shockley
docker run -itd --name centos6_new1 centos6 bash 给容器自定义名字
说明:在NAMES 可以看到给容器自定义的名字.
[root@cm-vpn1 ~]# docker run -itd --name centos6_new1 centos6 bash
3efe90e0d2179a5d039b44ec060a66ac162e285c798009f900db912a1afe827d
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3efe90e0d217 centos6 "bash" About a minute ago Up About a minute centos6_new1
132804cfa465 centos6 "bash" 45 minutes ago Up 45 minutes upbeat_lamport
c2ac437944b8 centos6 "bash" 2 hours ago Up About an hour thirsty_bhabha
e7ed62423732 centos6 "bash" 25 hours ago Up 25 hours nostalgic_fermat
若要进入容器时,加容器的名字即可
[root@cm-vpn1 ~]# docker exec -it centos6_new1 bash
[root@3efe90e0d217 /]#
docker logs container_id
说明:可以获取到容器的运行历史信息
[root@cm-vpn1 ~]# docker run -itd centos6 bash -c "echo test"
ac83925f2a7b59b3780e9f55fb48c9393eea5967caf63fb64777c331766acfcd
[root@cm-vpn1 ~]# docker logs ac83925
test
Docker仓库管理
docker pull registry
说明:下载registry 镜像,registy为docker官方提供的一个镜像,我们可以用它来创建本地的docker私有仓库
[root@cm-vpn1 ~]# docker pull registry
镜像启动容器
说明:以registry镜像启动容器,-p会把容器的端口映射到宿主机上,:左边为宿主机监听端口,:右边为容器监听端口
[root@cm-vpn1 ~]# docker run -d -p 5000:5000 registry
docker tag centos 172.104.167.55:5000/centos //标记一下tag,必须要带有私有仓库的ip:port
[root@cm-vpn1 ~]# docker tag centos 172.104.167.55:5000/centos6
docker push
说明:把标记的镜像给推送到私有仓库. 有报错
[root@cm-vpn1 ~]# docker push 172.104.167.55:5000/centos6
Get https://172.104.167.55:5000/v2/: http: server gave HTTP response to HTTPS client
解决
[root@cm-vpn1 ~]# vim /etc/docker/daemon.json
{ "insecure-registries":["172.104.167.55:5000"]
重启docker
说明:systemctl restart docker && docker start $(docker ps -a -q) 这条命令是重启所有docker
[root@cm-vpn1 ~]# systemctl restart docker
再次docker push
[root@cm-vpn1 ~]# docker push 172.104.167.55:5000/centos6
查看到推送上来的镜像
[root@cm-vpn1 ~]# curl 127.0.0.1:5000/v2/_catalog
{"repositories":["centos6"]}
docker pull
说明:创建私有仓库肯定不是为了在一台服务器,现在在另外一台服务器上把私有仓库的镜像拉取下来.
前提是要安装docker 并启动
安装docker
[root@cm-vpn2 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 1454 0 0:00:01 0:00:01 --:--:-- 1454
[root@cm-vpn2 ~]# yum install -y docker-ce
启动docker
[root@cm-vpn2 ~]# systemctl start docker
配置私有仓库地址
[root@cm-vpn2 ~]# vim /etc/docker/daemon.json
{ "insecure-registries":["172.104.167.55:5000"] }
重启docker
[root@cm-vpn2 ~]# systemctl restart docker
docker pull 私有仓库的镜像
[root@cm-vpn2 ~]# docker pull 172.104.167.55:5000/centos6
Using default tag: latest
latest: Pulling from centos6
3cba026fed25: Pull complete
Digest: sha256:6a5e79514df07ed3bb47b73b778615ee7a47f4949e323760a0c29b511b047656
Status: Downloaded newer image for 172.104.167.55:5000/centos6:latest
[root@cm-vpn2 ~]# cat /etc/docker/daemon.json
{ "insecure-registries":["172.104.167.55:5000"] }
查看docker pull 下来的镜像
[root@cm-vpn2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.104.167.55:5000/centos6 latest 7b2c8df58b34 2 days ago 553MB
Docker数据管理
容器是由镜像启动的,容器里产生新的数据存放到了哪里,把容器关闭或删除, 存储的数据,更改了新的数据,会一并消除.这样也就意味数据有一定的风险,所以想到了一个办法,把宿主机的某个目录挂载容器里去,比如创建一个data目录,假如容器产生了新的数据,全部会写在data目录下面,这样的话会写在宿主机的磁盘上,即使容器停止或者删除,那数据还是存在的
挂载本地的目录到容器里
说明:-v 用来指定挂载目录,:前面的/data/为宿主机本地目录,:后面的/data/为容器里的目录,会在容器中自动创建
[root@cm-vpn1 ~]# docker run -tid -v /data/:/data centos6 bash
603e82b1cfd1717fa31a07359874e4435c3f2b762b348764c92f8ad7ac6c36ec
查看本地宿主机data 目录和容器的data目录是否一样
#本地data目录
[root@cm-vpn1 ~]# ls /data/
backup mysql mysql.bak
#进入容器
[root@cm-vpn1 ~]# docker exec -it 603e82b1cfd bash
#容器data目录
[root@603e82b1cfd1 /]# ls /data/
backup mysql mysql.bak
验证
说明:在容器data目录下创建一个test目录,退出容器,查看本地data目录,可以看到也有一个test目录.
所以在容器产生的数据,会存在宿主机的硬盘上.
[root@603e82b1cfd1 /]# mkdir /data/test
[root@603e82b1cfd1 /]# ls /data/
backup mysql mysql.bak test
#退出容器,查看本地data目录
[root@603e82b1cfd1 /]# exit
[root@cm-vpn1 ~]# ls /data
backup mysql mysql.bak test
挂载数据卷
其实我们挂载目录的时候,可以指定容器的name,如果不指定就随机定义了,比如上面我们没有指定,它就生成了一个名字为serene_shockley,这个名字可以使用命令docker ps 看最右侧一列.
docker run -itd --volumes-from serene_shockley
说明:使用centos镜像创建新的容器,并且使用了serence_shockley的容器的数据卷w w w w w w w w ocker run -itd --voluw mes-from docker run -itd --voluw mes-
[root@cm-vpn1 ~]# docker run -itd --volumes-from serene_shockley centos bash
f20455996a0a68f4c66237cc155277825c993747b5a52e6af7e4b46ab17c5496
进入容器
说明: 可以看到它可以自动识别到系统的data目录,实际上它和serene_shockley 容器是关联在一起的,serene_shockley 容器有什么目录或文件,这个新创建的cenos容器也一样
[root@cm-vpn1 ~]# docker exec -it f20455996a bash
[root@f20455996a0a /]# ls /data/
backup mysql mysql.bak test
定义数据卷容器
说明:有时候,我们需要多个容器之间相互共享数据,类似于linux里面的NFS,所以就可以搭建一个专门的数据卷容器,然后其他容器直接挂在该数据卷
首先创建数据卷容器
说明:
[root@cm-vpn1 ~]# docker run -itd --volumes-from serene_shockley centos bash
Docker网络模式
- host 模式:使用docker run 时使用--net=host指定 docker使用的网络实际上和宿主机一样,在容器内看到的网卡IP是宿主机IP
- container模式:使用--net=container:container_id/container_name 多个容器使用共同的网络,看到的IP是一样的
- none模式,使用--net=none指定 这种模式下,不会配置任何网络
- bridge模式:使用--net=bridge指定默认模式,不用指定默认就是这种网络模式.这种模式会为每个容器分配一个独立的Network Namespace. 类似于VMware的nat网络模式,同一个宿主机上的所有容器会在同一个网段下,相互之间是可以通信的
Docker网络管理-外部访问容器
配置桥接网络
为了使本地网络中的机器和Docker容器更方便的通信,我们经常会有将Docker容器配置到和宿主机同一网段的需求,这个需要其实很容易实现,我们只要将Docker容器和宿主机的网卡桥接起来,再给Docker容器配置上IP就可以了
[root@localhost network-scripts]# vim ifcfg-eno16777736
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="eno16777736"
UUID="f7697620-ed25-4706-8b31-476c53124e9a"
DEVICE="eno16777736"
ONBOOT="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
IPADDR="192.168.157.139"
GATEWAY=193.168.157.1
DNS1=8.8.8.8
#修改
[root@localhost network-scripts]# vim ifcfg-eno16777736
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="eno16777736"
#UUID="f7697620-ed25-4706-8b31-476c53124e9a"
DEVICE="eno16777736"
ONBOOT="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
#IPADDR="192.168.157.139"
#GATEWAY=193.168.157.1
#DNS1=8.8.8.8
BRIDGE=br0
创建一个新的网卡br0
[root@localhost network-scripts]# vim ifcfg-br0
TYPE="Bridge"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="br0"
#UUID="f7697620-ed25-4706-8b31-476c53124e9a"
DEVICE="br0"
ONBOOT="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
IPADDR="192.168.157.139"
GATEWAY=193.168.157.1
DNS1=8.8.8.8