Docker基础
Docker学习
Docker概念
Docker基本概念
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的Linux或Windows操作系统的机器上,也可以实现虚拟化,容器是完全使用沙箱机制,相互之间不会有任何接口。
Linux操作系统本身从系统层面就支持虚拟化技术LXC,LXC有三大特色:
cgroup
Linux Cgroups (Control Groups )提供了对组进程及将来子进程的资源限制、控制和统计的能力,这些资源包括 CPU、内存、存储、网络等 通过 Cgroups ,可以方便地限制某个进程的资源占用,并且可以实时地监控进程的监控和统计信息
namespace
Linux Namespace是Kernel的一个功能,它可以隔离一系列的系统资源,比如PID、UserID、Netwokr等。
unionFS
Union File System(UnionFS): 将其他文件系统联合到一个联合挂载点的文件系统服务。它使用branch把不同文件系统的文件和目录透明的覆盖,形成一个单一一致的文件系统,当对这个联合文件系统进行写操作时,系统是真正写到了一个新的文件中,这个虚拟后的联合文件系统是可以对任何文件进行操作的,但是它并没有改变原来的文件,因为unionfs用到了一个重要的资源管理技术,叫做写时复制。
写时复制(Copy-on-write,CoW): 是一种对可修改的资源实现高校复制的资源管理技术。它的思想是,如果一个资源是重复的没有任何修改,这时并不需要立即创建一个新的资源,这个资源可以被新旧实例共享。创建新资源发生在第一次写操作,也就是对资源进行修改的时候。通过这种资源共享的方式,可以显著地减少未修改资源复制带来的消耗,但是资源也会在进行资源修改时增加小部分的开销。
虚拟化技术
虚拟化分类
SaaS(软件即服务)
SaaS,是Software-as-a-Service的缩写名称,意思为软件即服务,即通过网络提供软件服务;简单来说用户需要使用某款软件直接双击进行运行,无需对软件进行下载安装等等。由SaaS进行提供,例如Office365
- 各互联网的应用
PaaS(平台即服务)
PaaS是(Platform as a Service)的缩写,是指平台即服务。 把服务器平台作为一种服务提供的商业模式,通过网络进行程序提供的服务称之为SaaS;简单来说就是通过互联网提供:(虚拟化)硬件+(各种)软件环境平台,例如做开发无需自行构建系统+编译环境,由PaaS进行提供。
- Docker
- LXC
- OpenShitf
IaaS(基础设施即服务)
IaaS(Infrastructure as a Service),即基础设施即服务。指把IT基础设施作为一种服务通过网络对外提供;简单来说就是通过网络向用户提供一套基础的硬件设施(CPU、内存、主板、网卡…..)。常见的如阿里云的云服务器,在购买时选择各种的硬件配置…
- 阿里云ECS
传统虚拟化与容器
传统虚拟技术:
通过虚拟化技术模拟出一整套硬件设施,然后在此基础上安装一套完整的操作系统,并在这个系统上面安装和运行软件
容器技术:
直接运行在宿主机的内核,容器是没有自己的内核;每个容器都是互相隔离互不影响,每个容器都有自己的文件系统
Docker安装部署
Docker的基本组成
- 仓库(Repository):
- 用于存放镜像的地方;
- 仓库分类:
- 公有仓库:Docker_Hub、阿里云等
- 私有仓库:自行创建
- 镜像(Image):
- Docker镜像类似一个模板,可以通过模板进行创建容器
- 一个镜像可以创建多个容器
- 容器(Container):
- 利用容器技术,独立运行一个或一组应用,通过镜像来进行创建
Docker安装
准备系统环境
- 操作系统
- 操作系统:RedHat8.4(CentOS亦可)
- CPU:x4
- 内存:4GB
- 内核:4.18.0-305.el8.x86_64
1 | [root@node1 ~]# uname -a |
卸载旧版本
如果有安装旧版本先进行卸载,我这是全新的系统所以不用执行以下操作
1 | [root@node1 ~]# dnf remove docker\ |
安装方式
Docker的安装方法有主要有3中,本文档主要介绍在线安装
- 设置Docker的存储库并从中进行安装,以便后续进行升级
- 下载RPM包进行手动安装或升级,在无法访问互联网的情况下使用
- 在特殊环境中使用自动化进行安装Docker
使用存储库进行在线安装
设置存储库
由于国外镜像站速度鸡肋,这里我们使用阿里云的镜像
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21[root@node1 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
--2021-12-09 01:38:19-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 110.188.28.225, 110.188.28.226, 110.188.28.230, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|110.188.28.225|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1919 (1.9K) [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/docker-ce.repo’
/etc/yum.repos.d/docker-ce.re 100%[=================================================>] 1.87K --.-KB/s in 0s
2021-12-09 01:38:19 (53.8 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [1919/1919]
[root@node1 ~]# dnf makecache
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Docker CE Stable - x86_64 12 kB/s | 19 kB 00:01
Metadata cache created.
[root@node1 ~]#安装Docker引擎
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18由于我的RedHat8.4存在Podman、cockpit等软件包与Docker有冲突所以加了--allowerasing参数
[root@node1 ~]# dnf -y install docker-ce docker-ce-cli containerd.io --allowerasing
...
Verifying : buildah-1.19.7-1.module+el8.4.0+10607+f4da7515.x86_64 6/9
Verifying : cockpit-podman-29-2.module+el8.4.0+10607+f4da7515.noarch 7/9
Verifying : podman-3.0.1-6.module+el8.4.0+10607+f4da7515.x86_64 8/9
Verifying : podman-catatonit-3.0.1-6.module+el8.4.0+10607+f4da7515.x86_64 9/9
Installed products updated.
Installed:
containerd.io-1.4.12-3.1.el8.x86_64 docker-ce-3:20.10.11-3.el8.x86_64 docker-ce-rootless-extras-20.10.11-3.el8.x86_64
libcgroup-0.41-19.el8.x86_64
Removed:
buildah-1.19.7-1.module+el8.4.0+10607+f4da7515.x86_64 cockpit-podman-29-2.module+el8.4.0+10607+f4da7515.noarch
podman-3.0.1-6.module+el8.4.0+10607+f4da7515.x86_64 podman-catatonit-3.0.1-6.module+el8.4.0+10607+f4da7515.x86_64
Complete!
[root@node1 ~]#启动并设置Docker为开机自启
1
2
3[root@node1 ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@node1 ~]#查看Docker版本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30[root@node1 ~]# docker version
Client: Docker Engine - Community
Version: 20.10.11
API version: 1.41
Go version: go1.16.9
Git commit: dea9396
Built: Thu Nov 18 00:36:58 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.11
API version: 1.41 (minimum version 1.12)
Go version: go1.16.9
Git commit: 847da18
Built: Thu Nov 18 00:35:20 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@node1 ~]#测试Docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34[root@node1 ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
此消息显示您的安装似乎工作正常。
This message shows that your installation appears to be working correctly.
为了生成此消息,Docker采取了以下步骤:
To generate this message, Docker took the following steps:
Docker客户端已联系Docker守护程序。
1. The Docker client contacted the Docker daemon.
Docker守护进程从Docker中心提取“hello world”映像。(amd64)
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
Docker守护进程从运行生成当前正在读取的输出的可执行文件。
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
Docker守护进程将该输出流式传输到Docker客户端,后者将其发送到你的终点站
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@node1 ~]#
卸载Docker
如需卸载请按照如下步骤
卸载 Docker Engine、CLI 和 Containerd 包:
1
dnf -y remove docker-ce docker-ce-cli containerd.io
主机上的映像、容器、卷或自定义配置文件不会自动删除。删除所有镜像、容器和卷:
1
2rm -rf /var/lib/docker
rm -rf /var/lib/containerd
Docker命令
掌握本图片的命令以及常用参数算是掌握Docker常用操作了
帮助命令
1
2
3docker version # 显示版本信息
docker info # 显示docker系统详细信息
docker 命令 --help # 显示命令的详细帮助docker命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105[root@node1 ~]# docker
docker命令格式
docker [可选选项] 命令
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
选项
Options:
# 客户端配置文件地址(默认在"/root/.docker")
--config string Location of client config files (default "/root/.docker")
# 用于连接到守护进程的上下文的名称
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and
default context set with "docker context use")
# 开启调试模式
-D, --debug Enable debug mode
# 连接到的守护程序套接字
-H, --host list Daemon socket(s) to connect to
# 设置日志记录级别(“调试”|“信息”|“警告”|“错误”|“致命”)(默认为“信息”)
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
# 使用TLS证书
--tls Use TLS; implied by --tlsverify
# 仅由此CA签署的信任证书
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
# TLS证书文件的路径(默认在"/root/.docker/cert.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
# TLS密钥文件的路径(默认在"/root/.docker/key.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
# 使用TLS并验证远程
--tlsverify Use TLS and verify the remote
# 打印版本信息并退出
-v, --version Print version information and quit
管理命令
Management Commands:
app* Docker App (Docker Inc., v0.9.1-beta3) # Docker应用
builder Manage builds # 管理构建
buildx* Build with BuildKit (Docker Inc., v0.6.3-docker) # 使用BuildKit构建
config Manage Docker configs # 管理Docker配置
container Manage containers #管理容器
context Manage contexts # 管理上下文
image Manage images # 管理镜像
manifest Manage Docker image manifests and manifest lists # 管理Docker映像清单和清单列表
network Manage networks # 管理网络
node Manage Swarm nodes # 管理群集节点
plugin Manage plugins # 管理插件
scan* Docker Scan (Docker Inc., v0.9.0) # Docker扫描
secret Manage Docker secrets # 管理Docker机密
service Manage services # 管理服务
stack Manage Docker stacks # 管理Docker堆栈
swarm Manage Swarm # 管理群集
system Manage Docker # 管理Docker
trust Manage trust on Docker images # 管理对Docker映像的信任
volume Manage volumes # 管理卷
命令
Commands:
# 将本地标准输入、输出和错误流附加到正在运行的容器
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile # 从Dockerfile生成映像
commit Create a new image from a container's changes # 根据容器的更改创建新图像
# 在容器和本地文件系统之间复制文件/文件夹
cp Copy files/folders between a container and the local filesystem
create Create a new container # 创建一个新容器
# 检查对容器文件系统上的文件或目录的更改
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server # 从服务器获取实时事件
exec Run a command in a running container # 在正在运行的容器中运行命令
export Export a container's filesystem as a tar archive # 将容器的文件系统导出为tar归档
history Show the history of an image # 显示镜像的历史记录
images List images # 列出镜像
import Import the contents from a tarball to create a filesystem image # 从tarball导入内容以创建文件系统映像
info Display system-wide information # 显示系统范围的信息
inspect Return low-level information on Docker objects # 返回有关Docker对象的低级信息
kill Kill one or more running containers # 杀死一个或多个正在运行的容器
load Load an image from a tar archive or STDIN # 从tar存档或STDIN加载镜像
login Log in to a Docker registry # 登录到Docker注册表
logout Log out from a Docker registry # 从Docker注册表注销
logs Fetch the logs of a container # 获取容器的日志
pause Pause all processes within one or more containers # 暂停一个或多个容器中的所有进程
port List port mappings or a specific mapping for the container # 列出容器的端口映射或特定映射
ps List containers # 列出容器
pull Pull an image or a repository from a registry # 从注册表中提取镜像或存储库
push Push an image or a repository to a registry # 将镜像或存储库推送到注册表
rename Rename a container # 重命名容器
restart Restart one or more containers # 重新启动一个或多个容器
rm Remove one or more containers # 移除一个或多个容器
rmi Remove one or more images # 删除一个或多个镜像
run Run a command in a new container # 在新容器中运行命令
# 将一个或多个镜像保存到tar存档(默认情况下流式传输到stdout)
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images # 在Docker Hub中搜索镜像
start Start one or more stopped containers # 启动一个或多个停止的容器
stats Display a live stream of container(s) resource usage statistics # 显示容器资源使用统计信息的实时流
stop Stop one or more running containers # 停止一个或多个正在运行的容器
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE # 创建引用源镜像的标记目标镜像;给镜像打标签
top Display the running processes of a container # 显示容器的运行进程
unpause Unpause all processes within one or more containers # 取消暂停一个或多个容器中的所有进程
update Update configuration of one or more containers # 更新一个或多个容器的配置
version Show the Docker version information # 显示Docker版本信息
# 阻止,直到一个或多个容器停止,然后打印其出口代码
wait Block until one or more containers stop, then print their exit codes
有关命令的详细信息,请运行“docker 命令 --help”。
Run 'docker COMMAND --help' for more information on a command.
[root@node1 ~]#
镜像命令
docker images
查询本地所有的镜像
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18[root@node1 ~]# docker images
存储库 标签 镜像ID 创建时间 大小
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 2 months ago 13.3kB
[root@node1 ~]# docker images --help
Usage: docker images [OPTIONS] [REPOSITORY[:TAG]]
List images
Options:
-a, --all Show all images (default hides intermediate images) # 显示所有镜像
--digests Show digests # 显示摘要
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template # 根据提供的条件筛选输出
--no-trunc Don't truncate output # 不要截断输出
-q, --quiet Only show image IDs # 仅显示镜像ID
[root@node1 ~]#docker search
搜索镜像命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45[root@node1 ~]# docker search nginx
镜像名称 描述 星星 正式的 自动化
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 15928 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 2101 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 820 [OK]
jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 288
linuxserver/nginx An Nginx container, brought to you by LinuxS… 160
tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 147 [OK]
jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 145 [OK]
alfg/nginx-rtmp NGINX, nginx-rtmp-module and FFmpeg from sou… 111 [OK]
nginxdemos/hello NGINX webserver that serves a simple page co… 79 [OK]
privatebin/nginx-fpm-alpine PrivateBin running on an Nginx, php-fpm & Al… 61 [OK]
nginx/nginx-ingress NGINX and NGINX Plus Ingress Controllers fo… 57
nginxinc/nginx-unprivileged Unprivileged NGINX Dockerfiles 55
nginxproxy/nginx-proxy Automated Nginx reverse proxy for docker con… 29
staticfloat/nginx-certbot Opinionated setup for automatic TLS certs lo… 25 [OK]
nginx/nginx-prometheus-exporter NGINX Prometheus Exporter for NGINX and NGIN… 22
schmunk42/nginx-redirect A very simple container to redirect HTTP tra… 19 [OK]
centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 16
centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 13
bitwarden/nginx The Bitwarden nginx web server acting as a r… 11
flashspys/nginx-static Super Lightweight Nginx Image 11 [OK]
mailu/nginx Mailu nginx frontend 9 [OK]
sophos/nginx-vts-exporter Simple server that scrapes Nginx vts stats a… 7 [OK]
ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 3 [OK]
wodby/nginx Generic nginx 1 [OK]
arnau/nginx-gate Docker image with Nginx with Lua enabled on … 1 [OK]
[root@node1 ~]# docker search --help
Usage: docker search [OPTIONS] TERM
Search the Docker Hub for images
Options:
-f, --filter filter Filter output based on conditions provided # 根据提供的条件筛选输出
--format string Pretty-print search using a Go template
--limit int Max number of search results (default 25) # 最大搜索结果数(默认值25)
--no-trunc Don't truncate output # 不要截断输出
[root@node1 ~]# docker search tomcat -f STARS=1000 # 根据条件进行筛选
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
tomcat Apache Tomcat is an open source implementati… 3193 [OK]
[root@node1 ~]#docker pull
下载镜像
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60[root@node1 ~]# docker pull
"docker pull" requires exactly 1 argument.
See 'docker pull --help'.
Usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Pull an image or a repository from a registry
[root@node1 ~]# docker pull --help
用法: docker pull [选项] NAME[:Tag|@DIGEST] # []表示可选可不选
Usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Pull an image or a repository from a registry
Options:
-a, --all-tags Download all tagged images in the repository # 下载存储库中所有标记的镜像
--disable-content-trust Skip image verification (default true) # 跳过镜像验证(默认为开启)
# 如果服务器支持多平台,则设置平台
--platform string Set platform if server is multi-platform capable
-q, --quiet Suppress verbose output # 抑制详细输出
[root@node1 ~]#
[root@node1 ~]# docker pull mysql
Using default tag: latest # 使用默认标记:最新
latest: Pulling from library/mysql # 最新版本:从库/mysql中提取
ffbb094f4f9e: Pull complete # 分层下载,Docker的核心,联合文件系统
df186527fc46: Pull complete
fa362a6aa7bd: Pull complete
5af7cb1a200e: Pull complete
949da226cc6d: Pull complete
bce007079ee9: Pull complete
eab9f076e5a3: Pull complete
8a57a7529e8d: Pull complete
b1ccc6ed6fc7: Pull complete
b4af75e64169: Pull complete
3aed6a9cd681: Pull complete
23390142f76f: Pull complete
Digest: sha256:ff9a288d1ecf4397967989b5d1ec269f7d9042a46fc8bc2c3ae35458c1a26727 # 摘要校验
Status: Downloaded newer image for mysql:latest # 状态:已下载mysql的较新镜像:最新
docker.io/library/mysql:latest # 真实地址
[root@node1 ~]#
[root@node1 ~]# docker pull mysql:5.7 # 指定版本下载,一定是官方有支持的版本!
5.7: Pulling from library/mysql
ffbb094f4f9e: Already exists # Already exists表示已经存在
df186527fc46: Already exists
fa362a6aa7bd: Already exists
5af7cb1a200e: Already exists
949da226cc6d: Already exists
bce007079ee9: Already exists
eab9f076e5a3: Already exists
c7b24c3f27af: Pull complete
6fc26ff6705a: Downloading [=============> ] 29.4MB/108.6MB
6fc26ff6705a: Pull complete
bec5cdb5e7f7: Pull complete
6c1cb25f7525: Pull complete
Digest: sha256:d1cc87a3bd5dc07defc837bc9084f748a130606ff41923f46dec1986e0dc828d
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7
[root@node1 ~]#docker images
查看本机镜像
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22[root@node1 ~]# docker images
存储库 #标签 #镜像ID # 创建时间 # 大小
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 738e7101490b 8 days ago 448MB
mysql latest bbf6571db497 8 days ago 516MB
hello-world latest feb5d9fea6a5 2 months ago 13.3kB
[root@node1 ~]#
[root@node1 ~]# docker images --help
Usage: docker images [OPTIONS] [REPOSITORY[:TAG]]
List images
Options:
# 显示所有镜像(默认隐藏中间镜像)
-a, --all Show all images (default hides intermediate images)
--digests Show digests # 显示摘要
-f, --filter filter Filter output based on conditions provided # 根据提供的条件筛选输出
--format string Pretty-print images using a Go template # 使用Go模板打印镜像
--no-trunc Don't truncate output # 不要截断输出
-q, --quiet Only show image IDs # 仅显示镜像ID
docker rmi
删除镜像
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27[root@node1 ~]# docker images # 查询镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 738e7101490b 8 days ago 448MB
mysql latest bbf6571db497 8 days ago 516MB
hello-world latest feb5d9fea6a5 2 months ago 13.3kB
[root@node1 ~]# docker rmi 738 # 删除镜像id为738开头的
Untagged: mysql:5.7
Untagged: mysql@sha256:d1cc87a3bd5dc07defc837bc9084f748a130606ff41923f46dec1986e0dc828d
Deleted: sha256:738e7101490b45decf606211a5437ed87aa6a82f1ff03c354564bf9375ce20f9
Deleted: sha256:addad8cfeac97b96eb6652a576269346ac96def9a6709ed2388e24fff4345837
Deleted: sha256:e288c3439a7e2f423f50bf22979a759371c51a70bbbaa450993c336978460b1a
Deleted: sha256:33ece15accaa3bb20e3dee84e2e4501469b917c3abba3d5475cd1fec8bb3e82c
Deleted: sha256:6b15390bceeca8424d82e75f5c9aca5eb4693f96849d6382168a99747877693d
[root@node1 ~]# docker images # 查询镜像发现镜像id738开头的mysql5.7已经被删除了
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql latest bbf6571db497 8 days ago 516MB
hello-world latest feb5d9fea6a5 2 months ago 13.3kB
[root@node1 ~]#
[root@node1 ~]# docker rmi --help
Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
Remove one or more images
Options:
-f, --force Force removal of the image # 强制删除镜像
--no-prune Do not delete untagged parents # 不要删除未标记的父项1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23批量删除所有镜像 $(将查询出镜像作为rmi的输入)
[root@node1 ~]# docker rmi -f $(docker images -qa)
Untagged: mysql:latest
Untagged: mysql@sha256:ff9a288d1ecf4397967989b5d1ec269f7d9042a46fc8bc2c3ae35458c1a26727
Deleted: sha256:bbf6571db4977fe13c3f4e6289c1409fc6f98c2899eabad39bfe07cad8f64f67
Deleted: sha256:a72da99dce60d6f8d4c4cffa4173153c990537fcdfaa27c35324c3348d55dd5c
Deleted: sha256:8b535d432ef2fbd45d93958347b2587c5cbe334f07d6909ad9d2d480ebbafb65
Deleted: sha256:14d13a3b33fc76839f156cd24b4636dab121e6d3d026cefa2985a4b89e9d4df8
Deleted: sha256:77c21a5a897a1ba752f3d742d6c94ee7c6b0e373fd0aeecc4bf88b9a3982007e
Deleted: sha256:189162becec8bb4588c54fb4ea7e62d20121812e68aeb0291fb4bb5df9ec0985
Deleted: sha256:34980dadfd6a5bb9d7f9e8d4e408000e0a8f4840cc7d3092dc94357ebe7a89b6
Deleted: sha256:15b2beb64a91785c8f3709ecd2410d13577b3174faad164524434ce6a7633506
Deleted: sha256:e38dd14d47b61171927ea4b928f7296123b65a81ad1cfde8f5d00cadf1e81bbb
Deleted: sha256:865abdfd8444741f581ce582e4ac5746c4a00c282febf65aa808a235ec7abf78
Deleted: sha256:b1e35233e1ac953bd06fc8fa83afb3a88c39c1aeae0c89a46cb1b652d6821b38
Deleted: sha256:3bcfdf6641227ff63e3ddf9e38e45cf317b178a50a664e45c6ae596107d5bc46
Deleted: sha256:f11bbd657c82c45cc25b0533ce72f193880b630352cc763ed0c045c808ff9ae1
Untagged: hello-world:latest
Untagged: hello-world@sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
Deleted: sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
[root@node1 ~]#
删除多个镜像
[root@node1 ~]# docker rmi 镜像id1 镜像id2 ...
容器命令
在创建容器之前,得先下载一个镜像
1 | [root@node1 ~]# docker pull centos |
docker run
运行容器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134[root@node1 ~]# docker run --help
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Run a command in a new container
Options:
--add-host list Add a custom host-to-IP mapping (host:ip) # 添加自定义主机到IP映射(主机:IP)
-a, --attach list Attach to STDIN, STDOUT or STDERR # 连接到标准输入、标准输出或标准输出
# 块IO(相对权重),介于10和1000之间,或0禁用(默认为0)
--blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
# 块IO权重(相对设备权重)(默认值[])
--blkio-weight-device list Block IO weight (relative device weight) (default [])
--cap-add list Add Linux capabilities # 添加Linux功能
--cap-drop list Drop Linux capabilities # 放弃Linux功能
--cgroup-parent string Optional parent cgroup for the container # 容器的可选父cgroup
--cgroupns string Cgroup namespace to use (host|private) # 要使用的Cgroup命名空间(主机|专用)
# 在Docker主机的cgroup命名空间中运行容器
'host': Run the container in the Docker host's cgroup namespace
# 在其自己的私有cgroup命名空间中运行容器
'private': Run the container in its own private cgroup namespace
# 使用由配置的cgroup命名空间守护进程上的默认cgroupns模式选项(默认)
'': Use the cgroup namespace as configured by the
default-cgroupns-mode option on the daemon (default)
--cidfile string Write the container ID to the file # 将容器ID写入文件
# 限制CPU CFS(完全公平调度程序)周期
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
# 限制CPU CFS(完全公平调度程序)配额
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
# 以微秒为单位限制CPU实时周期
--cpu-rt-period int Limit CPU real-time period in microseconds
# 以微秒为单位限制CPU实时运行时间
--cpu-rt-runtime int Limit CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight) # CPU份额(相对权重)
--cpus decimal Number of CPUs # CPU数量
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) # 允许执行的CPU(0-3,0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1) # 允许执行的MEMs(0-3,0,1)
-d, --detach Run container in background and print container ID # 在后台运行容器并打印容器ID
# 覆盖用于分离容器的键序列
--detach-keys string Override the key sequence for detaching a container
# 将主机设备添加到容器中
--device list Add a host device to the container
# 将规则添加到cgroup allowed devices列表
--device-cgroup-rule list Add a rule to the cgroup allowed devices list
# 限制设备的读取速率(每秒字节数)(默认值[])
--device-read-bps list Limit read rate (bytes per second) from a device (default [])
# 限制设备的读取速率(IO/秒)(默认值[])
--device-read-iops list Limit read rate (IO per second) from a device (default [])
# 限制对设备的写入速率(每秒字节数)(默认值[])
--device-write-bps list Limit write rate (bytes per second) to a device (default [])
# 限制对设备的写入速率(IO/秒)(默认值[])
--device-write-iops list Limit write rate (IO per second) to a device (default [])
# 跳过镜像验证(默认为开启)
--disable-content-trust Skip image verification (default true)
--dns list Set custom DNS servers # 设置自定义DNS服务器
--dns-option list Set DNS options # 设置DNS选项
--dns-search list Set custom DNS search domains # 设置自定义DNS搜索域
--domainname string Container NIS domain name # 容器NIS域名
--entrypoint string Overwrite the default ENTRYPOINT of the image # 覆盖图像的默认入口点
-e, --env list Set environment variables # 设置环境变量
--env-file list Read in a file of environment variables # 读入环境变量文件
--expose list Expose a port or a range of ports # 公开一个端口或一系列端口
# 要添加到容器中的GPU设备(“全部”用于传递所有GPU)
--gpus gpu-request GPU devices to add to the container ('all' to pass all GPUs)
--group-add list Add additional groups to join # 添加要加入的其他组
--health-cmd string Command to run to check health # 要运行以检查运行状况的命令
# 运行检查之间的时间(ms | s | m | h)(默认为0秒)
--health-interval duration Time between running the check (ms|s|m|h) (default 0s)
--health-retries int Consecutive failures needed to report unhealthy # 需要报告连续故障
--health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) # 开始运行状况重试倒计时之前要初始化的容器的开始时间(ms | s | m | h)(默认为0s)
# 允许运行一次检查的最长时间(ms | s | m | h)(默认为0秒)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help Print usage # 打印使用帮助
-h, --hostname string Container host name # 容器主机名
# 在容器内运行一个init,它转发信号并接收进程
--init Run an init inside the container that forwards signals and reaps processes
# 即使未连接,也保持标准输入打开
-i, --interactive Keep STDIN open even if not attached
--ip string IPv4 address (e.g., 172.30.100.104) # IPv4地址(例如172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33) # IPv6地址(例如,2001:db8::33)
--ipc string IPC mode to use # 要使用的IPC模式
--isolation string Container isolation technology # 容器隔离技术
--kernel-memory bytes Kernel memory limit # 内核内存限制
-l, --label list Set meta data on a container # 在容器上设置元数据
--label-file list Read in a line delimited file of labels # 读入以行分隔的标签文件
--link list Add link to another container # 添加指向另一个容器的链接
--link-local-ip list Container IPv4/IPv6 link-local addresses # 容器IPv4/IPv6链路本地地址
--log-driver string Logging driver for the container # 容器的日志记录驱动程序
--log-opt list Log driver options # 日志驱动程序选项
--mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) # 容器MAC地址(例如,92:d0:c6:0a:29:33)
-m, --memory bytes Memory limit # 内存限制
--memory-reservation bytes Memory soft limit # 内存软限制
# 交换限制等于内存加交换:'-1'以启用无限制交换
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
# 调整容器内存交换(0到100)(默认值-1)
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--mount mount Attach a filesystem mount to the container # 将文件系统装载附加到容器
--name string Assign a name to the container # 为容器指定一个名称
--network network Connect a container to a network # 将容器连接到网络
--network-alias list Add network-scoped alias for the container # 为容器添加网络范围的别名
--no-healthcheck Disable any container-specified HEALTHCHECK # 禁用任何指定的容器HEALTHCHECK
--oom-kill-disable Disable OOM Killer # 禁用OOM杀手
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000) # 调整主机的OOM首选项(-1000到1000)
--pid string PID namespace to use # 要使用的PID命名空间
--pids-limit int Tune container pids limit (set -1 for unlimited) # 调整容器pids限制(设置为-1表示无限制)
--platform string Set platform if server is multi-platform capable # 如果服务器支持多平台,则设置平台
--privileged Give extended privileges to this container # 为此容器授予扩展权限
-p, --publish list Publish a container's port(s) to the host # 将容器的端口发布到主机
-P, --publish-all Publish all exposed ports to random ports # 将所有公开端口发布到随机端口
# 运行前拉取图像(“始终”|“缺少”|“从不”)(默认为“缺少”)
--pull string Pull image before running ("always"|"missing"|"never") (default "missing")
--read-only Mount the container's root filesystem as read only # 以只读方式装载容器的根文件系统
# 容器退出时应用的重新启动策略(默认为“否”)
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits # 当容器退出时自动将其移除
--runtime string Runtime to use for this container # 用于此容器的运行时
--security-opt list Security Options # 安全选项
--shm-size bytes Size of /dev/shm # /dev/shm的大小
--sig-proxy Proxy received signals to the process (default true) # 代理接收到进程的信号(默认为true)
--stop-signal string Signal to stop a container (default "SIGTERM") # 停止容器的信号(默认为“SIGTERM”)
--stop-timeout int Timeout (in seconds) to stop a container # 停止容器的超时(秒)
--storage-opt list Storage driver options for the container # 容器的存储驱动程序选项
--sysctl map Sysctl options (default map[]) # Sysctl选项(默认映射[])
--tmpfs list Mount a tmpfs directory # 安装tmpfs
-t, --tty Allocate a pseudo-TTY # 分配一个伪TTY
--ulimit ulimit Ulimit options (default []) # Ulimit选项(默认值[])
# 用户名或UID(格式:<name | UID>[:<group | gid>)
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use # 要使用的用户命名空间
--uts string UTS namespace to use # 要使用的名称空间
-v, --volume list Bind mount a volume # 绑定并装入卷
--volume-driver string Optional volume driver for the container # 容器的可选卷驱动程序
--volumes-from list Mount volumes from the specified container(s) # 从指定容器装入卷
-w, --workdir string Working directory inside the container # 容器内的工作目录1
2
3
4
5
6
7
8
9
10
11
12
13常用参数
--name='xxx' 设置容器名称用于区分容器
-d 后台运行
-it 使用交互方式运行
-p 指定容器端口 -p 8080:8080/主机端口:容器端口
-P 随机指定端口
示例
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5d0da3dc9764 2 months ago 231MB
[root@node1 ~]# docker run -it 5d /bin/bash
[root@b267d2d19ef4 /]# # 已经进入到容器
[root@b267d2d19ef4 /]# exitdocker ps
列出所有运行中的容器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21[root@node1 ~]# docker ps --help
Usage: docker ps [OPTIONS]
List containers
Options:
-a, --all Show all containers (default shows just running) # 显示所有容器(默认显示正在运行)
-f, --filter filter Filter output based on conditions provided # 根据提供的条件筛选输出
--format string Pretty-print containers using a Go template
# 显示n个上次创建的容器(包括所有状态)(默认值-1)
-n, --last int Show n last created containers (includes all states) (default -1)
-l, --latest Show the latest created container (includes all states) # 显示最新创建的容器(包括所有状态)
--no-trunc Don't truncate output # 不要截断输出
-q, --quiet Only display container IDs # 仅显示容器ID
-s, --size Display total file sizes # 显示总文件大小
[root@node1 ~]# docker ps -a
容器ID #镜像 # 命令 # 创建时间 # 状态 # 端口 # 容器名称
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe8edecbd757 centos "/bin/bash" 13 seconds ago Exited (0) 11 seconds ago mystifying_satoshi
2c3fb40f1d3e centos "/bin/bash" 6 minutes ago Up 3 minutes exciting_morse退出容器
1
2exit #直接退出容器
Ctrl + q + p #不停止容器并退出docker rm
删除容器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22[root@node1 ~]# docker rm --help
Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
Remove one or more containers
Options:
# 强制移除正在运行的容器(使用SIGKILL)
-f, --force Force the removal of a running container (uses SIGKILL)
-l, --link Remove the specified link # 删除指定的链接
-v, --volumes Remove anonymous volumes associated with the container # 删除与容器关联的匿名卷
[root@node1 ~]# docker ps -a # 查看所有容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe8edecbd757 centos "/bin/bash" 7 minutes ago Exited (0) 7 minutes ago mystifying_satoshi
2c3fb40f1d3e centos "/bin/bash" 13 minutes ago Up 11 minutes exciting_morse
[root@node1 ~]# docker rm fe8edecbd757 # 删除一个已经停止的容器
fe8edecbd757
[root@node1 ~]# docker ps -a # 再次查看发现已经被删除了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2c3fb40f1d3e centos "/bin/bash" 14 minutes ago Up 11 minutes exciting_morse
[root@node1 ~]#容器的启动删除退出
1
2
3
4docker start 容器ID # 启动容器
docker stop 容器ID # 停止容器
docker restart 容器ID # 重启容器
docker kill 容器ID # 强制停止容器docker exec
以新的TTY进入容器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23[root@node1 ~]# docker exec --help
Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
Run a command in a running container
Options:
-d, --detach Detached mode: run command in the background # 分离模式:在后台运行命令
--detach-keys string Override the key sequence for detaching a container # 覆盖用于分离容器的键序列
-e, --env list Set environment variables # 设置环境变量
--env-file list Read in a file of environment variables # 读入环境变量文件
-i, --interactive Keep STDIN open even if not attached # 即使未连接,也保持标准输入打开
--privileged Give extended privileges to the command # 为命令授予扩展权限
-t, --tty Allocate a pseudo-TTY # 分配一个伪TTY
# 用户名或UID(格式:<name | UID>[:<group | gid>)
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
-w, --workdir string Working directory inside the container # 容器内的工作目录
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5db7847b3285 centos "/bin/bash -c 'while…" 25 minutes ago Up 25 minutes shell3
2c3fb40f1d3e centos "/bin/bash" About an hour ago Up 58 minutes exciting_morse
[root@node1 ~]# docker exec -it 5db /bin/bash
[root@5db7847b3285 /]#docker attach
打开正在运行的TTY
1
2
3
4
5[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5db7847b3285 centos "/bin/bash -c 'while…" 34 minutes ago Up 34 minutes shell3
2c3fb40f1d3e centos "/bin/bash" About an hour ago Up About an hour exciting_morse
[root@node1 ~]# docker attach 5db
其他命令
后台启动容器
1
docker -d
docker log
查看容器日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16[root@node1 ~]# docker logs --help
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
Options:
--details Show extra details provided to logs # 显示提供给日志的其他详细信息
-f, --follow Follow log output # 跟踪日志输出
# 显示自时间戳(例如2013-01-02T13:23:37Z)或相对时间戳(例如42分钟的42m)以来的日志
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
# 从日志末尾显示的行数(默认为“全部”)
-n, --tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps # 显示时间戳
# 在时间戳(例如2013-01-02T13:23:37Z)或相对时间戳(例如42分钟的42m)之前显示日志
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)docker top
查看容器进程
1
2
3
4
5
6
7
8
9[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5db7847b3285 centos "/bin/bash -c 'while…" 3 minutes ago Up 3 minutes shell3
2c3fb40f1d3e centos "/bin/bash" 39 minutes ago Up 36 minutes exciting_morse
[root@node1 ~]# docker top 5db
UID PID PPID C STIME TTY TIME CMD
root 10825 10804 0 22:08 ?
root 11202 10825 0 22:12 ?
[root@node1 ~]#docker inspect
查看容器元数据
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223[root@node1 ~]# docker inspect --help
Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...]
Return low-level information on Docker objects
Options:
-f, --format string Format the output using the given Go template
-s, --size Display total file sizes if the type is container # 如果类型为容器,则显示总文件大小
--type string Return JSON for specified type # 返回指定类型的JSON
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5db7847b3285 centos "/bin/bash -c 'while…" 8 minutes ago Up 8 minutes shell3
2c3fb40f1d3e centos "/bin/bash" 43 minutes ago Up 40 minutes exciting_morse
[root@node1 ~]# docker inspect 5db
[
{
"Id": "5db7847b3285ebb0bc78785808ed597f85c5476e84d24541cc5d135abc199bc2",
"Created": "2021-12-11T14:08:37.31918904Z",
"Path": "/bin/bash",
"Args": [
"-c",
"while true;do echo hhhh;sleep 1;done"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 10825,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-12-11T14:08:37.712499657Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6",
"ResolvConfPath": "/var/lib/docker/containers/5db7847b3285ebb0bc78785808ed597f85c5476e84d24541cc5d135abc199bc2/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/5db7847b3285ebb0bc78785808ed597f85c5476e84d24541cc5d135abc199bc2/hostname",
"HostsPath": "/var/lib/docker/containers/5db7847b3285ebb0bc78785808ed597f85c5476e84d24541cc5d135abc199bc2/hosts",
"LogPath": "/var/lib/docker/containers/5db7847b3285ebb0bc78785808ed597f85c5476e84d24541cc5d135abc199bc2/5db7847b3285ebb0bc78785808ed597f85c5476e84d24541cc5d135abc199bc2-json.log",
"Name": "/shell3",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/c3c47f255c9d1db61b969601df06f580012e1783c6aa2bbbbe03e9bc970d105f-init/diff:/var/lib/docker/overlay2/41ea41b839add0b7e657a3b18b47d03f209199589ea6e20e52503cce2f8d580f/diff",
"MergedDir": "/var/lib/docker/overlay2/c3c47f255c9d1db61b969601df06f580012e1783c6aa2bbbbe03e9bc970d105f/merged",
"UpperDir": "/var/lib/docker/overlay2/c3c47f255c9d1db61b969601df06f580012e1783c6aa2bbbbe03e9bc970d105f/diff",
"WorkDir": "/var/lib/docker/overlay2/c3c47f255c9d1db61b969601df06f580012e1783c6aa2bbbbe03e9bc970d105f/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "5db7847b3285",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash",
"-c",
"while true;do echo hhhh;sleep 1;done"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20210915",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a70d09048c929f2be067a98b10fb37d64287fd39d5fe0001a536fe70c8e9e002",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/a70d09048c92",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "8799f54ad2618d76893aeed3c1dafc959d83e63a7c153555fc0fe946d3c52ce9",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:03",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "d7122c9cff979c8ad84c9d6f473ade3c87f211708febd877b1e6d5b0f50a9d79",
"EndpointID": "8799f54ad2618d76893aeed3c1dafc959d83e63a7c153555fc0fe946d3c52ce9",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]
[root@node1 ~]#docker cp
Docker拷贝命令;用于从Docker中将文件拷贝至主机
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15[root@node1 ~]# docker cp --help
Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
Copy files/folders between a container and the local filesystem
Use '-' as the source to read a tar archive from stdin
and extract it to a directory destination in a container.
Use '-' as the destination to stream a tar archive of a
container source to stdout.
Options:
-a, --archive Archive mode (copy all uid/gid information) # 存档模式(复制所有uid/gid信息)
-L, --follow-link Always follow symbol link in SRC_PATH # 始终遵循SRC_路径中的符号链接1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25使用示例
[root@node1 ~]# docker ps -a # 查看历史容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5db7847b3285 centos "/bin/bash -c 'while…" 2 hours ago Exited (137) 11 minutes ago shell3
df37e27d97c6 centos "/bin/sh -C 'while t…" 2 hours ago Exited (127) 2 hours ago shell2
6e442975e003 centos "/bin/bash -C 'while…" 2 hours ago Exited (127) 2 hours ago shell
2c3fb40f1d3e centos "/bin/bash" 3 hours ago Exited (0) 52 seconds ago exciting_morse
[root@node1 ~]# docker start -a -i 2c # 运行容器
[root@2c3fb40f1d3e /]# echo hello,world > /root/xiaowangc
[root@2c3fb40f1d3e /]# ls /root/
abc anaconda-ks.cfg anaconda-post.log original-ks.cfg xiaowangc
[root@2c3fb40f1d3e /]# # 使用ctrl q p 退出
[root@node1 ~]# docker ps # 查看容器还在运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2c3fb40f1d3e centos "/bin/bash" 3 hours ago Up About a minute exciting_morse
[root@node1 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg
[root@node1 ~]# docker cp 2c:/root/xiaowangc ./
[root@node1 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg xiaowangc
[root@node1 ~]# cat xiaowangc
hello,world
[root@node1 ~]#
如果需要将主机文件考至容器 即: docker cp 主机文件 容器:路径
Docker commit
从容器创建一个新的镜像
1 | [root@node1 ~]# docker commit |
1 | [root@node1 ~]# docker pull tomcat |
1 |
|
容器卷(容器数据持久化)
数据可以存储在容器中,但是一旦将容器进行删除就等同删库跑路了qwq。
Docker对于宿主机来说,只是一个运行在Linux上的应用程序,因此它的的数据存储还是会依赖宿主机,实现数据持久化的两种方式:
Bind Mount
Bind Mount数据持久化的方式,如果挂载本地的一个目录,则对应容器的目录下的内容会被本地的数据覆盖。使用Bind Mount还需要指定本地的某个目录挂载到容器的某个目录。
Docker Manager Volume
Docker Manager Volume相比Bind Mount,挂载目录到容器中数据不会被覆盖,同时也不需要管理员指定从宿主机挂载到容器中的某个目录,只需要指定对容器的某个目录进行挂载,而挂载到宿主机的某个目录是由Docker来进行统一管理。
任一一种方式的持久化都不会在容器被删除后导致数据丢失
Bind Mount
Bind Mount挂载卷有两种方式:
-v [主机路径:]容器路径 [:可选参数]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56[root@node1 ~]# ls /root/ # 查看主机root下并没有docker-volume目录
anaconda-ks.cfg Documents initial-setup-ks.cfg Pictures quick_start.sh Videos
Desktop Downloads Music Public Templates xiaowangc
[root@node1 ~]# docker run --help | grep volume
-v, --volume list Bind mount a volume # 使用方式 -v 宿主机路径:容器路径
--volume-driver string Optional volume driver for the container
--volumes-from list Mount volumes from the specified container(s)
[root@node1 ~]# docker run -it -v /root/docker-volume:/root/docker centos /bin/bash # 启动容器并进行绑定
[root@e8136a876260 /]# ls
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@e8136a876260 /]# touch /root/docker/abc # 在对于的挂载位置创建一个文件
[root@e8136a876260 /]# exit # 退出
exit
[root@node1 ~]# ls /root/docker-volume/ # 查看本机对于的目录位置,可以看到我们之前在容器中创建的abc文件
abc
[root@node1 ~]# docker ps -a # 查看更改创建的容器id
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8136a876260 centos "/bin/bash" 3 minutes ago Exited (0) 3 minutes ago distracted_bose
a1b1c2987c3f fb71 "catalina.sh run" 3 hours ago Exited (143) 5 minutes ago compassionate_fermat
efa6bf9baf15 24 "catalina.sh run" 3 hours ago Exited (143) 3 hours ago hungry_zhukovsky
a1099bfaa7ff tomcat "catalina.sh run" 13 hours ago Exited (143) 11 hours ago clever_carson
ca73206e78db tomcat "catalina.sh run" 13 hours ago Exited (130) 13 hours ago keen_mclean
62d75c8f96c8 tomcat "/bin/bash" 13 hours ago Exited (0) 13 hours ago strange_rhodes
afecd5719875 elasticsearch "/docker-entrypoint.…" 22 hours ago Exited (130) 22 hours ago modest_hawking
[root@node1 ~]# docker inspect e8 # 获取容器元数据
...
"Binds": [
"/root/docker-volume:/root/docker"
],
...
"Mounts": [
{
"Type": "bind", # 类型
"Source": "/root/docker-volume", # 源目录(宿主机路径)
"Destination": "/root/docker", # 目的目录(Docker容器中路径)
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
...
我们试着将容器进行删除
[root@node1 ~]# docker ps -a # 找到更改创建的容器id
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8136a876260 centos "/bin/bash" 10 minutes ago Exited (0) 10 minutes ago distracted_bose
a1b1c2987c3f fb71 "catalina.sh run" 3 hours ago Exited (143) 12 minutes ago compassionate_fermat
efa6bf9baf15 24 "catalina.sh run" 3 hours ago Exited (143) 3 hours ago hungry_zhukovsky
a1099bfaa7ff tomcat "catalina.sh run" 13 hours ago Exited (143) 11 hours ago clever_carson
ca73206e78db tomcat "catalina.sh run" 13 hours ago Exited (130) 13 hours ago keen_mclean
62d75c8f96c8 tomcat "/bin/bash" 13 hours ago Exited (0) 13 hours ago strange_rhodes
afecd5719875 elasticsearch "/docker-entrypoint.…" 22 hours ago Exited (130) 22 hours ago modest_hawking
[root@node1 ~]# docker rm e81 # 删除容器
e81
[root@node1 ~]# ls /root/docker-volume/ # 再次查看发现数据还存在
abc
[root@node1 ~]#下面我们再深入了解一下-v
1 | [root@node1 ~]# man docker run # 有兴趣的可以自己阅读翻译 |
–mount
第二种通过–mount也是官方建议使用的方法,它相比-v跟灵活、可读性高。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28[root@node1 ~]# man docker run # 有兴趣的可以自己阅读翻译
--mount type=TYPE,TYPE-SPECIFIC-OPTION[,...]
Attach a filesystem mount to the container
# 当前支持的装载类型有bind、volume和tmpfs。
Current supported mount TYPES are bind, volume, and tmpfs.
e.g. # 例如
# bind类型(Bind Mount),源地址,目录地址
type=bind,source=/path/on/host,destination=/path/in/container
# volume类型(Docker Manager Volume),源地址,目的地址,卷标,卷标
type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round"
# 前面图上的tmpfs
type=tmpfs,tmpfs-size=512M,destination=/path/in/container
# 常用选项
Common Options:
# 设置源地址
· src, source: mount source spec for bind and volume. Mandatory for bind.
# 设置目的地址
· dst, destination, target: mount destination spec.
# 设置权限
· ro, readonly: true or false (default).
...
Docker Manager Volume
通过上面对–mount参数的了解,我想对使用Docker Manager Volume方法挂载或绑定应该知道改怎么操作了~
下面来实践一下
1 | [root@node1 ~]# docker run -it --mount src=docker_home,dst=/home centos /bin/bash |
聚名和匿名挂载
在通过docker volume ls 查看卷的时候会发现有卷名为哈希值命名的是因为在挂载的时候并未指定卷名,bind不能通过–mount设置卷名,但可以直接使用-v 进行设置例: -v 卷名:容器路径 ,volume方式可以通过–mount 卷名:容器路径进行设置卷名,如果未设置将以哈希值进行命名
1 | [root@node1 ~]# docker volume ls # 查看卷 |
Docker File
此镜像在构建基本镜像(例如
debian和busybox)或超级小镜像(仅包含单个二进制文件和它需要的任何内容,例如hello-world)的上下文中最有用。
CentOS的官方Dockerfile
1 | FROM scratch # 最基础的镜像 |
DockerFile常用命令:
1 | [root@node1 ~]# docker build --help |
1 | [root@node1 docker]# vim Dockerfile |
访问宿主机IP
Docker Network
Docker网络模式
| Docker网络 | 说明 |
|---|---|
| Host | 容器和宿主机共用Network/Port |
| Container | 容器和另外的容器共用Network/Port |
| None | 关闭该容器的网络 |
| Bridge | 容器会分配到属于各自的IP,并连接到Docker0的虚拟网桥,通过Docker0与宿主机通信(默认模式) |
Bridge
桥接(Bridge)网络从上图就可以看出来,我们创建的两台容器是不能直接进行通信而是经过Docker0进行桥接实现的(二层交换)。在创建容器时,如果没有更改容器网络那么容器默认将加入到Docker0中。
通过在宿主机和容器通过命令对网络进行查看,我们还会会看到宿主机和容器的网卡的名称有着微妙的联系,if7-if8、if9-if10…
这里是因为容器使用了veth-pair,veth设备的特点(在Bridge的第一张图就能看出):
- veth设备是成对出现的,另一端两个设备彼此相连
- 一个设备收到协议栈的数据发送请求后,会将数据发送到另一个设备上去
1 | 创建一个新桥并加入容器 |
由Docker默认创建的网络
1 | [root@node1 ~]# docker network create --subnet 192.168.233.0/24 --gateway 192.168.233.254 netWork |
#不同Bridge的容器之间不能互通
Container
Container模式是将创建好的新容器和已经存在的容器共享同一个网络(IP/Port),而不是跟Bridge模式一样,新容器也不会创建一个属于自己的网卡和配置IP地址等等。当然,除了网络环境容器的其他资源还是默认进行隔离的。
None
None模式Docker不会为容器进行任何网络的设置,当创建好这个容器它不会拥有IP地址、DNS、路由等等,需要我们手动对容器进行设置,这种网络类型的容器是没有办法进行联网的。
1 | 创建容器并设置网络为None |
Host
Host模式是指容器可以直接使用宿主机的IP地址进行通信,容器内的端口可以直接使用宿主机的端口不需要进行NAT。
1 | 创建容器并设置网络为Host |
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 尤妤!
