2、Docker 基础安装和基础使用 一

基础环境

本次环境使用Centos 7.x版本系统,最小化安装,系统基础优化配置请查看 Centos 7.x 系统基础优化

安装

使用命令:yum install docker-io -y

[root@node ~]# yum install docker-io -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* elrepo: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.13.1-68.gitdded712.el7.centos will be installed
--> Processing Dependency: docker-common = 2:1.13.1-68.gitdded712.el7.centos for package: 2:docker-1.13.1-6
8.gitdded712.el7.centos.x86_6
..........................................................................
..........................................................................
Installed:
docker.x86_64 2:1.13.1-68.gitdded712.el7.centos Dependency Installed:
audit-libs-python.x86_64 0:2.8.1-3.el7
checkpolicy.x86_64 0:2.5-6.el7
container-selinux.noarch 2:2.66-1.el7
container-storage-setup.noarch 0:0.10.0-1.gitdf0dcd5.el7
docker-client.x86_64 2:1.13.1-68.gitdded712.el7.centos
docker-common.x86_64 2:1.13.1-68.gitdded712.el7.centos
libcgroup.x86_64 0:0.41-15.el7
libsemanage-python.x86_64 0:2.5-11.el7
oci-register-machine.x86_64 1:0-6.git2b44233.el7
oci-systemd-hook.x86_64 1:0.1.16-1.git05bd9a0.el7
oci-umount.x86_64 2:2.3.3-3.gite3c9055.el7
policycoreutils-python.x86_64 0:2.5-22.el7
python-IPy.noarch 0:0.75-6.el7
setools-libs.x86_64 0:3.3.8-2.el7
skopeo-containers.x86_64 1:0.1.31-1.dev.gitae64ff7.el7.centos
yajl.x86_64 0:2.0.4-4.el7 Complete!

启动关闭docker

启动docker:systemctl start docker

关闭docker:systemctl stop docker

设置开机自启:systemctl enable docker

[root@node ~]# systemctl start docker
[root@node ~]# systemctl enable docker
[root@node ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2018-08-21 12:13:47 CST; 3s ago
Docs: http://docs.docker.com
Main PID: 1375 (dockerd-current)
CGroup: /system.slice/docker.service
├─1375 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-cur...
└─1383 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-cont... Aug 21 12:13:46 node dockerd-current[1375]: time="2018-08-21T12:13:46.884994505+08:00" level=warning...tem"
Aug 21 12:13:46 node dockerd-current[1375]: time="2018-08-21T12:13:46.958221978+08:00" level=info ms...nds"
Aug 21 12:13:46 node dockerd-current[1375]: time="2018-08-21T12:13:46.959354596+08:00" level=info ms...rt."
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.017988947+08:00" level=info ms...rue"
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.196687154+08:00" level=info ms...ess"
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.343822834+08:00" level=info ms...ne."
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.712563117+08:00" level=info ms...ion"
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.712714528+08:00" level=info ms...13.1
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.720577957+08:00" level=info ms...ock"
Aug 21 12:13:47 node systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

这样,docker就安装完成了。

docker 命令参数

命令:docker --help

[root@node ~]# docker --help

Usage:	docker COMMAND

A self-sufficient runtime for containers

Options:
--config string Location of client config files (default "/root/.docker")
-D, --debug Enable debug mode
--help Print usage
-H, --host list Daemon socket(s) to connect to (default [])
-l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit Management Commands:
container Manage containers
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
volume Manage volumes Commands:
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes Run 'docker COMMAND --help' for more information on a command.
参数 解释
attach 进入到正在运行的容器
build 构建docker文件镜像
commit 创建一个镜像修改容器
cp 在容器和本地复制文件和文件夹
create 创建一个容器
diff 检查容器系统上文件是否发生改变
events 重服务器获取实时推送
exec 在容器中运行命令
export 将容器的文件系统导出为tar存档
history 显示镜像的历史变革
images 列出所有镜像文件
import 从 tarball导入文件内容到创建一个系统镜像文件
info 查看信息
inspect 返回底层信息的docker对象
kill 终止一个或多个正在运行的容器
load 加载图像到一个tar归档文件或STDIN
login 登陆某个docker之中
logout 退出某个docker
logs 获取容器运行的日志
pause 暂停一个或多个容器进程
port 查看所有映射信息
ps 查看所有正在运行的容器
pull 拉取一个镜像或者仓库到源
push 提交一个镜像或者仓库到源
rename 重命名一个容器
restart 重启一个或者多个容器
rm 删除一个或者多个容器
rmi 删除一个或者多个镜像
run 运行一个新的容器
save 保存一个或者多个镜像
search 在Docker Hub上查找镜像
stats 显示一个容器的资源使用状况
stop 停止一个或者多个容器
tag 给一个指定的镜像创建一个标签
top 显示正在运行的容器进程
uppause 赞同一个或者多个容器的所有进程
update 更新一个或者多个容器的配置
version 显示Docker版本号
wait 组织一个或者多个容器停止,然后打印他们推出的输出

常规使用

docker构建了一个类似于github一样的仓库

搜索镜像

搜索centos镜像:docker search Docker-name

[root@node ~]# docker search centos
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/centos The official build of CentOS. 4585 [OK]
docker.io docker.io/ansible/centos7-ansible Ansible on Centos7 115 [OK]
docker.io docker.io/jdeathe/centos-ssh CentOS-6 6.10 x86_64 / CentOS-7 7.5.1804 x... 99 [OK]
docker.io docker.io/consol/centos-xfce-vnc Centos container with "headless" VNC sessi... 61 [OK]
docker.io docker.io/imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 44 [OK]
docker.io docker.io/tutum/centos Simple CentOS docker image with SSH access 43
docker.io docker.io/centos/mysql-57-centos7 MySQL 5.7 SQL database server 38
docker.io docker.io/gluster/gluster-centos Official GlusterFS Image [ CentOS-7 + Glu... 32 [OK]
docker.io docker.io/openshift/base-centos7 A Centos7 derived base image for Source-To... 31
docker.io docker.io/centos/python-35-centos7 Platform for building and running Python 3... 28
docker.io docker.io/centos/postgresql-96-centos7 PostgreSQL is an advanced Object-Relationa... 26
docker.io docker.io/kinogmt/centos-ssh CentOS with SSH 22 [OK]
docker.io docker.io/centos/php-56-centos7 Platform for building and running PHP 5.6 ... 14
docker.io docker.io/openshift/jenkins-2-centos7 A Centos7 based Jenkins v2.x image for use... 14
docker.io docker.io/pivotaldata/centos-gpdb-dev CentOS image for GPDB development. Tag nam... 7
docker.io docker.io/openshift/mysql-55-centos7 DEPRECATED: A Centos7 based MySQL v5.5 ima... 6
docker.io docker.io/openshift/jenkins-1-centos7 DEPRECATED: A Centos7 based Jenkins v1.x i... 4
docker.io docker.io/openshift/wildfly-101-centos7 A Centos7 based WildFly v10.1 image for us... 4
docker.io docker.io/darksheer/centos Base Centos Image -- Updated hourly 3 [OK]
docker.io docker.io/pivotaldata/centos Base centos, freshened up a little with a ... 2
docker.io docker.io/pivotaldata/centos-mingw Using the mingw toolchain to cross-compile... 2
docker.io docker.io/blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK]
docker.io docker.io/jameseckersall/sonarr-centos Sonarr on CentOS 7 0 [OK]
docker.io docker.io/pivotaldata/centos-gcc-toolchain CentOS with a toolchain, but unaffiliated ... 0
docker.io docker.io/smartentry/centos centos with smartentry 0 [OK]

说明:

列名 说明
INDEX 索引
NAME 镜像名称
DESCRIPTION 描述
STARS 星级,受欢迎的程度
OFFICIAL 是否是官方的
AUTOMATED 是否是自动构建的

需要注意的:NAME,官方的,就是Centos,而剩下的,是用户名/名称

获取镜像

命令:docker pull Docker-name

[root@node ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
256b176beaff: Pull complete
Digest: sha256:6f6d986d425aeabdc3a02cb61c02abb2e78e57357e92417d6d58332856024faf
Status: Downloaded newer image for docker.io/centos:lates

查看镜像

命令:docker images

[root@node ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest 5182e96772bf 2 weeks ago 200 MB
字段名 解释
REPOSITORY 镜像来自于那个仓库
TAG 镜像的标签
IMAGE ID 镜像的ID,每个镜像都有一个唯一的ID
CREATED 创建的时间
VIRTUAL SIZE 镜像的大小

此时,镜像也pull下来了,准备工作都做好了,下面就开始让docker做一些简单的事情了。

让docker输出点东西出来

命令:docker run centos /bin/echo 'Hello World.'

意思是:运行centos容器,并/bin/echo 输出'Hello World.'

[root@node ~]# docker run centos /bin/echo 'Hello World.'
Hello World.

查看运行或者停止的所有容器

命令:docker ps -a

参数:  -l      表示只显示最后一个容器 (小写的L)

[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
99ceccfc37ac centos "/bin/echo 'Hello ..." 2 minutes ago Exited (0) 2 minutes ago elegant_gates
字段名 解释
CONTAINER ID 容器 ID
IMAGE 镜像
COMMAND 运行的内容
CREATED 创建时间
STSTUA 容器状态
PORTS 其他
NAMES 容器名,如果不手动指定,则在名字库中随机获取一个

docker run 的参数

参数 解释
-a=map[] 附加标准输入、输出或者错误输出
-c=0 共享CPU格式(相对重要)
-cidfile=“” 将容器的ID标识写入文件
-d=false 分离模式,在后台运行容器,并且打印出容器ID
-e=[] 设置环境变量
-h=“” 容器的主机名称
-i=false 保持输入流开放即使没有附加输入流
-privileged=false 给容器扩展的权限
-m=“” 内存限制 (格式:, unit单位 = b, k, m or g)
-n=true 允许镜像使用网络
-p=[] 匹配镜像内的网络端口号 支持格式:ip:hostPort:containerPort
-rm=false 当容器退出时自动删除容器 (不能跟 -d一起使用)
-t=false 分配一个伪造的终端输入
-u=“” 用户名或者ID
-dns=[] 自定义容器的DNS服务器
-v=[] 创建一个挂载绑定:[host-dir]:[container-dir]:[rw
-volumes-from=“” 挂载容器所有的卷
-entrypoint=“” 覆盖镜像设置默认的入口点
-w=“” 工作目录内的容器
-lxc-conf=[] 添加自定义-lxc-conf=“lxc.cgroup.cpuset.cpus = 0,1″
-sig-proxy=true 代理接收所有进程信号(even in non-tty mode)
-expose=[] 让你主机没有开放的端口
-link=“” 连接到另一个容器(name:alias)
-name=“” 分配容器的名称,如果没有指定就会随机生成一个 ,容器的名称是唯一的。
-P=false Publish all exposed ports to thehost interfaces 公布所有显示的端口主机接口

docker容器也能当做正常的操作系统来使用,虽然不建议

命令:docker run --name 随意指定一个docker名称 -it 镜像名 /bin/bash

-i 表示进入到容器的输入终端

-t 表示开启一个伪终端tty绑定到表输入上

[root@node ~]# docker run --name mydocker -it centos /bin/bash
# 这里看到运行后,提示符都变了,这个提示符是该容器的ID值
[root@7c9a7f01acb4 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
# 执行ps aux 只可以看到两个进程
[root@7c9a7f01acb4 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11832 3036 ? Ss 05:52 0:00 /bin/bash
root 15 0.0 0.0 51720 3512 ? R+ 05:53 0:00 ps aux
# 可以创建一个文件或目录
[root@7c9a7f01acb4 /]# cd /tmp/
[root@7c9a7f01acb4 tmp]# mkdir mydocker
[root@7c9a7f01acb4 tmp]# ls -ld mydocker/
drwxr-xr-x 2 root root 6 Aug 22 05:57 mydocker/
# 查看该容器的ip地址
[root@7c9a7f01acb4 tmp]# yum install net-tools
[root@7c9a7f01acb4 tmp]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:acff:fe11:2 prefixlen 64 scopeid 0x20<link>
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 3748 bytes 12494964 (11.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2696 bytes 149466 (145.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 使用exit退出容器
[root@7c9a7f01acb4 tmp]# exit
exit
# 退出后,可以看到命令提示符也变回原来的了。
[root@node ~]#

在执行上述命令的过程都干啥了?

  • 检查本地是否存在指定的镜像,不存在就从公有仓库下载
  • 利用镜像创建并启动一个容器
  • 分配一个文件系统,并在只读的镜像层外面挂载一层可读写层
  • 从宿主主机配置的网桥接口中桥接一个虚拟接口到容器中去
  • 从地址池配置一个 ip 地址给容器
  • 执行用户指定的应用程序
  • 执行完毕后容器被终止

在容器中可以正常操作,只是有很多命令都没有

退出后,再次查看一下容器状态

[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7c9a7f01acb4 centos "/bin/bash" 10 minutes ago Exited (127) 44 seconds ago mydocker
99ceccfc37ac centos "/bin/echo 'Hello ..." 35 minutes ago Exited (0) 35 minutes ago elegant_gates

可以看到容器名是我们指定的,并且已经退出了,生命周期已经结束了。

启动一个停止的容器

命令:docker start 容器ID

# 通过docker ps -a 查看容器ID
[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7c9a7f01acb4 centos "/bin/bash" 10 minutes ago Exited (127) 44 seconds ago mydocker
99ceccfc37ac centos "/bin/echo 'Hello ..." 35 minutes ago Exited (0) 35 minutes ago elegant_gates
# 运行
[root@node ~]# docker start 99ceccfc37ac
99ceccfc37ac
#再次查看
[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7c9a7f01acb4 centos "/bin/bash" 13 minutes ago Exited (127) 3 minutes ago mydocker
99ceccfc37ac centos "/bin/echo 'Hello ..." 38 minutes ago Exited (0) 2 seconds ago elegant_gates

这里看到运行后查看也退出了,因为我们运行的容器只是输出了一个'Hello World.'程序就退出了,容器也就结束了。

停止一个容器

命令:docker stop 容器ID

这里就不演示了。

删除一个容器

命令:docker rm 容器ID

正常只能删除已经停止的容器,如果是启动状态,会报错,除非增加-f 参数强制删除。

[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7c9a7f01acb4 centos "/bin/bash" 13 minutes ago Exited (127) 3 minutes ago mydocker
99ceccfc37ac centos "/bin/echo 'Hello ..." 38 minutes ago Exited (0) 2 seconds ago elegant_gates
[root@node ~]# docker rm 7c9a7f01acb4
7c9a7f01acb4
# 这里可以看到已经被删除了。
[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
99ceccfc37ac centos "/bin/echo 'Hello ..." 45 minutes ago Exited (0) 7 minutes ago elegant_gates

启动一个nginx容器

由于没有先pull 下来nginx镜像,所以在启动的时候会自动下载

[root@node ~]# docker run -d --name mynginx nginx
Unable to find image 'nginx:latest' locally
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
be8881be8156: Pull complete
32d9726baeef: Pull complete
87e5e6f71297: Pull complete
Digest: sha256:d85914d547a6c92faa39ce7058bd7529baacab7e0cd4255442b04577c4d1f424
Status: Downloaded newer image for docker.io/nginx:latest
# 启动的nginx容器的容器ID
2a6782e62a5fc419396c68a690f8673b989188ef28f18161f03811e7f0014251 # 查看容器,可以看到nginx容器正在运行
[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a6782e62a5f nginx "nginx -g 'daemon ..." 11 seconds ago Up 10 seconds 80/tcp mynginx

进入到刚刚启动的容器当中

[root@node ~]# docker attach 2a6782e62a5f
^C[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a6782e62a5f nginx "nginx -g 'daemon ..." About a minute ago Exited (0) 5 seconds ago mynginx
# 使用control + C 退出后,再次查看容器,会发现容器已经退出了

这里会发现进不去,一直夯在这里,实际以及进去了,只是卡住了

这是个通病,所以一般不适用该工具进入到容器中,使用另一个工具;

使用nsenter工具进入到容器的namespace命名空间

默认Centos 应该会有这个命令,如果没有,则只需要安装:

yum install util-linux -y

这样就可以了。

重新启动nginx容器,然后通过nsenter工具进入到容器中.

[root@node ~]# docker start 2a6782e62a5f
2a6782e62a5f
[root@node ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a6782e62a5f nginx "nginx -g 'daemon ..." 2 minutes ago Up 4 seconds 80/tcp mynginx

通过下面命令获取到容器的PID:

docker inspect --format "{{.State.Pid}}" 容器名称或容器ID

[root@node ~]# docker inspect --format "{{.State.Pid}}" mynginx
3982
[root@node ~]# nsenter --target 3982 --mount --uts --ipc --net --pid
mesg: ttyname failed: No such file or directory
root@2a6782e62a5f:/# /etc/init.d/nginx status
[ ok ] nginx is running.

从上述可以看到,已经进入到了nginx的容器中了。

上一篇:lnmp pathinfo问题


下一篇:POC测试——原型验证,降低风险,IT系统销售工作之一