docker

命名空间6大要素: 主机名、网络、用户、进程、根目录、信号向量

docker run -it 镜像名：标签

安装前准备:
需要64位操作系统
至少RHEL6.5以上的版本,强烈推荐RHEL7
关闭防火墙(不是必须)安装Docker

软件包列表:
docker-engine
docker-engine-selinux

#systemctl start docker
#systemctl enable docker

Debian系统:debian,ubuntu
rhel系统:rhel,centos

ubuntu系统有2个命令很重要！
apt-get
dpkg

rhel系统和Debian系统，有2大区别！命令的名字变了而已，命令的使用方式都是差不多的！
yum，即debian中的apt-get命令
rpm，即debian中的这dpkg命令
#####################################################################################
镜像常用命令

docker search 搜索镜像
docker pull 下载镜像
docker push 上传镜像
docker images 查看镜像列表
docker history 查看镜像制作历史
docker inspect 查看镜像底层信息
docker save 镜像另存为tar包。如docker save busybox:laster > busybox.tar
docker load 使用tar包导入镜像。如docker load < busybox.tar
docker tag 修改镜像名称和标签,就像创建1个软链接
docker rmi 删除本地镜像
#####################################################################################
容器常用命令

docker run 启动新的容器！运行容器 -i交互式 -t终端 -d后台
docker ps 查看容器列表
docker run -it 镜像名：标签命令（交互）
docker run -d 镜像名：标签 (非交互式)
docker run -itd 镜像名：标签命令（交互式后台进程）
docker ps 显示运行的容器 -a显示所有容器 -q只显示容器ID
docker start|stop|restart 容器ID
docker exec -it 容器ID 命令（/bin/bash）
docker attach 容器ID 很危险的命令！进入容器console终端。一旦进入后exit退出后，容器就完蛋了！如果想让他继续执行，则一直摁住ctrl，然后先按p，再按q
docker inspect 容器ID 显示容器的详细信息
docker top 容器ID 显示容器进程
docker rm 容器ID 删除容器ID
#####################################################################################
PID为1的进程（systemd 根进程）就是系统,即上帝，它是所有进程的父进程。

# pstree -p
显示如下：
systemd(1)─┬─agetty(502)
├─auditd(432)───{auditd}(433)
├─chronyd(489)
├─crond(481)
├─dbus-daemon(457)
├─dockerd(1373)─┬─docker-containe(1378)─┬─docker-containe(5594)─┬─nginx(5607)───nginx(5822)
... ...

ps -ef | grep 12345 待定是否补充
#####################################################################################
真机

准备好yum源
软件包列表:
docker-engine
docker-engine-selinux

# mkdir /var/ftp/docker
# mv docker-engine-* /var/ftp/docker

# ls /var/ftp/docker 准备好下面这2个包
docker-engine-1.12.1-1.el7.centos.x86_64.rpm
docker-engine-selinux-1.12.1-1.el7.centos.noarch.rpm

# createrepo /var/ftp/docker/ 在相应目录生成仓库清单

# vim /etc/yum.repos.d/centos.repo 在yum源配置文件，追加下面内容
... ...
[centos]
name=centos7
baseurl=ftp://192.168.3.254/CentOS7 写相应的yum源位置
enabled=1
gpgcheck=0

# yum clean all
# yum repolist 确认yum源可用

# cd /var/lib/libvirt/images/
# qemu-img create -f qcow2 -b node.img docker01.img 20G
# qemu-img create -f qcow2 -b node.img docker02.img 20G

# cp /root/nsd1808/node.xml /etc/libvirt/qemu/docker01.xml
# vim /etc/libvirt/qemu/docker01.xml 修改相应参数

# cp /root/nsd1808/node.xml /etc/libvirt/qemu/docker02.xml
# vim /etc/libvirt/qemu/docker02.xml 修改相应参数

# cd /etc/libvirt/qemu/
# virsh define docker01.xml
# virsh start docker01
# virsh console docker01

真机另开一个终端
# cd /etc/libvirt/qemu/
# virsh define docker02.xml
# virsh start docker02
# virsh console docker02
#####################################################################################
虚拟机docker01和虚拟机docker02，都执行相同的操作，注意它的主机名和IP是不同的！
docker01的IP是192.168.3.30
docker02的IP是192.168.3.31

# LANG=en_US.UTF-8

# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 20G 0 disk 一共20G
└─vda1 253:1 0 2G 0 part / 根2G

# /usr/bin/growpart /dev/vda 1 扩容根
# /usr/sbin/xfs_growfs / 扩容根的文件系统

# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 20G 0 disk
└─vda1 253:1 0 20G 0 part / 扩容文件系统成功，根20个G

# hostnamectl set-hostname docker01 改主机名
# hostname docker01

# vim /etc/sysconfig/network-scripts/ifcfg-eth0 修改网卡
DEVICE="eth0"
ONBOOT="yes"
IPV6INIT="no"
IPV4_FAILURE_FATAL="no"
NM_CONTROLLED="no"
TYPE="Ethernet"
BOOTPROTO="static"
IPADDR="192.168.3.30" 配固定IP为192.168.3.30
PREFIX=24
GATEWAY=192.168.3.254

# systemctl restart network

# ifconfig 会发现多了一个docker0的网卡
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
... ...
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.30 netmask 255.255.255.0 broadcast 192.168.3.255
... ...

# ping www.baidu.com 能ping通外网百度的网址,才是对的

# yum -y install docker-engine-selinux 先安装selinux
# yum -y install docker-engine
# systemctl restart docker
# systemctl enable docker

# docker images 查看镜像列表，发现现在是空的
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59788edf1f3e 11 weeks ago 1.154 MB
ubuntu latest 452a96d81c30 7 months ago 79.62 MB
centos latest e934aafc2206 8 months ago 198.6 MB
registry latest d1fd7d86a825 11 months ago 33.26 MB
nginx latest a5311a310510 2 years ago 181.4 MB
redis latest 1aa84b1b434e 2 years ago 182.8 MB

# docker search busybox 寻找名叫busybox的镜像，发现有很多
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 1465 [OK]
... ...

# docker pull busybox:latest 下载名叫busybox的镜像
# docker pull httpd

# docker rmi httpd 删除镜像httpd

# docker images 查看镜像列表
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59788edf1f3e 11 weeks ago 1.154 MB 已经有busybox这个镜像了

# docker save busybox:laster >busybox.tar 把镜像导入tar包
# ls
busybox.tar 可以看到已经生成tar包了

# scp busybox.tar 192.168.3.31:/root 传busybox.tar镜像包给虚拟机docker02

在虚拟机docker02上导入镜像
# ls /root/
busybox.tar
# docker load < busybox.tar 导入镜像
#############################################################################
真机传镜像给虚拟机

scp /root/docker_images.zip 192.168.3.30:/root/
scp /root/docker_images.zip 192.168.3.31:/root/
#############################################################################
虚拟机docker01，或虚拟机docker02

# yum provides unzip 查看支持unzip这个命令的程序叫什么
... ...
unzip-6.0-16.el7.x86_64 : A utility for unpacking zip files
... ...

# yum -y install unzip-6.0-16.el7.x86_64 安装该程序
# unzip docker_images.zip 解压zip包，发现生成了同名目录
# cd docker_images
# ls 里面有镜像
centos.tar nginx.tar redis.tar registry.tar registry.tar

# docker load < centos.tar 导入镜像
# docker load < nginx.tar
# docker load < redis.tar
# docker load < registry.tar
# docker load < registry.tar
#############################################################################################
虚拟机docker01，或虚拟机docker02

# docker images 查看镜像列表
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59788edf1f3e 11 weeks ago 1.154 MB
ubuntu latest 452a96d81c30 7 months ago 79.62 MB
centos latest e934aafc2206 8 months ago 198.6 MB
registry latest d1fd7d86a825 11 months ago 33.26 MB
nginx latest a5311a310510 2 years ago 181.4 MB
redis latest 1aa84b1b434e 2 years ago 182.8 MB

除了registry这个镜像外，试着进入其他容器

# docker ps 查看当前运行的容器，发现现在是空的
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

# docker run -it centos 运行1个新容器新容器centosrun！当我们进入后，exit退出，会直接关闭该容器！但是镜像并没有删除，相当于停止了该服务，死了！
[root@db13fd15fa40 /]# ls 可以看到前面的标志变了，说明进到容器里面了
anaconda-post.log dev home lib64 mnt proc run srv tmp var
bin etc lib media opt root sbin sys usr

# ifconfig
bash: ifconfig: command not found

[root@db13fd15fa40 /]# cd /etc/yum.repos.d/
[root@db13fd15fa40 yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-fasttrack.repo
CentOS-CR.repo CentOS-Media.repo CentOS-Vault.repo

[root@db13fd15fa40 yum.repos.d]# rm -rf *
[root@db13fd15fa40 yum.repos.d]# vi centos.repo
[centos]
name=centos
baseurl=ftp://192.168.3.254/CentOS7
enabled=1
gpgcheck=0

[root@db13fd15fa40 yum.repos.d]# yum provides ifconfig 查看支持ifconfig这个命令的程序叫什么
... ...
net-tools-2.0-0.22.20131004git.el7.x86_64 : Basic networking tools
... ...

[root@db13fd15fa40 yum.repos.d]# yum -y install net-tools 安装该程序

[root@db13fd15fa40 yum.repos.d]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.4 netmask 255.255.0.0 broadcast 0.0.0.0 可以看到eth0的IP变成了172.17.0.4
... ...

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
... ...

[root@db13fd15fa40 yum.repos.d]# ping www.baidu.com 可以ping通百度
[root@db13fd15fa40 yum.repos.d]# exit
exit
[root@docker02 ~]#

[root@docker02 ~]# docker ps 当前没有运行的容器，因为run是运行1个新容器！当exit退出会直接关闭该容器，但是镜像并没有删除，相当于停止了该服务，死了！
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

[root@docker02 ~]# docker ps -a 选项-a是查看所有容器，不管是运行的还是关闭的，都能看到！
##################################################################################
虚拟机docker01，或虚拟机docker02

启动1个容器nginx
修改默认首页是hello nsd1809
特别要求：不准使用find命令

# docker run -itd nginx 后端运行nginx
显示如下：
b6369c1568840a1909e19008bfe41c55eb8abc28c602a854451b98f778ffa727

[root@docker02 ~]# docker ps 查看到当前nginx的id号是b6369c156884，记住开头数字是b6，和其他程序的id号不一样，可以唯一标识
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6369c156884 nginx "nginx -g 'daemon off" 31 seconds ago Up 29 seconds 80/tcp, 443/tcp reverent_bose

[root@docker02 ~]# docker ps -q
b6369c156884

[root@docker02 ~]# docker exec -it b6 bash 用exec来进入id号是b6开头的nginx容器

root@b6369c156884:/# cd /etc/nginx/conf.d/ 进入到存放配置文件的目录
root@b6369c156884:/etc/nginx/conf.d# ls 看一下有什么文件
default.conf

root@b6369c156884:/etc/nginx/conf.d# cat default.conf | grep root 在配置文件里搜索默认网页根目录
root /usr/share/nginx/html; 这就是默认网页根目录
... ...

root@b6369c156884:/# cat /etc/nginx/conf.d/default.conf 也可以直接查看配置文件，在里面搜索默认的网页根目录
... ...
location / {
root /usr/share/nginx/html; 这就是默认的网页根目录
index index.html index.htm; 这是默认的首页文件名
... ...

root@b6369c156884:/etc/nginx/conf.d# cd /usr/share/nginx/html 进入到默认的网页根目录
root@b6369c156884:/usr/share/nginx/html# ls 看一下里面有什么文件
50x.html index.html

root@b6369c156884:/usr/share/nginx/html# echo "hello nsd1808 nginx" > index.html 直接echo修改首页文件的内容
root@b6369c156884:/usr/share/nginx/html# cat index.html
hello nsd1808 nginx

新开一个终端，也进入这个虚拟机
[root@docker02 ~]# docker inspect -f '{{.NetworkSettings.IPAddress}}' b6 查看id号是b6的httpd的IP地址是多少
172.17.0.2

[root@docker02 ~]# curl http://172.17.0.2/ 访问它的IP地址
hello nsd1808 nginx 看到这就是我们刚刚修改的首页文件的内容，证明修改成功！
##################################################################################
虚拟机docker01，或虚拟机docker02

启动1个容器apache
修改默认首页是hello nsd1809 httpd
特别要求：不准使用find命令

[root@docker02 ~]# docker search httpd 寻找httpd镜像
[root@docker02 ~]# docker pull httpd 下载httpd镜像
[root@docker02 ~]# docker images 查看当前的所有镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest 2a51bb06dc8b 5 weeks ago 131.6 MB
... ...

[root@docker02 ~]# docker run -itd httpd 后端运行httpd
显示如下：
4340dc45ad6035174ee9ac87ce22e346726bca2d2ca9bb21d9c9a30d31dd572d

[root@docker02 ~]# docker ps 查看到当前httpd的id号是4340dc45ad60，记住开头数字是43，和其他程序的id号不一样，可以唯一标识
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4340dc45ad60 httpd "httpd-foreground" 9 seconds ago Up 5 seconds 80/tcp clever_hoover
... ...

[root@docker02 ~]# docker exec -it 43 bash 用exec来进入id号是43开头的httpd容器

root@4340dc45ad60:/usr/local/apache2# ls 进入后它默认进入这个目录,查看一下里面有什么东西
bin build cgi-bin conf error htdocs icons include logs modules

root@4340dc45ad60:/usr/local/apache2# pwd 查看当前目录路径
/usr/local/apache2

root@4340dc45ad60:/usr/local/apache2# cd conf/ 进入到存放配置文件的默认目录conf
root@4340dc45ad60:/usr/local/apache2/conf# ls 看一下有什么文件
extra httpd.conf magic mime.types original

root@4340dc45ad60:/usr/local/apache2/conf# cat httpd.conf | grep DocumentRoot 在配置文件里搜索默认的网页根目录
# DocumentRoot: The directory out of which you will serve your
DocumentRoot "/usr/local/apache2/htdocs" 这就是默认的网页根目录
# access content that does not live under the DocumentRoot.

root@4340dc45ad60:/usr/local/apache2/conf# cd /usr/local/apache2/htdocs 进入到默认的网页根目录
root@4340dc45ad60:/usr/local/apache2/htdocs# ls 可以看到默认的首页文件
index.html

root@4340dc45ad60:/usr/local/apache2/htdocs# echo "hello nsd1808 httpd" > index.html 直接echo修改首页文件的内容
root@4340dc45ad60:/usr/local/apache2/htdocs# cat index.html
hello nsd1808 httpd

新开一个终端，也进入这个虚拟机
[root@docker02 ~]# docker inspect -f '{{.NetworkSettings.IPAddress}}' 43 查看id号是43的httpd的IP地址是多少
172.17.0.3
[root@docker02 ~]# curl http://172.17.0.3/ 访问它的IP地址
hello nsd1808 httpd 看到这就是我们刚刚修改的首页文件的内容，证明修改成功！
#############################################################################################
参考

# pstree --help

显示如下：
pstree: unrecognized option '--help'
Usage: pstree [ -a ] [ -c ] [ -h | -H PID ] [ -l ] [ -n ] [ -p ] [ -g ] [ -u ]
[ -A | -G | -U ] [ PID | USER ]
pstree -V
Display a tree of processes.

-a, --arguments show command line arguments
-A, --ascii use ASCII line drawing characters
-c, --compact don't compact identical subtrees
-h, --highlight-all highlight current process and its ancestors
-H PID,
--highlight-pid=PID highlight this process and its ancestors
-g, --show-pgids show process group ids; implies -c
-G, --vt100 use VT100 line drawing characters
-l, --long don't truncate long lines
-n, --numeric-sort sort output by PID
-N type,
--ns-sort=type sort by namespace type (ipc, mnt, net, pid, user, uts)
-p, --show-pids show PIDs; implies -c
-s, --show-parents show parents of the selected process
-S, --ns-changes show namespace transitions
-u, --uid-changes show uid transitions
-U, --unicode use UTF-8 (Unicode) line drawing characters
-V, --version display version information
-Z,
--security-context show SELinux security contexts
PID start at this PID; default is 1 (init)
USER show only trees rooted at processes of this user
#############################################################################################
参考

# pstree -p
systemd(1)─┬─agetty(490)
├─auditd(401)───{auditd}(402)
├─chronyd(485)
├─crond(479)
├─dbus-daemon(466)
├─dockerd(1380)─┬─docker-containe(1385)─┬─{docker-containe}(1386)
│ │ ├─{docker-containe}(1389)
│ │ ├─{docker-containe}(1390)
│ │ ├─{docker-containe}(1391)
│ │ ├─{docker-containe}(1392)
│ │ ├─{docker-containe}(1393)
│ │ ├─{docker-containe}(1502)
│ │ ├─{docker-containe}(2194)
│ │ ├─{docker-containe}(2206)
│ │ ├─{docker-containe}(2643)
│ │ └─{docker-containe}(3115)
│ ├─{dockerd}(1381)
│ ├─{dockerd}(1382)
│ ├─{dockerd}(1383)
│ ├─{dockerd}(1384)
│ ├─{dockerd}(1387)
│ ├─{dockerd}(1388)
│ ├─{dockerd}(1394)
│ ├─{dockerd}(1396)
│ ├─{dockerd}(1426)
│ ├─{dockerd}(1558)
│ └─{dockerd}(1696)
├─irqbalance(474)
├─login(491)───bash(857)
├─master(851)─┬─pickup(4439)
│ └─qmgr(853)
├─polkitd(475)─┬─{polkitd}(495)
│ ├─{polkitd}(497)
│ ├─{polkitd}(501)
│ ├─{polkitd}(504)
│ └─{polkitd}(505)
├─qemu-ga(476)
├─rsyslogd(462)─┬─{rsyslogd}(469)
│ └─{rsyslogd}(471)
├─sshd(750)───sshd(1296)───bash(1298)───pstree(4463)
├─systemd-journal(338)
├─systemd-logind(465)
├─systemd-udevd(359)
└─tuned(751)─┬─{tuned}(796)
├─{tuned}(797)
├─{tuned}(798)
└─{tuned}(799)

##################################################################################################################
参考

# docker help run
显示如下：
Options:
--add-host value Add a custom host-to-IP mapping (host:ip) (default [])
-a, --attach value Attach to STDIN, STDOUT or STDERR (default [])
--blkio-weight value Block IO (relative weight), between 10 and 1000
--blkio-weight-device value Block IO weight (relative device weight) (default [])
--cap-add value Add Linux capabilities (default [])
--cap-drop value Drop Linux capabilities (default [])
--cgroup-parent string Optional parent cgroup for the container
--cidfile string Write the container ID to the file
--cpu-percent int CPU percent (Windows only)
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
-c, --cpu-shares int CPU shares (relative weight)
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
-d, --detach Run container in background and print container ID
--detach-keys string Override the key sequence for detaching a container
--device value Add a host device to the container (default [])
--device-read-bps value Limit read rate (bytes per second) from a device (default [])
--device-read-iops value Limit read rate (IO per second) from a device (default [])
--device-write-bps value Limit write rate (bytes per second) to a device (default [])
--device-write-iops value Limit write rate (IO per second) to a device (default [])
--disable-content-trust Skip image verification (default true)
--dns value Set custom DNS servers (default [])
--dns-opt value Set DNS options (default [])
--dns-search value Set custom DNS search domains (default [])
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env value Set environment variables (default [])
--env-file value Read in a file of environment variables (default [])
--expose value Expose a port or a range of ports (default [])
--group-add value Add additional groups to join (default [])
--health-cmd string Command to run to check health
--health-interval duration Time between running the check
--health-retries int Consecutive failures needed to report unhealthy
--health-timeout duration Maximum time to allow one check to run
--help Print usage
-h, --hostname string Container host name
-i, --interactive Keep STDIN open even if not attached
--io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only)
--io-maxiops uint Maximum IOps limit for the system drive (Windows only)
--ip string Container IPv4 address (e.g. 172.30.100.104)
--ip6 string Container IPv6 address (e.g. 2001:db8::33)
--ipc string IPC namespace to use
--isolation string Container isolation technology
--kernel-memory string Kernel memory limit
-l, --label value Set meta data on a container (default [])
--label-file value Read in a line delimited file of labels (default [])
--link value Add link to another container (default [])
--link-local-ip value Container IPv4/IPv6 link-local addresses (default [])
--log-driver string Logging driver for the container
--log-opt value Log driver options (default [])
--mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33)
-m, --memory string Memory limit
--memory-reservation string Memory soft limit
--memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--name string Assign a name to the container
--network string Connect a container to a network (default "default")
--network-alias value Add network-scoped alias for the container (default [])
--no-healthcheck Disable any container-specified HEALTHCHECK
--oom-kill-disable Disable OOM Killer
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000)
--pid string PID namespace to use
--pids-limit int Tune container pids limit (set -1 for unlimited)
--privileged Give extended privileges to this container
-p, --publish value Publish a container's port(s) to the host (default [])
-P, --publish-all Publish all exposed ports to random ports
--read-only Mount the container's root filesystem as read only
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits
--runtime string Runtime to use for this container
--security-opt value Security Options (default [])
--shm-size string Size of /dev/shm, default value is 64MB
--sig-proxy Proxy received signals to the process (default true)
--stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM")
--storage-opt value Storage driver options for the container (default [])
--sysctl value Sysctl options (default map[])
--tmpfs value Mount a tmpfs directory (default [])
-t, --tty Allocate a pseudo-TTY
--ulimit value Ulimit options (default [])
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use
--uts string UTS namespace to use
-v, --volume value Bind mount a volume (default [])
--volume-driver string Optional volume driver for the container
--volumes-from value Mount volumes from the specified container(s) (default [])
-w, --workdir string Working directory inside the container

posted @ 2019-04-30 22:46 安于夏阅读(284) 评论(0) 编辑收藏举报

刷新页面返回顶部

docker

公告