- 什么是docker
- OCI和OCF
- OCI
- OCF
- Docker架构
- docker对象
- Docker的安装和使用
- docker加速
- Docker常用操作
docker中的容器:
lxc --> libcontainer --> runC
Open Container-initiative
- 由Linux基金会主导于2015年6月创立
- 旨在围绕容器格式和运行时制定一个开放的工业化标准
- 包含两个规范
- the Runtime Specification(runtime-spec)(运行规范)
- the Image Specification(image-spec)(镜像规范)
Open Container Format(打开容器格式)
runC是一个CLI工具,用于根据OCI规范生成和运行容器
- 容器作为runC的子进程启动,可以嵌入到各种其他系统中,而不需要运行守护进程
- runC是基于libcontainer构建的,同样的容器技术为数百万的Docker引擎安装提供了动力
docker提供了一个专门容纳容器镜像的站点:https://hub.docker.com
Docker架构现实工作中Client客户端和Docker_HOST服务端是在一台主机上的,是不会使用本地docker管理其他主机上的容器的。
Registry:这个是容器仓库,里面放着各种软件的容器仓库,软件容器仓库中又放着各种版本的镜像文件
镜像是静态的,而容器是动态的,容器有其生命周期,镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件,而容器则类似于将一个程序运行起来的状态,也即进程。所以容器是可以删除的,容器被删除后其镜像是不会被删除的。
docker对象当你使用Docker容器时,你可以创建和使用图像、容器、网络、卷、插件和其他对象
-
IMAGES(镜像)
- 镜像是一个只读的,用来创建容器的模板
- 通常,一个镜像是基于另外一个镜像的做的,加上一些自定义的操作
- 您可以创建自己的映像,也可以只使用其他人创建并在注册表中发布在官网仓库中的镜像
-
ConTAINERS(容器)
- 一个容器时一个镜像运行起来生成的
- 您可以通过docker AP(一种接口)I或CLI(命令行功能)创建、运行、停止、移动或删除容器
- 你可以将容器连接到一个或多个网络,附加存储到里面,就是将容器的数据挂载到那个存储中不放在本地。基于当前的状态创建一个新镜像,这里的状态是指安装了某一个服务的情况
//下载docker源
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1919 100 1919 0 0 1626 0 0:00:01 0:00:01 --:--:-- 1626
//修改repo文件,把地址改为国内
[root@localhost yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
//安装docker
[root@localhost ~]# yum -y install docker-ce
docker加速
docker-ce的配置文件是/etc/docker/daemon.json,此文件默认不存在,需要我们手动创建并进行配置,而docker的加速就是通过配置此文件来实现的。
//启动docker
//启动docker后会自动生成/etc/docker目录
[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]# ll /etc/docker/
总用量 4
-rw-------. 1 root root 244 12月 2 12:14 key.json
//配置阿里云加速器
[root@localhost ~]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://j7nfsalu.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://j7nfsalu.mirror.aliyuncs.com"]
}
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
//查看docker信息 [root@localhost ~]# docker info Client: Context: default Debug Mode: false //开发模式 Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.3-docker) scan: Docker Scan (Docker Inc., v0.9.0) Server: Containers: 0 Running: 0 //运行的容器 Paused: 0 //暂停的容器 Stopped: 0 //停止的容器 Images: 0 //已有的镜像 Server Version: 20.10.11 Storage Driver: overlay2 Backing Filesystem: xfs //储存文件类型 Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2 Default Runtime: runc Init Binary: docker-init containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d runc version: v1.0.2-0-g52b36a2 init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 4.18.0-305.3.1.el8.x86_64 Operating System: CentOS Linux 8 OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.748GiB Name: localhost ID: 6ZZS:6J2I:UR4R:BD3B:UIRQ:GYNP:TPKN:VFQI:NBJ5:U6EV:TNBK:O45Y Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: //加速地址 https://j7nfsalu.mirror.aliyuncs.com/ Live Restore Enabled: falseDocker常用操作
| 命令 | 功能 |
|---|---|
| docker search | Search the Docker Hub for images(在docker hub官网上搜索镜像) |
| docker pull | Pull an image or a repository from a registry(从registry也就是官网拉取一个镜像到本地来) |
| docker images | List images (列出本地镜像) |
| docker create | Create a new conntainer (创建一个容器,镜像可以是本地的也可以是网络上的) |
| docker start | Start one or more stopped containers(启动容器) |
| docker run | Run a command in a new container(创建一个容器,并且创建后就自动启动) |
| docker attach | Attach to a runninng container (附加到容器,并让容器在前台运行,但是不能做任何操作) |
| docker ps | List containers(查看此时正在运行的容器) |
| docker logs | Fetch the logs of a container (查看容器的日志) |
| docker restart | Restart a container(重启容器) |
| docker stop | Stop one or more running containers (停止容器 -15) |
| docker kill | Kill one or more running containers(强制杀死容器) -9 |
| docker rm | Remove onne or more containers (删除容器) |
| docker exec | Run a command in a running container (进入到容器,) |
| docker info | Display system-wide information(查看docker的信息) |
| docker inspect | Return low-level information on Docker objects(显示容器的详细信息) |
- docker search
[root@localhost ~]# docker search nginx NAME DEscriptION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 15899 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 2098 [OK] richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 820 [OK] jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 285 linuxserver/nginx An Nginx container, brought to you by LinuxS… 160 #STARS受欢迎程度 OFFICIAL官方提供
- docker pull
从官网拉取一个镜像,如果不指定版本号,那么就拉取最新版本的
[root@localhost ~]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx eff15d958d66: Pull complete 1e5351450a59: Pull complete 2df63e6ce2be: Pull complete 9171c7ae368c: Pull complete 020f975acd28: Pull complete 266f639b35ad: Pull complete Digest: sha256:097c3a0913d7e3a5b01b6c685a60c03632fc7a2b50bc8e35bcaa3691d788226e Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest
- docker images
列出本地的镜像
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest ea335eea17ab 2 weeks ago 141MB
- docker create
创建一个容器,如果本地没有镜像就从网上拉取
//本地镜像创建容器 [root@localhost ~]# docker create nginx c34e7daf645fda6ff440ae9d9dd2b8ed78f4d7756b473ca5226d12e79350a24a //从网络上拉取镜像创建容器 [root@localhost ~]# docker create busybox Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox 3aab638df1a9: Pull complete Digest: sha256:52817dece4cfe26f581c834d27a8e1bcc82194f914afe6d50afad5a101234ef1 Status: Downloaded newer image for busybox:latest a85316c6c0f9adb5102230be80fb2df12869c6d495523d39098a1d342c050457
- docker start
启动容器
//列出所有容器 [root@localhost ~]# docker ps -a ConTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a85316c6c0f9 busybox "sh" 2 minutes ago Created relaxed_hamilton c34e7daf645f nginx "/docker-entrypoint.…" 3 minutes ago Created wonderful_stonebraker [root@localhost ~]# docker start c34e7daf645f c34e7daf645f [root@localhost ~]# docker ps //列出正在运行的容器 ConTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c34e7daf645f nginx "/docker-entrypoint.…" 3 minutes ago Up 4 seconds 80/tcp wonderful_stonebraker
- docker restart
重新启动容器
[root@localhost ~]# docker restart c34e7daf645f c34e7daf645f [root@localhost ~]# docker ps ConTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c34e7daf645f nginx "/docker-entrypoint.…" 5 minutes ago Up 2 seconds 80/tcp wonderful_stonebraker
- docker attach
让容器在前台运行,此时是不能做任何操作的,如果这个时候退出则服务也会退出停止
[root@localhost ~]# docker ps ConTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c34e7daf645f nginx "/docker-entrypoint.…" 6 minutes ago Up about a minute 80/tcp wonderful_stonebraker [root@localhost ~]# docker attach c34e7daf645f ^C2021/12/02 05:37:21 [notice] 1#1: signal 2 (SIGINT) received, exiting Ctrl+c退出
- docker run
[root@localhost ~]# docker run -it busybox /bin/sh / # ls bin dev etc home proc root sys tmp usr var / # exit
- docker rm
删除容器,需要注意的是删除容器只能删除不在运行的,如果容器在运行需要先停止再删除,或者docker rm -f 强制删除
[root@localhost ~]# docker ps -a ConTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6a0576257504 busybox "/bin/sh" 2 minutes ago Exited (0) 2 minutes ago confident_spence a85316c6c0f9 busybox "sh" 9 minutes ago Created relaxed_hamilton c34e7daf645f nginx "/docker-entrypoint.…" 10 minutes ago Exited (0) 3 minutes ago wonderful_stonebraker [root@localhost ~]# docker rm 6a0576257504 6a0576257504 [root@localhost ~]# docker ps -a ConTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a85316c6c0f9 busybox "sh" 9 minutes ago Created relaxed_hamilton c34e7daf645f nginx "/docker-entrypoint.…" 10 minutes ago Exited (0) 3 minutes ago wonderful_stonebraker
- docker inspect
查看容器详细信息
[root@localhost ~]# docker inspect c34e7daf645f
[
{
"Id": "c34e7daf645fda6ff440ae9d9dd2b8ed78f4d7756b473ca5226d12e79350a24a",
"Created": "2021-12-02T05:30:16.469655359Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
......
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
- docker logs
查看容器的日志文件
[root@localhost ~]# docker logs c34e7daf645f /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2021/12/02 05:33:42 [notice] 1#1: using the "epoll" event method 2021/12/02 05:33:42 [notice] 1#1: nginx/1.21.4 2021/12/02 05:33:42 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 2021/12/02 05:33:42 [notice] 1#1: OS: Linux 4.18.0-305.3.1.el8.x86_64 2021/12/02 05:33:42 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
- exec
进入到容器中(最常用),退出也不会停止运行
[root@localhost ~]# docker exec -it c34e7daf645f /bin/bash root@c34e7daf645f:/# ls bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var boot docker-entrypoint.d etc lib media opt root sbin sys usr root@c34e7daf645f:/# exit exit
