Docker 是一个开源的应用容器引擎,可以打包目标应用及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 主机上。
Docker 使用Go语言实现,基于Linux内核的 cgroup、namespace以及 AUFS 类的Union FS等技术,对进程进行封装隔离,相当于操作系统层面的虚拟化技术。隔离的进程独立于宿主和其它的隔离进程,因此也称其为容器。每个容器使用沙箱机制,相互之间不会有任何接口。
官方网站:https://www.docker.com/
仓库:用来提供/存放镜像,有官方仓库、私有仓库。
镜像:针对某个虚拟机或某个应用封装的独立环境,作为容器的模板。
容器:基于某个镜像启动的在内存中运行的实例。
传统虚拟化与容器技术对比:
一、系统环境
华为云ECS服务器一台,使用公开镜像CentOS 8.0。
1)系统版本、内核版本
[root@docker1 ~]# cat /etc/redhat-release CentOS Linux release 8.0.1905 (Core) [root@docker1 ~]# uname -r4.18.0-147.5.1.el8_1.x86_64
2)CentOS默认仓库
[root@docker1 ~]# yum repolistFailed to set locale, defaulting to C.UTF-8Last metadata expiration check: 0:01:15 ago on Sat Nov 7 19:06:23 2020.repo id repo name statusAppStream CentOS-8 - AppStream 4933BaseOS CentOS-8 - Base 1673*epel Extra Packages for Enterprise Linux 8 - x86_64 6628*epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 0extras CentOS-8 - Extras 27
二、安装docker平台
1. 安装docker-ce社区版容器包
[root@docker1 ~]# vim /etc/yum.repos.d/docker-ce.repo //添加docker-ce源[docker-ce-stable]name=Docker CE Stable - $basearchbaseurl=https://download.docker.com/linux/centos/8/$basearch/stableenabled=1gpgcheck=1gpgkey=https://download.docker.com/linux/centos/gpg[root@docker1 ~]# yum -y install docker-ce //直接yum在线安装.. ..
2. 启用docker服务
1)设置docker服务自动运行,并立即启动
[root@docker1 ~]# systemctl enable docker --now
2)查看docker主程序版本
[root@docker1 ~]# docker -v //查看简要信息Docker version 19.03.13, build 4484c46d9d[root@docker1 ~]# docker version //查看详细版本信息Client: Docker Engine - Community Version: 19.03.13.. ..Server: Docker Engine - Community Engine: Version: 19.03.13 .. ..
3)查看docker主机信息
[root@docker1 ~]# docker infoClient: Debug Mode: falseServer: Containers: 15 Running: 4 .. ..
三、管理镜像
1. 从仓库搜索xx镜像
可访问 https://hub.docker.com/explore 了解官方镜像,或者直接搜索镜像:
[root@docker1 ~]# docker search nginxNAME DESCRIPTION STARS OFFICIAL AUTOMATEDNginx Official build of Nginx. 13971 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1906 [OK]richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 791 [OK]linuxserver/nginx An Nginx container, brought to you by LinuxS… 128 .. ..
镜像、容器、仓库的关系:
2. 从仓库下载xx镜像
1)配置国内镜像加速(可选)
[root@docker1 ~]# vim /etc/docker/daemon.json //新建镜像地址配置{ "registry-mirrors": [ "https://registry.docker-cn.com" ] } //Docker中国镜像地址[root@docker1 ~]# systemdtl restart docker //重启docker服务[root@docker1 ~]# docker info | grep -A1 "Registry Mirrors:" //确认更新结果Registry Mirrors: https://registry.docker-cn.com/
2)下载xx镜像
[root@docker1 ~]# docker pull hello-world //下载名为hello-world的镜像[root@docker1 ~]# docker pull nginx //下载名为nginx的镜像[root@docker1 ~]# docker pull centos //下载名为centos的镜像.. ..
3)查看本地镜像列表,检查下载结果
[root@docker1 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest c39a868aad02 40 hours ago 133MBcentos latest 0d120b6ccaa8 2 months ago 215MBhello-world latest bf756fb1ae65 10 months ago 13.3kB
3. 为xx镜像设置新标记(根据ID或镜像名称定位)
1)为ID以fce2开头的镜像设置新标签
[root@docker1 ~]# docker tag bf75 hello-world:1.1
2)查看本地镜像列表,检查设置结果
[root@docker1 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest c39a868aad02 40 hours ago 133MBcentos latest 0d120b6ccaa8 2 months ago 215MBhello-world 1.1 bf756fb1ae65 10 months ago 13.3kBhello-world latest bf756fb1ae65 10 months ago 13.3kB
4. 删除xx镜像(根据ID或镜像名称定位)
1)删除镜像 hello-world:1.0
[root@docker1 ~]# docker rmi hello-world:1.1Untagged: hello-world:1.0
2)查看本地镜像列表,检查删除结果
[root@docker1 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest c39a868aad02 40 hours ago 133MBcentos latest 0d120b6ccaa8 2 months ago 215MBhello-world latest bf756fb1ae65 10 months ago 13.3kB
5. 将xx镜像导出为备份文件(.tar格式)
1)将名为nginx的镜像导出为/root/nginx.tar备份文件
[root@docker1 ~]# docker save nginx > /root/nginx.tar
2)确认备份结果
[root@docker1 ~]# ls -lh /root/nginx.tar-rw-r--r-- 1 root root 131M Nov 7 18:06 /root/nginx.tar
6. 从xx备份文件导入镜像
1)从/root/目录下导入nginx.tar镜像
[root@docker1 ~]# docker import /root/nginx.tar nginx-new:latestsha256:512651f45fbf23ab13cb48672d81762e19586ebb29af8bf5a856bc18d6c65ed9
2)确认导入结果
[root@docker1 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx-new latest 512651f45fbf About a minute ago 137MBnginx latest c39a868aad02 40 hours ago 133MBcentos latest 0d120b6ccaa8 2 months ago 215MBhello-world latest bf756fb1ae65 10 months ago 13.3kB[root@docker1 ~]# docker images nginx-newREPOSITORY TAG IMAGE ID CREATED SIZEnginx-new latest 512651f45fbf 12 seconds ago 137MB
四、管理容器
1. 运行hello-world测试容器
[root@docker1 ~]# docker run hello-worldHello from Docker!This message shows that your installation appears to be working correctly... ..
2. 启动xx容器
1)启动nginx容器,执行容器内的一条命令(nginx -v、grep root .. ..)后自动退出
[root@docker1 ~]# docker run nginx nginx -v //检查nginx容器的程序版本.. ..nginx version: nginx/1.19.4
2)启动一个nginx容器,并进入容器内的/bin/bash命令行环境(-i 允许交互,-t 开启终端)
[root@docker1 ~]# docker run -it nginx bashroot@0136b4838f79:/# ls /etc/nginx/*conf* //查找nginx配置文件/etc/nginx/nginx.conf //主配置/etc/nginx/conf.d:default.conf //默认配置root@0136b4838f79:/# grep root /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf: root /usr/share/nginx/html; //默认网页目录/etc/nginx/conf.d/default.conf: root /usr/share/nginx/html;/etc/nginx/conf.d/default.conf: # root html;/etc/nginx/conf.d/default.conf: # deny access to .htaccess files, if Apache's document rootroot@0136b4838f79:/# exit //退出容器exit[root@docker1 ~]#
3)在后台启动一个nginx容器(-d 在后台运行,-p 本地端口:容器端口)
将docker主机的8000端口映射到此nginx容器的80端口
[root@docker1 ~]# docker run -d -p 8000:80 nginx246d0680e0fedb2893c36b350351f8305fd5a00e581efaba4fb2491ec22e906a[root@docker1 ~]# docker ps //列出活动中的容器CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES246d0680e0fe nginx "/docker-entrypoint.…" 18 seconds ago Up 17 seconds 0.0.0.0:8000->80/tcp cranky_tesla
4)在后台启动一个nginx容器,将docker主机的8001端口映射到此nginx容器的80端口,将docker主机的/opt/webroot映射为此nginx容器的web目录(-v 本地目录:容器内目录):
[root@docker1 ~]# mkdir /opt/webroot //准备网页目录[root@docker1 ~]# echo "Docker Test" > /opt/webroot/index.html //准备默认测试网页[root@docker1 ~]# docker run -d -p 8001:80 -v /opt/webroot:/usr/share/nginx/html nginx2b3c430f0a939b77fb6ca1a52c5a58bf631aae7f65113e27031b1a41b9d59bfb //启动容器[root@docker1 ~]# docker ps //列出活动中的容器CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES2b3c430f0a93 nginx "/docker-entrypoint.…" 18 seconds ago Up 18 seconds 0.0.0.0:8001->80/tcp exciting_mcnulty246d0680e0fe nginx "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 0.0.0.0:8000->80/tcp cranky_tesla
3. 访问xx容器
1)连接到ID值以b76b开头的容器的命令行
[root@docker1 ~]# docker exec -it b76b bashroot@2b3c430f0a93:/# service nginx status[ ok ] nginx is running.root@2b3c430f0a93:/# exitexit[root@dock001 ~]#
2)从docker主机向ID值为b76b的容器传输文件
[root@docker1 ~]# echo AAAA > /root/a.html //建立测试网页[root@docker1 ~]# docker cp /root/a.html 2b3c:/usr/share/nginx/html/a.html //复制文件到容器[root@docker1 ~]# docker exec 2b3c cat /usr/share/nginx/html/a.html //确认结果AAAA
3)通过映射端口访问容器中的Web服务
[root@docker1 ~]# curl http://localhost:8001/ //浏览8001端口访问目标容器首页Docker Test[root@docker1 ~]# curl http://localhost:8001/a.html //浏览指定页面AAAA
4. 关闭/杀死、删除容器
1)关闭/杀死ID值为246d的容器
[root@docker1 ~]# docker stop 246d //若要杀容器改用kill246d[root@dock001 ~]# docker ps -a | grep 246d //检查xx容器状态246d0680e0fe nginx "/docker-entrypoint.…" 11 minutes ago Exited (0) About a minute ago cranky_tesla
2)重新启动被关闭的ID值为246d的容器
[root@dock001 ~]# docker start 246d //启用已关闭的xx容器246d[root@dock001 ~]# docker ps -a | grep 246d //检查xx容器状态246d0680e0fe nginx "/docker-entrypoint.…" 12 minutes ago Up 2 seconds 0.0.0.0:8000->80/tcp cranky_tesla
3)删除ID值为b76b的容器
[root@docker1 ~]# docker stop 246d //先关闭xx容器246d[root@docker1 ~]# docker rm 246d //删除已关闭的xx容器246d[root@docker1 ~]# docker ps -a | grep 246d //检查删除结果(无输出)[root@docker1 ~]#
5. 启动并测试centos容器
1)启动centos系统容器(开启终端、在后台运行)
[root@docker1 ~]# docker run -td centos //启动centos容器9e559ee34b5b62cc6c589d9db777a9c80f22841de76005fcde6d3a4736c5d19a
2)检查容器状态
[root@docker1 ~]# docker ps | grep centos9e559ee34b5b centos "/bin/bash" 41 seconds ago Up 40 seconds hungry_chaum
3)访问容器的命令行界面
[root@docker1 ~]# docker exec -it 9e55 bash //连接到eebf-centos命令行界面[root@9e559ee34b5b /]# cat /etc/redhat-release //检查系统版本CentOS Linux release 8.2.2004 (Core) [root@9e559ee34b5b /]# exitexit[root@docker1 ~]#
4)查看容器的IP地址信息
[root@docker1 ~]# docker inspect eebf | grep '"IPAddress"' "SecondaryIPAddresses": null, "IPAddress": "172.17.0.2", //9e55-centos的IP地址 "IPAddress": "172.17.0.2",[root@docker1 ~]#
五、自定义镜像
1. 以xx容器为基础,commit存为新镜像(不推荐)
1)启动一个nginx容器
[root@docker1 ~]# docker run -itd nginx //启用容器dac1fd1f2cb52767f135d23d5e1c01bd9bfb630abb16a7ef753375b45ffd7c9a[root@docker1 ~]# docker ps //确认结果CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESdac1fd1f2cb5 nginx "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 80/tcp elastic_mendeleev.. ..
2)访问ID以dac1开头的容器,修改nginx默认Web首页内容
[root@docker1 ~]# docker exec -it dac1 bash //连接dac1容器root@dac1fd1f2cb5:/# echo "Nginx Test Site." > /usr/share/nginx/html/index.html //修改Web页root@dac1fd1f2cb5:/# exit //退出exit[root@docker1 ~]#
3)另存为新镜像nginx-test3(若不指定新名称,则更新到原镜像)
[root@docker1 ~]# docker commit dac1 nginx-test7 //提交更新,另存为新镜像sha256:bca296c9dd392056feec3866f652d4a3560f21f410e3829549a75d00a5a0a6e2[root@docker1 ~]# docker images //检查新生成的镜像REPOSITORY TAG IMAGE ID CREATED SIZEnginx-test7 latest bca296c9dd39 31 seconds ago 133MBnginx-new latest 512651f45fbf 45 minutes ago 137MBnginx latest c39a868aad02 41 hours ago 133MBcentos latest 0d120b6ccaa8 2 months ago 215MBhello-world latest bf756fb1ae65 10 months ago 13.3kB
4)以新镜像nginx-test3启动一个容器,访问网页测试效果
[root@docker1 ~]# docker run -itd -p 8003:80 nginx-test747d88437b17b6dbe4a46fc2862cda054a6b0cf1438a9ae7183c11c3e49e2be93[root@docker1 ~]# curl http://localhost:8003/Nginx Test Site. [root@docker1 ~]#
2. 以xx镜像为基础,通过dockerfile定制新镜像
1)准备镜像构建临时目录、准备要复制到镜像中的测试文件
[root@docker1 ~]# mkdir /root/tmpdir[root@docker1 ~]# echo TTEESSTT > /root/tmpdir/test.txt
2)编写好镜像构建配置文件
[root@docker1 ~]# vim /root/tmpdir/dockerfileFROM centosMAINTAINER TsengYia xxxx@yyyy.zzzWORKDIR /var/www/htmlENV LSB_RELEASE="CentOS 8.2"ADD test.txt /root/new.txtRUN yum -y install httpd && echo "It's OK" > /var/www/html/index.htmlEXPOSE 80CMD ["httpd", "-DFOREGROUND"]
!!!! dockerfile常用配置语法
FROM:指定以哪一个镜像为基础 MAINTAINER:镜像创建者信息 WORKDIR:定义容器的默认工作目录(若镜像中无此目录,构建时会自动创建) ENV:设置环境变量 COPY:复制文件到镜像(若需直接释放.tar.gz类的文件到镜像中,请改用ADD指令) RUN:在镜像中执行的命令,可以有多条RUN(尽量少,必要时可以&&合并) EXPOSE:说明开放了哪个端口 CMD:容器启动时执行的主命令,仅可以有一条CMD3)以centos镜像为基础,建立新镜像centos-test1
[root@docker1 ~]# docker build -t centos-test1 /root/tmpdir/Sending build context to Docker daemon 3.072kBSending build context to Docker daemon 3.072kBStep 1/8 : FROM centos ---> e934aafc2206Step 2/8 : MAINTAINER TsengYia xxxx@yyyy.zzz ---> Using cache ---> 04adfd7012bb.. ..Step 8/8 : CMD ["httpd", "-DFOREGROUND"] ---> Running in 10bb84fb32c7Removing intermediate container 10bb84fb32c7 ---> 8bcf79b4e22fSuccessfully built 8bcf79b4e22fSuccessfully tagged centos-test1:latest
[root@docker1 ~]# docker images //检查新生成的镜像REPOSITORY TAG IMAGE ID CREATED SIZEcentos-test1 latest 8e9d31184dc3 About a minute ago 334MBnginx-test7 latest bca296c9dd39 31 seconds ago 133MBnginx-new latest 512651f45fbf 45 minutes ago 137MBnginx latest c39a868aad02 41 hours ago 133MBcentos latest 0d120b6ccaa8 2 months ago 215MBhello-world latest bf756fb1ae65 10 months ago 13.3kB
4)以新镜像centos-test1启动一个容器,确认容器运行效果
[root@docker1 ~]# docker run -itd -p 8004:80 centos-test12e75066121c6937e5d84c8b0131aa8a37e24ecaaa4f42da0dee8efc1fa37a348[root@docker1 ~]# docker exec 2e75 env | egrep 'LSB|AUTHOR' //检查容器中的环境变量Author=TsengYiaLSB_RELEASE=CentOS 7.4[root@docker1 ~]# docker exec 2e75 cat /root/new.txt //检查容器中的文件TTEESSTT[root@docker1 ~]# docker exec 2e75 cat /var/www/html/index.html //检查容器中的文件It's OK[root@docker1 ~]# elinks -dump http://192.168.10.10:8004 //访问容器的Web服务 It's OK[root@docker1 ~]#
六、获取docker相关指令帮助
1. 查看docker指令清单
[root@docker1 ~# dockerUsage: docker [OPTIONS] COMMAND [arg...] docker [ --help | -v | --version ].. ..Commands: attach Attach to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem.. ..
2. 获取具体指令的帮助
[root@docker1 ~]# man docker-images[root@docker1 ~]# man docker-run[root@docker1 ~]# man docker-cp[root@docker1 ~]# man docker-ps[root@docker1 ~]# man docker-start[root@docker1 ~]# man docker-stop[root@docker1 ~]# man docker-kill[root@docker1 ~]# man docker-exec