Docker-CE容器部署和使用
TsengYia @ http://tsengyia.blog.chinaunix.net
一、关于docker
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。每个容器使用沙箱机制,相互之间不会有任何接口。
Docker 使用 Google 公司推出的 Go 语言 进行开发实现,基于 Linux 内核的 cgroup,namespace,以及 AUFS 类的 Union FS 等技术,对进程进行封装隔离,相当于操作系统层面的虚拟化技术。由于隔离的进程独立于宿主和其它的隔离的进程,因此也称其为容器。
官方网站:
仓库:用来提供/存放镜像,有官方仓库、私有仓库。
镜像:针对某个虚拟机或某个应用封装的独立环境,作为容器的模板。
容器:基于某个镜像启动的在内存中运行的实例。
二、系统环境
华为云ECS服务器一台,使用公开镜像CentOS 8.0。
1)系统版本、内核版本
[root@docker1 ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
[root@docker1 ~]# uname -r
4.18.0-147.5.1.el8_1.x86_64
2)CentOS默认仓库
[root@docker1 ~]# yum repolist
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:01:15 ago on Sat Nov 7 19:06:23 2020.
repo id
repo name
status
AppStream
CentOS-8 - AppStream
4933
BaseOS
CentOS-8 - Base
1673
*epel
Extra Packages for Enterprise Linux 8 - x86_64
6628
*epel-modular
Extra Packages for Enterprise Linux Modular 8 - x86_64
0
extras
CentOS-8 - Extras
27
三、安装docker平台
1. 安装docker-ce社区版容器包
[root@docker1 ~]# vim /etc/yum.repos.d/docker-ce.repo
//添加docker-ce源
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=
enabled=1
gpgcheck=1
gpgkey=
[root@docker1 ~]# yum -y install docker-ce
//直接yum在线安装
2. 启用docker服务
1)设置docker服务自动运行,并立即启动
[root@docker1 ~]# systemctl enable docker --now
2)查看docker主程序版本
[root@docker1 ~]# docker -v
//查看简要信息
Docker version 19.03.13, build 4484c46d9d
[root@docker1 ~]# docker version
//查看详细版本信息
Client: Docker Engine - Community
Version: 19.03.13
API version: 1.40
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:02:36 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.13
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:01:11 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.7
GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
3)查看docker主机信息
[root@docker1 ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 15
Running: 4
Paused: 0
Stopped: 11
Images: 6
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
.. ..
四、管理镜像
1. 从仓库搜索xx镜像
可访问 了解官方镜像,或者直接搜索镜像:
[root@docker1 ~]# docker search nginx
NAME
DESCRIPTION
STARS
OFFICIAL AUTOMATED
Nginx
Official build of Nginx.
13971
[OK]
jwilder/nginx-proxy
Automated Nginx reverse proxy for docker con…
1906
[OK]
richarvey/nginx-php-fpm
Container running Nginx + PHP-FPM capable of…
791
[OK]
linuxserver/nginx
An Nginx container, brought to you by LinuxS…
128
.. ..
2. 从仓库下载xx镜像
1)配置国内镜像加速(可选)
[root@docker1 ~]# vim /etc/docker/daemon.json
//新建镜像地址配置
{ "registry-mirrors": [ "" ] }
//Docker中国镜像地址
[root@docker1 ~]# systemdtl restart docker
//重启docker服务
[root@docker1 ~]# docker info | grep -A1 "Registry Mirrors:"
//确认更新结果
Registry Mirrors:
/
2)下载xx镜像
[root@docker1 ~]# docker pull hello-world
//下载名为hello-world的镜像
[root@docker1 ~]# docker pull nginx
//下载名为nginx的镜像
[root@docker1 ~]# docker pull centos
//下载名为centos的镜像
.. ..
3)查看本地镜像列表,检查下载结果
[root@docker1 ~]# docker images
REPOSITORY
TAG
IMAGE ID
CREATED
SIZE
nginx latest c39a868aad02 40 hours ago 133MB
centos latest 0d120b6ccaa8 2 months ago 215MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
3. 为xx镜像设置新标记(根据ID或镜像名称定位)
1)为ID以fce2开头的镜像设置新标签
[root@docker1 ~]# docker tag bf75 hello-world:1.1
2)查看本地镜像列表,检查设置结果
[root@docker1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest c39a868aad02 40 hours ago 133MB
centos latest 0d120b6ccaa8 2 months ago 215MB
hello-world 1.1 bf756fb1ae65 10 months ago 13.3kB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
4. 删除xx镜像(根据ID或镜像名称定位)
1)删除镜像 hello-world:1.0
[root@docker1 ~]# docker rmi hello-world:1.1
Untagged: hello-world:1.0
2)查看本地镜像列表,检查删除结果
[root@docker1 ~]# docker images
REPOSITORY
TAG
IMAGE ID
CREATED
SIZE
nginx latest c39a868aad02 40 hours ago 133MB
centos latest 0d120b6ccaa8 2 months ago 215MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
5. 将xx镜像导出为备份文件(.tar格式)
1)将名为nginx的镜像导出为/root/nginx.tar备份文件
[root@docker1 ~]# docker save nginx > /root/nginx.tar
2)确认备份结果
[root@docker1 ~]# ls -lh /root/nginx.tar
-rw-r--r-- 1 root root 131M Nov 7 18:06 /root/nginx.tar
6. 从xx备份文件导入镜像
1)从/root/目录下导入nginx.tar镜像
[root@docker1 ~]# docker import /root/nginx.tar nginx-new:latest
sha256:512651f45fbf23ab13cb48672d81762e19586ebb29af8bf5a856bc18d6c65ed9
2)确认导入结果
[root@docker1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-new latest 512651f45fbf About a minute ago 137MB
nginx latest c39a868aad02 40 hours ago 133MB
centos latest 0d120b6ccaa8 2 months ago 215MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
[root@docker1 ~]# docker images nginx-new
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-new latest 512651f45fbf 12 seconds ago 137MB
五、管理容器
1. 运行hello-world测试容器
[root@docker1 ~]# docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
For more examples and ideas, visit:
2. 启动xx容器
1)启动nginx容器,执行容器内的一条命令(nginx -v、grep root .. ..)后自动退出
[root@docker1 ~]# docker run nginx nginx -v
//检查nginx容器的程序版本
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
nginx version: nginx/1.19.4
2)启动一个nginx容器,并进入容器内的/bin/bash命令行环境(-i 允许交互,-t 开启终端)
[root@docker1 ~]# docker run -it nginx bash
root@0136b4838f79:/# ls /etc/nginx/*conf*
//查找nginx配置文件
/etc/nginx/nginx.conf
//主配置
/etc/nginx/conf.d:
default.conf
//默认配置
root@0136b4838f79:/# grep root /etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf: root /usr/share/nginx/html;
//默认网页目录
/etc/nginx/conf.d/default.conf: root /usr/share/nginx/html;
/etc/nginx/conf.d/default.conf: # root html;
/etc/nginx/conf.d/default.conf: # deny access to .htaccess files, if Apache's document root
root@0136b4838f79:/# exit
//退出容器
exit
[root@docker1 ~]#
3)在后台启动一个nginx容器(-d 在后台运行,-p 本地端口:容器端口)
将docker主机的8000端口映射到此nginx容器的80端口
[root@docker1 ~]# docker run -d -p 8000:80 nginx
246d0680e0fedb2893c36b350351f8305fd5a00e581efaba4fb2491ec22e906a
[root@docker1 ~]# docker ps
//列出活动中的容器
CONTAINER ID
IMAGE
COMMAND
CREATED STATUS
PORTS
NAMES
246d0680e0fe nginx "/docker-entrypoint.…" 18 seconds ago Up 17 seconds 0.0.0.0:8000->80/tcp cranky_tesla
4)在后台启动一个nginx容器,将docker主机的8001端口映射到此nginx容器的80端口,将docker主机的/opt/webroot映射为此nginx容器的web目录(-v 本地目录:容器内目录):
[root@docker1 ~]# mkdir /opt/webroot
//准备网页目录
[root@docker1 ~]# echo "Docker Test" > /opt/webroot/index.html
//准备默认测试网页
[root@docker1 ~]# docker run -d -p 8001:80 -v /opt/webroot:/usr/share/nginx/html nginx
2b3c430f0a939b77fb6ca1a52c5a58bf631aae7f65113e27031b1a41b9d59bfb
//启动容器
[root@docker1 ~]# docker ps
//列出活动中的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b3c430f0a93 nginx "/docker-entrypoint.…" 18 seconds ago Up 18 seconds 0.0.0.0:8001->80/tcp exciting_mcnulty
246d0680e0fe nginx "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 0.0.0.0:8000->80/tcp cranky_tesla
3. 访问xx容器
1)连接到ID值以b76b开头的容器的命令行
[root@docker1 ~]# docker exec -it b76b bash
root@2b3c430f0a93:/# service nginx status
[ ok ] nginx is running.
root@2b3c430f0a93:/# exit
exit
[root@docker1 ~]#
2)从docker主机向ID值为b76b的容器传输文件
[root@docker1 ~]# echo AAAA > /root/a.html
//建立测试网页
[root@docker1 ~]# docker cp /root/a.html 2b3c:/usr/share/nginx/html/a.html
//复制文件到容器
[root@docker1 ~]# docker exec 2b3c cat /usr/share/nginx/html/a.html
//确认结果
AAAA
3)通过映射端口访问容器中的Web服务
[root@docker1 ~]# curl
//浏览8001端口访问目标容器首页
Docker Test
[root@docker1 ~]# curl a.html
//浏览指定页面
AAAA
4. 关闭/杀死、删除容器
1)关闭/杀死ID值为246d的容器
[root@docker1 ~]# docker stop 246d
//若要杀容器改用kill
246d
[root@docker1 ~]# docker ps -a | grep 246d
//检查xx容器状态
246d0680e0fe nginx "/docker-entrypoint.…" 11 minutes ago Exited (0) About a minute ago cranky_tesla
2)重新启动被关闭的ID值为246d的容器
[root@docker1 ~]# docker start 246d
//启用已关闭的xx容器
246d
[root@docker1 ~]# docker ps -a | grep 246d
//检查xx容器状态
246d0680e0fe nginx "/docker-entrypoint.…" 12 minutes ago Up 2 seconds 0.0.0.0:8000->80/tcp cranky_tesla
3)删除ID值为b76b的容器
[root@docker1 ~]# docker stop 246d
//先关闭xx容器
246d
[root@docker1 ~]# docker rm 246d
//删除已关闭的xx容器
246d
[root@docker1 ~]# docker ps -a | grep 246d
//检查删除结果(无输出)
[root@docker1 ~]#
5. 启动并测试centos容器
1)启动centos系统容器(开启终端、在后台运行)
[root@docker1 ~]# docker run -td centos
//启动centos容器
9e559ee34b5b62cc6c589d9db777a9c80f22841de76005fcde6d3a4736c5d19a
2)检查容器状态
[root@docker1 ~]# docker ps | grep centos
9e559ee34b5b centos "/bin/bash" 41 seconds ago Up 40 seconds hungry_chaum
3)访问容器的命令行界面
[root@docker1 ~]# docker exec -it 9e55 bash
//连接到eebf-centos命令行界面
[root@9e559ee34b5b /]# cat /etc/redhat-release
//检查系统版本
CentOS Linux release 8.2.2004 (Core)
[root@9e559ee34b5b /]# exit
exit
[root@docker1 ~]#
4)查看容器的IP地址信息
[root@docker1 ~]# docker inspect eebf | grep '"IPAddress"'
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
//9e55-centos的IP地址
"IPAddress": "172.17.0.2",
[root@docker1 ~]#
六、自定义镜像
1. 以xx容器为基础,commit存为新镜像(不推荐)
1)启动一个nginx容器
[root@docker1 ~]# docker run -itd nginx
//启用容器
dac1fd1f2cb52767f135d23d5e1c01bd9bfb630abb16a7ef753375b45ffd7c9a
[root@docker1 ~]# docker ps
//确认结果
CONTAINER ID
IMAGE
COMMAND
CREATED
STATUS
PORTS
NAMES
dac1fd1f2cb5 nginx "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 80/tcp elastic_mendeleev
.. ..
2)访问ID以dac1开头的容器,修改nginx默认Web首页内容
[root@docker1 ~]# docker exec -it dac1 bash
//连接dac1容器
root@dac1fd1f2cb5:/# echo "Nginx Test Site." > /usr/share/nginx/html/index.html
//修改Web页
root@dac1fd1f2cb5:/# exit
//退出
exit
[root@docker1 ~]#
3)另存为新镜像nginx-test3(若不指定新名称,则更新到原镜像)
[root@docker1 ~]# docker commit dac1 nginx-test7
//提交更新,另存为新镜像
sha256:bca296c9dd392056feec3866f652d4a3560f21f410e3829549a75d00a5a0a6e2
[root@docker1 ~]# docker images
//检查新生成的镜像
REPOSITORY
TAG
IMAGE ID
CREATED
SIZE
nginx-test7 latest bca296c9dd39 31 seconds ago 133MB
nginx-new latest 512651f45fbf 45 minutes ago 137MB
nginx latest c39a868aad02 41 hours ago 133MB
centos latest 0d120b6ccaa8 2 months ago 215MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
4)以新镜像nginx-test3启动一个容器,访问网页测试效果
[root@docker1 ~]# docker run -itd -p 8003:80 nginx-test7
47d88437b17b6dbe4a46fc2862cda054a6b0cf1438a9ae7183c11c3e49e2be93
[root@docker1 ~]# curl
Nginx Test Site.
[root@docker1 ~]#
2. 以xx镜像为基础,通过dockerfile定制新镜像
1)准备镜像构建临时目录、准备要复制到镜像中的测试文件
[root@docker1 ~]# mkdir /root/tmpdir
[root@docker1 ~]# echo TTEESSTT > /root/tmpdir/test.txt
2)编写好镜像构建配置文件
[root@docker1 ~]# vim /root/tmpdir/dockerfile
FROM
centos
MAINTAINER
TsengYia xxxx@yyyy.zzz
WORKDIR
/var/www/html
ENV
LSB_RELEASE="CentOS 8.2"
ADD
test.txt /root/new.txt
RUN
yum -y install httpd && echo "It's OK" > /var/www/html/index.html
EXPOSE
80
CMD
["httpd", "-DFOREGROUND"]
!!!! dockerfile常用配置语法
FROM:指定以哪一个镜像为基础
MAINTAINER:镜像创建者信息
WORKDIR:定义容器的默认工作目录(若镜像中无此目录,构建时会自动创建)
ENV:设置环境变量
COPY:复制文件到镜像(若需直接释放.tar.gz类的文件到镜像中,请改用ADD指令)
RUN:在镜像中执行的命令,可以有多条RUN(尽量少,必要时可以&&合并)
EXPOSE:说明开放了哪个端口
CMD:容器启动时执行的主命令,仅可以有一条CMD
3)以centos镜像为基础,建立新镜像centos-test1
[root@docker1 ~]# docker build -t centos-test1 /root/tmpdir/
Sending build context to Docker daemon 3.072kB
Sending build context to Docker daemon 3.072kB
Step 1/8 : FROM
centos
---> e934aafc2206
Step 2/8 : MAINTAINER
TsengYia xxxx@yyyy.zzz
---> Using cache
---> 04adfd7012bb
.. ..
Step 7/8 : EXPOSE
80
---> Running in d86f330e7aee
Removing intermediate container d86f330e7aee
---> ba743a485520
Step 8/8 : CMD
["httpd", "-DFOREGROUND"]
---> Running in 10bb84fb32c7
Removing intermediate container 10bb84fb32c7
---> 8bcf79b4e22f
Successfully built 8bcf79b4e22f
Successfully tagged centos-test1:latest
[root@docker1 ~]# docker images
//检查新生成的镜像
REPOSITORY
TAG
IMAGE ID
CREATED
SIZE
centos-test1
latest
8e9d31184dc3
About a minute ago
334MB
nginx-test7 latest bca296c9dd39 31 seconds ago 133MB
nginx-new latest 512651f45fbf 45 minutes ago 137MB
nginx latest c39a868aad02 41 hours ago 133MB
centos latest 0d120b6ccaa8 2 months ago 215MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
4)以新镜像centos-test1启动一个容器,确认容器运行效果
[root@docker1 ~]# docker run -itd -p 8004:80 centos-test1
2e75066121c6937e5d84c8b0131aa8a37e24ecaaa4f42da0dee8efc1fa37a348
[root@docker1 ~]# docker exec 2e75 env | egrep 'LSB|AUTHOR'
//检查容器中的环境变量
Author=TsengYia
LSB_RELEASE=CentOS 7.4
[root@docker1 ~]# docker exec 2e75 cat /root/new.txt
//检查容器中的文件
TTEESSTT
[root@docker1 ~]# docker exec 2e75 cat /var/www/html/index.html //检查容器中的文件
It's OK
[root@docker1 ~]# elinks -dump
//访问容器的Web服务
It's OK
[root@docker1 ~]#
七、获取docker相关指令帮助
1. 查看docker指令清单
[root@docker1 ~# docker
Usage: docker [OPTIONS] COMMAND [arg...]
docker [ --help | -v | --version ]
.. ..
Commands:
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
.. ..
2. 获取具体指令的帮助
[root@docker1 ~]# man docker-images
[root@docker1 ~]# man docker-run
[root@docker1 ~]# man docker-cp
[root@docker1 ~]# man docker-ps
[root@docker1 ~]# man docker-start
[root@docker1 ~]# man docker-stop
[root@docker1 ~]# man docker-kill
[root@docker1 ~]# man docker-exec
