介绍
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。Docker 使用客户端-服务器 (C/S) 架构模式,使用远程API来管理和创建Docker容器。Docker 容器通过 Docker 镜像来创建。容器与镜像的关系类似于面向对象编程中的对象与类。Docker采用 C/S架构 Docker daemon 作为服务端接受来自客户的请求,并处理这些请求(创建、运行、分发容器)。 客户端和服务端既可以运行在一个机器上,也可通过 socket 或者RESTful API 来进行通信。Docker daemon 一般在宿主主机后台运行,等待接收来自客户端的消息。 Docker 客户端则为用户提供一系列可执行命令,用户用这些命令实现跟 Docker daemon 交互。
安装
①安装Docker环境
[root@CentOS ~]# yum update
[root@CentOS ~]# yum install -y yum-utils
[root@CentOS ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
[root@CentOS ~]# yum install docker-ce docker-ce-cli containerd.io
如果安装速度慢,用户可以考虑使用阿里云的安装镜像
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
②启动Docker
[root@CentOS ~]# systemctl start docker
③验证Docker
[root@CentOS ~]# docker version
Client: Docker Engine - Community
Version: 19.03.13
API version: 1.40
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:03:45 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.13
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:02:21 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.7
GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
[root@CentOS ~]#
④配置Docker国内镜像
(1)打开链接:https://cr.console.aliyun.com
(2)注册账号,或者使用支付宝账号登陆
(3)登陆后进入下面页面
然后执行如下脚本
[root@CentOS ~]# mkdir -p /etc/docker
[root@CentOS ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["加载镜像网络地址"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
⑤运行hello-world镜像
[root@CentOS ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:8c5aeeb6a5f3ba4883347d3747a7249f491766ca1caa47e5da5dfcf6b9b717c0
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
基本命令
镜像
1、使用docker search命令搜索docker hub上的镜像,这里常有的选项有
[root@CentOS7 ~]# docker search --help
Usage: docker search [OPTIONS] TERM
Search the Docker Hub for images
Options:
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print search using a Go template
--limit int Max number of search results (default 25)
--no-trunc Don't truncate output
①搜索CentOS,这里会把所有包含CentOS的先关镜像罗列出来,默认是按照STARS的降序排列
[root@CentOS7 ~]# docker search CentOS
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 6244 [OK]
...
smartentry/centos centos with smartentry 0 [OK]
②使用filter过滤STARS>1000的记录
[root@CentOS7 ~]# docker search --filter=stars=1000 CentOS
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 6244 [OK]
③使用format格式化输出
[root@CentOS7 ~]# docker search --format "{{.Name}}\t{{.StarCount}}\t{{.Description}}" CentOS
centos 6244 The official build of CentOS.
ansible/centos7-ansible 132 Ansible on Centos7
consol/centos-xfce-vnc 123 Centos container with "headless" VNC session…
jdeathe/centos-ssh 115 OpenSSH / Supervisor / EPEL/IUS/SCL Repos - …
...
pivotaldata/centos6.8-dev 0 CentosOS 6.8 image for GPDB development
支持Format格式有
.Name
、.Description
、.StarCount
、.IsOfficial
、.IsAutomated
④限制输出条数
[root@CentOS7 ~]# docker search --limit 3 CentOS
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 6244 [OK]
pivotaldata/centos-gpdb-dev CentOS image for GPDB development. Tag names… 13
pivotaldata/centos-mingw Using the mingw toolchain to cross-compile t… 3
2、下载镜像
1、使用docker pull 下载指定镜像,在下载的时候用户可以在hub.docker.com上搜索需要下载的镜像,然后进行下载
[root@CentOS7 ~]# docker pull --help
Usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Pull an image or a repository from a registry
Options:
-a, --all-tags Download all tagged images in the repository
--disable-content-trust Skip image verification (default true)
--platform string Set platform if server is multi-platform capable
-q, --quiet Suppress verbose output
①下载CentOS镜像
[root@CentOS ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
Digest: sha256:76d24f3ba3317fa945743bb3746fbaf3a0b752f10b10376960de01da70685fbd
Status: Image is up to date for centos:latest
docker.io/library/centos:latest
[root@CentOS ~]#
②下载指定版本镜像
[root@CentOS7 ~]# docker pull centos:7
7: Pulling from library/centos
75f829a71a1c: Pull complete
Digest: sha256:19a79828ca2e505eaee0ff38c2f3fd9901f4826737295157cc5212b7a372cd2b
Status: Downloaded newer image for centos:7
docker.io/library/centos:7
3、查看镜像
[root@CentOS7 ~]# docker images --help
Usage: docker images [OPTIONS] [REPOSITORY[:TAG]]
List images
Options:
-a, --all Show all images (default hides intermediate images)
--digests Show digests
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template
--no-trunc Don't truncate output
-q, --quiet Only show numeric IDs
①查看本地所有的镜像文件
[root@CentOS7 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 7e6257c9f8d8 2 months ago 203MB
centos latest 0d120b6ccaa8 2 months ago 215MB
[root@CentOS7 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 7e6257c9f8d8 2 months ago 203MB
centos latest 0d120b6ccaa8 2 months ago 215MB
②查看所有CentOS镜像
[root@CentOS7 ~]# docker images centos
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 7e6257c9f8d8 2 months ago 203MB
centos latest 0d120b6ccaa8 2 months ago 215MB
③仅仅查看镜像的Image ID
[root@CentOS7 ~]# docker images --quiet centos
7e6257c9f8d8
0d120b6ccaa8
④模糊搜索镜像
[root@CentOS7 ~]# docker images --filter=reference='c*:la*'
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0d120b6ccaa8 2 months ago 215MB
4、删除镜像
[root@CentOS7 ~]# docker rmi --help
Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
Remove one or more images
Options:
-f, --force Force removal of the image
--no-prune Do not delete untagged parents
①删除镜像
[root@CentOS7 ~]# docker create -i -t --name centos01 --hostname centOS01 centos:7
57b508752d06ae8550f20c045f8a3899a87df05175a5fd2c726c714e21cfc0d6
[root@CentOS7 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 7e6257c9f8d8 2 months ago 203MB
centos latest 0d120b6ccaa8 2 months ago 215MB
[root@CentOS7 ~]# docker rmi 7e6257c9f8d8
Error response from daemon: conflict: unable to delete 7e6257c9f8d8 (must be forced) - image is being used by stopped container 57b508752d06
要求该镜像没有使用,否则删除不了,删除镜像后面可以跟上ImageID或者ImageName
[root@CentOS7 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 7e6257c9f8d8 2 months ago 203MB
centos latest 0d120b6ccaa8 2 months ago 215MB
[root@CentOS7 ~]# docker rmi 0d120b6ccaa8
Untagged: centos:latest
Untagged: centos@sha256:76d24f3ba3317fa945743bb3746fbaf3a0b752f10b10376960de01da70685fbd
Deleted: sha256:0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566
Deleted: sha256:291f6e44771a7b4399b0c6fb40ab4fe0331ddf76eda11080f052b003d96c7726
容器
1、创建容器
[root@CentOS7 ~]# docker create -i -t --name centos01 --hostname centos01 centos:7
da772aaa77bb514f84c870d513756f630474ea4608e6aacdd4acc22793e20762
这里的-i 表示交互 -t 表示开启个临时会话窗口
2、启动容器
[root@CentOS7 ~]# docker start centos01
centos01
或者
[root@CentOS7 ~]# docker start da772aaa77bb514f84c870d513756f630474ea4608e6aacdd4acc22793e20762
da772aaa77bb514f84c870d513756f630474ea4608e6aacdd4acc22793e20762
3、查看所有运行容器
①查看所有运行的container
[root@CentOS7 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da772aaa77bb centos:7 "/bin/bash" 5 minutes ago Up 5 minutes centos01
②查看所有container
[root@CentOS7 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da772aaa77bb centos:7 "/bin/bash" 5 minutes ago Up 5 minutes centos01
3、进入容器
[root@CentOS7 ~]# docker exec -it centos01 /bin/bash
[root@centos01 /]#
或者
[root@CentOS7 ~]# docker exec -it da772aaa77bb /bin/bash
[root@centos01 /]#
4、进入到容器上一次会话
[root@CentOS7 ~]# docker attach centos01
[root@centos01 /]#
或者
[root@CentOS7 ~]# docker attach da772aaa77bb
[root@centos01 /]#
这里需要注意,是attach方式进入,需要使用
ctrl+p+q
退出会话,不能使用exit,否者容器自动退出
5、暂停和恢复容器
[root@CentOS7 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7e8ba8c629f8 centos:7 "/bin/bash" 5 minutes ago Up 3 seconds centos01
[root@CentOS7 ~]# docker pause centos01
centos01
[root@CentOS7 ~]# docker attach centos01
You cannot attach to a paused container, unpause it first
[root@CentOS7 ~]# docker unpause centos01
centos01
[root@CentOS7 ~]# docker attach centos01
[root@centos01 /]# read escape sequence
6、停止容器
[root@CentOS7 ~]# docker stop centos01
centos01
或者
[root@CentOS7 ~]# docker stop 7e8ba8c629f8
7e8ba8c629f8
7、删除容器
[root@CentOS7 ~]# docker rm centos01
centos01
或者
[root@CentOS7 ~]# docker rm 7e8ba8c629f8
centos01
8、创建容器并运行
[root@CentOS7 ~]# docker run -it --name centos02 --hostname centos02 centos:7 /bin/bash
[root@centos02 /]#
卷挂载
卷挂载是一种机制能够实现宿主机器和container容器间实现文件的共享,目前来说挂载的的方式有很多.
①创建容器的时候进行映射
[root@CentOS7 ~]# docker run -it --name centos03 --hostname centos03 -v /root/docker/centos03/root:/root/ centos:7 /bin/bash
bash-4.2#
该指令会将宿主机上的
/root/docker/centos03/root
映射给容器上的/root
目录,如果要求容器仅仅只可以对宿主机的目录只读权限可以使用-v /root/docker/centos03/root:/root/:ro
默认文件是rw
②创建卷,然后挂载
# 创建myvolume卷
[root@CentOS7 ~]# docker volume create myvolume
myvolume
[root@CentOS7 ~]# docker volume ls
DRIVER VOLUME NAME
local myvolume
# 将用户的/root/目录映射到myvolume目录下
[root@CentOS7 ~]# docker run -i -t --name centos01 --hostname centos01 -v myvolume:/root centos:7 /bin/bash
[root@centos01 /]# cd /root/
[root@centos01 ~]# touch aa.txt
[root@CentOS7 ~]# docker volume inspect myvolume
[
{
"CreatedAt": "2020-10-20T05:34:03-04:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/myvolume/_data",
"Name": "myvolume",
"Options": {},
"Scope": "local"
}
]
[root@CentOS7 ~]# ls -al /var/lib/docker/volumes/myvolume/_data
total 24
dr-xr-x---. 2 root root 128 Oct 20 05:34 .
drwxr-xr-x. 3 root root 19 Oct 20 05:31 ..
-rw-r--r--. 1 root root 0 Oct 20 05:34 aa.txt
-rw-------. 1 root root 3416 Aug 9 17:39 anaconda-ks.cfg
-rw-r--r--. 1 root root 18 Dec 28 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 28 2013 .bash_profile
-rw-r--r--. 1 root root 176 Dec 28 2013 .bashrc
-rw-r--r--. 1 root root 100 Dec 28 2013 .cshrc
-rw-r--r--. 1 root root 129 Dec 28 2013 .tcshrc
③无需创建volume,只需指定容器目录
[root@CentOS7 ~]# docker run -i -t --name centos02 --hostname centos02 -v /root centos:7 /bin/bash
[root@centos02 /]#
# 查看centos02详情
[root@CentOS7 ~]# docker inspect centos02
...
"Mounts": [
{
"Type": "volume",
"Name": "6e430ea58e1fe80bcfed5de9fc468d112235fc0659b1e6dbb58ccd785a463008",
"Source": "/var/lib/docker/volumes/6e430ea58e1fe80bcfed5de9fc468d112235fc0659b1e6dbb58ccd785a463008/_data",
"Destination": "/root",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
...
[root@CentOS7 ~]# ls -al /var/lib/docker/volumes/6e430ea58e1fe80bcfed5de9fc468d112235fc0659b1e6dbb58ccd785a463008/_data
total 24
dr-xr-x---. 2 root root 114 Oct 20 05:38 .
drwxr-xr-x. 3 root root 19 Oct 20 05:38 ..
-rw-------. 1 root root 3416 Aug 9 17:39 anaconda-ks.cfg
-rw-r--r--. 1 root root 18 Dec 28 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 28 2013 .bash_profile
-rw-r--r--. 1 root root 176 Dec 28 2013 .bashrc
-rw-r--r--. 1 root root 100 Dec 28 2013 .cshrc
-rw-r--r--. 1 root root 129 Dec 28 2013 .tcshrc
④复制其他机器上的所有映射
[root@CentOS7 ~]# docker run -i -t --name centos03 --hostname centos03 --volumes-from centos01 centos:7 /bin/bash
[root@centos03 /]# ls /root/
aa.txt anaconda-ks.cfg
[root@centos03 /]#
端口映射
①下载MySQL镜像,并运行MySQL服务
[root@CentOS7 ~]# docker run -p 3307:3306 --name mysql02 -v /root/dcker/mysql/conf:/etc/mysql -v /root/docker/mysql/logs:/var/log/mysql -v /root/docker/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=root -d mysql:5.6
a048e1c2cfc22761403562f51da8bae94508deb378f52dc2a32b560c88582241
这里的-p指的是端口映射,其中3307表示宿主机的端口
[root@CentOS7 ~]# mysql -u root -proot -h CentOS7 -P 3307
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.49 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
②设置随机端口映射
[root@CentOS7 ~]# docker run -P --name mysql02 -v /root/dcker/mysql/conf:/etc/mysql -v /root/docker/mysql/logs:/var/log/mysql -v /root/docker/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=root -d mysql:5.6
[root@CentOS7 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
595f618afe01 mysql:5.6 "docker-entrypoint.s…" About a minute ago.. 0.0.0.0:32768->3306/tcp mysql02
[root@CentOS7 ~]# mysql -u root -proot -h CentOS7 -P 32768
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.49 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
2、Redis安装之端口映射
①安装运行redis镜像
[root@CentOS7 ~]# docker rm -f 6a6c34d807908de945d8b113f3f5db59fc31a46d2ee2d01c9c2ef8adb795a42a
6a6c34d807908de945d8b113f3f5db59fc31a46d2ee2d01c9c2ef8adb795a42a
[root@CentOS7 ~]# docker run -P -d --hostname redis --name myredis -v /root/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf redis redis-server /usr/local/etc/redis/redis.conf
cfc2ca079d7adb1b450f220144df18b9f2112554f4aa46937f7b195bd1fe6812
②进入镜像
[root@CentOS7 ~]# docker exec -it myredis /bin/bash
root@redis:/data# redis-cli -p 6379
127.0.0.1:6379> keys *
(empty array)
127.0.0.1:6379>
③查看所有运行镜像
[root@CentOS7 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cfc2ca079d7a redis "docker-entrypoint.s…" 4 minutes ago.. 0.0.0.0:32769->6379/tcp myredis
Docker高级
Docker File编写
1、MySQL镜像
FROM centos:6
MAINTAINER jiangzz <1152926811@qq.com>
RUN yum install -y mysql-server
RUN /etc/init.d/mysqld start && mysql -e "grant all privileges on *.* to 'root'@'%' identified by 'root';"
EXPOSE 3306
CMD ["mysqld_safe"]
2、Zookeeper镜像
①编写Dockerfile文件
FROM centos:7
MAINTAINER jiangzz <1152926811@qq.com>
ADD jdk-8u171-linux-x64.rpm /root
ADD zookeeper-3.4.6.tar.gz /usr
ADD zoo.cfg /usr/zookeeper-3.4.6/conf
RUN rpm -ivh /root/jdk-8u171-linux-x64.rpm
RUN mkdir /root/zkdata
ENV JAVA_HOME /usr/java/latest
ENV PATH $JAVA_HOME/bin:$PATH
CMD /usr/zookeeper-3.4.6/bin/zkServer.sh start zoo.cfg && tail -f /dev/null
②对镜像打包处理
[root@CentOS7 ~]# docker build -t zookeeper .
...
---> 4f11756e76d7
Successfully built 4f11756e76d7
Successfully tagged zookeeper:latest
[root@CentOS7 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zookeeper latest 4f11756e76d7 3 minutes ago 804MB
③创建并运行Container
[root@CentOS7 ~]# docker run -it -d zookeeper
1b4b226cbff3dd11dd7d9528f5db00eb6c8c68db80eaa18dce906dcf228de9d9
④进入容器
[root@CentOS7 ~]# docker exec -it 1b4b226cbff3 /bin/bash
[root@1b4b226cbff3 /]# jps
46 Jps
15 QuorumPeerMain
Docker网络
安装Docker时,它会自动创建三个网络,bridge(创建容器默认连接到此网络)、 none 、host。Docker内置这三个网络,运行容器时,你可以使用该–network标志来指定容器应连接到哪些网络。
[root@CentOS ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7d4bf2c78930 bridge bridge local
f93495ce1df3 host host local
e6e379c9146d none null local
[root@CentOS ~]#
Host模式
启动容器的时候使用host模式,那么这个容器将不会获得一个独立的Network,而是和宿主机共用一个Network。容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。
[root@CentOS ~]# docker run --name redis01 --network=host -d redis
d97bef82bc899e7d02b8ae722a9081c3db89946cf5276922871af06cd540d051
[root@CentOS ~]# netstat -nplt | grep redis
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 20571/redis-server
tcp6 0 0 :::6379 :::* LISTEN 20571/redis-server
在该种模式下,用户无需指定-p
参数进行端口映射,系统会自动的将端口映射到宿主机器上。
Container模式
这个模式指定新创建的容器和已经存在的一个容器共享一个Network,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的,两个容器的进程可以通过lo网卡设备通信。
[root@CentOS ~]# docker run --name redis02 --network=container:redis01 -d redis --port 6380
a6deb106cf229a2d13202f571dae780049987ad55d421a31418e23ed3f5882b9
例如可以通过登录Redis01镜像操作redis02实例上redis服务,因为redis02将网络挂载在redis01镜像实例之上。
[root@CentOS ~]# docker exec -it redis01 /bin/bash
root@CentOS:/data# redis-cli -p 6379
127.0.0.1:6379> set user jiangzz EX 120
OK
127.0.0.1:6379> quit
root@CentOS:/data# redis-cli -p 6380
127.0.0.1:6380> keys *
(empty array)