一、什麼是Docker
1、什麼是Docker
Docker是一個由GO語言寫的程序運行的“容器”(Linux containers, LXCs); 目前雲服務的基石是操作系統級別的隔離,在同一臺物理服務器上虛擬出多個主機。 Docker則實現了一種應用程序級別的隔離; 它改變我們基本的開發、操作單元,由直接操作虛擬主機(VM),轉換到操作程序運行的“容器”上來。 Docker是爲開發者和系統管理員設計的,用來發布和運行分佈式應用程序的一個開放性平臺。
Docker組成部分:
Client Server:如果docker服務停掉後,所有的docker容器就停掉了
Docker三個組件:
鏡像:Image 容器:docker用容器來運行業務。從鏡像創建一個實例 倉庫:Reposity
二、docker安裝
1、環境準備
環境準備
IP 主機名 操作系統 192.168.56.11 linux-node1 centos7 注意:我這裏使用的是centos7,如果是使用centos5或者centos6,需要升級操作系統內核,否則Docker的許多新功能都無法使用
2、docker安裝
這裏我們使用yum方式安裝
[root@linux-node1 ~]#yum install docker -y
啓動docker
[root@linux-node1 ~]# systemctl start docker
查看docker啓動狀態
[root@linux-node1 ~]# ps -ef|grep docker root 5340 1 6 12:14 ? 00:00:00 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald root 5454 5208 0 12:14 pts/0 00:00:00 grep --color=auto do [root@linux-node1 ~]# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2016-09-14 12:14:15 CST; 2min 47s ago Docs: http://docs.docker.com Main PID: 5340 (docker-current) CGroup: /system.slice/docker.service └─5340 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald Sep 14 12:14:14 linux-node1 docker-current[5340]: time="2016-09-14T12:14:14.727023180+08:00" level=info msg="Firewalld running: false" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.478602413+08:00" level=info msg="Default bridge (docker...ddress" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.589496307+08:00" level=info msg="Loading containers: start." Sep 14 12:14:15 linux-node1 docker-current[5340]: ...time="2016-09-14T12:14:15.687963245+08:00" level=error msg="Error unmounting c...ounted" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.690846134+08:00" level=error msg="Error unmounting cont...ounted" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.704046889+08:00" level=info msg="Loading containers: done." Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.704081570+08:00" level=info msg="Daemon has completed i...zation" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.704101582+08:00" level=info msg="Docker daemon" commit=...=1.10.3 Sep 14 12:14:15 linux-node1 systemd[1]: Started Docker Application Container Engine. Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.713964042+08:00" level=info msg="API listen on /var/run...r.sock" Hint: Some lines were ellipsized, use -l to show in full. 可以看到docker已經正常啓動
3、docker鏡像
對docker鏡像的操作包括搜索鏡像、導入鏡像、導出鏡像、刪除鏡像
搜索鏡像
[root@linux-node1 ~]# docker search centos INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/centos The official build of CentOS. 2645 [OK] docker.io docker.io/ansible/centos7-ansible Ansible on Centos7 85 [OK] docker.io docker.io/jdeathe/centos-ssh CentOS-6 6.8 x86_64 / CentOS-7 7.2.1511 x8... 33 [OK] docker.io docker.io/jdeathe/centos-ssh-apache-php CentOS-6 6.8 x86_64 / Apache / PHP / PHP M... 19 [OK] docker.io docker.io/nimmis/java-centos This is docker images of CentOS 7 with dif... 15 [OK] docker.io docker.io/million12/centos-supervisor Base CentOS-7 with supervisord launcher, h... 12 [OK] docker.io docker.io/jdeathe/centos-ssh-mysql CentOS-6 6.8 x86_64 / MySQL. 9 [OK] docker.io docker.io/torusware/speedus-centos Always updated official CentOS docker imag... 8 [OK] docker.io docker.io/centos/mariadb55-centos7 3 [OK] docker.io docker.io/nathonfowlie/centos-jre Latest CentOS image with the JRE pre-insta... 3 [OK] docker.io docker.io/blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK] docker.io docker.io/darksheer/centos Base Centos Image -- Updated hourly 1 [OK] docker.io docker.io/harisekhon/centos-java Java on CentOS (OpenJDK, tags jre/jdk7-8) 1 [OK] docker.io docker.io/timhughes/centos Centos with systemd installed and running 1 [OK] docker.io docker.io/aguamala/centos CentOS base image 0 [OK] docker.io docker.io/dmglab/centos CentOS with some extras - This is for the ... 0 [OK] docker.io docker.io/grayzone/centos auto build for centos. 0 [OK] docker.io docker.io/grossws/centos CentOS 6 and 7 base images with gosu and l... 0 [OK] docker.io docker.io/harisekhon/centos-scala Scala + CentOS (OpenJDK tags 2.10-jre7 - 2... 0 [OK] docker.io docker.io/januswel/centos yum update-ed CentOS image 0 [OK] docker.io docker.io/jsmigel/centos-epel Docker base image of CentOS w/ EPEL installed 0 [OK] docker.io docker.io/kz8s/centos Official CentOS plus epel-release 0 [OK] docker.io docker.io/repositoryjp/centos Docker Image for CentOS. 0 [OK] docker.io docker.io/sgfinans/docker-centos CentOS with a running sshd and Docker 0 [OK] docker.io docker.io/ustclug/centos USTC centos 0 [OK]
導入鏡像
[root@linux-node1 ~]# docker load –input centos.tar
查看鏡像
[root@linux-node1 ~]# docker images
導出鏡像
[root@linux-node1 ~]# docker pull centos #先拉取鏡像 [root@linux-node1 ~]# docker save -o centos.tar centos #導出
刪除鏡像
[root@linux-node1 ~]# docker rmi 鏡像ID
三、運行docker容器
運行Docker容器
[root@linux-node1 ~]# docker run centos /bin/echo ‘Hello world’ #centos是鏡像的名稱,如果有參數,參數寫在鏡像名稱前面
查看容器
[root@linux-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d6e7283abf0a centos "/bin/bash" About a minute ago Exited (0) About a minute ago romantic_kilby 7ada4ff8323a nginx "nginx -g 'daemon off" 13 days ago Exited (137) 4 days ago 80/tcp, 443/tcp condescending_franklin c627741a7dc1 centos "/bin/bash" 13 days ago Exited (137) 4 days ago mydocker 9476c8be9125 centos "/bin/echo 'hello wor" 13 days ago Exited (0) 13 days ago small_darwin 注意:查看docker運行情況時,加上-a參數,查看所有運行和不運行的容器
運行容器時給Docker容器命名
[root@linux-node1 ~]# docker run --name mydocker -t -i centos /bin/bash -t讓docker分配一個僞終端,-i打開標準輸入,centos是鏡像的名稱 如果最後一個參數不是命令,那麼最後的永遠是鏡像的名稱。 即使在系統上沒有安裝docker,這個命令也可以執行,執行後docker會pull下來一個鏡像然後啓動。 進入Docker容器後查看系統內核版本 [root@c627741a7dc1 /]# uname -a Linux c627741a7dc1 3.10.0-327.18.2.el7.x86_64 #1 SMP Thu May 12 11:03:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@c627741a7dc1 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.3 0.0 11776 1872 ? Ss 12:03 0:00 /bin/bash root 17 0.0 0.0 47424 1660 ? R+ 12:04 0:00 ps aux [root@c627741a7dc1 /]# 此時進入了docker裏面,但是它不是一個虛擬機。因爲正常情況下,操作系統進程號爲1的是/usr/lib/systemd/systemd [root@linux-node1 ~]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.2 0.1 188880 3940 ? Ss 10:16 0:05 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 Docker做的是進程的隔離 虛擬機做的是操作系統的隔離
查看cpuinfo時,看到的是物理機的信息。
[root@c627741a7dc1 /]# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 2 siblings : 1 core id : 0 cpu cores : 1 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 4 siblings : 1 core id : 0 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 6 siblings : 1 core id : 0 cpu cores : 1 apicid : 6 initial apicid : 6 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management:
四、進入正在運行的docker容器
1、使用docker attach方式進入
[root@linux-node1 ~]# docker attach mydocker 使用docker attach命令有個缺點就是操作是同步的,一個用戶操作時,另一個用戶可以看到操作。 [root@c627741a7dc1 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1868 ? Ss 12:09 0:00 /bin/bash root 16 0.0 0.0 47424 1664 ? R+ 12:15 0:00 ps aux
[root@linux-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c627741a7dc1 centos "/bin/bash" 12 minutes ago Exited (0) 7 seconds ago mydocker 9476c8be9125 centos "/bin/echo 'hello wor" 15 minutes ago Exited (0) 15 minutes ago small_darwin
2、使用nsenter方式
生產環境進入docker,使用nsenter;這個工具集成在util-linux內
如果這個工具沒有安裝,可以使用yum install -y util-linux進行安裝
使用nsenter進入docker容器之前,必須先獲取Docker的PID
[root@linux-node1 ~]# docker inspect -f "{{ .State.Pid }}" mydocker
3989
如果獲取的值是0,證明docker容器沒有啓動。使用nsenter進入容器
[root@linux-node1 /usr/local/src]#nsenter -t 3989 -m -u -i -n –p -t指定pid [root@c627741a7dc1 /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 12:20 ? 00:00:00 /bin/bash root 16 0 0 12:24 ? 00:00:00 -bash root 38 16 0 12:24 ? 00:00:00 ps -ef [root@c627741a7dc1 /]# /bin/bash進程執行的第一個進程 -bash是使用nsenter命令時創建的進程。 如果退出後,/bin/bash仍然運行。 執行docker ps -a可以查看狀態 [root@linux-node1 /usr/local/src]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c627741a7dc1 centos "/bin/bash" 21 minutes ago Up 4 minutes mydocker 9476c8be9125 centos "/bin/echo 'hello wor" 24 minutes ago Exited (0) 24 minutes ago small_darwin [root@linux-node1 /usr/local/src]#
我們可以寫一個腳本,把獲取docker的PID,進入容器的操作都放入腳本內,這樣就不用每次都敲很多命令
[root@linux-node1 ~]# cat docker_in.sh
#!/bin/bash
docker_in(){
NAME_ID=$1
PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1 #給docker_in傳遞一個參數進去例如:
[root@linux-node1 ~]# ./docker_in.sh mydocker [root@c627741a7dc1 /]# exit logout [root@linux-node1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c627741a7dc1 centos "/bin/bash" 26 minutes ago Up 9 minutes mydocker
3、使用docker exec
使用docker exec時,需加上-it參數
[root@linux-node1 ~]# docker exec -it mydocker /bin/bash [root@c627741a7dc1 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1664 ? Ss+ 03:36 0:00 /bin/bash root 23 2.7 0.0 11776 1868 ? Ss 03:41 0:00 /bin/bash root 38 0.0 0.0 47424 1660 ? R+ 03:41 0:00 ps aux
實際生產中,我們可能不需要進入容器,執行一個命令後就退出,可以使用如下方式:
[root@linux-node1 ~]# docker exec mydocker whoami root