|
|
Docker 包括三个基本概念
1.镜像(Image)
2.容器(Container)
3.仓库(Repository)
docker的特性:
1.文件系统隔离:每个进程容器运行在完全独立的根文件系统里。
2.资源隔离:可以使用cgroup为每个进程容器分配不同的系统资源,例如CPU和内存。
3.网络隔离:每个进程容器运行在自己的网络命名空间里,拥有自己的虚拟接口和IP地址。
4.写时复制:采用写时复制方式创建根文件系统,这让部署变得极其快捷,并且节省内存和硬盘空间。
5.日志记录:Docker将会收集和记录每个进程容器的标准流(stdout/stderr/stdin),用于实时检索或批量检索。
6.变更管理:容器文件系统的变更可以提交到新的映像中,并可重复使用以创建更多的容器。无需使用模板或手动配置。
7.交互式Shell:Docker可以分配一个虚拟终端并关联到任何容器的标准输入上,例如运行一个一次性交互shell。
docker安装与启动
yum install -y epel-release
yum install docker //安装的版本比较老。
使用该方法在线安装最新版本的docker
[iyunv@soft Desktop]# curl -fsSL https://get.docker.com/ | sh
+ sh -c 'sleep 3; yum -y -q install docker-engine'
docker-engine-1.12.1-1.el7.centos.x86_64.rpm | 19 MB 04:11
No Presto metadata available for docker-experimental-repo
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
sudo usermod -aG docker your-user
Remember that you will have to log out and back in for this to take effect!
安装完docker后可用以下命令查看相关的docker信息:
[iyunv@localhost /]# docker version
Client:
Version: 1.10.3
API version: 1.22
Package version: docker-common-1.10.3-46.el7.centos.10.x86_64
Go version: go1.6.3
Git commit: d381c64-unsupported
Built: Thu Aug 4 13:21:17 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.3
API version: 1.22
Package version: docker-common-1.10.3-46.el7.centos.10.x86_64
Go version: go1.6.3
Git commit: d381c64-unsupported
Built: Thu Aug 4 13:21:17 2016
OS/Arch: linux/amd64
[iyunv@localhost /]# docker info //本地已有一个docker镜像
Containers: 2
Running: 1
Paused: 0
Stopped: 1
Images: 1
Server Version: 1.10.3
Storage Driver: devicemapper
Pool Name: docker-253:0-1792087-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 1.083 GB
Data Space Total: 107.4 GB
Data Space Available: 25.5 GB
Metadata Space Used: 1.278 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.146 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Execution Driver: native-0.2
Logging Driver: journald
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 3.10.0-327.28.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 2
CPUs: 16
Total Memory: 15.66 GiB
Name: localhost.localdomain
ID: TWV7:7OXE:GGAN:MYFO:ERWM:FC2G:KCWJ:LSU6:TA4Y:Q6J6:ZK3I:GDB4
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Registries: docker.io (secure)
docker镜像下载
搜索可用的centos的docker镜像
[iyunv@localhost /]# docker search centos//搜索centos镜像
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/centos The official build of CentOS. 2531 [OK]
docker.io docker.io/ansible/centos7-ansible Ansible on Centos7 82 [OK]
docker.io docker.io/jdeathe/centos-ssh CentOS-6 6.8 x86_64 / CentOS-7 7.2.1511 x8... 27 [OK]
docker.io docker.io/nimmis/java-centos This is docker images of CentOS 7 with dif... 13 [OK]
docker.io docker.io/million12/centos-supervisor Base CentOS-7 with supervisord launcher, h... 12 [OK]
docker.io docker.io/gluster/gluster-centos Official GlusterFS Image [ CentOS7 + Glus... 11 [OK]
docker.io docker.io/torusware/speedus-centos Always updated official CentOS docker imag... 8 [OK]
docker.io docker.io/nickistre/centos-lamp LAMP on centos setup 4 [OK]
docker.io docker.io/nathonfowlie/centos-jre Latest CentOS image with the JRE pre-insta... 3 [OK]
docker.io docker.io/consol/sakuli-centos-xfce Sakuli end-2-end testing and monitoring co... 2 [OK]
docker.io docker.io/blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK]
docker.io docker.io/darksheer/centos Base Centos Image -- Updated hourly 1 [OK]
docker.io docker.io/harisekhon/centos-java Java on CentOS (OpenJDK, tags jre/jdk7-8) 1 [OK]
docker.io docker.io/timhughes/centos Centos with systemd installed and running 1 [OK]
docker.io docker.io/aguamala/centos CentOS base image 0 [OK]
docker.io docker.io/dmglab/centos CentOS with some extras - This is for the ... 0 [OK]
docker.io docker.io/grayzone/centos auto build for centos. 0 [OK]
docker.io docker.io/grossws/centos CentOS 6 and 7 base images with gosu and l... 0 [OK]
docker.io docker.io/harisekhon/centos-scala Scala + CentOS (OpenJDK tags 2.10-jre7 - 2... 0 [OK]
docker.io docker.io/januswel/centos yum update-ed CentOS image 0 [OK]
docker.io docker.io/jsmigel/centos-epel Docker base image of CentOS w/ EPEL installed 0 [OK]
docker.io docker.io/kz8s/centos Official CentOS plus epel-release 0 [OK]
docker.io docker.io/repositoryjp/centos Docker Image for CentOS. 0 [OK]
docker.io docker.io/smartentry/centos CentOS with smartentry 0 [OK]
docker.io docker.io/ustclug/centos USTC centos 0 [OK]
构建docker镜像:
docker pull centos:laster
慢慢的等待镜像文件的下载。下载完可以通过如下命令查看镜像
# docker images //查看镜像信息
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos 7.2.1511 686672a1d0cc 5 weeks ago 194.6 MB
通过docker run来启动镜像,同时会创建一个容器,看下docker run的启动命令:
[iyunv@localhost /]# docker run --help
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Run a command in a new container
-a, --attach=[] Attach to STDIN, STDOUT or STDERR
--add-host=[] Add a custom host-to-IP mapping (host:ip)
--blkio-weight Block IO (relative weight), between 10 and 1000
--blkio-weight-device=[] Block IO weight (relative device weight)
--cpu-shares CPU shares (relative weight)
--cap-add=[] Add Linux capabilities
--cap-drop=[] Drop Linux capabilities
--cgroup-parent Optional parent cgroup for the container
--cidfile Write the container ID to the file
--cpu-period Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota Limit CPU CFS (Completely Fair Scheduler) quota
--cpuset-cpus CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems MEMs in which to allow execution (0-3, 0,1)
-d, --detach Run container in background and print container ID
--detach-keys Override the key sequence for detaching a container
--device=[] Add a host device to the container
--device-read-bps=[] Limit read rate (bytes per second) from a device
--device-read-iops=[] Limit read rate (IO per second) from a device
--device-write-bps=[] Limit write rate (bytes per second) to a device
--device-write-iops=[] Limit write rate (IO per second) to a device
--disable-content-trust=true Skip image verification
--dns=[] Set custom DNS servers
--dns-opt=[] Set DNS options
--dns-search=[] Set custom DNS search domains
-e, --env=[] Set environment variables
--entrypoint Overwrite the default ENTRYPOINT of the image
--env-file=[] Read in a file of environment variables
--expose=[] Expose a port or a range of ports
--group-add=[] Add additional groups to join
-h, --hostname Container host name
--help Print usage
-i, --interactive Keep STDIN open even if not attached
--ip Container IPv4 address (e.g. 172.30.100.104)
--ip6 Container IPv6 address (e.g. 2001:db8::33)
--ipc IPC namespace to use
--isolation Container isolation level
--kernel-memory Kernel memory limit
-l, --label=[] Set meta data on a container
--label-file=[] Read in a line delimited file of labels
--link=[] Add link to another container
--log-driver Logging driver for container
--log-opt=[] Log driver options
-m, --memory Memory limit
--mac-address Container MAC address (e.g. 92:d0:c6:0a:29:33)
--memory-reservation Memory soft limit
--memory-swap Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness=-1 Tune container memory swappiness (0 to 100)
--name Assign a name to the container
--net=default Connect a container to a network
--net-alias=[] Add network-scoped alias for the container
--oom-kill-disable Disable OOM Killer
--oom-score-adj Tune host's OOM preferences (-1000 to 1000)
-P, --publish-all Publish all exposed ports to random ports
-p, --publish=[] Publish a container's port(s) to the host
--pid PID namespace to use
--privileged Give extended privileges to this container
--read-only Mount the container's root filesystem as read only
--restart=no Restart policy to apply when a container exits
--rm Automatically remove the container when it exits
--security-opt=[] Security Options
--shm-size Size of /dev/shm, default value is 64MB
--sig-proxy=true Proxy received signals to the process
--stop-signal=SIGTERM Signal to stop a container, SIGTERM by default
--sysctl=map[] Sysctl options
-t, --tty Allocate a pseudo-TTY
--tmpfs=[] Mount a tmpfs directory
-u, --user Username or UID (format: <name|uid>[:<group|gid>])
--ulimit=[] Ulimit options
--uts UTS namespace to use
-v, --volume=[] Bind mount a volume
--volume-driver Optional volume driver for the container
--volumes-from=[] Mount volumes from the specified container(s)
-w, --workdir Working directory inside the container
启动并创建一个交互式的docker容器:
[iyunv@localhost /]# docker run -ti -d 686672a1d0cc
//-d为后台启动
通过docker ps 来查看当前运行的容器,看下docker ps的相关指令:
[iyunv@localhost /]# docker ps --help
Usage: docker ps [OPTIONS]
List containers
-a, --all Show all containers (default shows just running)
-f, --filter=[] Filter output based on conditions provided
--format Pretty-print containers using a Go template
--help Print usage
-l, --latest Show the latest created container (includes all states)
-n=-1 Show n last created containers (includes all states)
--no-trunc Don't truncate output
-q, --quiet Only display numeric IDs
-s, --size Display total file sizes
[iyunv@localhost /]# docker ps//查看当前正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d95b3df8674 686672a1d0cc "/bin/bash" 5 hours ago Up About an hour admiring_kowalevski
[iyunv@localhost /]# docker ps -a//查看所有的容器信息
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d95b3df8674 686672a1d0cc "/bin/bash" 5 hours ago Up About an hour admiring_kowalevski
1b4ac575eda0 686672a1d0cc "/bin/bash" 23 hours ago Exited (137) About an hour ago elated_turing
通过dockerstart,docker stop来启动和停止容器:
[iyunv@localhost /]# docker start --help
Usage: docker start [OPTIONS] CONTAINER [CONTAINER...]
Start one or more stopped containers
-a, --attach Attach STDOUT/STDERR and forward signals
--detach-keys Override the key sequence for detaching a container
--help Print usage
-i, --interactive Attach container's STDIN
[iyunv@localhost /]# docker stop --help
Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
Stop a running container.
Sending SIGTERM and then SIGKILL after a grace period
--help Print usage
-t, --time=10 Seconds to wait for stop before killing it
[iyunv@localhost /]# docker restart --help
Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...]
Restart a container
--help Print usage
-t, --time=10 Seconds to wait for stop before killing the container
使用docker exec 可以进入到已经启动的容器中,低版本的docker可能不行。
[iyunv@localhost Desktop]# docker exec -ti 7d95b3df8674 /bin/bash
[iyunv@7d95b3df8674 /]#
容器的工作是建立在镜像的基础之上的,如果需要删除镜像的话,需要先删除使用该镜像的容器,然后才能删除镜像,否则删除镜像的时候,会有如下的类似的错误信息提示:Failed to remove image (e7b): Error response from daemon: conflict: unable to delete e7b2de517efa (must be forced) - image is being used by stopped container 4fbc3cd00987,可以通过docker rm删除容器,docker rmi 删除镜像。
[iyunv@localhost /]# docker rm --help
Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
Remove one or more containers
-f, --force Force the removal of a running container (uses SIGKILL)
--help Print usage
-l, --link Remove the specified link
-v, --volumes Remove the volumes associated with the container
[iyunv@localhost /]# docker rmi --help
Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
Remove one or more images
-f, --force Force removal of the image
--help Print usage
--no-prune Do not delete untagged parents
删除停止的容器
docker rm $(docker ps --all -q -f status=exited)
删除没有使用的镜像
docker rmi -f $(docker images | grep "<none>" | awk "{print \$3}")
批量删除容器
docker ps -a | awk '{print $1}' | xargs docker rm
批量删除镜像
docker images | awk '{print $3}' | xargs docker rmi
持久化容器与镜像
1.通过容器生成新的镜像
运行中的镜像称为容器。你可以修改容器(比如删除一个文件),但这些修改不会影响到镜像。不过,你使用docker commit <container-id> <image-name>命令可以把一个正在运行的容器变成一个新的镜像。
docker commit <container> [repo:tag] 将一个container固化为一个新的image,后面的repo:tag可选。
2.持久化容器
docker export用于持久化容器。
[iyunv@localhost /]# docker export --help
Usage: docker export [OPTIONS] CONTAINER
Export a container's filesystem as a tar archive
--help Print usage
-o, --output Write to a file, instead of STDOUT
[iyunv@localhost /]# docker export <CONTAINER ID> container.tar
3.持久化镜像
docker save用于持久化镜像:
[iyunv@localhost /]# docker save --help
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save an image(s) to a tar archive (streamed to STDOUT by default)
--help Print usage
-o, --output Write to a file, instead of STDOUT
[iyunv@localhost /]# docker save <CONTAINER ID> image.tar
4.导入持久化镜像,容器:
使用docker import,docker load导入镜像容器:
[iyunv@localhost /]# docker import --help
Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
Import the contents from a tarball to create a filesystem image
-c, --change=[] Apply Dockerfile instruction to the created image
--help Print usage
-m, --message Set commit message for imported image
[iyunv@localhost /]# docker load --help
Usage: docker load [OPTIONS]
Load an image from a tar archive or STDIN
--help Print usage
-i, --input Read from a tar archive file, instead of STDIN
5.对镜像打tag
[iyunv@localhost /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos 7.2.1511 686672a1d0cc 5 weeks ago 194.6 MB
[iyunv@localhost /]# docker tag 686672a1d0cc centos:base
[iyunv@localhost /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos base 686672a1d0cc 5 weeks ago 194.6 MB
docker.io/centos 7.2.1511 686672a1d0cc 5 weeks ago 194.6 MB
6.export-import与save-load的区别
导出后再导入(export-import)的镜像会丢失所有的历史,而保存后再加载(save-load)的镜像没有丢失历史和层(layer)。这意味着使用导出后再导入的方式,你将无法回滚到之前的层(layer),同时,使用保存后再加载的方式持久化整个镜像,就可以做到层回滚。(可以执行docker tag <LAYER ID> <IMAGE NAME>来回滚之前的层)。
docker logs $CONTAINER_ID #查看docker实例运行日志,确保正常运行
docker inspect $CONTAINER_ID #docker inspect <image|container> 查看image或container的底层信息
docker build <path> 寻找path路径下名为的Dockerfile的配置文件,使用此配置生成新的image
docker build -t repo[:tag] 同上,可以指定repo和可选的tag
docker build - < <dockerfile> 使用指定的dockerfile配置文件,docker以stdin方式获取内容,使用此配置生成新的image
docker port <container> <container port> 查看本地哪个端口映射到container的指定端口,其实用docker ps 也可以看到。
7.docker文件存放目录
Docker实际上把所有东西都放到/var/lib/docker路径下了。
至此一个简单干净的docker环境搭建完毕。
参考:http://www.server110.com/docker/201411/11105.html
http://blog.csdn.net/fgf00/article/details/51893771
http://www.cnblogs.com/wangjiyong/p/5416960.html
https://github.com/docker/docker/releases
https://docs.docker.com/engine/installation/linux/centos/
http://m.blog.csdn.net/article/details?id=52184285 |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-12-5 18:41:08
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡