docker学习笔记

镜像操作

搜索镜像

docker search 镜像名称

[root@bogon ~]# docker search centos
INDEX       NAME                                         DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/centos                             The official build of CentOS.                   5571      [OK]       
docker.io   docker.io/ansible/centos7-ansible            Ansible on Centos7                              123                  [OK]
docker.io   docker.io/jdeathe/centos-ssh                 OpenSSH / Supervisor / EPEL/IUS/SCL Repos ...   112                  [OK]
docker.io   docker.io/consol/centos-xfce-vnc             Centos container with "headless" VNC sessi...   99                   [OK]
docker.io   docker.io/centos/mysql-57-centos7            MySQL 5.7 SQL database server                   63                   
docker.io   docker.io/imagine10255/centos6-lnmp-php56    centos6-lnmp-php56                              57                   [OK]
....

获取镜像

docker pull 镜像名称

# 示例
[root@bogon ~]# docker pull docker.io/centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ... 
latest: Pulling from docker.io/library/centos
d8d02d457314: Pull complete 
Digest: sha256:307835c385f656ec2e2fec602cf093224173c51119bbebd602c53c3653a3d6eb
Status: Downloaded newer image for docker.io/centos:latest

查看镜像信息

docker images

# 示例
[root@bogon ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
test                latest              adca3d04a9c3        9 minutes ago       202 MB
docker.io/centos    latest              67fa590cfc1c        4 weeks ago         202 MB

删除镜像

docker rmi 镜像名称

# 示例
[root@bogon ~]# docker rmi centos
Untagged: centos:latest
Untagged: docker.io/centos@sha256:307835c385f656ec2e2fec602cf093224173c51119bbebd602c53c3653a3d6eb

创建镜像

基于已有镜像的容器创建

docker commit …

1
2
3

-a, --author="" 作者信息
-m, --message="" 提交信息
-p, --pause==true 提交时暂停容器运行

# 示例
[root@bogon ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos    latest              67fa590cfc1c        4 weeks ago         202 MB

[root@bogon ~]# docker run -ti docker.io/centos /bin/bash
[root@507ae2970ce5 /]# touch test
[root@507ae2970ce5 /]# exit

[root@bogon ~]# docker commit -m "add a new file" -a "Duan.rj" 507ae2970ce5 test
sha256:adca3d04a9c3857e0debf1814ebf68c639bb013630910adcbcb2463b05044f12
# 成功后会返回新创建的镜像ID，如上图

# 查看新创建的镜像：
[root@bogon ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
test                latest              adca3d04a9c3        56 seconds ago      202 MB
docker.io/centos    latest              67fa590cfc1c        4 weeks ago         202 MB

容器操作

新建容器

docker create -it …

# 示例
[root@bogon ~]# docker create -it centos:latest
3f1b6af49bb02c329b1cd9ad9414797978963a3909477e0b2dfce125860d571c
[root@bogon ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
3f1b6af49bb0        centos:latest       "/bin/bash"         17 seconds ago      Created                                         flamboyant_easley

上述为新建一个容器，但是处于停止状态，可以使用docker start命令启动它。

# 示例
[root@bogon ~]# docker start 3f1b6af49bb0
3f1b6af49bb0
[root@bogon ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
3f1b6af49bb0        centos:latest       "/bin/bash"         3 minutes ago       Up 4 seconds                                    flamboyant_easley

新建并启动容器

启动容器有两种方式，一种是基于镜像新建一个容器并启动，另外一种是将在终止状态的容器重新启动。所需命令为docker run，等价于先执行docker create命令，再执行docker start命令。

# 示例
[root@bogon ~]# docker run centos /bin/echo "Hello world"
Hello world
[root@bogon ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES
c2ded0c4a577        centos              "/bin/echo 'Hello ..."   4 seconds ago       Exited (0) 3 seconds ago                        silly_hoover
3f1b6af49bb0        centos:latest       "/bin/bash"              9 minutes ago       Up 5 minutes                                    flamboyant_easley

启动一个bash终端，允许用户进行交互：

# 示例
[root@bogon ~]# docker run -t -i centos /bin/bash
[root@a61f9ada2179 /]# pwd
/
[root@a61f9ada2179 /]# ls
anaconda-post.log  bin  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@a61f9ada2179 /]# ps
  PID TTY          TIME CMD
    1 ?        00:00:00 bash
   15 ?        00:00:00 ps
[root@a61f9ada2179 /]# exit
exit

守护状态运行

通过“-d”参数实现

# 示例
[root@bogon ~]# docker run -d centos /bin/sh -c "while true;do echo hello world; sleep 1;done"
4ef71250e5e534176e7b3ff59f238b26b771612707a415786d0433ee3eea9859
[root@bogon ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
4ef71250e5e5        centos              "/bin/sh -c 'while..."   6 seconds ago       Up 5 seconds                            vibrant_wiles
3f1b6af49bb0        centos:latest       "/bin/bash"              14 minutes ago      Up 10 minutes                           flamboyant_easley
[root@bogon ~]# docker logs 4ef7
hello world
hello world
...

终止容器

可以通过docker stop终止运行中的容器，命令格式为docker stop [-t|—time[=10]]。它会首先向容器发送SIGTERM信号，等待一段时间后（默认为10秒），再发送SIGKILL信号终止容器

# 示例
[root@bogon ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
4ef71250e5e5        centos              "/bin/sh -c 'while..."   7 minutes ago       Up 7 minutes                            vibrant_wiles
3f1b6af49bb0        centos:latest       "/bin/bash"              21 minutes ago      Up 18 minutes                           flamboyant_easley
[root@bogon ~]# docker stop 4ef71250e5e5
4ef71250e5e5
[root@bogon ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
3f1b6af49bb0        centos:latest       "/bin/bash"         22 minutes ago      Up 18 minutes                           flamboyant_easley

进入容器

在使用-d进入后台后，如果需要进入容器进行操作，可以使用docker attach、docker exec、nsenter工具等。

docker attach

# 示例
[root@bogon ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
3f1b6af49bb0        centos:latest       "/bin/bash"         32 minutes ago      Up 28 minutes                           flamboyant_easley
[root@bogon ~]# docker exec -ti 3f1b6af49bb0 /bin/bash
[root@3f1b6af49bb0 /]# ls
anaconda-post.log  bin  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

删除容器

docker rm删除一个处于停止状态的容器

1
2
3

-f, --force=false 强行终止并删除一个运行中的容器。
-l, --link=false 删除容器的连接，但保留容器。
-v, --volumes=false 删除容器挂载的数据卷。

# 示例
[root@bogon ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
4482fc316c14        centos              "/bin/bash"              6 minutes ago       Exited (0) 4 minutes ago                           nifty_jennings
4ef71250e5e5        centos              "/bin/sh -c 'while..."   22 minutes ago      Exited (137) 14 minutes ago                        vibrant_wiles
a61f9ada2179        centos              "/bin/bash"              25 minutes ago      Exited (0) 25 minutes ago                          vibrant_brattain
c2ded0c4a577        centos              "/bin/echo 'Hello ..."   27 minutes ago      Exited (0) 27 minutes ago                          silly_hoover
3f1b6af49bb0        centos:latest       "/bin/bash"              36 minutes ago      Up 32 minutes                                      flamboyant_easley
1fa5a642a73d        test                "/bin/bash"              58 minutes ago      Exited (0) 58 minutes ago                          brave_meitner
507ae2970ce5        docker.io/centos    "/bin/bash"              About an hour ago   Exited (0) About an hour ago                       xenodochial_wiles

[root@bogon ~]# docker rm 4482fc316c14
4482fc316c14

[root@bogon ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
4ef71250e5e5        centos              "/bin/sh -c 'while..."   23 minutes ago      Exited (137) 14 minutes ago                        vibrant_wiles
a61f9ada2179        centos              "/bin/bash"              26 minutes ago      Exited (0) 26 minutes ago                          vibrant_brattain
c2ded0c4a577        centos              "/bin/echo 'Hello ..."   28 minutes ago      Exited (0) 28 minutes ago                          silly_hoover
3f1b6af49bb0        centos:latest       "/bin/bash"              37 minutes ago      Up 33 minutes                                      flamboyant_easley
1fa5a642a73d        test                "/bin/bash"              58 minutes ago      Exited (0) 58 minutes ago                          brave_meitner
507ae2970ce5        docker.io/centos    "/bin/bash"              About an hour ago   Exited (0) About an hour ago                       xenodochial_wiles

仓库

registry镜像方式搭建本地私有仓库

1 2	# 示例 docker run -d -p 5000:5000 registry

此时，这将下载并启动一个监听5000端口的registry容器，创建本地私有仓库服务。默认情况下，会将仓库创建在容器的/tmp/registry目录下，可以通过-v参数来将镜像文件存放在本地其他指定路径下：

1 2	# 示例 docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry

上传镜像

# 查看镜像
[root@bogon tmp]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos          latest              67fa590cfc1c        5 weeks ago         202 MB

# docker tag命令将要上传的镜像(docker.io/centos)标记为仓库地址(格式为：docker tag IMAGES[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]):
[root@bogon tmp]# docker tag centos:latest 192.168.1.187:5000/test

192.168.1.187为仓库地址，接下来上传至仓库

# 示例
[root@bogon tmp]# docker push 192.168.1.187:5000/test
The push refers to a repository [192.168.1.187:5000/test]
Get https://192.168.1.187:5000/v1/_ping: http: server gave HTTP response to HTTPS client

这里出错，提示不是HTTPS协议，docker官方强烈推荐https协议，如果没有，可在docker配置文件中添加“insecure-registries”:[“192.168.1.187:5000”]指定：

1
2
3

# 示例
[root@bogon tmp]# cat /etc/docker/daemon.json 
{ "insecure-registries":["192.168.1.187:5000"] }

重启docker并再次push操作

# 示例
[root@bogon tmp]# systemctl restart docker
[root@bogon tmp]# docker push 192.168.1.187:5000/test
The push refers to a repository [192.168.1.187:5000/test]
877b494a9f30: Pushed 
latest: digest: sha256:a36b9e68613d07eec4ef553da84d0012a5ca5ae4a830cf825bb68b929475c869 size: 529

这样，就能push上去了，可在其他docker客户端配置中下载：

# 示例
[root@localhost ~]# docker pull 192.168.1.187:5000/test
Using default tag: latest
Trying to pull repository 192.168.1.187:5000/test ... 
latest: Pulling from 192.168.1.187:5000/test
d8d02d457314: Pull complete 
Digest: sha256:a36b9e68613d07eec4ef553da84d0012a5ca5ae4a830cf825bb68b929475c869
Status: Downloaded newer image for 192.168.1.187:5000/test:latest

[root@localhost ~]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
192.168.1.187:5000/test   latest              67fa590cfc1c        5 weeks ago         202 MB

数据管理

数据卷(volume)配置与本地host主机挂载，配置选项-v:

# 示例
[root@bogon ~]# docker run --name b2 -it -v /data centos
[root@fa04a6cb63cf /]# 

#宿主机上查看b2容器的挂载情况
[root@bogon ~]# docker inspect b2
...
"Mounts": [
            {
                "Type": "volume",
                "Name": "d40f1da12c8409119d25d847b9e17242d3ae2fe4bca7936764c04446b87cee44",
                "Source": "/var/lib/docker/volumes/d40f1da12c8409119d25d847b9e17242d3ae2fe4bca7936764c04446b87cee44/_data",
                ...
            }
        ],
"Config": {
            ...
            "Volumes": {
                "/data": {}
            },
            ...

上述配置信息看到b2相关的volume存储位置在/data目录中，而挂载的宿主机的位置为：/var/lib/docker/volumes/d40f1da12c8409119d25d847b9e17242d3ae2fe4bca7936764c04446b87cee44/_data，我们可以在宿主机的这个目录中和b2的volume中分别测试验证挂载：

# 示例
# 宿主机执行
[root@bogon ~]# cd /var/lib/docker/volumes/d40f1da12c8409119d25d847b9e17242d3ae2fe4bca7936764c04446b87cee44/_data/
[root@bogon _data]# echo "hello container" >> test.html

# b2容器执行
[root@fa04a6cb63cf /]# cat data/test.html 
hello container

可以看到挂载成功，如果我们要指定宿主机的挂载位置只要在选项参数-v后添加相关位置即可，格式为：-v 宿主机位置:容器位置（例如：-v /data/volume/b2:/data），这种别称为绑定挂载卷

1 2	# 示例 [root@bogon ~]# docker run --name b2 -it -v /data/volume/b2:/data centos

把容器b2的/data目录挂载至宿主机的/data/volume/b2目录下，这样访问容器b2的/data目录中的数据实际是访问的宿主机的/data/volume/b2目录下的数据资源。

# 示例
[root@bogon _data]# docker inspect b2
[
    ...
    "Mounts": [
            {
                "Type": "bind",
                "Source": "/data/volume/b2",
                "Destination": "/data",
                "Mode": "",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
    ...
]

docker容器网络

容器虚拟化网络

大家知道Linux内核支持六中名称空间：

UTS

管理主机名和域名
User

用户管理
Mount

挂载管理
IPC

管理进程间通信
Pid

进程id
Net

网络管理

所谓网络名称空间是为了协议栈的隔离

未完待续。。。