Docker 基本用法
Docker架构说明
Docker使用C/S体系的架构,Docker客户端与Docker守护进程通信,Docker守护进程负责构建,运行和分发Docker容器。Docker客户端和守护进程可以在同一个系统上运行,也可以将Docker客户端连接到远程Docker守护进程。Docker客户端和守护进程使用REST API通过unix套接字或网络接口进行通信。
下面是Docker核心组件及元素说明:
-
Docker Daemon: dockerd,用来监听Docker API的请求和管理Docker对象,比如镜像、容器、网络和Volume。
-
Docker Client:docker,docker client是我们和Docker进行交互的最主要的方式方法,比如我们可以通过docker run 命令来运行一个容器,然后我们的docker client会把命令发送给上面的Dockerd,主它来负责处理。
-
Docker Registry:用来存储Docker镜像的仓库,Docker hub是官方提供的一个公共仓库,而且Docker默认也是从Docker Hub上查找镜像的。当然你也可以很方便的运行一个私有仓库,当我们使用docker pull或者docker run命令时,就会从我们配置的docker镜像仓库中去拉取镜像,使用docker push时,会将我们构建的镜像推送到对应的镜像仓库中。
-
Images:镜像,镜像是一个只读模板 ,带有创建docker容器的说明。一般来说,镜像会基于另外的一些基础镜像构建并加上一些额外的自定义功能。比如你可以构建一个基于centos的镜像,然后在这个基础镜像上面安装一个Nginx应用,这样就可以构建成属于我们自己的镜像了。
-
Containers:容器,容器是一个镜像的运行实例。可以使用Docker REST API或者CLI来操作容器。容器的实质是进程,但与直接在宿主机执行的进程不同,容器进行运行于属于自己独立的命名空间。因此容器可以拥有自己的root文件系统、自己的网络配置、自己的进程空间,甚至自己的用户id空间。容器内的进程是运行在一个隔离的环境里,使用起来,就好像在一个独立于宿主的系统下操作一样。这种特性使得容器封装的应用比直接在宿主机运行更多案例。
OCl&&OCF
-
OCl
开放容器倡议 -
由Linux基金会主导于2015年6月创刊
-
注重围绕容器格式和运行时制定开放的工业化标准
-
包含两个规格
-
运行时规范(runtime-spec)
-
图像规范(image-spec)
-
OCF
开放式容器格式 -
runC 是一个 CLI 工具,用于根据 OCI 规范生成和运行容器
-
容器作为 runC 的子进程启动,可以嵌入到各种其他系统中,而无需运行守护进程
-
runC 建立在 libcontainer 之上,同样的容器技术为数百万个 Docker 引擎安装提供支持
docker镜像与镜像仓库
在docker中仓库的名字是以应用的名称取名的如:
nginx
在docker hub仓库中官方的镜像名就以服务名命名
当然除了官方的镜像以外,也有第三方镜像,如上图bitnami/nginx 这样的一个镜像,那么bitname又是什么呢,当我们自己访问自己的镜像仓库时我们发现,在镜像之前的那一串字符,其实就是自己的docker 用户名。
除此以外,镜像和容器又有什么不同呢?
镜像是静态的,而容器是动态的,容器有其生命周期,镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件,而容器则类似于将一个程序运行起来的状态,也即进程。所以容器是可以删除的,容器被删除后其镜像是不会被删除的。
docker 对象
当您使用 docker 时,您正在创建和使用镜像、容器、网络、卷、插件和其他对象。
- 镜像
- 镜像是一个只读模板,其中包含创建 docker 容器的代码和说明。
- 通常,一个图像基于另一个图像,并带有一些额外的自定义。
- 您可以创建自己的映像,也可以仅使用其他人创建并在docker hub仓库中发布的映像。
- 容器
- 容器是镜像的可运行实例。
- 您可以使用 docker API 或 CLI 创建、运行、停止、移动或删除容器。
- 您可以将容器连接到一个或多个网络,为其附加存储,甚至可以根据其当前状态创建新映像。
docker安装
配置网络源(rhel红帽系统)
[root@docker ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
配置docker-ce 源
[root@docker ~]# cd /etc/yum.repos.d/
[root@docker yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
安装 docker-ce 以及依赖包和工具
[root@docker ~]# dnf -y install yum-utils device-mapper-persistent-data lvm2
[root@docker ~]# yum -y install docker-ce --allowerasing
安装完成后,使用 docker version 命令查看docker的版本信息
[root@docker ~]# docker version
Client: Docker Engine - Community
Version: 20.10.11
API version: 1.41
Go version: go1.16.9
Git commit: dea9396
Built: Thu Nov 18 00:36:58 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
配置docker 加速
当docker配置完成后,我们还需要在主机上配置一个加速器
因为在使用docker时,我们常常会到docker hub拉取镜像,但其大多数服务器都设立在海外,所以下载时,十分缓慢,而增加加速器之后会大大提高拉取镜像的速度。
docker-ce的配置文件是/etc/docker/daemon.json,此文件默认不存在,需要我们手动创建并进行配置,而docker的加速就是通过配置此文件来实现的。
docker的加速有多种方式:
- docker cn
- 中国科技大学加速器
- 阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
进入阿里云官方
登录阿里云账号(点击控制台)
点击左上角菜单
找到容器镜像服务选项
点击镜像加速器
阿里云加速器配置
[root@docker ~]# mkdir -p /etc/docker
[root@docker ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://a74l47xi.mirror.aliyuncs.com"] //此处的网址是个人账户分配的
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
docker常用操作
命令 | 功能 |
---|---|
docker search | Search the Docker Hub for images |
docker pull | Pull an image or a repository from a registry |
docker images | List images |
docker create | Create a new conntainer |
docker start | Start one or more stopped containers |
docker run | Run a command in a new container |
docker attach | Attach to a runninng container |
docker ps | List containers |
docker logs | Fetch the logs of a container |
docker restart | Restart a container |
docker stop | Stop one or more running containers |
docker kill | Kill one or more running containers |
docker rm | Remove onne or more containers |
docker exec | Run a command in a running container |
docker info | Display system-wide information |
docker inspect | Return low-level information on Docker objects |
命令事例
docker search
在 docker hub 仓库中搜索 指定 镜像
[root@docker ~]# docker search httpd
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
httpd The Apache HTTP Server Project 3783 [OK]
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 40
centos/httpd 34 [OK]
arm32v7/httpd The Apache HTTP Server Project 10
polinux/httpd-php Apache with PHP in Docker (Supervisor, CentO… 5 [OK]
solsson/httpd-openidc mod_auth_openidc on official httpd image, ve… 2 [OK]
hypoport/httpd-cgi httpd-cgi 2 [OK]
inanimate/httpd-ssl A play container with httpd, ssl enabled, an… 1 [OK]
publici/httpd httpd:latest 1 [OK]
jonathanheilmann/httpd-alpine-rewrite httpd:alpine with enabled mod_rewrite 1 [OK]
lead4good/httpd-fpm httpd server which connects via fcgi proxy h… 1 [OK]
dockerpinata/httpd 1
manageiq/httpd Container with httpd, built on CentOS for Ma… 1 [OK]
dariko/httpd-rproxy-ldap Apache httpd reverse proxy with LDAP authent… 1 [OK]
clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser… 1
centos/httpd-24-centos8 1
appertly/httpd Customized Apache HTTPD that uses a PHP-FPM … 0 [OK]
amd64/httpd The Apache HTTP Server Project 0
interlutions/httpd httpd docker image with debian-based config … 0 [OK]
manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK]
manasip/httpd 0
itsziget/httpd24 Extended HTTPD Docker image based on the off… 0 [OK]
ysli/httpd Httpd for DeepWeb 0 [OK]
trollin/httpd 0
e2eteam/httpd 0
docker pull
从指定位置拉取镜像
[root@docker ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
eff15d958d66: Pull complete
ba1caf8ba86c: Pull complete
ab86dc02235d: Pull complete
0d58b11d2867: Pull complete
e88da7cb925c: Pull complete
Digest: sha256:1d71eef54c08435c0be99877c408637f03112dc9f929fba3cccdd15896099b02
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
docker images
查看镜像列表
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest ad17c88403e2 12 days ago 143MB
docker create
创建指定的容器(不运行)
[root@docker ~]# docker create httpd
eab77da51c8f2188580d59786267d0b9abc5269ec4f10532ba44645c85a14c55
//使用docker ps 查看
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
docker start
将指定的容器启动
//注意: 在启动是后面跟 的不是容器的名称而是这个容器的id
[root@docker ~]# docker start eab77da51c8f2188580d59786267d0b9abc5269ec4f10532ba44645c85a14c55
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
eab77da51c8f httpd "httpd-foreground" 2 minutes ago Up 21 seconds 80/tcp kind_yonath
docker run
将指定的容器创建并允许(若使用该命令时,镜像列表中没有镜像时,它会自动pull并将其创建、运行)
先查看镜像列表
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest ad17c88403e2 12 days ago 143MB //此时只有一个镜像
[root@docker ~]# docker run nginx
Unable to find image 'nginx:latest' locally //拉取最新镜像
latest: Pulling from library/nginx
eff15d958d66: Already exists
1e5351450a59: Pull complete
2df63e6ce2be: Pull complete
9171c7ae368c: Pull complete
020f975acd28: Pull complete
266f639b35ad: Pull complete
Digest: sha256:097c3a0913d7e3a5b01b6c685a60c03632fc7a2b50bc8e35bcaa3691d788226e
Status: Downloaded newer image for nginx:latest
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/01 09:01:18 [notice] 1#1: using the "epoll" event method
2021/12/01 09:01:18 [notice] 1#1: nginx/1.21.4
2021/12/01 09:01:18 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/01 09:01:18 [notice] 1#1: OS: Linux 4.18.0-193.el8.x86_64
2021/12/01 09:01:18 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/12/01 09:01:18 [notice] 1#1: start worker processes
2021/12/01 09:01:18 [notice] 1#1: start worker process 31
2021/12/01 09:01:18 [notice] 1#1: start worker process 32
//再次查看镜像列表
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest ad17c88403e2 12 days ago 143MB
nginx latest ea335eea17ab 13 days ago 141MB
//使用 docker ps -a 命令 查看是否在运行
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 10 minutes ago Up 10 minutes 80/tcp unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 19 minutes ago Up 16 minutes 80/tcp kind_yonath
docker stop
停止指定容器
// 查看正在运行的容器
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 10 minutes ago Up 10 minutes 80/tcp unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 19 minutes ago Up 16 minutes 80/tcp kind_yonath
[root@docker ~]# docker stop de6d7ac190f9 // 停止nginx容器
de6d7ac190f9
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 13 minutes ago Exited (0) 8 seconds ago unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 21 minutes ago Up 18 minutes 80/tcp kind_yonath
//发现nginx容器已停止 ( Exited (0) 8 seconds) 八秒之前退出
docker restart
重启指定容器
[root@docker ~]# docker ps -a //status 状态为关闭
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 13 minutes ago Exited (0) 8 seconds ago unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 21 minutes ago Up 18 minutes 80/tcp kind_yonath
[root@docker ~]# docker restart de6d7ac190f9
de6d7ac190f9 //重启
[root@docker ~]# docker ps -a //再次查看,发现状态(status)up 启动
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 16 minutes ago Up 5 seconds 80/tcp unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 24 minutes ago Up 22 minutes 80/tcp kind_yonath
## Up 5 seconds 五秒之前启动
docker logs
查看指定容器的日志
[root@docker ~]# docker logs de6d7ac190f9
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/01 09:01:18 [notice] 1#1: using the "epoll" event method
2021/12/01 09:01:18 [notice] 1#1: nginx/1.21.4
2021/12/01 09:01:18 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/01 09:01:18 [notice] 1#1: OS: Linux 4.18.0-193.el8.x86_64
2021/12/01 09:01:18 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/12/01 09:01:18 [notice] 1#1: start worker processes
2021/12/01 09:01:18 [notice] 1#1: start worker process 31
2021/12/01 09:01:18 [notice] 1#1: start worker process 32
2021/12/01 09:11:43 [notice] 1#1: signal 28 (SIGWINCH) received
2021/12/01 09:11:43 [notice] 1#1: signal 28 (SIGWINCH) received
2021/12/01 09:11:45 [notice] 1#1: signal 28 (SIGWINCH) received
2021/12/01 09:11:45 [notice] 1#1: signal 28 (SIGWINCH) received
2021/12/01 09:14:09 [notice] 1#1: signal 3 (SIGQUIT) received, shutting down
2021/12/01 09:14:09 [notice] 31#31: gracefully shutting down
2021/12/01 09:14:09 [notice] 32#32: gracefully shutting down
docker kill
结束(杀死)掉正在运行的进程
[root@docker ~]# docker ps -a //查看容器运行状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 22 minutes ago Up 5 minutes 80/tcp unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 30 minutes ago Up 27 minutes 80/tcp kind_yonath
[root@docker ~]# docker kill eab77da51c8f
eab77da51c8f //结束掉httpd容器的进程
[root@docker ~]# docker ps -a //再次查看发现以及停止
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 22 minutes ago Up 5 minutes 80/tcp unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 30 minutes ago Exited (137) 10 seconds ago kind_yonath
Exited (137) 10 seconds ago 10 秒前退出
docker rm
删除指定容器(正在运行的容器不可删除)
[root@docker ~]# docker ps -a //查看容器运行状态 (此时的nginx处于运行状态)
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 22 minutes ago Up 5 minutes 80/tcp unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 30 minutes ago Exited (137) 10 seconds ago kind_yonath
[root@docker ~]# docker rm de6d7ac190f9 (删除nginx容器时发现,无法删除)
Error response from daemon: You cannot remove a running container de6d7ac190f9645505474d826c3730e2feb6b6e44fe6b99c0d88208a4e6a69ba. Stop the container before attempting removal or force remove
[root@docker ~]# docker ps -a(niginx 容器还在运行中)
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 25 minutes ago Up 9 minutes 80/tcp unruffled_visvesvaraya
eab77da51c8f httpd "httpd-foreground" 34 minutes ago Exited (137) 3 minutes ago kind_yonath
[root@docker ~]# docker rm eab77da51c8f // 删除以停止运行的httpd容器
eab77da51c8f
[root@docker ~]# docker ps -a //再次查看时,httpd已被删除
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 26 minutes ago Up 9 minutes 80/tcp unruffled_visvesvaraya
docker attach
进入正在运行的容器中(不能进行交互,会进入http容器进程的前台)
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 26 minutes ago Up 9 minutes 80/tcp unruffled_visvesvaraya
[root@docker ~]# docker attach de6d7ac190f9
docker exec
进入指定容器中,并能够进行交互
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de6d7ac190f9 nginx "/docker-entrypoint.…" 26 minutes ago Up 9 minutes 80/tcp unruffled_visvesvaraya
[root@docker ~]# docker exec -it de6d7ac190f9 /bin/bash
root@de6d7ac190f9:/# ls
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
root@de6d7ac190f9:/# cd etc/
root@de6d7ac190f9:/etc#
docker info
查看docker详细信息
[root@docker ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.9.0)
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 2
Server Version: 20.10.11
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-193.el8.x86_64
Operating System: Red Hat Enterprise Linux 8.2 (Ootpa)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.758GiB
Name: docker
ID: UJQ7:W4K6:UVQ3:TG7C:243M:E5BN:SVKN:24W2:FUFC:MH3G:R56O:JUIB
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://a74l47xi.mirror.aliyuncs.com/
Live Restore Enabled: false
docker inspect
查看指定容器的信息
[root@docker ~]# docker inspect nginx
{
"Id": "sha256:ea335eea17ab984571cd4a3bcf90a0413773b559c75ef4cda07d0ce952b00291",
"RepoTags": [
"nginx:latest"
],
"RepoDigests": [
"nginx@sha256:097c3a0913d7e3a5b01b6c685a60c03632fc7a2b50bc8e35bcaa3691d788226e"
],
"Parent": "",
"Comment": "",
"Created": "2021-11-17T10:38:14.652464384Z",
"Container": "8a038ff17987cf87d4b7d7e2c80cb83bd2474d66e2dd0719e2b4f7de2ad6d853",
"ContainerConfig": {
"Hostname": "8a038ff17987",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.4",
"NJS_VERSION=0.7.0",
"PKG_RELEASE=1~bullseye"
],
"Cmd": [
"/bin/sh",