docker镜像
hello-world 最小的镜像
从Docker Hub 下载这个镜像
[root@mcw1 /application]$ docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:2498fce14358aa50ead0cc6c19990fc6ff866ce72aeb5546e1d59caac3d0d60f
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest
查看镜像信息
[root@mcw1 /application]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest dabbfbe0c57b 3 days ago 144MB
hello-world latest feb5d9fea6a5 3 months ago 13.3kB
运行hello-world容器,很快容器就退出了
[root@mcw1 /application]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8b617d91943 httpd "httpd-foreground" 25 hours ago Up 24 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp sweet_curran
[root@mcw1 /application]$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
......
[root@mcw1 /application]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8b617d91943 httpd "httpd-foreground" 25 hours ago Up 25 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp sweet_curran
[root@mcw1 /application]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
81f8c132267c hello-world "/hello" About a minute ago Exited (0) About a minute ago hungry_keldysh
hello-world的Dockerfile
FROM SCRATCH COPY hello / CMD ["/hello"]
base镜像
下载镜像
[root@mcw1 /application]$ docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pulling fs layer
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
centos镜像的Dockerfile
FROM scratch
ADD centos-7-docker.tar.xz /
CMD ["/bin/bash"]
运行centos镜像
[root@mcw1 /application]$ docker run -it centos
[root@87b44864a676 /]# cat /etc/redhat-release
CentOS Linux release 8.4.2105
[root@87b44864a676 /]# uname -r
3.10.0-693.el7.x86_64
[root@87b44864a676 /]# exit
[root@mcw1 /application]$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@mcw1 /application]$ uname -r
3.10.0-693.el7.x86_64
docker commit手动创建镜像
步骤为:
1、运行容器。
2、修改容器。
3、将容器保存为新的镜像
运行容器以及修改容器
[root@mcw1 ~]$ docker ps #查看当前运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@mcw1 ~]$ docker images #查看当前的docker镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest dabbfbe0c57b 4 days ago 144MB
hello-world latest feb5d9fea6a5 3 months ago 13.3kB
centos latest 5d0da3dc9764 3 months ago 231MB
[root@mcw1 ~]$ docker run -it centos #使用centos镜像运行一个容器
[root@b6500e7b8da8 /]# vim #查看是否有vim命令
bash: vim: command not found
[root@b6500e7b8da8 /]# yum install -y vim #安装指定包,比如vim,
Failed to set locale, defaulting to C.UTF-8
CentOS Linux 8 - AppStream 2.0 MB/s | 8.4 MB 00:04
CentOS Linux 8 - BaseOS 1.9 MB/s | 3.6 MB 00:01
CentOS Linux 8 - Extras 14 kB/s | 10 kB 00:00
Dependencies resolved.
==========================================================================================
Package Architecture Version Repository Size
============================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-16.el8 appstream 1.4 M
[root@b6500e7b8da8 /]# which vim
/usr/bin/vim
创建新的镜像以及验证使用
重新打开一个xshell会话。
[root@mcw1 ~]$ docker ps #查看运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6500e7b8da8 centos "/bin/bash" 2 minutes ago Up 2 minutes funny_mcclintock
[root@mcw1 ~]$ docker commit funny_mcclintock centos-with-vim #将刚刚安装过vim的容器,提交为新的镜像
sha256:6c15aaf80fdfa05d898c4fedd21b046b9086d557ae681c3a241964eaaa559ce6
[root@mcw1 ~]$ docker images #查看刚刚提交的新的镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-with-vim latest 6c15aaf80fdf 11 seconds ago 296MB
httpd latest dabbfbe0c57b 4 days ago 144MB
hello-world latest feb5d9fea6a5 3 months ago 13.3kB
centos latest 5d0da3dc9764 3 months ago 231MB
[root@mcw1 ~]$ docker run -it centos-with-vim #用新创建的镜像运行一个容器
[root@ff39a256c796 /]# which vim #验证容器是否是修改过的能用的容器。这里可以看到,使用新镜像创建容器,这是拥有了vim命令的容器了
/usr/bin/vim
[root@ff39a256c796 /]#
这里在容器里ctrl + d 会退出容器,容器也会退出运行
[root@b6500e7b8da8 /]# exit
[root@mcw1 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ff39a256c796 centos-with-vim "/bin/bash" 11 minutes ago Up 11 minutes strange_hoover
[root@mcw1 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6500e7b8da8 centos "/bin/bash" 15 minutes ago Exited (0) 32 seconds ago funny_mcclintock
Dockerfile
第一个Dockerflile
[root@mcw1 ~/mcwdocker]$ pwd #查看当前目录
/root/mcwdocker
[root@mcw1 ~/mcwdocker]$ ls #查看当前目录下文件,有dockerfile文件
Dockerfile
[root@mcw1 ~/mcwdocker]$ cat Dockerfile #查看Dockerfile文件内容,根据现有的centos镜像,yum安装一个vim
FROM centos
RUN yum install -y vim
[root@mcw1 ~/mcwdocker]$ docker images|grep centos #查看当前有的镜像
centos-with-vim latest 6c15aaf80fdf 29 minutes ago 296MB
centos latest 5d0da3dc9764 3 months ago 231MB
[root@mcw1 ~/mcwdocker]$ docker build -t centos-with-vim-dockerfile
"docker build" requires exactly 1 argument.
See 'docker build --help'.
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
[root@mcw1 ~/mcwdocker]$
[root@mcw1 ~/mcwdocker]$ docker build -t centos-with-vim-dockerfile . #构建镜像,根据Dockerfile 创建一个镜像,记得有个点
Sending build context to Docker daemon 2.048kB #-t指定镜像名称
Step 1/2 : FROM centos
---> 5d0da3dc9764
Step 2/2 : RUN yum install -y vim
---> Running in 1890e7768b94
CentOS Linux 8 - AppStream 2.1 MB/s | 8.4 MB 00:03
CentOS Linux 8 - BaseOS 1.6 MB/s | 3.6 MB 00:02
CentOS Linux 8 - Extras 14 kB/s | 10 kB 00:00
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-16.el8 appstream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-17.el8 appstream 39 k
vim-common x86_64 2:8.0.1763-16.el8 appstream 6.3 M
vim-filesystem noarch 2:8.0.1763-16.el8 appstream 49 k
which x86_64 2.21-16.el8 baseos 49 k
Transaction Summary
================================================================================
Install 5 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-17.el8.x86_64.rpm 290 kB/s | 39 kB 00:00
(2/5): vim-filesystem-8.0.1763-16.el8.noarch.rp 982 kB/s | 49 kB 00:00
(3/5): vim-enhanced-8.0.1763-16.el8.x86_64.rpm 1.6 MB/s | 1.4 MB 00:00
(4/5): which-2.21-16.el8.x86_64.rpm 56 kB/s | 49 kB 00:00
(5/5): vim-common-8.0.1763-16.el8.x86_64.rpm 1.4 MB/s | 6.3 MB 00:04
--------------------------------------------------------------------------------
Total 1.4 MB/s | 7.8 MB 00:05
warning: /var/cache/dnf/appstream-02e86d1c976ab532/packages/gpm-libs-1.20.7-17.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS Linux 8 - AppStream 13 kB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : which-2.21-16.el8.x86_64 1/5
Installing : vim-filesystem-2:8.0.1763-16.el8.noarch 2/5
Installing : vim-common-2:8.0.1763-16.el8.x86_64 3/5
Installing : gpm-libs-1.20.7-17.el8.x86_64 4/5
Running scriptlet: gpm-libs-1.20.7-17.el8.x86_64 4/5
Installing : vim-enhanced-2:8.0.1763-16.el8.x86_64 5/5
Running scriptlet: vim-enhanced-2:8.0.1763-16.el8.x86_64 5/5
Running scriptlet: vim-common-2:8.0.1763-16.el8.x86_64 5/5
Verifying : gpm-libs-1.20.7-17.el8.x86_64 1/5
Verifying : vim-common-2:8.0.1763-16.el8.x86_64 2/5
Verifying : vim-enhanced-2:8.0.1763-16.el8.x86_64 3/5
Verifying : vim-filesystem-2:8.0.1763-16.el8.noarch 4/5
Verifying : which-2.21-16.el8.x86_64 5/5
Installed:
gpm-libs-1.20.7-17.el8.x86_64 vim-common-2:8.0.1763-16.el8.x86_64
vim-enhanced-2:8.0.1763-16.el8.x86_64 vim-filesystem-2:8.0.1763-16.el8.noarch
which-2.21-16.el8.x86_64
Complete!
Removing intermediate container 1890e7768b94
---> f55fe59234eb
Successfully built f55fe59234eb
Successfully tagged centos-with-vim-dockerfile:latest
[root@mcw1 ~/mcwdocker]$ docker images |grep centos #查看使用Dockerfile新生成的镜像 centos-with-vim-dockerfile
centos-with-vim-dockerfile latest f55fe59234eb 50 seconds ago 296MB
centos-with-vim latest 6c15aaf80fdf 32 minutes ago 296MB
centos latest 5d0da3dc9764 3 months ago 231MB
docker history 查看镜像分层。
docker history 会显示构建历史
[root@mcw1 ~/mcwdocker]$ docker images |grep centos
centos-with-vim-dockerfile latest f55fe59234eb 50 seconds ago 296MB
centos-with-vim latest 6c15aaf80fdf 32 minutes ago 296MB
centos latest 5d0da3dc9764 3 months ago 231MB
[root@mcw1 ~/mcwdocker]$
[root@mcw1 ~/mcwdocker]$
[root@mcw1 ~/mcwdocker]$ docker history centos
IMAGE CREATED CREATED BY SIZE COMMENT
5d0da3dc9764 3 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 3 months ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 3 months ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB
[root@mcw1 ~/mcwdocker]$ docker history centos-with-vim-dockerfile
IMAGE CREATED CREATED BY SIZE COMMENT
f55fe59234eb 7 minutes ago /bin/sh -c yum install -y vim 64.7MB
5d0da3dc9764 3 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 3 months ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 3 months ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB
镜像的缓存特性
当只是在最下面增加步骤时,前面的步骤使用缓存
[root@mcw1 ~/mcwdocker]$ ls #创建testfile文件
Dockerfile testfile
[root@mcw1 ~/mcwdocker]$ cat Dockerfile #查看Dockerfile文件内容,增加一个将本地文件复制到镜像容器的根目录下
FROM centos
RUN yum install -y vim
COPY testfile /
[root@mcw1 ~/mcwdocker]$ docker build -t centos-with-vim-dockerfile2 .
Sending build context to Docker daemon 2.56kB
Step 1/3 : FROM centos
---> 5d0da3dc9764
Step 2/3 : RUN yum install -y vim
---> Using cache #这里显示使用了缓存
---> f55fe59234eb
Step 3/3 : COPY testfile /
---> 733b63b20d4b
Successfully built 733b63b20d4b
Successfully tagged centos-with-vim-dockerfile2:latest
当修改命令顺序后或者某处增添命令,缓存失效
[root@mcw1 ~/mcwdocker]$ ls
Dockerfile testfile
[root@mcw1 ~/mcwdocker]$ cat Dockerfile
FROM centos
COPY testfile /
RUN yum install -y vim
[root@mcw1 ~/mcwdocker]$ docker build -t centos-with-vim-dockerfile3 .
Sending build context to Docker daemon 2.56kB
Step 1/3 : FROM centos
---> 5d0da3dc9764
Step 2/3 : COPY testfile /
---> 33d94ca8015d
Step 3/3 : RUN yum install -y vim
---> Running in d2abfdc93eb2
CentOS Linux 8 - AppStream 1.9 MB/s | 8.4 MB 00:04
CentOS Linux 8 - BaseOS 952 kB/s | 3.6 MB 00:03
CentOS Linux 8 - Extras 12 kB/s | 10 kB 00:00
.........
which-2.21-16.el8.x86_64
Complete!
Removing intermediate container d2abfdc93eb2
---> 4de1df762009
Successfully built 4de1df762009
Successfully tagged centos-with-vim-dockerfile3:latest
调试Dockerfile
[root@mcw1 ~/mcwdocker]$ ls
Dockerfile testfile
[root@mcw1 ~/mcwdocker]$ cat Dockerfile
FROM busybox
RUN touch tmpfile
RUN /bin/bash -c echo "continue to build..."
COPY testfile /
[root@mcw1 ~/mcwdocker]$ docker build -t image-debug .
Sending build context to Docker daemon 2.56kB
Step 1/4 : FROM busybox
---> ffe9d497c324
Step 2/4 : RUN touch tmpfile
---> Using cache
---> 4f3ea932edf3
Step 3/4 : RUN /bin/bash -c echo "continue to build..." #构建出问题
---> Running in 59720c834f83
/bin/sh: /bin/bash: not found
The command '/bin/sh -c /bin/bash -c echo "continue to build..."' returned a non-zero code: 127
[root@mcw1 ~/mcwdocker]$ docker run -it 59720c834f83 #使用出问题的前一个镜像运行容器,貌似感觉没啥用
Unable to find image '59720c834f83:latest' locally
docker: Error response from daemon: pull access denied for 59720c834f83, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
Dockerfile常用指令
COPY
复制指令,从上下文目录中复制文件或者目录到容器里指定路径。
格式:
COPY [--chown=<user>:<group>] <源路径1>... <目标路径> COPY [--chown=<user>:<group>] ["<源路径1>",... "<目标路径>"]
[--chown=<user>:<group>]:可选参数,用户改变复制到容器内文件的拥有者和属组。
<源路径>:源文件或者源目录,这里可以是通配符表达式,其通配符规则要满足 Go 的 filepath.Match 规则。例如:
COPY hom* /mydir/ COPY hom?.txt /mydir/
<目标路径>:容器内的指定路径,该路径不用事先建好,路径不存在的话,会自动创建。
ADD
ADD 指令和 COPY 的使用格类似(同样需求下,官方推荐使用 COPY)。功能也类似,不同之处如下:
- ADD 的优点:在执行 <源文件> 为 tar 压缩文件的话,压缩格式为 gzip, bzip2 以及 xz 的情况下,会自动复制并解压到 <目标路径>。
- ADD 的缺点:在不解压的前提下,无法复制 tar 压缩文件。会令镜像构建缓存失效,从而可能会令镜像构建变得比较缓慢。具体是否使用,可以根据是否需要自动解压来决定。
CMD
类似于 RUN 指令,用于运行程序,但二者运行的时间点不同:
- CMD 在docker run 时运行。
- RUN 是在 docker build。
作用:为启动的容器指定默认要运行的程序,程序运行结束,容器也就结束。CMD 指令指定的程序可被 docker run 命令行参数中指定要运行的程序所覆盖。
注意:如果 Dockerfile 中如果存在多个 CMD 指令,仅最后一个生效。
格式:
CMD <shell 命令> CMD ["<可执行文件或命令>","<param1>","<param2>",...] CMD ["<param1>","<param2>",...] # 该写法是为 ENTRYPOINT 指令指定的程序提供默认参数
推荐使用第二种格式,执行过程比较明确。第一种格式实际上在运行的过程中也会自动转换成第二种格式运行,并且默认可执行文件是 sh。
ENTRYPOINT
类似于 CMD 指令,但其不会被 docker run 的命令行参数指定的指令所覆盖,而且这些命令行参数会被当作参数送给 ENTRYPOINT 指令指定的程序。
但是, 如果运行 docker run 时使用了 --entrypoint 选项,将覆盖 CMD 指令指定的程序。
优点:在执行 docker run 的时候可以指定 ENTRYPOINT 运行所需的参数。
注意:如果 Dockerfile 中如果存在多个 ENTRYPOINT 指令,仅最后一个生效。
格式:
ENTRYPOINT ["<executeable>","<param1>","<param2>",...]
可以搭配 CMD 命令使用:一般是变参才会使用 CMD ,这里的 CMD 等于是在给 ENTRYPOINT 传参,以下示例会提到。
示例:
假设已通过 Dockerfile 构建了 nginx:test 镜像:
FROM nginx ENTRYPOINT ["nginx", "-c"] # 定参 CMD ["/etc/nginx/nginx.conf"] # 变参
1、不传参运行
$ docker run nginx:test
容器内会默认运行以下命令,启动主进程。
nginx -c /etc/nginx/nginx.conf
2、传参运行
$ docker run nginx:test -c /etc/nginx/new.conf
容器内会默认运行以下命令,启动主进程(/etc/nginx/new.conf:假设容器内已有此文件)
nginx -c /etc/nginx/new.conf
ENV
设置环境变量,定义了环境变量,那么在后续的指令中,就可以使用这个环境变量。
格式:
ENV <key> <value> ENV <key1>=<value1> <key2>=<value2>...
以下示例设置 NODE_VERSION = 7.2.0 , 在后续的指令中可以通过 $NODE_VERSION 引用:
ENV NODE_VERSION 7.2.0 RUN curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \ && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"
ARG
构建参数,与 ENV 作用一致。不过作用域不一样。ARG 设置的环境变量仅对 Dockerfile 内有效,也就是说只有 docker build 的过程中有效,构建好的镜像内不存在此环境变量。
构建命令 docker build 中可以用 --build-arg <参数名>=<值> 来覆盖。
格式:
ARG <参数名>[=<默认值>]
VOLUME
定义匿名数据卷。在启动容器时忘记挂载数据卷,会自动挂载到匿名卷。
作用:
- 避免重要的数据,因容器重启而丢失,这是非常致命的。
- 避免容器不断变大。
格式:
VOLUME ["<路径1>", "<路径2>"...] VOLUME <路径>
在启动容器 docker run 的时候,我们可以通过 -v 参数修改挂载点。
EXPOSE
仅仅只是声明端口。
作用:
- 帮助镜像使用者理解这个镜像服务的守护端口,以方便配置映射。
- 在运行时使用随机端口映射时,也就是 docker run -P 时,会自动随机映射 EXPOSE 的端口。
格式:
EXPOSE <端口1> [<端口2>...]
WORKDIR
指定工作目录。用 WORKDIR 指定的工作目录,会在构建镜像的每一层中都存在。(WORKDIR 指定的工作目录,必须是提前创建好的)。
docker build 构建镜像过程中的,每一个 RUN 命令都是新建的一层。只有通过 WORKDIR 创建的目录才会一直存在。
格式:
WORKDIR <工作目录路径>
USER
用于指定执行后续命令的用户和用户组,这边只是切换后续命令执行的用户(用户和用户组必须提前已经存在)。
格式:
USER <用户名>[:<用户组>]
HEALTHCHECK
用于指定某个程序或者指令来监控 docker 容器服务的运行状态。
格式:
HEALTHCHECK [选项] CMD <命令>:设置检查容器健康状况的命令 HEALTHCHECK NONE:如果基础镜像有健康检查指令,使用这行可以屏蔽掉其健康检查指令 HEALTHCHECK [选项] CMD <命令> : 这边 CMD 后面跟随的命令使用,可以参考 CMD 的用法。
ONBUILD
用于延迟构建命令的执行。简单的说,就是 Dockerfile 里用 ONBUILD 指定的命令,在本次构建镜像的过程中不会执行(假设镜像为 test-build)。当有新的 Dockerfile 使用了之前构建的镜像 FROM test-build ,这时执行新镜像的 Dockerfile 构建时候,会执行 test-build 的 Dockerfile 里的 ONBUILD 指定的命令。
格式:
ONBUILD <其它指令>
LABEL
LABEL 指令用来给镜像添加一些元数据(metadata),以键值对的形式,语法格式如下:
LABEL <key>=<value> <key>=<value> <key>=<value> ...
比如我们可以添加镜像的作者:
LABEL org.opencontainers.image.authors="runoob"
Dockerfile 指令使用案例
ENV
[root@mcw1 ~/mcwdocker]$ ls Dockerfile testfile [root@mcw1 ~/mcwdocker]$ vim Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #编辑Docker,添加单个或者多个环境变量 FROM busybox ENV name mcw ENV gender="男" age=18 RUN echo $name $gender $age [root@mcw1 ~/mcwdocker]$ ls Dockerfile testfile [root@mcw1 ~/mcwdocker]$ docker build -t envtest . #构建镜像 Sending build context to Docker daemon 2.56kB Step 1/4 : FROM busybox ---> ffe9d497c324 Step 2/4 : ENV name mcw ---> Running in ee98d50d8d14 Removing intermediate container ee98d50d8d14 ---> 8b96753450ae Step 3/4 : ENV gender="男" age=18 ---> Running in 67ee913938cc Removing intermediate container 67ee913938cc ---> 1698539ce258 Step 4/4 : RUN echo $name $gender $age >>mcw.txt ---> Running in 80bc302ae9b7 Removing intermediate container 80bc302ae9b7 ---> ce18c132dd5e Successfully built ce18c132dd5e Successfully tagged envtest:latest [root@mcw1 ~/mcwdocker]$ docker images |grep env #查看构建的镜像 envtest latest ce18c132dd5e 24 seconds ago 1.24MB [root@mcw1 ~/mcwdocker]$ docker run -it envtest #以新的镜像运行一个容器 / # ls bin dev etc home mcw.txt proc root sys tmp usr var / # cat mcw.txt #由结果说明,Dockerflie支持使用>>符号的,ENV生成的环境变量,成功使用 mcw 男 18 / # echo $name mcw / # env #查看容器的env环境,可以看到Dockerfile的ENV指令,会将生成的环境变量加到这个镜像运行的容器的环境变量中 HOSTNAME=d866c96acaf7 SHLVL=1 HOME=/root gender=男 TERM=xterm age=18 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin name=mcw PWD=/ / #
Dockerfile的注释可以使用#
一个多一点指令的使用案例
[root@mcw1 ~/mcwdocker]$ touch tmpfile2 [root@mcw1 ~/mcwdocker]$ mkdir mcw [root@mcw1 ~/mcwdocker]$ echo mcwtest>>mcw/mcw.txt [root@mcw1 ~/mcwdocker]$ tar zcf mcw.tar.gz mcw [root@mcw1 ~/mcwdocker]$ rm -rf mcw [root@mcw1 ~/mcwdocker]$ ls #查看当前目录下文件 Dockerfile mcw.tar.gz tmpfile2 [root@mcw1 ~/mcwdocker]$ cat Dockerfile #查看dockerfile文件内容 #mcw dockerfile FROM busybox MAINTAINER mcw@qq.com WORKDIR /testdir RUN touch tmpfile1 COPY ["tmpfile2","."] ADD ["mcw.tar.gz","."] ENV WELCOME "you are in my container,welcome!" [root@mcw1 ~/mcwdocker]$ docker build -t mcw-image . #构建镜像 Sending build context to Docker daemon 3.584kB Step 1/7 : FROM busybox ---> ffe9d497c324 Step 2/7 : MAINTAINER mcw@qq.com ---> Running in e8af6783fe76 Removing intermediate container e8af6783fe76 ---> 1166a705dd11 Step 3/7 : WORKDIR /testdir ---> Running in 5bfa3a925661 Removing intermediate container 5bfa3a925661 ---> 615ea33bdf69 Step 4/7 : RUN touch tmpfile1 ---> Running in 3066f40cfc14 Removing intermediate container 3066f40cfc14 ---> 6236dce4241c Step 5/7 : COPY ["tmpfile2","."] ---> 67cafd96e333 Step 6/7 : ADD ["mcw.tar.gz","."] ---> 2434e12514ce Step 7/7 : ENV WELCOME "you are in my container,welcome!" ---> Running in e382cfd0ed1f Removing intermediate container e382cfd0ed1f ---> de3523944329 Successfully built de3523944329 Successfully tagged mcw-image:latest [root@mcw1 ~/mcwdocker]$ docker run -it mcw-image #用镜像运行容器 /testdir # ls #运行容器,直接进入工作目录,.可以表示容器当前工作目录; mcw tmpfile1 tmpfile2 #tar包传进来就会解压;创建tmpfile1,复制tmpfile2到工作目录下 /testdir # ls mcw/ mcw.txt /testdir # cat mcw/mcw.txt mcwtest /testdir # echo $WELCOME #查看设置的环境变量 you are in my container,welcome! /testdir # cd / / # ls bin dev etc home proc root sys testdir tmp usr var
docker 只查看某个镜像的信息
[root@mcw1 ~/mcwdocker]$ docker images mcw-image
REPOSITORY TAG IMAGE ID CREATED SIZE
mcw-image latest de3523944329 9 minutes ago 1.24MB
[root@mcw1 ~/mcwdocker]$ docker images mcw-image
REPOSITORY TAG IMAGE ID CREATED SIZE
mcw-image latest de3523944329 9 minutes ago 1.24MB
RUN vs CMD vs ENTRYPOINT
Shell和Exec格式
@shell格式:
[root@mcw1 ~/mcwdocker]$ cat Dockerfile #yum安装不加-y构建镜像会报错 #mcw dockerfile FROM centos RUN yum install vim CMD echo "Hello,world" ENTRYPOINT echo "Hello,world" [root@mcw1 ~/mcwdocker]$ docker build -t mcw8-image ....... Installed size: 30 M Is this ok [y/N]: Operation aborted. The command '/bin/sh -c yum install vim' returned a non-zero code: 1 [root@mcw1 ~/mcwdocker]$ vim Dockerfile #修改yum添加-y参数 [root@mcw1 ~/mcwdocker]$ docker build -t mcw8-image . [root@mcw1 ~/mcwdocker]$ docker run mcw8-image #运行只执行了一次打印 Hello,world [root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #查看Dockerfile #mcw dockerfile FROM busybox ENV name machangwei ENTRYPOINT echo "Hello,$name" [root@mcw1 ~/mcwdocker]$ docker build -t mcw2-image . #构建镜像 Sending build context to Docker daemon 2.048kB Step 1/3 : FROM busybox ---> ffe9d497c324 Step 2/3 : ENV name machangwei ---> Running in b640736ede3d Removing intermediate container b640736ede3d ---> dde86c0e2c64 Step 3/3 : ENTRYPOINT echo "Hello,$name" ---> Running in 86931dee18ce Removing intermediate container 86931dee18ce ---> 1e23a121acab Successfully built 1e23a121acab Successfully tagged mcw2-image:latest [root@mcw1 ~/mcwdocker]$ docker run mcw2-image #运行容器,docker run [image],直接输出命令打印结果 Hello,machangwei #shell底层会调用 /bin/sh -c [command]。命令中的$name变量会被解析出来 [root@mcw1 ~/mcwdocker]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ff39a256c796 centos-with-vim "/bin/bash" 3 hours ago Up 3 hours strange_hoover
@Exec格式:
[root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #yum安装不加-y参数构建镜像会报错 #mcw dockerfile FROM centos RUN ["yum","install","vim"] CMD ["/bin/echo","Hello,world"] ENTRYPOINT ["/bin/echo","Hello,world"] [root@mcw1 ~/mcwdocker]$ docker build -t mcw8-image . Sending build context to Docker daemon 2.048kB Step 1/4 : FROM centos ---> 5d0da3dc9764 Step 2/4 : RUN ["yum","install","vim"] ---> Running in 0a267d2f94c1 CentOS Linux 8 - AppStream 610 kB/s | 8.4 MB 00:14 CentOS Linux 8 - BaseOS 1.4 MB/s | 3.6 MB 00:02 CentOS Linux 8 - Extras 13 kB/s | 10 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: vim-enhanced x86_64 2:8.0.1763-16.el8 appstream 1.4 M Installing dependencies: gpm-libs x86_64 1.20.7-17.el8 appstream 39 k vim-common x86_64 2:8.0.1763-16.el8 appstream 6.3 M vim-filesystem noarch 2:8.0.1763-16.el8 appstream 49 k which x86_64 2.21-16.el8 baseos 49 k Transaction Summary ================================================================================ Install 5 Packages Total download size: 7.8 M Installed size: 30 M Is this ok [y/N]: Operation aborted. The command 'yum install vim' returned a non-zero code: 1 [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ vim Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #yum安装加上-y才可以 #mcw dockerfile FROM centos RUN ["yum","install","-y","vim"] CMD ["/bin/echo","Hello,world"] ENTRYPOINT ["/bin/echo","Hello,world"] [root@mcw1 ~/mcwdocker]$ docker build -t mcw8-image . Sending build context to Docker daemon 2.048kB Step 1/4 : FROM centos ---> 5d0da3dc9764 Step 2/4 : RUN ["yum","install","-y","vim"] ---> Running in 1f79f11e3026 CentOS Linux 8 - AppStream 1.2 MB/s | 8.4 MB 00:07 ............. which-2.21-16.el8.x86_64 Complete! Removing intermediate container 1f79f11e3026 ---> c72a86c6d57a Step 3/4 : CMD ["/bin/echo","Hello,world"] ---> Running in 1d06e235a516 Removing intermediate container 1d06e235a516 ---> 6c898a2eeade Step 4/4 : ENTRYPOINT ["/bin/echo","Hello,world"] ---> Running in cb9a0aa86e1a Removing intermediate container cb9a0aa86e1a ---> ee61b361ed31 Successfully built ee61b361ed31 Successfully tagged mcw8-image:latest [root@mcw1 ~/mcwdocker]$
@Execl格式运行CMD, ENTRYPOINT加/bin/sh -c和不加的区别,即解析环境变量和不解析的区别
[root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #查看dockerfile内容 #mcw dockerfile FROM busybox ENV name machangwei ENTRYPOINT ["/bin/echo","Hello,$name"] [root@mcw1 ~/mcwdocker]$ docker build -t mcw6-image . #构建镜像 Sending build context to Docker daemon 2.048kB Step 1/3 : FROM busybox ---> ffe9d497c324 Step 2/3 : ENV name machangwei ---> Using cache ---> dde86c0e2c64 Step 3/3 : ENTRYPOINT ["/bin/echo","Hello,$name"] ---> Running in d370609979f3 Removing intermediate container d370609979f3 ---> 214d5dae2740 Successfully built 214d5dae2740 Successfully tagged mcw6-image:latest [root@mcw1 ~/mcwdocker]$ docker run mcw6-image #运行容器,查看打印结果。Exec格式直接/bin/echo 不可以解析出变量 Hello,$name [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ vim Dockerfile [root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #查看修改的Dockerfile内容,添加了/bin/sh -c 后面直接跟命令和变量信息 #mcw dockerfile FROM busybox ENV name machangwei ENTRYPOINT ["/bin/sh","-c","echo Hello,$name"] [root@mcw1 ~/mcwdocker]$ docker build -t mcw7-image . #构建镜像 Sending build context to Docker daemon 2.048kB Step 1/3 : FROM busybox ---> ffe9d497c324 Step 2/3 : ENV name machangwei ---> Using cache ---> dde86c0e2c64 Step 3/3 : ENTRYPOINT ["/bin/sh","-c","echo Hello,$name"] ---> Running in 425820f8956a Removing intermediate container 425820f8956a ---> cd32915a0558 Successfully built cd32915a0558 Successfully tagged mcw7-image:latest [root@mcw1 ~/mcwdocker]$ docker run mcw7-image #运行容器只看输出,可以看到变量$name 已经被解析 Hello,machangwei [root@mcw1 ~/mcwdocker]$
RUN
shell格式:RUN yum install -y vim Exec格式: RUN ["yum","install","-y","vim"]
CMD
shell格式: CMD echo "machangwei" Exec格式: CMD ["/bin/echo","machangwei"]
第三种格式,先不研究了 :CMD ["参数","参数2"]
@1、使用两个CMD命令
[root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #1、使用两个CMD命令 #mcw dockerfile FROM centos CMD echo "machangwei1" CMD echo "machangwei2" [root@mcw1 ~/mcwdocker]$ docker build -t mcw16-image . Sending build context to Docker daemon 2.048kB ....... Successfully built 6041e3be9fbd Successfully tagged mcw16-image:latest [root@mcw1 ~/mcwdocker]$ docker run mcw16-image #1、使用两个CMD命令,只运行最后一个 machangwei2
@2、运行容器时加上命令
[root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #mcw dockerfile FROM centos CMD echo "machangwei1" CMD echo "machangwei2" [root@mcw1 ~/mcwdocker]$ docker build -t mcw17-image . ........ [root@mcw1 ~/mcwdocker]$ docker run mcw17-image # machangwei2 [root@mcw1 ~/mcwdocker]$ docker run mcw17-image /bin/bash [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ docker run -it mcw17-image #-it运行容器时不加命令,只是打印最后一个CMD结果 machangwei2 [root@mcw1 ~/mcwdocker]$ docker run -it mcw17-image /bin/bash #-it 运行容器时加上命令,并不打印,CMD被忽略掉, [root@3af6a0c763df /]#
ENTRYPOINT
@shell格式:
ENTRYPOINT echo "machangwei3"
@@1、ENTRYPOINT放最后
[root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #在最后添加ENTRYPOINT #mcw dockerfile FROM centos CMD echo "machangwei1" CMD echo "machangwei2" ENTRYPOINT echo "machangwei3" [root@mcw1 ~/mcwdocker]$ docker build -t mcw18-image . ......... [root@mcw1 ~/mcwdocker]$ docker run mcw18-image #运行容器不加命令参数,只运行打印了最后一个,不进入容器 machangwei3 [root@mcw1 ~/mcwdocker]$ docker run -it mcw18-image /bin/bash #运行容器加命令参数,还是运行打印ENTRYPOINT,不进入容器 machangwei3
@@2、ENTRYPOINT放中间,由两个案例可知,当同时有CMD时,默认运行ENTRYPOINT 的
[root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #修改ENTRYPOINT 的顺序 #mcw dockerfile FROM centos CMD echo "machangwei1" ENTRYPOINT echo "machangwei3" CMD echo "machangwei2" [root@mcw1 ~/mcwdocker]$ docker build -t mcw19-image . ......... [root@mcw1 ~/mcwdocker]$ docker run mcw19-image machangwei3 [root@mcw1 ~/mcwdocker]$ docker run mcw19-image /bin/bash machangwei3 [root@mcw1 ~/mcwdocker]$ docker run mcw19-image ls / machangwei3 [root@mcw1 ~/mcwdocker]$ docker run -it mcw19-image machangwei3 [root@mcw1 ~/mcwdocker]$ docker run -it mcw19-image ls / machangwei3 [root@mcw1 ~/mcwdocker]$ docker run -it mcw19-image /bin/bash machangwei3 [root@mcw1 ~/mcwdocker]$
@Exec格式
ENTRYPOINT ["/bin/echo", "Hello"] [root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #mcw dockerfile FROM centos ENTRYPOINT ["/bin/echo", "Hello"] CMD ["world"] [root@mcw1 ~/mcwdocker]$ docker build -t mcw20-image . ....... [root@mcw1 ~/mcwdocker]$ docker run mcw20-image Hello world [root@mcw1 ~/mcwdocker]$ docker run mcw20-image machangwei Hello machangwei [root@mcw1 ~/mcwdocker]$ docker run -it mcw20-image Hello world [root@mcw1 ~/mcwdocker]$ docker run -it mcw20-image machangwei #ENTRYPOINT的不可以修改,CMD的可以修改 Hello machangwei [root@mcw1 ~/mcwdocker]$ docker run -it mcw20-image /bin/bash #这样CMD可以当做ENTRYPOINT命令执行的默认参数,运行容器 Hello /bin/bash #时可以添加内容进行覆盖掉默认的
docker删除镜像失败Error response from daemon: conflict: unable to delete 345d2c86b9c7 (must be forced) - image is being used by stopped container 830fe2ea4187
[root@mcw1 ~/mcwdocker]$ docker images mcw20-image #查看镜像 REPOSITORY TAG IMAGE ID CREATED SIZE mcw20-image latest 345d2c86b9c7 19 minutes ago 231MB [root@mcw1 ~/mcwdocker]$ docker rmi 345d2c86b9c7 #删除失败,在被使用 Error response from daemon: conflict: unable to delete 345d2c86b9c7 (must be forced) - image is being used by stopped container 830fe2ea4187 [root@mcw1 ~/mcwdocker]$ docker ps -a|grep mcw20-image #查看使用镜像的容器 0d6f336ac24b mcw20-image "/bin/echo Hello /bi…" 18 minutes ago Exited (0) 18 minutes ago gallant_sammet faba508a8588 mcw20-image "/bin/echo Hello mac…" 18 minutes ago Exited (0) 18 minutes ago vigorous_proskuriakova 007452b1fcd1 mcw20-image "/bin/echo Hello wor…" 18 minutes ago Exited (0) 18 minutes ago xenodochial_swirles 830fe2ea4187 mcw20-image "/bin/echo Hello mac…" 18 minutes ago Exited (0) 18 minutes ago elastic_johnson dc0312f335b0 mcw20-image "/bin/echo Hello wor…" 19 minutes ago Exited (0) 19 minutes ago upbeat_chebyshev [root@mcw1 ~/mcwdocker]$ docker rm 0d6f336ac24b faba 0074 830fe dc0312f335b0 #删除容器 0d6f336ac24b faba 0074 830fe dc0312f335b0 [root@mcw1 ~/mcwdocker]$ docker ps -a|grep mcw20-image [root@mcw1 ~/mcwdocker]$ docker images mcw20-image REPOSITORY TAG IMAGE ID CREATED SIZE mcw20-image latest 345d2c86b9c7 21 minutes ago 231MB [root@mcw1 ~/mcwdocker]$ docker rmi 345d2c86b9c7 #删除镜像 Untagged: mcw20-image:latest Deleted: sha256:345d2c86b9c767b3ef4e38612db8fe5657a4b8733eb9e8d36753f393caf9ef9f Deleted: sha256:88a9b70ba3aea318257066bc40452717423204176ce133e79e73ef3a7b06b792 [root@mcw1 ~/mcwdocker]$ docker images mcw20-image REPOSITORY TAG IMAGE ID CREATED SIZE [root@mcw1 ~/mcwdocker]$
分发镜像
为镜像命名
docker tag 原镜像名称:tag 新镜像名称:新tag
比如:httpd:v1.9.2
一般都都打成如下三个标签
httpd:v1
httpd:v1.9
httpd:latest
如果版本有更新,更新这三个标签指向新的版本
如果有大版本更新,设置三个大版本的标签
比如:httpd:2.0.0
一般都都打成如下三个标签
httpd:2
httpd:2.0
httpd:latest
注意。不要被latest误解。它只是个标签,如果没有更新,它就不是最新版本,标签更新指向最新版本,它才是最新版本
@1、当我们docker build构建镜像时,就已经为镜像起了名字了
[root@mcw1 ~/mcwdocker]$ ls Dockerfile [root@mcw1 ~/mcwdocker]$ cat Dockerfile #mcw dockerfile FROM centos ENTRYPOINT ["/bin/echo", "Hello"] CMD ["world"] [root@mcw1 ~/mcwdocker]$ docker build -t centos-hello . #-t指定镜像名称, [root@mcw1 ~/mcwdocker]$ docker images centos-hello #如果没有指定tag,默认为latest,tag可以是任意字符串 REPOSITORY TAG IMAGE ID CREATED SIZE centos-hello latest 10eeae62a791 18 seconds ago 231MB
@2、当我们httpd:1.9.1时,给它打三个标签
[root@mcw1 ~/mcwdocker]$ docker images #查看当前镜像 REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest dabbfbe0c57b 5 days ago 144MB busybox latest ffe9d497c324 2 weeks ago 1.24MB hello-world latest feb5d9fea6a5 3 months ago 13.3kB centos latest 5d0da3dc9764 3 months ago 231MB [root@mcw1 ~/mcwdocker]$ docker tag httpd:latest mcw-httpd:1 #将镜像起个tag [root@mcw1 ~/mcwdocker]$ docker images mcw-httpd REPOSITORY TAG IMAGE ID CREATED SIZE mcw-httpd 1 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker tag httpd:latest mcw-httpd:1.9 ##将镜像起个tag [root@mcw1 ~/mcwdocker]$ docker tag httpd:latest mcw-httpd:1.9.1 ##将镜像起个tag [root@mcw1 ~/mcwdocker]$ docker tag httpd:latest mcw-httpd:xiaoma #将镜像起个tag [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ docker images mcw* # REPOSITORY TAG IMAGE ID CREATED SIZE mcw-httpd 1 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9.1 dabbfbe0c57b 5 days ago 144MB mcw-httpd xiaoma dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ docker images *httpd* #模糊匹配查询相关的镜像 REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest dabbfbe0c57b 5 days ago 144MB mcw-httpd 1 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9.1 dabbfbe0c57b 5 days ago 144MB mcw-httpd xiaoma dabbfbe0c57b 5 days ago 144MB
@3、当我们的httpd升级为httpd:1.9.2时,重新打标签
[root@mcw1 ~/mcwdocker]$ docker tag httpd:latest httpd:v1.9.2 [root@mcw1 ~/mcwdocker]$ docker images httpd:v1.9.2 REPOSITORY TAG IMAGE ID CREATED SIZE httpd v1.9.2 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker tag httpd:latest httpd:v1.9.2 [root@mcw1 ~/mcwdocker]$ docker images httpd:v1.9.2 REPOSITORY TAG IMAGE ID CREATED SIZE httpd v1.9.2 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ docker tag httpd:v1.9.2 mcw-httpd:1 #重新打标签 [root@mcw1 ~/mcwdocker]$ docker tag httpd:v1.9.2 mcw-httpd:1.9 #重新打标签 [root@mcw1 ~/mcwdocker]$ docker tag httpd:v1.9.2 mcw-httpd:xiaoma #重新打标签 [root@mcw1 ~/mcwdocker]$ docker images *httpd* 由镜像id可以看出,这里是同一个镜像。镜像id都是一致的 REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest dabbfbe0c57b 5 days ago 144MB httpd v1.9.2 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9.1 dabbfbe0c57b 5 days ago 144MB mcw-httpd xiaoma dabbfbe0c57b 5 days ago 144MB
@4、当我们升级为httpd:2.0.0时,需要给三个重新打标签
[root@mcw1 ~/mcwdocker]$ docker tag httpd:latest httpd:2.0.0 #生成一个假设的大版本的镜像 [root@mcw1 ~/mcwdocker]$ docker images httpd:2.0.0 REPOSITORY TAG IMAGE ID CREATED SIZE httpd 2.0.0 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ docker tag httpd:2.0.0 mcw-httpd:2 #打标签成需要的三个 [root@mcw1 ~/mcwdocker]$ docker tag httpd:2.0.0 mcw-httpd:2.0 [root@mcw1 ~/mcwdocker]$ docker tag httpd:2.0.0 mcw-httpd:xiaoma2 [root@mcw1 ~/mcwdocker]$ docker images *httpd* REPOSITORY TAG IMAGE ID CREATED SIZE httpd 2.0.0 dabbfbe0c57b 5 days ago 144MB httpd latest dabbfbe0c57b 5 days ago 144MB httpd v1.9.2 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9.1 dabbfbe0c57b 5 days ago 144MB mcw-httpd 2 dabbfbe0c57b 5 days ago 144MB mcw-httpd 2.0 dabbfbe0c57b 5 days ago 144MB mcw-httpd xiaoma dabbfbe0c57b 5 days ago 144MB mcw-httpd xiaoma2 dabbfbe0c57b 5 days ago 144MB
@5、tag删除
[root@mcw1 ~/mcwdocker]$ docker images xiaom* REPOSITORY TAG IMAGE ID CREATED SIZE [root@mcw1 ~/mcwdocker]$ docker images mcw-httpd:xiao* REPOSITORY TAG IMAGE ID CREATED SIZE mcw-httpd xiaoma dabbfbe0c57b 5 days ago 144MB mcw-httpd xiaoma2 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker rmi dabb #因为镜像id有重复的,不能用镜像id删除 Error response from daemon: conflict: unable to delete dabbfbe0c57b (must be forced) - image is referenced in multiple repositories [root@mcw1 ~/mcwdocker]$ docker rmi mcw-httpd #也不能单用名字删除 'Error: No such image: mcw-httpd [root@mcw1 ~/mcwdocker]$ docker rmi mcw-httpd:xiaoma #使用镜像名称加版本进行删除,这是唯一的, Untagged: mcw-httpd:xiaoma #因为如果再次生成同样镜像名称加tag的,那么会覆盖掉原来的,指向新的镜像 [root@mcw1 ~/mcwdocker]$ docker images mcw-httpd:xiao* REPOSITORY TAG IMAGE ID CREATED SIZE mcw-httpd xiaoma2 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker rmi httpd:2.0.0 Untagged: httpd:2.0.0 [root@mcw1 ~/mcwdocker]$ docker rmi httpd:2 Error: No such image: httpd:2 [root@mcw1 ~/mcwdocker]$ [root@mcw1 ~/mcwdocker]$ docker rmi mcw-httpd:2 mcw-httpd:2.0 mcw-httpd:xiaoma2 httpd:v1.9.2 mcw-httpd:1* Untagged: mcw-httpd:2 Untagged: mcw-httpd:2.0 Untagged: mcw-httpd:xiaoma2 Untagged: httpd:v1.9.2 Error response from daemon: invalid reference format [root@mcw1 ~/mcwdocker]$ docker images mcw-httpd* #查看镜像支持通配符 REPOSITORY TAG IMAGE ID CREATED SIZE mcw-httpd 1 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9 dabbfbe0c57b 5 days ago 144MB mcw-httpd 1.9.1 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker rmi mcw-httpd:1* #删除镜像不支持通配符 Error response from daemon: invalid reference format [root@mcw1 ~/mcwdocker]$ docker rmi mcw-httpd:1 mcw-httpd:1.9 mcw-httpd:1.9.1 #删除镜像可以空格符隔开多个镜像,一起删除 Untagged: mcw-httpd:1 Untagged: mcw-httpd:1.9 Untagged: mcw-httpd:1.9.1
使用公共镜像Registry
注册docker hub
https://hub.docker.com/
类似docker hub的地址:https://quay.io/
账号名称/私有仓库名称(mcw)
上传镜像到公共镜像仓库
[root@mcw1 ~/mcwdocker]$ docker login -u machangwei8 #登录docker hub Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@mcw1 ~/mcwdocker]$ docker images httpd* #查看本地镜像 REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker tag httpd:latest machangwei8/mcw-httpd:v2.0.0 #将本地镜像打个标签 [root@mcw1 ~/mcwdocker]$ docker images machangwei8/mcw-httpd:v2.0.0 #查看新打了标签的镜像 REPOSITORY TAG IMAGE ID CREATED SIZE machangwei8/mcw-httpd v2.0.0 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker push machangwei8/mcw-httpd:v2.0.0 #将新镜像push到docker hub上 The push refers to repository [docker.io/machangwei8/mcw-httpd] #因为是登录了docker hub了, deefaa620a71: Mounted from library/httpd #直接docker push 镜像,会直接上传到docker hub上 9cff3206f9a6: Mounted from library/httpd 15e4bf5d0804: Mounted from library/httpd 1da636a1aa95: Mounted from library/httpd 2edcec3590a4: Mounted from library/httpd v2.0.0: digest: sha256:57c1e4ff150e2782a25c8cebb80b574f81f06b74944caf972f27e21b76074194 size: 1365
查看docker hub网站上,已经存在这个镜像
在其它主机上下载这个镜像
进入其它主机mcw2,不登录docker hub ,直接拉取镜像,可以成功拉取。镜像拉取需要指定账号 即 账号/镜像:版本
[root@mcw2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [root@mcw2 ~]# docker pull machangwei8/mcw-httpd:v2.0.0 #下载镜像,指定账号下镜像名称和版本,无需登录docker hub ,上传是需要登录docker hub的 v2.0.0: Pulling from machangwei8/mcw-httpd a2abf6c4d29d: Pull complete dcc4698797c8: Pull complete 41c22baa66ec: Pull complete 67283bbdd4a0: Pull complete d982c879c57e: Pull complete Digest: sha256:57c1e4ff150e2782a25c8cebb80b574f81f06b74944caf972f27e21b76074194 Status: Downloaded newer image for machangwei8/mcw-httpd:v2.0.0 docker.io/machangwei8/mcw-httpd:v2.0.0 [root@mcw2 ~]# docker images #查看已拉取镜像成功 REPOSITORY TAG IMAGE ID CREATED SIZE machangwei8/mcw-httpd v2.0.0 dabbfbe0c57b 5 days ago 144MB
搭建本地Registry
运行仓库报错
[root@mcw1 ~/mcwdocker]$ docker run -d -p 5000:5000 -v /mcwregistry:/var/lib/registry registry:2 Unable to find image 'registry:2' locally 2: Pulling from library/registry 79e9f2f55bf5: Pull complete 0d96da54f60b: Pull complete 5b27040df4a2: Pull complete e2ead8259a04: Pull complete 3790aef225b9: Pull complete Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375 Status: Downloaded newer image for registry:2 WARNING: IPv4 forwarding is disabled. Networking will not work. 459dfd312b6f4799c6749b41376e16650ac2b3d83afaeee84dd678535bc120c3 docker: Error response from daemon: driver failed programming external connectivity on endpoint infallible_feistel (4c023d36c013470121f10e37adeab8133c0597c1c5cc933d8d24a646acaf39b7): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 5000 -j DNAT --to-destination 172.17.0.2:5000 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1)).
参考:https://blog.csdn.net/u013948858/article/details/83115388
如果再启动docker service的时候网关是关闭的,那么docker管理网络的时候就不会操作网管的配置(chain docker),然后网关重新启动了,导致docker network无法对新container进行网络配置,也就是没有网管的操作权限,做重启处理
重启docker,然后重新运行容器
[root@mcw1 ~/mcwdocker]$ systemctl daemon-reload [root@mcw1 ~/mcwdocker]$ systemctl restart docker.service [root@mcw1 ~/mcwdocker]$ docker run -d -p 5000:5000 -v /mcwregistry:/var/lib/registry registry:2 5f32a681a40e44455a9016cb7bc8a365aaaee83470c75988399d93fe7db93a81 重新运行 [root@mcw1 ~/mcwdocker]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 33 seconds ago Up 13 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~/mcwdocker]$
给镜像打标签,并推送到本地仓库失败,以及拉取失败
[root@mcw1 ~/mcwdocker]$ docker images *http* REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest dabbfbe0c57b 5 days ago 144MB mcw-httpd v1.0 dabbfbe0c57b 5 days ago 144MB [root@mcw1 ~/mcwdocker]$ docker tag httpd:latest 10.0.0.131:5000/machangwei/mcw-httpd01:v1 [root@mcw1 ~/mcwdocker]$ docker push 10.0.0.131:5000/machangwei/mcw-httpd01:v1 The push refers to repository [10.0.0.131:5000/machangwei/mcw-httpd01] Get "https://10.0.0.131:5000/v2/": http: server gave HTTP response to HTTPS client [root@mcw2 ~]# docker pull 10.0.0.131:5000/machangwei/mcw-httpd01:v1 Error response from daemon: Get "https://10.0.0.131:5000/v2/": http: server gave HTTP response to HTTPS client
上面的上传和下载都不行
vim /usr/lib/systemd/system/docker.service
执行命令后面添加这个然后重启docker服务就行了。--insecure-registry 10.0.0.131:5000
然后成功推送到本地仓库
[root@mcw1 ~/mcwdocker]$ systemctl daemon-reload [root@mcw1 ~/mcwdocker]$ systemctl restart docker.s Failed to restart docker.s.service: Unit not found. [root@mcw1 ~/mcwdocker]$ systemctl restart docker.service [root@mcw1 ~/mcwdocker]$ systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) ....... CGroup: /system.slice/docker.service └─17525 /usr/bin/dockerd -H fd:// -H tcp://0.0.0.0 --containerd=/run/containerd/containerd.sock --insecure-registry 10.0.0.131:5000 [root@mcw1 ~/mcwdocker]$ docker push 10.0.0.131:5000/machangwei/mcw-httpd01:v1 #在mcw1上上传成功 The push refers to repository [10.0.0.131:5000/machangwei/mcw-httpd01] deefaa620a71: Pushed 9cff3206f9a6: Pushed 15e4bf5d0804: Pushed 1da636a1aa95: Pushed 2edcec3590a4: Pushed v1: digest: sha256:57c1e4ff150e2782a25c8cebb80b574f81f06b74944caf972f27e21b76074194 size: 1365
在mwc2上无法拉取镜像
[root@mcw2 ~]# docker pull 10.0.0.131:5000/machangwei/mcw-httpd01:v1 #在mwc2上无法拉取镜像 Error response from daemon: Get "https://10.0.0.131:5000/v2/": http: server gave HTTP response to HTTPS client
需要在客户端添加配置insecure-registries并重启docker,注意配置要放在第一行,之前放在第二行一直不行
[root@mcw2 ~]# cat /etc/docker/daemon.json { "insecure-registries":["10.0.0.131:5000"] } {"registry-mirrors":["https://hub-mirror.c.163.com/"]} [root@mcw2 ~]# systemctl daemon-reload [root@mcw2 ~]# systemctl restart docker.service
mcw2上成功拉取mcw1的仓库里的本地镜像
[root@mcw2 ~]# docker pull 10.0.0.131:5000/machangwei/mcw-httpd01:v1 #mcw2上成功拉取mcw1的仓库里的本地镜像 v1: Pulling from machangwei/mcw-httpd01 Digest: sha256:57c1e4ff150e2782a25c8cebb80b574f81f06b74944caf972f27e21b76074194 Status: Downloaded newer image for 10.0.0.131:5000/machangwei/mcw-httpd01:v1 10.0.0.131:5000/machangwei/mcw-httpd01:v1 [root@mcw2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.0.0.131:5000/machangwei/mcw-httpd01 v1 dabbfbe0c57b 5 days ago 144MB machangwei8/mcw-httpd v2.0.0 dabbfbe0c57b 5 days ago 144MB
浏览器上访问,啥也没有,仓库好像没有前端的,回头再研究一下
补充查看本地仓库镜像
curl https://<registry domain>/v2/_catalog
[root@mcw1 ~]$ curl http://10.0.0.131:5000/v2/_catalog {"repositories":[]} [root@mcw1 ~]$
参考:https://www.runoob.com/docker/docker-dockerfile.html
参考书籍:每天5分钟玩转docker容器技术
查看远程镜像:https://www.jianshu.com/p/2cb01f03bc99
