Docker介紹
- 官網: www.docker.com
- github: https://github.com/docker/docker.github.io
- 開源的容器引擎,可以讓開發者打包應用以及依賴的庫,然後發佈到任何流行的linux發行版上,移植很方便 由go語言編寫,基於apache2.0協議發佈
- 基於linux kernel,要想在win下運行需要藉助一個vm(虛擬機)來實現
- 自2013年開始,近些年發展迅猛
- docker從1.13x開始,版本分爲社區版ce和企業版ee,並且基於年月的時間線形式,當前最新穩定版爲17.09 參考http://blog.csdn.net/chenhaifeng2016/article/details/68062414
Docker和傳統的虛擬化比較
Docker的優勢
- 啓動非常快,秒級實現
- 資源利用率高,一臺高配置服務器可以跑上千個docker容器
- 更快的交付和部署,一次創建和配置後,可以在任意地方運行
- 內核級別的虛擬化,不需要額外的hypevisor支持,會有更高的性能和效率
- 易遷移,平臺依賴性不強
Docker核心概念
- 鏡像,是一個只讀的模板,類似於安裝系統用到的那個iso文件,我們通過鏡像來完成各種應用的部署。
- 容器,鏡像類似於操作系統,而容器類似於虛擬機本身。它可以被啓動、開始、停止、刪除等操作,每個容器都是相互隔離的。
- 倉庫,存放鏡像的一個場所,倉庫分爲公開倉庫和私有倉庫。 最大的公開倉庫是Docker hub(hub.docker.com),國內公開倉庫(dockerpool.com)
Docker安裝
[root@cm-vpn1 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 8654 0 --:--:-- --:--:-- --:--:-- 8688
[root@cm-vpn1 ~]# yum install -y docker-ce
啓動Docker
[root@cm-vpn1 ~]# systemctl start docker
[root@cm-vpn1 ~]# ps aux |grep docker
root 26558 1.6 3.6 386596 74140 ? Ssl 04:45 0:00 /usr/bin/dockerd
root 26562 0.3 1.1 289844 24284 ? Ssl 04:45 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 26689 0.0 0.1 112716 2208 pts/1 S+ 04:45 0:00 grep --color=auto docker
#啓動docker後,docker會自動創建iptables 規則
[root@cm-vpn1 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 474 packets, 219K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 485 packets, 216K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Docker鏡像管理
下載鏡像
[root@cm-vpn1 ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
7dc0dca2b151: Pull complete
Digest: sha256:369d6aa8915bc6723aaa0e40de86d1b4f4efe1bae5ce07e851fc567417a640e7
Status: Downloaded newer image for centos:latest
查看本地的鏡像
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 49f7960eb7e4 7 hours ago 200MB
docker search xxx
說明:其中xxx是關鍵詞
[root@cm-vpn1 ~]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 8564 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1340 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 547 [OK]
jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as p… 374 [OK]
kong Open-source Microservice & API Management la… 190 [OK]
webdevops/php-nginx Nginx with PHP-FPM 104 [OK]
kitematic/hello-world-nginx A light-weight nginx container that demonstr… 99
bitnami/nginx Bitnami nginx Docker Image 52 [OK]
zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server wi… 52 [OK]
1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 35 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 35
tobi312/rpi-nginx NGINX on Raspberry Pi / armhf 19 [OK]
nginxdemos/nginx-ingress NGINX Ingress Controller for Kubernetes . Th… 11
blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 9 [OK]
wodby/drupal-nginx Nginx for Drupal container image 9 [OK]
webdevops/nginx Nginx container 8 [OK]
centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 6
nginxdemos/hello NGINX webserver that serves a simple page co… 6 [OK]
1science/nginx Nginx Docker images that include Consul Temp… 4 [OK]
centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 3
pebbletech/nginx-proxy nginx-proxy sets up a container running ngin… 2 [OK]
travix/nginx NGinx reverse proxy 1 [OK]
toccoag/openshift-nginx Nginx reverse proxy for Nice running on same… 1 [OK]
ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 0 [OK]
mailu/nginx Mailu nginx frontend 0 [OK]
給鏡像打標籤
說明:例如給centos 打標籤,打完標籤就會生成另外一個鏡像.
可以看到test的IMAGE ID 和Centos是一樣.
[root@cm-vpn1 ~]# docker tag centos test
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test latest 49f7960eb7e4 7 hours ago 200MB
centos latest 49f7960eb7e4 7 hours ago 200MB
docker run -itd centos 把鏡像啓動爲容器
說明:-i表示讓容器的標準輸入打開,-t表示分配一個僞終端,-d表示後臺啓動,要把-i -t -d 放到鏡像名字前面
[root@cm-vpn1 ~]# docker run -itd centos
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
Digest: sha256:369d6aa8915bc6723aaa0e40de86d1b4f4efe1bae5ce07e851fc567417a640e7
Status: Downloaded newer image for centos:latest
e0f6b631726bcced72bf6be8d85b3b5e309d2966881341d8db38808b85b6e03e
docker ps 查看運行的容器
說明:加上-a選項後可以查看所有容器,包括未運行的
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0f6b631726b centos "/bin/bash" About a minute ago Up About a minute zen_yalow
docker rmi centos 用來刪除指定鏡像
說明:其中後面的參數可以是tag,如果是tag時,實際上是刪除該tag。當後面的參數爲鏡像ID時,則會徹底刪除整個鏡像,所有標籤也會一同刪除
[root@cm-vpn1 ~]# docker rmi test
Untagged: test:latest
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 49f7960eb7e4 10 hours ago 200MB
通過容器創建鏡像
docker exec -it xxxxx bash
說明:其中xxxxx爲容器id,這個id可以用docker ps查看,最後面的bash爲進入容器後我們要執行的命令,這樣就可以打開一個終端 進入到該容器中,我們做一些變更,比如安裝一些東西,然後針對這個容器進行創建新的鏡像
[root@cm-vpn1 ~]# docker exec -it e0f6b631726b bash
[root@e0f6b631726b /]#
#進入容器之後可以執行一些命令,磁盤 & 內存實際上用的也是宿主機的磁盤 &內存
[root@e0f6b631726b /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 30G 4.1G 24G 15% /
tmpfs 64M 0 64M 0% /dev
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/root 30G 4.1G 24G 15% /etc/hosts
shm 64M 0 64M 0% /dev/shm
tmpfs 994M 0 994M 0% /sys/firmware
[root@e0f6b631726b /]# free -m
total used free shared buff/cache available
Mem: 1987 712 96 105 1178 1110
Swap: 255 0 255
#查看IP地址
#說明:很明顯沒有這個命令
[root@e0f6b631726b /]# ifconfig
bash: ifconfig: command not found
#安裝net-tools
[root@e0f6b631726b /]# yum install -y net-tools
#再執行ifconfig 就可以看IP地址信息,這裏的IP地址是docker生成的
[root@e0f6b631726b /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 626 bytes 8965597 (8.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 646 bytes 45888 (44.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#ctrl d 退出容器,敲ifconfig命令,可以看到docker0 一個網卡,這個類似VMware 裏面的一個vmnet8,它用的是nat模式
[root@cm-vpn1 ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:13ff:fe8f:b757 prefixlen 64 scopeid 0x20<link>
ether 02:42:13:8f:b7:57 txqueuelen 0 (Ethernet)
RX packets 650 bytes 37396 (36.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 632 bytes 8966113 (8.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.104.167.55 netmask 255.255.255.0 broadcast 172.104.167.255
inet6 fe80::f03c:91ff:feb6:e092 prefixlen 64 scopeid 0x20<link>
inet6 2400:8901::f03c:91ff:feb6:e092 prefixlen 64 scopeid 0x0<global>
ether f2:3c:91:b6:e0:92 txqueuelen 1000 (Ethernet)
RX packets 102699948 bytes 83112818007 (77.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60560071 bytes 77995656790 (72.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 106 bytes 12139 (11.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 106 bytes 12139 (11.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethaa7b3ab: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether ce:90:a7:75:f8:4b txqueuelen 0 (Ethernet)
RX packets 646 bytes 45888 (44.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 626 bytes 8965597 (8.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
容器做成鏡像
說明:ctrl d 退出容器,然後保存新的鏡像裏去,也就是說把centos 這個容器裏面變更保存到一個新的鏡像裏去
參數詳解:-m 加一些改動信息,-a 指定作者相關信息 2c74d這一串爲容器id,再後面爲新鏡像的名字
[root@cm-vpn1 ~]# docker commit -m "install net-tools" -a "anna" e0f6b631726b centos_new
sha256:47d06ed1ec0aa65853ba6550a786cbafc142a7d267f9fb6fce516ee955acabfe
#可以看新的鏡像
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_new latest 47d06ed1ec0a 8 minutes ago 272MB
centos latest 49f7960eb7e4 11 hours ago 200MB
#啓動centos_new
[root@cm-vpn1 ~]# docker run -itd centos_new bash
23f897d2593897c593f34417bfc831d4e4ec62439f2e7e7acd3c2b75c7558809
#進入centos_new 容器
[root@cm-vpn1 ~]# docker exec -it 23f897d25938 bash
[root@23f897d25938 /]#
#就可以在centos_new容器直接執行ifconfig 命令
[root@23f897d25938 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
RX packets 1 bytes 90 (90.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 432 (432.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
通過模板創建鏡像
首先去openvz 官方下載,網址:http://openvz.org/Download/templates/precreated
#下載模板
[root@cm-vpn1 ~]# wget http://download.openvz.org/template/precreated/centos-6-x86_64-minimal.tar.gz
#使用模板創建鏡像
[root@cm-vpn1 ~]# cat centos-6-x86_64-minimal.tar.gz|docker import - centos6
sha256:7b2c8df58b342522d77c835eb9e77c9cbd1c573e89d29cf5de02a961db0e884c
#查看導入的鏡像
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 12 seconds ago 553MB
<none> <none> a9218cdeb003 11 minutes ago 0B
centos_new latest 47d06ed1ec0a About an hour ago 272MB
centos latest 49f7960eb7e4 12 hours ago 200MB
#把centos6 鏡像啓動爲容器
[root@cm-vpn1 ~]# docker run -itd centos6 bash
e7ed62423732f39a4e5235f980f6fa7def02f0eefa15ed68dae469d9fc0fdc68
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 5 seconds ago Up 4 seconds nostalgic_fermat
23f897d25938 centos_new "bash" 45 minutes ago Up 45 minutes cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 2 hours ago Up 2 hours zen_yalow
#進入centos6容器
[root@cm-vpn1 ~]# docker exec -it e7ed62423732 bash
#ifconfig 命令查看IP
[root@e7ed62423732 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:90 (90.0 b) TX bytes:522 (522.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
#查看內核信息,內核信息和宿主機是一樣的,除了主機名不同
[root@e7ed62423732 /]# uname -a
Linux e7ed62423732 4.15.8-x86_64-linode103 #1 SMP Fri Mar 9 21:02:39 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
#查看版本信息
[root@e7ed62423732 /]# cat /etc/issue
CentOS release 6.8 (Final)
Kernel \r on an \m
把現有鏡像,導出爲一個文件
說明:把centos 導出爲一個文件centos.tar
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 20 minutes ago 553MB
<none> <none> a9218cdeb003 32 minutes ago 0B
centos_new latest 47d06ed1ec0a About an hour ago 272MB
centos latest 49f7960eb7e4 12 hours ago 200MB
[root@cm-vpn1 ~]# docker save -o centos.tar centos
[root@cm-vpn1 ~]# ls -lh
total 546M
-rw-------. 1 root root 1.2K Sep 18 2017 anaconda-ks.cfg
-rw------- 1 root root 199M Jun 5 10:15 centos.tar
docker load < centos.tar 可以用該文件恢復本地鏡像
說明:先停掉容器
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 19 hours ago Up 19 hours nostalgic_fermat
23f897d25938 centos_new "bash" 20 hours ago Up 20 hours cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 21 hours ago Up 21 hours zen_yalow
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 19 hours ago 553MB
<none> <none> a9218cdeb003 19 hours ago 0B
centos_new latest 47d06ed1ec0a 20 hours ago 272MB
centos latest 49f7960eb7e4 31 hours ago 200MB
#停止容器
[root@cm-vpn1 ~]# docker stop e0f6b631726b
e0f6b631726b
#查看容器停止是否成功
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 19 hours ago Up 19 hours
#刪除鏡像
[root@cm-vpn1 ~]# docker rmi -f 49f7960eb7e4
Untagged: centos:latest
Untagged: centos@sha256:369d6aa8915bc6723aaa0e40de86d1b4f4efe1bae5ce07e851fc567417a640e7
Deleted: sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5
#centos_new 鏡像就不存在
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 19 hours ago 553MB
<none> <none> a9218cdeb003 19 hours ago 0B
#使用docker load 把centos.tar恢復爲鏡像
[root@cm-vpn1 ~]# docker load < centos.tar
Loaded image: centos:latest
#
[root@cm-vpn1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos6 latest 7b2c8df58b34 24 hours ago 553MB
<none> <none> a9218cdeb003 24 hours ago 0B
centos latest 49f7960eb7e4 35 hours ago 200MB
容器管理
docker create -it centos6 bash
說明:這樣可以創建一個容器,但該容器並沒有啓動,docker ps -a 可以看到新創建的容器
[root@cm-vpn1 ~]# docker create -it centos6 bash
c2ac437944b84f0b54f8ee1eaa11bbf2daf980f6f7df167f2f6b8c4e8c2aa556
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7ed62423732 centos6 "bash" 24 hours ago Up 24 hours nostalgic_fermat
[root@cm-vpn1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2ac437944b8 centos6 "bash" 14 minutes ago Created thirsty_bhabha
e7ed62423732 centos6 "bash" 24 hours ago Up 24 hours nostalgic_fermat
23f897d25938 47d06ed1ec0a "bash" 25 hours ago Exited (137) 5 hours ago cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 26 hours ago Exited (137) 23 minutes ago zen_yalow
docker start 跟 CONTAINER ID
說明:把剛創建的容器起起來
[root@cm-vpn1 ~]# docker start c2ac437944b8
c2ac437944b8
#查看剛起來的容器
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2ac437944b8 centos6 "bash" 20 minutes ago Up About a minute thirsty_bhabha
e7ed62423732 centos6 "bash" 24 hours ago Up 24 hours nostalgic_fermat
docker run -it centos bash
說明:沒有加-d 的話可以自動進入到容器.docker run -d 可以讓容器在後臺運行
docker run -it 這樣進入了一個虛擬終端裏面,我們可以運行一些命令,使用命令exit或者ctrl d 退出該bash,當退出後這個容器也會停止
[root@cm-vpn1 ~]# docker run -it centos6 bash
[root@f752c7fb16e5 /]#
#運行命令
[root@f752c7fb16e5 /]# ls
bin boot dev etc fastboot home lib lib64 lost+found media mnt opt proc root sbin selinux srv sys tmp usr var
[root@f752c7fb16e5 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:05
inet addr:172.17.0.5 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:432 (432.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
#退出容器後,docker ps -a 可以看到f752c7fb16e5容器的狀態 Exited
[root@cm-vpn1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f752c7fb16e5 centos6 "bash" 36 minutes ago Exited (130) 18 seconds ago condescending_liskov
132804cfa465 centos6 "bash" 39 minutes ago Up 39 minutes upbeat_lamport
fe3a2352b60b centos6 "bash \u00a0" 44 minutes ago Exited (127) 44 minutes ago dazzling_ritchie
6efa15b16767 centos "bash \u00a0" 45 minutes ago Exited (127) 45 minutes ago nifty_mendeleev
50a311433c39 centos6 "bash \u00a0" 45 minutes ago Exited (127) 45 minutes ago condescending_swirles
c2ac437944b8 centos6 "bash" About an hour ago Up About an hour thirsty_bhabha
e7ed62423732 centos6 "bash" 25 hours ago Up 25 hours nostalgic_fermat
23f897d25938 47d06ed1ec0a "bash" 26 hours ago Exited (137) 6 hours ago cocky_visvesvaraya
e0f6b631726b centos "/bin/bash" 27 hours ago Exited (137) 2 hours ago zen_yalow
35cddbfe6018 centos "//把鏡像啓動爲容器…" 30 hours ago Created suspicious_shockley
docker run -itd --name centos6_new1 centos6 bash 給容器自定義名字
說明:在NAMES 可以看到給容器自定義的名字.
[root@cm-vpn1 ~]# docker run -itd --name centos6_new1 centos6 bash
3efe90e0d2179a5d039b44ec060a66ac162e285c798009f900db912a1afe827d
[root@cm-vpn1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3efe90e0d217 centos6 "bash" About a minute ago Up About a minute centos6_new1
132804cfa465 centos6 "bash" 45 minutes ago Up 45 minutes upbeat_lamport
c2ac437944b8 centos6 "bash" 2 hours ago Up About an hour thirsty_bhabha
e7ed62423732 centos6 "bash" 25 hours ago Up 25 hours nostalgic_fermat
若要進入容器時,加容器的名字即可
[root@cm-vpn1 ~]# docker exec -it centos6_new1 bash
[root@3efe90e0d217 /]#
docker logs container_id
說明:可以獲取到容器的運行歷史信息
[root@cm-vpn1 ~]# docker run -itd centos6 bash -c "echo test"
ac83925f2a7b59b3780e9f55fb48c9393eea5967caf63fb64777c331766acfcd
[root@cm-vpn1 ~]# docker logs ac83925
test
Docker倉庫管理
docker pull registry
說明:下載registry 鏡像,registy爲docker官方提供的一個鏡像,我們可以用它來創建本地的docker私有倉庫
[root@cm-vpn1 ~]# docker pull registry
鏡像啓動容器
說明:以registry鏡像啓動容器,-p會把容器的端口映射到宿主機上,:左邊爲宿主機監聽端口,:右邊爲容器監聽端口
[root@cm-vpn1 ~]# docker run -d -p 5000:5000 registry
docker tag centos 172.104.167.55:5000/centos //標記一下tag,必須要帶有私有倉庫的ip:port
[root@cm-vpn1 ~]# docker tag centos 172.104.167.55:5000/centos6
docker push
說明:把標記的鏡像給推送到私有倉庫. 有報錯
[root@cm-vpn1 ~]# docker push 172.104.167.55:5000/centos6
Get https://172.104.167.55:5000/v2/: http: server gave HTTP response to HTTPS client
解決
[root@cm-vpn1 ~]# vim /etc/docker/daemon.json
{ "insecure-registries":["172.104.167.55:5000"]
重啓docker
說明:systemctl restart docker && docker start $(docker ps -a -q) 這條命令是重啓所有docker
[root@cm-vpn1 ~]# systemctl restart docker
再次docker push
[root@cm-vpn1 ~]# docker push 172.104.167.55:5000/centos6
查看到推送上來的鏡像
[root@cm-vpn1 ~]# curl 127.0.0.1:5000/v2/_catalog
{"repositories":["centos6"]}
docker pull
說明:創建私有倉庫肯定不是爲了在一臺服務器,現在在另外一臺服務器上把私有倉庫的鏡像拉取下來.
前提是要安裝docker 並啓動
安裝docker
[root@cm-vpn2 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 1454 0 0:00:01 0:00:01 --:--:-- 1454
[root@cm-vpn2 ~]# yum install -y docker-ce
啓動docker
[root@cm-vpn2 ~]# systemctl start docker
配置私有倉庫地址
[root@cm-vpn2 ~]# vim /etc/docker/daemon.json
{ "insecure-registries":["172.104.167.55:5000"] }
重啓docker
[root@cm-vpn2 ~]# systemctl restart docker
docker pull 私有倉庫的鏡像
[root@cm-vpn2 ~]# docker pull 172.104.167.55:5000/centos6
Using default tag: latest
latest: Pulling from centos6
3cba026fed25: Pull complete
Digest: sha256:6a5e79514df07ed3bb47b73b778615ee7a47f4949e323760a0c29b511b047656
Status: Downloaded newer image for 172.104.167.55:5000/centos6:latest
[root@cm-vpn2 ~]# cat /etc/docker/daemon.json
{ "insecure-registries":["172.104.167.55:5000"] }
查看docker pull 下來的鏡像
[root@cm-vpn2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.104.167.55:5000/centos6 latest 7b2c8df58b34 2 days ago 553MB
Docker數據管理
容器是由鏡像啓動的,容器裏產生新的數據存放到了哪裏,把容器關閉或刪除, 存儲的數據,更改了新的數據,會一併消除.這樣也就意味數據有一定的風險,所以想到了一個辦法,把宿主機的某個目錄掛載容器裏去,比如創建一個data目錄,假如容器產生了新的數據,全部會寫在data目錄下面,這樣的話會寫在宿主機的磁盤上,即使容器停止或者刪除,那數據還是存在的
掛載本地的目錄到容器裏
說明:-v 用來指定掛載目錄,:前面的/data/爲宿主機本地目錄,:後面的/data/爲容器裏的目錄,會在容器中自動創建
[root@cm-vpn1 ~]# docker run -tid -v /data/:/data centos6 bash
603e82b1cfd1717fa31a07359874e4435c3f2b762b348764c92f8ad7ac6c36ec
查看本地宿主機data 目錄和容器的data目錄是否一樣
#本地data目錄
[root@cm-vpn1 ~]# ls /data/
backup mysql mysql.bak
#進入容器
[root@cm-vpn1 ~]# docker exec -it 603e82b1cfd bash
#容器data目錄
[root@603e82b1cfd1 /]# ls /data/
backup mysql mysql.bak
驗證
說明:在容器data目錄下創建一個test目錄,退出容器,查看本地data目錄,可以看到也有一個test目錄.
所以在容器產生的數據,會存在宿主機的硬盤上.
[root@603e82b1cfd1 /]# mkdir /data/test
[root@603e82b1cfd1 /]# ls /data/
backup mysql mysql.bak test
#退出容器,查看本地data目錄
[root@603e82b1cfd1 /]# exit
[root@cm-vpn1 ~]# ls /data
backup mysql mysql.bak test
掛載數據卷
其實我們掛載目錄的時候,可以指定容器的name,如果不指定就隨機定義了,比如上面我們沒有指定,它就生成了一個名字爲serene_shockley,這個名字可以使用命令docker ps 看最右側一列.
docker run -itd --volumes-from serene_shockley
說明:使用centos鏡像創建新的容器,並且使用了serence_shockley的容器的數據卷w w w w w w w w ocker run -itd --voluw mes-from docker run -itd --voluw mes-
[root@cm-vpn1 ~]# docker run -itd --volumes-from serene_shockley centos bash
f20455996a0a68f4c66237cc155277825c993747b5a52e6af7e4b46ab17c5496
進入容器
說明: 可以看到它可以自動識別到系統的data目錄,實際上它和serene_shockley 容器是關聯在一起的,serene_shockley 容器有什麼目錄或文件,這個新創建的cenos容器也一樣
[root@cm-vpn1 ~]# docker exec -it f20455996a bash
[root@f20455996a0a /]# ls /data/
backup mysql mysql.bak test
定義數據卷容器
說明:有時候,我們需要多個容器之間相互共享數據,類似於linux裏面的NFS,所以就可以搭建一個專門的數據卷容器,然後其他容器直接掛在該數據卷
首先創建數據卷容器
說明:
[root@cm-vpn1 ~]# docker run -itd --volumes-from serene_shockley centos bash
Docker網絡模式
- host 模式:使用docker run 時使用--net=host指定 docker使用的網絡實際上和宿主機一樣,在容器內看到的網卡IP是宿主機IP
- container模式:使用--net=container:container_id/container_name 多個容器使用共同的網絡,看到的IP是一樣的
- none模式,使用--net=none指定 這種模式下,不會配置任何網絡
- bridge模式:使用--net=bridge指定默認模式,不用指定默認就是這種網絡模式.這種模式會爲每個容器分配一個獨立的Network Namespace. 類似於VMware的nat網絡模式,同一個宿主機上的所有容器會在同一個網段下,相互之間是可以通信的
Docker網絡管理-外部訪問容器
配置橋接網絡
爲了使本地網絡中的機器和Docker容器更方便的通信,我們經常會有將Docker容器配置到和宿主機同一網段的需求,這個需要其實很容易實現,我們只要將Docker容器和宿主機的網卡橋接起來,再給Docker容器配置上IP就可以了
[root@localhost network-scripts]# vim ifcfg-eno16777736
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="eno16777736"
UUID="f7697620-ed25-4706-8b31-476c53124e9a"
DEVICE="eno16777736"
ONBOOT="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
IPADDR="192.168.157.139"
GATEWAY=193.168.157.1
DNS1=8.8.8.8
#修改
[root@localhost network-scripts]# vim ifcfg-eno16777736
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="eno16777736"
#UUID="f7697620-ed25-4706-8b31-476c53124e9a"
DEVICE="eno16777736"
ONBOOT="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
#IPADDR="192.168.157.139"
#GATEWAY=193.168.157.1
#DNS1=8.8.8.8
BRIDGE=br0
創建一個新的網卡br0
[root@localhost network-scripts]# vim ifcfg-br0
TYPE="Bridge"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="br0"
#UUID="f7697620-ed25-4706-8b31-476c53124e9a"
DEVICE="br0"
ONBOOT="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
IPADDR="192.168.157.139"
GATEWAY=193.168.157.1
DNS1=8.8.8.8