Docker: 安装配置入门[二]

一、安装配置启动

1、环境

[root@docker1 ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@docker1 ~]# uname -r
3.10.0-693.el7.x86_64

2、安装

[root@docker1 ~]# yum install docker-ce -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package docker-ce-18.09.0-3.el7.x86_64 already installed and latest version
Nothing to do

Docker官网:http://www.docker.com/
最新版本我们可以去官方网站进行下载。

温馨提示:使用docker最好使用最新版,因为功能比较完善。

3、启动

systemctl start docker
systemctl enable docker

启动之后我们可以查看一下docker的状态

[root@docker1 ~]# systemctl status docker
鈼
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-01-11 14:14:32 CST; 1h 6min ago
     Docs: https://docs.docker.com
 Main PID: 1196 (dockerd)
   Memory: 109.7M
   CGroup: /system.slice/docker.service
           鈹斺攢1196 /usr/bin/dockerd -H unix://

Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.737607357+08:00" level=info msg="Graph migration to content-addressability too... seconds"
Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.740213811+08:00" level=info msg="Loading containers: start."
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.604424870+08:00" level=info msg="Removing stale sandbox 45a31195e91c9b9def3015...f0bf03d)"
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.637184862+08:00" level=warning msg="Error (Unable to complete atomic operation...ying...."
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.668045503+08:00" level=info msg="Default bridge (docker0) is assigned with an ... address"
Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.699620942+08:00" level=info msg="Loading containers: done."
Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009152757+08:00" level=info msg="Docker daemon" commit=4d60db4 graphdriver(s)=...n=18.09.0
Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009395153+08:00" level=info msg="Daemon has completed initialization"
Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.082565522+08:00" level=info msg="API listen on /var/run/docker.sock"
Jan 11 14:14:32 docker1 systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

我们可以使用ifconfig查看网卡

[root@docker1 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ab:d6:62:a6  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.228.133  netmask 255.255.255.0  broadcast 192.168.228.255
        inet6 fe80::20c:29ff:fe81:a780  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:81:a7:80  txqueuelen 1000  (Ethernet)
        RX packets 996  bytes 134380 (131.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 540  bytes 60915 (59.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

提示: 我们启动docker的时候,docker会帮我们创建一个docker 0的网桥

二、Docker镜像的常用命令

1、查看当前镜像

docker images

[root@docker1 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              7042885a156a        13 days ago         109MB
centos              latest              1e1148e4cc2c        5 weeks ago         202MB

2、搜索镜像

docker search [镜像名字]
执行docker search centos 会从dockerhub上搜索镜像

[root@docker1 ~]#  docker search centos
NAME                               DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
centos                             The official build of CentOS.                   5107                [OK]
ansible/centos7-ansible            Ansible on Centos7                              119                                     [OK]
jdeathe/centos-ssh                 CentOS-6 6.10 x86_64 / CentOS-7 7.5.1804 x86鈥
consol/centos-xfce-vnc             Centos container with "headless" VNC session鈥
imagine10255/centos6-lnmp-php56    centos6-lnmp-php56                              48                                      [OK]
centos/mysql-57-centos7            MySQL 5.7 SQL database server                   45
tutum/centos                       Simple CentOS docker image with SSH access      43
openshift/base-centos7             A Centos7 derived base image for Source-To-I鈥
gluster/gluster-centos             Official GlusterFS Image [ CentOS-7 +  Glust鈥
centos/postgresql-96-centos7       PostgreSQL is an advanced Object-Relational 鈥
centos/python-35-centos7           Platform for building and running Python 3.5鈥
kinogmt/centos-ssh                 CentOS with SSH                                 25                                      [OK]
openshift/jenkins-2-centos7        A Centos7 based Jenkins v2.x image for use w鈥
centos/php-56-centos7              Platform for building and running PHP 5.6 ap鈥
pivotaldata/centos-gpdb-dev        CentOS image for GPDB development. Tag names鈥
openshift/wildfly-101-centos7      A Centos7 based WildFly v10.1 image for use 鈥
openshift/jenkins-1-centos7        DEPRECATED: A Centos7 based Jenkins v1.x ima鈥
darksheer/centos                   Base Centos Image -- Updated hourly             3                                       [OK]
pivotaldata/centos                 Base centos, freshened up a little with a Do鈥
pivotaldata/centos-mingw           Using the mingw toolchain to cross-compile t鈥
pivotaldata/centos-gcc-toolchain   CentOS with a toolchain, but unaffiliated wi鈥
blacklabelops/centos               CentOS Base Image! Built and Updates Daily!     1                                       [OK]
pivotaldata/centos7-build          CentosOS 7 image for GPDB compilation           0
pivotaldata/centos7-test           CentosOS 7 image for GPDB testing               0
smartentry/centos                  centos with smartentry                          0

3、下载镜像

 我们可以使用docker pull centos docker pull nginx来安装centos和nginx的镜像

4、配置镜像加速

[root@docker1 ~]# time docker run nginx
^L
^C
real	2m6.295s
user	0m0.048s
sys	0m0.032s

#配置docker镜像加速
vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}
systemctl  restart docker
[root@docker1 ~]# systemctl  restart docker
[root@docker1 ~]# time docker run nginx
^C
real	0m4.154s
user	0m0.031s
sys	0m0.018s

5、导出镜像

docker save -o [镜像名称] [镜像]

[root@docker1 ~]# docker save -o centos.tar centos
[root@docker1 ~]# ls
anaconda-ks.cfg centos.tar

需要将docker导出为tar,后面为镜像名称

6、导入镜像

[root@docker1 ~]#docker load --input centos.tar 
#使用input导入
[root@docker1 ~]# docker load < nginx.tar #使用重定向导入

7、删除镜像

docker删除可以使用docker rmi 后面加上docker的ID
例如:

[root@docker1 ~]# docker image rm centos:latest

提示:如果镜像已经创建了一个容器,那么将无法进行删除(报错如下)

[root@docker1 ~]# docker image rm centos:latest
Error response from daemon: conflict: unable to remove repository reference "centos:latest" (must force) - container ea05becda4ec is using its referenced image 1e1148e4cc2c

删除容器:

[root@docker1 ~]# docker rm luoahong
或者使用
[root@docker1 ~]# docker rm -f luoahong

第二种会提示容器在将它关闭

docker另一种删除方式

[root@docker1 ~]# docker image rm 1e1148e4cc2c
Error response from daemon: conflict: unable to delete 1e1148e4cc2c (must be forced) - image is being used by stopped container ea05becda4ec

启动一个容器 echo 完就删除

[root@docker1 ~]#  docker run --rm centos /bin/echo "www.luoahong.com"
www.luoahong.com
[root@docker1 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                           PORTS               NAMES
ea05becda4ec        centos              "/bin/bash"              29 hours ago        Exited (255) About an hour ago                      luoahong

启动容器
docker run [镜像]

[root@docker1 ~]# docker run centos
centos是镜像的名称,镜像的名称必须在选项的后面

启动镜像,输入Hello,并关闭

[root@docker1 ~]# docker run centos /bin/echo 'Hello Wordl
  本命令的意思是启动一个docker进程,并echo 执行后面的命令可以有可以没有(hello),如果我们的镜像启动就会执行一个进程就不需要我们输入

查看启动镜像
docker ps -a
ps是显示正在运行的容器 -a是显示不运行的

[root@docker1 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                           PORTS               NAMES
5e6f81f1aaba        centos              "/bin/bash"              About a minute ago   Exited (0) About a minute ago                        nervous_heisenberg
ea05becda4ec        centos              "/bin/bash"              29 hours ago         Exited (255) About an hour ago                       luoahong
c6982dc1d74d        nginx               "nginx -g 'daemon of鈥
2b018750e9ce        nginx               "nginx -g 'daemon of鈥
faa2ac96101a        nginx               "nginx -g 'daemon of鈥

 我们可以看到,现在容器并没有启动。因为docker启动需要在前台启动一个进程。容器的名称可以我们指定或自动生成

提示: 管理docker容器可以通过名称也可以通过ID

三、Docker管理案例

  例如:我要新建一个luoahong的容器,它的镜像是centos.他有三个参数,第一个是给容器起一个名称,-t 分配一个伪终端(tty)-i标准输入打开,我要在里面输入命令

[root@docker1 ~]# docker run --name luoahong -t -i centos /bin/bash
--name 容器的名称
-t 让docker分配一个伪终端
-i 让docker的标准输入打开{input}

提示:最后的/bin/bash可以省略,但是最后一个如果不是命令,那就是镜像的名称

输入上方的命令之后会直接进入到容器里面

[root@f8c8c8156e26 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11752 1920 ? Ss 19:38 0:00 /bin/bash
root 18 0.0 0.0 47424 1660 ? R+ 21:32 0:00 ps aux
[root@f8c8c8156e26 /]#

温馨提示:容器不是一个虚拟机,因为他就是一个进程,如果我们退出,这个进程就退出了。 
  如果我们执行创建容器的时候,里面没有我们指定的镜像,那么他会从dockerhub上进行下载然后在启动

容器启动 

我们通过docker ps -a 可以查看到没有启动的容器 
 使用docker start [名称或PORTS]

[root@docker1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8c8c8156e26 centos "/bin/bash" 2 hours ago Exited (0) 34 minutes ago luoahong
bcededa4b82c centos "/bin/echo hello" 2 hours ago Exited (0) 2 hours ago awesome_dijkstra
[root@docker1 ~]# docker start luoahong
luoahong
[root@docker1 ~]# docker start bcededa4b82c
bcededa4b82c

进入容器

[root@docker1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8c8c8156e26 centos "/bin/bash" 2 hours ago Up 24 minutes luoahong
bcededa4b82c centos "/bin/echo hello" 3 hours ago Exited (0) 23 minutes ago awesome_dijkstra
[root@docker1 ~]# docker attach luoahong
[root@f8c8c8156e26 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 11776 1872 ? Ss 22:09 0:00 /bin/bash
root 14 0.0 0.0 47424 1660 ? R+ 22:33 0:00 ps aux

  这样进入容器的缺点就是如果在开一个窗口就会同步操作,类似于单用户模式(windows远程桌面)

提示:生产场景是不使用docker attach的,需要我们使用nsenter这个工具,这个工具包含在util-linux软件包里面

[root@docker1 ~]# yum install util-linux -y
Centos7默认最小化已经安装

  我们通过nsenter就可以进入容器,但是nsenter是通过pid进入容器里,所以我们需要知道容器的pid。我们可以通过docker inspect来获取到pid

[root@docker1 ~]# docker start luoahong
luoahong
[root@docker1 ~]# docker inspect -f "{{ .State.Pid }}" luoahong
37434
[root@docker1 ~]# nsenter -t 37434 -m -u -i -n -p

docker inspect -f {{.State.Pid}}容器名或者容器id 
#每一个容器都有.State.Pid,所以这个命令除了容器的id需要我们根据docker ps -a去查找,其他的全部为固定的格式 
nsenter --target上面查到的进程id --mount --uts --ipc --net --pid #输入该命令便进入到容器中

解释nsenter指令中进程id之后的参数的含义:

* –mount参数是进去到mount namespace中
* –uts参数是进入到uts namespace中
* –ipc参数是进入到System V IPC namaspace中
* –net参数是进入到network namespace中
* –pid参数是进入到pid namespace中
* –user参数是进入到user namespace中

更多参数我们可以通过nsenter --help进行获取

我们进入容器中查看进程 

以下是以nsenter启动的进程

[root@f8c8c8156e26 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11776 1664 ? Ss+ Oct18 0:00 /bin/bash
root 27 0.0 0.1 13376 1984 ? S Oct18 0:00 -bash
root 40 0.0 0.0 49024 1808 ? R+ 00:11 0:00 ps aux

/bin/bash是我们运行容器产生的进程 
-bash 是我们使用nsenter产生的,这样如果我们退出容器,容器就不会退出,因为-bash还在运行

[root@f8c8c8156e26 /]# exit
logout
[root@docker1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8c8c8156e26 centos "/bin/bash" 4 hours ago Up 48 minutes luoahong

  因为每次进入容器都需要输入那两条命令,所以我们可以写一个脚本来获取。 

脚本内容如下:

[root@docker1 ~]# cat docker_in.sh
#!/bin/bash
# Use nsenter to access docker
docker_in(){
NAME_ID=$1
PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1

执行结果如下:

[root@docker1 ~]# chmod +x docker_in.sh
[root@docker1 ~]# ./docker_in.sh luoahong
[root@f8c8c8156e26 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Oct18 ? 00:00:00 /bin/bash
root 54 0 0 00:23 ? 00:00:00 -bash
root 67 54 0 00:23 ? 00:00:00 ps -ef
[root@f8c8c8156e26 /]#

我们也可以不进入容器进行查看

[root@docker1 ~]# docker exec luoahong ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Oct18 ? 00:00:00 /bin/bash
root 85 0 0 00:28 ? 00:00:00 ps -ef
[root@docker1 ~]# docker exec luoahong ls /
anaconda-post.log
bin
dev

提示:可以使用exec参数,不进入容器查看内容

我们还可以使用exec进入docker容器中

[root@docker1 ~]# docker exec -it luoahong /bin/bash

  但是最好还是少使用exec,有可能会对容器造成一些意外的影响

posted @ 2019-01-12 11:59  活的潇洒80  阅读(1243)  评论(0编辑  收藏  举报