Docker
一、前言理论概述
1.1 背景
- 以linux而言,linux操作系统会有一个主进程pid=1 派生出其他进程来控制不同服务(例如:python→pid=2,java→pid=3,php→pid=4。三个服务可能会互相影响,而使用者期望将这三个不同的服务跑在不同的运行时环境中实现相互不影响,同时不会增加服务器成本)
- 由此延伸出KVM虚拟化技术将三个不同的服务分别封装起来,实现了一个操作系统模拟多个操作系统/把不同的运行时环境
- 但是随着技术的发展,虚拟化技术开销会显得较大(例如:当只需要运行一个python脚本时,想要使用虚拟化方式实现,还需要安装一个操作系统,这将显得并不方便也并不合理)
- 所以延伸出了容器技术把虚拟化层的抽象层(用户层)剥离,使用docker engine来替代(来宾操作系统去除),只要通过引擎就可以直接连接到宿主机操作系统中,极大减小了开销
1.2 Docker是什么
- Docker 是一个用于开发,交付和运行应用程序的开发平台。能够将应用程序与基础架构分开,从而可以快速交付软件
- Docker 是一个开源的应用容器引擎,让开发者可以通过打包方式封装应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的Linux或者Windows机器上,也可以实现虚拟化
- 容器是完全使用沙箱机制(隔离机制),相互之间不会有任何接口
- 沙箱(Sandbox):在计算机完全领域,沙箱是一种程序的隔离运行机制
- Docker 从一开始就以提供标准化的运行时环境为目标,真正做到了“build once,run anywhere”,可以将同一个构建版本用于开发、测试、预发布、生产等任何环境,并且做到了与底层操作系统的解耦(不吃操作系统)。在此基础上还进一步发展出了CaaS(容器即服务)技术
- Docker 其实就是基于容器技术的轻量级虚拟化解决方案
- Docker 是容器引擎,把linux的cgroup(资源管理技术)、namespaces等容器底层技术进行完美的封装、并抽象为用户提供创建和管理容器的便捷界面(命令行Cli、api等)
1.4 Docker的优势及意义
- 优势
- Docker 把容器化技术做成了标准化平台(docker 统一、指定了容器化技术的标准化平台)
- Docker 实现了一次构建,多次、多处使用
- 意义
- Docker 统一了基础设施环境——docker 环境
- Docker 统一了程序打包(装箱)方式——docker 镜像
- Docker 统一了程序部署(运行)方式——docker 容器
1.5 隔离是如何实现的
- Docker使用一种称为namespaces提供容器的隔离工作区的技术。运行容器时,Docker会为该容器创建一组名称空间,这些名称空间提供了一层隔离。容器的每个方面都在单独的名称空间中运行,并且其访问仅限于该名称空间
- 在操作系统中,是通过namespaces(名称空间、命名空间)实现的,但是只有实现下面6个空间隔离,才能认为两个应用实现了完全/完整隔离
| 名称空间 | 说明 |
|---|---|
| mount | 文件系统,挂载点 |
| user | 操作进程的用户和用户组 |
| pid | 进程编号 |
| uts | 主机名和主机域 |
| ipc | 信号量、消息队列,共享内存(不同的应用调用的时候应该使用不同的内存空间) |
| net | 网络设备、网络协议栈、端口等 |
二、Docker 的使用场景
- 1.打包应用程序简单部署(前端打成war包或者jar包丢给私有仓库(代码仓库),再通过jenkins工具进行应用程序封装或者构建镜像,最后给运维使用容器技术进行下载并运行(发布))
- 2.可脱离底层硬件任意迁移(实现了应用的隔离,将应用拆分并进行解耦)
- 3.持续集成和持续交付
- 4.部署微服务
- 5.提供PaaS产品(平台即服务)
- Openstack的云主机类似于阿里云的ECS,属于IaaS
- Docker(K8S)属于PaaS
三、Docker 引擎(Docker Engine)
- Docker Engine是主要具有C/S(客户端/服务端)的应用程序
- Server端:服务器是一种长期运行的程序,称为守护程序进程(dockerd命令)
- Client端 :REST API(指定程序可以用来与守护程序进行通信并指示其操作的借口),并提供命令行界面(CLI)和客户端(docker命令)
四、Docker 架构(Docker architecture)
- Docker 使用C/S(客户端/服务端)架构
- Docker客户端与Docker守护进程进行对话,该守护进程完成了构建、运行和分发Docker容器的繁重工作
- Docker Client(客户端):是提供一个与用户交互、展示的平台+管理、控制docker服务端(功能)的工具
- Docker客户端是许多Docker用户与Docker交互的主要方式。当使用诸如docker run之类的命令时,客户端会将这些命令发送到dockerd,以执行这些命令。该docker命令使用Docker API。docker客户端可以与多个守护程序通信
- Docker守护程序(dockerd)侦听Docker API请求并管理Docker对象(例如:图像、容器、网络和卷)。守护程序还可以与其他守护程序通信以管理Docker服务
五、Docker核心概念
- 镜像
- 一组资源集合,包含了应用程序软件包、应用程序相关的依赖包、运行应用程序所需要的基础环境(泛指操作系统环境)
- 容器
- 基于镜像的一种运行时状态
- 仓库
- 存放image镜像
- 仓库两大类:1.公共仓库(docker hub)2.私有仓库(registry&harbor)
六、容器和虚拟机区别
| 不同点 | Container(容器) | VM(虚拟机) |
|---|---|---|
| 启动速度 | 秒级 | 分钟级 |
| 运行性能 | 接近原生 直接在内核中运行 | 50%左右损失 |
| 磁盘占用 | MB | GB |
| 数量 | 成百上千台 | 一般几十台 |
| 隔离性 | 进程级别 | 系统级别 更彻底 |
| 操作系统 | 主要支持linux | 几乎所有 |
| 封装程度 | 只打包项目代码和依赖关系,共享主机内核 | 完整的操作系统,与宿主机隔离 |
七、控制组(Control groups)
- Linuxx上的Docker 引擎还依赖于另一种称为控制组(cgroups)的技术。cgroup将应用程序限制为一组特定的资源。控制组允许Docker Engine将可用的硬件资源共享给容器,并有选择地实施限制和约束(例如:限制特定容器可用的内存)
八、安装部署
8.1 关闭防火墙安装依赖包以及设置阿里云镜像源
[root@localhost ~]# hostnamectl set-hostname docker
[root@localhost ~]# su
[root@docker ~]# systemctl stop firewalld.service
[root@docker ~]# systemctl disable firewalld.service
[root@docker ~]# setenforce 0
[root@docker ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@docker ~]# cd /etc/yum.repos.d/
[root@docker yum.repos.d]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
8.2 安装docker-ce 社区版并设置镜像加速
[root@docker ~]# uname -r 【因为最后一个命名空间发布于3.8版本,所以要求内核版本在3.8以上】
3.10.0-693.el7.x86_64
[root@docker yum.repos.d]# yum install -y docker-ce
[root@docker ~]# systemctl start docker
[root@docker ~]# systemctl enable docker
[root@docker ~]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://73qpe1qe.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://73qpe1qe.mirror.aliyuncs.com"]
}
8.3 简单网络优化
[root@docker ~]# vim /etc/sysctl.conf
1 # sysctl settings are defined through files in
2 # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
3 #
4 # Vendors settings live in /usr/lib/sysctl.d/.
5 # To override a whole file, create a new file with the same in
6 # /etc/sysctl.d/ and put new settings there. To override
7 # only specific settings, add a file with a lexically later
8 # name in /etc/sysctl.d/ and put new settings there.
9 #
10 # For more information, see sysctl.conf(5) and sysctl.d(5).
11 net.ipv4.ip_forward=1 【开启转发功能】
[root@docker ~]# sysctl -p 【加载内核】
net.ipv4.ip_forward = 1
[root@docker ~]# systemctl restart network
[root@docker ~]# systemctl restart docker
[root@docker ~]# cat /etc/docker/daemon.json 【该文件为刚才添加镜像加速时创建,也是对server端的控制】
{
"registry-mirrors": ["https://73qpe1qe.mirror.aliyuncs.com"]
}
【以下是建议的配置项】
{
"graph": "/data/docker", 【数据目录】
"storage-driver": "overlay2", 【存储引擎】
"insecure-registries": ["registry.access.redhat.com","quary.io"] 【私有仓库】
"registry-mirrors": ["https://73qpe1qe.mirror.aliyuncs.com"] 【镜像加速】
"bip": "172.7.5.1/24", 【docker网络】
【建议和宿主机的IP“对照”比如宿主机10.2.5.6容器的地址就可以修改为172.5.6.1这样方便在故障发生时,更容易定位故障节点位置】
"exec-opts": ["native.cgroupdriver=systemd"], 【启动时候的额外参数(驱动)】
"live-restore": true
【当docker容器引擎挂掉的时候,做一个分离让使用docker跑起来的容器还能运行(默认关闭)】
}
8.4 docker 镜像操作
[root@docker ~]# docker run hello-world 【下载并运行镜像,hello-world后面不加版本信息默认下载最新版本】
Unable to find image 'hello-world:latest' locally 【在本地找不到最新版本的hello-world镜像】
latest: Pulling from library/hello-world 【最新版本从library项目下载hello-world镜像】
b8dfde127a29: Pull complete 【镜像名称b8dfde127a29下载完成】
Digest: sha256:5122f6204b6a3596e048758cabba3c46b1c937a46b5be6225b835d091b90e46c 【细节、摘要】
Status: Downloaded newer image for hello-world:latest 【状态:下载了最新的镜像】
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
【docker client客户端连接到了服务端(服务端是以一个守护进程的形式跑在操作系统里面的),这也是典型的C/S架构】
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
【由docker 服务端的守护进程从docker hub 上下载了镜像】
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
【服务端创建了一个新的容器,然后从拉去的这个镜像启动了一个容器,容器执行了脚本/可执行程序让我们可以查看/使用】
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
【docker 服务端把这些信息流(传递)返回到客户端并展示出来,(展示在终端上)】
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@docker ~]# docker images 【查看镜像】
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 3 months ago 13.3kB
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5bdc6666f3da hello-world "/hello" 12 minutes ago Exited (0) 12 minutes ago compassionate_vaughan
【Exited (0):因为刚才执行的脚本是一次性的任务,并不是持续运行的任务。所以执行完脚本后直接退出,状态为0。如果为非0值则为异常退出】
【查询docker 版本的方式1】
[root@docker ~]# docker version
Client: Docker Engine - Community
Version: 20.10.7
API version: 1.41
Go version: go1.13.15
Git commit: f0df350
Built: Wed Jun 2 11:58:10 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:56:35 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.6
GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc:
Version: 1.0.0-rc95
GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
docker-init:
Version: 0.19.0
GitCommit: de40ad0
【查询docker 版本的方式2】
[root@docker ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins: 【插件】
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive 【图形结构】
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
init version: de40ad0 【版本】
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-693.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.938GiB
Name: docker
ID: 5I5W:SVVR:KWOF:6F6Y:ETNM:K66Y:TVLI:TA3J:UVOM:56XS:MHBT:EYBM
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://73qpe1qe.mirror.aliyuncs.com
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
【搜索镜像】
[root@docker ~]# docker search lnmp
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
2233466866/lnmp https://hub.docker.com/r/2233466866/lnmp 106
winstonpro/lnmp based on ubuntu 14.04 27
twang2218/lnmp-nginx 这是 LNMP 示例中的 nginx 镜像 23 [OK]
fbraz3/lnmp An easy-to-use LNMP/LEMP image, with Ubuntu … 19
duckll/lnmp webservice 16 [OK]
dzer/lnmp lnmp环境 12
thinksvip/lnmp LNMP docker production environment 8 [OK]
maxwhale/lnmp-docker LNMP Docker 4 [OK]
twang2218/lnmp-php 这是 LNMP Docker 容器互联示例的 php 镜像 3 [OK]
idiswy/lnmp Ubuntu 16.04 + nginx 1.8.x + php7 + MySQL 5.… 3
evagle/lnmp ubuntu14.04 + nginx + mysql + php + redis 3
inteye/lnmp LNMP1.2 (Linux, Nginx, Mysql, PHP). For deta… 1
c21xdx/lnmp13_cen6 php5.4 1 [OK]
yahuiwong/lnmp linux nginx mysql php 1 [OK]
turtlell/lnmp first lnmp demo 1
zhaojianhui/lnmp LNMP环境 1
lyx554073858/lnmp docker hub link git hub 1 [OK]
canj/lnmp lnmp环境(centos7+nginx+mariadb+php) 1
pby231/lnmp lnmp集成环境 0
huangguoji/lnmp lnmp.org的包 0
dahaitech/lnmp-douyou douyou test lnmp 0 [OK]
twang2218/lnmp-mysql This is the MySQL image of the LNMP docker c… 0 [OK]
zshtom/lnmp lnmp in centos 7 0
wildcloud/lnmpbase a basic lnmp for php app 0
pby231/lnmp1 0
【指定版本搜索镜像】
[root@docker ~]# docker search centos:7
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
benwang6/tedu-jdk oracle jdk 8u281 centos:7 JAVA_HOME=/usr/jdk… 4
vikingco/python Python Stack Docker Base Image: Based on cen… 1
mjstealey/mariadb-galera MariaDB Galera cluster in Docker - based fro… 1 [OK]
legerete/nginx-php71 LA[->]P - Centos:7 + Nginx + PHP 7.1 1 [OK]
sndnvaps/docker-golang build latest golang in centos:7 1 [OK]
peltikalle/basepython Base image with Centos:7 and Python 3.5.2 1 [OK]
bbania/centos Build image based on centos:7 0
alvintz/centos centos:7.2.1511 0 [OK]
grossws/nginx nginx (mainline) on grossws/centos:7 0 [OK]
europeanspallationsource/oracle-jdk-maven-jenkins ICS oracle-jdk + maven + jenkins users image… 0
sjoeboo/rbenv Simple base container from CentOS:7 w/ rbenv… 0 [OK]
pbieberstein/acic-findr CentOS:7 with dependencies to run 'Findr' (h… 0 [OK]
acktsw/java oracle jdk 8u171 , centos:7, timeZone:+8, e… 0 [OK]
geomatikk/centos FROM centos:7 with maven 3.6.1 and openjdk-1… 0
macedigital/nodejs Latest NodeJS for CentOS:7 0 [OK]
badwolf/centos from official centos:7 add gcc,gcc++,make,vi 0 [OK]
waffleimage/centos7 Centos:7 with systemd and ssh running 0
acktsw/centos centos:7 0 [OK]
cristo/netacuity Docker image on Centos:7 to run NetAcuity 0 [OK]
europeanspallationsource/oracle-jdk-maven ICS oracle-jdk + maven image based on centos… 0
mesosphere/freeipa-server A freeIPA v4.3 container based on centos:7. … 0
21plus2/server-jre Dockerimage base on centos:7 with server-jre 0 [OK]
weihoop/mysql 基于weihoop/centos:7.4.1708制作 0
europeanspallationsource/oracle-jdk ICS oracle-jdk image based on centos:7 0
qiyue/mycat centos:7 + jdk:1.8 + mycat
[root@docker ~]# docker pull nginx 【下载镜像。与run的区别为只下载不运行】
Using default tag: latest
latest: Pulling from library/nginx
69692152171a: Pull complete
30afc0b18f67: Pull complete
596b1d696923: Pull complete
febe5bd23e98: Pull complete
8283eee92e2f: Pull complete
351ad75a6cfa: Pull complete
Digest: sha256:6d75c99af15565a301e48297fa2d121e15d80ad526f8369c526324f0f7ccb750
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
【docker.io:docker的官方路径】
[root@docker ~]# docker images 【查看当前docker下的下载镜像信息】
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest d1a364dc548d 12 days ago 133MB
hello-world latest d1165f221234 3 months ago 13.3kB
[root@docker ~]# docker inspect d1a364dc548d 【获取镜像信息】
[
{
"Id": "sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdee",
"RepoTags": [ 【源标签】
"nginx:latest" 【最新版nginx】
],
"RepoDigests": [
"nginx@sha256:6d75c99af15565a301e48297fa2d121e15d80ad526f8369c526324f0f7ccb750"
],
"Parent": "",
"Comment": "",
"Created": "2021-05-25T15:43:43.382480482Z", 【创建时间】
"Container": "7b06b818c018bb8563a3d786d6b16971c6f470c3d4c5288d908a3851b8261086", 【容器ID】
"ContainerConfig": {
"Hostname": "7b06b818c018",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [ 【环境变量】
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.0",
"NJS_VERSION=0.5.3",
"PKG_RELEASE=1~buster"
],
"Cmd": [ 【执行命令】
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"nginx\" \"-g\" \"daemon off;\"]"
],
"Image": "sha256:697718de459ceac2204a10028cb4008e64513e26697c154309ae93d2f64baa57",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"DockerVersion": "19.03.12",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.0",
"NJS_VERSION=0.5.3",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "sha256:697718de459ceac2204a10028cb4008e64513e26697c154309ae93d2f64baa57",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"Architecture": "amd64",
"Os": "linux",
"Size": 133117876,
"VirtualSize": 133117876,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/677c565d0285e8c2e9037687252c29a0ff975fd3747ab07442f8ee9c35593b98/diff:/var/lib/docker/overlay2/38fcb408e73565712581ce2e68aefb41c1a5793314a09df3a6b09a2298dac347/diff:/var/lib/docker/overlay2/4ef67ead92f89673960a86f2fed73a44a1fe50f50ea195a41355db4a0960b025/diff:/var/lib/docker/overlay2/585f924096400182c0b75c060b092a7ce34381d34b1bdb3889f9bc4065610c03/diff:/var/lib/docker/overlay2/9f124891bd5cfeb1a1e77c2dc32d923d66a59ef6a1d4eafd08da944fb0d718dd/diff",
"MergedDir": "/var/lib/docker/overlay2/dfb7dd6b06e7d56ea1d5a7df831f49a5b45b2c221ae65036aad8916ecce3ae1a/merged",
"UpperDir": "/var/lib/docker/overlay2/dfb7dd6b06e7d56ea1d5a7df831f49a5b45b2c221ae65036aad8916ecce3ae1a/diff",
"WorkDir": "/var/lib/docker/overlay2/dfb7dd6b06e7d56ea1d5a7df831f49a5b45b2c221ae65036aad8916ecce3ae1a/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:02c055ef67f5904019f43a41ea5f099996d8e7633749b6e606c400526b2c4b33",
"sha256:766fe2c3fc083fdb0e132c138118bc931e3cd1bf4a8bdf0e049afbf64bae5ee6",
"sha256:83634f76e73296b28a0e90c640494970bdfc437749598e0e91e77eea9bdb6a4e",
"sha256:134e19b2fac580eff84faabfd5067977b79e36c5981d51fd63e8ac752dbdf9ec",
"sha256:5c865c78bc96874203b5aa48f1a089d1eabcbe1607edaa16aaa6dee27c985395",
"sha256:075508cf8f04705d8dc648cfb9f044f5dff57c31ccf34bde32cd2874f402dfad"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
[root@docker ~]# docker tag nginx:latest nginx:one 【添加镜像标签】
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest d1a364dc548d 12 days ago 133MB
nginx one d1a364dc548d 12 days ago 133MB
hello-world latest d1165f221234 3 months ago 13.3kB
[root@docker ~]# docker rmi nginx:one 【根据镜像标签删除镜像,i代表image】
Untagged: nginx:one
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest d1a364dc548d 12 days ago 133MB
hello-world latest d1165f221234 3 months ago 13.3kB
[root@docker ~]# docker rmi hello-world 【根据镜像名称进行镜像删除】
Error response from daemon: conflict: unable to remove repository reference "hello-world" (must force) - container 5bdc6666f3da is using its referenced image d1165f221234
【报错是因为该镜像的容器正在运行】
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5bdc6666f3da hello-world "/hello" 56 minutes ago Exited (0) 56 minutes ago compassionate_vaughan
[root@docker ~]# docker rm 5bdc6666f3da 【所以这里先删除容器】
5bdc6666f3da
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker ~]# docker rmi hello-world 【再基于镜像名称删除镜像】
Untagged: hello-world:latest
Untagged: hello-world@sha256:5122f6204b6a3596e048758cabba3c46b1c937a46b5be6225b835d091b90e46c
Deleted: sha256:d1165f2212346b2bab48cb01c1e39ee8ad1be46b87873d9ca7a4e434980a7726
Deleted: sha256:f22b99068db93900abe17f7f5e09ec775c2826ecfe9db961fea68293744144bd
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest d1a364dc548d 12 days ago 133MB
【镜像导出】
[root@docker ~]# mkdir docker-save
[root@docker ~]# cd docker-save/
[root@docker docker-save]# ls
[root@docker docker-save]# docker save -o nginx:one nginx:latest
[root@docker docker-save]# ls
nginx:one
【有的企业不直接使用docker私有仓库,而是存放在一个ftp服务器中,按需上传下载,所以我们需要进行镜像导入】
[root@docker docker-save]# docker rmi nginx:latest 【删除nginx镜像】
Untagged: nginx:latest
Untagged: nginx@sha256:6d75c99af15565a301e48297fa2d121e15d80ad526f8369c526324f0f7ccb750
Deleted: sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdee
Deleted: sha256:fcc8faba78fe8a1f75025781c8fa1841079b75b54fce8408d039f73a48b7a81b
Deleted: sha256:a476b265974ace4c857e3d88b358e848f126297a8249840c72d5f5ea1954a4bf
Deleted: sha256:56722ee1ee7e73a5c6f96ea2959fa442fb4db9f044399bcd939bb0a6eb7919dc
Deleted: sha256:c657df997c75f6c1a9c5cc683e8e34c6f29e5b4c1dee60b632d3477fd5fdd644
Deleted: sha256:e9e1f772d2a8dbbeb6a4a4dcb4f0d07ff1c432bf94fac7a2db2216837bf9ec5b
Deleted: sha256:02c055ef67f5904019f43a41ea5f099996d8e7633749b6e606c400526b2c4b33
[root@docker docker-save]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker docker-save]# cd -
/root
[root@docker ~]# docker load < docker-save/nginx\:one 【从docker-save文件导入nginx\:one镜像】
02c055ef67f5: Loading layer [==================================================>] 72.53MB/72.53MB
766fe2c3fc08: Loading layer [==================================================>] 64.8MB/64.8MB
83634f76e732: Loading layer [==================================================>] 3.072kB/3.072kB
134e19b2fac5: Loading layer [==================================================>] 4.096kB/4.096kB
5c865c78bc96: Loading layer [==================================================>] 3.584kB/3.584kB
075508cf8f04: Loading layer [==================================================>] 7.168kB/7.168kB
Loaded image: nginx:latest
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest d1a364dc548d 12 days ago 133MB
8.5 docker 容器操作
[root@docker ~]# docker create -it nginx:latest /bin/bash 【创建容器】
4d004a52c98b4bb0eab532465363fd881a69820a1bebfa9f7036d87f4396f701
【-i:让容器的标准输入保持打开】
【-t:分配一个伪终端】
【-d:后台守护进程的方式运行】
[root@docker ~]# docker ps -a 【查询容器】
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d004a52c98b nginx:latest "/docker-entrypoint.…" 2 seconds ago Created intelligent_sammet
[root@docker ~]# docker start 4d004a52c98b 【启动容器】
4d004a52c98b
[root@docker ~]# docker stop 4d004a52c98b 【停止容器】
4d004a52c98b
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d004a52c98b nginx:latest "/docker-entrypoint.…" About a minute ago Exited (137) 2 seconds ago intelligent_sammet
【正常运行的容器手动退出时,返回的STATUS:状态值为137】
【启动容器(一次性执行)】
[root@docker ~]# docker run centos:7 /usr/bin/bash -c ls /
【运行centos:7镜像在/usr/bin/bash环境中-c(执行命令)ls /】
Unable to find image 'centos:7' locally
7: Pulling from library/centos
2d473b07cdd5: Pull complete
Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
Status: Downloaded newer image for centos:7
anaconda-post.log
bin
dev
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
[root@docker /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc53aa048d38 centos:7 "/usr/bin/bash -c ls…" 2 minutes ago Exited (0) 2 minutes ago jovial_antonelli
4d004a52c98b nginx:latest "/docker-entrypoint.…" 11 minutes ago Up 8 minutes 80/tcp intelligent_sammet
[root@docker ~]# cd /
[root@docker /]# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
【持续后台运行】
[root@docker /]# docker run -d centos:7 /bin/bash -c "while true;do echo hello;done"
[root@docker /]# watch -n 3 docker ps -a 【每三秒执行一次docker ps -a进行查看】
Every 3.0s: docker ps -a Mon Jun 7 23:13:42 2021
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
68b275921699 centos:7 "/bin/bash -c 'while…" 3 minutes ago Up 2 minutes goofy_cerf
bc53aa048d38 centos:7 "/usr/bin/bash -c ls…" 10 minutes ago Exited (0) 10 minutes ago jovial_antonelli
4d004a52c98b nginx:latest "/docker-entrypoint.…" 20 minutes ago Up 16 minutes 80/tcp intelligent_sammet
【进入容器方式1】
[root@docker /]# docker run -it nginx:latest /bin/bash 【运行并进入该容器】
root@d7509ca9af27:/# exit
[root@docker /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7509ca9af27 nginx:latest "/docker-entrypoint.…" 12 minutes ago Exited (127) 8 minutes ago amazing_cerf
bc53aa048d38 centos:7 "/usr/bin/bash -c ls…" 25 minutes ago Exited (0) 25 minutes ago jovial_antonelli
4d004a52c98b nginx:latest "/docker-entrypoint.…" 35 minutes ago Up 1 second 80/tcp intelligent_sammet
【进入容器方式2(容器必须为开启状态)】
[root@docker /]# docker exec -it d7509ca9af27 /bin/bash
Error response from daemon: Container d7509ca9af27e6d2fd04676d93ac94545ff9b6bea1e3f6eb6ce4674a13434b00 is not running
[root@docker /]# docker exec -it 4d004a52c98b /bin/bash
root@4d004a52c98b:/#
【容器导出】
[root@docker ~]# touch 1 【需先创建一个文件】
[root@docker ~]# docker export 4d004a52c98b > 1
[root@docker ~]# docker stop 4d004a52c98b
4d004a52c98b
[root@docker ~]# docker rm 4d004a52c98b
4d004a52c98b
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d7509ca9af27 nginx:latest "/docker-entrypoint.…" 22 minutes ago Exited (127) 19 minutes ago amazing_cerf
bc53aa048d38 centos:7 "/usr/bin/bash -c ls…" 36 minutes ago Exited (0) 36 minutes ago jovial_antonelli
【容器导入(生成镜像)】
[root@docker ~]# docker import 1 nginx:two 【docker import导出的文件名(容器)指定镜像名称】
[root@docker ~]# cat 1 | docker import - nginx:three 【这两种方式都可以】
sha256:7b26e5c12c8c6fce3008cb8a77aff6266e90253665140397a4db6c1e208d530d
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx two 7b26e5c12c8c 2 seconds ago 131MB
nginx three c9cd0412ee49 2 seconds ago 131MB
nginx latest 1ccda366555b About a minute ago 131MB
<none> <none> d1a364dc548d 13 days ago 133MB
centos 7 8652b9f0cb4c 6 months ago 204MB
[root@docker ~]# docker rm bc53aa048d38 【删除容器】
[root@docker ~]# docker rm -f bc53aa048d38 【强制删除容器】
bc53aa048d38
[root@docker ~]# docker ps -a | awk '{print "docker rm "$1}' | bash 【批量删除容器】
[root@docker ~]# for i in `docker ps -a | grep -i exit | awk '{print $1}'`; do docker rm -f $i;done
【批量删除“exit”状态的容器】
版权声明:本文为TaKe___Easy原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。