目前Docker支持centos 7及以後版本。
本文中使用的是centos7系統。
安裝所需的軟件包
$ sudo yum install update
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
設置穩定的倉庫
官方源
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
有時由於網絡問題,無法訪問官方源,也可以添加國內源:
$ sudo yum-config-manager \
--add-repo \
https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
安裝docker
$ sudo yum install docker-ce
安裝過程中,也會將docker-ce-cli, containerd.io 作爲依賴進行安裝。
啓動docker
sudo systemctl start docker
查看docker進程是否已經啓動:
$ ps -ef| grep docker
root 12486 1 0 23:21 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
lanyang 12639 10783 0 23:21 pts/0 00:00:00 grep --color=auto docker
查看docker版本信息:
[lanyang@localhost ~]$ sudo docker version
Client: Docker Engine - Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:25:41 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:24:18 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
測試
測試1
通過運行 hello-world 映像來驗證是否正確安裝了 Docker Engine-Community
[lanyang@localhost ~]$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Already exists
Digest: sha256:9572f7cdcee8591948c2963463447a53466950b3fc15a247fcad1917ca215a2f
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
上面的輸出,表示docker已經安裝成功。
執行hello-world的過程如下:.
- Docker client連接 Docker daemon, 將請求發送給Docker daemon。
- Docker daemon 從Docker Hub拉取"hello-world"映像。
- Docker daemon 使用拉取的映像,創建一個新的容器,在容器中執行可執行文件,並得到輸出。
- Docker daemon 將輸出發給Docker client,Docker client再請輸出發送到終端顯示。
也就是說,
docker run會創建並啓動一個新的容器,並在容器中執行命令。
測試2
安裝並啓動nginx:
[root@localhost lanyang]# docker run --detach --publish=80:80 --name=webserver nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
8ec398bc0356: Pull complete
a53c868fbde7: Pull complete
79daf9dd140d: Pull complete
Digest: sha256:70821e443be75ea38bdf52a974fd2271babd5875b2b1964f05025981c75a6717
Status: Downloaded newer image for nginx:latest
6e63e3609cec782c2851240c7f90bd329f528516490a6c58829f1252331f2a8b
其中,
-d 或者 --detach表示在後臺跑container,並打印container id。
-p 或者 --publish=80:80表示宿主機端口80映射到container 端口80。
--name表示容器名稱,如果不指定,會隨機生成一個。
nginx 是image映像名稱。如果本地沒有,會從遠程倉庫下載。
查看nginx是否啓動成功:
[lanyang@localhost ~]$ ps -ef | grep docker
root 3848 1 0 10:38 ? 00:00:07 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 9356 3848 0 13:44 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 80
root 9361 3847 0 13:44 ? 00:00:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/6e63e3609cec782c2851240c7f90bd329f528516490a6c58829f1252331f2a8b -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
lanyang 9453 8394 0 13:44 pts/2 00:00:00 grep --color=auto docker
[lanyang@localhost ~]$ ps -ef | grep nginx
root 9376 9361 0 13:44 ? 00:00:00 nginx: master process nginx -g daemon off;
101 9408 9376 0 13:44 ? 00:00:00 nginx: worker process
lanyang 9461 8394 0 13:45 pts/2 00:00:00 grep --color=auto nginx
[lanyang@localhost ~]$
瀏覽器中打開頁面:
查看所有正在運行的container, 可以使用 docker container ls或docker ps:
[lanyang@localhost ~]$ sudo docker container ls
[sudo] lanyang 的密碼:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e63e3609cec nginx "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp webserver
[lanyang@localhost ~]$
[lanyang@localhost ~]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied
[lanyang@localhost ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e63e3609cec nginx "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp webserver
[lanyang@localhost ~]$
[lanyang@localhost ~]$
在容器中執行命令, 可以使用docker exec:
[lanyang@localhost ~]$ docker exec -it webserver ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys us
[lanyang@localhost ~]$ docker exec -it webserver bash
root@050a81998307:/#
root@050a81998307:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
其中,
-it 表示通過交互式終端連接到容器
webserver是容器的名稱, ls是在容器中執行的命令。
停止container:
[lanyang@localhost ~]$ sudo docker container stop webserver
webserver
[lanyang@localhost ~]$ sudo docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
查看所有container,包括已停止的container:
[lanyang@localhost ~]$ sudo docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e63e3609cec nginx "nginx -g 'daemon of…" 18 minutes ago Exited (0) 11 seconds ago webserver
4735d21ed463 hello-world "/hello" 2 hours ago Exited (0) 2 hours ago optimistic_feistel
刪除container:
[lanyang@localhost ~]$ sudo docker container rm webserver
webserver
[lanyang@localhost ~]$ sudo docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4735d21ed463 hello-world "/hello" 2 hours ago Exited (0) 2 hours ago optimistic_feistel
查看image:
[lanyang@localhost ~]$ sudo docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 5ad3bd0e67a9 9 days ago 127MB
hello-world latest fce289e99eb9 13 months ago 1.84kB
刪除image:
[lanyang@localhost ~]$ sudo docker image rm nginx
Untagged: nginx:latest
Untagged: nginx@sha256:70821e443be75ea38bdf52a974fd2271babd5875b2b1964f05025981c75a6717
Deleted: sha256:5ad3bd0e67a9c542210a21a3c72f56ef6387cf9b7f4c2506d2398d55a2593ed0
Deleted: sha256:b69e2ed46519bc33e7c887967e4f61a2ee53aef165b70f75e208937fb42e7b4c
Deleted: sha256:4cb7f732537bf0f65cd9f8f7b63bbe71abcf9d0df396f58621ef3be0b2487b27
Deleted: sha256:556c5fb0d91b726083a8ce42e2faaed99f11bc68d3f70e2c7bbce87e7e0b3e10
[lanyang@localhost ~]$ sudo docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest fce289e99eb9 13 months ago 1.84kB
爲非root用戶授權
docker安裝後,默認會創建docker用戶組,可以在
/etc/group中查看。如果沒有,可以通過以下命令創建:
$ sudo groupadd docker
接着將當前用戶加到docker用戶組中:
$ sudo gpasswd -a${USER} docker
正在將用戶“lanyang”加入到“docker”組中
最後重啓docker服務,使之生效:
sudo systemctl retart docker
這樣,執行Docker命令就不需要使用sudo權限了。