什么是docker
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。
一个完整的Docker有以下几个部分组成:
1.DockerClient客户端
2.Docker Daemon守护进程
3.Docker Image镜像
4.DockerContainer容器
docker中的容器:
lxc --> libcontainer --> runC
OCI&OCF
OCI(Open Container-initiative)
1.由Linux基金会主导于2015年6月创立
2.旨在围绕容器格式和运行时制定一个开放的工业化标准
3.contains two specifications
4.the Runtime Specification(runtime-spec)
5.the Image Specification(image-spec)
OCF(Open Container Format)
1.runC是一个CLI工具,用于根据OCI规范生成和运行容器
2.容器作为runC的子进程启动,可以嵌入到各种其他系统中,而无需运行守护进程
3.runC构建在libcontainer之上,相同的容器技术支持数百万个Docker引擎安装
docker提供了一个专门容纳容器镜像的站点:https://hub.docker.com
docker架构
Docker 使用客户端-服务器 (C/S) 架构模式,使用远程API来管理和创建Docker容器。Docker 容器通过 Docker 镜像来创建。容器与镜像的关系类似于面向对象编程中的对象与类。
docker | 面向对象 |
---|---|
容器 | 对象 |
镜像 | 类 |
Docker采用 C/S架构 Docker daemon 作为服务端接受来自客户的请求,并处理这些请求(创建、运行、分发容器)。 客户端和服务端既可以运行在一个机器上,也可通过 socket 或者RESTful API 来进行通信。
Docker daemon 一般在宿主主机后台运行,等待接收来自客户端的消息。 Docker 客户端则为用户提供一系列可执行命令,用户用这些命令实现跟 Docker daemon 交互。
docker镜像与镜像仓库
镜像是静态的,而容器是动态的,容器有其生命周期,镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件,而容器则类似于将一个程序运行起来的状态,也即进程。所以容器是可以删除的,容器被删除后其镜像是不会被删除的。
docker对象
当您使用docker时,您正在创建和使用图像、容器、网络、卷、插件和其他对象。
IMAGES
- An image is a read-only template with instructions for creating a docker container.
- Often, an image is based on another image, with some additional customization.
- You might create your own images or you might only use those created by others and published in a registry.
CONTAINERS
- A conntainer is a runnable instance of an image.
- You can create, run, stop, move, or delete a container using the docker API or CLI.
- You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.
安装及使用docker
docker安装
下载阿里云基本仓库源和epel源
root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo epel.repo
CentOS-Debuginfo.repo CentOS-Sources.repo server.repo
下载docker的阿里云镜像源
[root@localhost yum.repos.d]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 3303 0 --:--:-- --:--:-- --:--:-- 3302
[root@localhost yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
[root@localhost yum.repos.d]# ls //可以看到有docker的源
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo server.repo
CentOS-CR.repo CentOS-Media.repo docker-ce.repo
CentOS-Debuginfo.repo CentOS-Sources.repo epel.repo
安装docker
[root@localhost ~]# yum -y install docker-ce
设为开机自启
[root@localhost ~]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
docker加速
docker-ce的配置文件是/etc/docker/daemon.json,此文件默认不存在,需要我们手动创建并进行配置,而docker的加速就是通过配置此文件来实现的。
docker的加速有多种方式:
1.docker cn
2.中国科技大学加速器
3.阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
[root@localhost ~]# cd /etc/docker/
[root@localhost docker]# ls
key.json
[root@localhost docker]# vim daemon.json
[root@localhost docker]# cat daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
重启docker
[root@localhost ~]# systemctl restart docker
查看docker版本
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:46:54 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:28 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
查看docker加速器等信息
[root@localhost ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.12
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.624GiB
Name: localhost.localdomain
ID: IEC6:CCW4:RWE6:HUJ4:BQ5X:3QAE:YGNO:VO2C:P72K:YFXY:DHRM:M7SY
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/ //docker 加速器为docker-cn
Live Restore Enabled: false
修改加速器为阿里云,进入阿里云网站点击容器镜像服务 然后复制自己的加速码
[root@localhost ~]# cd /etc/docker/
[root@localhost docker]# ls
daemon.json key.json
[root@localhost docker]# vim daemon.json
[root@localhost docker]# cat daemon.json
{
"registry-mirrors": ["https://xdhxsbuh.mirror.aliyuncs.com"]
}
[root@localhost docker]# cd
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.12
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.624GiB
Name: localhost.localdomain
ID: IEC6:CCW4:RWE6:HUJ4:BQ5X:3QAE:YGNO:VO2C:P72K:YFXY:DHRM:M7SY
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://xdhxsbuh.mirror.aliyuncs.com/ //加速器已修改为阿里云的
Live Restore Enabled: false
docker常用操作
命令 | 功能 |
---|---|
docker search | 在Docker Hub中搜索图像 |
docker pull | 从注册表中提取图像或存储库 |
docker images | 图片列表 |
docker create | 创建一个新的容器 |
docker start | 启动一个或多个已停止的容器 |
docker run | 在新容器中运行命令 |
docker attach | 附加到运行的容器上 |
docker ps | 列表容器 |
docker logs | 获取容器的日志 |
docker restart | 重启一个容器 |
docker stop | 停止一个或多个正在运行的容器 |
docker kill | 杀死一个或多个正在运行的容器 |
docker rm | 取出一个或更多的容器 |
docker exec | 在运行的容器中运行命令 |
docker info | 显示整个系统的信息 |
docker inspect | 返回Docker对象的低级信息 |
例子
[root@localhost ~]# docker search nginx //查找nginx的镜像
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 13663 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1866 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 782 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 127
bitnami/nginx Bitnami nginx Docker Image 89 [OK]
。。。。。。。。。。。。。.。。
拉取Apache的镜像
[root@localhost ~]# docker pull httpd
Using default tag: latest //代表是最新的镜像
latest: Pulling from library/httpd
bf5952930446: Pull complete
3d3fecf6569b: Pull complete
b5fc3125d912: Pull complete
679d69c01e90: Pull complete
76291586768e: Pull complete
Digest: sha256:3cbdff4bc16681541885ccf1524a532afa28d2a6578ab7c2d5154a7abc182379
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
查看已有的镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest a6ea92c35c43 3 weeks ago 166MB
创建一个容器
[root@localhost ~]# docker create httpd
fac53128af6cccff6fdcde81ec67d715859df2432b7fde90338ecbe7c57a2f94
docker ps查看容器,只能看到启动的,-a参数查看所有容器
[root@localhost ~]# docker ps -a //可以看到处于创建状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fac53128af6c httpd "httpd-foreground" About a minute ago Created inspiring_meninsky
启动容器
[root@localhost ~]# docker start fac53128af6c
fac53128af6c
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fac53128af6c httpd "httpd-foreground" 2 minutes ago Up 12 seconds 80/tcp inspiring_meninsky
这个命令执行时如果不存在会去官方去拉取并且下载运行,一个命令有三个动作
首先在本地查找,如果没有就去网上拉取
[root@localhost ~]# docker run -d nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
bf5952930446: Already exists
cb9a6de05e5a: Pull complete
9513ea0afb93: Pull complete
b49ea07d2e93: Pull complete
a5e4a503d449: Pull complete
Digest: sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661
Status: Downloaded newer image for nginx:latest
caa944588685cceb38a63f7b83298d648329eb2266b416a6bf0c0c41902bcfff
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
caa944588685 nginx "/docker-entrypoint.…" 30 seconds ago Up 30 seconds 80/tcp sleepy_hamilton
fac53128af6c httpd "httpd-foreground" 8 minutes ago Up 6 minutes 80/tcp inspiring_meninsky
docker attach一般不用,一终止就会停掉,一般是用docker exec,这个exit退出了也还是在运行,不会停止
[root@localhost ~]# docker exec -it fac53128af6c /bin/bash
root@fac53128af6c:/usr/local/apache2# ls
bin build cgi-bin conf error htdocs icons include logs modules
root@fac53128af6c:/usr/local/apache2# ls /
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
root@fac53128af6c:/usr/local/apache2# exit
exit
查看容器日志
[root@localhost ~]# docker logs fac53128af6c
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Aug 27 10:16:02.925543 2020] [mpm_event:notice] [pid 1:tid 140617792992384] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Aug 27 10:16:02.926201 2020] [core:notice] [pid 1:tid 140617792992384] AH00094: Command line: 'httpd -D FOREGROUND'
重启一个容器
[root@localhost ~]# docker restart caa944588685
caa944588685
停掉一个容器
[root@localhost ~]# docker stop fac53128af6c
fac53128af6c
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
caa944588685 nginx "/docker-entrypoint.…" 8 minutes ago Up About a minute 80/tcp sleepy_hamilton
杀死一个容器
[root@localhost ~]# docker kill caa944588685
caa944588685
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
caa944588685 nginx "/docker-entrypoint.…" 9 minutes ago Exited (137) 6 seconds ago sleepy_hamilton
fac53128af6c httpd "httpd-foreground" 17 minutes ago Exited (0) About a minute ago inspiring_meninsky
删除一个容器,只能删除停止的,如果要删除运行的要加-f参数
[root@localhost ~]# docker rm caa944588685
caa944588685
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fac53128af6c httpd "httpd-foreground" 20 minutes ago Up 36 seconds 80/tcp inspiring_meninsky
[root@localhost ~]# docker rm -f fac53128af6c
fac53128af6c
查看系统信息
[root@localhost ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 2
Server Version: 19.03.12
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.624GiB
Name: localhost.localdomain
ID: IEC6:CCW4:RWE6:HUJ4:BQ5X:3QAE:YGNO:VO2C:P72K:YFXY:DHRM:M7SY
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://xdhxsbuh.mirror.aliyuncs.com/
Live Restore Enabled: false
先启动一个容器
[root@localhost ~]# docker run -d nginx
721cd210629fec525a0857e5e23f6d3675c92956e4603cdd1f50def67f00a966
查看详细信息
[root@localhost ~]# docker inspect 721cd210629f
[
{
"Id": "721cd210629fec525a0857e5e23f6d3675c92956e4603cdd1f50def67f00a966",
"Created": "2020-08-27T10:35:08.179199474Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
省略。。。。。。。。。
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "3664f5f52f3e22ab5b832cb2fe849b94f42ba10450d71afec84bd68956e987ec",
"EndpointID": "7a837ecd7a1b7837ba4b662da1fbe8f493e77ace193ae685f701643b9795af28",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
docker event state