一、安装配置启动
1、环境
[root@docker1 ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@docker1 ~]# uname -r
3.10.0-693.el7.x86_64
2、安装
[root@docker1 ~]# yum install docker-ce -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package docker-ce-18.09.0-3.el7.x86_64 already installed and latest version
Nothing to do
Docker官网:http://www.docker.com/
最新版本我们可以去官方网站进行下载。
温馨提示:使用docker最好使用最新版,因为功能比较完善。
3、启动
systemctl start docker
systemctl enable docker
启动之后我们可以查看一下docker的状态
[root@docker1 ~]# systemctl status docker
鈼
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-01-11 14:14:32 CST; 1h 6min ago
Docs: https://docs.docker.com
Main PID: 1196 (dockerd)
Memory: 109.7M
CGroup: /system.slice/docker.service
鈹斺攢1196 /usr/bin/dockerd -H unix:// Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.737607357+08:00" level=info msg="Graph migration to content-addressability too... seconds"
Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.740213811+08:00" level=info msg="Loading containers: start."
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.604424870+08:00" level=info msg="Removing stale sandbox 45a31195e91c9b9def3015...f0bf03d)"
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.637184862+08:00" level=warning msg="Error (Unable to complete atomic operation...ying...."
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.668045503+08:00" level=info msg="Default bridge (docker0) is assigned with an ... address"
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.699620942+08:00" level=info msg="Loading containers: done."
Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009152757+08:00" level=info msg="Docker daemon" commit=4d60db4 graphdriver(s)=...n=18.09.0
Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009395153+08:00" level=info msg="Daemon has completed initialization"
Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.082565522+08:00" level=info msg="API listen on /var/run/docker.sock"
Jan 11 14:14:32 docker1 systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
我们可以使用ifconfig查看网卡
[root@docker1 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ab:d6:62:a6 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.228.133 netmask 255.255.255.0 broadcast 192.168.228.255
inet6 fe80::20c:29ff:fe81:a780 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:81:a7:80 txqueuelen 1000 (Ethernet)
RX packets 996 bytes 134380 (131.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 540 bytes 60915 (59.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
提示: 我们启动docker的时候,docker会帮我们创建一个docker 0的网桥
二、Docker镜像的常用命令
1、查看当前镜像
docker images
[root@docker1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 7042885a156a 13 days ago 109MB
centos latest 1e1148e4cc2c 5 weeks ago 202MB
2、搜索镜像
docker search [镜像名字]
执行docker search centos 会从dockerhub上搜索镜像
[root@docker1 ~]# docker search centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 5107 [OK]
ansible/centos7-ansible Ansible on Centos7 119 [OK]
jdeathe/centos-ssh CentOS-6 6.10 x86_64 / CentOS-7 7.5.1804 x86鈥
consol/centos-xfce-vnc Centos container with "headless" VNC session鈥
imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 48 [OK]
centos/mysql-57-centos7 MySQL 5.7 SQL database server 45
tutum/centos Simple CentOS docker image with SSH access 43
openshift/base-centos7 A Centos7 derived base image for Source-To-I鈥
gluster/gluster-centos Official GlusterFS Image [ CentOS-7 + Glust鈥
centos/postgresql-96-centos7 PostgreSQL is an advanced Object-Relational 鈥
centos/python-35-centos7 Platform for building and running Python 3.5鈥
kinogmt/centos-ssh CentOS with SSH 25 [OK]
openshift/jenkins-2-centos7 A Centos7 based Jenkins v2.x image for use w鈥
centos/php-56-centos7 Platform for building and running PHP 5.6 ap鈥
pivotaldata/centos-gpdb-dev CentOS image for GPDB development. Tag names鈥
openshift/wildfly-101-centos7 A Centos7 based WildFly v10.1 image for use 鈥
openshift/jenkins-1-centos7 DEPRECATED: A Centos7 based Jenkins v1.x ima鈥
darksheer/centos Base Centos Image -- Updated hourly 3 [OK]
pivotaldata/centos Base centos, freshened up a little with a Do鈥
pivotaldata/centos-mingw Using the mingw toolchain to cross-compile t鈥
pivotaldata/centos-gcc-toolchain CentOS with a toolchain, but unaffiliated wi鈥
blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK]
pivotaldata/centos7-build CentosOS 7 image for GPDB compilation 0
pivotaldata/centos7-test CentosOS 7 image for GPDB testing 0
smartentry/centos centos with smartentry 0
3、下载镜像
我们可以使用docker pull centos docker pull nginx来安装centos和nginx的镜像
4、配置镜像加速
[root@docker1 ~]# time docker run nginx
^L
^C
real 2m6.295s
user 0m0.048s
sys 0m0.032s #配置docker镜像加速
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
systemctl restart docker
[root@docker1 ~]# systemctl restart docker
[root@docker1 ~]# time docker run nginx
^C
real 0m4.154s
user 0m0.031s
sys 0m0.018s
5、导出镜像
docker save -o [镜像名称] [镜像]
[root@docker1 ~]# docker save -o centos.tar centos
[root@docker1 ~]# ls
anaconda-ks.cfg centos.tar
需要将docker导出为tar,后面为镜像名称
6、导入镜像
[root@docker1 ~]#docker load --input centos.tar
#使用input导入
[root@docker1 ~]# docker load < nginx.tar #使用重定向导入
7、删除镜像
docker删除可以使用docker rmi 后面加上docker的ID
例如:
[root@docker1 ~]# docker image rm centos:latest
提示:如果镜像已经创建了一个容器,那么将无法进行删除(报错如下)
[root@docker1 ~]# docker image rm centos:latest
Error response from daemon: conflict: unable to remove repository reference "centos:latest" (must force) - container ea05becda4ec is using its referenced image 1e1148e4cc2c
删除容器:
[root@docker1 ~]# docker rm luoahong
或者使用
[root@docker1 ~]# docker rm -f luoahong
第二种会提示容器在将它关闭
docker另一种删除方式
[root@docker1 ~]# docker image rm 1e1148e4cc2c
Error response from daemon: conflict: unable to delete 1e1148e4cc2c (must be forced) - image is being used by stopped container ea05becda4ec
启动一个容器 echo 完就删除
[root@docker1 ~]# docker run --rm centos /bin/echo "www.luoahong.com"
www.luoahong.com
[root@docker1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea05becda4ec centos "/bin/bash" 29 hours ago Exited (255) About an hour ago luoahong
启动容器
docker run [镜像]
[root@docker1 ~]# docker run centos
centos是镜像的名称,镜像的名称必须在选项的后面
启动镜像,输入Hello,并关闭
[root@docker1 ~]# docker run centos /bin/echo 'Hello Wordl
本命令的意思是启动一个docker进程,并echo 执行后面的命令可以有可以没有(hello),如果我们的镜像启动就会执行一个进程就不需要我们输入
查看启动镜像
docker ps -a
ps是显示正在运行的容器 -a是显示不运行的
[root@docker1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e6f81f1aaba centos "/bin/bash" About a minute ago Exited (0) About a minute ago nervous_heisenberg
ea05becda4ec centos "/bin/bash" 29 hours ago Exited (255) About an hour ago luoahong
c6982dc1d74d nginx "nginx -g 'daemon of鈥
2b018750e9ce nginx "nginx -g 'daemon of鈥
faa2ac96101a nginx "nginx -g 'daemon of鈥
我们可以看到,现在容器并没有启动。因为docker启动需要在前台启动一个进程。容器的名称可以我们指定或自动生成
提示: 管理docker容器可以通过名称也可以通过ID
三、Docker管理案例
例如:我要新建一个luoahong的容器,它的镜像是centos.他有三个参数,第一个是给容器起一个名称,-t 分配一个伪终端(tty)-i标准输入打开,我要在里面输入命令
[root@docker1 ~]# docker run --name luoahong -t -i centos /bin/bash
--name 容器的名称
-t 让docker分配一个伪终端
-i 让docker的标准输入打开{input}
提示:最后的/bin/bash可以省略,但是最后一个如果不是命令,那就是镜像的名称
输入上方的命令之后会直接进入到容器里面
[root@f8c8c8156e26 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11752 1920 ? Ss 19:38 0:00 /bin/bash
root 18 0.0 0.0 47424 1660 ? R+ 21:32 0:00 ps aux
[root@f8c8c8156e26 /]#
温馨提示:容器不是一个虚拟机,因为他就是一个进程,如果我们退出,这个进程就退出了。
如果我们执行创建容器的时候,里面没有我们指定的镜像,那么他会从dockerhub上进行下载然后在启动
容器启动
我们通过docker ps -a 可以查看到没有启动的容器
使用docker start [名称或PORTS]
[root@docker1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8c8c8156e26 centos "/bin/bash" 2 hours ago Exited (0) 34 minutes ago luoahong
bcededa4b82c centos "/bin/echo hello" 2 hours ago Exited (0) 2 hours ago awesome_dijkstra
[root@docker1 ~]# docker start luoahong
luoahong
[root@docker1 ~]# docker start bcededa4b82c
bcededa4b82c
进入容器
[root@docker1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8c8c8156e26 centos "/bin/bash" 2 hours ago Up 24 minutes luoahong
bcededa4b82c centos "/bin/echo hello" 3 hours ago Exited (0) 23 minutes ago awesome_dijkstra
[root@docker1 ~]# docker attach luoahong
[root@f8c8c8156e26 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11776 1872 ? Ss 22:09 0:00 /bin/bash
root 14 0.0 0.0 47424 1660 ? R+ 22:33 0:00 ps aux
这样进入容器的缺点就是如果在开一个窗口就会同步操作,类似于单用户模式(windows远程桌面)
提示:生产场景是不使用docker attach的,需要我们使用nsenter这个工具,这个工具包含在util-linux软件包里面
[root@docker1 ~]# yum install util-linux -y
Centos7默认最小化已经安装
我们通过nsenter就可以进入容器,但是nsenter是通过pid进入容器里,所以我们需要知道容器的pid。我们可以通过docker inspect来获取到pid
[root@docker1 ~]# docker start luoahong
luoahong
[root@docker1 ~]# docker inspect -f "{{ .State.Pid }}" luoahong
37434
[root@docker1 ~]# nsenter -t 37434 -m -u -i -n -p
docker inspect -f {{.State.Pid}}容器名或者容器id
#每一个容器都有.State.Pid,所以这个命令除了容器的id需要我们根据docker ps -a去查找,其他的全部为固定的格式 nsenter --target上面查到的进程id --mount --uts --ipc --net --pid #输入该命令便进入到容器中
解释nsenter指令中进程id之后的参数的含义:
* –mount参数是进去到mount namespace中
* –uts参数是进入到uts namespace中
* –ipc参数是进入到System V IPC namaspace中
* –net参数是进入到network namespace中
* –pid参数是进入到pid namespace中
* –user参数是进入到user namespace中
更多参数我们可以通过nsenter --help进行获取
我们进入容器中查看进程
以下是以nsenter启动的进程
[root@f8c8c8156e26 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11776 1664 ? Ss+ Oct18 0:00 /bin/bash
root 27 0.0 0.1 13376 1984 ? S Oct18 0:00 -bash
root 40 0.0 0.0 49024 1808 ? R+ 00:11 0:00 ps aux
/bin/bash是我们运行容器产生的进程 -bash 是我们使用nsenter产生的,这样如果我们退出容器,容器就不会退出,因为-bash还在运行
[root@f8c8c8156e26 /]# exit
logout
[root@docker1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8c8c8156e26 centos "/bin/bash" 4 hours ago Up 48 minutes luoahong
因为每次进入容器都需要输入那两条命令,所以我们可以写一个脚本来获取。
脚本内容如下:
[root@docker1 ~]# cat docker_in.sh
#!/bin/bash
# Use nsenter to access docker
docker_in(){
NAME_ID=$1
PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1
执行结果如下:
[root@docker1 ~]# chmod +x docker_in.sh
[root@docker1 ~]# ./docker_in.sh luoahong
[root@f8c8c8156e26 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Oct18 ? 00:00:00 /bin/bash
root 54 0 0 00:23 ? 00:00:00 -bash
root 67 54 0 00:23 ? 00:00:00 ps -ef
[root@f8c8c8156e26 /]#
我们也可以不进入容器进行查看
[root@docker1 ~]# docker exec luoahong ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Oct18 ? 00:00:00 /bin/bash
root 85 0 0 00:28 ? 00:00:00 ps -ef
[root@docker1 ~]# docker exec luoahong ls /
anaconda-post.log
bin
dev
提示:可以使用exec参数,不进入容器查看内容
我们还可以使用exec进入docker容器中
[root@docker1 ~]# docker exec -it luoahong /bin/bash
但是最好还是少使用exec,有可能会对容器造成一些意外的影响