docker基础用法

• OCI&OCF
• docker架构
• docker镜像与镜像仓库
• docker对象
• docker的安装及使用
• • docker安装
  • docker加速
  • docker常用操作

• OCI
  OCI（Open Container Initiative）Linux基金会于2015年6月成立组织，旨在围绕容器格式和运行时制定一个开放的工业化标准,包括容器运行时的规范和镜像文件的规范。

• OCF
  OCF (Open Container Format)容器的开放标准。

runC 是一个 CLI 工具，根据 OCI 规范，生成和运行容器、
容器作为 runC 的子进程启动，可以嵌入到各种其他系统中，而无需运行守护进程
runC 建立在 libcontainer 之上，同样的容器技术支持数百万个 Docker 引擎安装

客户端（client）执行命令 到docker 主机，docker daemon服务收到指令后会去本地找到相应镜像文件 启动容器，如果在本地仓库没有找到，docker daemon会去registry找所需要的镜像，拉取镜像并启动服务。所以此服务一般设置为开机自启。
·

镜像不仅种类繁多，而且同一种镜像也会有很多版本，而registry就像一个码头，存储各种种类和各种版本的镜像文件。

镜像是静态的只读的，而容器是动态的(可写层)，容器有其生命周期，镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件，而容器则类似于将一个程序运行起来的状态，也即进程。所以容器是可以删除的，容器被删除后其镜像是不会被删除的。

当你使用 docker 时，你就是在创建和使用镜像、容器、网络、卷、插件和其他对象。

镜像
①镜像是一个只读模板，其中包含创建 docker 容器的说明。
②通常一个镜像基于另一个镜像产生，有一些额外的定制操作。
③你可以创建自己的镜像，也可以使用其他人创建的镜像（发布在registry）。

容器
①容器是镜像的可运行实例。
②可以使用 docker API 或 CLI 创建、运行、停止、移动或删除容器。
③可以将容器连接到一个或多个网络，保存起来，甚至可以基于当前状态创建新镜像。

• 环境说明
  centos8 系统 国内阿里云镜像仓库

[root@rookie ~]# cd /etc/yum.repos.d/
[root@rookie yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@rookie yum.repos.d]# ls
CentOS-Base.repo  epel-modular.repo  epel-testing-modular.repo
docker-ce.repo    epel.repo          epel-testing.repo
[root@rookie yum.repos.d]#cd
[root@rookie ~]# dnf -y install  docker-ce
已安装:
  checkpolicy-2.9-1.el8.x86_64                                                         
  container-selinux-2:2.167.0-1.module_el8.5.0+911+f19012f9.noarch                     
  containerd.io-1.5.11-3.1.el8.x86_64                                                  
  docker-ce-3:20.10.14-3.el8.x86_64                                                    
  docker-ce-cli-1:20.10.14-3.el8.x86_64                                                
  docker-ce-rootless-extras-20.10.14-3.el8.x86_64                                      
  docker-scan-plugin-0.17.0-3.el8.x86_64                                               
  fuse-overlayfs-1.7.1-1.module_el8.5.0+890+6b136101.x86_64                            
  fuse3-3.2.1-12.el8.x86_64                                                            
  fuse3-libs-3.2.1-12.el8.x86_64                                                       
  libcgroup-0.41-19.el8.x86_64                                                         
  libslirp-4.4.0-1.module_el8.5.0+890+6b136101.x86_64                                  
  policycoreutils-python-utils-2.9-16.el8.noarch                                       
  python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64                                 
  python3-libsemanage-2.9-6.el8.x86_64                                                 
  python3-policycoreutils-2.9-16.el8.noarch                                            
  python3-setools-4.3.0-2.el8.x86_64                                                   
  slirp4netns-1.1.8-1.module_el8.5.0+890+6b136101.x86_64                               

完毕！

配置加速器，以便快速拉取镜像，docker-ce的配置文件是/etc/docker/daemon.json，此文件默认不存在，需要我们手动创建并进行配置，而docker的加速就是通过配置此文件来实现的。

docker的加速有多种方式：

• docker cn
• 中国科技大学加速器
• 阿里云加速器（需要通过阿里云开发者平台注册帐号，免费使用个人私有的加速器）

[root@rookie ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@rookie ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: dis>
   Active: active (running) since Sun 2022-04-24 18:54:43 CST; 15s ago
   
[root@rookie docker]# cat > /etc/docker/daemon.json < {
>     "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
> }
> EOF
[root@rookie docker]# systemctl daemon-reload
[root@rookie docker]# systemctl restart docker


[root@rookie docker]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.14
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.18.0-365.el8.x86_64
 Operating System: CentOS Stream 8
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 1.744GiB
 Name: rookie
 ID: V2CS:3UYE:J7RL:WM3O:XMP2:5XP4:CLYK:UNXO:OVJF:CV3W:KSJ2:4QDX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://docker.mirrors.ustc.edu.cn/     //看到这里说明加速器配置成功
 Live Restore Enabled: false

• docker search(搜索镜像)

[root@rookie ~]# docker search httpd
NAME                                    DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
httpd                                   The Apache HTTP Server Project                  3976      [OK]       
centos/httpd-24-centos7                 Platform for running Apache httpd 2.4 or bui…   44                   
centos/httpd                                                                            35                   [OK]
solsson/httpd-openidc                   mod_auth_openidc on official httpd image, ve…   2                    [OK]
hypoport/httpd-cgi                      httpd-cgi                                       2                    [OK]
dariko/httpd-rproxy-ldap                Apache httpd reverse proxy with LDAP authent…   1                    [OK]
manageiq/httpd                          Container with httpd, built on CentOS for Ma…   1                    [OK]
dockerpinata/httpd                                                                      1                    
publici/httpd                           httpd:latest                                    1                    [OK]
clearlinux/httpd                        httpd HyperText Transfer Protocol (HTTP) ser…   1                    
jonathanheilmann/httpd-alpine-rewrite   httpd:alpine with enabled mod_rewrite           1                    [OK]
inanimate/httpd-ssl                     A play container with httpd, ssl enabled, an…   1                    [OK]
centos/httpd-24-centos8                                                                 1                    
lead4good/httpd-fpm                     httpd server which connects via fcgi proxy h…   1                    [OK]
manageiq/httpd_configmap_generator      Httpd Configmap Generator                       0                    [OK]
e2eteam/httpd                                                                           0                    
paketobuildpacks/httpd                                                                  0                    
httpdocker/kubia-unhealthy                                                              0                    
httpdss/archerysec                      ArcherySec repository                           0                    [OK]
19022021/httpd-connection_test          This httpd image will test the connectivity …   0                    
patrickha/httpd-err                                                                     0                    
httpdocker/kubia                                                                        0                    
sandeep1988/httpd-new                   httpd-new                                       0                    
itsziget/httpd24                        Extended HTTPD Docker image based on the off…   0                    [OK]
manasip/httpd                                                                           0                    
             

• docker pull(在镜像仓库拉取镜像)

[root@rookie ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete 
dcc4698797c8: Pull complete 
41c22baa66ec: Pull complete 
67283bbdd4a0: Pull complete 
d982c879c57e: Pull complete 
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest

[root@rookie ~]# docker pull httpd:2.4.53
2.4.53: Pulling from library/httpd
1fe172e4850f: Pull complete 
e2fa1fe9b1ec: Pull complete 
60dd7398e74e: Pull complete 
ea2ca81c6d4c: Pull complete 
f646c69a26ec: Pull complete 
Digest: sha256:e02a2ef36151905c790efb0a8472f690010150f062639bd8c0760e7b1e884c07
Status: Downloaded newer image for httpd:2.4.53
docker.io/library/httpd:2.4.53

• docker info(查看镜像信息)

[root@rookie docker]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.14
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.18.0-365.el8.x86_64
 Operating System: CentOS Stream 8
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 1.744GiB
 Name: rookie
 ID: V2CS:3UYE:J7RL:WM3O:XMP2:5XP4:CLYK:UNXO:OVJF:CV3W:KSJ2:4QDX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://docker.mirrors.ustc.edu.cn/  
 Live Restore Enabled: false

• docker images（列出镜像）

[root@rookie ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
httpd        2.4.53    c30a46771695   4 days ago     144MB
httpd        latest    dabbfbe0c57b   4 months ago   144MB

• docker create(创建容器)

[root@rookie ~]# docker create --name web -p 80:80 httpd
e34c9afca33177b47c222a10a569bad2515e1bf38359572156c53432ab2af42b

• docker ps(列出容器)

解释：-a 查看所有容器，包括没启动的，默认查看启动了的
​ -aq 列出所有容器id

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@rookie ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED              STATUS    PORTS     NAMES
e34c9afca331   httpd     "httpd-foreground"   About a minute ago   Created             web

• docker start(启动镜像)

[root@rookie ~]# docker start web 
web
[root@rookie ~]# docker ps
CONTAINER ID   IMAGE     COMMAND              CREATED              STATUS         PORTS                               NAMES
e34c9afca331   httpd     "httpd-foreground"   About a minute ago   Up 6 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web

• docker stop(停止镜像)

[root@rookie ~]# docker stop e34c9afca331
e34c9afca331
[root@rookie ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED         STATUS                     PORTS     NAMES
e34c9afca331   httpd     "httpd-foreground"   8 minutes ago   Exited (0) 3 seconds ago             web

• socker restart(重启镜像)

[root@rookie ~]# docker restart e34c9afca331
e34c9afca331
[root@rookie ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS         PORTS                               NAMES
e34c9afca331   httpd     "httpd-foreground"   10 minutes ago   Up 8 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web

• docker kill(杀死镜像的进程)

[root@rookie ~]# docker kill web 
web
[root@rookie ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS                       PORTS     NAMES
e34c9afca331   httpd     "httpd-foreground"   14 minutes ago   Exited (137) 3 seconds ago             web

• docker logs(获取日志)

[root@rookie ~]# docker start web
web
[root@rookie ~]# docker logs web| tail -3
192.168.177.1 - - [24/Apr/2022:11:31:33 +0000] "-" 408 -
192.168.177.1 - - [24/Apr/2022:11:37:21 +0000] "GET / HTTP/1.1" 304 -
192.168.177.1 - - [24/Apr/2022:11:38:12 +0000] "-" 408

• docker rm(删除容器)
  （删除的是容器 镜像会保留）

[root@rookie ~]# docker stop web 
web
[root@rookie ~]# docker rm web 
web
[root@rookie ~]# docker ps -a 
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@rookie ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
httpd        2.4.53    c30a46771695   4 days ago     144MB
httpd        latest    dabbfbe0c57b   4 months ago   144MB

• docker run(运行命令)

可以做到docker pull&docker create& docker start 三步变一步

• 解释： -i 交互式模式 -t 指定终端 -d 运行一个容器在后台运行

[root@rookie ~]# docker run -it --name xyx busybox /bin/sh 
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete 
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo:  mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: eth0@if11:  mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
/ # exit 

[root@rookie ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND     CREATED              STATUS                     PORTS     NAMES
98b74ab02ea5   busybox   "/bin/sh"   About a minute ago   Exited (0) 7 seconds ago             xyx

• docker attach(进入容器 退出后容器终止)

[root@rookie ~]# docker start xyx
xyx
[root@rookie ~]# docker ps
CONTAINER ID   IMAGE     COMMAND     CREATED         STATUS         PORTS     NAMES
98b74ab02ea5   busybox   "/bin/sh"   2 minutes ago   Up 8 seconds             xyx
[root@rookie ~]# docker attach xyx
/ # exit
[root@rookie ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND     CREATED         STATUS                      PORTS     NAMES
98b74ab02ea5   busybox   "/bin/sh"   4 minutes ago   Exited (0) 50 seconds ago

• docker exec(进入容器 退出后容器继续运行)

[root@rookie ~]# docker start xyx 
xyx
[root@rookie ~]# docker exec -it xyx /bin/sh
/ # exit
[root@rookie ~]# docker ps -a 
CONTAINER ID   IMAGE     COMMAND     CREATED         STATUS          PORTS     NAMES
98b74ab02ea5   busybox   "/bin/sh"   4 minutes ago   Up 21 seconds             xyx

• docker inspect(查看容器的详细信息)

[root@rookie ~]# docker inspect xyx
[
    {
        "Id": "98b74ab02ea5030052a4acc8071466a702db8de60ea2b34c0ccf3fc8bd7c8aef",
        "Created": "2022-04-24T11:50:03.954367485Z",
        "Path": "/bin/sh",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 5704,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2022-04-24T11:54:24.859210468Z",
            "FinishedAt": "2022-04-24T11:53:12.8571006Z"
        },
  				......
  
                    "EndpointID": "a831daf022d3e598d20f9f3cff5a59f4a139a975c4f90d0c294d06e0c5ee2e1e",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]