Docker: 安裝配置入門[二]
一、安裝配置啟動
1、環境
[[email protected] ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [[email protected] ~]# uname -r 3.10.0-693.el7.x86_64
2、安裝
[[email protected] ~]# yum install docker-ce -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Package docker-ce-18.09.0-3.el7.x86_64 already installed and latest version Nothing to do
Docker官網:http://www.docker.com/
最新版本我們可以去官方網站進行下載。
溫馨提示:使用docker最好使用最新版,因為功能比較完善。
3、啟動
systemctl start docker systemctl enable docker
啟動之後我們可以檢視一下docker的狀態
[[email protected] ~]# systemctl status docker 鈼 Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2019-01-11 14:14:32 CST; 1h 6min ago Docs: https://docs.docker.com Main PID: 1196 (dockerd) Memory: 109.7M CGroup: /system.slice/docker.service 鈹斺攢1196 /usr/bin/dockerd -H unix:// Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.737607357+08:00" level=info msg="Graph migration to content-addressability too... seconds" Jan 11 14:14:30 docker1 dockerd[1196]: time="2019-01-11T14:14:30.740213811+08:00" level=info msg="Loading containers: start." Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.604424870+08:00" level=info msg="Removing stale sandbox 45a31195e91c9b9def3015...f0bf03d)" Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.637184862+08:00" level=warning msg="Error (Unable to complete atomic operation...ying...." Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.668045503+08:00" level=info msg="Default bridge (docker0) is assigned with an ... address" Jan 11 14:14:31 docker1 dockerd[1196]: time="2019-01-11T14:14:31.699620942+08:00" level=info msg="Loading containers: done." Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009152757+08:00" level=info msg="Docker daemon" commit=4d60db4 graphdriver(s)=...n=18.09.0 Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.009395153+08:00" level=info msg="Daemon has completed initialization" Jan 11 14:14:32 docker1 dockerd[1196]: time="2019-01-11T14:14:32.082565522+08:00" level=info msg="API listen on /var/run/docker.sock" Jan 11 14:14:32 docker1 systemd[1]: Started Docker Application Container Engine. Hint: Some lines were ellipsized, use -l to show in full.
我們可以使用ifconfig檢視網絡卡
[[email protected] ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ab:d6:62:a6 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.228.133 netmask 255.255.255.0 broadcast 192.168.228.255 inet6 fe80::20c:29ff:fe81:a780 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:81:a7:80 txqueuelen 1000 (Ethernet) RX packets 996 bytes 134380 (131.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 540 bytes 60915 (59.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
提示: 我們啟動docker的時候,docker會幫我們建立一個docker 0的網橋
二、Docker映象的常用命令
1、檢視當前映象
docker images
[[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 7042885a156a 13 days ago 109MB centos latest 1e1148e4cc2c 5 weeks ago 202MB
2、搜尋映象
docker search [映象名字]
執行docker search centos 會從dockerhub上搜索映象
[[email protected] ~]# docker search centos NAME DESCRIPTION STARS OFFICIAL AUTOMATED centos The official build of CentOS. 5107 [OK] ansible/centos7-ansible Ansible on Centos7 119 [OK] jdeathe/centos-ssh CentOS-6 6.10 x86_64 / CentOS-7 7.5.1804 x86鈥 consol/centos-xfce-vnc Centos container with "headless" VNC session鈥 imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 48 [OK] centos/mysql-57-centos7 MySQL 5.7 SQL database server 45 tutum/centos Simple CentOS docker image with SSH access 43 openshift/base-centos7 A Centos7 derived base image for Source-To-I鈥 gluster/gluster-centos Official GlusterFS Image [ CentOS-7 + Glust鈥 centos/postgresql-96-centos7 PostgreSQL is an advanced Object-Relational 鈥 centos/python-35-centos7 Platform for building and running Python 3.5鈥 kinogmt/centos-ssh CentOS with SSH 25 [OK] openshift/jenkins-2-centos7 A Centos7 based Jenkins v2.x image for use w鈥 centos/php-56-centos7 Platform for building and running PHP 5.6 ap鈥 pivotaldata/centos-gpdb-dev CentOS image for GPDB development. Tag names鈥 openshift/wildfly-101-centos7 A Centos7 based WildFly v10.1 image for use 鈥 openshift/jenkins-1-centos7 DEPRECATED: A Centos7 based Jenkins v1.x ima鈥 darksheer/centos Base Centos Image -- Updated hourly 3 [OK] pivotaldata/centos Base centos, freshened up a little with a Do鈥 pivotaldata/centos-mingw Using the mingw toolchain to cross-compile t鈥 pivotaldata/centos-gcc-toolchain CentOS with a toolchain, but unaffiliated wi鈥 blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK] pivotaldata/centos7-build CentosOS 7 image for GPDB compilation 0 pivotaldata/centos7-test CentosOS 7 image for GPDB testing 0 smartentry/centos centos with smartentry 0
3、下載映象
我們可以使用docker pull centos docker pull nginx來安裝centos和nginx的映象
4、配置映象加速
[[email protected] ~]# time docker run nginx ^L ^C real 2m6.295s user 0m0.048s sys 0m0.032s #配置docker映象加速 vi /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"] } systemctl restart docker [[email protected] ~]# systemctl restart docker [[email protected] ~]# time docker run nginx ^C real 0m4.154s user 0m0.031s sys 0m0.018s
5、匯出映象
docker save -o [映象名稱] [映象]
[[email protected] ~]# docker save -o centos.tar centos [[email protected] ~]# ls anaconda-ks.cfg centos.tar
需要將docker匯出為tar,後面為映象名稱
6、匯入映象
[[email protected] ~]#docker load --input centos.tar #使用input匯入 [[email protected] ~]# docker load < nginx.tar #使用重定向匯入
7、刪除映象
docker刪除可以使用docker rmi 後面加上docker的ID
例如:
[[email protected] ~]# docker image rm centos:latest
提示:如果映象已經建立了一個容器,那麼將無法進行刪除(報錯如下)
[[email protected] ~]# docker image rm centos:latest Error response from daemon: conflict: unable to remove repository reference "centos:latest" (must force) - container ea05becda4ec is using its referenced image 1e1148e4cc2c
刪除容器:
[[email protected] ~]# docker rm luoahong 或者使用 [[email protected] ~]# docker rm -f luoahong
第二種會提示容器在將它關閉
docker另一種刪除方式
[[email protected] ~]# docker image rm 1e1148e4cc2c Error response from daemon: conflict: unable to delete 1e1148e4cc2c (must be forced) - image is being used by stopped container ea05becda4ec
啟動一個容器 echo 完就刪除
[[email protected] ~]# docker run --rm centos /bin/echo "www.luoahong.com" www.luoahong.com [[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ea05becda4ec centos "/bin/bash" 29 hours ago Exited (255) About an hour ago luoahong
啟動容器
docker run [映象]
[[email protected] ~]# docker run centos centos是映象的名稱,映象的名稱必須在選項的後面
啟動映象,輸入Hello,並關閉
[[email protected] ~]# docker run centos /bin/echo 'Hello Wordl 本命令的意思是啟動一個docker程序,並echo 執行後面的命令可以有可以沒有(hello),如果我們的映象啟動就會執行一個程序就不需要我們輸入
檢視啟動映象
docker ps -a
ps是顯示正在執行的容器 -a是顯示不執行的
[[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5e6f81f1aaba centos "/bin/bash" About a minute ago Exited (0) About a minute ago nervous_heisenberg ea05becda4ec centos "/bin/bash" 29 hours ago Exited (255) About an hour ago luoahong c6982dc1d74d nginx "nginx -g 'daemon of鈥 2b018750e9ce nginx "nginx -g 'daemon of鈥 faa2ac96101a nginx "nginx -g 'daemon of鈥
我們可以看到,現在容器並沒有啟動。因為docker啟動需要在前臺啟動一個程序。容器的名稱可以我們指定或自動生成
提示: 管理docker容器可以通過名稱也可以通過ID
三、Docker管理案例
例如:我要新建一個luoahong
的容器,它的映象是centos.
他有三個引數,第一個是給容器起一個名稱,-t 分配一個偽終端(tty)-i標準輸入開啟,我要在裡面輸入命令
[[email protected] ~]# docker run --name luoahong -t -i centos /bin/bash --name 容器的名稱 -t 讓docker分配一個偽終端 -i 讓docker的標準輸入開啟{input}
提示:最後的/bin/bash
可以省略,但是最後一個如果不是命令,那就是映象的名稱
輸入上方的命令之後會直接進入到容器裡面
[[email protected] /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 11752 1920 ? Ss 19:38 0:00 /bin/bash root 18 0.0 0.0 47424 1660 ? R+ 21:32 0:00 ps aux [[email protected] /]#
溫馨提示:容器不是一個虛擬機器,因為他就是一個程序,如果我們退出,這個程序就退出了。
如果我們執行建立容器的時候,裡面沒有我們指定的映象,那麼他會從dockerhub
上進行下載然後在啟動
容器啟動
我們通過docker ps -a
可以檢視到沒有啟動的容器
使用docker start [名稱或PORTS]
[[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f8c8c8156e26 centos "/bin/bash" 2 hours ago Exited (0) 34 minutes ago luoahong bcededa4b82c centos "/bin/echo hello" 2 hours ago Exited (0) 2 hours ago awesome_dijkstra [[email protected]r1 ~]# docker start luoahong luoahong [[email protected] ~]# docker start bcededa4b82c bcededa4b82c
進入容器
[[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f8c8c8156e26 centos "/bin/bash" 2 hours ago Up 24 minutes luoahong bcededa4b82c centos "/bin/echo hello" 3 hours ago Exited (0) 23 minutes ago awesome_dijkstra [[email protected] ~]# docker attach luoahong [[email protected] /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 11776 1872 ? Ss 22:09 0:00 /bin/bash root 14 0.0 0.0 47424 1660 ? R+ 22:33 0:00 ps aux
這樣進入容器的缺點就是如果在開一個視窗就會同步操作,類似於單使用者模式(windows遠端桌面)
提示:生產場景是不使用docker attach
的,需要我們使用nsenter
這個工具,這個工具包含在util-linux
軟體包裡面
[[email protected] ~]# yum install util-linux -y Centos7預設最小化已經安裝
我們通過nsenter
就可以進入容器
,但是nsenter是通過pid
進入容器裡,所以我們需要知道容器的pid。我們可以通過docker inspect
來獲取到pid
[[email protected] ~]# docker start luoahong luoahong [[email protected] ~]# docker inspect -f "{{ .State.Pid }}" luoahong 37434 [[email protected] ~]# nsenter -t 37434 -m -u -i -n -p
docker inspect -f {{.State.Pid}}
容器名或者容器id
#每一個容器都有.State.Pid,所以這個命令除了容器的id需要我們根據docker ps
-a
去查詢,其他的全部為固定的格式 nsenter --target
上面查到的程序id --mount --uts --ipc --net --pid
#輸入該命令便進入到容器中
解釋nsenter指令中程序id之後的引數的含義:
* –mount引數是進去到mount namespace中 * –uts引數是進入到uts namespace中 * –ipc引數是進入到System V IPC namaspace中 * –net引數是進入到network namespace中 * –pid引數是進入到pid namespace中 * –user引數是進入到user namespace中
更多引數我們可以通過nsenter --help
進行獲取
我們進入容器中檢視程序
以下是以nsenter啟動的程序
[[email protected] /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1664 ? Ss+ Oct18 0:00 /bin/bash root 27 0.0 0.1 13376 1984 ? S Oct18 0:00 -bash root 40 0.0 0.0 49024 1808 ? R+ 00:11 0:00 ps aux
/bin/bash
是我們執行容器產生的程序 -bash
是我們使用nsenter產生的,這樣如果我們退出容器,容器就不會退出,因為-bash
還在執行
[[email protected] /]# exit logout [[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f8c8c8156e26 centos "/bin/bash" 4 hours ago Up 48 minutes luoahong
因為每次進入容器都需要輸入那兩條命令,所以我們可以寫一個指令碼來獲取。
指令碼內容如下:
[[email protected] ~]# cat docker_in.sh #!/bin/bash # Use nsenter to access docker docker_in(){ NAME_ID=$1 PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID) nsenter -t $PID -m -u -i -n -p } docker_in $1
執行結果如下:
[[email protected] ~]# chmod +x docker_in.sh [[email protected] ~]# ./docker_in.sh luoahong [[email protected] /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 Oct18 ? 00:00:00 /bin/bash root 54 0 0 00:23 ? 00:00:00 -bash root 67 54 0 00:23 ? 00:00:00 ps -ef [[email protected] /]#
我們也可以不進入容器進行檢視
[[email protected] ~]# docker exec luoahong ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 Oct18 ? 00:00:00 /bin/bash root 85 0 0 00:28 ? 00:00:00 ps -ef [[email protected] ~]# docker exec luoahong ls / anaconda-post.log bin dev
提示:可以使用exec
引數,不進入容器檢視內容
我們還可以使用exec進入docker容器中
[[email protected] ~]# docker exec -it luoahong /bin/bash
但是最好還是少使用exec
,有可能會對容器造成一些意外的影響