系统环境
#防火墙关闭
[root@n1 ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
#selinux关闭
[root@n1 ~]# getenforce
Disabled
#内核版本
[root@n1 ~]# uname -r
3.10.0-862.el7.x86_64
#版本
[root@n1 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
注意:CentOS6无法安装,需打补丁
安装Docker
配置yum源
[root@n1 ~]# cd /etc/yum.repos.d/
[root@n1 yum.repos.d]# wget https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
[root@n1 yum.repos.d]# vim docker-ce.repo
#进入命令行模式,替换为清华镜像源,否则,下载会很慢
:%s#https://download.docker.com/#https://mirrors.tuna.tsinghua.edu.cn/docker-ce/#g
安装
注:安装最新的docker-ce时,写Dockerfile时关键字不变色,然后安装了以前的版本
docker-ce是社区版本
[root@n1 ~]# yum install docker-ce-18.06.3.ce-3.el7 -y
配置docker加速器
配置后拉取镜像速度更快
[root@n1 ~]# mkdir /etc/docker/
[root@n1 docker]# cat daemon.json
{
"registry-mirrors": ["https://xxxxxxxx.mirror.aliyuncs.com","https://registry.docker-cn.com"]
}
可以配置阿里云镜像加速
点击镜像加速器即可得到一个加速器地址
查看版本
启动docker
[root@n1 ~]# systemctl start docker.service
至此,安装完成
Docker命令使用
Docker命令
镜像操作:
build Build an image from a Dockerfile
commit Create a new image from a container's changes
images List images
load Load an image from a tar archive or STDIN
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rmi Remove one or more images
search Search the Docker Hub for images
tag Tag an image into a repository
save 打包一个或多个镜像到name.tar (streamed to STDOUT by default)
history 显示某镜像的历史
inspect 获取镜像的详细信息
容器及其中应用的生命周期操作:
create Create a new container (创建一个容器,不启动)
kill Kill one or more running containers
inspect Return low-level information on a container, image or task
pause Pause all processes within one or more containers
ps List containers
rm Remove one or more containers (删除一个或者多个容器)
rename Rename a container(更改容器名)
restart Restart a container
run Run a command in a new container (创建并启动一个容器)
start Start one or more stopped containers (启动一个处于停止状态的容器)
stats Display a live stream of container(s) resource usage statistics (显示容器实时的资源消耗信息)
stop Stop one or more running containers (停止一个处于运行状态的容器)
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
wait Block until a container stops, then print its exit code
attach Attach to a running container
exec Run a command in a running container
port List port mappings or a specific mapping for the container
logs 获取容器的日志
容器文件系统操作:
cp Copy files/folders between a container and the local filesystem
diff Inspect changes on a container's filesystem
export Export a container's filesystem as a tar archive
import Import the contents from a tarball to create a filesystem image
Docker registry 操作:
login Log in to a Docker registry.
logout Log out from a Docker registry.
Volume 操作
volume Manage Docker volumes
网络操作
network Manage Docker networks
Swarm 相关操作
swarm Manage Docker Swarm
service Manage Docker services
node Manage Docker Swarm nodes
系统操作:
version Show the Docker version information
events Get real time events from the server (持续返回docker 事件)
info Display system-wide information (显示Docker 主机系统范围内的信息)
拉取镜像
[root@n1 ~]# docker pull centos:latest
“:”后跟标签,不加默认是latest
查看镜像列表
[root@n1 ~]# docker images
删除镜像
docker rmi centos:latest
使用此镜像创建容器,需把容器删除后,才能删除镜像,在这里先不删除
打包镜像
save
[root@n1 ~]# docker save -o centos.tar centos:latest
恢复镜像
[root@n1 ~]# docker load -i centos.tar
导出容器
[root@n1 ~]# docker export -o t1_c.tar t1
导入容器
导入后为一个镜像
Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
[root@n1 ~]# docker import t1_c.tar centos:v1
docker save和docker export的区别:
- docker save保存的是镜像(image),docker export保存的是容器(container);
- docker load用来载入镜像包,docker import用来载入容器包,但两者都会恢复为镜像;
- docker load不能对载入的镜像重命名,而docker import可以为镜像指定新名称
详细了解见:https://blog.csdn.net/liukuan73/article/details/78089138
为镜像打标签
Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
[root@n1 ~]# docker tag centos:v1 centos:test
打标签后,只是标签变了,IMAGE_ID不变
复制文件<->容器
Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
复制文件到容器中
[root@n1 ~]# docker cp test.txt t1:/tmp/test.txt
搜索镜像
[root@n1 ~]# docker search centos
docker run
cgroups 和 namespace 相关:
--blkio-weight value Block IO (relative weight), between 10 and 1000
--blkio-weight-device value Block IO weight (relative device weight) (default [])
--cgroup-parent string Optional parent cgroup for the container
--cpu-percent int CPU percent (Windows only)
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
-c, --cpu-shares int CPU shares (relative weight)
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
--device-read-bps value Limit read rate (bytes per second) from a device (default [])
--device-read-iops value Limit read rate (IO per second) from a device (default [])
--device-write-bps value Limit write rate (bytes per second) to a device (default [])
--device-write-iops value Limit write rate (IO per second) to a device (default [])
--ipc string IPC namespace to use
-m, --memory string Memory limit
--memory-reservation string Memory soft limit
--memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--kernel-memory string Kernel memory limit
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use
--uts string UTS namespace to use
-h, --hostname string Container host name
--pid string PID namespace to use
--pids-limit int Tune container pids limit (set -1 for unlimited)
--isolation string Container isolation technology
--io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only)
--io-maxiops uint Maximum IOps limit for the system drive (Windows only)
linux process capabilities 相关参数:
--cap-add value Add Linux capabilities (default [])
--cap-drop value Drop Linux capabilities (default [])
容器运行模式和环境相关:
-d, --detach Run container in background and print container ID
-e, --env value Set environment variables (default [])
--env-file value Read in a file of environment variables (default [])
DNS 相关:
--dns value Set custom DNS servers (default [])
--dns-opt value Set DNS options (default [])
--dns-search value Set custom DNS search domains (default [])
健康检查相关:
--health-cmd string Command to run to check health
--health-interval duration Time between running the check
--health-retries int Consecutive failures needed to report unhealthy
--health-timeout duration Maximum time to allow one check to run
--no-healthcheck Disable any container-specified HEALTHCHECK
IP 和端口:
--ip string Container IPv4 address (e.g. 172.30.100.104)
--ip6 string Container IPv6 address (e.g. 2001:db8::33)
-p, --publish value Publish a container's port(s) to the host (default [])
-P(自动进行端口映射), --publish-all Publish all exposed ports to random ports
--expose value Expose a port or a range of ports (default [])
--mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33)
--add-host value Add a custom host-to-IP mapping (host:ip) (default [])
Volume 相关:
-v, --volume value Bind mount a volume (default [])
--volume-driver string Optional volume driver for the container
--volumes-from value Mount volumes from the specified container(s) (default [])
--storage-opt value Storage driver options for the container (default [])
Network 有关:
--network string Connect a container to a network (default "default")
--network-alias value Add network-scoped alias for the container (default [])
--link value Add link to another container (default [])
--link-local-ip value Container IPv4/IPv6 link-local addresses (default [])
日志有关:
--log-driver string Logging driver for the container
--log-opt value Log driver options (default [])
交互性有关:
-a, --attach value Attach to STDIN, STDOUT or STDERR (default [])
-i, --interactive Keep STDIN open even if not attached
OOM 有关:
--oom-kill-disable Disable OOM Killer
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000)
其它:
--cidfile string Write the container ID to the file
--detach-keys string Override the key sequence for detaching a container
--device value Add a host device to the container (default [])
--disable-content-trust Skip image verification (default true)
--entrypoint string Overwrite the default ENTRYPOINT of the image
--group-add value Add additional groups to join (default [])
--help Print usage
-l, --label value Set meta data on a container (default [])
--label-file value Read in a line delimited file of labels (default [])
--name string Assign a name to the container
--privileged Give extended privileges to this container
--read-only Mount the container's root filesystem as read only
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits
--runtime string Runtime to use for this container
--security-opt value Security Options (default [])
--shm-size string Size of /dev/shm, default value is 64MB
--sig-proxy Proxy received signals to the process (default true)
--stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM")
--sysctl value Sysctl options (default map[])
--tmpfs value Mount a tmpfs directory (default [])
-t, --tty Allocate a pseudo-TTY
--ulimit value Ulimit options (default [])
-w, --workdir string Working directory inside the container
创建前台运行容器
[root@n1 ~]# docker run --name t1 --hostname test1 -it centos:latest /bin/bash
[root@test1 /]#
--name:设置容器名称
--hostname:设置容器主机名,进入容器后的hostname,不设置时,会显示容器ID
-i:保证容器中STDIN是开启的,可以输入
-t:为要创建的容器分配一个伪tty终端这样,新创建的容器才能提供一个交互式shell。
在这一切的背后又都发生了什么呢?
首先Docker会检查本地是否存在centos
镜像,如果本地还没有该镜像的话,那么Docker就会连接官方维护的Docker Hub Registry,查看Docker Hub中是否有该镜像。Docker一旦找到该镜像,就会下载该镜像并将其保存到本地宿主机中。
随后,Docker在文件系统内部用这个镜像创建了一个新容器。该容器拥有自己的网络、IP地址,以及一个用来和宿主机进行通信的桥接网络接口。最后,我们告诉Docker在新容器中要运行什么命令,在本例中我们在容器中运行/bin/bash
命令启动了一个Bash shell。
当容器创建完毕之后,Docker就会执行容器中的/bin/bash
命令,这时就可以看到容器内的shell了
退出容器
容器退出后停止运行,但容器依然存在
查看容器
[root@n1 ~]# docker ps -a
-a:列出所有容器,不指定-a时,只列出正在运行的容器
-q:列出容器ID,-aq及列出所用容器ID
启动,停止,重启容器
[root@n1 ~]# docker start t1
[root@n1 ~]# docker stop t1
[root@n1 ~]# docker restart t1
启动容器后不会进入交互式界面,会后台运行
附着到容器
attach:附着到该容器的会话
[root@n1 ~]# docker attach t1
[root@test1 /]#
创建守护式容
除了这些交互式运行的容器(interactive container),也可以创建长期运行的容器。守护式容器(daemonized container)没有交互式会话,非常适合运行应用程序和服务。大多数时候我们都需要以守护式来运行我们的容器。
创建一个容器,执行while循环
[root@n1 ~]# docker run --name t2 -d centos:latest /bin/sh -c "while true; do echo hello world; sleep 1; done"
-d:后台运行,不添加,会一直在前台输出hello world
查看容器日志
[root@n1 ~]# docker logs t2
hello world
hello world
hello world
-f:后跟-f选项,会一直输出日志,像tail -f样
--tail n:会输出最后n行
-t:为每条日志加上时间戳
Docker日志驱动
控制Docker守护进程和容器所用的日志驱动,这可以通过--log-driver选项来实现。
指定syslog(或其他json-file),该选项将禁用docker logs命令,并且将所有容器的日志输出都重定向到Syslog。
[root@n1 ~]# docker run --name t3 --log-driver="syslog" -d centos /bin/sh -c "while true;do echo hello; seelp 1;done"
查看容器中的进程
[root@n1 ~]# docker top t3
UID PID PPID C STIME TTY TIME CMD
root 61149 61135 23 12:29 ? 00:00:21 /bin/sh -c while true;do echo hello; seelp 1;done
显示一个或多个容器的统计信息
[root@n1 ~]# docker stats t3
CPU、内存、网络I/O及存储I/O的性能和指标
参数会一直变动,ctrl+c结束
在容器中运行命令
exec
查看hosts文件
在容器内运行交互式命令
[root@n1 ~]# docker exec -it t3 /bin/bash
[root@644fd4f62918 /]# ls
自动重启容器
如果由于某种错误而导致容器停止运行,还可以通过--restart
标志,让Docker自动重新启动该容器。--restart
标志会检查容器的退出代码,并据此来决定是否要重启容器。默认的行为是Docker不会重启容器。
[root@n1 ~]# docker run --restart=always --name t4 -d centos /bin/sh -c "while true; do echo hello world; sleep 1; done"
获取跟多容器信息
inspect
[root@n1 ~]# docker inspect t4
-f,--format:选定查看结果
删除容器
rm
[root@n1 ~]# docker rm t1
t1
删除全部容器
[root@n1 ~]# docker rm `docker ps -aq`
为容器开启端口
创建一个守护进程,用while循环测试
[root@n1 ~]# docker run --name p1 -p 81:80 -d centos:latest /bin/sh -c "while true; do echo hello world; sleep 1; done"
-p:可以指定IP:LocalPort:ContainerPort
查看容器端口映射
[root@n1 ~]# docker port p1
80/tcp -> 0.0.0.0:81
其它重要的参数会在后边单独介绍~