关键词:
文章目录
Docker管理容器
1. 容器&镜像&仓库&daemon&client之间的关系
- docker客户端下达命令到 docker daemon
- docker daemon 下载 (到镜像仓库下载镜像到本地)
- docker daemon 生成容器
2. 启动容器
验证是否有镜像在本地
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
本地没有镜像,需要去seacrch镜像
仓库:dockerhub
[root@docker ~]# docker search centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 7330 [OK]
下载镜像到本地
[root@docker ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5d0da3dc9764 12 months ago 231MB
运行容器
# 运行一个命令在centos镜像容器中,容器名为test
[root@docker ~]# docker run -it --name=test centos:latest /bin/bash
[root@3335fd83cd10 /]#
-i:交互式操作
-t:终端
centos:latest :centos的latest版本镜像
/bin/bash:放在镜像名后的是命令,这里我们希望有个交互式 Shell,因此用的是 /bin/bash。
--name: 容器名
[root@3335fd83cd10 /]# ps
PID TTY TIME CMD
1 pts/0 00:00:00 bash
15 pts/0 00:00:00 ps
[root@3335fd83cd10 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
3.docker daemon管理
- 远程管理docker daemon充分条件
1.可以把 docker client与docker daemon分开部署
2.可以通过第三方软件管理docker daemon创建的容器
第一步:关闭docker daemon
修改docker配置文件前,请先关闭docker守护进程
[root@docker ~]# systemctl stop docker
第二步:修改docker daemon配置文件
如果想使用/etc/docker/daemon.json管理docker daemon,默认情况下,/etc/docker目录中并没有daemon.json文件,添加后会导致docker daemon无法启动,在添加daemon.json文件之前,请先修改如下文件内容:
[root@docker ~]# cp /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker.service.bak
[root@docker ~]# vim /usr/lib/systemd/system/docker.service
修改前:
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# #删除-H(含)后面所有内容
修改后:
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
第三步:加载配置文件
修改完成后,一定要加载此配置文件
[root@docker ~]# systemctl daemon-reload
第四步:第四步:重新开启docker守护进程
[root@docker ~]# systemctl start docker
第五步:添加配置文件对docker daemon配置
通过/etc/docker/daemon.json文件对docker守护进程文件进行配置
[root@docker ~]# cd /etc/docker/
[root@docker docker]# vim daemon.json
"hosts": ["tcp://0.0.0.0:2480","unix:///var/run/docker.sock"]
[root@docker docker]# systemctl restart docker
[root@docker docker]# ss -anput | grep ":2375"
tcp LISTEN 0 128 [::]:2375 [::]:* users:(("dockerd",pid=17729,fd=9))
docker daemon默认侦听使用的是unix格式,侦听文件:UNIX:///run/docker.sock,添加tcp://0.0.0.0:2375
可实现远程管理
第六步:实例远程连接方法
在另外一台机器上安装docker操作
# docker -H 远程容器主机 version
注意:不要在命令行后面添加端口
[root@localhost ~]# docker -H 192.168.44.100 images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5d0da3dc9764 12 months ago 231MB
[root@localhost ~]# docker -H 192.168.44.100 version
Client: Docker Engine - Community
Version: 20.10.18
API version: 1.41
Go version: go1.18.6
Git commit: b40c2f6
Built: Thu Sep 8 23:14:08 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.18
API version: 1.41 (minimum version 1.12)
Go version: go1.18.6
Git commit: e42327a
Built: Thu Sep 8 23:12:21 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
4. docker命令行
管理类命令是对普通命令的一个分类加以补充
[root@docker ~]# docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env
var and default context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands: # 管理类
app* Docker App (Docker Inc., v0.9.1-beta3)
builder Manage builds
buildx* Docker Buildx (Docker Inc., v0.9.1-docker)
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
scan* Docker Scan (Docker Inc., v0.17.0)
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands: # 普通命令
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
5. docker命令行实现容器管理
容器镜像获取
- 系统镜像
- 应用镜像
搜索镜像(dockerhub)
普通命令
搜索centos镜像
[root@docker ~]# docker search centos
管理类命令
无
获取镜像(pull)
从镜像仓库拉取镜像到本地
普通命令
[root@docker ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Image is up to date for centos:latest
docker.io/library/centos:latest
管理命令
[root@docker ~]# docker image pull centos
Using default tag: latest
latest: Pulling from library/centos
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Image is up to date for centos:latest
docker.io/library/centos:latest
打包传输镜像
[root@docker ~]# images
-bash: images: command not found
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker save --help
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save one or more images to a tar archive (streamed to STDOUT by default)
Options:
-o, --output string Write to a file, instead of STDOUT
# 打包镜像(也可以通过IMAGE ID打包)
[root@docker ~]# docker save -o centos.tar centos:latest
[root@docker ~]# ls
centos.tar
传输到另外一台机器
[root@docker ~]# scp centos.tar 192.168.44.150:/root/
The authenticity of host '192.168.44.100 (192.168.44.150)' can't be established.
ECDSA key fingerprint is SHA256:lv6Ct2Pe0nmV/L+HrcBoxowbywIueXoCOom6I2dD3fU.
ECDSA key fingerprint is MD5:8c:05:db:2e:ea:01:89:97:d5:87:4b:3f:f0:83:cf:1e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.44.150' (ECDSA) to the list of known hosts.
root@192.168.44.100's password:
centos.tar 100% 228MB 88.8MB/s 00:02
在另外一台机器上安装docker环境
[root@localhost ~]# docker load --help
Usage: docker load [OPTIONS]
Load an image from a tar archive or STDIN
Options:
-i, --input string Read from tar archive file, instead of STDIN
-q, --quiet Suppress the load output
# 导入命令
[root@localhost ~]# docker load -i centos.tar
74ddd0ec08fa: Loading layer [==================================================>] 238.6MB/238.6MB
Loaded image: centos:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5d0da3dc9764 12 months ago 231MB
启动容器
启动容器运行一个bash命令的容器
[root@localhost ~]# docker run -it --name=centos1 centos:latest /bin/bash
[root@7692fb02aa29 /]# exit
exit
或者
[root@localhost ~]# docker container run -it --name=centos2 centos:latest /bin/bash
[root@9bf096f5761d /]# exit
启动一个运行httpd服务的容器
[root@localhost ~]# docker container run -it --name=http centos:latest /bin/bash
在容器中安装hhtpd
[root@3ff9bcdf3e6b ~]# yum install httpd -y
[root@3ff9bcdf3e6b ~]# /usr/sbin/httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
httpd (pid 144) already running
[root@3ff9bcdf3e6b]# echo "hello docker" >> /var/www/html/index.html
[root@3ff9bcdf3e6b]# curl http://localhost/index.html
hello docker
解决docker中的CtenOS8镜像无法使用yum
# cd /etc/yum.repos.d/
# sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
# sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
# yum makecache
基于容器生成文件导入为容器镜像
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ff9bcdf3e6b centos:latest "/bin/bash" 38 minutes ago Up 38 minutes http
# http为刚才上面创建的容器名,也可以用容器id
[root@localhost ~]# docker export -o centos-httpd.tar http
[root@localhost ~]# ll
total 502832
-rw-------. 1 root root 276310528 Oct 3 00:34 centos-httpd.tar
[root@docker ~]# docker import --help
Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
Import the contents from a tarball to create a filesystem image
Options:
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Set commit message for imported image
--platform string Set platform if server is multi-platform capable
# 导入镜像,-m类似于注释
[root@docker ~]# docker import -m httpd应用镜像 centos-httpd.tar centos-httpd:v1
sha256:bec35d25ea77e2e62ec8f31b5ef608f34939d942daabca7a081d92c5663f5c77
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-httpd v1 bec35d25ea77 7 seconds ago 269MB
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker history centos-httpd:v1
IMAGE CREATED CREATED BY SIZE COMMENT
bec35d25ea77 43 seconds ago 269MB httpd应用镜像
运行阿帕奇镜像
[root@docker ~]# docker run -it --name centos-httpd centos-httpd:v1 /bin/bash
[root@caa21637996a /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
# 可以看到和前面的内容是一样的
[root@caa21637996a /]# curl http://localhost/index.html
hello docker
查看容器Ip地址
[root@docker ~]# ip a
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:85:ef:e7:12 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:85ff:feef:e712/64 scope link
valid_lft forever preferred_lft forever
# 默认连接的网桥
查看方法1:直接在容器内ip a 查看
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-httpd v1 bec35d25ea77 9 minutes ago 269MB
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker run -it --name=test centos-httpd:v1 /bin/bash
[root@e8204ea0c133 /]# ip a #
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 #由docker0网桥分配
valid_lft forever preferred_lft forever
查看方法2:查看容器详细信息
[root@docker ~]# docker inspect test
.....
"Networks":
"bridge":
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "738d11b55a3d7848ad645cb43f899ae1cf2b5df267d1f3eb81a71e60f4f090c9",
"EndpointID": "b34195d3629554e911e022bd5f6a1d198a6af0d1fe4ad34e4f22d425999c2486",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
查看方法3:在容器外执行容器内命令
[root@docker ~]# docker exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
停止运行中的容器
[root@docker ~]# docker ps #查看正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8204ea0c133 centos-httpd:v1 "/bin/bash" 6 minutes ago Up 6 minutes test
#停止一个正在运行的容器,d是容器ID简写,也可以写容器名称,但是ID要能够唯一识别
[root@docker ~]# docker stop e82
e82
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker ~]# docker ps --all # 查看所有容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8204ea0c133 centos-httpd:v1 "/bin/bash" 7 minutes ago Exited (0) 15 seconds ago test
caa21637996a centos-httpd:v1 "/bin/bash" 13 minutes ago Exited (0) 8 minutes ago centos-httpd
# 启动多个容器
[root@docker ~]# docker start e8 ca
e8
ca
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8204ea0c133 centos-httpd:v1 "/bin/bash" 8 minutes ago Up 14 seconds test
caa21637996a centos-httpd:v1 "/bin/bash" 14 minutes ago Up 14 seconds centos-httpd
# 关闭多个正在运行的容器
[root@docker ~]# docker stop test centos-httpd
test
centos-httpd
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
开启已停止的容器
启动
[root@docker ~]# docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8204ea0c133 centos-httpd:v1 "/bin/bash" 11 minutes ago Exited (0) 2 minutes ago test
caa21637996a centos-httpd:v1 "/bin/bash" 18 minutes ago Exited (0) 2 minutes ago centos-httpd
[root@docker ~]# docker start test
test
进入容器
[root@docker ~]# docker attach --help
Usage: docker attach [OPTIONS] CONTAINER
Attach local standard input, output, and error streams to a running container
Options:
--detach-keys string Override the key sequence for detaching a container
--no-stdin Do not attach STDIN
--sig-proxy Proxy all received signals to the process (default true)
[root@docker ~]# docker attach test
[root@e8204ea0c133 /]#
删除已停止的容器
注意:容器在运行中是不能停止的
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8204ea0c133 centos-httpd:v1 "/bin/bash" 14 minutes ago Up 2 minutes test
[root@docker ~]# docker rm test
Error response from daemon: You cannot remove a running container e8204ea0c133aec17cb7e7ad47ea650d77531ac4f301300690614c9dd3f4a80f. Stop the container before attempting removal or force remove
停止后在删除
[root@docker ~]# docker stop test
test
[root@docker ~]# docker rm test
test
[root@docker ~]# docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
caa21637996a centos-httpd:v1 "/bin/bash" 22 minutes ago Exited (0) 6 minutes ago centos-httpd
容器端口映射
我们知道容器的ip网段默认生成的是172.12网段的,在容器的宿主机上是可以访问的,那么怎么让一个和宿主机在同一网段的另外一台机也能访问到该容器呢?
这就可以用端口映射了。
准备两台机器
| 主机名 | ip | 备注 |
|---|---|---|
| docker | 192.168.44.100 | 安装docker,创键一个容器,在容器安装http |
| test | 192.168.44.150 | 用来访问docker主机的http容器的index.html文件 |
注意:关闭防火墙和SELinux
在docker上操作
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-httpd v1 bec35d25ea77 39 minutes ago 269MB
centos latest 5d0da3dc9764 12 months ago 231MB
# 端口映射
[root@docker ~]# docker run -it -p 80:80 --name=test-port centos-httpd:v1 /bin/bash
[root@70a5ad9c2560 /]# yum install -y httpd
[root@70a5ad9c2560 /]# echo "test httpd-port" > /var/www/html/index.html
[root@70a5ad9c2560 /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[root@70a5ad9c2560 /]# curl http://172.17.0.2/index.html
test httpd-port
#在docker宿主机上访问容器ip
[root@docker ~]# curl http://172.17.0.2
test httpd-port
# 访问自己的80 端口
[root@docker ~]# curl http://192.168.44.100
test httpd-port
在test主机上访问docker主机的的80端口
# 最终访问到了docker主机容器中的httpd
[root@test ~]# curl http://192.168.44.100
test httpd-port
查看docker机器上的容器状态
# 可以看到物理机的80端口转发到了某一个容器的80端口上了
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
70a5ad9c2560 centos-httpd:v1 "/bin/bash" 20 minutes ago Up 20 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp test-port
如果主机上同时运行多个http服务的容器,端口怎么映射?
因为端口是稀缺资源
- TCP:1~65535
- UDP:1~65535
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-httpd v1 bec35d25ea77 About an hour ago 269MB
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker run -it -p 80 --name test centos:latest /bin/bash
#如果仅定义了容器的端口,那么容器主机会随机添加映射端口到容器80端口,随机端口大于或等于32768
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6d97eb9b396 centos:latest "/bin/bash" 7 seconds ago Up 6 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp test
使用容器主机的某一IP地址上的端口做随机映射
如果机器上有多个网卡或者多个IP地址,就可以指定ip做随机映射,端口也是随机的
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-httpd v1 bec35d25ea77 About an hour ago 269MB
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker run -it -p 192.168.44.100::80 --name=centos centos:latest /bin/bash
[root@1e4ec6b9e6af /]#
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1e4ec6b9e6af centos:latest "/bin/bash" 5 seconds ago Up 4 seconds 192.168.44.100:49153->80/tcp centos
容器使用Docker Host存储数据
容器的数据持久化存储
第一步:在Dokcer Host 创建用于存储目录
[root@docker ~]# mkdir /opt/cvolume
第二步:运行容器并挂载上述目录
[root@docker ~]# docker run -it -v /opt/cvloume:/data --name=test centos:latest /bin/bash
[root@2cd56e044963 /]# ls /
bin dev home lib64 media opt root sbin sys usr
data(这个目录是创建容器时自动创建的) etc lib lost+found mnt proc run srv tmp var
示例:运行在容器中的http服务,使用docker host的/web目录中的网页文件,并能够在doker host上进行修改,修改后立即生效
第一步:创建/web并添加网页文件
[root@docker ~]# mkdir /web
[root@docker ~]# echo "test web" >> /web/index.html
第二步:启动容器对/web目录进行挂载
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-httpd v1 bec35d25ea77 2 hours ago 269MB
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker run -it -p 8080:80/tcp -v /web:/var/www/html --name=centos-web centos:latest /bin/bash
[root@2b0c9dc8f6d9 /]# ls /var/www/html
index.html
# 安装httpd并启动
[root@2b0c9dc8f6d9 /]# yum install httpd -y
[root@2b0c9dc8f6d9 /]# httpd -k start
第三步:访问http(在docker主机访问自己的8080端口)
[root@docker ~]# curl http://192.168.44.100:8080
test web
再次添加内容测试
[root@docker ~]# echo "hello" >> /web/index.html
到容器里查看
[root@eb08ccaebac4 /]# cat /var/www/html/index.html
test web
hello
同样在容器里写入数据也会马上同步到宿主机docker上
[root@eb08ccaebac4 /]# echo "docker" >> /var/www/html/index.html
[root@docker ~]# cat /web/index.html
test web
hello
docker
同步容器与docker host时间
[root@docker ~]# docker run -it -v /etc/localtime:/etc/localtime centos:latest /bin/bash
[root@24aed789dbd5 /]# date
Sun Oct 2 19:07:27 CST 2022
在容器外执行容器内命令
# 在名为centos的容器里执行 ls命令
[root@docker ~]# docker exec centos ls
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
容器间互联(–link)
第一步:创建被依赖容器
[root@docker ~]# docker run -it --name=test centos:latest /bin/bash
[root@caa54f58490e /]#
第二步:创建依赖于源容器的容器
# test:mysqldb 给test容器起一个别名
[root@docker ~]# docker run --link test:mysqldb -it --name=web centos:latest /bin/bash
[root@57b694db72cd /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 mysqldb caa54f58490e test
172.17.0.3 57b694db72cd
[root@57b694db72cd /]# ping mysqldb
PING mysqldb (172.17.0.2) 56(84) bytes of data.
64 bytes from mysqldb (172.17.0.2): icmp_seq=1 ttl=64 time=0.078 ms
64 bytes from mysqldb (172.17.0.2): icmp_seq=2 ttl=64 time=0.109 ms
64 bytes from mysqldb (172.17.0.2): icmp_seq=3 ttl=64 time=0.059 ms
第三步:验证
关闭容器
[root@docker ~]# docker stop test web
test
web
添加一个新的容器,用于抢占test的IP (172.17.0.2)
[root@docker ~]# docker run -it centos /bin/bash
[root@2f7557ecf96e /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
46: eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
先启动被依赖test容器,在启动web容器
[root@docker ~]# docker start test
test
[root@docker ~]# docker start web
web
[root@docker ~]# docker exec test cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 caa54f58490e
[root@docker ~]# docker exec web cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 mysqldb caa54f58490e test
172.17.0.4 57b694db72cd
是否能够ping通
[root@docker ~]# docker exec web ping test
PING mysqldb (172.17.0.3) 56(84) bytes of data.
64 bytes from mysqldb (172.17.0.3): icmp_seq=1 ttl=64 time=0docker学习笔记docker容器相关技术
Docker学习笔记(三)Docker容器相关技术 轻量级虚拟化技术命名空间:namespace,隔离系统资源,进程、网络、文件系统等隔离控制组:cgroups,为容器技术而生,分配资源,用来限制、记录、隔离进程资源使用。 命名空间... 查看详情
docker学习笔记1(代码片段)
面试题传统虚拟机和Docker的区别?虚拟机虚拟机其实就是文件,不需要就删掉,操作系统和硬件之间逻辑不变虚拟机技术基于安装在主操作系统上的虚拟机管理软件,创建虚拟机还能虚拟出各种硬件,从操作系统资源占用多(内核,硬件,... 查看详情
docker学习笔记
一、Docker简介Docker两个主要部件:Docker:开源的容器虚拟化平台DockerHub:用于分享、管理Docker容器的DockerSaaS平台– DockerHubDocker使用客户端-服务器(C/S)架构模式。Docker客户端会与Docker守护进程进行通信。Docker守护进程会处理... 查看详情
docker学习笔记
一、Docker简介Docker两个主要部件:Docker:开源的容器虚拟化平台DockerHub:用于分享、管理Docker容器的DockerSaaS平台--DockerHubDocker使用客户端-服务器(C/S)架构模式。Docker客户端会与Docker守护进程进行通信。Docker守护进程会处理复杂繁重... 查看详情
docker学习笔记总结(代码片段)
文章目录1.卸载docker服务步骤(实用!!)2.docker私有库3.容器数据卷的使用4.容器卷和主机互通互联5.容器卷ro和rw读写规则6.卷的继承和共享7.docker安装tomcat8.docker安装mysql8.1运行mysql容器8.2dockermysql容器卷配置(非常重要)8.3docke... 查看详情
docker学习笔记6
VIIIdocker目录虚拟化:41dockerobjects:43dockerimages:46dockerregistry:48docker:介绍;镜像管理;容器管理;网络访问;数据管理;镜像构建;私有仓库;核心技术;... 查看详情
docker学习笔记
什么是Docker?1.基于Go语言开发的云开源项目,Docker的主要目标是通过对应用组件的封装,分发,部署,运行等生命周期的管理,达到应用组件级别的一次封装,到处运行。2.可以将Docker当成一个沙盒,每个容器内运行一个应用,... 查看详情
docker学习笔记总结(代码片段)
文章目录1.docker简介2.docker的三个组成3.docker的工作原理4.centos系统上安装docker5.阿里云镜像加速器6.dockerrun命令执行流程7.docker命令7.1帮助启动类命令7.2镜像命令7.3容器命令7.3.1dockerrun命令详解7.3.2dockerps命令详解7.3.3容器服务的一... 查看详情
docker学习笔记(代码片段)
Docker学习笔记一、Docker是什么?Docker是一个开源的应用容器引擎,基于Go语言开发。Docker可以让开发者打包他们的应用以及依赖包到一个轻量级、可移植的容器中,然后发布到任何流行的Linux机器上,也可以实现虚拟化。容器是... 查看详情
docker学习笔记
1.Docker简介Docker是一个开源应用容器引擎,可以将应用打包到容器中,并移植到任何流行的Linux机器上。Docker是一个开源应用容器引擎,是为开发者和系统管理员设计的,用来发布和运行分布式应用程序的一个开放性平台,开发... 查看详情
非常详细的docker学习笔记
一、Docker简介Docker两个主要部件:Docker:开源的容器虚拟化平台DockerHub:用于分享、管理Docker容器的DockerSaaS平台-- DockerHubDocker使用客户端-服务器(C/S)架构模式。Docker客户端会与Docker守护进程进行通信。Docker守护进程会处理复杂... 查看详情
docker学习笔记.初识docker(代码片段)
Docker一,惊鸿一瞥二,Docker入门1,运行容器2,简单使用3,守护式容器4,在容器内部运行进程5,自动重启容器和删除容器6,深入容器三,使用Docker镜像和仓库1,基本镜像操作2,用Docker... 查看详情
docker基础学习笔记一:docker概述和安装(代码片段)
Docker基础学习笔记一:Docker概述和安装容器的起源什么是容器Docker是什么Docker容器为什么这么火Docker能做什么?Docker的安装(centos8中)卸载容器的起源假设你们公司正在秘密研发下一个“今日头条”APP,我们... 查看详情
企业运维实战--最全docker学习笔记5.docker安全容器资源控制安全加固(代码片段)
企业运维实战--最全Docker学习笔记5.Docker安全、容器资源控制、安全加固一、Docker安全二、Docker容器资源控制1.内存限制2.cpu限制3.BlockIO限制三、Docker安全加固一、Docker安全Docker容器的安全性,很大程度上依赖于Linux系统自身&#x... 查看详情
docker学习笔记——镜像制作(dockerfile)(代码片段)
文章目录Docker容器镜像1.容器技术2.容器镜像介绍3.制作基础镜像4.应用镜像制作使用commit提交镜像5.使用Dockerfile创建应用镜像1)Dockerfile关键字2)Dockerfile应用案例6.容器镜像在dockerhost存储位置1)写时复制与用时分配2)Overlay及Overlay27.d... 查看详情
docker学习笔记(代码片段)
一.Docker的概念Docker是一个开源的应用容器引擎,基于Go语言并遵从Apache2.0协议开源。Docker可以让开发者打包他们的应用以及依赖包到一个轻量级、可移植的容器中,然后发布到任何流行的Linux机器上,也可以实现虚拟... 查看详情
docker学习笔记(代码片段)
一.Docker的概念Docker是一个开源的应用容器引擎,基于Go语言并遵从Apache2.0协议开源。Docker可以让开发者打包他们的应用以及依赖包到一个轻量级、可移植的容器中,然后发布到任何流行的Linux机器上,也可以实现虚拟... 查看详情
docker学习笔记-安装(代码片段)
Docker学习笔记基础概念/名词解释准备工作安装启动Docker服务Docker常用命令卸载参考资料基础概念/名词解释名词说明image镜像docker封装好的一个模板,里面是一个可运行的服务,以及运行此服务所需要的依赖环境。container... 查看详情