二、Docker 基礎安裝和基礎使用 一

基礎環境

本次環境使用Centos 7.x版本系統，最小化安裝，系統基礎優化配置請查看 Centos 7.x 系統基礎優化

安裝

使用命令：yum install docker-io -y

[root@node ~]# yum install docker-io -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.13.1-68.gitdded712.el7.centos will be installed
--> Processing Dependency: docker-common = 2:1.13.1-68.gitdded712.el7.centos for package: 2:docker-1.13.1-6
8.gitdded712.el7.centos.x86_6
..........................................................................
..........................................................................
Installed:
  docker.x86_64 2:1.13.1-68.gitdded712.el7.centos                                                          

Dependency Installed:
  audit-libs-python.x86_64 0:2.8.1-3.el7                                                                   
  checkpolicy.x86_64 0:2.5-6.el7                                                                           
  container-selinux.noarch 2:2.66-1.el7                                                                    
  container-storage-setup.noarch 0:0.10.0-1.gitdf0dcd5.el7                                                 
  docker-client.x86_64 2:1.13.1-68.gitdded712.el7.centos                                                   
  docker-common.x86_64 2:1.13.1-68.gitdded712.el7.centos                                                   
  libcgroup.x86_64 0:0.41-15.el7                                                                           
  libsemanage-python.x86_64 0:2.5-11.el7                                                                   
  oci-register-machine.x86_64 1:0-6.git2b44233.el7                                                         
  oci-systemd-hook.x86_64 1:0.1.16-1.git05bd9a0.el7                                                        
  oci-umount.x86_64 2:2.3.3-3.gite3c9055.el7                                                               
  policycoreutils-python.x86_64 0:2.5-22.el7                                                               
  python-IPy.noarch 0:0.75-6.el7                                                                           
  setools-libs.x86_64 0:3.3.8-2.el7                                                                        
  skopeo-containers.x86_64 1:0.1.31-1.dev.gitae64ff7.el7.centos                                            
  yajl.x86_64 0:2.0.4-4.el7                                                                                

Complete!

啓動關閉docker

啓動docker：systemctl start docker
關閉docker：systemctl stop docker
設置開機自啓：systemctl enable docker

[root@node ~]# systemctl start docker
[root@node ~]# systemctl enable docker
[root@node ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-08-21 12:13:47 CST; 3s ago
     Docs: http://docs.docker.com
 Main PID: 1375 (dockerd-current)
   CGroup: /system.slice/docker.service
           ├─1375 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-cur...
           └─1383 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-cont...

Aug 21 12:13:46 node dockerd-current[1375]: time="2018-08-21T12:13:46.884994505+08:00" level=warning...tem"
Aug 21 12:13:46 node dockerd-current[1375]: time="2018-08-21T12:13:46.958221978+08:00" level=info ms...nds"
Aug 21 12:13:46 node dockerd-current[1375]: time="2018-08-21T12:13:46.959354596+08:00" level=info ms...rt."
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.017988947+08:00" level=info ms...rue"
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.196687154+08:00" level=info ms...ess"
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.343822834+08:00" level=info ms...ne."
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.712563117+08:00" level=info ms...ion"
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.712714528+08:00" level=info ms...13.1
Aug 21 12:13:47 node dockerd-current[1375]: time="2018-08-21T12:13:47.720577957+08:00" level=info ms...ock"
Aug 21 12:13:47 node systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

這樣，docker就安裝完成了。

docker 命令參數

命令：docker --help

[root@node ~]# docker --help

Usage:  docker COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -D, --debug              Enable debug mode
      --help               Print usage
  -H, --host list          Daemon socket(s) to connect to (default [])
  -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  container   Manage containers
  image       Manage images
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  volume      Manage volumes

Commands:
  attach      Attach to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

參數	解釋
attach	進入到正在運行的容器
build	構建docker文件鏡像
commit	建立一個鏡像修改容器
cp	在容器和本地複製文件和文件夾
create	建立一個容器
diff	檢查容器系統上文件是否發生改變
events	重服務器獲取實時推送
exec	在容器中運行命令
export	將容器的文件系統導出爲tar存檔
history	顯示鏡像的歷史變革
images	列出全部鏡像文件
import	從 tarball導入文件內容到建立一個系統鏡像文件
info	查看信息
inspect	返回底層信息的docker對象
kill	終止一個或多個正在運行的容器
load	加載圖像到一個tar歸檔文件或STDIN
login	登錄某個docker之中
logout	退出某個docker
logs	獲取容器運行的日誌
pause	暫停一個或多個容器進程
port	查看全部映射信息
ps	查看全部正在運行的容器
pull	拉取一個鏡像或者倉庫到源
push	提交一個鏡像或者倉庫到源
rename	重命名一個容器
restart	重啓一個或者多個容器
rm	刪除一個或者多個容器
rmi	刪除一個或者多個鏡像
run	運行一個新的容器
save	保存一個或者多個鏡像
search	在Docker Hub上查找鏡像
stats	顯示一個容器的資源使用情況
stop	中止一個或者多個容器
tag	給一個指定的鏡像建立一個標籤
top	顯示正在運行的容器進程
uppause	贊同一個或者多個容器的全部進程
update	更新一個或者多個容器的配置
version	顯示Docker版本號
wait	組織一個或者多個容器中止，而後打印他們推出的輸出

常規使用

docker構建了一個相似於github同樣的倉庫

搜索鏡像

搜索centos鏡像：docker search Docker-name

[root@node ~]# docker search centos
INDEX       NAME                                         DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/centos                             The official build of CentOS.                   4585      [OK]       
docker.io   docker.io/ansible/centos7-ansible            Ansible on Centos7                              115                  [OK]
docker.io   docker.io/jdeathe/centos-ssh                 CentOS-6 6.10 x86_64 / CentOS-7 7.5.1804 x...   99                   [OK]
docker.io   docker.io/consol/centos-xfce-vnc             Centos container with "headless" VNC sessi...   61                   [OK]
docker.io   docker.io/imagine10255/centos6-lnmp-php56    centos6-lnmp-php56                              44                   [OK]
docker.io   docker.io/tutum/centos                       Simple CentOS docker image with SSH access      43                   
docker.io   docker.io/centos/mysql-57-centos7            MySQL 5.7 SQL database server                   38                   
docker.io   docker.io/gluster/gluster-centos             Official GlusterFS Image [ CentOS-7 +  Glu...   32                   [OK]
docker.io   docker.io/openshift/base-centos7             A Centos7 derived base image for Source-To...   31                   
docker.io   docker.io/centos/python-35-centos7           Platform for building and running Python 3...   28                   
docker.io   docker.io/centos/postgresql-96-centos7       PostgreSQL is an advanced Object-Relationa...   26                   
docker.io   docker.io/kinogmt/centos-ssh                 CentOS with SSH                                 22                   [OK]
docker.io   docker.io/centos/php-56-centos7              Platform for building and running PHP 5.6 ...   14                   
docker.io   docker.io/openshift/jenkins-2-centos7        A Centos7 based Jenkins v2.x image for use...   14                   
docker.io   docker.io/pivotaldata/centos-gpdb-dev        CentOS image for GPDB development. Tag nam...   7                    
docker.io   docker.io/openshift/mysql-55-centos7         DEPRECATED: A Centos7 based MySQL v5.5 ima...   6                    
docker.io   docker.io/openshift/jenkins-1-centos7        DEPRECATED: A Centos7 based Jenkins v1.x i...   4                    
docker.io   docker.io/openshift/wildfly-101-centos7      A Centos7 based WildFly v10.1 image for us...   4                    
docker.io   docker.io/darksheer/centos                   Base Centos Image -- Updated hourly             3                    [OK]
docker.io   docker.io/pivotaldata/centos                 Base centos, freshened up a little with a ...   2                    
docker.io   docker.io/pivotaldata/centos-mingw           Using the mingw toolchain to cross-compile...   2                    
docker.io   docker.io/blacklabelops/centos               CentOS Base Image! Built and Updates Daily!     1                    [OK]
docker.io   docker.io/jameseckersall/sonarr-centos       Sonarr on CentOS 7                              0                    [OK]
docker.io   docker.io/pivotaldata/centos-gcc-toolchain   CentOS with a toolchain, but unaffiliated ...   0                    
docker.io   docker.io/smartentry/centos                  centos with smartentry                          0                    [OK]

說明：

列名	說明
INDEX	索引
NAME	鏡像名稱
DESCRIPTION	描述
STARS	星級，受歡迎的程度
OFFICIAL	是不是官方的
AUTOMATED	是不是自動構建的

須要注意的：NAME，官方的，就是Centos，而剩下的，是用戶名/名稱

獲取鏡像

命令：docker pull Docker-name

[root@node ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ... 
latest: Pulling from docker.io/library/centos
256b176beaff: Pull complete 
Digest: sha256:6f6d986d425aeabdc3a02cb61c02abb2e78e57357e92417d6d58332856024faf
Status: Downloaded newer image for docker.io/centos:lates

查看鏡像

命令：docker images

[root@node ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos    latest              5182e96772bf        2 weeks ago         200 MB

字段名	解釋
REPOSITORY	鏡像來自於那個倉庫
TAG	鏡像的標籤
IMAGE ID	鏡像的ID，每一個鏡像都有一個惟一的ID
CREATED	建立的時間
VIRTUAL SIZE	鏡像的大小

---

此時，鏡像也pull下來了，準備工做都作好了，下面就開始讓docker作一些簡單的事情了。

讓docker輸出點東西出來

命令：docker run centos /bin/echo 'Hello World.'

意思是：運行centos容器，並/bin/echo 輸出'Hello World.'

[root@node ~]# docker run centos /bin/echo 'Hello World.'
Hello World.

查看運行或者中止的全部容器

命令：docker ps -a

參數：  -l      表示只顯示最後一個容器 (小寫的L)

[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
99ceccfc37ac        centos              "/bin/echo 'Hello ..."   2 minutes ago       Exited (0) 2 minutes ago                       elegant_gates

字段名	解釋
CONTAINER ID	容器 ID
IMAGE	鏡像
COMMAND	運行的內容
CREATED	建立時間
STSTUA	容器狀態
PORTS	其餘
NAMES	容器名，若是不手動指定，則在名字庫中隨機獲取一個

docker run 的參數

參數	解釋
-a=map[]	附加標準輸入、輸出或者錯誤輸出
-c=0	共享CPU格式（相對重要）
-cidfile=「」	將容器的ID標識寫入文件
-d=false	分離模式，在後臺運行容器，而且打印出容器ID
-e=[]	設置環境變量
-h=「」	容器的主機名稱
-i=false	保持輸入流開放即便沒有附加輸入流
-privileged=false	給容器擴展的權限
-m=「」	內存限制 (格式:, unit單位 = b, k, m or g)
-n=true	容許鏡像使用網絡
-p=[]	匹配鏡像內的網絡端口號 支持格式：ip:hostPort:containerPort
-rm=false	當容器退出時自動刪除容器 (不能跟 -d一塊兒使用)
-t=false	分配一個僞造的終端輸入
-u=「」	用戶名或者ID
-dns=[]	自定義容器的DNS服務器
-v=[]	建立一個掛載綁定：[host-dir]:[container-dir]:[rw
-volumes-from=「」	掛載容器全部的卷
-entrypoint=「」	覆蓋鏡像設置默認的入口點
-w=「」	工做目錄內的容器
-lxc-conf=[]	添加自定義-lxc-conf=「lxc.cgroup.cpuset.cpus = 0,1″
-sig-proxy=true	代理接收全部進程信號(even in non-tty mode)
-expose=[]	讓你主機沒有開放的端口
-link=「」	鏈接到另外一個容器(name:alias)
-name=「」	分配容器的名稱，若是沒有指定就會隨機生成一個 ，容器的名稱是惟一的。
-P=false	Publish all exposed ports to thehost interfaces 公佈全部顯示的端口主機接口

docker容器也能當作正常的操做系統來使用，雖然不建議

命令：docker run --name 隨意指定一個docker名稱 -it 鏡像名 /bin/bash

-i 表示進入到容器的輸入終端
-t 表示開啓一個僞終端tty綁定到表輸入上

[root@node ~]# docker run --name mydocker -it centos /bin/bash
# 這裏看到運行後，提示符都變了，這個提示符是該容器的ID值
[root@7c9a7f01acb4 /]# ls
anaconda-post.log  bin  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
# 執行ps aux 只能夠看到兩個進程
[root@7c9a7f01acb4 /]# ps aux
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.0  11832  3036 ?        Ss   05:52   0:00 /bin/bash
root         15  0.0  0.0  51720  3512 ?        R+   05:53   0:00 ps aux
# 能夠建立一個文件或目錄
[root@7c9a7f01acb4 /]# cd /tmp/
[root@7c9a7f01acb4 tmp]# mkdir mydocker
[root@7c9a7f01acb4 tmp]# ls -ld mydocker/
drwxr-xr-x 2 root root 6 Aug 22 05:57 mydocker/
# 查看該容器的ip地址
[root@7c9a7f01acb4 tmp]# yum install net-tools
[root@7c9a7f01acb4 tmp]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 0.0.0.0
        inet6 fe80::42:acff:fe11:2  prefixlen 64  scopeid 0x20<link>
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 3748  bytes 12494964 (11.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2696  bytes 149466 (145.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
# 使用exit退出容器
[root@7c9a7f01acb4 tmp]# exit
exit
# 退出後，能夠看到命令提示符也變回原來的了。
[root@node ~]#

在執行上述命令的過程都幹啥了？

• 檢查本地是否存在指定的鏡像，不存在就從公有倉庫下載
• 利用鏡像建立並啓動一個容器
• 分配一個文件系統，並在只讀的鏡像層外面掛載一層可讀寫層
• 從宿主主機配置的網橋接口中橋接一個虛擬接口到容器中去
• 從地址池配置一個 ip 地址給容器
• 執行用戶指定的應用程序
• 執行完畢後容器被終止

在容器中能夠正常操做，只是有不少命令都沒有

退出後，再次查看一下容器狀態

[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                        PORTS               NAMES
7c9a7f01acb4        centos              "/bin/bash"              10 minutes ago      Exited (127) 44 seconds ago                       mydocker
99ceccfc37ac        centos              "/bin/echo 'Hello ..."   35 minutes ago      Exited (0) 35 minutes ago                         elegant_gates

能夠看到容器名是咱們指定的，而且已經退出了，生命週期已經結束了。

啓動一箇中止的容器

命令：docker start 容器ID

# 經過docker ps -a 查看容器ID
[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                        PORTS               NAMES
7c9a7f01acb4        centos              "/bin/bash"              10 minutes ago      Exited (127) 44 seconds ago                       mydocker
99ceccfc37ac        centos              "/bin/echo 'Hello ..."   35 minutes ago      Exited (0) 35 minutes ago                         elegant_gates
# 運行
[root@node ~]# docker start 99ceccfc37ac
99ceccfc37ac
#再次查看
[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                       PORTS               NAMES
7c9a7f01acb4        centos              "/bin/bash"              13 minutes ago      Exited (127) 3 minutes ago                       mydocker
99ceccfc37ac        centos              "/bin/echo 'Hello ..."   38 minutes ago      Exited (0) 2 seconds ago                         elegant_gates

這裏看到運行後查看也退出了，由於咱們運行的容器只是輸出了一個'Hello World.'程序就退出了，容器也就結束了。

中止一個容器

命令：docker stop 容器ID

這裏就不演示了。

刪除一個容器

命令：docker rm 容器ID

正常只能刪除已經中止的容器，若是是啓動狀態，會報錯，除非增長-f 參數強制刪除。

[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                       PORTS               NAMES
7c9a7f01acb4        centos              "/bin/bash"              13 minutes ago      Exited (127) 3 minutes ago                       mydocker
99ceccfc37ac        centos              "/bin/echo 'Hello ..."   38 minutes ago      Exited (0) 2 seconds ago                         elegant_gates
[root@node ~]# docker rm 7c9a7f01acb4
7c9a7f01acb4
# 這裏能夠看到已經被刪除了。
[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
99ceccfc37ac        centos              "/bin/echo 'Hello ..."   45 minutes ago      Exited (0) 7 minutes ago                       elegant_gates

啓動一個nginx容器

因爲沒有先pull 下來nginx鏡像，因此在啓動的時候會自動下載

[root@node ~]# docker run -d --name mynginx nginx
Unable to find image 'nginx:latest' locally
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
be8881be8156: Pull complete
32d9726baeef: Pull complete
87e5e6f71297: Pull complete
Digest: sha256:d85914d547a6c92faa39ce7058bd7529baacab7e0cd4255442b04577c4d1f424
Status: Downloaded newer image for docker.io/nginx:latest
# 啓動的nginx容器的容器ID
2a6782e62a5fc419396c68a690f8673b989188ef28f18161f03811e7f0014251

# 查看容器，能夠看到nginx容器正在運行
[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
2a6782e62a5f        nginx               "nginx -g 'daemon ..."   11 seconds ago      Up 10 seconds       80/tcp              mynginx

進入到剛剛啓動的容器當中

[root@node ~]# docker attach 2a6782e62a5f
^C[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                     PORTS               NAMES
2a6782e62a5f        nginx               "nginx -g 'daemon ..."   About a minute ago   Exited (0) 5 seconds ago                       mynginx
# 使用control + C 退出後，再次查看容器，會發現容器已經退出了

這裏會發現進不去，一直夯在這裏，實際以及進去了，只是卡住了
這是個通病，因此通常不適用該工具進入到容器中，使用另外一個工具；

使用nsenter工具進入到容器的namespace命名空間

默認Centos 應該會有這個命令，若是沒有，則只須要安裝：

yum install util-linux -y

這樣就能夠了。

從新啓動nginx容器，而後經過nsenter工具進入到容器中.

[root@node ~]# docker start 2a6782e62a5f
2a6782e62a5f
[root@node ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
2a6782e62a5f        nginx               "nginx -g 'daemon ..."   2 minutes ago       Up 4 seconds        80/tcp              mynginx

經過下面命令獲取到容器的PID：

docker inspect --format "{{.State.Pid}}" 容器名稱或容器ID

[root@node ~]# docker inspect --format "{{.State.Pid}}" mynginx
3982
[root@node ~]# nsenter --target 3982 --mount --uts --ipc --net --pid
mesg: ttyname failed: No such file or directory
root@2a6782e62a5f:/# /etc/init.d/nginx status
[ ok ] nginx is running.

從上述能夠看到，已經進入到了nginx的容器中了。