关键词:
第四十、四十一次课 Docker入门
目录
一、 docker简介
二、 安装docker
三、 镜像管理
四、 通过容器创建镜像
五、 通过模板创建镜像
六、 容器管理
七、 仓库管理
八、 数据管理
九、 数据卷备份恢复
十、 docker网络模式
十一、 opration not permitted
十二、 配置桥接网络
十三、 Dockerfile格式
十四、 Dockerfile示例(安装nginx)
十五、 用docker compose部署服务
十六、 docker compose示例
一、 docker简介
Docker官网: www.docker.com
github地址:https://github.com/docker/docker.github.io
docker是一种开源的容器引擎,可以让开发者打包应用以及依赖的库,然后发布到任何流行的linux发行版上,移植很方便
由go语言编写,基于apache2.0协议发布。基于linux kernel,要想在win下运行需要借助一个vm(虚拟机)来实现
自2013年开始,发展迅猛,docker从1.13x开始,版本分为社区版ce和企业版ee,并且基于年月的时间线形式,当前最新稳定版为18.06
Docker和传统的虚拟化比较
Docker的优势
启动非常快,秒级实现
资源利用率高,一台高配置服务器可以跑上千个docker容器
更快的交付和部署,一次创建和配置后,可以在任意地方运行
内核级别的虚拟化,不需要额外的hypevisor支持,会有更高的性能和效率
易迁移,平台依赖性不强
Docker容器技术与传统虚拟机技术的特性比较
Docker核心概念
Docker镜像
Docker镜像 (镜像自身是只读的。容器从镜像启动的时候,会在镜像的最上层创建一个可写层。)
Docker镜像类似于虚拟机镜像,可以将它理解为一个只读的模板。例如,一个镜像可以包含一个基本的操作系统环境,里面仅安装了Apache应用程序(或用户需要的其他软件)。可以把它称为一个Apache镜像。
Docker容器
Docker容器类似于一个轻量级的沙箱,Docker利用容器来运行和隔离应用。容器是从镜像创建的应用运行实例。可以将其启动、开始、停止、删除,而这些容器都是彼此相互隔离的、互不可见的。可以把容器看做是一个简易版的Linux系统环境(包括root用户权限、进程空间、用户空间和网络空间等)以及运行在其中的应用程序打包而成的盒子。
Docker仓库
Docker仓库类似于代码仓库,它是Docker集中存放镜像文件的场所。根据所存储的镜像公开分享与否,Docker仓库可以分为公开仓库(Public)和私有仓库(Private)两种形式。目前,最大的公开仓库是官方提供的Docker Hub,其中存放了数量庞大的镜像供用户下载。
二、 安装docker
Centos下的安装方式有以下几种
1.yum安装
// 添加docker的yum源
[[email protected] ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 384 0 0:00:06 0:00:06 --:--:-- 506
// 查看docker安装包
[[email protected] ~]# yum list | grep docker
cockpit-docker.x86_64 172-2.el7.centos extras
containerd.io.x86_64 1.2.0-1.2.beta.2.el7 docker-ce-stable
docker.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce-selinux.noarch 17.03.3.ce-1.el7 docker-ce-stable
docker-client.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-client-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-common.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-compose.noarch 1.18.0-1.el7 epel
docker-devel.x86_64 1.3.2-4.el7.centos extras
docker-distribution.x86_64 2.6.2-2.git48294d9.el7 extras
docker-forward-journald.x86_64 1.10.3-44.el7.centos extras
docker-latest.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-logrotate.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-latest-v1.10-migrator.x86_64 1.13.1-58.git87f2fab.el7.centos
docker-logrotate.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-lvm-plugin.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-novolume-plugin.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
docker-python.x86_64 1.4.0-115.el7 extras
docker-registry.x86_64 0.9.1-7.el7 extras
docker-unit-test.x86_64 2:1.13.1-68.gitdded712.el7.centos
docker-v1.10-migrator.x86_64 2:1.13.1-74.git6e3bb8e.el7.centos
golang-github-fsouza-go-dockerclient-devel.x86_64
kdocker.x86_64 4.9-1.el7 epel
pcp-pmda-docker.x86_64 3.12.2-5.el7 base
python-docker-py.noarch 1.10.6-4.el7 extras
python-docker-pycreds.noarch 1.10.6-4.el7 extras
python-docker-scripts.noarch 0.4.4-1.el7 epel
python-dockerfile-parse.noarch 0.0.5-1.el7 epel
python2-avocado-plugins-runner-docker.noarch
python2-dockerpty.noarch 0.4.1-9.el7 epel
python34-docker.noarch 2.6.1-1.el7 epel
python34-docker-pycreds.noarch 0.2.1-1.el7 epel
python34-dockerpty.noarch 0.4.1-9.el7 epel
[[email protected] ~]#
// 安装
[[email protected] ~]# yum -y install docker-ce.x86_64
// 启动docker
[[email protected] ~]# systemctl start docker.service
// 验证docker已经正常启动
[[email protected] ~]# ps aux | grep docker
root 18106 3.1 10.3 640616 49880 ? Ssl 09:56 0:00 /usr/bin/dockerd
root 18114 3.0 5.2 473812 25400 ? Ssl 09:56 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 18256 0.0 0.2 112704 972 pts/0 S+ 09:56 0:00 grep --color=auto docker2.脚本安装
[[email protected] local]# wget -qO- https://get.docker.com/ | sh
或者
[[email protected] local]# curl -fsSL https://get.docker.com/ | sh
// 启动docker,
[[email protected] local]# systemctl start docker.service
// 验证docker已经正常启动
[[email protected] local]# docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:03 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:29 2018
OS/Arch: linux/amd64
Experimental: false3.从官方下载二进制包安装(安装过程略)
下载地址:https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
三、 镜像管理
1.下载镜像
// 官方的下载服务器在国外,所以可能会很慢
// 如果下载慢可以使用加速器
// 加速器配置,参考http://blog.csdn.net/xlemonok/article/details/71403534
[[email protected] src]# vim /etc/docker/daemon.json
// 添加如下内容
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
// 上面的加速地址可以向aliyum申请
// 实验环境下载速度很快,所以没有使用加速器
[[email protected] src]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
256b176beaff: Pull complete
Digest: sha256:6f6d986d425aeabdc3a02cb61c02abb2e78e57357e92417d6d58332856024faf
Status: Downloaded newer image for centos:latest2.查看本地镜像
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5182e96772bf 5 weeks ago 200MB3.在官方镜像仓库搜索镜像
[[email protected] src]# docker search centos7
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
ansible/centos7-ansible Ansible on Centos7 116 [OK]
centos/mysql-57-centos7 MySQL 5.7 SQL database server 39
openshift/base-centos7 A Centos7 derived base image for Source-To-I… 33
centos/python-35-centos7 Platform for building and running Python 3.5… 30
centos/postgresql-96-centos7 PostgreSQL is an advanced Object-Relational … 29
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 16
openshift/jenkins-2-centos7 A Centos7 based Jenkins v2.x image for use w… 15
centos/php-56-centos7 Platform for building and running PHP 5.6 ap… 14
openshift/mysql-55-centos7 DEPRECATED: A Centos7 based MySQL v5.5 image… 6
openshift/wildfly-101-centos7 A Centos7 based WildFly v10.1 image for use … 5
openshift/nodejs-010-centos7 DEPRECATED: A Centos7 based NodeJS v0.10 ima… 4
openshift/jenkins-1-centos7 DEPRECATED: A Centos7 based Jenkins v1.x ima… 4
openshift/ruby-20-centos7 DEPRECATED: A Centos7 based Ruby v2.0 image … 3
openshift/openldap-2441-centos7 A Centos7 based OpenLDAP v2.4.41image for us… 3
openshift/php-55-centos7 DEPRECATED: A Centos7 based PHP v5.5 image f… 1
openshift/mongodb-24-centos7 DEPRECATED: A Centos7 based MongoDB v2.4 ima… 1
openshift/wildfly-110-centos7 A Centos7 based WildFly v11.0 image for use … 1
openshift/wildfly-81-centos7 A Centos7 based WildFly v8.1 image for use w… 1
openshift/wildfly-120-centos7 A Centos7 based WildFly v12.0 image for use … 1
openshift/wildfly-100-centos7 A Centos7 based WildFly v10.0 image for use … 1
fortinj66/centos7-s2i-nodejs based off of ryanj/centos7-s2i-nodejs. Bigg… 0
openshift/python-33-centos7 DEPRECATED: A Centos7 based Python v3.3 imag… 0
openshift/postgresql-92-centos7 DEPRECATED: A Centos7 based PostgreSQL v9.2 … 0
openshift/wildfly-90-centos7 A Centos7 based WildFly v9.0 image for use w… 0
openshift/perl-516-centos7 DEPRECATED: A Centos7 based Perl v5.16 image… 0 4.给镜像打标签
[[email protected] src]# docker tag centos:latest centos1
[[email protected] src]# docker tag centos:latest centos1:0.1
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5182e96772bf 5 weeks ago 200MB
centos1 0.1 5182e96772bf 5 weeks ago 200MB
centos1 latest 5182e96772bf 5 weeks ago 200MB5.把镜像做为容器启动
// 把镜像启动为容器,-i表示让容器的标准输入打开,-t表示分配一个伪终端,
// -d表示后台启动,要把-i -t -d 放到镜像名字前面
[[email protected] src]# docker run -itd centos
1cb1b747c37a9c6c6f7bf152943330ea3adced83aa6fbac914e3279b72d5b732
// 查看运行的容器,加上-a选项后可以查看所有容器,包括未运行的
[[email protected] src]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cb1b747c37a centos "/bin/bash" 39 seconds ago Up 36 seconds happy_euler6.删除镜像
// 删除指定镜像, 其中后面的参数可以是tag,如果是tag时,实际上是删除该tag。
// 当后面的参数为镜像ID时,则会彻底删除整个镜像,所有标签也会一同删除
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos1 0.1 5182e96772bf 5 weeks ago 200MB
centos1 latest 5182e96772bf 5 weeks ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
[[email protected] src]# docker rmi centos1:0.1
Untagged: centos1:0.1
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos1 latest 5182e96772bf 5 weeks ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
[[email protected] src]# docker rmi centos1:latest
Untagged: centos1:latest
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5182e96772bf 5 weeks ago 200MB四、 通过容器创建镜像
1.进入以守护进程模式启动的docker容器
[[email protected] src]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cb1b747c37a centos "/bin/bash" 22 minutes ago Up 22 minutes happy_euler
// bash为进入容器后我们要执行的命令,这样就可以打开一个终端
[[email protected] src]# docker exec -it 1cb1b747c37a bash
[[email protected] /]# 2.对容器进行变更
// 进入到该容器中,我们做一些变更,比如安装一些东西,然后针对这个容器进行创建新的镜像
[[email protected] /]# yum -y install net-tools
...略...
Installed:
net-tools.x86_64 0:2.0-0.22.20131004git.el7
Complete!
// 退出容器 ctrl + d也可以
[[email protected] /]# exit
exit3.基础容器创建新镜像
// -m添加描述信息,-a 添加作者
[[email protected] src]# docker commit -m "install net-tools" -a "kennminn" 1cb1b747c37a centos_with_networktools:0.1
sha256:5d996fd42473881b4f75ba062077282c7618d7996edae630b910049d7734e4ff
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_networktools 0.1 5d996fd42473 8 seconds ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB4.启动新的镜像,验证
[[email protected] src]# docker run -itd centos_with_networktools:0.1 bash
e7a4b84cb0b3dacda99d56de58b94c9e8d9d9050232cd91cfae800510d3bcbd4
[[email protected] src]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:5fff:fe20:a08a prefixlen 64 scopeid 0x20<link>
ether 02:42:5f:20:a0:8a txqueuelen 0 (Ethernet)
RX packets 1822 bytes 89000 (86.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1881 bytes 12430303 (11.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.53 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::5aa6:a381:30f7:b274 prefixlen 64 scopeid 0x20<link>
inet6 fe80::17fc:7047:6f8c:566d prefixlen 64 scopeid 0x20<link>
inet6 fe80::d68:dd57:4b1e:ac7e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:46:6e:72 txqueuelen 1000 (Ethernet)
RX packets 426715 bytes 205541570 (196.0 MiB)
RX errors 0 dropped 185 overruns 0 frame 0
TX packets 38760 bytes 3455578 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth0e4fb45: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e8ec:6bff:fea1:dae2 prefixlen 64 scopeid 0x20<link>
ether ea:ec:6b:a1:da:e2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 578 (578.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vetha04fd76: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::c4c3:9bff:fe89:7ef prefixlen 64 scopeid 0x20<link>
ether c6:c3:9b:89:07:ef txqueuelen 0 (Ethernet)
RX packets 1822 bytes 114508 (111.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1889 bytes 12430951 (11.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0五、 通过模板创建镜像
- 下载模板
// 模板下载地址:http://openvz.org/Download/templates/precreated
// 这里已经事先下载到本地了
[[email protected] src]# wget http://192.168.1.9/SCode/docker/OPENVZ%e6%a8%a1%e6%9d%bf/centos-7-x86_64-minimal.tar.gz
--2018-09-11 17:46:52-- http://192.168.1.9/SCode/docker/OPENVZ%e6%a8%a1%e6%9d%bf/centos-7-x86_64-minimal.tar.gz
Connecting to 192.168.1.9:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 145639219 (139M) [application/x-gzip]
Saving to: ‘centos-7-x86_64-minimal.tar.gz’
100%[====================================================================================>] 145,639,219 13.6MB/s in 12s
2018-09-11 17:47:05 (11.9 MB/s) - ‘centos-7-x86_64-minimal.tar.gz’ saved [145639219/145639219]2.导入模板
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_networktools 0.1 5d996fd42473 20 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
// 导入模板
[[email protected] src]# cat centos-7-x86_64-minimal.tar.gz | docker import - centos7
sha256:87ccc675584ad676317bd8db8e0733b847c4f63191bb04dde76454cd6e527c73
// 检查
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7 latest 87ccc675584a 35 seconds ago 435MB
centos_with_networktools 0.1 5d996fd42473 21 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB3.导出现有镜像
[[email protected] src]# docker save -o centos7.tar centos7
[[email protected] src]# ll
total 613304
-rw------- 1 root root 446124032 Sep 11 17:52 centos7.tar
-rw-r--r-- 1 root root 145639219 Sep 11 10:28 centos-7-x86_64-minimal.tar.gz
-rw-r--r-- 1 root root 36254876 Jun 9 01:48 docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm4.恢复本地镜像
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7 latest 87ccc675584a 4 minutes ago 435MB
centos_with_networktools 0.1 5d996fd42473 25 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
[[email protected] src]# docker rmi centos7
Untagged: centos7:latest
Deleted: sha256:87ccc675584ad676317bd8db8e0733b847c4f63191bb04dde76454cd6e527c73
Deleted: sha256:788edba9eaa8ade63d8ba9d5747281c5da2b34b12a6c80f4dffd8ad9e05f68c1
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_networktools 0.1 5d996fd42473 26 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
// 恢复本地镜像,dokcer load --input centos7.tar也可以
[[email protected] src]# docker load < centos7.tar
788edba9eaa8: Loading layer [==================================================>] 446.1MB/446.1MB
Loaded image: centos7:latest
[[email protected] src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7 latest 87ccc675584a 6 minutes ago 435MB
centos_with_networktools 0.1 5d996fd42473 27 minutes ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB5.上传镜像到dockerhub官方网站
// 需要先注册一个用户, 这里还没有帐户,暂时不做上传测试
docker push image_name 六、 容器管理
1.创建容器
[[email protected] ~]# docker create -it centos:latest
bd130d81d16077a7a09365b443ad024b43fce0462eee3fe887463796a1662e1d
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bd130d81d160 centos:latest "/bin/bash" 23 seconds ago Created stoic_beaver
e7a4b84cb0b3 centos_with_networktools:0.1 "bash" 4 hours ago Exited (137) 7 minutes ago priceless_banach
1cb1b747c37a centos "/bin/bash" 4 hours ago Exited (137) 7 minutes ago happy_euler2.启动容器
[[email protected] ~]# docker start 5c61bbd70614
5c61bbd70614
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c61bbd70614 centos:latest "/bin/bash" About a minute ago Up 3 seconds inspiring_hypatia3.停止容器
[[email protected] ~]# docker stop 5c61bbd70614
5c61bbd70614
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES4.重启容器
[[email protected] ~]# docker start 5c61bbd70614
5c61bbd70614
[[email protected] ~]# docker restart 5c61bbd70614
5c61bbd70614
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c61bbd70614 centos:latest "/bin/bash" 3 minutes ago Up 11 seconds inspiring_hypatia5.从镜像直接启动容器
[[email protected] ~]# docker run -it centos7 bash
[[email protected] /]#
// 这样进入了一个虚拟终端里面,我们可以运行一些命令,使用命令exit或者ctrl d 退出该bash,当退出后这个容器也会停止。6.让容器在后台运行
[[email protected] /]# exit
exit
[[email protected] ~]# docker run -d centos7:latest /bin/sh -c "while true;do echo hello world;sleep 1;done"
e3ea22331fd286679c60edc90ea4266a9058b9b974c5cdf5726f244564f97d7e
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3ea22331fd2 centos7:latest "/bin/sh -c ‘while t…" 31 seconds ago Up 30 seconds suspicious_mahavira
5c61bbd70614 centos:latest "/bin/bash" 9 minutes ago Up 6 minutes inspiring_hypatia
// 查看输出
[[email protected] ~]# docker logs e3ea22331fd2
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
hello world
...下略...8.给容器自定义名字
[[email protected] ~]# docker run --name cs7 -itd centos7 bash
58c0702291dfd5a511cc15645882ec6bb986d9b63cc22dc01d2939d96da60743
inspiring_hypatia
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58c0702291df centos7 "bash" 15 seconds ago Up 13 seconds cs7
5c61bbd70614 centos:latest "/bin/bash" 19 minutes ago Up 15 minutes inspiring_hypatia9.删除容器
// 自动删除容器
[[email protected] ~]# docker run --rm -it centos7 bash -c "sleep 30"
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58c0702291df centos7 "bash" 2 minutes ago Up 2 minutes cs7
e3ea22331fd2 centos7:latest "/bin/sh -c ‘while t…" 12 minutes ago Exited (137) 9 minutes ago suspicious_mahavira
f2a14517b032 centos7 "bash" 14 minutes ago Exited (0) 14 minutes ago affectionate_fermat
8902be3365d9 centos7 "bash" 16 minutes ago Exited (0) 14 minutes ago adoring_hypatia
5c61bbd70614 centos:latest "/bin/bash" 21 minutes ago Up 17 minutes inspiring_hypatia
bd130d81d160 centos:latest "/bin/bash" 23 minutes ago Created stoic_beaver
e7a4b84cb0b3 centos_with_networktools:0.1 "bash" 4 hours ago Exited (137) 30 minutes ago priceless_banach
1cb1b747c37a centos "/bin/bash" 5 hours ago Exited (137) 30 minutes ago happy_euler
-10.获取到容器的运行历史信息
[[email protected] ~]# docker logs 58c0702291df
[[email protected] /]# rpm -q net-tools
package net-tools is not installed
[[email protected] /]# yum -y install net-tools
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates
...下略...11.进入后台运行的容器
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58c0702291df centos7 "bash" 8 minutes ago Up 8 minutes cs7
// attach命令不算好用,比如我们想要退出终端,就得exit了,这样容器也就退出了,还有一种方法
[[email protected] ~]# docker attach 58c0702291df
[[email protected] /]# rpm -q net-tools
package net-tools is not installed
[[email protected] /]# yum -y install net-tools
[[email protected] /]# exit
exit
// docker exec 命令可以临时打开一个虚拟终端,并且exit后,容器依然运行着
[[email protected] ~]# docker run -itd centos
0885fa165e3e22a9dff6da2d59d916854c40896c8d61a5f252ed1fe59443c9a5
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0885fa165e3e centos "/bin/bash" 17 seconds ago Up 16 seconds eloquent_vaughan
// 开启虚拟终端
[[email protected] ~]# docker exec -it 0885fa165e3e bash
[[email protected] /]#
[[email protected] /]# exit
exit
// 退出后容器仍在运行
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0885fa165e3e centos "/bin/bash" About a minute ago Up About a minute eloquent_vaughan12.导出容器
[[email protected] ~]# docker export 0885fa165e3e > centos_with_nettools.tar
[[email protected] ~]# ls -l !$
ls -l centos_with_nettools.tar
-rw-r--r-- 1 root root 208293888 Sep 11 21:51 centos_with_nettools.tar
// 生成镜像
[[email protected] ~]# cat centos_with_nettools.tar | docker import - impt_test
sha256:e3e34d378c5a338626010b742c79f95a84c4ff8bfecac6db6ae7bcffc4473481
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 10 seconds ago 200MB
centos7 latest 87ccc675584a 4 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 4 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB七、 仓库管理
1.下载register仓库
[[email protected] ~]# docker run -d -p 5000:5000 registry
Unable to find image ‘registry:latest‘ locally
latest: Pulling from library/registry
4064ffdc82fe: Pull complete
c12c92d1c5a2: Pull complete
4fbc9b6835cc: Pull complete
765973b0f65f: Pull complete
3968771a7c3a: Pull complete
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest
999b12c996c7d073cd55a33ca3b061d83ed3f842785c1ca5212da92f0882409d
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 2 hours ago 200MB
centos7 latest 87ccc675584a 6 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 7 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
999b12c996c7 registry "/entrypoint.sh /etc…" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp festive_brahmagupta
0885fa165e3e centos "/bin/bash" 2 hours ago Up 2 hours 2.测试访问register仓库
[[email protected] ~]# curl 127.0.0.1:5000/v2/_catalog
"repositories":[]3.上传镜像到私有仓库
// 标记一下tag,必须要带有私有仓库的ip:port
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 13 hours ago 200MB
centos7 latest 87ccc675584a 17 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 18 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB
[[email protected] ~]# docker tag centos7 192.168.1.53:5000/centos7
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
impt_test latest e3e34d378c5a 13 hours ago 200MB
192.168.1.53:5000/centos7 latest 87ccc675584a 17 hours ago 435MB
centos7 latest 87ccc675584a 17 hours ago 435MB
centos_with_networktools 0.1 5d996fd42473 18 hours ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB
// 把标记的镜像给推送到私有仓库
[[email protected] ~]# docker push 192.168.1.53:5000/centos7
The push refers to repository [192.168.1.53:5000/centos7]
Get https://192.168.1.53:5000/v2/: http: server gave HTTP response to HTTPS client
// 第一次推送不成功,因为https要求验证。这里取消ssl
[[email protected] ~]# vi /etc/docker/daemon.json
"insecure-registries":["192.168.1.53:5000"]
[[email protected] ~]# systemctl restart docker.service
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
999b12c996c7 registry "/entrypoint.sh /etc…" 11 hours ago Exited (2) 55 seconds ago festive_brahmagupta
0885fa165e3e centos "/bin/bash" 14 hours ago Exited (137) 45 seconds ago eloquent_vaughan
82c2e774a526 centos "/bin/bash" 14 hours ago Exited (0) 14 hours ago optimistic_saha
adae9ffd8700 centos7 "bash" 14 hours ago Exited (0) 14 hours ago xenodochial_swartz
19b16e0925e2 centos7 "bash" 14 hours ago Exited (0) 14 hours ago objective_boyd
58c0702291df centos7 "bash" 14 hours ago Exited (0) 14 hours ago cs7
[[email protected] ~]# docker start 999b12c996c7
999b12c996c7
[[email protected] ~]# docker start 0885fa165e3e
0885fa165e3e
// 重新推送
[[email protected] ~]# docker push 192.168.1.53:5000/centos7
The push refers to repository [192.168.1.53:5000/centos7]
788edba9eaa8: Pushed
latest: digest: sha256:1a692ac0e824dce870c5f94fabeb380b56490fc2bf0b6e6254aaec6ad296d4da size: 529
// 查看推送的镜像
[[email protected] ~]# curl 192.168.1.53:5000/v2/_catalog
"repositories":["centos7"]
八、 数据管理
1.挂载本地的目录到容器里
// -v 用来指定挂载目录,:前面的/data/为宿主机本地目录,
// :后面的/data/为容器里的目录,会在容器中自动创建
[[email protected] ~]# docker run -itd -v /data/:/data centos7 bash
8abe1bdc61d36f1d86bc17db5d25b892aa70e01807759279779ad1b5309fb3b3
[[email protected] ~]# docker exec -it 8abe1bdc61d3 bash
[[email protected] /]# ls
bin data etc home lib64 media opt root sbin sys usr
boot dev fastboot lib lost+found mnt proc run srv tmp var
[[email protected] /]# echo ‘111111‘ > /data/test
[[email protected] /]# exit
[[email protected] ~]# cat /data/test
111111
2.挂载数据卷
// 查看之前新建共享的容器的name为objective_agnesi, name在新建容器的时候可以通过
// --name指定,否则系统会随机生成
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8abe1bdc61d3 centos7 "bash" 23 minutes ago Up 23 minutes objective_agnesi
999b12c996c7 registry "/entrypoint.sh /etc…" 42 hours ago Up 30 hours 0.0.0.0:5000->5000/tcp festive_brahmagupta
0885fa165e3e centos "/bin/bash" 44 hours ago Up 30 hours
// 挂载共享的数据卷
[[email protected] ~]# docker run -itd --volumes-from objective_agnesi centos bash
c7c69d2817a989731647b1f71d19febb6701d045c11c7a8678d8f248752e591f
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c7c69d2817a9 centos "bash" 21 seconds ago Up 19 seconds wizardly_johnson
8abe1bdc61d3 centos7 "bash" 24 minutes ago Up 24 minutes objective_agnesi
999b12c996c7 registry "/entrypoint.sh /etc…" 42 hours ago Up 31 hours 0.0.0.0:5000->5000/tcp festive_brahmagupta
0885fa165e3e centos "/bin/bash" 44 hours ago Up 31 hours eloquent_vaughan
// 验证
[[email protected] ~]# docker exec -it c7c69d2817a9 bash
[[email protected] /]# ls /
anaconda-post.log data etc lib media opt root sbin sys usr
bin dev home lib64 mnt proc run srv tmp var
[[email protected] /]# cat /data/test
1111113.定义数据卷容器
有时候,我们需要多个容器之间相互共享数据,类似于linux里面的NFS,所以就可以搭建一个专门的数据卷容器,然后其他容器直接挂载该数据卷。
// 首先建立数据卷容器
// 注意这里的/data/是容器的/data目录,并非本地的/data/目录。
[[email protected] ~]# docker run -itd -v /data/ --name container_volume centos bash
473c2b1623ec9fbaf415d11e223be570c2141ba2b16b1055a70e39034cc0bd18
// 查看名称是否为container_volume
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
473c2b1623ec centos "bash" About a minute ago Up About a minute container_volume
8abe1bdc61d3 centos7 "bash" 37 minutes ago Up 37 minutes objective_agnesi
// 然后让其他容器挂载该数据卷
[[email protected] ~]# docker run -itd --volumes-from container_volume impt_test bash
af2b1fe07cb0450c8e76ec9255ecd6687729f60f0da7a814357d00d7ae353be1
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af2b1fe07cb0 impt_test "bash" 8 seconds ago Up 7 seconds elastic_nightingale
473c2b1623ec centos "bash" 4 hours ago Up 4 hours container_volume
8abe1bdc61d3 centos7 "bash" 4 hours ago Up 4 hours objective_agnesi九、 数据卷备份恢复
1.备份
// 如果已经将数据存储到了映射的宿主机目录,直接备份宿主机目录即可
// 如未进行宿主机的目录映射,备份过程如下
// 宿主机新建备份目录
[[email protected] backup]# docker run --volumes-from container_volume -v /backup/:/backup centos tar cvf /backup/data.tar /data
tar: Removing leading `/‘ from member names
/data/
/data/1.txt
/data/2.txt
[[email protected] ~]# ls /backup/
data.tar
// 说明:首先我们需要使用container_volume数据卷新开一个容器,同时我们还需要把本地的/backup/目录挂载到
// 该容器的/backup下,这样在容器中/backup目录里面新建的文件,我们就可以直接在/backup/目录中看到了。
// 然后再把/data/目录下面的文件打包到成data.tar文件放到/backup目录下面。
2.恢复
// 思路: 先新建一个数据卷容器,再建一个新的容器并挂载该数据卷容器,然后再把tar包解包。
[[email protected] backup]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a92ea19981d9 centos "bash" 14 minutes ago Up 14 minutes container_volume
af2b1fe07cb0 impt_test "bash" 41 minutes ago Up 41 minutes elastic_nightingale
8abe1bdc61d3 centos7 "bash" 5 hours ago Up 5 hours objective_agnesi
// 删除原有容器
[[email protected] backup]# docker stop container_volume
container_volume
[[email protected] backup]# docker rm a92ea19981d9
a92ea19981d9
// 创建数据卷容器
[[email protected] backup]# docker run -itd -v /data/ --name container_volume centos bash
4dc79895eac5d90a0eab50679995703e46784543d16a269663686cbdb0400967
// 恢复
[[email protected] backup]# docker run --volumes-from container_volume -v /backup/:/backup centos tar xf /backup/data.tar
[[email protected] backup]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4dc79895eac5 centos "bash" 30 seconds ago Up 28 seconds container_volume
af2b1fe07cb0 impt_test "bash" 44 minutes ago Up 44 minutes elastic_nightingale
8abe1bdc61d3 centos7 "bash" 5 hours ago Up 5 hours objective_agnesi
// 验证恢复成功
[[email protected] backup]# docker exec -it 4dc79895eac5 bash
[[email protected] /]# ls /data/
1.txt 2.txt 十、 docker网络模式
host模式,使用docker run命令时,通过选项--net=host指定,docker使用的网络实际上和宿主机一样,在容器内看到的网卡ip是宿主机ip。
container模式,使用--net=container:container_id/container_name,多个容器使用共同的网络,看到的ip是一样的
none模式,使用--net=none指定,这种模式下,不会配置任何网络
bridge模式,使用--net=bridge指定默认模式,不用指定默认就是这种网络模式。这种模式会为每个容器分配一个独立的Network Namespace。类似于vmware的nat网络模式。同一个宿主机上的所有容器会在同一个网段下,相互之间是可以通信的。
外部访问容器演示
1.这里将一个安装了nginx的容器导成一个新的镜像(centos-httpd),然后再使用新镜像创建容器
// 在一容器中安装nginx,过程略
// 以该容器为基础制作镜像
^C
[[email protected] backup]# docker commit -m "install nginx" -a "hjm" 8abe1bdc61d3 centos_with_nginx
sha256:4a6315cd5829061cab339e24005a194138d97b807d9b15f3813446b5a99c68ac
[[email protected] backup]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_nginx latest 4a6315cd5829 8 seconds ago 613MB
<none> <none> a20e52891eea 32 seconds ago 613MB
impt_test latest e3e34d378c5a 2 days ago 200MB
192.168.1.53:5000/centos7 latest 87ccc675584a 2 days ago 435MB
centos7 latest 87ccc675584a 2 days ago 435MB
centos_with_networktools 0.1 5d996fd42473 2 days ago 293MB
centos latest 5182e96772bf 5 weeks ago 200MB
registry latest b2b03e9146e1 2 months ago 33.3MB2.使用新镜像创建容器,并指定端口映射
// -p后面也支持IP:port:ip:port 的格式,比如 -p 127.0.0.1:8080:80
// 也可以不写本地的端口,只写ip,这样会随意分配一个端口
// -p 127.0.0.1::80 注意这里是两个冒号
[[email protected] backup]# docker run -itd -p 8080:80 centos_with_nginx bash
381d00bae20f06d27be927547da0ea22562607ffd8a9186141afe8ed4ac7c3c5
[[email protected] backup]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 769/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 852/master
tcp6 0 0 :::8080 :::* LISTEN 33124/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 769/sshd
tcp6 0 0 ::1:25 :::* LISTEN 852/master
[[email protected] backup]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
381d00bae20f centos_with_nginx "bash" 25 seconds ago Up 24 seconds 0.0.0.0:8080->80/tcp eloquent_neumann
4dc79895eac5 centos "bash" About an hour ago Up About an hour container_volume
af2b1fe07cb0 impt_test "bash" 2 hours ago Up 2 hours elastic_nightingale
8abe1bdc61d3 centos7 "bash" 6 hours ago Up 6 hours objective_agnesi
[[email protected] backup]# docker exec -it 381d00bae20f bash
[[email protected] /]# systemctl start nginx
Failed to get D-Bus connection: Operation not permitted
// 解决方案
[[email protected] /]# exit
exit
[[email protected] backup]# docker stop 381d00bae20f
381d00bae20f
[[email protected] backup]# docker rm 381d00bae20f
381d00bae20f
// 以下列方式启动容器
[[email protected] backup]# docker run -itd --privileged -e "container=docker" -p 8080:80 centos_with_nginx /usr/sbin/init
0c272e7b03c5cc940229d2184a1d87a888e1f7e6b48161e64ac1483c41e9d2e0
[[email protected] backup]# docker exec -it 0c272e7b03c5cc94 bash
[[email protected] /]# systemctl start nginx
[[email protected] /]# netstat -nltup | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 224/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 224/nginx: master p
3.测试
// 本地访问
// 测试
</html>
[[email protected] /]# curl 127.0.0.1 -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 13 Sep 2018 15:56:53 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes
// 宿主机访问
[[email protected] backup]# curl 127.0.0.1:8080 -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 13 Sep 2018 15:58:26 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes
//远程主机访问
[[email protected] src]# curl 192.168.1.53:8080 -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 13 Sep 2018 15:59:06 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes十一、 配置桥接网络
为了使本地网络中的机器和Docker容器更方便的通信,我们经常会有将Docker容器配置到和主机同一网段的需求。这个需求其实很容易实现,我们只要将Docker容器和宿主机的网卡桥接起来,再给Docker容器配上IP就可以了。
// 创建网卡桥接配置文件
[[email protected] network-scripts]# cp ifcfg-ens32 ifcfg-br0
[[email protected] network-scripts]# vim ifcfg-br0
// 修改如下内容
TYPE=Bridge
NAME=br0
DEVICE=br0
[[email protected] network-scripts]# vim ifcfg-ens32
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
DEVICE=ens32
ONBOOT=yes
#IPADDR=192.168.1.53
#PREFIX=24
#GATEWAY=192.168.1.1
#DNS1=223.5.5.5
IPV6_PRIVACY=no
#DNS2=223.6.6.6
BRIDGE=br0
"ifcfg-ens32" 21L, 350C written
[[email protected] network-scripts]# systemctl restart network
[[email protected] network-scripts]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.53 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:0c:29:46:6e:72 txqueuelen 1000 (Ethernet)
RX packets 26 bytes 2496 (2.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1958 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:5fff:fe20:a08a prefixlen 64 scopeid 0x20<link>
ether 02:42:5f:20:a0:8a txqueuelen 0 (Ethernet)
RX packets 22538 bytes 1274789 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30277 bytes 203018974 (193.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:46:6e:72 txqueuelen 1000 (Ethernet)
RX packets 682747 bytes 450416534 (429.5 MiB)
RX errors 0 dropped 185 overruns 0 frame 0
TX packets 70142 bytes 6836135 (6.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
...下略...
// 安装pipwork
[[email protected] network-scripts]# cd pipework/
[[email protected] pipework]# ll
total 60
-rw-r--r-- 1 root root 75 Sep 14 09:18 docker-compose.yml
drwxr-xr-x 2 root root 24 Sep 14 09:18 doctoc
-rw-r--r-- 1 root root 11358 Sep 14 09:18 LICENSE
-rwxr-xr-x 1 root root 14698 Sep 14 09:18 pipework
-rw-r--r-- 1 root root 827 Sep 14 09:18 pipework.spec
-rw-r--r-- 1 root root 22328 Sep 14 09:18 README.md
[[email protected] pipework]# cp pipework /usr/local/bin/
// 开启一个没有网络的容器
[[email protected] pipework]# docker run -itd --net=none --name centos_bri centos_with_nginx bash
61cc391d863cbd1d2825e4c3600e0f755136c55bc08d190952910f3f16c8add4
[[email protected] pipework]# docker exec -it 61cc391d863cbd1 bash
[[email protected] /]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
// 设定桥接
[[email protected] pipework]# pipework br0 centos_bri 192.168.1.55/[email protected]
[[email protected] pipework]# docker exec -it 61cc391d863cbd1 bash
[[email protected] /]# ifconfig
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.55 netmask 255.255.255.0 broadcast 192.168.1.255
ether ba:b6:2b:8d:df:4c txqueuelen 1000 (Ethernet)
RX packets 28 bytes 6990 (6.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 42 (42.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] /]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=1.51 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.04 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.048/1.282/1.516/0.234 ms
[[email protected] /]# ping www.163.com
PING www.163.com.lxdns.com (112.91.129.184) 56(84) bytes of data.
64 bytes from 112.91.129.184: icmp_seq=1 ttl=57 time=20.8 ms
^C64 bytes from 112.91.129.184: icmp_seq=2 ttl=57 time=21.1 ms
--- www.163.com.lxdns.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 20.880/21.018/21.157/0.200 ms十二、 Dockerfile格式
1.FROM //指定基于哪个基础镜像
格式 FROM 或者 FROM
:
2.MAINTAINER //指定作者信息
格式 MAINTAIN
3.RUN //镜像操作指令
格式为 RUN
4.CMD // 三种格式:
CMD ["executable", "param1", "param2"]
CMD command param1 param2
CMD ["param1", "param2"]
RUN和CMD看起来挺像,但是CMD用来指定容器启动时用到的命令,只能有一条。比如
CMD ["/bin/bash", "/usr/local/nginx/sbin/nginx", "-c", "/usr/local/nginx/conf/nginx.conf"]
5.EXPOSE
格式为 EXPOSE
6.ENV
格式 ENV
8.COPY
格式同add
使用方法和add一样,不同的是,它不支持url
9.ENTRYPOINT 格式类似CMD
容器启动时要执行的命令,它和CMD很像,也是只有一条生效,如果写多个只有最后一条有效。和CMD不同是:
CMD 是可以被 docker run 指令覆盖的,而ENTRYPOINT不能覆盖。比如,容器名字为aming
我们在Dockerfile中指定如下CMD:
CMD ["/bin/echo", "test"]
启动容器的命令是 docker run aming 这样会输出 test
假如启动容器的命令是 docker run -it aming /bin/bash 什么都不会输出
ENTRYPOINT不会被覆盖,而且会比CMD或者docker run指定的命令要靠前执行
ENTRYPOINT ["echo", "test"]
docker run -it aming 123
则会输出 test 123 ,这相当于要执行命令 echo test 123
10.VOLUME
格式 VOLUME ["/data"]
创建一个可以从本地主机或其他容器挂载的挂载点。
11.USER
格式 USER daemon
指定运行容器的用户
12.WORKDIR
格式 WORKDIR /path/to/workdir
为后续的RUN、CMD或者ENTRYPOINT指定工作目录
十三、 Dockerfile示例(安装nginx)
1.下载nginx的配置文件
[[email protected] ~]# mkdir container_build
[[email protected] ~]# cd container_build/
[[email protected] container_build]# wget http://www.apelearn.com/study_v2/.nginx_conf
--2018-09-14 15:16:48-- http://www.apelearn.com/study_v2/.nginx_conf
Resolving www.apelearn.com (www.apelearn.com)... 47.104.7.242
Connecting to www.apelearn.com (www.apelearn.com)|47.104.7.242|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1678 (1.6K) [application/octet-stream]
Saving to: ‘.nginx_conf’
100%[====================================================================================>] 1,678 --.-K/s in 0s
2018-09-14 15:16:53 (75.8 MB/s) - ‘.nginx_conf’ saved [1678/1678]
[[email protected] container_build]# ls -a
. .. .nginx_conf2.新建Dockerfile文件
[[email protected] container_build]# vim Dockerfile
## Set the base image to CentOS
FROM centos
# File Author / Maintainer
MAINTAINER aming [email protected]
# Install necessary tools
RUN yum install -y pcre-devel wget net-tools gcc zlib zlib-devel make openssl-devel
# Install Nginx
ADD http://nginx.org/download/nginx-1.8.0.tar.gz .
RUN tar zxvf nginx-1.8.0.tar.gz
RUN mkdir -p /usr/local/nginx
RUN cd nginx-1.8.0 && ./configure --prefix=/usr/local/nginx && make && make install
RUN rm -fv /usr/local/nginx/conf/nginx.conf
COPY .nginx_conf /usr/local/nginx/conf/nginx.conf
# Expose ports
EXPOSE 80
# Set the default command to execute when creating a new container
ENTRYPOINT /usr/local/nginx/sbin/nginx && tail -f /etc/passwd3.创建镜像
[[email protected] container_build]# docker build -t centos_nginx .
Sending build context to Docker daemon 5.12kB
Step 1/11 : FROM centos
---> 5182e96772bf
Step 2/11 : MAINTAINER aming [email protected]
---> Running in 801ff2a17a66
Removing intermediate container 801ff2a17a66
---> b5845b5fa701
...中间略...
Step 11/11 : ENTRYPOINT /usr/local/nginx/sbin/nginx && tail -f /etc/passwd
---> Running in ee39e7614725
Removing intermediate container ee39e7614725
---> c381095f9de5
Successfully built c381095f9de5
Successfully tagged centos_nginx:latest
[[email protected] container_build]# echo $?
0
// 可以查看新生成的镜像centos_nginx
[[email protected] container_build]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_nginx latest c381095f9de5 2 minutes ago 364MB
centos-7 latest b9537a48e879 3 days ago 435MB
test 0.1 156fd25e15bf 3 days ago 200MB
centos latest 5182e96772bf 5 weeks ago 200MB
// 以新建的镜像启动容器
[[email protected] container_build]# docker run -itd -p 8081:80 centos_nginx bash
05872ac9cf5f24675597aebef7fe40ffbd4323a1ab356c2af3d6a83d77d48379
[[email protected] container_build]# docker exec -it 05872ac9cf5f2 bash
[[email protected] /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11680 1348 pts/0 Ss+ 07:31 0:00 /bin/sh -c /usr/local/nginx/sbin/nginx && tail -f /etc/pass
root 9 0.0 0.0 24880 784 ? Ss 07:31 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 10 0.0 0.3 27324 3348 ? S 07:31 0:00 nginx: worker process
root 11 0.0 0.0 4400 348 pts/0 S+ 07:31 0:00 tail -f /etc/passwd
nobody 12 0.0 0.3 27324 3356 ? S 07:31 0:00 nginx: worker process
root 13 0.3 0.1 11820 1820 pts/1 Ss 07:31 0:00 bash
root 27 1.0 0.1 51708 1724 pts/1 R+ 07:32 0:00 ps aux十四、 用docker compose部署服务
docker compose可以方便我们快捷高效地管理容器的启动、停止、重启等操作,它类似于linux下的shell脚本,基于yaml语法,在该文件里我们可以描述应用的架构,比如用什么镜像、数据卷、网络模式、监听端口等信息。我们可以在一个compose文件中定义一个多容器的应用(比如jumpserver),然后通过该compose来启动这个应用。
安装compose
[[email protected] src]# curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 562 0 --:--:-- 0:00:01 --:--:-- 562
100 11.2M 100 11.2M 0 0 243k 0 0:00:47 0:00:47 --:--:-- 302k
[[email protected] src]# chmod 755 !$
chmod 755 /usr/local/bin/docker-compose
[[email protected] src]# docker-compose version
docker-compose version 1.22.0, build f46880fe
docker-py version: 3.4.1
CPython version: 3.6.6
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
// Compose区分Version 1和Version 2(Compose 1.6.0+,Docker Engine 1.10.0+)。Version 2支持更多的指令。Version 1没有声明版本默认是"version 1"。Version 1将来会被弃用。十五、 docker compose示例
1.新建配置文件
[[email protected] src]# vim docker-compose.yml
// 内容参考https://coding.net/u/aminglinux/p/yuanke_centos7/git/blob/master/25docker/docker-compose.yml
[[email protected] src]# vim docker-compose.yml
version: "2"
services:
app1:
image: centos_nginx
ports:
- "8080:80"
networks:
- "net1"
volumes:
- /data/:/data
app2:
image: centos-7
networks:
- "net2"
volumes:
- /data/:/data1
entrypoint: tail -f /etc/passwd
networks:
net1:
driver: bridge
net2:
driver: bridge2.使用脚本启动容器
[[email protected] src]# docker-compose up -d
Creating network "src_net1" with driver "bridge"
Creating network "src_net2" with driver "bridge"
Creating src_app2_1 ... done
Creating src_app1_1 ... done
[[email protected] src]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aa7d70f3b16f centos-7 "tail -f /etc/passwd" 35 seconds ago Up 34 seconds src_app2_1
cbe220f3f8ee centos_nginx "/bin/sh -c ‘/usr/lo…" 35 seconds ago Up 34 seconds 0.0.0.0:8080->80/tcp src_app1_1
05872ac9cf5f centos_nginx "/bin/sh -c ‘/usr/lo…" 4 hours ago Up 4 hours 0.0.0.0:8081->80/tcp loving_curie
// docker-compose帮助 docker-compose --help
// 常用命令docker-compose ps/down/stop/start/rm
// docker-compose语法的参考文档 :http://www.web3.xin/index/article/182.html第四十一篇面向对象基础(代码片段)
面向对象一、面向过程和面向对象1、面向过程编程(思想)1.上一个函数的输出是下一个函数的输入,类似流水线,机械式、顺序化2.优点:逻辑清晰,将复杂的问题流程化,细化、步骤化,进而简单化3.缺点:可扩展性差2、面... 查看详情
c++第四十一篇--安装成功的第一个驱动文件(代码片段)
参考链接:https://blog.csdn.net/LEON1741/article/details/87291839一、新建工程二、写一个Driver.c#include<ntddk.h>#include<wdf.h>DRIVER_INITIALIZEDriverEntry;EVT_WDF_DRIVER_DEVICE_ADDKmdfHelloWorldEvtDevice 查看详情
wpf学习第四十四章图画(代码片段)
原文:【WPF学习】第四十四章图画 通过上一章的学习,Geometry抽象类表示形状或路径。Drawing抽象类扮演了互补的角色,它表示2D图画(Drawing)——换句话说,它包含了显示矢量图像或位图需要的所有信息。 尽管有几类画图类... 查看详情
第四十一天
<!--1js三种存在位置--><!DOCTYPEhtml><htmllang="zh"><head> <metacharset="UTF-8"> <title>三种存在位置</title></head><!--1.行间式:js代码块需要出现在事件中--><!--& 查看详情
mysql实战第四十四讲-要不要使用分区表?(代码片段)
这是我们专栏的最后一篇答疑文章,今天我们来说说一些好问题。在我看来,能够帮我们扩展一个逻辑的边界的问题,就是好问题。因为通过解决这样的问题,能够加深我们对这个逻辑的理解,或者帮我们关... 查看详情
mysql实战第四十四讲-要不要使用分区表?(代码片段)
这是我们专栏的最后一篇答疑文章,今天我们来说说一些好问题。在我看来,能够帮我们扩展一个逻辑的边界的问题,就是好问题。因为通过解决这样的问题,能够加深我们对这个逻辑的理解,或者帮我们关... 查看详情
“全栈2019”java第四十四章:继承
...开发环境JDKv11IntelliJIDEAv2018.3文章原文链接“全栈2019”Java第四十四章:继承下一章“全栈2019”Java第四十五章:super关键字学习小组加入同步学习小组,共同交流与进步。方式一:关注头条号Gorhaf,私信“Java学习小组”。方式二... 查看详情
“全栈2019”java第四十一章:static关键字
...开发环境JDKv11IntelliJIDEAv2018.3文章原文链接“全栈2019”Java第四十一章:static关键字下一章“全栈2019”Java第四十二章:静态代码块与初始化顺序学习小组加入同步学习小组,共同交流与进步。方式一:关注头条号Gorhaf,私信“Java... 查看详情
mysql实战第四十一讲-怎么最快地复制一张表?(代码片段)
我在上一篇文章最后,给你留下的问题是怎么在两张表中拷贝数据。如果可以控制对源表的扫描行数和加锁范围很小的话,我们简单地使用insert…select语句即可实现。当然,为了避免对源表加读锁,更稳妥的方案... 查看详情
mysql实战第四十一讲-怎么最快地复制一张表?(代码片段)
我在上一篇文章最后,给你留下的问题是怎么在两张表中拷贝数据。如果可以控制对源表的扫描行数和加锁范围很小的话,我们简单地使用insert…select语句即可实现。当然,为了避免对源表加读锁,更稳妥的方案... 查看详情
wpf学习第四十四章图画(代码片段)
通过上一章的学习,Geometry抽象类表示形状或路径。Drawing抽象类扮演了互补的角色,它表示2D图画(Drawing)——换句话说,它包含了显示矢量图像或位图需要的所有信息。 尽管有几类画图类,但只有GeometryDrawing类能... 查看详情
第四十一天:协程操作(代码片段)
1.无论是进程还是线程都是由操作系统的时间片时间来进行操控,无法进行人为的控制,并且进行的都是并发程序。从微观上看还是同一时间执行一个程序。2.进程是资源分配的最小单位,线程是cpu调度的最小单位。在开启线程... 查看详情
第四十一课编辑交互功能的实现
一、编辑交互功能1、编辑器中常规的编辑交互功能2、QPlainTextEdit提供了丰富的交互接口3、信号与槽的连接编辑器代码修改:将action触发的信号映射到QPlainTextEdit对象的槽函数 二、文本编辑器中的界面状态1、不是任何时候都... 查看详情
第四十一象甲辰
第四十一象甲辰谶曰天地晦盲草木蕃殖阴阳反背上土下日颂曰帽儿须戴血无头手弄乾坤何日休九十九年成大错称王只合在秦州 金圣叹注解:此象一武士擅握兵权,致肇地覆天翻之祸,或一白姓者平之。 推背图网解:不只... 查看详情
leetcode刷题四十四(代码片段)
leetcode刷题四十四题目叙述https://leetcode-cn.com/problems/same-tree/给你两棵二叉树的根节点p和q,编写一个函数来检验这两棵树是否相同。如果两个树在结构上相同,并且节点具有相同的值,则认为它们是相同的。题目解答#Definitionforab... 查看详情
agg第四十一课agg和gdi渲染字体大小对比
如下是GDI渲染字体的代码: CClientDCdc(this); CPenpen(PS_SOLID,3,RGB(0,255,255)); CPen*pOldPen; pOldPen=dc.SelectObject(&pen); dc.SelectObject(&pOldPen); CF 查看详情
第四十四课继承中的访问级别
一、一个令人疑惑的问题二、面向对象中的访问级别1、面向对象中的访问级别不只是public和private2、可以定义protected的访问级别3、关键字protected的意义(1)、修饰的成员不能被外界直接访问(2)、修饰的成员可以被子类直接访... 查看详情
2018-07-26第三十一次课(代码片段)
...出循环十二、continue结束本次循环十三、exit退出整个脚本十四、扩展一、shell脚本介绍shell是一种脚本语言,是用户与内核进行交互 查看详情