一:Docker簡介
(1)概念
Docker 是一個開源的應用容器引擎,讓開發者可以打包他們的應用以及依賴包到一個可移植的鏡像中,然後發佈到任何流行的
Linux或Windows 機器上,也可以實現虛擬化。容器是完全使用沙箱機制,相互之間不會有任何接口。非常方便。
(2)架構
一個完整的Docker有以下幾個部分組成:
- DockerClient客戶端
- Docker Daemon守護進程
- Docker Image鏡像
- DockerContainer容器
Docker daemon 一般在宿主主機後臺運行,等待接收來自客戶端的消息。 Docker
客戶端則爲用戶提供一系列可執行命令,用戶用這些命令實現跟 Docker daemon 交互
(3)特性
- Automating the packaging and deployment of
applications(使應用的打包與部署自動化) - Creation of lightweight, private PAAS environments(創建輕量、私密的PAAS環境)
- Automated testing and continuous
integration/deployment(實現自動化測試和持續的集成/部署) - Deploying and scaling web apps, databases and backend
services(部署與擴展webapp、數據庫和後臺服務)
由於其基於LXC的輕量級虛擬化的特點,docker相比KVM之類最明顯的特點就是啓動快,資源佔用小。因此對於構建隔離的標準化的運行環境,輕量級的PaaS(如dokku),
構建自動化測試和持續集成環境,以及一切可以橫向擴展的應用(尤其是需要快速啓停來應對峯谷的web應用)。
(4)侷限
Docker是基於Linux 64bit的,無法在32bit的linux/Windows/unix環境下使用
LXC是基於cgroup等linux kernel功能的,因此container的guest系統只能是linux base的
隔離性相比KVM之類的虛擬化方案還是有些欠缺,所有container公用一部分的運行庫 網絡管理相對簡單,主要是基於namespace隔離
cgroup的cpu和cpuset提供的cpu功能相比KVM的等虛擬化方案相比難以度量(所以dotcloud主要是按內存收費)
Docker對disk的管理比較有限 container隨着用戶進程的停止而銷燬,container中的log等用戶數據不便收集
(5)Docker和Vm區別
1.實現原理不同
VM通過Hypervisor提供基礎環境實現虛擬機 Docker通過docker
engine與物理機共享操作系統而不是在向虛擬機一樣,完全仿真一個虛擬操作系統,Docker達到了類似虛擬機的效果,但是又沒有虛擬機的開銷,它虛擬的層次更加高。Docker不虛擬機器,僅僅虛擬應用的運行環境
2.使用上的區別
Docker在宿主機器的操作系統上創建Docker引擎,直接在宿主主機的操作系統上調用硬件資源,而不是虛擬化操作系統和硬件資源,所以操作速度快。
這個其實安裝一個ubuntu的虛擬機和拉取一個Docker的ubuntu鏡像文件,運行一下就知道了,區別很明顯,虛擬機開一下大概得2分多鐘,而Docker只需要2秒鐘。
二:docker三個特徵
鏡像,容器,倉庫 docker實際可以理解爲簡易版的linux系統
容器就是鏡像的一個實例
倉庫(Repository)是存放鏡像的廠所
倉庫註冊服務器(Registry)放着多個倉庫,每個倉庫又放着多個鏡像,每個鏡像又有不同的標籤(類似版本號)
倉庫分爲公開倉庫和私有倉庫兩種形式 最大的公開庫是Docker Hub。(太慢,國外網站) 國內公開倉庫包括阿里雲,網易雲
三、docker的安裝及測試
部署環境:
[root@a ~]# ping qq.com
PING qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=50 time=59.6 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=50 time=152 ms
64 bytes from no-data (125.39.52.26): icmp_seq=3 ttl=50 time=210 ms
64 bytes from no-data (125.39.52.26): icmp_seq=4 ttl=50 time=88.2 ms
^C
--- qq.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3015ms
rtt min/avg/max/mdev = 59.646/127.784/210.411/58.431 ms
[root@a ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@a ~]# uname -r
3.10.0-1062.el7.x86_64
1、設置yum源
[root@a ~]# yum install -y yum-utils
[root@a ~]# yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
[root@a ~]# yum makecache fast
Docker安裝報錯:containerd.io-1.2.13-3.1.el7.x86_64 (docker-ce-stable) 需要:container-selinux >= 2:2.74
解決方案:
[root@a ~]# yum install -y wget
[root@a ~]# wget -O http://mirrors.aliyun.com/repo/Centos-7.repo
[root@a ~]# mv Centos-7.repo /etc/yum.repos.d/
[root@a ~]# yum install epel-release
[root@a ~]# yum install container-selinux
2、安裝最新版本的 Docker Engine-Community 和 containerd
[root@a ~]# yum install docker-ce docker-ce-cli containerd.io
...
Installed:
containerd.io.x86_64 0:1.2.13-3.2.el7 docker-ce.x86_64 3:19.03.8-3.el7
docker-ce-cli.x86_64 1:19.03.8-3.el7
Complete!
3、啓動服務
[root@a ~]# systemctl start docker
[root@a ~]# docker --version
Docker version 19.03.8, build afacb8b
4、配置鏡像加速器
登錄阿里雲搜素鏡像加速器
[root@a ~]# mkdir -p /etc/docker
[root@a ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://..............."]
}
EOF
[root@a ~]# systemctl daemon-reload
[root@a ~]# systemctl restart docker
[root@a ~]# ps -ef |grep docker
root 12225 1 0 08:10 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 12362 1737 0 08:12 pts/0 00:00:00 grep --color=auto docker
5、測試
[root@a ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:6a65f928fb91fcfbc963f7aa6d57c8eeb426ad9a20c7ee045538ef34847f44f1
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
6、run有什麼用?
開始>>>docker在本機中尋找鏡像>>>本機是否有該鏡像{1.有,以鏡像爲模板生產容器實例運行 2.沒有,去dockerHub上找}>>>dockerHub上能否找到{1.能,下載鏡像到本地,以鏡像爲模板生產容器實例運行 2.不能,返回錯誤值結束}
7、基礎命令
一、幫助命令
1、docker version(查看docker基本信息)
[root@a ~]# docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:25:42 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
2、docker info(查看容器信息)
[root@a ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1062.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 972.4MiB
Name: a
ID: VIBZ:LAXM:EH6G:R2JL:MQYU:7D25:HCZT:V234:BEP5:ZV67:RPG7:LZFY
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://wuz1gh9p.mirror.aliyuncs.com/
Live Restore Enabled: false
3、docker --help
[root@a ~]# docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var
and default context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
builder Manage builds
config Manage Docker configs
container Manage containers
context Manage contexts
engine Manage the docker engine
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit