基于CentOS7.7的实践
安装docker
[root@MiWiFi-R1CM-srv ~]# sed -i.bak '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config #养成习惯,遇到要该重要文件时一定要进行备份 [root@MiWiFi-R1CM-srv ~]# cat /etc/selinux/config config config.bak [root@MiWiFi-R1CM-srv ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@MiWiFi-R1CM-srv ~]# setenforce 0 [root@MiWiFi-R1CM-srv ~]# yum install epel-release -y [root@MiWiFi-R1CM-srv ~]# yum install -y docker* -y
[root@MiWiFi-R1CM-srv ~]# systemctl start docker.service
[root@MiWiFi-R1CM-srv ~]# ps aux |grep docker
root 2683 1.1 2.7 570288 27768 ? Ssl 21:26 0:00 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json --selinux-enabled --log-driver=journald --signature-verification=false --storage-driver overlay2
root 2689 0.1 1.2 283528 12148 ? Ssl 21:26 0:00 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc --runtime-args --systemd-cgroup=true
root 2793 0.0 0.0 112660 968 pts/1 R+ 21:26 0:00 grep --color=auto docker
Docker 操作命令学习
日常管理
#启动一个容器 [root@MiWiFi-R1CM-srv ~]# docker run -d -p 80:80 nginx 57daca58f3234b3ed1c0c49f8bce206d3747b061c1ad2503520ba85b1eaa7659 #查看正在运行的容器 [root@MiWiFi-R1CM-srv ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 57daca58f323 nginx "nginx -g 'daemon ..." 18 seconds ago Up 17 seconds 0.0.0.0:80->80/tcp tender_rosalind #查看容器的详细信息 docker container inspect 容器ID/名字 [root@MiWiFi-R1CM-srv ~]# docker container inspect tender_rosalind [ { "Id": "57daca58f3234b3ed1c0c49f8bce206d3747b061c1ad2503520ba85b1eaa7659", "Created": "2019-12-09T03:08:42.979805683Z", "Path": "nginx", "Args": [ "-g", "daemon off;" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 4143, "ExitCode": 0, "Error": "", "StartedAt": "2019-12-09T03:08:43.257214118Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:231d40e811cd970168fb0c4770f2161aa30b9ba6fe8e68527504df69643aa145", "ResolvConfPath": "/var/lib/docker/containers/57daca58f3234b3ed1c0c49f8bce206d3747b061c1ad2503520ba85b1eaa7659/resolv.conf", "HostnamePath": "/var/lib/docker/containers/57daca58f3234b3ed1c0c49f8bce206d3747b061c1ad2503520ba85b1eaa7659/hostname", "HostsPath": "/var/lib/docker/containers/57daca58f3234b3ed1c0c49f8bce206d3747b061c1ad2503520ba85b1eaa7659/hosts", "LogPath": "", "Name": "/tender_rosalind", "RestartCount": 0, "Driver": "overlay2", "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c246,c607", "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c246,c607", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "journald", "Config": {} }, "NetworkMode": "default", "PortBindings": { "80/tcp": [ { "HostIp": "", "HostPort": "80" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "docker-runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": null, "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": -1, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Name": "overlay2", "Data": { "LowerDir": "/var/lib/docker/overlay2/df6373adffc744a8396e287f8e7fe3326cf485889f68981031274ba337966ac0-init/diff:/var/lib/docker/overlay2/721a9e19b0615db9b687a413e499a8884727f6896ba42a47c3684620289d9ff9/diff:/var/lib/docker/overlay2/9d7c6fbc079821bda3589ae33df6dc62f62afae05c2154da23a4d878528fa489/diff:/var/lib/docker/overlay2/357055e9a696c77e2aa7130defff27b80a7ebe5069129e45168a81da0b32ca3c/diff", "MergedDir": "/var/lib/docker/overlay2/df6373adffc744a8396e287f8e7fe3326cf485889f68981031274ba337966ac0/merged", "UpperDir": "/var/lib/docker/overlay2/df6373adffc744a8396e287f8e7fe3326cf485889f68981031274ba337966ac0/diff", "WorkDir": "/var/lib/docker/overlay2/df6373adffc744a8396e287f8e7fe3326cf485889f68981031274ba337966ac0/work" } }, "Mounts": [], "Config": { "Hostname": "57daca58f323", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.17.6", "NJS_VERSION=0.3.7", "PKG_RELEASE=1~buster" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "ArgsEscaped": true, "Image": "nginx", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGTERM" }, "NetworkSettings": { "Bridge": "", "SandboxID": "a5bff1a44d5b4cfb37dc601f6e26b190b03d8e30d89c52f6554a25a7bef3734d", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "80" } ] }, "SandboxKey": "/var/run/docker/netns/a5bff1a44d5b", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "2bee43f56efdbff28351dbe961c3d4b3509f628dabc77024d2c29f85f7ed59ae", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:02", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "bf2d768e33d762a1f9f517428404b5d0a770923e2acf146cc9eb5d4897c93b21", "EndpointID": "2bee43f56efdbff28351dbe961c3d4b3509f628dabc77024d2c29f85f7ed59ae", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02" } } } } ] #查看所有容器,包括为运行的 [root@MiWiFi-R1CM-srv ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 57daca58f323 nginx "nginx -g 'daemon ..." 4 minutes ago Up 4 minutes 0.0.0.0:80->80/tcp tender_rosalind 8c3df88580e1 nginx "nginx -g 'daemon ..." 4 minutes ago Exited (0) 4 minutes ago awesome_shirley 3f81f9b8f12f nginx "nginx -g 'daemon ..." 4 minutes ago Exited (0) 4 minutes ago quirky_heisenberg 23de68840b0d nginx "nginx -g 'daemon ..." 5 minutes ago Exited (0) 4 minutes ago boring_liskov #停止容器 docker stop 容器名字/ID [root@MiWiFi-R1CM-srv ~]# docker stop 57daca58f323 57daca58f323 [root@MiWiFi-R1CM-srv ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES #进入容器 #启动时,同时进入容器 -it 可交互终端 [root@MiWiFi-R1CM-srv ~]# docker run -it nginx:latest /bin/bash root@33e9a2e4e0e8:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys root@33e9a2e4e0e8:/# ps #启动之后进入容器的方法 定义一个终端接入容器 [root@MiWiFi-R1CM-srv ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b4c47d44c605 centos:latest "/bin/bash" 6 minutes ago Up 6 minutes tender_knuth [root@MiWiFi-R1CM-srv ~]# docker attach b4c47d44c605 [root@b4c47d44c605 /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 06:32 ? 00:00:00 /bin/bash root 17 1 0 06:39 ? 00:00:00 ps -ef [root@b4c47d44c605 /]# ls bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var [root@b4c47d44c605 /]# #exrc进入容器(常使用)重新定义一个新的终端 [root@MiWiFi-R1CM-srv ~]# docker exec -it tender_knuth /bin/bash [root@b4c47d44c605 /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 06:32 ? 00:00:00 /bin/bash root 19 0 0 06:43 ? 00:00:00 /bin/bash root 32 19 0 06:43 ? 00:00:00 ps -ef #退出容器的方法 ctrl+P 之后再按ctrl+q #删除所有容器 [root@MiWiFi-R1CM-srv ~]# docker rm -f `docker ps -a -q` b4c47d44c605 3e3ce11cfbff f1405381b509 84a0d129c23c 7949e73c03fb 7061a9c973cb d0c1758092cb de5de31bfe32 0fdef8d99ef8 7d213d2a3075 61f1ad0f7429 #自定义容器名字启动 --name [root@MiWiFi-R1CM-srv ~]# docker run -d -p 8080:80 --name q_nginx nginx:latest 481280637aeda016a5d45bbc8b53c36c2858c3380224c04c26d9cc1c8d54b710 [root@MiWiFi-R1CM-srv ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 481280637aed nginx:latest "nginx -g 'daemon ..." 4 seconds ago Up 3 seconds 0.0.0.0:8080->80/tcp q_nginx d0c693b62af2 nginx:latest "nginx -g 'daemon ..." 6 minutes ago Up 6 minutes 0.0.0.0:8888->80/tcp optimistic_jepsen #重命名容器 docker rename s_name d_name #端口映射进行启动 [root@MiWiFi-R1CM-srv ~]# docker run -d -p 8888:80 nginx:latest d0c693b62af20d78f1674ab83861a859db8079db2189e36659178bf7f3a70a0c [root@MiWiFi-R1CM-srv ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d0c693b62af2 nginx:latest "nginx -g 'daemon ..." 3 minutes ago Up 3 minutes 0.0.0.0:8888->80/tcp optimistic_jepsen
端口映射的设置规范如下:
镜像管理
#公共仓库nginx镜像下载 docker pull ios.name [root@MiWiFi-R1CM-srv ~]# docker pull nginx Using default tag: latest Trying to pull repository docker.io/library/nginx ... latest: Pulling from docker.io/library/nginx 000eee12ec04: Pull complete eb22865337de: Pull complete bee5d581ef8b: Pull complete Digest: sha256:50cf965a6e08ec5784009d0fccb380fc479826b6e0e65684d9879170a9df8566 Status: Downloaded newer image for docker.io/nginx:latest #查看当前主机镜像列表 [root@MiWiFi-R1CM-srv ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/nginx latest 231d40e811cd 2 weeks ago 126 MB #导出镜像 docker image save ios.name > output.name #一般我们导出的命名格式为 docker-ios.name.tar.gz [root@MiWiFi-R1CM-srv ~]# docker image save nginx > docker-nginx.tar.gz [root@MiWiFi-R1CM-srv ~]# ls anaconda-ks.cfg Documents Music Templates Desktop Downloads Pictures Videos #删除镜像,首先要停止并删除镜像实例即容器docker image rm ios.name:TAG [root@MiWiFi-R1CM-srv ~]# docker image rm nginx:latest Untagged: nginx:latest Untagged: docker.io/nginx@sha256:50cf965a6e08ec5784009d0fccb380fc479826b6e0e65684d9879170a9df8566 Deleted: sha256:231d40e811cd970168fb0c4770f2161aa30b9ba6fe8e68527504df69643aa145 Deleted: sha256:dc8adf8fa0fc82a56c32efac9d0da5f84153888317c88ab55123d9e71777bc62 Deleted: sha256:77fcff986d3b13762e4777046b9210a109fda20cb261bd3bbe5d7161d4e73c8e Deleted: sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f [root@MiWiFi-R1CM-srv ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE #导入之前导出的镜像,docker image load -i docker.ios.load.name [root@MiWiFi-R1CM-srv ~]# docker image load -i docker-nginx.tar.gz 831c5620387f: Loading layer 72.48 MB/72.48 MB 5fb987d2e54d: Loading layer 57.67 MB/57.67 MB 4fc1aa8003a3: Loading layer 3.584 kB/3.584 kB Loaded image: docker.io/nginx:latest [root@MiWiFi-R1CM-srv ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/nginx latest 231d40e811cd 2 weeks ago 126 M #查看镜像详细信息,docker image inspect ios.name [root@MiWiFi-R1CM-srv ~]# docker image inspect nginx [ { "Id": "sha256:231d40e811cd970168fb0c4770f2161aa30b9ba6fe8e68527504df69643aa145", "RepoTags": [ "docker.io/nginx:latest" ], "RepoDigests": [], "Parent": "", "Comment": "", "Created": "2019-11-23T01:12:31.219881158Z", "Container": "806a0a78bcfee5212b2530e6f2a7e3f8eec5b51cc55d7a28935f5f8c8bd45826", "ContainerConfig": { "Hostname": "806a0a78bcfe", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.17.6", "NJS_VERSION=0.3.7", "PKG_RELEASE=1~buster" ], "Cmd": [ "/bin/sh", "-c", "#(nop) ", "CMD [\"nginx\" \"-g\" \"daemon off;\"]" ], "ArgsEscaped": true, "Image": "sha256:f96d70a1d708239afa79b86f1e005c033864d22dabe94b466acba087d5bbc722", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGTERM" }, "DockerVersion": "18.06.1-ce", "Author": "", "Config": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.17.6", "NJS_VERSION=0.3.7", "PKG_RELEASE=1~buster" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "ArgsEscaped": true, "Image": "sha256:f96d70a1d708239afa79b86f1e005c033864d22dabe94b466acba087d5bbc722", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGTERM" }, "Architecture": "amd64", "Os": "linux", "Size": 126323486, "VirtualSize": 126323486, "GraphDriver": { "Name": "overlay2", "Data": { "LowerDir": "/var/lib/docker/overlay2/9d7c6fbc079821bda3589ae33df6dc62f62afae05c2154da23a4d878528fa489/diff:/var/lib/docker/overlay2/357055e9a696c77e2aa7130defff27b80a7ebe5069129e45168a81da0b32ca3c/diff", "MergedDir": "/var/lib/docker/overlay2/721a9e19b0615db9b687a413e499a8884727f6896ba42a47c3684620289d9ff9/merged", "UpperDir": "/var/lib/docker/overlay2/721a9e19b0615db9b687a413e499a8884727f6896ba42a47c3684620289d9ff9/diff", "WorkDir": "/var/lib/docker/overlay2/721a9e19b0615db9b687a413e499a8884727f6896ba42a47c3684620289d9ff9/work" } }, "RootFS": { "Type": "layers", "Layers": [ "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f", "sha256:5fb987d2e54d85820d95d6c31f3fe4cd95bf71fe6d9d9e4684082cb551b728b0", "sha256:4fc1aa8003a3d0d2481f10d17773869cbff12c1008df30e0bab8259086a0311c" ] } } ]