1、docker簡介
docker通過內核虛擬化技術(namespace及cgroups等)來提供容器的資源隔離與安全保障等,由於docker通過操作系統層的虛擬化實現隔離,所以docker容器在運行時,不需要類似虛擬機額外的操作系統開銷,提供資源利用率
2、docker vs kvm
3、docker vs vms
4、docker三大組件
鏡像(image)、容器(container)、倉庫(repository)
一、docker安裝
[root@docker ~]#tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
[root@docker ~]# yum install docker-engine -y
二、比較常用命令參數
查看Docker的版本信息
docker version
在Docker Hub上搜索一個指定鏡像
docker search
在Docker Hub上搜索一個指定鏡像並至少有10顆星
docker search -s 10 ubuntu
從一個Docker的註冊服務器上拉取一個鏡像或一個私有倉庫
docker pull ubuntu
查看鏡像列表
docker images
在一個新的容器中運行一個命令
docker run
移除一個或多個鏡像
docker rmi
移除一個或多個容器
docker rm
附着一個運行的容器
docker attach
運行一個命令在一個運行的容器中
docker exec
從一個Dockerfile文件中構建一個鏡像
docker build
查看鏡像構建歷史
docker history
查看容器更爲詳細的配置信息
docker inspect
保存一個鏡像對歸檔tar中
docker save
從一個歸檔tar中加載一個鏡像
docker load
啓動、停止、重啓一個運行的容器
docker start| stop| restart
殺掉一個正在運行的容器
docker kill
進入容器命令:
docker attach:登陸到運行的容器中
docker exec:在宿主機上運行命令到容器內部,類似在打開一個容器的終端
docker nsenter:連接到容器,需要容器PID
三、docker基礎操作
[root@docker ~]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker ~]# systemctl start docker.service
[root@docker ~]#
[root@docker ~]# docker pull centos #拉取鏡像
[root@docker ~]# docker pull daocloud.io/library/nginx
有時候拉取速度很慢,採用國內源加速
root@docker ~]# vim /usr/lib/systemd/system/docker.service 增加下面這行
EnvironmentFile=/etc/sysconfig/docker
新建配置文件[root@docker ~]# vim /etc/sysconfig/docker
在https://dashboard.daocloud.io/ 註冊,然後點擊加速器生成加速鏈接
OPTIONS=--registry-mirror=curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s
[root@docker ~]# docker search nginx #搜索鏡像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0584b3d2cf6d 2 weeks ago 196.5 MB
導出鏡像
[root@docker ~]# docker save -o nginx.tar daocloud.io/library/nginx
[root@docker ~]# docker save -o cnetos.tar centos
導入鏡像
[root@docker ~]# docker load --input cnetos.tar 或者 [root@docker ~]# docker load < cnetos.tar
刪除鏡像
[root@docker ~]# docker rmi 0584b3d2cf6d (鏡像ID)
[root@docker ~]# docker run centos /bin/echo "Hello world"
Hello world
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e381e68a385 centos "/bin/echo 'Hello wor" 6 seconds ago Exited (0) 5 seconds ago clever_lamarr
[root@docker ~]# docker run --name mydocker -t -i centos /bin/bash
[root@1a67f4c92b6e /]#
[root@1a67f4c92b6e /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 18:56 ? 00:00:00 /bin/bash
root 14 1 0 18:56 ? 00:00:00 ps -ef
[root@1a67f4c92b6e /]# exit
exit
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1a67f4c92b6e centos "/bin/bash" 12 minutes ago Exited (0) 6 seconds ago mydocker
5e381e68a385 centos "/bin/echo 'Hello wor" 16 minutes ago Exited (0) 16 minutes ago clever_lamarr
[root@docker ~]# docker run --name docker-demo -d centos /bin/bash -d代表放入後臺執行
6c5a777467b9552714f9cd3322e677750e2b8b5b0bd2d81e79094ad560828a5e
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6c5a777467b9 centos "/bin/bash" 11 seconds ago Exited (0) 11 seconds ago docker-demo
1a67f4c92b6e centos "/bin/bash" 17 minutes ago Exited (0) 4 minutes ago mydocker
5e381e68a385 centos "/bin/echo 'Hello wor" 21 minutes ago Exited (0) 21 minutes ago clever_lamarr
[root@docker ~]# docker stop mydocker 停止容器
[root@docker ~]# docker start 1a67f4c92b6e 啓動容器
[root@docker ~]# docker run -d --name mynginx daocloud.io/library/nginx
225a9b0459630c62dcf2199d6244b16a74ad9412471abf0be03755768df3ae63
[root@docker ~]#
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
225a9b045963 daocloud.io/library/nginx "nginx -g 'daemon off" 6 seconds ago
Up 5 seconds 80/tcp, 443/tcp mynginx
進入容器腳步
[root@docker ~]# cat docker_in.sh
#!/bin/bash
docker_in(){
NAME_ID=$1
PID=$(docker inspect --format "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1
四、docker網絡
root@docker ~]# docker run -d -P --name nginx-test1 daocloud.io/library/nginx
9b1d36d40127fe2c84bbe7750802e435a817a15b4159b24fc49bfb1107a2cb74
[root@docker ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9b1d36d40127 daocloud.io/library/nginx "nginx -g 'daemon off" 2 minutes ago Up 2 minutes 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp nginx-test1
[root@docker ~]# netstat -lntup|grep 32768
tcp6 0 0 :::32768 :::* LISTEN 11213/docker-proxy
[root@docker ~]# curl -I http://172.16.80.132:32769
HTTP/1.1 200 OK
Server: nginx/1.11.5
Date: Thu, 24 Nov 2016 05:58:47 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 11 Oct 2016 15:03:01 GMT
Connection: keep-alive
ETag: "57fcff25-264"
Accept-Ranges: bytes
轉換前
[root@docker ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
轉換後
[root@docker ~]# docker run -d -P --name nginx-test1 daocloud.io/library/nginx
42783cf5053639383004f82b9e72fe0223c7c028d2754b2d0f74429824715f05
[root@docker ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42783cf50536 daocloud.io/library/nginx "nginx -g 'daemon off" 9 seconds ago Up 7 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp nginx-test1
[root@docker ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:80
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
[root@docker ~]# sh docker_in.sh nginx-test1
root@42783cf50536:/#
root@42783cf50536:/#
root@42783cf50536:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
五、docker數據存儲
[root@docker ~]# docker run -d --name nginx-volume-test1 -v /data daocloud.io/library/nginx
88b24d79a4f3b021325592ceac20e86291166d675b213d60db017548c4d9d960
[root@docker ~]# sh docker_in.sh nginx-volume-test1
root@88b24d79a4f3:/# cd /data/
root@88b24d79a4f3:/data# ls
root@88b24d79a4f3:/data# touch hehe
root@88b24d79a4f3:/data# ls -l
total 0
-rw-r--r-- 1 root root 0 Nov 24 06:30 hehe
[root@docker ~]# cd /var/lib/docker/
[root@docker docker]# ll
total 32
drwx------ 6 root root 4096 Nov 24 14:28 containers
drwx------ 5 root root 4096 Nov 24 02:05 devicemapper
drwx------ 3 root root 4096 Nov 24 01:20 image
drwxr-x--- 3 root root 4096 Nov 24 01:20 network
drwx------ 2 root root 4096 Nov 24 01:20 swarm
drwx------ 2 root root 4096 Nov 24 10:09 tmp
drwx------ 2 root root 4096 Nov 24 01:20 trust
drwx------ 3 root root 4096 Nov 24 14:28 volumes
[root@docker docker]# cd volumes/
[root@docker volumes]# ls
4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60 metadata.db
[root@docker volumes]# cd 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60/
[root@docker 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# ls
_data
[root@docker 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# cd _data/ 容器內的文件實際在物理機上面的的保存目錄
[root@docker _data]# ls
hehe
[root@docker ~]# docker run -d --name nginx-volume-test2 -v /data/mysql:/mysql daocloud.io/library/nginx
f7278ce9bd88c26a0c5aaefcb2b39f1f9df0066bc94edb7a530213815e166f5e
#-v /data/mysql:/mysql 表示把物理機的/data/mysql目錄掛載到容器內的/mysql目錄下面
[root@docker ~]# docker run -d --name nginx-volumes -v /data/mysql:/mysql daocloud.io/library/nginx
28c616e44352fc4eafeb2f87dbbb7b6eb9df447235afe027034efa96df1c5071
[root@docker ~]#
[root@docker ~]# docker run -d --name web-node1 --volumes-from nginx-volumes daocloud.io/library/nginx
0f022ce56e8b800cb1a4ac76bb8a326d42e198093146e8661ad3ac8925ad317d
[root@docker ~]#
[root@docker ~]# docker run -d --name web-node2 --volumes-from nginx-volumes daocloud.io/library/nginx
03d5e88c15f6604eeee2b8af500b8f356ba69adc34710f3c19b813530f19dc3d
六、基於Dockerfile來創建mysql鏡像
1)創建Dockerfile文件
[root@localhost ~]# mkdir mysql_ubuntu
[root@localhost ~]# cd mysql_ubuntu/
[root@localhost mysql_ubuntu]# cat Dockerfile
FROM ubuntu:14.04
RUN apt-get update
RUN apt-get -y install mysql-client mysql-server
RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
ADD ./startup.sh /opt/startup.sh
EXPOSE 3306
CMD ["/bin/bash", "/opt/startup.sh"]
2)創建mysql服務啓動腳本文件
[root@localhost mysql_ubuntu]# cat startup.sh
#!/bin/bash
if [ ! -f /var/lib/mysql/ibdata1 ]; then
mysql_install_db
/usr/bin/mysqld_safe &
sleep 10s
echo "GRANT ALL ON *.* TO admin@'%' IDENTIFIED BY 'changeme' WITH GRANT OPTION; FLUSH PRIVILEGES" | mysql
killall mysqld
sleep 10s
fi
/usr/bin/mysqld_safe
3)構建mysql鏡像
docker build -t centos/mysql .
4)查看鏡像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos/mysql latest f58add96ecb7 About a minute ago 338.9 MB
5)基於新鏡像創建mysql容器
[root@localhost ~]# mkdir /data/mysql -p
[root@localhost ~]# docker run -d -p 3306:3306 -v /data/mysql:/var/lib/mysql centos/mysql
0112ba90e4a30a13e4f3af26f4a5bcd73e91ae3afa881a36fadd34cd953d0ada
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112ba90e4a3 centos/mysql:latest "/bin/bash /opt/star 4 seconds ago Up 3 seconds 0.0.0.0:3306->3306/tcp reverent_hawking
[root@localhost ~]# ll /data/mysql/
total 28680
-rw-rw----. 1 103 106 18874368 Apr 25 17:46 ibdata1
-rw-rw----. 1 103 106 5242880 Apr 25 19:09 ib_logfile0
-rw-rw----. 1 103 106 5242880 Apr 25 17:45 ib_logfile1
drwx------. 2 103 root 4096 Apr 25 17:45 mysql
drwx------. 2 103 106 4096 Apr 25 17:45 performance_schema
6)測試mysql容器
[root@localhost ~]# mysql -uadmin -p123456 -h192.168.0.104 -P 3306 -e 'show databases'
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
或者提供一個登陸mysql客戶端腳本
run-client.sh
#!/bin/sh
TAG="mysql"
CONTAINER_ID=$(docker ps | grep $TAG | awk '{print $1}')
IP=$(docker inspect $CONTAINER_ID | python -c 'import json,sys;obj=json.load(sys.stdin);print obj[0]["NetworkSettings"]["IPAddress"]')
mysql -u admin -p -h $IP
用dockerfile文件構建docker鏡像靈活簡便,推薦多多運用。