Docker 学习记录基于Linux
Docker 文档
文档地址: https://docs.docker.com/
https://gimg2.baidu.com/image_search/src=http%3A%2F%2Fi.loli.net%2F2020%2F08%2F01%2F9VSxDTPkYJ5n6eZ.png&refer=http%3A%2F%2Fi.loli.net&app=2002&size=f9999,10000&q=a80&n=0&g=0n&fmt=jpeg?sec=1625276689&t=df674edbbf4cf7e3f84b69081175e8c9
安装Docker
环境查看
-
查看系统配置
# 系统内核是 3.10 以上的 [root@VM_0_9_centos ~]# uname -r 3.10.0-1062.18.1.el7.x86_64 # 系统版本 [root@VM_0_9_centos ~]# cat /etc/os-release \NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7"
安装(liunx)
-
卸载
# 1.卸载旧版本 sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine # 2.需要的安装包 yum install -y yum-utils # 3.设置镜像的仓库 yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo #默认的是国外的地址很慢 yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #阿里的地址 # 更新yum软件包索引 yum makecache fast # 4.安装docker相关的 docker-ce社区版 ee企业版 不想安装最新的也可以指定版本 yum install docker-ce docker-ce-cli containerd.io # 5.启动dicker systemctl start docker # 6.使用命令查看是否安装成功 docker versino # 7.hello-world docker run hello-word # 8.查看下载的所有镜像 docker images [root@VM_0_9_centos ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest d1165f221234 2 months ago 13.3kB -
卸载docker
# 卸载依赖 yum remove docker-ce docker-ce-cli containerd.io # 删除资源(包括镜像和容器) rm -rf /var/lib/docker rm -rf /var/lib/containerd
阿里云镜像加速
1.登录阿里云--容器镜像服务-镜像工具-镜像加速
# 找到对应的系统(这里是centOs) 四步操作
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["自己的地址"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
底层原理
Docker是怎么工作的?
Docker 是一个C/S结构,Docker的守护进程运行在主机上.通过Socker从客户端访问!
DockerServer接受到Docker-Client的指令,就会执行这个命令!
Docker的常用命令
帮助命令
docker version # 显示docker的版本信息
docker info # 显示docker的系统信息,包括镜像和容器的数量
docker 命令 --help # 帮助命令
帮助文档:https://docs.docker.com/reference/
镜像命令
- docker images
docker images # 查看所有的本地镜像
[root@VM_0_9_centos ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 2 months ago 13.3kB
REPOSITORY 镜像的仓库源
TAG 镜像的标签
IMAGE ID 镜像的id
CREATED 镜像的创建时间
SIZE 镜像的大小
#可选项
Options:
-a, --all Show all images (default hides intermediate images) # 显示所有的信息
--digests Show digests
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template
--no-trunc Don't truncate output
-q, --quiet Only show image IDs # 只显示id
- docker search xx
# 搜索
[root@VM_0_9_centos ~]# docker search mysql
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 10940 [OK]
mariadb MariaDB Server is a high performing open sou… 4137 [OK]
mysql/mysql-server Optimized MySQL Server Docker images. Create… 812
## 可选 --filter过滤
[root@VM_0_9_centos ~]# docker search mysql --filter=STARS=300
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 10940 [OK]
mariadb MariaDB Server is a high performing open sou… 4137 [OK]
mysql/mysql-server Optimized MySQL Server Docker images. Create… 812 [OK]
- docker pull xx
# 拉取命令 下载镜像
docker pull 镜像名:[tag]
[root@VM_0_9_centos ~]# docker pull mysql
Using default tag: latest # 不写tag,默认就是latest
latest: Pulling from library/mysql
69692152171a: Pull complete #分层下载 docker image的核心 联合文件系统
1651b0be3df3: Pull complete
951da7386bc8: Pull complete
0f86c95aa242: Pull complete
37ba2d8bd4fe: Pull complete
6d278bb05e94: Pull complete
497efbd93a3e: Pull complete
f7fddf10c2c2: Pull complete
16415d159dfb: Pull complete
0e530ffc6b73: Pull complete
b0a4a1a77178: Pull complete
cd90f92aa9ef: Pull complete
Digest: sha256:d50098d7fcb25b1fcb24e2d3247cae3fc55815d64fec640dc395840f8fa80969
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest #真实地址
# 等价于它
docker pull mysql
docker pull docker.io/library/mysql:latest
# 指定版本下载
[root@VM_0_9_centos ~]# docker pull mysql:5.7
5.7: Pulling from library/mysql
69692152171a: Already exists
1651b0be3df3: Already exists
951da7386bc8: Already exists
0f86c95aa242: Already exists
37ba2d8bd4fe: Already exists
6d278bb05e94: Already exists
497efbd93a3e: Already exists
a023ae82eef5: Pull complete
e76c35f20ee7: Pull complete
e887524d2ef9: Pull complete
ccb65627e1c3: Pull complete
Digest: sha256:a682e3c78fc5bd941e9db080b4796c75f69a28a8cad65677c23f7a9f18ba21fa
Status: Downloaded newer image for mysql:5.7
- docker rmi -f
# 根据镜像id删除镜像
[root@VM_0_9_centos ~]# docker rmi -f 镜像id
# 删除多个镜像
[root@VM_0_9_centos ~]# docker rmi -f 镜像id 镜像id 镜像id 镜像id 镜像id
# 删除所有的镜像
[root@VM_0_9_centos ~]# docker rmi -f $(docker images -aq)
容器命令
说明:我们有了镜像才可以创建容器,linux,下载一个centos镜像来测试学习
docker pull centos
新建容器并启动
docker run [可选参数] image
# 参数说明
--name="name" 容器名字 例如:tomcat1 tomcat2 来区分容器
-d 后台方式运行
-it 使用交互方式运行,进入容器查看内容
-p 指定容器的端口号 -p 8080:8080
-p ip:主机端口:容器端口
-p 主机端口:容器端口(常用)
-p 容器端口
容器端口
-p 随机端口
# 测试 启动并进入容器
[root@VM_0_9_centos ~]# docker run -it centos /bin/bash
[root@d180385f5cec /]# ls 查看容器里面的东西
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@d180385f5cec /]# exit # 退出容器
列出所有的启动的容器
# docker ps
#列出正在运行的容器
-a #列出当前正在运行的容器+历史运行过的容器
-n=?#显示最近创建的容器
-q #只显示容器的编号
[root@VM_0_9_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@VM_0_9_centos ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d180385f5cec centos "/bin/bash" 5 minutes ago Exited (0) About a minute ago distracted_jang
c87b560d3b5f d1165f221234 "/hello" 6 hours ago Exited (0) 6 hours ago sad_curie
923e661230f6 aa0a17bb9333 "./red5.sh" 2 weeks ago Exited (143) 7 hours ago red5
退出容器
#直接容器停止并退出
[root@d180385f5cec /]# exit # 退出容器
# 容器不停止 退出
Ctrl + P + Q
删除容器
docker rm 容器id # 删除指定的容器,不能删除正在运行的容器,如果强制删除 rm -f
docker rm -f $(docker ps -aq) #删除所有的容器
docker ps -a -q|xargs docker rm #删除所有的容器
启动和停止的操作
docker start 容器id #启动容器
docker restart 容器id #重启容器id
docker stop 容器id #停止当前正在运行的容器
docker kill 容器id #强制停止当前容器
常用的其他命令
后台启动
# 命令 docker run -d 镜像名
[root@VM_0_9_centos ~]# docker run -d centos
#常见的坑 docker容器使用后台运行,就必须要有一个前台进程,docker发现没有应用,就会自动停止
# nginx 容器启动后,发现自己没有提供服务,就会立刻停止,就是没有程序了
查看日志
docker logs -f -t --tail 10 容器id
-tf #显示日志
--tail number # 显示日志的条数
[root@VM_0_9_centos ~]# docker logs -f -t --tail 10 0ee023f92396
查看容器中进程信息
# 命令 dokcer top 容器id
[root@VM_0_9_centos ~]# docker top 0ee023f92396
UID PID PPID C STIME TTY TIME
root 4047 4026 0 Jun02 pts/0 00:00:00
查看容器的元数据
# 命令 docker inspect 容器id
[root@VM_0_9_centos ~]# docker inspect 0ee023f92396
[
{
"Id": "0ee023f923961f20acaefdd932397f560615e1d40d7fa08c297b7b7e52331ff2",
"Created": "2021-06-02T09:59:58.672333184Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4047,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-06-02T09:59:59.005481979Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/0ee023f923961f20acaefdd932397f560615e1d40d7fa08c297b7b7e52331ff2/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/0ee023f923961f20acaefdd932397f560615e1d40d7fa08c297b7b7e52331ff2/hostname",
"HostsPath": "/var/lib/docker/containers/0ee023f923961f20acaefdd932397f560615e1d40d7fa08c297b7b7e52331ff2/hosts",
"LogPath": "/var/lib/docker/containers/0ee023f923961f20acaefdd932397f560615e1d40d7fa08c297b7b7e52331ff2/0ee023f923961f20acaefdd932397f560615e1d40d7fa08c297b7b7e52331ff2-json.log",
"Name": "/peaceful_blackburn",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/8e5ba7bcd3b6a6d32905ebd9d23ec870954bc46b27c39391b1c4cb0605663c58-init/diff:/var/lib/docker/overlay2/4c0603d4c2e6360f9d5ce2181d269833b93a3f2603cec58185a77aacfa384070/diff",
"MergedDir": "/var/lib/docker/overlay2/8e5ba7bcd3b6a6d32905ebd9d23ec870954bc46b27c39391b1c4cb0605663c58/merged",
"UpperDir": "/var/lib/docker/overlay2/8e5ba7bcd3b6a6d32905ebd9d23ec870954bc46b27c39391b1c4cb0605663c58/diff",
"WorkDir": "/var/lib/docker/overlay2/8e5ba7bcd3b6a6d32905ebd9d23ec870954bc46b27c39391b1c4cb0605663c58/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "0ee023f92396",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a4def5208a143efd3dd3b3f3d0ab36fe91465fd1f70924dc13b9a960ca7c20c4",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/a4def5208a14",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "d3058b9f623c2b55a2135f257cd377eb5c87f41753f78a39d0d911db1c6d337a",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "72e66206b5244f61efa654e11e13609d828e7f7247e6fb6c31b217db4e137087",
"EndpointID": "d3058b9f623c2b55a2135f257cd377eb5c87f41753f78a39d0d911db1c6d337a",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
进入当前正在运行的容器
# 我们通常容器都是后台方式运行,需要进入容器,修改一些配置
# 命令方式一
docker exec -it 镜像id bashshell
[root@VM_0_9_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0ee023f92396 centos "/bin/bash" 15 hours ago Up 15 hours peaceful_blackburn
[root@VM_0_9_centos ~]# docker exec -it 0ee023f92396 /bin/bash
[root@0ee023f92396 /]# ls
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@0ee023f92396 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Jun02 pts/0 00:00:00 /bin/bash
root 15 0 0 01:12 pts/1 00:00:00 /bin/bash
root 30 15 0 01:12 pts/1 00:00:00 ps -ef
# 命令二
docker attach 容器id
[root@VM_0_9_centos ~]# docker attach 0ee023f92396
# 区别
#docker exec 进入容器后开启一个新的中断,可以在里面操作(常用)
#docker attach 进入容器正在执行的终端,不会启动新的进程
从容器内拷贝到主机上
docker cp 容器id:容器卷内路径 目的主机路径
# 启动容器
[root@VM_0_9_centos ~]# docker run -d centos
de91a07f3dcac9c8c71944734f15bbe66d269f641e82dbf9c5c58bae30bfc33f
[root@VM_0_9_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@VM_0_9_centos ~]# docker run -it centos
[root@fb2ca96f41ef /]# [root@VM_0_9_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fb2ca96f41ef centos "/bin/bash" 6 seconds ago Up 5 seconds magical_franklin
# 进入容器
[root@VM_0_9_centos ~]# docker attach fb2ca96f41ef
[root@fb2ca96f41ef /]# cd /home
[root@fb2ca96f41ef home]# touch test.java
[root@fb2ca96f41ef home]# exit
exit
[root@VM_0_9_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@VM_0_9_centos ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fb2ca96f41ef centos "/bin/bash" About a minute ago Exited (0) 27 seconds ago magical_frankli
de91a07f3dca centos "/bin/bash" 2 minutes ago Exited (0) 2 minutes ago great_hofstadter
6c203ed5a0b1 centos "/bin/bash" 49 minutes ago Exited (0) 2 minutes ago epic_sanderson
0ee023f92396 centos "/bin/bash" 16 hours ago Exited (0) 17 minutes ago peaceful_blackburn
# 拷贝文件到主机上
[root@VM_0_9_centos ~]# docker cp fb2ca96f41ef:/home/test.java /home
[root@VM_0_9_centos ~]# cd home
-bash: cd: home: No such file or directory
[root@VM_0_9_centos ~]# cd /home
[root@VM_0_9_centos home]# ls
mysql
## 练习
### 1.Docker 安装nginx
```shell
# 下载镜像
[root@VM_0_9_centos ~]# docker pull nginx
# 查看下载完成的镜像
[root@VM_0_9_centos ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest d1a364dc548d 8 days ago 133MB
centos latest 300e315adb2f 5 months ago 209MB
mondain/red5 latest aa0a17bb9333 5 years ago 647MB
# 启动
# -d 后台启动
# --name 命名
#-p 主机端口:容器端口
[root@VM_0_9_centos ~]# docker run -d --name nginx1 -p 8200:80 nginx
19df3de65f0d8465fcb59dea7698fa8d1a2f5ca2c62eb337fdfc2be8c9616724
[root@VM_0_9_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
19df3de65f0d nginx "/docker-entrypoint.…" 20 minutes ago Up 20 minutes 0.0.0.0:8200->80/tcp, :::8200->80/tcp nginx1
# 进入容器
[root@VM_0_9_centos ~]# docker exec -it 19df3de65f0d /bin/bash
root@19df3de65f0d:/# ls
bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@19df3de65f0d:/# whereis nginx
nginx: /usr/sbin/nginx /usr/lib/nginx /etc/nginx /usr/share/nginx
root@19df3de65f0d:/# cd /etc/nginx/
root@19df3de65f0d:/etc/nginx# ls
conf.d fastcgi_params mime.types modules nginx.conf scgi_params uwsgi_params
root@19df3de65f0d:/etc/nginx#
2.Docker 安装tomcat
# 官方的使用 用完就删 测试的话可以,平时不推荐使用
docker run -it --rm tomcat:9.0
# 我们平常的启动都是后台,停止容器之后,容器还是可以查到的
# 启动tomcat
[root@VM_0_9_centos ~]# docker run -d -p 8201:8080 --name tomcat1 tomcat:9.0
8ef6063296030075890a456f6dc972ed0bd4ef6e0a0650097012fa1b639f6817
[root@VM_0_9_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND
8ef606329603 tomcat:9.0 "catalina.sh run" 9 seconds ago Up 8 seconds 0.0.0.0:8201->8080/tcp, :::8201->8080/tcp tomcat1
19df3de65f0d nginx "/docker-entrypoint.…" 39 minutes ago Up 39 min
#进入容器
[root@VM_0_9_centos ~]# docker exec -it 8ef606329603 /bin/bash
3.es + kibnan
# 启动
docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.2
# 启动会很卡 查看状态
docker stats
#太过于消耗内存 -e 修改配置 shezhi 初始内存值
[root@VM_0_9_centos ~]# docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64 -Xmx512m" elasticsearch:7.6.2
可视化
-
portainer
docker run -d -p 8088:9000 \ --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainer访问路径 http://ip:8088/,
- 1.创建用户
- 2.选择local本地,连接
- 3.进入到主页就是docker的信息各种镜像
如下:
不推荐使用 看看即可
Docker镜像讲解
镜像是什么
镜像是一种轻量级、可执行的独立软件包,用来打包软件运行环境和基于运行环境开发的软件,它包含某个软件所需的所有内容,包括代码、运行时、库、环境变量和配置文件。
所有的应用,直接打包docker镜像,就可以直接跑起来
Docker镜像加载原理
UnionFS(联合文件系统)
UnionFS(联合文件系统):UnionFS(联合文件系统)是一种分层、轻量级并且高性能的文件系统,它支持对文件系统的修改作为一次提交来一层层叠加,同时可以将不同日志挂载到同一个虚拟文件系统下(unite seceral directories into a single virtual filesystem). Union文件系统是Docker镜像的基础.镜像可以通过分层来进行继承,基于基础镜像(没有父镜像),可以制作各种具体的应用镜像
特性: 一次同时加载多个文件系统,但从外面看来,只能看到一个文件系统,联合加载会把各层文件系统叠加起来,这样最终的文件系统会包括所有底层的文件和目录.
Docker镜像加载原理
docker的镜像实际上由一层一层的文件系统组成,这种层级的文件系统UnionFS
bootfs(boot file system) 主要包含bootloader和kernel,bootloader主要是引导加载kernel,Linux刚启动时会加载到bootfs文件系统,在Docker镜像的最底层是bootfs,这一层与我们典型的Linux/Unix系统是一样的,包含boot加载器和内核.当boot加载完成之后整个内核都在内存中了,此时内存的使用权已由bootfs转交给内核,此时系统也会卸载bootfs.
rootfs(root file system),在bootfs之上,包含的就是典型Linux系统中的/dev/,/proc,/etc等标准目录和文件,rootfs就是各种不同的操作系统发型版,比如Ubuntu,CentOS等等.
对于一个精简的OS,rootfs可以很小,只需要包含最基本的命令,工具和程序库就可以了,因为底层直接用Host的Kermel,自己只需要提供rootfs就可以了.由此可见对于不同的linux发行版,bootfs基本是一致的,rootfs会有差别,因此不同的发行版可以公用bootfs.
分层理解
分层镜像
查看镜像分层的方式可以通过 docker image inspect命令!
[root@VM_0_9_centos ~]# docker image inspect redis:latest
[
//......
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:02c055ef67f5904019f43a41ea5f099996d8e7633749b6e606c400526b2c4b33",
"sha256:ec5652c3523d96657d66169c0eb71b572ff065711c705a15ec02f60a21c212c3",
"sha256:76d3e24d63f60e6a73af70be15959eb4021dd7a5a09da6925037d3b4a1673fca",
"sha256:f06719b0aa43029f32c821c8f14f9f5941a8be6d3b61dcd9f3f884b39e9a4f23",
"sha256:b896f490f2edc62cc9d190465bbeab871619590d1e9beeffb92e4ca9cc08116d",
"sha256:e3f4077f577bf07c0940d6345ddd17014ff824d3f4f7f3effc9a8c4dae3e527b"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
特点
Docker镜像都是只读的,当容器启动时,一个新的可写层被加载到镜像的顶部!
这一层就是我们通常说容器层,容器之下的都叫镜像层!
commit镜像
docker commit 提交容器成为一个新的副本
# 命令和git原理类似
docker commit -m="提交的描述信息" -a="作者" 容器id 目标镜像名:[TAG]
实战测试
# 启动一个默认的tomcat
[root@VM_0_9_centos ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3763ffb4d694 portainer/portainer "/portainer" 18 hours ago Exited (2) 17 hours ago exciting_williamson
8ef606329603 c43a65faae57 "catalina.sh run" 23 hours ago Exite
# 发现这个默认的tomcat是没有webapps应用,镜像的原因,官方的镜像默认webapps下面是没有文件的
# 拷贝基本文件
cp -r webapps.dist/* webapps
# 生成新的镜像
[root@VM_0_9_centos ~]# docker commit -a="zhonglao" -m="add webapps app" 8ef606329603 tomcatwebapps:1.0.0
[root@VM_0_9_centos ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcatwebapps 1.0.0 6dd55ed9bbe1 7 seconds ago 672MB
tomcat latest c43a65faae57 3 weeks ago 667MB
容器数据卷
什么是容器数据卷?
容器的持久化和同步操作!容器间也是可以数据共享的!
使用数据卷
方式一:直接使用命令挂载 -v
docker run -it -v 主机目录:容器内目录
# 测试 双向绑定的 意味着主机目录中文件变动容器内会变,反之容器内变,主机也会跟着变.
[root@VM_0_9_centos home]# docker run -it -v /home/ceshi:/home centos /bin/bash
# 查看信息
[root@VM_0_9_centos home]# docker inspect eb0277415bd7
[
//......
"Mounts": [
{
"Type": "bind",
"Source": "/home/ceshi", # 主机的地址
"Destination": "/home", # 容器内的地址
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
......
]
好处:在主机修改 ,容器内的配置会跟着同步,不用每次进入容器中修改.
实战 安装mysql
# 获取镜像
docker pull mysql:5.7
#运行容器,需要做数据挂载 # 安装启动mysql,需要配置密码,这是要注意的
#官方测试:docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-sercet-pw -d mysql:tag
# 启动我们的
[root@VM_0_9_centos /]# docker run -d -p 3310:3306 -v /home/mysql:/etc/mysql/conf.d -v/home/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSEORD=123456 --name mysql1 mysql:5.7
就算删除了容器,挂载在本地的数据卷依旧没有丢失,这就实现了数据的持久化!
具名和匿名挂载
# 匿名挂载
-v 容器内路径
[root@VM_0_9_centos ~]# docker run -d -p 8200:80 --name nginx10 -v /etc/nginx nginx
# 查看卷信息
[root@VM_0_9_centos ~]# docker volume ls
DRIVER VOLUME NAME
local 5f7fb7e22e1a3f106993a1b9fce407acdbd9058ac31c9363b9e2da685ecbdcbd
# 我们在-v 只写了容器内的路径,没有写对应的主机路径
# 具名挂载
[root@VM_0_9_centos ~]# docker run -d -p 8201:80 --name nginx11 -v nginx-config:/etc/nginx nginx
[root@VM_0_9_centos ~]# docker volume ls
DRIVER VOLUME NAME
local nginx-config
# 通过 -v 卷名:容器内路径
# 查看这个卷在哪个位置
[root@VM_0_9_centos ~]# docker volume inspect nginx-config
[
{
"CreatedAt": "2021-06-04T11:51:13+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/nginx-config/_data",
"Name": "nginx-config",
"Options": null,
"Scope": "local"
}
]
没有指定挂载的主机位置,默认的都是在/var/lib/docker/volumes/xxx/_data目录之下
通过具名挂载可以方便的找到我们的卷,大多数情况在使用的具名挂载
# 如何确定是具名挂载还是匿名挂载,还是指定路径挂载
-v 容器内路径 # 匿名挂载
-v 卷名:容器内路径 #具名挂载
-v /宿主机路径:容器内路径 #指定路径挂载
拓展
# 通过 -v 容器内路径:ro rw改变读写权限
ro readonly #只读
rw readwrdite #可读可写
# 一旦这个设置了容器 容器对我们挂载出来的内容就有限定了
docker run -d -p --name nginx2 -v juming-ngin:ro nginx
docker run -d -p --name nginx2 -v juming-ngin:rw nginx
# ro 只要看到ro就说明这个路径 真能通过宿主机来操作,容器内就无法操作了
初始DockerFile
通过这个脚本可以生成镜像
# 创建一个dockerfile文件
# 内容 指令和参数
FROM centos
VOLUME ["volume01","volume02"]
CMD echo "--------end-------------"
CMD /bin/bash
构建镜像
# -f dockerfile的路径
[root@VM_0_9_centos ~]# docker build -f /home/docker-test-volume/dockerfile1 -t zhonglao/centos .
# 查看挂载信息
docker image 镜像id
这种方式未来使用的,也是十分多,之后我们也会经常创建.
如果 在构建镜像的时候没有挂载卷,要手动进行挂载 -v 卷名:容器内路径!
数据卷容器
# 多个mysql或redis 实现数据共享
[root@VM_0_9_centos ~]# docker run -it --name docker-centos --volumes-from eb0277415bd7 centos
# 启动的第一个centos容器 eb0277415bd7
[root@VM_0_9_centos ~]# docker inspect eb0277415bd7
[
{
"Id": "eb0277415bd7483f4d69159461923b092dd8e3a45bc23e35f17d6710702e7b85",
......
"Mounts": [
{
"Type": "bind",
"Source": "/home/ceshi",
"Destination": "/home",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
.......
}
]
# 第二个centos 挂载在第一上面 会发现集成了上面的挂载文件
[root@VM_0_9_centos ~]# docker inspect c4c7107755a6
[
{
"Id": "c4c7107755a6ae7246abf062d8d3c5e58b663e930c0d64e80eef541eb8e58a8a",
......
"Mounts": [
{
"Type": "bind",
"Source": "/home/ceshi",
"Destination": "/home",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
......
}
}
]
多个mysql 实现数据共享
docker run -d -p 3310:3306 -v /etc/mysql/conf.d -v /var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql01 mysql:5.7
docker run -d -p 3310:3306 -e MYSQL_ROOT_PASSWORD=123456 --name mysql02 --volumes-from mysql:5.7
# 这个时候.可以实现两个容器数据同步.
结论:
容器之间配置信息的传递,数据卷容器的生命周期一直持续到没有容器使用.
但是一旦你持续话到了本地,这个时候,本地的数据是不会删除的!
DockerFile
DockerFile介绍
docker 是用来构建docker镜像的文件!命令参数脚本!
构建步骤:
1.编写一个dockerfile 文件
2.docker build构建成为一个镜像
3.docker run 运行镜像
4.docker push 发布镜像(DockerHub 阿里云镜像仓库)
DockerFile构建过程
基础知识
- 1.每个保留关键字(指令)都是必须是大写字母;
- 2.执行从上到下顺序执行
- 3.# 表示注释
- 4.每个指令都会创建提交一个新的镜像层,并提交!
DockerFile: 构建文件,定义了一切的步骤,源代码
DockerImages:通过DockerFile构建生成的镜像,最终发布和运行的产品
Docker容器:容器就是镜像运行起来提供服务
DockerFile 指令
FROM # 基础镜像,一切从这里开始构建
MAINTAINER # 镜像是谁写的,姓名+邮箱
RUN # 镜像构建的时候需要运行的命令
ADD # 步骤: tomcat镜像,这个tomcat压缩包!添加内容
WORKDIR # 镜像的工作目录
VOLUME # 挂载的目录
EXPOSE # 暴露端口配置
CMD # 指定这个容器启动的时候要运行的命令,之后最后一个生效
ENTRYPOINT # 指定这个容器启动的时候要运行的命令,可以追加命令
ONBUILD # 当构建一个被集成 Dockerfile 这个命令就会运行ONBUILD的指令,触发指令
COPY # 类似ADD,将我们文件拷贝到镜像中
ENV # 构建的时候设置环境变量
测试创建属于自己的centos
# 1.创建dockerfile文件
[root@VM_0_9_centos dockerfile]# cat mydockerfile
FROM centos
MAINTAINER zhonglao<zhonglaoxy@qq.com>
ENV MYPATH /usr/local
WORKDIR $MYPATH
RUN yum -y install vim
RUN yum -y install net-tools
EXPOSE 80
CMD echo $MYPATH
CMD echo "---end---"
CMD /bin/bash
# 2.编译构建
[root@VM_0_9_centos dockerfile]# docker build -f mydockerfile -t mycentos:1.0 .
# 查看生成的构建
[root@VM_0_9_centos dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mycentos 1.0 a3b7aba4217d About a minute ago 295MB
# 测试启动 这些命令也可以使用了
[root@7e9a5378c20f local]# pwd
/usr/local
[root@7e9a5378c20f local]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.4 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:04 txqueuelen 0 (Ethernet)
RX packets 8 bytes 656 (656.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 查看镜像的历史变动
[root@VM_0_9_centos dockerfile]# docker history a3b7aba4217d
IMAGE CREATED CREATED BY SIZE COMMENT
a3b7aba4217d 8 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "/bin… 0B
6ae76aad672c 8 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo… 0B
923c095d5f23 8 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo… 0B
9de7f3bb5e7b 8 minutes ago /bin/sh -c #(nop) EXPOSE 80 0B
b25669a7ae01 8 minutes ago /bin/sh -c yum -y install net-tools 24.8MB
0336d0f55f52 8 minutes ago /bin/sh -c yum -y install vim 60.4MB
264c34fe4974 8 minutes ago /bin/sh -c #(nop) WORKDIR /usr/local 0B
0f34337f3767 8 minutes ago /bin/sh -c #(nop) ENV MYPATH=/usr/local 0B
e434f46c176b 8 minutes ago /bin/sh -c #(nop) MAINTAINER zhonglao<zhong… 0B
300e315adb2f 6 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 6 months ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 6 months ago /bin/sh -c #(nop) ADD file:bd7a2aed6ede423b7… 209MB
CMD 和 ENTRYPOINT 的区别
测试CMD
# 编写dockerfile文件
[root@VM_0_9_centos dockerfile]# vim dockerfile-test
FROM centos
CMD ["ls","-a"]
# 构建镜像
[root@VM_0_9_centos dockerfile]# docker build -f dockerfile-test -t centos-cmd .
Sending build context to Docker daemon 3.072kB
Step 1/2 : FROM centos
---> 300e315adb2f
Step 2/2 : CMD ["ls","-a"]
---> Running in 55c593c219b3
Removing intermediate container 55c593c219b3
---> e4c84ec0f31f
Successfully built e4c84ec0f31f
Successfully tagged centos-cmd:latest
# run运行
[root@VM_0_9_centos dockerfile]# docker run e4c84ec0f31f
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
# 追加一个命令 -l ls -al
[root@VM_0_9_centos dockerfile]# docker run e4c84ec0f31f -l
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "-l": executable file not found in $PATH: unknown.
# cmd的情况下 -l 替换可CMD["ls","-a"]命令,-l 不是命令所以报错
测试ENTRYPOINT
# 编写dockerfile文件
[root@VM_0_9_centos dockerfile]# vim dockerfile-entrypoint-test
FROM centos
ENTRYPOINT ["ls","-a"]
# 构建镜像
[root@VM_0_9_centos dockerfile]# docker build -f dockerfile-entrypoint-test -t entorypoint-test .
Sending build context to Docker daemon 4.096kB
Step 1/2 : FROM centos
---> 300e315adb2f
Step 2/2 : ENTRYPOINT ["ls","-a"]
---> Running in b5b250f4bc1b
Removing intermediate container b5b250f4bc1b
---> 62f4a65c85d6
Successfully built 62f4a65c85d6
Successfully tagged entorypoint-test:latest
[root@VM_0_9_centos dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
entorypoint-test latest 62f4a65c85d6 4 seconds ago 209MB
centos-cmd latest e4c84ec0f31f 19 minutes ago 209M
mycentos 1.0 a3b7aba4217d About an hour ago 295MB
tomcatwebapps 1.0.0 6dd55ed9bbe1 3 days ago 672MB
redis latest fad0ee7e917a 4 days ago 105MB
nginx latest d1a364dc548d 12 days ago 133MB
tomcat latest c43a65faae57 3 weeks ago 667MB
mysql 5.7 2c9028880e58 3 weeks ago 447MB
portainer/portainer latest 580c0e4e98b0 2 months ago 79.1MB
centos latest 300e315adb2f 6 months ago 209MB
301517/button latest 619c89a3488d 12 months ago 647MB
elasticsearch 7.6.2 f29a1ee41030 14 months ago 791MB
mondain/red5 latest aa0a17bb9333 5 years ago 647MB
[root@VM_0_9_centos dockerfile]# docker run 62f4a65c85d6
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
# 测试在后面 直接追加命令
[root@VM_0_9_centos dockerfile]# docker run 62f4a65c85d6 -l
total 56
drwxr-xr-x 1 root root 4096 Jun 7 02:53 .
drwxr-xr-x 1 root root 4096 Jun 7 02:53 ..
-rwxr-xr-x 1 root root 0 Jun 7 02:53 .dockerenv
lrwxrwxrwx 1 root root 7 Nov 3 2020 bin -> usr/bin
drwxr-xr-x 5 root root 340 Jun 7 02:53 dev
drwxr-xr-x 1 root root 4096 Jun 7 02:53 etc
drwxr-xr-x 2 root root 4096 Nov 3 2020 home
lrwxrwxrwx 1 root root 7 Nov 3 2020 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Nov 3 2020 lib64 -> usr/lib64
drwx------ 2 root root 4096 Dec 4 2020 lost+found
drwxr-xr-x 2 root root 4096 Nov 3 2020 media
drwxr-xr-x 2 root root 4096 Nov 3 2020 mnt
drwxr-xr-x 2 root root 4096 Nov 3 2020 opt
dr-xr-xr-x 95 root root 0 Jun 7 02:53 proc
dr-xr-x--- 2 root root 4096 Dec 4 2020 root
drwxr-xr-x 11 root root 4096 Dec 4 2020 run
lrwxrwxrwx 1 root root 8 Nov 3 2020 sbin -> usr/sbin
drwxr-xr-x 2 root root 4096 Nov 3 2020 srv
dr-xr-xr-x 13 root root 0 Jun 7 02:45 sys
drwxrwxrwt 7 root root 4096 Dec 4 2020 tmp
drwxr-xr-x 12 root root 4096 Dec 4 2020 usr
drwxr-xr-x 20 root root 4096 Dec 4 2020 var
实战: tomcat镜像
1.准备jdk 和tomcat
2.构建镜像(注意路径 别写错了)
[root@VM_0_9_centos centos]# vim Dockerfile
FROM centos
MAINTAINER zhonglao<zhonglaoxy@qq.com>
COPY readme.txt /usr/local/readme.txt
ADD jdk-8u291-linux-x64.tar.gz /usr/local
ADD apache-tomcat-9.0.46.tar.gz /usr/local
RUN yum -y install vim
ENV MYPATH /usr/local
WORKDIR $MYPATH
ENV JAVA_HOME /usr/local/jdk1.8.0_291
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.46
ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.46
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
EXPOSE 8080
CMD /usr/local/apache-tomcat-9.0.46/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.46/bin/log/catalina.out
3.构建镜像
# 因为使用的`Dockerfile` 是官方推荐使用的 所以不用-f指定
[root@VM_0_9_centos centos]# docker build -t diytomcat .
# 查看镜像
[root@VM_0_9_centos centos]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
diytomcat latest dfbdd168f5fa 3 minutes ago 645MB
4.启动镜像
[root@VM_0_9_centos centos]# docker run -d -p 9090:8080 --name zhonglaotomcat -v /home/dockerfile/centos/test/:/usr/local/apache-tomcat-9.0.46/webapps/test -v /home/dockerfile/centos/tomcatlogs/:/usr/local/apache-tomcat-9.0.46/logs diytomcat
5.访问测试
6.发布项目(由于做了卷挂载,直接在本地编写项目就可以发布了)
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>db</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
index.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>首页</title>
<style>
*{
padding:0;
margin:0;
font-family:"微软雅黑";
}
.header{
height:72px;
background:#458fce ;
}
.header .logo{
color:#fff ;
line-height:70px;
font-size:30px;
margin-left:20px;
display:inline-block;
text-align:center;
}
a {
color: #fff ;
text-decoration: none ;
}
.header .login{
float:right;
color:#fff ;
line-height:72px;
margin-right:2px;
display:inline-block;
}
.banner{
height:380px;
overflow:hidden;
background: #ddd;
}
</style>
</head>
<body>
<div class="header">
<div class="logo">web实践</div>
<div class ="login">
<a href ="javascript:void(0)">登录</a>
<span>|</span>
<a href ="javascript:void(0)">故事</a>
</div>
</div>
</body>
</html>
发布自己的镜像
DockerHub
1.地址https://hub.docker.com/ 注册账号或者找回
2.登录
[root@VM_0_9_centos test]# docker login --help
Usage: docker login [OPTIONS] [SERVER]
Log in to a Docker registry.
If no server is specified, the default is defined by the daemon.
Options:
-p, --password string Password
--password-stdin Take the password from stdin
-u, --username string Username
[root@VM_0_9_centos test]# docker login -u (你的username)
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3.提交镜像,docker push
[root@VM_0_9_centos ~]# docker tag dfbdd168f5fa 301517/tomcat:1.0.0
[root@VM_0_9_centos ~]# docker push 301517/tomcat:1.0.0
71ac0ccf56f9: Layer already exists
6229daf869c1: Layer already exists
57d7fbfe56fa: Layer already exists
b1d8d818f4e7: Layer already exists
2653d992f4ef: Pushed
1.0.0: digest: sha256:2a7b7cd3ad0fea1743a6266904185de8e7cd5cedbafac946467d5cf34b3d5b47 size: 1373
阿里云镜像服务上
1.登录阿里云
2.找到容器镜像服务
3.创建命名空间
4.根据操作指南一步步操作(1.命令上的那些前缀不能省;)
Docker网络
理解Docker0
网络地址
[root@VM_0_9_centos ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo # 本机回环地址
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 10
00
link/ether 52:54:00:de:11:64 brd ff:ff:ff:ff:ff:ff
inet 10.206.0.9/20 brd 10.206.15.255 scope global eth0 # 服务器内网地址
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fede:1164/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:aa:1a:88:87 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0 # docker0 地址
valid_lft forever preferred_lft forever
inet6 fe80::42:aaff:fe1a:8887/64 scope link
valid_lft forever preferred_lft forever
查看容器的网络地址
[root@VM_0_9_centos /]# docker run -d -p 9090:8080 --name tomcat1 tomcat
# 查看容器的内部网络地址 ip addr 发现容器会得到一个eth0@if137IP地址,docker分配的
[root@VM_0_9_centos ~]# docker exec -it tomcat1 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
136: eth0@if137: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# linux 可以ping通容器内部
[root@VM_0_9_centos ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.076 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.047 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.051 ms
# 启动第二个容器
[root@VM_0_9_centos ~]# docker run -d -p 9091:8080 --name tomcat2 tomcat
6488f5e8935ba46fed23ae69cef677b1bed071b1b6fd13bec484060da498cb2c
[root@VM_0_9_centos ~]# docker exec -it tomcat2 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
138: eth0@if139: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@VM_0_9_centos ~]#
# tomcat2 ping tomcat1 容器互通
[root@VM_0_9_centos ~]# docker exec -it tomcat2 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.054 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.044 ms
# 我们发现多这个容器带来的网卡都是一对一对的;
# veth-pair,就是一对的虚拟设备接口,他们都是成对出现的,一段连着协议,一段彼此相连
# 正因为有这个特性,veth-pair 充当一个桥梁,连接各种虚拟网络设备的
# Openstac Docker容器之间的连接,OVS的连接,都是使用veth-pair 技术
结论:tomcat1 和 tomcat2是公用的一个路由器,docker0
所有容器不指定网络的情况下,都是docker0 路由的,docker会给我们的容器分配一个默认的可用ip
容器删除之后,虚拟网卡也会消失
--link
在我们使用容器之间的时候,一直使用ip就会显的不方便,所以就有了--link
[root@VM_0_9_centos ~]# docker run -d -p 9092:8080 --name tomcat3 --link tomcat2 tomcat
# 这样的话 我们可以通过名字ping的通
[root@VM_0_9_centos ~]# docker exec -it tomcat3 ping tomcat2
PING tomcat2 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat2 (172.17.0.3): icmp_seq=1 ttl=64 time=0.058 ms
64 bytes from tomcat2 (172.17.0.3): icmp_seq=2 ttl=64 time=0.058 ms
原理:实质上就是在容器的hosts文件中进行了映射配置
[root@VM_0_9_centos ~]# docker exec -it tomcat3 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat2 6488f5e8935b
172.17.0.4 9cb325b4408a
现在,已经不建议使用--link了,
自定义网络
查看所有的docker网络
[root@VM_0_9_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
72e66206b524 bridge bridge local
1d42f91fec40 host host local
6399c8e0576f none null local
网络模式
bridge :桥接 docker(默认的)
none :不配置网络
host : 和宿主机共享网络
container: 容器网络互通!(用的少!局限性很大)
测试
# 我们直接启动的命令 --net bridge, 这个就是我们的dicker0
docker run -d -P --name tomcat1 tomcat
docker run -d -P --name tomcat1 --net bridge tomcat
# docker0特点: 默认 域名不能访问 --link可以打通连接
# --driver bridge
# --subnet 192.168.0.0/16
# --gateway 192
.168.0.1 mynet
[root@VM_0_9_centos ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
07a35d7276a4f75535b2cfa56ed98817fb973f8e72b7fa387afaaf5efc07c390
[root@VM_0_9_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
72e66206b524 bridge bridge local
1d42f91fec40 host host local
07a35d7276a4 mynet bridge local
6399c8e0576f none null local
# 自定义的网络就创建好了
[root@VM_0_9_centos ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "07a35d7276a4f75535b2cfa56ed98817fb973f8e72b7fa387afaaf5efc07c390",
"Created": "2021-06-09T17:28:10.796919317+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
# 测试 启动两个容器
[root@VM_0_9_centos ~]# docker run -d -P --name tomcat1 --net mynet tomcat
2ae62051bfda580c2452047f86834c13e0113917d13ad8c2da4563469c547bc2
[root@VM_0_9_centos ~]# docker run -d -P --name tomcat2 --net mynet tomcat
0ee11e5281537e8c5364f8a161b41db280543cc750fede0ffb238586f6c659da
[root@VM_0_9_centos ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "07a35d7276a4f75535b2cfa56ed98817fb973f8e72b7fa387afaaf5efc07c390",
"Created": "2021-06-09T17:28:10.796919317+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2ae62051bfda580c2452047f86834c13e0113917d13ad8c2da4563469c547bc2": {
"Name": "tomcat1",
"EndpointID": "cc0cca7928affc5f07266884fb7f131eb55310aeac6fbdbeaaf1714af1db33e9",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@VM_0_9_centos ~]# docker run -d -P --name tomcat2 --net mynet tomcat
0ee11e5281537e8c5364f8a161b41db280543cc750fede0ffb238586f6c659da
# Containers 中有启动的容器的信息
[root@VM_0_9_centos ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "07a35d7276a4f75535b2cfa56ed98817fb973f8e72b7fa387afaaf5efc07c390",
"Created": "2021-06-09T17:28:10.796919317+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"0ee11e5281537e8c5364f8a161b41db280543cc750fede0ffb238586f6c659da": {
"Name": "tomcat2",
"EndpointID": "b9ac315456de2474b14a963b0552b16f5d5ceccab51ebd7dfe75975fad2a59f3",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"2ae62051bfda580c2452047f86834c13e0113917d13ad8c2da4563469c547bc2": {
"Name": "tomcat1",
"EndpointID": "cc0cca7928affc5f07266884fb7f131eb55310aeac6fbdbeaaf1714af1db33e9",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
# 发现不通过 --link 一样可以使用容器名ping通
[root@VM_0_9_centos ~]# docker exec -it tomcat1 ping 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.059 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.051 ms
[root@VM_0_9_centos ~]# docker exec -it tomcat1 ping tomcat2
PING tomcat2 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat2.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from tomcat2.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.085 ms
推荐:使用
好处:
redis-不同的集群使用不同的网络,保证集群是安全和健康的
mysql-不同的集群使用不同的网络,保证集群是安全和健康的
网络连通
不同网络如何互通?
还是之前的tomca1和tomca2(mynet),我们再加两个tomcat01和tomcat02,但是这两个容器使用默认的bridge
[root@VM_0_9_centos ~]# docker run -d -P --name tomcat01 tomcat
de18cf67a3587329ba8d2e061d4c1fde801636b8ad62036f5ae100112babedf9
[root@VM_0_9_centos ~]# docker run -d -P --name tomcat02 tomcat
7c9b7142b19cf782315e7e6aed35e466e11e7cef1756fba1f9f6be668d8c973d
# 显然是不可以ping通的
[root@VM_0_9_centos ~]# docker exec -it tomcat1 ping tomcat01
ping: tomcat01: Name or service not known
# 使用 docker network connect 来打通网络
[root@VM_0_9_centos ~]# docker network connect mynet tomcat01
# 实质上就是将 tomcat01放入了mynet网络中
# 一个容器 两个ip
[root@VM_0_9_centos ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "07a35d7276a4f75535b2cfa56ed98817fb973f8e72b7fa387afaaf5efc07c390",
"Created": "2021-06-09T17:28:10.796919317+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"0ee11e5281537e8c5364f8a161b41db280543cc750fede0ffb238586f6c659da": {
"Name": "tomcat2",
"EndpointID": "b9ac315456de2474b14a963b0552b16f5d5ceccab51ebd7dfe75975fad2a59f3",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"2ae62051bfda580c2452047f86834c13e0113917d13ad8c2da4563469c547bc2": {
"Name": "tomcat1",
"EndpointID": "cc0cca7928affc5f07266884fb7f131eb55310aeac6fbdbeaaf1714af1db33e9",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
"de18cf67a3587329ba8d2e061d4c1fde801636b8ad62036f5ae100112babedf9": {
"Name": "tomcat01",
"EndpointID": "25ecd8bdad5f3d7a8c7c7ead036ce32af0556d4aeb8bc28b6d16824a56661976",
"MacAddress": "02:42:c0:a8:00:04",
"IPv4Address": "192.168.0.4/16",
"IPv6Address": ""
}
"Options": {},
"Labels": {}
}
]
# 测试可以连通了
[root@VM_0_9_centos ~]# docker exec -it tomcat1 ping tomcat01
PING tomcat01 (192.168.0.4) 56(84) bytes of data.
64 bytes from tomcat01.mynet (192.168.0.4): icmp_seq=1 ttl=64 time=0.058 ms
64 bytes from tomcat01.mynet (192.168.0.4): icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from tomcat01.mynet (192.168.0.4): icmp_seq=3 ttl=64 time=0.053 ms
