docker1
(1).查看内核
[kiosk@miaomiao yum.repos.d]$ uname -r
3.10.0-327.el7.x86_64
[kiosk@miaomiao yum.repos.d]$ cat /etc/os-release ##
NAME="Red Hat Enterprise Linux Server"
VERSION="7.2 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="7.2"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.2 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.2:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.2"
(2).docker 容器管理
# docker run -it --name vm1 ubuntu bash 创建容器
# docker ps -a 查看容器状态
# docker attach vm1 连接容器
# docker top vm1 查看容器进程
# docker logs vm1 查看容器指令输出 -f 参数可以实时查看
# docker inspect vm1 查看容器详情
# docker stats vm1 查看容器资源使用率
# docker diff vm1 查看容器修改# docker run -d --name vm1 ubuntu bash -c "while true; do echo westos; sleep 1; done" 后台运行
# docker stop vm1 停止容器
# docker start vm1 启动容器
# docker kill vm1 强制干掉容器
# docker restart vm1 重启容器
# docker pause/unpause vm1 暂停/恢复容器
# docker rm vm1 删除容器
# docker export vm1 > vm1.tar 导出容器
# docker import vm1.tar image 导入容器为镜像 image
[root@miaomiao Desktop]# docker load -i nginx.tar
[root@miaomiao Desktop]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2017-05-09 10:07:51 CST; 3h 14min ago
Docs: https://docs.docker.com
Main PID: 9896 (docker)
CGroup: /system.slice/docker.service
└─9896 /usr/bin/docker daemon -H fd:// --bip 192.168.0.222/24 --in...
May 09 11:15:40 miaomiao docker[9896]: time="2017-05-09T11:15:40.390826087+...d"
May 09 11:16:06 miaomiao docker[9896]: time="2017-05-09T11:16:06.564389245+...f"
May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.229044064+...0"
May 09 11:18:47 miaomiao docker[9896]: time="2017-05-09T11:18:47.275173249+...0"
May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988404710+...]"
May 09 11:19:15 miaomiao docker[9896]: time="2017-05-09T11:19:15.988436872+...]"
May 09 11:29:58 miaomiao docker[9896]: time="2017-05-09T11:29:58.156325714+08...
May 09 11:31:20 miaomiao docker[9896]: time="2017-05-09T11:31:20.821704586+08...
May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206451035+...]"
May 09 11:31:43 miaomiao docker[9896]: time="2017-05-09T11:31:43.206484521+...]"
Hint: Some lines were ellipsized, use -l to show in full.
(21).docker 参数
[root@miaomiao Desktop]# docker version ##版本
Client:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
[root@miaomiao Desktop]# docker images ##查看本地镜像
[root@miaomiao Desktop]# docker run -it --name vm0 ubuntu ##创建容器vm0
root@2f0275b71c7b:/#
root@2f0275b71c7b:/# [root@miaomiao Desktop]#docker attach vm0 ##'Ctrl + p +q'在后台运行,attach 连接容器
[root@miaomiao Desktop]# docker run -it ubuntu
root@b2e45a701946:/# [root@miaomiao Desktop]# docker ps -a ##查看容器状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b2e45a701946 ubuntu "/bin/bash" 17 seconds ago Up 14 seconds serene_ride
2f0275b71c7b ubuntu "/bin/bash" 10 minutes ago Up 58 seconds vm0
[root@miaomiao Desktop]# docker stop serene_ride
serene_ride
[root@miaomiao Desktop]# docker rm serene_ride
serene_ride
##commit ##更新镜像
[root@miaomiao backup]# docker run -it --name vm1 ubuntu
root@424c3479a001:/#
root@424c3479a001:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@424c3479a001:/# touch file{1..10}
root@424c3479a001:/# ls
bin dev file1 file2 file4 file6 file8 home lib64 mnt proc run srv tmp var
boot etc file10 file3 file5 file7 file9 lib media opt root sbin sys usr
root@424c3479a001:/# [root@miaomiao backup]# docker commit vm1 ubuntu:v1
sha256:6d42725a81105bd6265b5d1d0e5e29cb64988c558f4566cafc5c0752c25015bc
[root@miaomiao backup]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao backup]# docker history ubuntu:v1
IMAGE CREATED CREATED BY SIZE COMMENT
6d42725a8110 About a minute ago /bin/bash 0 B ##原本4层,新加了一层,最多127层
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao backup]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 6d42725a8110 About a minute ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[root@miaomiao backup]# docker stop vm1
vm1
[root@miaomiao backup]# docker rm vm1
vm1
[root@miaomiao backup]# docker run -it --name vm2 ubuntu:v1
root@005818c2d392:/#
root@005818c2d392:/# ls
bin dev file1 file2 file4 file6 file8 home lib64 mnt proc run srv tmp var
boot etc file10 file3 file5 file7 file9 lib media opt root sbin sys usr
root@005818c2d392:/#
[root@miaomiao Desktop]# docker attach vm0
root@2f0275b71c7b:/#
root@2f0275b71c7b:/# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
root@2f0275b71c7b:/# exit
exit
[root@miaomiao Desktop]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f0275b71c7b ubuntu "/bin/bash" 14 minutes ago Exited (0) 10 seconds ago
[root@miaomiao Desktop]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao Desktop]# docker commit vm0 ubuntu:v0 ##更新镜像ubuntu
sha256:1990c428381bc97798ff8a561a4948e185fe6678b7ec642041299a6e9dfb4e3d
[root@miaomiao Desktop]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v0 1990c428381b 29 seconds ago 187.9 MB
ubuntu v6 c106646cac34 3 hours ago 187.9 MB
ubuntu vm1 e152ab232884 3 hours ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[root@miaomiao Desktop]# docker history ubuntu:v0
IMAGE CREATED CREATED BY SIZE COMMENT
1990c428381b 5 minutes ago /bin/bash 13 B
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@miaomiao Desktop]# docker run -it --name vm0 ubuntu:v0
[root@miaomiao Desktop]# docker run -d nginx ##-d后台运行
dc0256224c5e0d439dbfcf07d1b5ab5eb636f550b7d46a4432e527b43ffb1a35
[root@miaomiao Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc0256224c5e nginx "nginx -g 'daemon off" 18 seconds ago Up 16 seconds 80/tcp, 443/tcp drunk_franklin
2f0275b71c7b ubuntu "/bin/bash" 44 minutes ago Up 29 minutes vm0
[root@miaomiao Desktop]# for i in {1..5};do docker run -d nginx;done
a576e9dc0943342646c79188e4ac226fd8fc761ca573390ebb4fbb451754340a
ef2c0d97aef90d231c43e2f6b474e43565be694b777f205333a99e93f0af9501
6ffa5fd9abd3282a88c8c1f7d6e7c41a20067d73915ea81900dc31118d4ff92d
fe530950f5fb6f678291658bcd404e1a8aca095c53de6126b16d605d90d6717c
80664f333a75f83c1f8c4144a55ec6a98ef1dc4eeca031966e2b8e0d52955bf6
[root@miaomiao Desktop]# docker stop `docker ps -aq`
80664f333a75
fe530950f5fb
6ffa5fd9abd3
ef2c0d97aef9
a576e9dc0943
dc0256224c5e
2f0275b71c7b
[root@miaomiao Desktop]# docker rm `docker ps -aq`
80664f333a75
fe530950f5fb
[root@miaomiao Desktop]# docker cp ml vm0:/ ##复制本地文件ml到容器vm0的/目录下
[root@miaomiao Desktop]# docker attach vm0
root@fb7a26874f00:/# ls
bin dev home lib64 ml opt root sbin sys usr
boot etc lib media mnt proc run srv tmp var
root@fb7a26874f00:/# rm -fr ml
root@fb7a26874f00:/# [root@miaomiao Desktop]# docker attach v^C
[root@miaomiao Desktop]# docker logs vm0 ##查看容器指令输出 -f 参数可以实时查看
root@fb7a26874f00:/#
root@fb7a26874f00:/# ls
bin dev home lib64 ml opt root sbin sys usr
boot etc lib media mnt proc run srv tmp var
root@fb7a26874f00:/# rm -fr ml
[root@miaomiao Desktop]# docker export -o vm0.tar vm0
[root@miaomiao Desktop]# ll vm0.tar
-rw-r--r-- 1 root root 196854784 May 9 15:08 vm0.tar
[root@miaomiao Desktop]# docker save -o ubuntu.tar ubuntu:v0
[root@miaomiao Desktop]# docker load -i ubuntu.tar
[root@miaomiao Desktop]# save load export import^C
[root@miaomiao Desktop]# evince Docker学习笔记.pdf &
[root@miaomiao Desktop]# docker run -d --name web -p 8000:80 nginx ##进来dnat,出去snat
将http的80端口伪装成8000端口
1bd84acbf617b572510cd6d102a38011052c6c70cc4cff5ea837c7d1959fac04
[root@miaomiao Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1bd84acbf617 nginx "nginx -g 'daemon off" 16 seconds ago Up 12 seconds 443/tcp, 0.0.0.0:8000->80/tcp web
fb7a26874f00 ubuntu "/bin/bash" 12 minutes ago Up 12 minutes vm0
[root@miaomiao Desktop]# netstat -antlp |grep :8000 ##查看8000端口
tcp6 0 0 :::8000 :::* LISTEN 28822/docker-proxy
[root@miaomiao Desktop]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0
MASQUERADE tcp -- 192.168.0.2 192.168.0.2 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:192.168.0.2:80
[root@miaomiao Desktop]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.0.2 tcp dpt:http
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
[root@miaomiao lib]# docker start web ##输入网址http://172.25.254.4:8000/查看
[root@miaomiao Desktop]# docker attach vm0
root@fb7a26874f00:/# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
root@fb7a26874f00:/# cp /etc/passwd .
root@fb7a26874f00:/# [root@miaomiao Desktop]# docker diff vm0
A /passwd
(22).修改docker的ip
[root@miaomiao system]# cd /usr/lib
[root@miaomiao lib]# cp /usr/lib^C
[root@miaomiao lib]# cp /lib/systemd/system/docker.service /etc/systemd/system^C
[root@miaomiao lib]# systemctl daemon-reload ^C
[root@miaomiao lib]# systemctl restart docker
[root@miaomiao lib]# docker network ls
NETWORK ID NAME DRIVER
a3d8431a63f6 bridge bridge
3fd2c5b5e9c8 none null
fcff84aa1644 host host
[root@miaomiao lib]# ssh -X instructor@172.25.254.4 firefox
(3).数据卷管理
docker run 在创建容器时使用 -v 参数可以挂载一个或多个数据卷到当前运行的容器中,-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中,使宿主机和容器之间可以共享一个目录。
挂载数据卷到新创建的容器上:
# docker run -it --name westos -v /tmp/data1:/data1 -v /tmp/data2:/data2 rhel7 /bin/bash
-v 参数可以重复使用,挂载多个数据卷到容器中,冒号前面的是宿主机的目录(本地目录不存在 docker 会自动创建),冒号后面的是容器中的挂载目录。
注:docker commit 时卷的数据不会被保存。
默认挂载可以读写数据卷,也可以只读挂载:
# docker run -it --name westos2 -v /tmp/data2:/data2:ro rhel /bin/bash
挂载宿主机文件:
#docker run -it --name westos3 -v /etc/yum.repos.d/rhel-dvd.repo:/etc/yum.repos.d/rhel-dvd.repo:ro rhel7 /bin/bash
数据卷容器:
# docker create --name data -v /tmp/sharedata:/sharedata rhel7 /bin/true
# docker run -it --name vm1 --volumes-from data rhel7 /bin/bash
# docker run -it --name vm2 --volumes-from data rhel7 /bin/bash
# docker attach vm1
bash-4.2# cd /sharedata/
bash-4.2# touch vm1file
# docker attach vm2
bash-4.2# cd /sharedata/
bash-4.2# ls
passwd vm1file
bash-4.2# touch vm2file
[root@foundation0 ~]# ls /tmp/sharedata/
passwd vm1file vm2file
备份数据卷:
# docker run --rm --volumes-from data -v /tmp/backup:/backup rhel7 tar cf /sharedata /backup/test.tar
eg:
[root@miaomiao lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu ##-v的作用是将宿主机上的目录作为容器的数据卷挂载到容器中 本地目录不存在 docker 会自动创建
root@0a71b1c6ee76:/# cd data1/
root@0a71b1c6ee76:/data1# ls
passwd
[root@miaomiao lib]# docker run -it --name vm1 -v /tmp/data1:/data1 ubuntu
root@0a71b1c6ee76:/# cd data1/
root@0a71b1c6ee76:/data1# ls
passwd
root@0a71b1c6ee76:~# [root@miaomiao lib]#
[root@miaomiao lib]# cd /tmp/data1
[root@miaomiao data1]# ls
[root@miaomiao data1]# docker run -it --name vm2 -v /tmp/data2:/data2 ubuntu
root@b2a25f80b0e0:/# cd /data2/
root@b2a25f80b0e0:/data2# ls
root@b2a25f80b0e0:/data2# [root@miaomiao data1]#
[root@miaomiao data1]# docker run -it --name vm3 -v /tmp/data1:/data1 -v /tmp/data2:/data2:ro -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat.repo:ro ubuntu
root@4adc953b1fb8:/# cd /etc/yum.repos.d/
root@4adc953b1fb8:/etc/yum.repos.d# ls
redhat.repo
root@4adc953b1fb8:/etc/yum.repos.d# echo 1 > redhat.repo
bash: redhat.repo: Read-only file system
root@4adc953b1fb8:/etc/yum.repos.d# [root@miaomiao data1]#
[root@miaomiao data1]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4adc953b1fb8 ubuntu "/bin/bash" About a minute ago Up About a minute vm3
b2a25f80b0e0 ubuntu "/bin/bash" 5 minutes ago Up 5 minutes vm2
0a71b1c6ee76 ubuntu "/bin/bash" 8 minutes ago Up 8 minutes vm1
[root@miaomiao data1]# docker create --name datavol -v /tmp/data1:/data1 -v /tmp/data2:/data2 -v /etc/yum.repos.d/redhat.repo:/etc/yum.repos.d/redhat:ro ubuntu
83c9e4ce93a3d47326a33d6693214c0d8e2b36d26f0700702d10f960027feb5c
[root@miaomiao data1]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83c9e4ce93a3 ubuntu "/bin/bash" 21 seconds ago Created datavol
4adc953b1fb8 ubuntu "/bin/bash" 7 minutes ago Up 7 minutes vm3
b2a25f80b0e0 ubuntu "/bin/bash" 11 minutes ago Up 11 minutes vm2
0a71b1c6ee76 ubuntu "/bin/bash" 14 minutes ago Up 14 minutes vm1
[root@miaomiao data1]# docker run -it --name vm4 --volumes-from datavol ubuntu
root@67ae4c3067b1:/# cd /data1
root@67ae4c3067b1:/data1# ls
root@67ae4c3067b1:/data1# cd /etc/yum.repos.d/
root@67ae4c3067b1:/etc/yum.repos.d# ls
redhat
root@67ae4c3067b1:/etc/yum.repos.d#cd /data1
root@67ae4c3067b1:/data1# ls
passwd
[root@miaomiao ~]# docker cp vm4:/data1/passwd .
[root@miaomiao ~]# ll passwd
-rw-r--r-- 1 root root 956 May 9 16:06 passwd
[root@miaomiao data1]# docker run --rm -v /tmp/backup:/backup ubuntu tar cf /backup/vm4.tar /etc
tar: Removing leading `/' from member names
[root@miaomiao data1]# cd /tmp/backup/
[root@miaomiao backup]# ls
etc.tar vm4.tar
[root@miaomiao backup]# ll vm4.tar
-rw-r--r-- 1 root root 798720 May 9 16:12 vm4.tar
[root@miaomiao backup]# tar tf vm4.tar |less