Docker入门
Docker简介
安装Docker
1.连不上,下载docker源失败,不用官方的源了
[root@centos-02 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:25 --:--:-- 0
curl: (35) TCP connection reset by peer
[root@centos-02 ~]#
2.我们直接下载rpm包
https://coding.net/u/aminglinux/p/yuanke_centos7/git/tree/master/25docker?public=true
3.下载完成后上传到linux,yum安装
[root@centos-02 ~]# yum install -y docker-ce-17.09.0.ce-1.el7.centos.x86_64.rpm
4.安装成功,启动docker
Dependency Installed: audit-libs-python.x86_64 0:2.8.1-3.el7 checkpolicy.x86_64 0:2.5-6.el7 container-selinux.noarch 2:2.55-1.el7 libcgroup.x86_64 0:0.41-15.el7 libseccomp.x86_64 0:2.3.1-3.el7 libsemanage-python.x86_64 0:2.5-11.el7 policycoreutils-python.x86_64 0:2.5-22.el7 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-2.el7 Dependency Updated: audit.x86_64 0:2.8.1-3.el7 audit-libs.x86_64 0:2.8.1-3.el7 libselinux.x86_64 0:2.5-12.el7 libselinux-devel.x86_64 0:2.5-12.el7 libselinux-python.x86_64 0:2.5-12.el7 libselinux-utils.x86_64 0:2.5-12.el7 libsemanage.x86_64 0:2.5-11.el7 libsepol.x86_64 0:2.5-8.1.el7 libsepol-devel.x86_64 0:2.5-8.1.el7 policycoreutils.x86_64 0:2.5-22.el7 selinux-policy.noarch 0:3.13.1-192.el7_5.3 selinux-policy-targeted.noarch 0:3.13.1-192.el7_5.3 Complete! [root@centos-02 ~]# [root@centos-02 ~]# systemctl start docker [root@centos-02 ~]# ps aux|grep docker root 31877 9.1 2.7 574124 27172 ? Ssl 09:45 0:01 /usr/bin/dockerd root 31881 1.5 0.5 264044 5512 ? Ssl 09:45 0:00 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout
2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc root 32013 0.0 0.0 112664 932 pts/1 R+ 09:46 0:00 grep --color=auto docker [root@centos-02 ~]#
5.我们查看下docker自动生成的iptables规则
[root@centos-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 1935 packets, 487K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2003 packets, 489K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@centos-02 ~]#
6.但是这些规则没有被保存,如果想保存需要执行命令,这样规则就保存了
[root@centos-02 ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Wed Mar 7 22:35:20 2018 *filter :INPUT ACCEPT [57:4257] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [65:4632] COMMIT # Completed on Wed Mar 7 22:35:20 2018 [root@centos-02 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@centos-02 ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Mon Jun 18 09:51:47 2018 *nat :PREROUTING ACCEPT [32:2589] :INPUT ACCEPT [32:2589] :OUTPUT ACCEPT [244:17479] :POSTROUTING ACCEPT [244:17479] :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE -A DOCKER -i docker0 -j RETURN COMMIT # Completed on Mon Jun 18 09:51:47 2018 # Generated by iptables-save v1.4.21 on Mon Jun 18 09:51:47 2018 *filter :INPUT ACCEPT [4917:1262382] :FORWARD DROP [0:0] :OUTPUT ACCEPT [5074:1270513] :DOCKER - [0:0] :DOCKER-ISOLATION - [0:0] :DOCKER-USER - [0:0] -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A DOCKER-ISOLATION -j RETURN -A DOCKER-USER -j RETURN COMMIT # Completed on Mon Jun 18 09:51:47 2018 [root@centos-02 ~]#
镜像管理
1.拉取centos镜像
[root@centos-02 ~]# docker pull centos
2.可以配置阿里云加速器,到阿里云申请,也可以用别人的,编辑daemon.json文件
[root@centos-02 ~]# vim /etc/docker/daemon.json
[root@centos-02 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://dhq9bk4f.mirror.aliyuncs.com"]
}
[root@centos-02 ~]#
3.重启docker,再次尝试拉取
[root@centos-02 ~]# systemctl restart docker [root@centos-02 ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos 7dc0dca2b151: Pull complete Digest: sha256:b67d21dfe609ddacf404589e04631d90a342921e81c40aeaf3391f6717fa5322 Status: Downloaded newer image for centos:latest [root@centos-02 ~]#
4.docker images查看本地镜像
[root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos latest 49f7960eb7e4 13 days ago 200MB [root@centos-02 ~]#
5.docker和git挺像,docker search命令可以搜索镜像
[root@centos-02 ~]# docker search lnmp
6.docker tag给镜像打标签,(修改镜像名,标签名)
[root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos latest 49f7960eb7e4 13 days ago 200MB [root@centos-02 ~]# docker tag centos linux_centos:88888888 [root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE linux_centos 88888888 49f7960eb7e4 13 days ago 200MB centos latest 49f7960eb7e4 13 days ago 200MB [root@centos-02 ~]#
7.docker run -itd centos把镜像启动成容器
[root@centos-02 ~]# docker run -itd centos (-i 表示让容器的标准输入打开 -t 分配一个伪终端 -d 表示后台运行) 815adfd9da6102f716e1c7e3708f9bbfdaa7318fd31ca01743174aaf080d4110 [root@centos-02 ~]#
8.docker ps查看运行的容器 -a选项查看所有的包括启动的没启动的
[root@centos-02 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 815adfd9da61 centos "/bin/bash" About a minute ago Up About a minute distracted_mahavira [root@centos-02 ~]#
9.docker rmi ***:*** 删除一个镜像tag,如果跟的是image id则删除的是整个镜像
[root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE linux_centos 88888888 49f7960eb7e4 13 days ago 200MB centos latest 49f7960eb7e4 13 days ago 200MB [root@centos-02 ~]# docker rmi linux_centos:88888888 Untagged: linux_centos:88888888 [root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos latest 49f7960eb7e4 13 days ago 200MB [root@centos-02 ~]#
通过容器创建镜像
1.我们可以直接去官方拉取镜像,我们也可以自定义镜像,假如我们拉取了一个centos,里面什么也没有,我想安装一些环境lnmp,我们就可以在容器里面做一些变更,按完lnmp后我们可以将容器放到镜像里,这样我们就可以直接用这个镜像,把它搞到别的机器上去了,怎么进到一个启动的容器里面呢?
[root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos latest 49f7960eb7e4 13 days ago 200MB [root@centos-02 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 815adfd9da61 centos "/bin/bash" 10 hours ago Up 10 hours distracted_mahavira [root@centos-02 ~]# docker exec -it 815adf bash (-it后面跟容器id,bash是为了开启一个bash的进程) [root@815adfd9da61 /]#
[root@815adfd9da61 /]# ls
bin etc lib media opt root sbin sys usr
dev home lib64 mnt proc run srv tmp var
[root@815adfd9da61 /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 18G 6.2G 12G 35% /
tmpfs 64M 0 64M 0% /dev
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/sda3 18G 6.2G 12G 35% /etc/hosts
shm 64M 0 64M 0% /dev/shm
tmpfs 489M 0 489M 0% /sys/firmware
[root@815adfd9da61 /]# free
total used free shared buff/cache available
Mem: 999936 400344 85196 3436 514396 371620
Swap: 2097148 11452 2085696
[root@815adfd9da61 /]#
2.安装nettool
[root@815adfd9da61 /]# ifconfig bash: ifconfig: command not found [root@815adfd9da61 /]# yum install -y net-tools Loaded plugins: fastestmirror, ovl
[root@815adfd9da61 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 1594 bytes 9946998 (9.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1388 bytes 81895 (79.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 24 bytes 2112 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 2112 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@815adfd9da61 /]#
[root@815adfd9da61 /]# exit
exit
[root@centos-02 ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:eeff:fedc:8689 prefixlen 64 scopeid 0x20<link>
ether 02:42:ee:dc:86:89 txqueuelen 0 (Ethernet)
RX packets 1388 bytes 62463 (60.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1586 bytes 9946350 (9.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.133.88 netmask 255.255.255.0 broadcast 192.168.133.255
inet6 fe80::b646:159d:d0ac:4cbe prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:33:1b:3e txqueuelen 1000 (Ethernet)
RX packets 301341 bytes 173250983 (165.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 226372 bytes 44831585 (42.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 442423 bytes 126835426 (120.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 442423 bytes 126835426 (120.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vetha5e339e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 (每开启一个容器都有一个新的网卡)
inet6 fe80::60b7:f0ff:fe60:7daa prefixlen 64 scopeid 0x20<link>
ether 62:b7:f0:60:7d:aa txqueuelen 0 (Ethernet)
RX packets 1388 bytes 81895 (79.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1594 bytes 9946998 (9.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos-02 ~]#
3.将容器做成镜像
[root@centos-02 ~]# docker commit -m "install net-tools" -a "linux_centos" 815adfd9da61 centos_with_net sha256:f6e3f4365ee8c91bf60822d2bc88e9ee8e039eeeb7176ab2388cf9f0420d715b [root@centos-02 ~]#
4.新的镜像做成,这样centos_with_net就是带ifconfig命令的镜像了,假如我们再开一个容器出来可以直接用这个镜像,就不用再安装net-tools了
[root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos_with_net latest f6e3f4365ee8 57 seconds ago 276MB centos latest 49f7960eb7e4 13 days ago 200MB [root@centos-02 ~]#
[root@centos-02 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d9199c2c8f0b centos_with_net "bash" 3 minutes ago Up 3 minutes nifty_hawking 7ba15e8f1a7e centos_with_net "/bin/bash" 4 minutes ago Up 3 minutes ecstatic_goldwasser 815adfd9da61 centos "/bin/bash" 11 hours ago Up 11 hours distracted_mahavira [root@centos-02 ~]# docker exec -it nifty_hawking bash [root@d9199c2c8f0b /]#
5.这样我们可以直接执行ifconfig了
[root@d9199c2c8f0b /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.4 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:ac:11:00:04 txqueuelen 0 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@d9199c2c8f0b /]#
通过模板创建镜像
1.可以从openvz的官网下载模板,我们这里下载centos6的模板
http://download.openvz.org/template/precreated/centos-6-x86-minimal.tar.gz
2.Windows下载完之后可以用rz命令上传到虚拟机
[root@centos-02 ~]# rz [root@centos-02 ~]# du -sh centos-6-x86-minimal.tar.gz 201M centos-6-x86-minimal.tar.gz [root@centos-02 ~]#
3.将模板导成镜像
[root@centos-02 ~]# cat centos-6-x86-minimal.tar.gz |docker import - centos6 sha256:9aae4b974d363bb490c92d33f0d5d70f05433f1e1d0691cd4a5aee9e83efd797 [root@centos-02 ~]#
4.查看镜像,centos6镜像导入成功
[root@centos-02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 9aae4b974d36 2 minutes ago 512MB
centos_with_net latest f6e3f4365ee8 2 days ago 276MB
centos latest 49f7960eb7e4 2 weeks ago 200MB
[root@centos-02 ~]#
5.下面我们用这个镜像启动一个容器
[root@centos-02 ~]# docker run -itd centos6 bash WARNING: IPv4 forwarding is disabled. Networking will not work. 94b9eab05296342eb5e83b907cfcc2d7b0616b9e73f540ed3ee14ca575ad1bc6 [root@centos-02 ~]# docker exec -it 94b9ea bash [root@94b9eab05296 /]#
6.在容器中查看镜像版本
[root@94b9eab05296 /]# cat /etc/issue CentOS release 6.8 (Final) Kernel \r on an \m [root@94b9eab05296 /]#
[root@94b9eab05296 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:05
inet addr:172.17.0.5 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@94b9eab05296 /]# uname -a
Linux 94b9eab05296 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@94b9eab05296 /]#
7.导出镜像
[root@94b9eab05296 /]# exit exit [root@centos-02 ~]# docker save -o centos7_with_nettool.tar centos_with_net [root@centos-02 ~]# du -sh centos7_with_nettool.tar 272M centos7_with_nettool.tar [root@centos-02 ~]#
8.恢复镜像,恢复之前我们先把原来的镜像删掉,先删容器再删镜像
[root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos6 latest 9aae4b974d36 About an hour ago 512MB centos_with_net latest f6e3f4365ee8 2 days ago 276MB centos latest 49f7960eb7e4 2 weeks ago 200MB [root@centos-02 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 94b9eab05296 centos6 "bash" About an hour ago Up About an hour elegant_minsky d9199c2c8f0b centos_with_net "bash" 2 days ago Up 2 days nifty_hawking 7ba15e8f1a7e centos_with_net "/bin/bash" 2 days ago Up 2 days ecstatic_goldwasser 815adfd9da61 centos "/bin/bash" 3 days ago Up 3 days distracted_mahavira [root@centos-02 ~]# docker rm -f d9199c2c8f0b d9199c2c8f0b [root@centos-02 ~]#
[root@centos-02 ~]# docker rmi f6e3f4365ee8 Error response from daemon: conflict: unable to delete f6e3f4365ee8 (cannot be forced) - image is being used by running container 7ba15e8f1a7e [root@centos-02 ~]# docker rm -f 7ba15e8f1a7e 7ba15e8f1a7e [root@centos-02 ~]# docker rmi f6e3f4365ee8 Untagged: centos_with_net:latest Deleted: sha256:f6e3f4365ee8c91bf60822d2bc88e9ee8e039eeeb7176ab2388cf9f0420d715b Deleted: sha256:b86fefbb14a467d69490cc85275585032c43a038488859d0a863040ed508a665 [root@centos-02 ~]#
9.导入镜像,centos_with_net镜像又回来了
[root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos6 latest 9aae4b974d36 About an hour ago 512MB centos latest 49f7960eb7e4 2 weeks ago 200MB [root@centos-02 ~]# docker load < centos7_with_nettool.tar 7ba39064c8e1: Loading layer 76.59MB/76.59MB Loaded image: centos_with_net:latest [root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos6 latest 9aae4b974d36 About an hour ago 512MB centos_with_net latest f6e3f4365ee8 2 days ago 276MB centos latest 49f7960eb7e4 2 weeks ago 200MB [root@centos-02 ~]#
