Docker: 安装配置入门[二]
一、安装配置启动
1、环境
[root@docker1 ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@docker1 ~]# uname -r 3.10.0-693.el7.x86_64
2、安装
[root@docker1 ~]# yum install docker-ce -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Package docker-ce-18.09.0-3.el7.x86_64 already installed and latest version Nothing to do
Docker官网:http://www.docker.com/
最新版本我们可以去官方网站进行下载。
温馨提示:使用docker最好使用最新版,因为功能比较完善。
3、启动
systemctl start docker systemctl enable docker
启动之后我们可以查看一下docker的状态
[root@docker1 ~]# systemctl status docker 鈼 Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2019-01-11 14:14:32 CST; 1h 6min ago Docs: https://docs.docker.com Main PID: 1196 (dockerd) Memory: 109.7M CGroup: /system.slice/docker.service 鈹斺攢1196 /usr/bin/dockerd -H unix:// Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.737607357+08:00" level=info msg="Graph migration to content-addressability too... seconds" Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.740213811+08:00" level=info msg="Loading containers: start." Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.604424870+08:00" level=info msg="Removing stale sandbox 45a31195e91c9b9def3015...f0bf03d)" Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.637184862+08:00" level=warning msg="Error (Unable to complete atomic operation...ying...." Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.668045503+08:00" level=info msg="Default bridge (docker0) is assigned with an ... address" Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.699620942+08:00" level=info msg="Loading containers: done." Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009152757+08:00" level=info msg="Docker daemon" commit=4d60db4 graphdriver(s)=...n=18.09.0 Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009395153+08:00" level=info msg="Daemon has completed initialization" Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.082565522+08:00" level=info msg="API listen on /var/run/docker.sock" Jan 11 14:14:32 docker1 systemd[1]: Started Docker Application Container Engine. Hint: Some lines were ellipsized, use -l to show in full.
我们可以使用ifconfig查看网卡
[root@docker1 ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ab:d6:62:a6 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.228.133 netmask 255.255.255.0 broadcast 192.168.228.255 inet6 fe80::20c:29ff:fe81:a780 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:81:a7:80 txqueuelen 1000 (Ethernet) RX packets 996 bytes 134380 (131.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 540 bytes 60915 (59.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
提示: 我们启动docker的时候,docker会帮我们创建一个docker 0的网桥
二、Docker镜像的常用命令
1、查看当前镜像
docker images
[root@docker1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 7042885a156a 13 days ago 109MB centos latest 1e1148e4cc2c 5 weeks ago 202MB
2、搜索镜像
docker search [镜像名字]
执行docker search centos 会从dockerhub上搜索镜像
[root@docker1 ~]# docker search centos NAME DESCRIPTION STARS OFFICIAL AUTOMATED centos The official build of CentOS. 5107 [OK] ansible/centos7-ansible Ansible on Centos7 119 [OK] jdeathe/centos-ssh CentOS-6 6.10 x86_64 / CentOS-7 7.5.1804 x86鈥 consol/centos-xfce-vnc Centos container with "headless" VNC session鈥 imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 48 [OK] centos/mysql-57-centos7 MySQL 5.7 SQL database server 45 tutum/centos Simple CentOS docker image with SSH access 43 openshift/base-centos7 A Centos7 derived base image for Source-To-I鈥 gluster/gluster-centos Official GlusterFS Image [ CentOS-7 + Glust鈥 centos/postgresql-96-centos7 PostgreSQL is an advanced Object-Relational 鈥 centos/python-35-centos7 Platform for building and running Python 3.5鈥 kinogmt/centos-ssh CentOS with SSH 25 [OK] openshift/jenkins-2-centos7 A Centos7 based Jenkins v2.x image for use w鈥 centos/php-56-centos7 Platform for building and running PHP 5.6 ap鈥 pivotaldata/centos-gpdb-dev CentOS image for GPDB development. Tag names鈥 openshift/wildfly-101-centos7 A Centos7 based WildFly v10.1 image for use 鈥 openshift/jenkins-1-centos7 DEPRECATED: A Centos7 based Jenkins v1.x ima鈥 darksheer/centos Base Centos Image -- Updated hourly 3 [OK] pivotaldata/centos Base centos, freshened up a little with a Do鈥 pivotaldata/centos-mingw Using the mingw toolchain to cross-compile t鈥 pivotaldata/centos-gcc-toolchain CentOS with a toolchain, but unaffiliated wi鈥 blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK] pivotaldata/centos7-build CentosOS 7 image for GPDB compilation 0 pivotaldata/centos7-test CentosOS 7 image for GPDB testing 0 smartentry/centos centos with smartentry 0
3、下载镜像
我们可以使用docker pull centos docker pull nginx来安装centos和nginx的镜像
4、配置镜像加速
[root@docker1 ~]# time docker run nginx ^L ^C real 2m6.295s user 0m0.048s sys 0m0.032s #配置docker镜像加速 vi /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"] } systemctl restart docker [root@docker1 ~]# systemctl restart docker [root@docker1 ~]# time docker run nginx ^C real 0m4.154s user 0m0.031s sys 0m0.018s
5、导出镜像
docker save -o [镜像名称] [镜像]
[root@docker1 ~]# docker save -o centos.tar centos [root@docker1 ~]# ls anaconda-ks.cfg centos.tar
需要将docker导出为tar,后面为镜像名称
6、导入镜像
[root@docker1 ~]#docker load --input centos.tar #使用input导入 [root@docker1 ~]# docker load < nginx.tar #使用重定向导入
7、删除镜像
docker删除可以使用docker rmi 后面加上docker的ID
例如:
[root@docker1 ~]# docker image rm centos:latest
提示:如果镜像已经创建了一个容器,那么将无法进行删除(报错如下)
[root@docker1 ~]# docker image rm centos:latest Error response from daemon: conflict: unable to remove repository reference "centos:latest" (must force) - container ea05becda4ec is using its referenced image 1e1148e4cc2c
删除容器:
[root@docker1 ~]# docker rm luoahong 或者使用 [root@docker1 ~]# docker rm -f luoahong
第二种会提示容器在将它关闭
docker另一种删除方式
[root@docker1 ~]# docker image rm 1e1148e4cc2c Error response from daemon: conflict: unable to delete 1e1148e4cc2c (must be forced) - image is being used by stopped container ea05becda4ec
启动一个容器 echo 完就删除
[root@docker1 ~]# docker run --rm centos /bin/echo "www.luoahong.com" www.luoahong.com [root@docker1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ea05becda4ec centos "/bin/bash" 29 hours ago Exited (255) About an hour ago luoahong
启动容器
docker run [镜像]
[root@docker1 ~]# docker run centos centos是镜像的名称,镜像的名称必须在选项的后面
启动镜像,输入Hello,并关闭
[root@docker1 ~]# docker run centos /bin/echo 'Hello Wordl 本命令的意思是启动一个docker进程,并echo 执行后面的命令可以有可以没有(hello),如果我们的镜像启动就会执行一个进程就不需要我们输入
查看启动镜像
docker ps -a
ps是显示正在运行的容器 -a是显示不运行的
[root@docker1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5e6f81f1aaba centos "/bin/bash" About a minute ago Exited (0) About a minute ago nervous_heisenberg ea05becda4ec centos "/bin/bash" 29 hours ago Exited (255) About an hour ago luoahong c6982dc1d74d nginx "nginx -g 'daemon of鈥 2b018750e9ce nginx "nginx -g 'daemon of鈥 faa2ac96101a nginx "nginx -g 'daemon of鈥
我们可以看到,现在容器并没有启动。因为docker启动需要在前台启动一个进程。容器的名称可以我们指定或自动生成
提示: 管理docker容器可以通过名称也可以通过ID
三、Docker管理案例
例如:我要新建一个luoahong
的容器,它的镜像是centos.
他有三个参数,第一个是给容器起一个名称,-t 分配一个伪终端(tty)-i标准输入打开,我要在里面输入命令
[root@docker1 ~]# docker run --name luoahong -t -i centos /bin/bash --name 容器的名称 -t 让docker分配一个伪终端 -i 让docker的标准输入打开{input}
提示:最后的/bin/bash
可以省略,但是最后一个如果不是命令,那就是镜像的名称
输入上方的命令之后会直接进入到容器里面
[root@f8c8c8156e26 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 11752 1920 ? Ss 19:38 0:00 /bin/bash root 18 0.0 0.0 47424 1660 ? R+ 21:32 0:00 ps aux [root@f8c8c8156e26 /]#
温馨提示:容器不是一个虚拟机,因为他就是一个进程,如果我们退出,这个进程就退出了。
如果我们执行创建容器的时候,里面没有我们指定的镜像,那么他会从dockerhub
上进行下载然后在启动
容器启动
我们通过docker ps -a
可以查看到没有启动的容器
使用docker start [名称或PORTS]
[root@docker1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f8c8c8156e26 centos "/bin/bash" 2 hours ago Exited (0) 34 minutes ago luoahong bcededa4b82c centos "/bin/echo hello" 2 hours ago Exited (0) 2 hours ago awesome_dijkstra [root@docker1 ~]# docker start luoahong luoahong [root@docker1 ~]# docker start bcededa4b82c bcededa4b82c
进入容器
[root@docker1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f8c8c8156e26 centos "/bin/bash" 2 hours ago Up 24 minutes luoahong bcededa4b82c centos "/bin/echo hello" 3 hours ago Exited (0) 23 minutes ago awesome_dijkstra [root@docker1 ~]# docker attach luoahong [root@f8c8c8156e26 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 11776 1872 ? Ss 22:09 0:00 /bin/bash root 14 0.0 0.0 47424 1660 ? R+ 22:33 0:00 ps aux
这样进入容器的缺点就是如果在开一个窗口就会同步操作,类似于单用户模式(windows远程桌面)
提示:生产场景是不使用docker attach
的,需要我们使用nsenter
这个工具,这个工具包含在util-linux
软件包里面
[root@docker1 ~]# yum install util-linux -y Centos7默认最小化已经安装
我们通过nsenter
就可以进入容器
,但是nsenter是通过pid
进入容器里,所以我们需要知道容器的pid。我们可以通过docker inspect
来获取到pid
[root@docker1 ~]# docker start luoahong luoahong [root@docker1 ~]# docker inspect -f "{{ .State.Pid }}" luoahong 37434 [root@docker1 ~]# nsenter -t 37434 -m -u -i -n -p
docker inspect -f {{.State.Pid}}
容器名或者容器id
#每一个容器都有.State.Pid,所以这个命令除了容器的id需要我们根据docker ps
-a
去查找,其他的全部为固定的格式 nsenter --target
上面查到的进程id --mount --uts --ipc --net --pid
#输入该命令便进入到容器中
解释nsenter指令中进程id之后的参数的含义:
* –mount参数是进去到mount namespace中 * –uts参数是进入到uts namespace中 * –ipc参数是进入到System V IPC namaspace中 * –net参数是进入到network namespace中 * –pid参数是进入到pid namespace中 * –user参数是进入到user namespace中
更多参数我们可以通过nsenter --help
进行获取
我们进入容器中查看进程
以下是以nsenter启动的进程
[root@f8c8c8156e26 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1664 ? Ss+ Oct18 0:00 /bin/bash root 27 0.0 0.1 13376 1984 ? S Oct18 0:00 -bash root 40 0.0 0.0 49024 1808 ? R+ 00:11 0:00 ps aux
/bin/bash
是我们运行容器产生的进程 -bash
是我们使用nsenter产生的,这样如果我们退出容器,容器就不会退出,因为-bash
还在运行
[root@f8c8c8156e26 /]# exit logout [root@docker1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f8c8c8156e26 centos "/bin/bash" 4 hours ago Up 48 minutes luoahong
因为每次进入容器都需要输入那两条命令,所以我们可以写一个脚本来获取。
脚本内容如下:
[root@docker1 ~]# cat docker_in.sh #!/bin/bash # Use nsenter to access docker docker_in(){ NAME_ID=$1 PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID) nsenter -t $PID -m -u -i -n -p } docker_in $1
执行结果如下:
[root@docker1 ~]# chmod +x docker_in.sh [root@docker1 ~]# ./docker_in.sh luoahong [root@f8c8c8156e26 /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 Oct18 ? 00:00:00 /bin/bash root 54 0 0 00:23 ? 00:00:00 -bash root 67 54 0 00:23 ? 00:00:00 ps -ef [root@f8c8c8156e26 /]#
我们也可以不进入容器进行查看
[root@docker1 ~]# docker exec luoahong ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 Oct18 ? 00:00:00 /bin/bash root 85 0 0 00:28 ? 00:00:00 ps -ef [root@docker1 ~]# docker exec luoahong ls / anaconda-post.log bin dev
提示:可以使用exec
参数,不进入容器查看内容
我们还可以使用exec进入docker容器中
[root@docker1 ~]# docker exec -it luoahong /bin/bash
但是最好还是少使用exec
,有可能会对容器造成一些意外的影响