一,Docker简介,功能特性与应用场景
1.1 Docker简介
-
Docker是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的Linux机器上,也可以实现虚拟化,容器是完全使用沙箱机制,相互之间不会有任何接口。
-
一个完整的Docker有以下几个部分组成:
- Docker Client 客户端
- Docker Daemon 守护进程
- Docker Image 镜像
- Docker Container 容器
1.2 Docker功能特性
- 隔离环境(系统,网络,文件系统)与应用
- 解决依赖与版本问题
- 易于分发,开箱即用
- 节点与容器快速扩容
- 镜像制作简单便捷,管理方便
(1)隔离
- 通过cgroup(隔离和跟踪资源的使用)& namespace(组与组之间隔离)来实现轻量级的进程隔离
- 对于容器中运行的进程来说,自己独占了一个系统
- 容器间网络,文件及其他资源都互相隔离
(2)版本与依赖
- 传统模式下,多个不同环境或版本的项目需要部署在不同机器上,部署与后期维护管理复杂繁琐。
- 使用Docker,通过多个不同版本或者环境的镜像,可以同时运行在一台机器上互不干扰,部署与后期维护简单方便。
(3)分发与使用
- 镜像可以通过导入,导出,上传到镜像仓库等多种方式进行分发
- 在启动了Docker的系统上直接使用docker run即可启动镜像,无需特别配置。
(4)扩容
- 容器扩容简单方便
- 扩容节点只需安装并启动Docker即可
(5)镜像制作
- 镜像的灵魂Dockerfile
- 使用Dockerfile进行指令控制
- 基于Linux命令,易于理解,快速上手
- 易于定制与修改
1.3 Docker应用场景
-
Docker通常应用于如下场景:
- web应用的自动化打包和发布;
- 自动化测试和持续集成,发布;
- 应用服务,如MySQL,Redis等,通过Docker实现快速部署;
- k8s私有云
二,Docker的安装
2.1 安装环境
最小化安装Centos7.5
[root@Docker ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@Docker ~]# uname -r
3.10.0-862.3.3.el7.x86_64
关闭防火墙和selinux
[root@Docker ~]# systemctl stop firewalld
[root@Docker ~]# systemctl disable firewalld
[root@Docker ~]# setenforce 0
setenforce: SELinux is disabled
2.2 版本选择
-
Docker
- 17.03之后版本变为Docker CE
-
Docker CE
- 社区版,Community Edition
-
Docker EE
- 企业版,Enterprise Edition
- 收费版本,强调安全性,提供一些高级特性及商业支持
2.3 Docker安装:标准版本
特别提示:
centos7.5在搭建本地yum仓库的时候只需要修改
CentOS-Media.repo 文件即可(不需要将其他文件仍子目录里)
确保虚拟机能正常上网
[root@Docker ~]# yum -y install docker
[root@Docker ~]# systemctl start docker #启动docker进程
[root@Docker ~]# systemctl enable docker #加入docker开机启动
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@Docker ~]# docker ps #查看封装在docker镜像中的正在运行的镜像进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@Docker ~]# docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-63.git94f4240.el7.centos.x86_64
Go version: go1.9.4
Git commit: 94f4240/1.13.1
Built: Fri May 18 15:44:33 2018
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-63.git94f4240.el7.centos.x86_64
Go version: go1.9.4
Git commit: 94f4240/1.13.1
Built: Fri May 18 15:44:33 2018
OS/Arch: linux/amd64
Experimental: false
2.4 Docker安装:CE社区版
首先清理掉yum安装的docker标准版
这里有两种方式
#第一种清理docker方法
[root@Docker ~]# yum -y remove docker
#第二种清理docker方法
[root@Docker ~]# yum history list #查看yum安装的历史列表
已加载插件:fastestmirror
ID | 登录用户 | 日期和时间 | 操作 | 变更数
-------------------------------------------------------------------------------
6 | root <root> | 2018-07-02 22:30 | Install | 17 EE #这次就是安装的docker
5 | root <root> | 2018-07-02 20:08 | I, U | 60
4 | root <root> | 2018-07-03 03:54 | Install | 93
3 | root <root> | 2018-07-03 03:53 | Install | 1
2 | root <root> | 2018-07-03 03:53 | Install | 1
1 | 系统 <空> | 2018-07-03 03:46 | Install | 313
history list
[root@Docker ~]# yum history info 6 #查看yum历史安装ID为6的安装信息
已加载插件:fastestmirror
事务 ID: 6
起始时间 : Mon Jul 2 22:30:11 2018
启动 RPM 数据库 : 409:3aba29f1d5b7e2d7ff3ed9f169ec4a2225595390
结束时间 : 22:30:27 2018 (16 秒)
结束 RPM 数据库 : 426:28338758ec6a2332cabb3a1439336bd451c52366
用户 : root <root>
返回码 : 成功
命令行 : -y install docker
事务完成属主:
已安装 rpm-4.11.3-32.el7.x86_64 @anaconda
已安装 yum-3.4.3-158.el7.centos.noarch @anaconda
已安装 yum-plugin-fastestmirror-1.1.31-45.el7.noarch @anaconda
已变更的包:
依赖安装 audit-libs-python-2.8.1-3.el7.x86_64 @base
依赖安装 checkpolicy-2.5-6.el7.x86_64 @base
依赖安装 container-selinux-2:2.55-1.el7.noarch @extras
依赖安装 container-storage-setup-0.9.0-1.rhel75.gite0997c3.el7.noarch @extras
安装 docker-2:1.13.1-63.git94f4240.el7.centos.x86_64 @extras
依赖安装 docker-client-2:1.13.1-63.git94f4240.el7.centos.x86_64 @extras
依赖安装 docker-common-2:1.13.1-63.git94f4240.el7.centos.x86_64 @extras
依赖安装 libcgroup-0.41-15.el7.x86_64 @base
依赖安装 libsemanage-python-2.5-11.el7.x86_64 @base
依赖安装 oci-register-machine-1:0-6.git2b44233.el7.x86_64 @extras
依赖安装 oci-systemd-hook-1:0.1.15-2.gitc04483d.el7.x86_64 @extras
依赖安装 oci-umount-2:2.3.3-3.gite3c9055.el7.x86_64 @extras
依赖安装 policycoreutils-python-2.5-22.el7.x86_64 @base
依赖安装 python-IPy-0.75-6.el7.noarch @base
依赖安装 setools-libs-3.3.8-2.el7.x86_64 @base
依赖安装 skopeo-containers-1:0.1.29-3.dev.git7add6fc.el7.0.x86_64 @extras
依赖安装 yajl-2.0.4-4.el7.x86_64 @base
Scriptlet 输出:
1 setsebool: SELinux is disabled.
history info
[root@Docker ~]# yum -y history undo 6 #进行yum安装操作回退
特别提示:
yum的回退安装在工作中很有用,请留心学习
接下来我们安装Docker的CE社区版
#安装依赖包
[root@Docker ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
#添加docker的CE版本的yum源配置文件
[root@Docker ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 2544 0 --:--:-- --:--:-- --:--:-- 2543
[root@Docker ~]# ll /etc/yum.repos.d/docker-ce.repo
-rw-r--r-- 1 root root 2424 7月 2 23:00 /etc/yum.repos.d/docker-ce.repo
#安装CE版本的docker
[root@Docker ~]# yum -y install docker-ce
[root@Docker ~]# systemctl start docker #启动docker
[root@Docker ~]# systemctl enable docker #添加开机启动
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@Docker ~]# docker version #查看docker版本
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:20:16 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:23:58 2018
OS/Arch: linux/amd64
Experimental: false
三,Docker的操作命令
3.0 添加docker国内镜像源
在开始学习docker之前,我们首先要更改一下docker的默认源镜像下载地址(默认是从国外下载,很慢),我们需要添加国内的源地址
[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors":[ "https://81l9w6xn.mirror.aliyuncs.com" ]
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
3.1 Docker命令:search
用于从docker的官方公有镜像仓库查找镜像
(1)查看Docker Hub上公开的centos镜像
[root@docker ~]# docker search centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 4419 [OK]
...以下省略无数行....
特别说明:
Name:镜像的名字
DESCRIPTION:描述
STARS:星级(越高越好)
OFFICIAL:是否是官方发布的
AUTOMATED:是否自动化的
(2)查找星级多于100的centos镜像
root@docker ~]# docker search centos -f stars=100
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 4419 [OK]
ansible/centos7-ansible Ansible on Centos7 114 [OK]
特别提示:
/:符号用于分割作者名称和镜像名称
ansible/centos7-ansible:ansible是作者名称,centos7-ansible是镜像名称
(3)多条件查找–filter
#查找官方发布的,星级大于100的centos镜像
[root@docker ~]# docker search centos --filter is-official=true --filter stars=100
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 4419 [OK]
3.2 Docker命令:pull
用于从Docker Hub上下载公有镜像
#查找符合条件的hello-world镜像
[root@docker ~]# docker search hello-world --filter is-official=true --filter stars=100
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
hello-world Hello World! (an example of minimal Dockeriz… 572 [OK]
#下载目标hello-world镜像
[root@docker ~]# docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
9bb5a5d4561a: Pull complete
Digest: sha256:3e1764d0f546ceac4565547df2ac4907fe46f007ea229fd7ef2718514bcec35d
Status: Downloaded newer image for hello-world:latest #下载成功latest是标记tag
#下载目标centos:7镜像
[root@docker 7]# docker pull centos:7 #网速不好的话,需要点时间耐心等待
3.3 Docker命令:images
用于本地镜像的查看
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 49f7960eb7e4 4 weeks ago 200MB
hello-world latest e38bc07ac18e 2 months ago 1.85kB
特别说明:
REPOSITORY:镜像仓库(下边罗列的都是本地已有镜像名称)
TAG:镜像的标记(为了区分同名镜像)
IMAGES ID:镜像的ID号
CREATED:此镜像的创建时间
SIZE:此镜像的大小
3.4 Docker命令:build
用于本地自定义镜像的构建,需要创建Dockerfile文件
#创建Dockerfile文件的存储目录
[root@docker ~]# mkdir -p /root/dockerfile/lib/centos/7
[root@docker ~]# cd /root/dockerfile/lib/centos/7
#创建docker.sh脚本
[root@docker 7]# vim docker.sh
[root@docker 7]# cat docker.sh
#!/bin/bash
while true
do
echo "welcome"
sleep 5
done
#创建Dockerfile配置文件,文件名称必须为Dockerfile,第一个字母必须大写
[root@docker 7]# vim Dockerfile
[root@docker 7]# cat Dockerfile
FROM centos #从centos源镜像的基础上进行构建
LABEL MAINTATNER="Mr.chen.com" #作者的名称
RUN ln -sfv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #RUN:在镜像构建过程中运行命令
ADD docker.sh /home/test/ #从本地系统中把docker.sh文件添加到构建中的镜像的/home/test/目录下
RUN chmod +x /home/test/docker.sh #在镜像构建过程中运行命令
CMD ["/home/test/docker.sh"] #构建镜像完成时,最后执行的命令
#根据Dockfile配置文件构建一个自定义镜像
[root@docker 7]# docker build -t Mr.chen/centos7:1 . #-t 指定镜像名称 :1 设定镜像的tag标记
Sending build context to Docker daemon 3.072kB
Step 1/6 : FROM centos
---> 49f7960eb7e4
Step 2/6 : LABEL MAINTATNER="Mr.chen.com"
---> Running in 2537e36ba496
Removing intermediate container 2537e36ba496
---> 1a932d4c7762
Step 3/6 : RUN ln -sfv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
---> Running in 7890b38ae948
'/etc/localtime' -> '/usr/share/zoneinfo/Asia/Shanghai'
Removing intermediate container 7890b38ae948
---> 82c412669879
Step 4/6 : ADD docker.sh /home/test/
---> 8f092336a175
Step 5/6 : RUN chmod +x /home/test/docker.sh
---> Running in b034c6f7439f
Removing intermediate container b034c6f7439f
---> f6587dbd78dd
Step 6/6 : CMD ["/home/test/docker.sh"]
---> Running in cd13edcd6632
Removing intermediate container cd13edcd6632
---> 58af3ad826d2
Successfully built 58af3ad826d2 #构建成功
Successfully tagged Mr.chen/centos7:1
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos7 1 58af3ad826d2 57 seconds ago 200MB #TAG为1
centos 7 49f7960eb7e4 4 weeks ago 200MB
hello-world latest e38bc07ac18e 2 months ago 1.85kB
3.5 Docker命令:run
运行一个本地镜像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos7 1 58af3ad826d2 26 minutes ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
jdeathe/centos-ssh latest 563e45ee6e12 2 months ago 219MB
hello-world latest e38bc07ac18e 2 months ago 1.85kB
[root@docker ~]# docker run -d -it 58af3ad826d2
093e4fb8b09c8082c4749ad34db09c58f43111e447bbaccdd527d558a12f4404
特别提示:
docker run:运行一个指定的images id
-d:放在后台运行
-i:可以进行命令交互
-t:制作一个伪终端用于登陆
58af3ad826d2:镜像的ID,可以简写成58a
3.6 Docker命令:ps
查看已经运行的镜像的进程
[root@docker ~]# docker ps -a #查看所有运行的镜像进程(包含退出的exit)
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
093e4fb8b09c 58af3ad826d2 "/bin/bash" 4 minutes ago Up 4 minutes gallant_ptolemy
特别提示:
STATUS:进程的状态,UP表示正在运行中,EXIT表示已经退出了。
3.7 Docker命令:attach
从本地系统中切入到某个STATUS状态是UP的镜像进程里
[root@docker ~]# docker ps -
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
093e4fb8b09c 58af3ad826d2 "/bin/bash" 4 minutes ago Up 4 minutes gallant_ptolemy
[root@docker ~]# docker attach 093e4fb8b09c #切入到容器号为093e4fb8b09c的镜像进程里
[root@093e4fb8b09c /]# ls #已经进入容器里了
bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@093e4fb8b09c /]# exit #退出容器
exit
[root@docker ~]# docker ps -a #容器的进程的STATUS已经处于EXIT状态(之前是后台运行的,切入进去后执行exit就等于手动退出了)
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
093e4fb8b09c 58af3ad826d2 "/bin/bash" 9 minutes ago Exited (127) 11 seconds ago gallant_ptolemy
3.8 Docker命令:stop
用于停止一个正在运行着的容器进程
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
093e4fb8b09c 58af3ad826d2 "/bin/bash" 12 minutes ago Exited (127) 3 minutes ago gallant_ptolemy
#再次在后台启动一个镜像
[root@docker ~]# docker run -d -it 58af3ad826d2 /bin/bash
ceb6682bd574a78d0072121c095ba5f22569fa46c2ec00f203f4b0a988cb75a5
[root@docker ~]# docker ps -a #增加了一个容器进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb6682bd574 58af3ad826d2 "/bin/bash" 3 seconds ago Up 2 seconds affectionate_agnesi
093e4fb8b09c 58af3ad826d2 "/bin/bash" 12 minutes ago Exited (127) 3 minutes ago gallant_ptolemy
#停止一个运行着的容器进程
[root@docker ~]# docker stop ceb6682bd574
ceb6682bd574
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb6682bd574 58af3ad826d2 "/bin/bash" 2 minutes ago Exited (137) 13 seconds ago affectionate_agnesi
093e4fb8b09c 58af3ad826d2 "/bin/bash" 14 minutes ago Exited (127) 5 minutes ago gallant_ptolemy
3.9 Docker命令:start
用于启动一个已经停止了的容器进程
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb6682bd574 58af3ad826d2 "/bin/bash" 2 minutes ago Exited (137) 13 seconds ago affectionate_agnesi
093e4fb8b09c 58af3ad826d2 "/bin/bash" 14 minutes ago Exited (127) 5 minutes ago gallant_ptolemy
[root@docker ~]# docker start ceb6682bd574
ceb6682bd574
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb6682bd574 58af3ad826d2 "/bin/bash" 2 minutes ago Up 2 seconds affectionate_agnesi
093e4fb8b09c 58af3ad826d2 "/bin/bash" 15 minutes ago Exited (127) 6 minutes ago gallant_ptolemy
3.10 Docker命令:rm
用于删除一个已经停止了的容器进程
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb6682bd574 58af3ad826d2 "/bin/bash" 2 minutes ago Up 2 seconds affectionate_agnesi
093e4fb8b09c 58af3ad826d2 "/bin/bash" 15 minutes ago Exited (127) 6 minutes ago gallant_ptolemy
[root@docker ~]# docker rm 093e4fb8b09c
093e4fb8b09c
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb6682bd574 58af3ad826d2 "/bin/bash" 4 minutes ago Up About a minute affectionate_agnesi
[root@docker ~]# docker rm ceb6682bd574 #注意运行中的容器进程需要先stop,才能删除
Error response from daemon: You cannot remove a running container ceb6682bd574a78d0072121c095ba5f22569fa46c2ec00f203f4b0a988cb75a5. Stop the container before attempting removal or force remove
3.11 Docker命令:rmi
用于删除一个未用作容器启动的本地镜像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos7 1 58af3ad826d2 About an hour ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
hello-world latest e38bc07ac18e 2 months ago 1.85kB
[root@docker ~]# docker rmi -f e38bc07ac18e #-f 强制删除(即便被占用)
Untagged: hello-world:latest
Untagged: hello-world@sha256:3e1764d0f546ceac4565547df2ac4907fe46f007ea229fd7ef2718514bcec35d
Deleted: sha256:e38bc07ac18ee64e6d59cf2eafcdddf9cec2364dfe129fe0af75f1b0194e0c96
Deleted: sha256:2b8cbd0846c5aeaa7265323e7cf085779eaf244ccbdd982c4931aef9be0d2faf
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos7 1 58af3ad826d2 About an hour ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker ~]# docker rmi 58af3ad826d2 #但要注意,被用作容器启动的镜像是不能删除的(需先rm删除容器进程)
Error response from daemon: conflict: unable to delete 58af3ad826d2 (cannot be forced) - image is being used by running container ceb6682bd574
[root@docker ~]# docker rmi -f 58af3ad826d2 #强行删除被容器进程占用的镜像也是不行的
Error response from daemon: conflict: unable to delete 58af3ad826d2 (cannot be forced) - image is being used by running container ceb6682bd574
[root@docker ~]# docker ps -a #查看容器进程,被占用中
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb6682bd574 58af3ad826d2 "/bin/bash" 9 minutes ago Up 6 minutes affectionate_agnesi
3.12 Docker命令:commit
将一个更改过的容器进程的容器状态保存为一个新的镜像
[root@docker ~]# docker ps -a #查看启动的容器进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5af7d28b054e 58af3ad826d2 "/bin/bash" About a minute ago Up About a minute tender_dubinsky
[root@docker ~]# docker attach 5af7d28b054e #切入容器进程
[root@5af7d28b054e /]# ls
bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@5af7d28b054e /]# mkdir yunjisuan #在容器进程里创建yunjisuan目录
[root@5af7d28b054e /]# ls
bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var yunjisuan
[root@5af7d28b054e /]# exit #退出容器进程
exit
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5af7d28b054e 58af3ad826d2 "/bin/bash" 2 minutes ago Exited (0) 4 seconds ago tender_dubinsky
[root@docker ~]# docker commit 5af7d28b054e Mr.chen/centos:2 #将更改后的容器进程保存为一个新的镜像
sha256:5620f1cb9e8eac8ea79f95e6f5786f8503f6ac12428bd3e9dc8197a173e426b8
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos 2 5620f1cb9e8e 4 seconds ago 200MB #保存成功
Mr.chen/centos7 1 58af3ad826d2 21 hours ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
#启动新保存的镜像
[root@docker ~]# docker run -d -it 5620f1cb9e8e /bin/bash
aeda0a4b7e85e940945ce7e318c9ef56ad720cfc9c586b1b0f79bbcd1cf232e6
[root@docker ~]# docker ps -a #查看新镜像的容器进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aeda0a4b7e85 5620f1cb9e8e "/bin/bash" 3 seconds ago Up 3 seconds zealous_goldstine
5af7d28b054e 58af3ad826d2 "/bin/bash" 7 minutes ago Exited (0) 4 minutes ago tender_dubinsky
[root@docker ~]# docker attach aeda0a4b7e85 #切入新镜像的容器进程
[root@aeda0a4b7e85 /]# ls -d yunjisuan #我们发现之前创建的目录仍旧存在
yunjisuan
3.13 Docker命令:exec
用于从本地操作系统上直接向容器进程发布执行命令并返回结果
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aeda0a4b7e85 5620f1cb9e8e "/bin/bash" 6 minutes ago Up 4 seconds zealous_goldstine
5af7d28b054e 58af3ad826d2 "/bin/bash" 13 minutes ago Exited (0) 11 minutes ago tender_dubinsky
[root@docker ~]# docker exec aeda0a4b7e85 ls /tmp #查看容器进程里的/tmp目录下所有内容
ks-script-3QMvMi
yum.log
[root@docker ~]# docker exec aeda0a4b7e85 ls -d /yunjisuan #查看容器进程里/yunjisuan目录
/yunjisuan
3.14 Docker命令:cp
用于在容器进程和本地系统之间复制文件
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aeda0a4b7e85 5620f1cb9e8e "/bin/bash" 9 minutes ago Up 2 minutes zealous_goldstine
5af7d28b054e 58af3ad826d2 "/bin/bash" 16 minutes ago Exited (0) 14 minutes ago tender_dubinsky
[root@docker ~]# docker exec aeda0a4b7e85 ls /tmp #向容器进程发布命令
ks-script-3QMvMi
yum.log
[root@docker ~]# docker cp aeda0a4b7e85:/tmp/yum.log . #将指定容器进程的/tmp/yum.log复制到当前目录下
[root@docker ~]# ls
anaconda-ks.cfg dockerfile nohup.out ping.out yum.log #已经复制过来了
[root@docker ~]# docker cp anaconda-ks.cfg aeda0a4b7e85:/tmp/ #将本地文件复制到容器进程里
[root@docker ~]# docker exec aeda0a4b7e85 ls /tmp
anaconda-ks.cfg #复制成功
ks-script-3QMvMi
yum.log
3.15 Docker命令:create
用于创建一个容器进程,但是并不启动它
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos 2 5620f1cb9e8e 22 minutes ago 200MB
Mr.chen/centos7 1 58af3ad826d2 22 hours ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker ~]# docker create -it 5620f1cb9e8e #创建一个镜像的容器进程,但不直接启动
6040b7b6decee3701444af0e6258f7af506e2e1bed4967e9fa5d67fe9bd599e8
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6040b7b6dece 5620f1cb9e8e "/bin/bash" 3 seconds ago Created nifty_yalow #创建状态并未启动
5af7d28b054e 58af3ad826d2 "/bin/bash" 25 minutes ago Exited (0) 23 minutes ago tender_dubinsky
[root@docker ~]# docker start 6040b7b6dece #启动容器进程
6040b7b6dece
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6040b7b6dece 5620f1cb9e8e "/bin/bash" 17 seconds ago Up 1 second nifty_yalow
5af7d28b054e 58af3ad826d2 "/bin/bash" 26 minutes ago Exited (0) 23 minutes ago tender_dubinsky
3.16 Docker命令:diff
查看容器进程与源镜像做对比,发生了改变的文件或文件夹
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos 2 5620f1cb9e8e 11 hours ago 200MB
Mr.chen/centos7 1 58af3ad826d2 32 hours ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker ~]# docker run -d -it 5620f1cb9e8e #启动一个镜像的容器进程
ab06a9794e45ca35ab5f4594d630ecbe3527814233cc004d4deb8aafde2906f8
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ab06a9794e45 5620f1cb9e8e "/bin/bash" 3 seconds ago Up 2 seconds confident_snyder
[root@docker ~]# docker attach ab06a9794e45 #切入容器进程
[root@ab06a9794e45 /]# cd /yunjisuan/
[root@ab06a9794e45 yunjisuan]# pwd
/yunjisuan
[root@ab06a9794e45 yunjisuan]# touch {1..10} #在容器进程中创建文件
[root@ab06a9794e45 yunjisuan]# ls
1 10 2 3 4 5 6 7 8 9
[root@ab06a9794e45 yunjisuan]# exit #退出容器进程
exit
[root@docker ~]# docker diff ab06a9794e45 #查看容器进程的变化
C /root/.bash_history
C /yunjisuan
A /yunjisuan/1
A /yunjisuan/10
A /yunjisuan/2
A /yunjisuan/3
A /yunjisuan/4
A /yunjisuan/5
A /yunjisuan/6
A /yunjisuan/7
A /yunjisuan/8
A /yunjisuan/9
3.17 Docker命令:events
时时监测容器的变化情况
[root@docker ~]# docker events
2018-07-06T09:11:23.938963932+08:00 network connect c03e38ce8c0e54511899c4ad34b37adaa6339b68e44478072b7d9a4129afdb7a (container=ab06a9794e45ca35ab5f4594d630ecbe3527814233cc004d4deb8aafde2906f8, name=bridge, type=bridge)
2018-07-06T09:11:24.096366168+08:00 container start ab06a9794e45ca35ab5f4594d630ecbe3527814233cc004d4deb8aafde2906f8 (MAINTATNER=Mr.chen.com, image=5620f1cb9e8e, name=confident_snyder, org.label-schema.schema-version== 1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20180531)
前台时时监控容器的变化若要检测,需要另外再起一个窗口进行操作
3.18 Docker命令:export
将容器进程的文件系统导出到本地
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ab06a9794e45 5620f1cb9e8e "/bin/bash" About an hour ago Up About an hour confident_snyder
[root@docker ~]# docker export ab06a9794e45 > test.tar #将容器进程导出成一个tar包
[root@docker ~]# ls
anaconda-ks.cfg dockerfile nohup.out ping.out test.tar yum.log
3.19 Docker命令:import
用于将export导出的文件系统创建为一个镜像
[root@docker ~]# ls
anaconda-ks.cfg dockerfile nohup.out ping.out test.tar yum.log
[root@docker ~]# docker import test.tar Mr.chen/centos:3 #将导出的tar包文件系统生成一个新的镜像
sha256:745606e08231f270d40fe2bff574f10b60144e52accd79772c0ed8c739da015a
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos 3 745606e08231 4 seconds ago 200MB
Mr.chen/centos 2 5620f1cb9e8e 13 hours ago 200MB
Mr.chen/centos7 1 58af3ad826d2 34 hours ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
3.20 Docker命令:history
用于查看一个镜像的历史修改纪录
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos 3 745606e08231 4 seconds ago 200MB
Mr.chen/centos 2 5620f1cb9e8e 13 hours ago 200MB
Mr.chen/centos7 1 58af3ad826d2 34 hours ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker ~]# docker history 745606e08231
IMAGE CREATED CREATED BY SIZE COMMENT
745606e08231 6 minutes ago 200MB Imported from -
[root@docker ~]# docker history 5620f1cb9e8e
IMAGE CREATED CREATED BY SIZE COMMENT
5620f1cb9e8e 13 hours ago /bin/bash 27B
58af3ad826d2 34 hours ago /bin/sh -c #(nop) CMD ["/home/test/docker.s… 0B
f6587dbd78dd 34 hours ago /bin/sh -c chmod +x /home/test/docker.sh 57B
8f092336a175 34 hours ago /bin/sh -c #(nop) ADD file:84ec58f8405b16017… 57B
82c412669879 34 hours ago /bin/sh -c ln -sfv /usr/share/zoneinfo/Asia/… 33B
1a932d4c7762 34 hours ago /bin/sh -c #(nop) LABEL MAINTATNER=Mr.chen.… 0B
49f7960eb7e4 4 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 4 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 4 weeks ago /bin/sh -c #(nop) ADD file:8f4b3be0c1427b158… 200MB
3.21 Docker命令:info
用于查看当前操作系统的docker运行信息
[root@docker ~]# docker info
Containers: 1 #容器进程1个
Running: 1 #正在运行状态的容器1个
Paused: 0
Stopped: 0
Images: 8 #一共有8个镜像
Server Version: 18.03.1-ce
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.3.3.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 974.6MiB
Name: docker
ID: IZLC:3CEK:YWIH:CEWB:SHHI:BUAY:B3I5:GGN6:BW4E:4O2Z:FVAD:DMPI
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
3.22 Docker命令:inspect
查看某个镜像的详细信息
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Mr.chen/centos 3 745606e08231 12 minutes ago 200MB
Mr.chen/centos 2 5620f1cb9e8e 13 hours ago 200MB
Mr.chen/centos7 1 58af3ad826d2 34 hours ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker ~]# docker inspect 745606e08231
[
{
"Id": "sha256:745606e08231f270d40fe2bff574f10b60144e52accd79772c0ed8c739da015a",
"RepoTags": [
"Mr.chen/centos:3"
],
"RepoDigests": [],
"Parent": "",
"Comment": "Imported from -",
"Created": "2018-07-06T02:36:40.100685513Z",
"Container": "",
"ContainerConfig": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": null,
"Image": "",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"DockerVersion": "18.03.1-ce",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": null,
"Image": "",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 199678439,
"VirtualSize": 199678439,
"GraphDriver": {
"Data": {
"MergedDir": "/var/lib/docker/overlay2/a5c2a8fae1f8ccde01cbb408f8ad3d35d613c35eb0384395d4d0a5c40d9823cf/merged",
"UpperDir": "/var/lib/docker/overlay2/a5c2a8fae1f8ccde01cbb408f8ad3d35d613c35eb0384395d4d0a5c40d9823cf/diff",
"WorkDir": "/var/lib/docker/overlay2/a5c2a8fae1f8ccde01cbb408f8ad3d35d613c35eb0384395d4d0a5c40d9823cf/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:168843d36816cba72e7a483e5d6ce0fe89a6755fe86704d162306082f4300a8c"
]
},
"Metadata": {
"LastTagTime": "2018-07-06T10:36:40.101585642+08:00"
}
}
]
3.23 Docker命令:kill
强行停止一个或多个正在运行状态的容器进程
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ab06a9794e45 5620f1cb9e8e "/bin/bash" 2 hours ago Up 2 hours confident_snyder
[root@docker ~]# docker kill ab06a9794e45
ab06a9794e45
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ab06a9794e45 5620f1cb9e8e "/bin/bash" 2 hours ago Exited (137) 1 second ago confident_snyder
3.24 Docker命令:save
用于将一个镜像的文件系统导出到本地(export导出的是容器)
#重新build一个镜像
[root@docker ~]# cd dockerfile/lib/centos/7/
[root@docker 7]# docker build -t test:1 .
Sending build context to Docker daemon 3.072kB
Step 1/6 : FROM centos
---> 49f7960eb7e4
Step 2/6 : LABEL MAINTATNER="Mr.chen.com"
---> Running in 9c71d8d0c8d9
Removing intermediate container 9c71d8d0c8d9
---> c719db6a38bb
Step 3/6 : RUN ln -sfv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
---> Running in 39436af722de
'/etc/localtime' -> '/usr/share/zoneinfo/Asia/Shanghai'
Removing intermediate container 39436af722de
---> c80e63f73145
Step 4/6 : ADD docker.sh /home/test/
---> fa1179b1ab73
Step 5/6 : RUN chmod +x /home/test/docker.sh
---> Running in 5a0243641c71
Removing intermediate container 5a0243641c71
---> f4fe4b82300c
Step 6/6 : CMD ["/home/test/docker.sh"]
---> Running in f259134ac5be
Removing intermediate container f259134ac5be
---> cc87aef92b66
Successfully built cc87aef92b66
Successfully tagged test:1
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 4 seconds ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
#save导出test:1这个镜像(也可以用id号)
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 51 seconds ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker save test:1 > test.tar
[root@docker 7]# ls
Dockerfile docker.sh test.tar
3.25 Docker命令:load
用于将save导出到本地的tar包,重新加载为镜像(和源镜像的名字标识完全一样)
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 2 minutes ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker rmi test:1 #删除镜像test:1
Untagged: test:1
Deleted: sha256:cc87aef92b667fa2ef8c6f00fc2c598931adcc137e569a5ee77626e98845c66f
Deleted: sha256:f4fe4b82300c163350ca7aea20d713246b34861e57778482a8536b189eb15328
Deleted: sha256:a49455ce240e931703525ab8bd0fd46a08283681e54b412cc2ae3ff98c346847
Deleted: sha256:fa1179b1ab73c564f85ab15038abc27248da914bf61f835432b1b3e9660dac3f
Deleted: sha256:c9686c8c97ed841d519023cc7ce6a7e8b6c6af51d2d85084dcf37b072933f353
Deleted: sha256:c80e63f73145c443d5fac77b166b68b0865167ce3e17b9207540bc926276850a
Deleted: sha256:0794cb3a1f33a60e86ffd252d7db298799b44c846efe6b0aef3e445db767d662
Deleted: sha256:c719db6a38bb83756c8e831694268681ece2ee2e8ae6ecad12bd810997f61b9e
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker load < test.tar #将之前test:1这个镜像的save备份导入系统
cdba4ed54f31: Loading layer [==================================================>] 2.048kB/2.048kB
0e990db11d5d: Loading layer [==================================================>] 3.584kB/3.584kB
e57b2692ffad: Loading layer [==================================================>] 3.072kB/3.072kB
Loaded image: test:1
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 2 minutes ago 200MB #和原来的镜像完全一样
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
3.26 Docker命令:logs
用于输出一个容器进程内的操作日志
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 12 minutes ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker 7]# docker run -d -it test:1
16f9f6c9c699c649709b5643590c632f4c2e2f621de7dd1a6c480ae863761a98
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
16f9f6c9c699 test:1 "/home/test/docker.sh" 2 seconds ago Up 2 seconds adoring_noether
[root@docker 7]# docker logs --tail 5 16f9f6c9c699 #只显示容器日志的后5行
welcome
welcome
welcome
welcome
welcome
3.27 Docker命令:pause && unpause
用于将一个或多个容器的进程暂停和恢复
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
16f9f6c9c699 test:1 "/home/test/docker.sh" 5 minutes ago Up 5 minutes adoring_noether
[root@docker 7]# docker pause 16f9f6c9c699 #暂停容器进程
16f9f6c9c699
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
16f9f6c9c699 test:1 "/home/test/docker.sh" 5 minutes ago Up 5 minutes (Paused) adoring_noether
[root@docker 7]# docker unpause 16f9f6c9c699 #恢复容器进程
16f9f6c9c699
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
16f9f6c9c699 test:1 "/home/test/docker.sh" 5 minutes ago Up 5 minutes adoring_noether
3.28 Docker命令:port
用于列出一个容器的端口映射及协议
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 24 minutes ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker run -d -it -p 2222:22 test:1 #启动一个镜像的容器进程 -p 指定本地2222端口映射到容器的22端口
6321c3a3481fe44c13307a1e082ac58a0ee87b29e8bdd2a2d664914a66405f1c
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 5 seconds ago Up 4 seconds 0.0.0.0:2222->22/tcp romantic_elbakyan
16f9f6c9c699 test:1 "/home/test/docker.sh" 10 minutes ago Up 10 minutes adoring_noether
[root@docker 7]# docker port 6321c3a3481f #查看容器进程的端口映射及协议
22/tcp -> 0.0.0.0:2222
3.29 Docker命令:rename
给容器进程重命名
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 11 minutes ago Up 11 minutes 0.0.0.0:2222->22/tcp romantic_elbakyan
16f9f6c9c699 test:1 "/home/test/docker.sh" 22 minutes ago Up 22 minutes adoring_noether
[root@docker 7]# docker rename romantic_elbakyan Mr.chen
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 11 minutes ago Up 11 minutes 0.0.0.0:2222->22/tcp Mr.chen
16f9f6c9c699 test:1 "/home/test/docker.sh" 22 minutes ago Up 22 minutes adoring_noether
3.30 Docker命令:restart
重启一个容器进程
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 15 minutes ago Up 15 minutes 0.0.0.0:2222->22/tcp Mr.chen
16f9f6c9c699 test:1 "/home/test/docker.sh" 26 minutes ago Up 26 minutes adoring_noether
[root@docker 7]# docker restart 6321c3a3481f
6321c3a3481f
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 15 minutes ago Up 2 seconds 0.0.0.0:2222->22/tcp Mr.chen
16f9f6c9c699 test:1 "/home/test/docker.sh" 26 minutes ago Up 26 minutes adoring_noether
3.31 Docker命令:stats
用于时时输出容器的资源使用情况
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 17 minutes ago Up About a minute 0.0.0.0:2222->22/tcp Mr.chen
16f9f6c9c699 test:1 "/home/test/docker.sh" 28 minutes ago Up 28 minutes adoring_noether
[root@docker 7]# docker stats 6321c3a3481f
#--no-tream只输出一次
[root@docker 7]# docker stats 6321c3a3481f --no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
6321c3a3481f Mr.chen 0.00% 292KiB / 974.6MiB 0.03% 648B / 0B 0B / 0B 2
3.32 Docker命令:tag
用于从一个指定的镜像创建另外一个镜像
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 About an hour ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker tag test:1 test:2 #我们可以指定名字:标志来创建
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 About an hour ago 200MB
test 2 cc87aef92b66 About an hour ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker rmi test:2
Untagged: test:2
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 About an hour ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker tag cc87aef92b66 test:2 #我们也可以指定image id来创建
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test 1 cc87aef92b66 About an hour ago 200MB
test 2 cc87aef92b66 About an hour ago 200MB
centos 7 49f7960eb7e4 4 weeks ago 200MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
3.33 Docker命令:top
用于显示指定容器的进程信息
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 28 minutes ago Up 12 minutes 0.0.0.0:2222->22/tcp Mr.chen
16f9f6c9c699 test:1 "/home/test/docker.sh" 39 minutes ago Up 39 minutes adoring_noether
[root@docker 7]# docker top 6321c3a3481f
UID PID PPID C STIME TTY TIME CMD
root 89798 89784 0 11:55 pts/0 00:00:00 /bin/bash /home/test/docker.sh
root 90265 89798 0 12:07 pts/0 00:00:00 sleep 5
3.34 Docker命令:update
用于调整一个或多个容器的启动配置
[root@docker 7]# docker update --help
Usage: docker update [OPTIONS] CONTAINER [CONTAINER...]
Update configuration of one or more containers
Options:
--blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit the CPU real-time period in microseconds
--cpu-rt-runtime int Limit the CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight) #调整CPU
--cpus decimal Number of CPUs
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
--kernel-memory bytes Kernel memory limit
-m, --memory bytes Memory limit #调整内存
--memory-reservation bytes Memory soft limit
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--restart string Restart policy to apply when a container exits
3.35 Docker命令:version and wait
version用于显示docker的版本信息
wait用于捕捉一个或多个容器的退出状态,并返回退出状态码
#显示docker版本信息
[root@docker 7]# docker version
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:20:16 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:23:58 2018
OS/Arch: linux/amd64
Experimental: false
#监听容器的退出状态并返回状态码
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6321c3a3481f test:1 "/home/test/docker.sh" 33 minutes ago Up 17 minutes 0.0.0.0:2222->22/tcp Mr.chen
16f9f6c9c699 test:1 "/home/test/docker.sh" 44 minutes ago Up 44 minutes adoring_noether
[root@docker 7]# docker wait 6321c3a3481f #需要在开一个窗口stop这个容器进程再查看
137
3.36 Docker命令:login && logout && push
- login用于登陆docker hub官方公有仓库
- logout用于登出docker hub官方公有仓库
- push用于将本地镜像提交到docker hub
由于docker hub国内已经无法注册,因此无法演示上述内容
DockerHub官方公有镜像仓库:https://hub.docker.com/
四,管理应用程序数据
4.1 Volume和Bind Mount
将Docker主机数据挂载到容器
-
Docker提供三种不同方式将数据从宿主机挂载到容器中:volumes,bind mounts和tmpfs。
- volumes:Docker管理宿主机文件系统的一部分(/var/lib/docker/volumes)
- bind mounts:可以存储在宿主机系统的任意位置
- tmpfs:挂载存储在宿主机系统的内存中,而不会写入宿主机的文件系统
4.1.1 Volume
#创建一个卷
[root@docker 7]# docker volume create nginx-vol
nginx-vol
[root@docker 7]# docker volume ls
DRIVER VOLUME NAME
local nginx-vol
[root@docker 7]# docker volume inspect nginx-vol
[
{
"CreatedAt": "2018-07-07T00:07:51+08:00", #创建时间
"Driver": "local", #驱动
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/nginx-vol/_data", #挂载点
"Name": "nginx-vol", #卷名
"Options": {},
"Scope": "local"
}
]
#下载一个nginx官方镜像
[root@docker 7]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
683abbb4ea60: Pull complete
6ff57cbc007a: Pull complete
162f7aebbf40: Pull complete
Digest: sha256:2cf71a9320ea65566c0738e87400407aaffd8dd11a411ceb2f2b585ad513469e
Status: Downloaded newer image for nginx:latest
[root@docker 7]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 649dcb69b782 2 days ago 109MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
[root@docker 7]# docker run -dit --name=nginx-test --mount src=nginx-vol,dst=/usr/share/nginx/html nginx
e74fb1640742a6a535d825ea223c18809b495532a9c9d6bd0b7ca8c4775261dc
特别说明:
--name:容器的名字
--mount:挂载
src:源卷的名字
dst:挂载到容器中的路径
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e74fb1640742 nginx "nginx -g 'daemon of…" 48 seconds ago Up 47 seconds 80/tcp nginx-test
#向容器中的挂载目录创建文件,查看是否挂载成功
[root@docker 7]# docker exec nginx-test touch /usr/share/nginx/html/test.txt
[root@docker 7]# docker exec nginx-test ls /usr/share/nginx/html/
50x.html
index.html
test.txt #有了
[root@docker 7]# ls /var/lib/docker/volumes/nginx-vol/_data/
50x.html index.html test.txt #成功
#清理容器进程
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e74fb1640742 nginx "nginx -g 'daemon of…" 8 minutes ago Up 8 minutes 80/tcp nginx-test
[root@docker 7]# docker stop nginx-test
nginx-test
[root@docker 7]# docker rm nginx-test
nginx-test
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker 7]# ls /var/lib/docker/volumes/nginx-vol/_data/
50x.html index.html test.txt #清理容器后,挂载的卷的数据仍旧存在
#重新启动镜像nginx的容器进程
[root@docker 7]# docker run -dit --name nginx-test -p 88:80 --mount src=nginx-vol,dst=/usr/share/nginx/html nginx
b5e0bfc639087bdd4998065e457eda837c042cfb5e9cf3c044a11c97280e7270
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b5e0bfc63908 nginx "nginx -g 'daemon of…" 15 seconds ago Up 14 seconds 0.0.0.0:88->80/tcp nginx-test
特别提示:
docker run的-p参数:指定端口的映射,88:80的意思就是将宿主机88端口的访问映射到容器进程的80端口
现在我们通过浏览器访问宿主机的88端口,进而访问容器进程的80端口
现在我们在启动一个镜像nginx的进程,让两个nginx的容器进程公用一个数据卷nginx-vol
[root@docker 7]# docker run -dit --name nginx-test2 -p 89:80 --mount src=nginx-vol,dst=/usr/share/nginx/html nginx
f1373f38c6cda722f151f06fc06cd6fccf62bc042850c6481ddb74c5336377be
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1373f38c6cd nginx "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 0.0.0.0:89->80/tcp nginx-test2
b5e0bfc63908 nginx "nginx -g 'daemon of…" 17 minutes ago Up 17 minutes 0.0.0.0:88->80/tcp nginx-test
我们用浏览器访问docker宿主机的89端口
4.1.2 Bind Mounts
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1373f38c6cd nginx "nginx -g 'daemon of…" 7 minutes ago Up 7 minutes 0.0.0.0:89->80/tcp nginx-test2
b5e0bfc63908 nginx "nginx -g 'daemon of…" 24 minutes ago Up 24 minutes 0.0.0.0:88->80/tcp nginx-test
[root@docker 7]# docker run -dit --name nginx-test3 -p 90:80 --mount type=bind,src=/var/lib/docker/volumes/nginx-vol/_data,dst=/usr/share/nginx/html nginx
270b609a9e2ec53c3b0a9250f2f8d175e21748ac8ebe9e4c0f9897e72a9b3843
[root@docker 7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
270b609a9e2e nginx "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 0.0.0.0:90->80/tcp nginx-test3
f1373f38c6cd nginx "nginx -g 'daemon of…" 9 minutes ago Up 9 minutes 0.0.0.0:89->80/tcp nginx-test2
b5e0bfc63908 nginx "nginx -g 'daemon of…" 26 minutes ago Up 26 minutes 0.0.0.0:88->80/tcp nginx-test
我们用浏览器访问docker宿主机的90端口
4.2 实战容器部署LNMP网站平台
首先我们下载一个wordpress博客
wget https://cn.wordpress.org/wordpress-4.7.4-zh_CN.tar.gz
4.2.1 创建MySQL数据库容器
#下载MySQL5.6版本镜像
[root@docker ~]# docker pull mysql:5.6
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 649dcb69b782 3 days ago 109MB
mysql 5.6 97fdbdd65c6a 10 days ago 256MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
#创建一个自定义网络(docker自定义网络下一节再讲)
[root@docker ~]# docker network create lnmp
b02d8652022382f21780ee4935f472689883b64389ae120174268de57ec03e4e
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
29e8c90dbd80 bridge bridge local
f11e598312bd host host local
b02d86520223 lnmp bridge local #有了(默认驱动为网桥)
3978eff69b11 none null local
#启动MySQL数据库容器
[root@docker ~]# docker run -dit --name lnmp_mysql --network lnmp -p 3306:3306 --mount src=mysql-vol,dst=/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123123 mysql:5.6 --character-set-server=utf8
07bd252ec637324683514c6f27ba0beb552d9c1044a60c2dbb1cb3d2aeba807b
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07bd252ec637 mysql:5.6 "docker-entrypoint.s…" 7 seconds ago Up 6 seconds 0.0.0.0:3306->3306/tcp lnmp_mysql
特别提示:
- 自定义网络lnmp如果不提前创建的话,在启动容器进程时会报错
- 如果没有提前pull好mysql:5.6那么容器在启动时会自动下载对应镜像
- 如果没有提前docker volume create mysql-vol,那么容器启动时会自动创建
#查看容器lnmp_mysql的日志输出
[root@docker ~]# docker logs lnmp_mysql
#查看容器里启动的进程
[root@docker ~]# docker top lnmp_mysql
UID PID PPID C STIME TTY TIME CMD
polkitd 96252 96240 0 22:58 pts/0 00:00:01 mysqld --character-set-server=utf8
4.2.2 向容器里的Mysql创建一个库
[root@docker ~]# docker exec lnmp_mysql sh -c 'exec mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -e"create database wp"'
Warning: Using a password on the command line interface can be insecure.
4.2.3 在docker宿主机上安装mysql的客户端通过端口映射访问容器内的mysql
因为已经将mysql容器的3306端口映射到了docker宿主机的3306,因此我们访问本地即可
#安装mysql客户端
[root@docker ~]# yum -y install mysql
#查看本机IP地址
[root@docker ~]# hostname -I | xargs -n1 | head -1
192.168.200.142
#远程方式连接docker宿主机的3306端口
[root@docker ~]# mysql -h192.168.200.142 -P3306 -uroot -p123123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.40 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wp | #已经创建wp库了
+--------------------+
4 rows in set (0.01 sec)
4.2.4 创建nginx+PHP环境容器
#创建一个网页目录
[root@docker ~]# mkdir -p /app/wwwroot
[root@docker ~]# ll -d /app/wwwroot
drwxr-xr-x 2 root root 6 7月 8 00:22 /app/wwwroot
#下载richarvey/nginx-php-fpm镜像
[root@docker ~]# docker pull richarvey/nginx-php-fpm
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
richarvey/nginx-php-fpm latest 26c0e6f09c52 2 days ago 300MB
nginx latest 649dcb69b782 3 days ago 109MB
mysql 5.6 97fdbdd65c6a 10 days ago 256MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
#启动richarvey/nginx-php-fpm镜像的容器
[root@docker ~]# docker run -dit --name lnmp_web --network lnmp -p 88:80 --mount type=bind,src=/app/wwwroot,dst=/var/www/html richarvey/nginx-php-fpm
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1ab26792a73c richarvey/nginx-php-fpm "docker-php-entrypoi…" 4 seconds ago Up 3 seconds 443/tcp, 9000/tcp, 0.0.0.0:88->80/tcp lnmp_web
07bd252ec637 mysql:5.6 "docker-entrypoint.s…" About an hour ago Up About an hour 0.0.0.0:3306->3306/tcp lnmp_mysql
4.2.5 解压wordpress到网页目录/app/wwwroot下
[root@docker ~]# tar xf wordpress-4.7.4-zh_CN.tar.gz -C /app/wwwroot/
[root@docker ~]# cd /app/wwwroot/
[root@docker wwwroot]# ls
wordpress
4.2.6 博客wordpress访问测试
通过浏览器进行docker宿主机的88端口的访问测试
http://IP:88/wordpress
特别提示:
如果在访问时,出现以下情况
#如果出现连接不上的情况,那么请按顺序执行以下命令一遍
[root@docker wwwroot]# systemctl stop firewalld
[root@docker wwwroot]# systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
[root@docker wwwroot]# iptables -F
[root@docker wwwroot]# iptables -P FORWARD ACCEPT
[root@docker wwwroot]# iptables -P INPUT ACCEPT
[root@docker wwwroot]# iptables -P OUTPUT ACCEPT
如果没有意外此时访问浏览器,就可出现下述内容
特别提示:
如果多次连续访问同一网页,那么浏览器有可能默认去掉指定的端口
因此,同学们若访问不到,请查看是否指定了88端口
五,网络管理
5.1 容器网络模式
-
Docker支持5种网络模式
-
bridge
- 默认网络,Docker启动后默认创建一个docker0网桥,默认创建的容器也是添加到这个网桥中
-
host
- 容器不会获得一个独立的network namespace,而是与宿主机共用一个
-
none
- 获取独立的network namespace,但不为容器进行任何网络配置
-
container
- 与指定的容器使用同一个network namespace,网卡配置也都是相同的
-
自定义
- 自定义网桥,默认与bridge网络一样
-
5.1.1 bridge网络类型
#安装bridge管理工具
[root@docker ~]# yum -y install bridge-utils
#查看网桥状态
[root@docker ~]# brctl show
bridge name bridge id STP enabled interfaces
br-b02d86520223 8000.02427fd4e96d no veth3c0da5f #网桥br-br0绑定了两个虚拟网卡
vethcd34854
docker0 8000.02424cab4d14 no veth0d15221 #网桥docker0绑定了一个虚拟网卡
#查看网络类型
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
29e8c90dbd80 bridge bridge local #两个网桥类型的网络
f11e598312bd host host local
b02d86520223 lnmp bridge local #两个网桥类型的网络
3978eff69b11 none null local
#查看容器进程
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
274cd088c4ad centos "/bin/bash" 14 minutes ago Up 14 minutes test
1ab26792a73c richarvey/nginx-php-fpm "docker-php-entrypoi…" 2 days ago Up 2 days 443/tcp, 9000/tcp, 0.0.0.0:88->80/tcp lnmp_web
07bd252ec637 mysql:5.6 "docker-entrypoint.s…" 2 days ago Up 2 days 0.0.0.0:3306->3306/tcp lnmp_mysql
#查看容器lnmp_mysql的网络信息
[root@docker ~]# docker inspect lnmp_mysql | grep -A 15 "Networks"
"Networks": {
"lnmp": { #网络类型lnmp
"IPAMConfig": null,
"Links": null,
"Aliases": [
"07bd252ec637"
],
"NetworkID": "b02d8652022382f21780ee4935f472689883b64389ae120174268de57ec03e4e",
"EndpointID": "6059606168f72d1561e4ce1d345fdc8dafed7b3956f9b2a392f29635c4001b7c",
"Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥br-b02d86520223
"IPAddress": "172.18.0.2", #容器IP172.18.0.2
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:02",
#查看容器lnmp_web的网络信息
[root@docker ~]# docker inspect lnmp_web | grep -A 15 "Networks"
"Networks": {
"lnmp": { #网络类型lnmp
"IPAMConfig": null,
"Links": null,
"Aliases": [
"1ab26792a73c"
],
"NetworkID": "b02d8652022382f21780ee4935f472689883b64389ae120174268de57ec03e4e",
"EndpointID": "778d44313652bce9af6f09c3f67d56946eca2c6b7cf7dc8b9c79046e7874842a",
"Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥br-b02d86520223
"IPAddress": "172.18.0.3", #容器IP172.18.0.3
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:03",
#查看容器test的网络信息
[root@docker ~]# docker inspect test | grep -A 15 "Networks"
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "29e8c90dbd80c38e964c4a6055456fb1718f499f03a1ff81af0a3c2643231de5",
"EndpointID": "cacf4aea37a8d12bae2358fa682da1e3c3b6bb85947a88d8242fbf1bff3d3d86",
"Gateway": "172.17.0.1", #网关172.17.0.1,这就是网桥docker0
"IPAddress": "172.17.0.2", #容器IP172.17.0.2
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
5.1.2 host网络类型
#启动一个网络类型为host的容器
[root@docker ~]# docker run -dit --name test2 --network host centos:latest /bin/bash
156dbada7627542fd0ab7134cec270466bcef5180feeec44343821d71cc6ebaf
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
156dbada7627 centos:latest "/bin/bash" 3 seconds ago Up 3 seconds test2
274cd088c4ad centos "/bin/bash" 2 hours ago Up 2 hours test
1ab26792a73c richarvey/nginx-php-fpm "docker-php-entrypoi…" 3 days ago Up 3 days 443/tcp, 9000/tcp, 0.0.0.0:88->80/tcp lnmp_web
07bd252ec637 mysql:5.6 "docker-entrypoint.s…" 3 days ago Up 3 days 0.0.0.0:3306->3306/tcp lnmp_mysql
#查看容器的ip
[root@docker ~]# docker exec test2 hostname -I #这就是网络类型为host的容器,ip地址和docker宿主机完全一样
192.168.200.142 172.17.0.1 172.18.0.1
[root@docker ~]# docker exec test hostname -I #网桥类型容器
172.17.0.2
[root@docker ~]# docker exec lnmp_mysql hostname -i #网桥类型容器
172.18.0.2
[root@docker ~]# docker exec lnmp_web hostname -i #网桥类型容器
172.18.0.3
5.1.3 none网络类型(用于建立与宿主机的桥接模式)
#启动一个网络类型为none的容器
[root@docker ~]# docker run -dit --name test3 --net none centos:latest
cddf4c8888d71df9224b6455ae426fe33470e219c5c755252875da7a20c4527f
#查看容器IP地址
[root@docker ~]# docker exec test3 hostname -I
查询后发现,什么IP地址都没有,是的,none类型就是暂时不给容器指定网卡。
5.1.4 container网络类型
指定新容器使用指定容器的网卡
#启动一个容器,网络类型container,使用test容器的网卡
[root@docker ~]# docker run -dit --name test4 --net container:test centos:latest /bin/bash
d0100ebdadde9733d5c2d0fd8f1a8017d1c74c4323408cd11ac593c0f7d7f42f
[root@docker ~]# docker inspect test | grep -A 15 "Networks"
\ "Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "29e8c90dbd80c38e964c4a6055456fb1718f499f03a1ff81af0a3c2643231de5",
"EndpointID": "cacf4aea37a8d12bae2358fa682da1e3c3b6bb85947a88d8242fbf1bff3d3d86",
"Gateway": "172.17.0.1", #test容器的网关
"IPAddress": "172.17.0.2", #test容器模式网桥
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
[root@docker ~]# docker inspect test4 | grep -A 15 "Networks"
"Networks": {} #test4容器并没有自己的网络设置
}
}
]
[root@docker ~]# docker exec test4 hostname -I #test4没有网络设置却有IP地址和test容器完全一样
172.17.0.2
5.2 桥接宿主机网络与配置固定IP地址
5.2.1 建立网桥桥接到宿主机网络
#构建一个永久生效的网桥br0
[root@docker network-scripts]# cat ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=dhcp
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0
[root@docker network-scripts]# cat ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.200.142
NETMASK=255.255.255.0
GATEWAY=192.168.200.2
DNS1=192.168.200.2
[root@docker network-scripts]# service network restart
#查看网卡IP
[root@docker network-scripts]# ifconfig ens32
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:93:37:0b txqueuelen 1000 (Ethernet) #ens32网卡已经没有IP地址了
RX packets 626902 bytes 599726150 (571.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 570556 bytes 1022355519 (974.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@docker network-scripts]# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.200.142 netmask 255.255.255.0 broadcast 192.168.200.255 #网桥br0代替了ens32
inet6 fe80::f82d:6dff:fed3:a9bb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:93:37:0b txqueuelen 1000 (Ethernet)
RX packets 306 bytes 28092 (27.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 141 bytes 19806 (19.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@docker network-scripts]# brctl show
bridge name bridge id STP enabled interfaces
br-b02d86520223 8000.02427fd4e96d no veth3c0da5f
vethcd34854
br0 8000.000c2993370b no ens32 #网桥br0,桥接在了真实的物理网卡ens32上
docker0 8000.02424cab4d14 no veth0d15221
5.2.2 通过pipework工具配置容器固定IP
pipework工具下载地址:https://github.com/jpetazzo/pipework.git
#解压安装pipework工具
[root@docker ~]# yum -y install unzip
[root@docker ~]# unzip pipework-master.zip
Archive: pipework-master.zip
ae42f1b5fef82b3bc23fe93c95c345e7af65fef3
creating: pipework-master/
extracting: pipework-master/.gitignore
inflating: pipework-master/LICENSE
inflating: pipework-master/README.md
inflating: pipework-master/docker-compose.yml
creating: pipework-master/doctoc/
inflating: pipework-master/doctoc/Dockerfile
inflating: pipework-master/pipework
inflating: pipework-master/pipework.spec
[root@docker ~]# mv pipework-master /usr/local/
[root@docker ~]# ln -s /usr/local/pipework-master/pipework /usr/local/bin/
[root@docker ~]# which pipework
/usr/local/bin/pipework
#建立网络类型为none的容器,并通过pipework配置固定ip地址
[root@docker ~]# docker run -dit --name test5 --net none centos:latest /bin/bash
5b06b180ce8477eb21959facde5c48f1d3670396baa5696ad319d3052b610a4b
[root@docker ~]# pipework br0 test5 192.168.200.199/24@192.168.200.2 #设置容器固定IP为192.168.200.199网关192.168.200.2
[root@docker ~]# docker exec test5 hostname -I #有IP了
192.168.200.199
[root@docker ~]# ping 192.168.200.199 #宿主机ping能通
PING 192.168.200.199 (192.168.200.199) 56(84) bytes of data.
64 bytes from 192.168.200.199: icmp_seq=1 ttl=64 time=0.076 ms
^C
--- 192.168.200.199 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.076/0.076/0.076/0.000 ms
[root@docker ~]# docker exec -it test5 /bin/bash #进入容器
[root@5b06b180ce84 /]# ping www.baidu.com #能连接外网
PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data.
64 bytes from 61.135.169.125 (61.135.169.125): icmp_seq=1 ttl=128 time=5.73 ms
^C
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.733/5.733/5.733/0.000 ms
通过windows宿主机ping虚拟机中的容器进程IP进行测试
综上,外部机器访问虚拟机中的容器进程也可以联通了
