docker基础用法

什么是docker

docker中的容器：

• lxc --> libcontainer --> runc

OCI&OCF

---

OCI

Open Container-initiative

• 由Linux基金会主导于2015年6月创立
• 旨在围绕容器格式和运行时制定一个开放的工业化标准
• 包含两个规格contains two specifications
  • 运行时规范
  • 图像规格

---

OCF

Open Container Format

runC 是一个 CLI 工具，用于根据 OCI 规范生成和运行容器

容器作为 runC 的子进程启动，可以嵌入到各种其他系统中，而无需运行守护程序

runC 建立在 libcontainer 之上，libcontainer 是支持数百万个 Docker 引擎安装的相同容器技术

docker提供了一个专门容纳容器镜像的站点：​​​​​​https://hub.docker.com

docker架构

---

docker镜像与镜像仓库

---

镜像是静态的，而容器是动态的，容器有其生命周期，镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件，而容器则类似于将一个程序运行起来的状态，也即进程。所以容器是可以删除的，容器被删除后其镜像是不会被删除的。

docker对象

---

使用 Docker 时，您正在创建和使用映像、容器、网络、卷、插件和其他对象。

• IMAGES
  • 镜像是一个只读模板，其中包含有关创建 docker 容器的说明。
  • 通常，一个镜像基于另一个映像，并具有一些额外的自定义。
  • 您可以创建自己的镜像，也可以只使用其他人创建并在注册表中发布的镜像。

• CONTAINERS
  • 连接器是图像的可运行实例。
  • 您可以使用 Docker API 或 CLI 创建、运行、停止、移动或删除容器。
  • 可以将容器连接到一个或多个网络，将存储附加到该网络，甚至可以根据其当前状态创建新镜像。

安装及使用docker

---

docker安装

https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 阿里源链接

[root@localhost yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

[root@localhost yum.repos.d]# ls
CentOS-Base.repo  epel-modular.repo  epel-testing-modular.repo
docker-ce.repo    epel.repo          epel-testing.repo


[root@localhost ~]# dnf -y install docker-ce

docker加速

docker-ce的配置文件是/etc/docker/daemon.json，此文件默认不存在，需要我们手动创建并进行配置，而docker的加速就是通过配置此文件来实现的。

docker的加速有多种方式：

• docker cn
• 中国科技大学加速器
• 阿里云加速器（需要通过阿里云开发者平台注册帐号，免费使用个人私有的加速器）

设置开机自启

[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pre>
   Active: active (running) since Sun 2022-04-24 16:40:47 CST; 14s ago
     Docs: https://docs.docker.com
 Main PID: 5026 (dockerd)
    Tasks: 8
   Memory: 31.2M
   CGroup: /system.slice/docker.service
           └─5026 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/conta>

创建一个阿里云加速器

 把阿里云镜像写到daemon.json

[root@localhost ~]# cd /etc/docker/
[root@localhost docker]# ls
key.json
[root@localhost docker]# vim daemon.json

{
          "registry-mirrors": ["https://ay24c8ru.mirror.aliyuncs.com"]
}
~                                                                              
~                    

[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker      

docker info 可以看到运行环境

[root@localhost docker]# docker info
Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://ay24c8ru.mirror.aliyuncs.com/
 Live Restore Enabled: false

//看到https就说明加速器配置成功


[root@localhost ~]# docker version
Client: Docker Engine - Community
 Version:           20.10.14
 API version:       1.41
 Go version:        go1.16.15
 Git commit:        a224086
 Built:             Thu Mar 24 01:47:44 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.14
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       87a90dc
  Built:            Thu Mar 24 01:46:10 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.5.11
  GitCommit:        3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc:
  Version:          1.0.3
  GitCommit:        v1.0.3-0-gf46b6ba
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
//查看他的版本号

 

[root@localhost ~]# docker search seancheng1002/httpd
NAME                  DESCRIPTION   STARS     OFFICIAL   AUTOMATED
seancheng1002/httpd 
//可以搜索别人在docker仓库做的镜像


[root@localhost ~]# docker search httpd
NAME                                    DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
httpd                                   The Apache HTTP Server Project                  3975      [OK]       
centos/httpd-24-centos7                 Platform for running Apache httpd 2.4 or bui…   44                   
centos/httpd                                                                            35                   [OK]
solsson/httpd-openidc                   mod_auth_openidc on official httpd image, ve…   2                    [OK]
hypoport/httpd-cgi                      httpd-cgi                                       2                    [OK]
dariko/httpd-rproxy-ldap                Apache httpd reverse proxy with LDAP authent…   1                    [OK]
manageiq/httpd                          Container with httpd, built on CentOS for Ma…   1                    [OK]
dockerpinata/httpd                                                                      1                    
publici/httpd                           httpd:latest                                    1                    [OK]
clearlinux/httpd                        httpd HyperText Transfer Protocol (HTTP) ser…   1                    
jonathanheilmann/httpd-alpine-rewrite   httpd:alpine with enabled mod_rewrite           1                    [OK]
inanimate/httpd-ssl                     A play container with httpd, ssl enabled, an…   1                    [OK]
centos/httpd-24-centos8                                                                 1                    
lead4good/httpd-fpm                     httpd server which connects via fcgi proxy h…   1                    [OK]
manageiq/httpd_configmap_generator      Httpd Configmap Generator                       0                    [OK]
e2eteam/httpd                                                                           0                    
paketobuildpacks/httpd                                                                  0                    
httpdocker/kubia-unhealthy                                                              0                    
httpdss/archerysec                      ArcherySec repository                           0                    [OK]
19022021/httpd-connection_test          This httpd image will test the connectivity …   0                    
patrickha/httpd-err                                                                     0                    
httpdocker/kubia                                                                        0                    
sandeep1988/httpd-new                   httpd-new                                       0                    
itsziget/httpd24                        Extended HTTPD Docker image based on the off…   0                    [OK]
manasip/httpd                                                                           0                    
//官方的镜像

docker常用操作

命令	功能
docker search	Search the Docker Hub for images
docker pull	Pull an image or a repository from a registry
docker images	List images
docker create	Create a new conntainer
docker start	Start one or more stopped containers
docker run	Run a command in a new container
docker attach	Attach to a runninng container
docker ps	List containers
docker logs	Fetch the logs of a container
docker restart	Restart a container
docker stop	Stop one or more running containers
docker kill	Kill one or more running containers
docker rm	Remove onne or more containers
docker exec	Run a command in a running container
docker info	Display system-wide information
docker inspect	Return low-level information on Docker objects

[root@localhost ~]# ls /var/lib/docker
buildkit    image    overlay2  runtimes  tmp    volumes
containers  network  plugins   swarm     trust

[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

//目前时空的
[root@localhost ~]# docker pull httpd
//拉最新版本的 如果要指定版本在httpd后面跟上版本号即可

[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
httpd        latest    c30a46771695   4 days ago   144MB
//可以看到多了httpd

[root@localhost ~]# docker pull httpd:2.4.53
2.4.53: Pulling from library/httpd

[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
httpd        2.4.53    c30a46771695   4 days ago   144MB
httpd        latest    c30a46771695   4 days ago   144MB

创建一个httpd容器

[root@localhost ~]# docker create --name web -p 80:80 httpd
b9f1f8002b43430d9fd75314340281e5b9e05981f24e6191b476a6111b913d0e

查看容器的状态

​
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS    PORTS     NAMES
b9f1f8002b43   httpd     "httpd-foreground"   46 seconds ago   Created             web

​

启动docker

​
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS    PORTS     NAMES
b9f1f8002b43   httpd     "httpd-foreground"   46 seconds ago   Created             web


[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND              CREATED         STATUS         PORTS                               NAMES
b9f1f8002b43   httpd     "httpd-foreground"   2 minutes ago   Up 5 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web

关闭防火墙

[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vi /etc/selinux/config 


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

[root@localhost ~]# setenforce 0

访问

 停止

[root@localhost ~]# docker stop web
web
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED         STATUS                     PORTS     NAMES
b9f1f8002b43   httpd     "httpd-foreground"   5 minutes ago   Exited (0) 8 seconds ago             web

防火墙放行的方式

[root@localhost ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 service name=http accept' --permanent
success

[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="0.0.0.0/0" service name="http" accept

重启

[root@localhost ~]# docker restart web
web
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS         PORTS                               NAMES
b9f1f8002b43   httpd     "httpd-foreground"   19 minutes ago   Up 5 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web

杀掉进程

[root@localhost ~]# docker kill web
web
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS                       PORTS     NAMES
b9f1f8002b43   httpd     "httpd-foreground"   20 minutes ago   Exited (137) 8 seconds ago             web

查看日志

[root@localhost ~]# docker logs web
192.168.80.1 - - [24/Apr/2022:10:05:12 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:05:13 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:05:14 +0000] "GET / HTTP/1.1" 304 -
//访问的状态

192.168.80.1 - - [24/Apr/2022:10:05:12 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:05:13 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:05:14 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:06:04 +0000] "-" 408 -
192.168.80.1 - - [24/Apr/2022:10:06:40 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:06:41 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:06:42 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:06:43 +0000] "GET / HTTP/1.1" 304 -
192.168.80.1 - - [24/Apr/2022:10:06:56 +0000] "GET /sda HTTP/1.1" 404 196
192.168.80.1 - - [24/Apr/2022:10:06:58 +0000] "GET /sda HTTP/1.1" 404 196

rm删除容器

[root@localhost ~]# docker rm -f b9f1f8002b43
b9f1f8002b43
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
httpd        2.4.53    c30a46771695   4 days ago   144MB
httpd        latest    c30a46771695   4 days ago   144MB

docker  run  直接创建运行进入

[root@localhost ~]# docker run -it --name test busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete 
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
/ # 
/ # ip a
1: lo:  mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
14: eth0@if15:  mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
/ # exit
//退出

容器停掉的情况下进去退出并运行

[root@localhost ~]# docker exec -it test /bin/sh
/ # ip a
1: lo:  mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
18: eth0@if19:  mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
/ # exit
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND     CREATED         STATUS          PORTS     NAMES
045b410c8557   busybox   "/bin/sh"   5 minutes ago   Up 32 seconds             test