Docker容器技術基礎入門篇
Docker容器技術基礎入門篇
html
做者:尹正傑前端
版權聲明:原創做品,謝絕轉載!不然將追究法律責任。node
一.容器(Container)python
1>.什麼是容器linux
容器是一種基礎工具;泛指任何能夠用於容納其它物品的工具,能夠部分或徹底封閉,被用於容納,存儲,運輸物品;物體能夠被放置在容器中,而容器則能夠保護內容物。
人類使用容器的歷史至少有十萬年,甚至可能有數百萬的歷史。
2>.容器的類型git
瓶:
指口部比腹部窄小,頸長的容器。
罐:
指那些開口較大,通常爲近圓筒形的器皿。
箱:
一般是立方體或圓柱體。形狀固定。
藍:
以條形物編織而成。
桶:
一種圓柱形的容器。
袋:
柔性材料製成的容器,形狀會受內容物而變化。
翁:
一般是指陶製,口小肚大的容器。
碗:
用來盛載食物的容器。
櫃:
指由一個盒組成的傢俱。
鞘:
用於裝載刀刃的容器。
3>.什麼是 Linux 容器?github
Linux容器是與系統其餘部分隔離開的一系列進程。運行這些進程所需的全部文件都由另外一個鏡像提供,這意味着從開發到測試再到生產的整個過程當中,Linux 容器都具備可移植性和一致性。於是,相對於依賴重複傳統測試環境的開發渠道,容器的運行速度要快得多。
假設您在開發一個應用。您使用的是一臺筆記本電腦,並且您的開發環境具備特定的配置。其餘開發人員身處的環境配置可能稍有不一樣。您正在開發的應用不止依賴於您當前的配置,還須要某些特定的庫、依賴項和文件。與此同時,您的企業還擁有標準化的開發和生產環境,有着本身的配置和一系列支持文件。您但願儘量多在本地模擬這些環境,而不產生從新建立服務器環境的開銷。所以,您要如何確保應用可以在這些環境中運行和經過質量檢測,而且在部署過程當中不出現使人頭疼的問題,也無需從新編寫代碼和進行故障修復?答案就是使用容器。
容器能夠確保您的應用擁有必需的庫、依賴項和文件,讓您能夠在生產中自如地遷移這些應用,無需擔憂會出現任何負面影響。實際上,您能夠將容器鏡像中的內容,視爲 Linux 發行版的一個安裝實例,由於其中完整包含 RPM 軟件包、配置文件等內容。可是,安裝容器鏡像發行版,要比安裝新的操做系統副本容易得多。這樣能夠避免危機,作到皆大歡喜。詳情請參考:https://www.redhat.com/zh/topics/containers/whats-a-linux-container。
4>.容器不就是虛擬化嗎?web
不徹底如此。更確切的說法應該是:二者爲互補關係。咱們用一種簡單方式來思考一下:
主機級虛擬化:
虛擬化使得您的操做系統(Windows 或 Linux)可同時在單個硬件系統上運行。即須要虛擬整個完整物理硬件平臺,典型表明就是咱們常見的「VMware Workstation」。
容器級虛擬化:
容器則可共享同一個操做系統內核,將應用進程與系統其餘部分隔離開。例如:ARM Linux 系統運行 ARM Linux 容器,x86 Linux 系統運行 x86 Linux 容器,x86 Windows 系統運行 x86 Windows 容器。Linux 容器具備極佳的可移植性,但前提是它們必須與底層系統兼容。
這意味着什麼?虛擬化會使用虛擬機監控程序模擬硬件,從而使多個操做系統可以並行運行。但這不如容器輕便。事實上,在僅擁有容量有限的有限資源時,您須要可以能夠進行密集部署的輕量級應用。Linux 容器在本機操做系統上運行,與全部容器中共享該操做系統,所以應用和服務可以保持輕巧,並行化快速運行。
Linux 容器是咱們開發、部署和管理應用方式的又一次飛躍。Linux 容器鏡像提供了可移植性和版本控制,確保可以在開發人員的筆記本電腦上運行的應用,一樣也能在生產環境中正常運行。相較於虛擬機,Linux 容器在運行時所佔用的資源更少,使用的是標準接口(啓動、中止、環境變量等),並會與應用隔離開;此外,做爲(包含多個容器)大型應用的一部分時更加易於管理,並且這些多容器應用能夠跨多個雲環境進行編排。
5>.容器簡史redis
容器並不是起源於 Linux,但開源世界的最精彩之處就在於借鑑、修改和改進,容器也不例外。 咱們如今稱爲容器技術的概念最初出如今 2000 年,時稱 FreeBSD jail,這種技術可將 FreeBSD 系統分區爲多個子系統(也稱爲 Jail)。Jail 是做爲安全環境而開發的,系統管理員可與企業內部或外部的多個用戶共享這些 Jail。Jail 的目的是讓進程在通過修改的 chroot 環境中建立,而不會脫離和影響整個系統 — 在 chroot 環境中,對文件系統、網絡和用戶的訪問都實現了虛擬化。儘管 Jail 在實施方面存在侷限性,但最終人們找到了脫離這種隔離環境的方法。但這個概念很是有吸引力。 2001 年,經過 Jacques Gélinas 的 VServer 項目,隔離環境的實施進入了 Linux 領域。正如 Gélinas 所說,這項工做的目的是「在高度獨立且安全的單一環境中運行多個通用 Linux 服務器 [sic]。」 在完成了這項針對 Linux 中多個受控制用戶空間的基礎性工做後,Linux 容器開始逐漸成形並最終發展成瞭如今的模樣。
6>.容器變得具備實用性docker
很快,更多技術結合進來,讓這種隔離方法從構想變爲現實。控制組 (cgroups) 是一項內核功能,可以控制和限制一個進程或多組進程的資源使用。而 systemd 初始化系統可設置用戶空間,而且管理它們的進程,cgroups 使用該系統來更嚴密地控制這些隔離進程。這兩種技術在增長對 Linux 的總體控制的同時,也成爲了保持環境隔離的重要框架。
內核命名空間的改進,推進了容器的進一步發展。利用內核命名空間,從進程 ID 到網絡名稱,一切均可在 Linux 內核中實現虛擬化。新增的用戶命名空間「使得用戶和組 ID 能夠按命名空間進行映射。對於容器而言,這意味着用戶和組能夠在容器內部擁有執行某些操做的特權,而在容器外部則沒有這種特權。」Linux 容器項目 (LXC) 還添加了用戶急需的一些工具、模板、庫和語言綁定,從而推進了這些進步,進而改善了使用容器的用戶體驗。
雖然 LXC 使得用戶可以經過簡單的命令行界面輕鬆地啓動使用容器,可是和咱們過去使用的虛擬機來說,它的複雜程度並無多大下降,並且其隔離性依舊沒有虛擬機好。
LXC最大的好處就是在性能和資源上有所節約,可是在大規模容器使用上LXC依然沒有找到很好的突破口,因而後來就出現了Docker。從這個角度來說,Docker是什麼東西呢?它是LXC的加強版,本身也不是容器,而是容器的前端應用工具。容器時Linux內核中的技術,Docker只是把容器技術的使用用它的簡化得以普及而已。
7>.進入 Docker 技術時代
2008 年,Docker 公司憑藉與公司同名的容器技術經過 dotCloud 登上了舞臺。Docker 技術帶來了不少新的概念和工具,包括可運行和構建新的分層鏡像的簡單命令行界面、服務器守護進程、含有預構建容器鏡像的庫以及註冊表服務器概念。經過綜合運用這些技術,用戶能夠快速構建新的分層容器,並輕鬆地與他人共享這些容器。 紅帽意識到了在這個全新的生態系統中協做可以產生的巨大力量,於是在咱們的 OpenShift 容器平臺中採用了底層技術。爲了不如此重要的技術被單個供應商掌控,Docker Inc. 向社區主導型開源項目提供了不少底層組件(runc 源自開放容器計劃,containerd 已移交給 CNCF)。 咱們可經過三個主要標準,來確保各類容器技術間的互操做性,即 OCI 鏡像、分發和運行時規範。經過遵循上述規範,社區項目、商用產品和雲技術提供商能夠構建可互操做的容器技術(可將您自行構建的鏡像,推送至雲技術提供商的註冊表服務器——完成這一操做後,鏡像才能正常工做)。當前,紅帽和 Docker 等公司都是開放容器計劃(OCI)的成員,致力於實現容器技術的開放行業標準化。
二.Linux Namespaces種類
從內核版本4.10開始,有7種命名空間。命名空間功能在全部類型中都是相同的:每一個進程都與命名空間相關聯,而且只能查看或使用與該命名空間關聯的資源,以及適用的後代命名空間。這樣,每一個進程(或其組)能夠具備關於資源的惟一視圖。隔離哪一個資源取決於爲給定進程組建立的命名空間的類型。如下內容參考自:https://en.wikipedia.org/wiki/Linux_namespaces。
1>.裝載(Mount ,簡稱:mnt) 掛載命名空間控制掛載點。建立後,當前mount命名空間中的掛載將複製到新的命名空間,但以後建立的掛載點不會在命名空間之間傳播(使用共享子樹,能夠在命名空間之間傳播掛載點)。 用於建立此類型的新命名空間的克隆標誌是CLONE_NEWNS - 「NEW NameSpace」的縮寫。這個術語不是描述性的(由於它沒有說明要建立哪一種命名空間),由於mount命名空間是第一種命名空間,設計者沒有預料到會有其餘命名空間。 系統調用參數爲:"CLONE_NEWNS",從內核版本"2.4.19"就開始支持。 2>.進程ID(Process ID 簡稱:pid) PID命名空間爲進程提供來自其餘命名空間的獨立進程ID(PID)集。PID名稱空間是嵌套的,這意味着在建立新進程時,它將爲每一個名稱空間從其當前名稱空間到初始PID名稱空間具備PID。所以,初始PID命名空間可以查看全部進程,儘管具備與其餘命名空間不一樣的PID將看到進程。 在PID命名空間中建立的第一個進程被分配了進程ID號1,而且接收了大多數與正常init進程相同的特殊處理,最值得注意的是命名空間中的孤立進程被附加到它。這也意味着此PID 1進程的終止將當即終止其PID命名空間和任何後代中的全部進程。 系統調用參數爲:"CLONE_NEWPID",從內核版本"2.6.24"就開始支持。 3>.網絡(Network 簡稱:net) 網絡命名空間虛擬化網絡堆棧。在建立時,網絡命名空間僅包含環回接口。 每一個網絡接口(物理或虛擬)都存在於1個命名空間中,能夠在命名空間之間移動。 每一個命名空間都有一組私有IP地址,本身的路由表,套接字列表,鏈接跟蹤表,防火牆和其餘與網絡相關的資源。 銷燬網絡命名空間會破壞其中的任何虛擬接口,並將其中的任何物理接口移回初始網絡命名空間。 系統調用參數爲:"CLONE_NEWNET",從內核版本"2.6.29"就開始支持。 4>.進程間通訊(Interprocess Communication 簡稱:ipc) IPC名稱空間將進程與SysV樣式的進程間通訊隔離開來。這能夠防止不一樣IPC名稱空間中的進程使用例如SHM系列函數在兩個進程之間創建一系列共享內存。相反,每一個進程將可以爲共享內存區域使用相同的標識符,並生成兩個這樣的不一樣區域。同一機器之間進程通訊的方式有不少,好比消息隊列(message queues),共享內存(shared memory)等等。跨主機之間的通訊咱們稱之爲套接字通訊,也是咱們應用最多的! 系統調用參數爲:"CLONE_NEWIPC",從內核版本"2.6.19"就開始支持。 5>.悉尼科技大學(簡稱:UTS) UTS名稱空間容許單個系統看起來具備不一樣進程的主機名和域名。 系統調用參數爲:"CLONE_NEWUTS",從內核版本"2.6.19"就開始支持。 6>.用戶ID(User ID 簡稱:user) 用戶命名空間是一種在多組進程中提供權限隔離和用戶標識隔離的功能。經過管理幫助,能夠構建具備看似管理權限的容器,而無需實際提高用戶進程的權限。與PID命名空間同樣,用戶命名空間是嵌套的,而且每一個新用戶命名空間都被視爲建立它的用戶命名空間的子節點。 用戶命名空間包含一個映射表,用於將用戶ID從容器的角度轉換爲系統的角度。例如,這容許root用戶在容器中具備用戶id 0,但實際上系統將其視爲用戶ID 1,400,000以進行全部權檢查。相似的表用於組ID映射和全部權檢查。 爲了促進管理操做的權限隔離,每一個命名空間類型在建立時基於活動用戶命名空間被用戶命名空間認爲。在相應的用戶命名空間中具備管理權限的用戶將被容許在該其餘命名空間類型中執行管理操做。例如,若是進程具備更改網絡接口的IP地址的管理權限,則只要其本身的用戶命名空間與擁有網絡命名空間的用戶命名空間(或其祖先)相同,它就能夠這樣作。所以,初始用戶命名空間具備對系統中全部命名空間類型的管理控制。 系統調用參數爲:"CLONE_NEWUSER",從內核版本"3.8"就開始支持,所以CentOS 6.x 自然就排除在外了,由於CentOS 6.x 使用的是2.6.x的內核。 7>.對照組(也叫控制組,英文名稱爲:Control group 簡稱:cgroup) cgroup命名空間類型隱藏了進程所屬的控制組的標識。 在這樣的命名空間中的進程,檢查任何進程所屬的控制組,將看到實際上相對於在建立時設置的控制組的路徑,隱藏其真實的控制組位置和身份。 此命名空間類型自Linux 4.6以來就已存在。 對cgroups來說,它無非就是把系統級的資源分紅多個組,而後把每個組內的資源量分配到特定的用戶空間的進程上去的事情。它包括如下資源: blkio:
塊設備IO cpu:
分配CPU cpuacct:
CPU資源使用報告 cpuset:
多處理平臺上的CPU集合 devices:
設備訪問 freezzer:
掛在或恢復任務 memory:
內存用量及報告 perf_event:
對cgroup中的任務進行統一性能測試 net_cls:
cgroup中的任務建立的數據報告的類別標識符
三.Docker簡史
1>.什麼是Docker
LXC最大的好處就是在性能和資源上有所節約,可是在大規模容器使用上LXC依然沒有找到很好的突破口,因而後來就出現了Docker。從這個角度來說,Docker是什麼東西呢?它是LXC的加強版,本身也不是容器,而是容器的前端應用工具。容器時Linux內核中的技術,Docker只是把容器技術的使用用它的簡化得以普及而已。 咱們知道LXC在大規模建立容器很難,或者在另外一臺主機克隆一個和當前主機容器如出一轍的容器也很難。所以Docker就在這方面找解決方案了。 早期的Docker就是一個LXC的二次封裝發行版(後來Docker公司研發了libcontainer來替代LXC,不過此時Docker已被CNCF挾持了,固然容器的話語權依舊歸Docker公司,這並非說CNCF組織沒有能力Docker的標準,只不過他們真那樣作就太欺負Docker公司了,後來Docker又轉型到runC)。功能上是這樣實現的:利用LXC作容器管理引擎,可是在建立容器用戶空間時不在用LXC的模板現場安裝生成容器,而是實事先經過一種鏡像技術(相似於KVM鏡像啓動),把一個操做系統用戶空間所要用到的全部組件事先準備編排好打包成一個文件,這個文件Docker稱之爲鏡像文件。 「Docker」 一詞指代了多個概念,包括開源社區項目、開源項目使用的工具、主導支持此類項目的公司 Docker Inc. 以及該公司官方支持的工具。技術產品和公司使用同一名稱,的確讓人有點困惑。咱們來簡單說明一下: IT 軟件中的 「Docker」 是指容器化技術,用於建立和使用 Linux 容器。 開源 Docker 社區致力於改進這類技術,並免費提供給全部用戶,互利雙贏。 Docker Inc. 公司憑藉 Docker 社區產品起家,它主要負責提高社區版本的安全性,並將技術進步與廣大技術社區分享。此外,它還專門對這些技術產品進行完善和安全加固,服務於企業客戶。 藉助 Docker,您可將容器當作輕巧、模塊化的虛擬機使用。同時,您還將得到高度的靈活性,從而能夠高效地建立、部署和複製容器,並能將其從一個環境順利遷移至另外一個環境。詳情請參考:https://www.redhat.com/zh/topics/containers/what-is-docker。
2>.Docker容器編排技術
Docker 在最初設計時只關注了單一容器該如何更好的運行,隨後不久他們意識到了單一容器自己的管理是沒有太大價值的。換句話說,docker本身的價值在單一的docker中並無發揮出來,而是須要用容器編排系統的支撐他才能發揮出來。所以想法設法的,既要維護容器技術,另一方面開始去開發容器編排系統。因而就有了docker容器編排三劍客,即docker-machine,docker-swarm以及docker-compose等技術都是docker的容器編排系統。 Apache軟件基金會(也就是Apache Software Foundation,簡稱爲ASF)開源的統一資源調度和分配工具Mesos,Mesos結合中間層Marathon就能夠實現容器編排功能啦。 Google這家公司祕而不宣在公司內部使用容器技術(Borg爲容器編排技術)已經有十幾年的歷史啦,聽說每一週新建和銷燬的容器就多達幾十億個,Docker居然因緣巧合摸到了這個門道並且還作成了開源軟件,此時Google公司就坐不住了,但此時Docker已經在容器技術上獨霸話語權啦,而Google內部使用的Borg和Omega均是內部自用的容器調度工具(作大數據運維的小夥伴應該有了解這兩個組件)是閉源的,公司內部用的不能直接開源。惋惜Docker陣營並不團結,CoreOS公司從Docker分手後,開發了Rocket容器(簡稱rkt,Github地址爲:https://github.com/rkt/rkt)與Docker爭雄。此時Google公司扶持Rocket來和Docker反着幹。但惋惜rkt並非Docker的對手。此時Google發現Docker容器編排技術依舊是其弱項,因而Google憑藉着本身內部使用的Brog和Omage的十幾年使用經驗開源了kubernetes容器編排技術,Kubernetes(簡稱K8S)的橫空出世這對Docker簡直就是降維打擊!這讓docker自研的容器編排招架不住(這三家公司原本市場打的很精彩的,在2017年12月基本已塵埃落定,K8s佔據了80%左右的市場份額,成了實時上的標準。在此基礎之上,Google還主導成立了"Cloud Native Computing Foundation",簡稱"CNCF")。 有人說Docker技術仍在,Docker公司已死,說是Docker公司拿了一手好牌(Docker容器)卻打的稀爛,主要是諷刺Docker公司在容器編排上一無建樹。咱們做爲過後諸葛亮怎麼評論都容易,若是讓你成爲Docker主事者未必能帶領Docker走上更好的方向,這也不必定。
其實kubernetes的在谷歌公司內部獲得了很普遍的應用。容器技術不少公司都在搞,Google 再用,阿里也在用,只不過阿里有他們本身的容器化技術,應用的普遍性和Docker還無法比!
3>.Docker發行版本
咱們知道Docker在容器編排技術上敗給了K8s,大量市場被Google公司拿下,所以它沒有找到一個很好的變現方式。 爲了讓Docker項目作的更大,目的是吸引更多的投資人,未來未上市就想成爲傳說中的"獨角獸",此時發現Docker這個關鍵詞在互聯網上很是火,該公司始終沒法變現。因而將Docker開源版作了雙發行版本,即Docker社區版和Docke企業版。後來Docker公司負責人講開源的Docker開源版本改名爲"Moby",而互聯網想要搜索"Docker"關鍵詞的流量都引入了"Docker 企業版"網站。這樣作估計你們也理解,由於它是一家商業公司。後來有一段時間Docker社區版對此作法有不少不滿。後來Docker的CEO不得不解釋說是爲了Docker 社區版更好的發展。不少碼農估計都念叨過:「我信你個鬼,你個糟老頭子壞得很!」 K8S將Docker社區版合併的代碼貢獻給CNCF組織,其目的是要告訴你們Google公司不會講K8S私有化,這樣你們方能大膽使用。如今K8S使用Go語言研發(Docker也是使用Go語言研發),而k8s目前還未成熟,更新版本迭代是至關之快。 最先的時候docker就是一個開源項目,主要由docker公司維護。2017年年初,docker公司將原先的docker項目更名爲moby,並建立了docker-ce和docker-ee。這三者的關係是: 1>.moby是繼承了原先的docker的項目,是社區維護的的開源項目,誰均可以在moby的基礎打造本身的容器產品; 2>.docker-ce是docker公司維護的開源項目,是一個基於moby項目的免費的容器產品; 3>.docker-ee是docker公司維護的閉源產品,是docker公司的商業產品;
moby project由社區維護,docker-ce project是docker公司維護,docker-ee是閉源的。要使用免費的docker,從網頁docker-ce上獲取。要使用收費的docker,從網頁docker-ee上獲取。
docker-ce的發佈計劃v1.13.1以後,發佈計劃更改成: Edge: 月版本,每個月發佈一次,命名格式爲YY.MM,維護到下個月的版本發佈 Stable: 季度版本,每季度發佈一次,命名格式爲YY.MM,維護4個月
博主推薦閱讀一:https://blog.csdn.net/m2l0zgssvc7r69efdtj/article/details/78944851 博主推薦閱讀二:https://blog.csdn.net/yk20091201/article/details/80016135
4>.Docker種的容器
咱們如今不少人應該都知道容器目前分爲兩大組織,一個是Google爲首的CNCF組織,該組織有一種另起竈爐想要把Google公司排擠在外的意圖,隨着容器的發展無疑是要有一款標準化開源產品,而這個標準由誰來定製呢?CNCF徹底有這個實例來開發一套容器開源產品,由於該組織裏面有意見超大型互聯網公司Google,而目前關於容器的發言權依舊是給了Docker公司,由該公司來定製Docker的標準,Docker已經開發libcontainer容器引擎來替換LXC引擎,後來有研發了runC容器引擎來替換libcontainer。如今runC已經稱爲了容器運行時的工業標準。總的來講,Docker中的容器演變過程爲:lxc ---> libcontainer ---> runC 。
後來在Docker的主導下,孕育了OCF和OCI(Open Container Initiative)。
Open Container Initiative(簡稱OCI):
1>.由Linux僅僅會主導2015年6月創立;
2>.旨在圍繞容器格式和運行時定製一個開放的工業化標準;
3>.兩個標準分別爲運行時標準(the Runtime Specification(runtime-spec))和鏡像格式標準(the Image Specification(image-spec));
Open Container Format(簡稱OCF):
1>.runC是OCF重要實現之一;
2>.目前runC是當前Docker使用的容器引擎;
無論咱們怎麼認爲Docker被人欺負,可是到今天爲止,Docker確實是你們心中的容器技術。談到容器你可能不知道LXC是什麼,也可能不知道Linux名稱空間究竟是什麼,可是你們都知道Docker。因此到今天位置不管k8s本身認爲在容器編排領域多麼一家獨大,但依然沒法擺脫Docker。儘管K8s支持不少種容器(Docker只是其中一種),但Docker依舊是在主流。在實際工做種大多數都是K8S+Docker。所以咱們想要很好的掌握k8s還不得不要好好學習一下Docker。
四.Docker架構
Docker 採用的是 Client/Server 架構。客戶端向服務器發送請求,服務器負責構建、運行和分發容器。客戶端和服務器能夠運行在同一個 Host 上,客戶端也能夠經過 socket 或 REST API 與遠程的服務器通訊。參考連接:https://www.cnblogs.com/CloudMan6/p/6763789.html
一.Client: Docker 客戶端,最經常使用的 Docker 客戶端是 docker 命令。經過docker咱們能夠方便地在Host上構建和運行容器。 docker 支持不少操做( docker 命令行工具),用戶也能夠經過 REST API 與服務器通訊。 Client和Docker daemon通訊可以使用https/http協議進行通訊,爲了安全起見,默認使用的就是https協議。 二.Docker daemon: Docker daemon 是服務器組件(Docker 守護進程服務器 ),以 Linux 後臺服務的方式運行。 Docker daemon 運行在 Docker host 上,負責建立、運行、監控容器,構建、存儲鏡像。默認配置下,Docker daemon 只能響應來自本地 Host 的客戶端請求。若是要容許遠程客戶端請求,須要在配置文件中打開TCP監聽(支持IPV4和IPV6)。 三.Image: 可將Docker鏡像當作只讀模板,經過它能夠建立Docker容器。例如某個鏡像可能包含一個Ubuntu操做系統、一個Apache HTTP Server以及用戶開發的Web應用。 鏡像有多種生成方法: 能夠從無到有開始建立鏡像; 也能夠下載並使用別人建立好的現成的鏡像 還能夠在現有鏡像上建立新的鏡像 咱們能夠將鏡像的內容和建立步驟描述在一個文本文件中,這個文件被稱做 Dockerfile,經過執行 docker build <docker-file> 命令能夠構建出 Docker 鏡像。 Docker官方鏡像地址: https://hub.docker.com/。 阿里的docker鏡像地址: https://mirrors.aliyun.com/docker-ce/linux/ 清華大學docker鏡像地址: https://mirrors.tuna.tsinghua.edu.cn/docker-ce/ 四.Registry:
咱們去構建鏡像時,鏡像作好以後應該有一個統一存放位置,咱們稱之爲Docker倉庫,Registry是存放Docker鏡像的倉庫(官方默認倉庫在"https://hub.docker.com"),Registry分私有和公有兩種。Images和Registry之間默認使用的時https協議,固然若是你非要指定爲http協議也是能夠的。 啓動容器時,docker daemon會試圖從本地獲取相關的鏡像;本地鏡像不存在時,其將從Registry中下載該鏡像並保存到本地。
Registry用於保存docker鏡像,包括鏡像的層次結構和元數據。用戶可自建Registry,也可以使用官方的Docker Hub。
Docker Registry可分爲如下幾類:
Sponsor Registry:第三方的registry,供客戶端和Docker社區使用。
Mirror Registry:第三方的registry,只讓客戶使用。
Vendor Registry:由發佈Docker鏡像的供應商提供的registry。
Private Registry:經過設有防火牆和額外的安全層的私有實體提供的registry。
Registry包括Repository和Index,詳細說明以下:
Repository:
由某特定的docker鏡像的全部迭代版本組成的鏡像倉庫;
一個Registry中能夠存在多個Repository:
Repository可分爲"頂層倉庫"和"用戶倉庫";
用戶倉庫名稱格式爲"用戶名/倉庫名"。
每一個倉庫能夠包含多個Tag(標籤),每一個標籤對應一個鏡像;
Index:
維護用戶帳戶,鏡像的校驗以及公共命名空間的信息;
至關於爲Registry提供了一個完成用戶認證等功能的檢索接口。
Docker Registry中的鏡像一般由開發人員製做,然後推送至"公共"或"私有"Registry上保存,供其它人員使用,例如"部署"到生產環境。
五.Container: Docker容器,用於加載Docker鏡像。換句話說,Docker容器就是Docker鏡像的運行實例。咱們知道鏡像(Image)是隻讀的,在啓動一個Container時,其實就是基於Image來新建一個專用的可寫倉供用戶使用。
五.安裝Docker
1>.查看Docker-ce的官方文檔(https://docs.docker.com/install/)
2>.下載docker的yum的阿里雲源
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install wget Loaded plugins: fastestmirror base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/4): base/7/x86_64/group_gz | 166 kB 00:00:00 (2/4): extras/7/x86_64/primary_db | 187 kB 00:00:00 (3/4): updates/7/x86_64/primary_db | 3.3 MB 00:00:02 (4/4): base/7/x86_64/primary_db | 6.0 MB 00:00:05 Determining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.neusoft.edu.cn * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package wget.x86_64 0:1.14-18.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================================================================================================== Installing: wget x86_64 1.14-18.el7 base 547 k Transaction Summary ========================================================================================================================================================================================================================== Install 1 Package Total download size: 547 k Installed size: 2.0 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-18.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY================================================- ] 0.0 B/s | 511 kB --:--:-- ETA Public key for wget-1.14-18.el7.x86_64.rpm is not installed wget-1.14-18.el7.x86_64.rpm | 547 kB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wget-1.14-18.el7.x86_64 1/1 Verifying : wget-1.14-18.el7.x86_64 1/1 Installed: wget.x86_64 0:1.14-18.el7 Complete! [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo --2019-03-23 07:45:05-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 116.136.134.81, 27.221.93.97, 27.221.93.93, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|116.136.134.81|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2640 (2.6K) [application/octet-stream] Saving to: ‘/etc/yum.repos.d/docker-ce.repo’ 100%[================================================================================================================================================================================>] 2,640 --.-K/s in 0s 2019-03-23 07:45:07 (41.1 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [2640/2640] [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
3>.安裝docker
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install docker-ce Loaded plugins: fastestmirror docker-ce-stable | 3.5 kB 00:00:00 (1/2): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:00 (2/2): docker-ce-stable/x86_64/primary_db | 25 kB 00:00:00 Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.neusoft.edu.cn * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package docker-ce.x86_64 3:18.09.3-3.el7 will be installed --> Processing Dependency: container-selinux >= 2.9 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: containerd.io >= 1.2.2-3 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libseccomp >= 2.3 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: docker-ce-cli for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libcgroup for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libseccomp.so.2()(64bit) for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Running transaction check ---> Package container-selinux.noarch 2:2.74-1.el7 will be installed --> Processing Dependency: selinux-policy-targeted >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: selinux-policy-base >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: selinux-policy >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: policycoreutils >= 2.5-11 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.74-1.el7.noarch ---> Package containerd.io.x86_64 0:1.2.4-3.1.el7 will be installed ---> Package docker-ce-cli.x86_64 1:18.09.3-3.el7 will be installed ---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed ---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed --> Running transaction check ---> Package policycoreutils.x86_64 0:2.2.5-20.el7 will be updated ---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update --> Processing Dependency: libsepol >= 2.5-10 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsepol.so.1(LIBSEPOL_1.1)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsepol.so.1(LIBSEPOL_1.0)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage.so.1(LIBSEMANAGE_1.1)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 ---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be installed --> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 ---> Package selinux-policy.noarch 0:3.13.1-60.el7 will be updated ---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.9 will be an update ---> Package selinux-policy-targeted.noarch 0:3.13.1-60.el7 will be updated ---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 will be an update --> Running transaction check ---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed --> Processing Dependency: audit-libs(x86-64) = 2.8.4-4.el7 for package: audit-libs-python-2.8.4-4.el7.x86_64 ---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed ---> Package libselinux-utils.x86_64 0:2.2.2-6.el7 will be updated ---> Package libselinux-utils.x86_64 0:2.5-14.1.el7 will be an update --> Processing Dependency: libselinux(x86-64) = 2.5-14.1.el7 for package: libselinux-utils-2.5-14.1.el7.x86_64 ---> Package libsemanage.x86_64 0:2.1.10-18.el7 will be updated ---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update ---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed ---> Package libsepol.x86_64 0:2.1.9-3.el7 will be updated ---> Package libsepol.x86_64 0:2.5-10.el7 will be an update ---> Package python-IPy.noarch 0:0.75-6.el7 will be installed ---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed --> Running transaction check ---> Package audit-libs.x86_64 0:2.4.1-5.el7 will be updated --> Processing Dependency: audit-libs = 2.4.1-5.el7 for package: audit-2.4.1-5.el7.x86_64 ---> Package audit-libs.x86_64 0:2.8.4-4.el7 will be an update ---> Package libselinux.x86_64 0:2.2.2-6.el7 will be updated --> Processing Dependency: libselinux = 2.2.2-6.el7 for package: libselinux-python-2.2.2-6.el7.x86_64 ---> Package libselinux.x86_64 0:2.5-14.1.el7 will be an update --> Running transaction check ---> Package audit.x86_64 0:2.4.1-5.el7 will be updated ---> Package audit.x86_64 0:2.8.4-4.el7 will be an update ---> Package libselinux-python.x86_64 0:2.2.2-6.el7 will be updated ---> Package libselinux-python.x86_64 0:2.5-14.1.el7 will be an update --> Processing Conflict: libselinux-2.5-14.1.el7.x86_64 conflicts systemd < 219-20 --> Restarting Dependency Resolution with new changes. --> Running transaction check ---> Package systemd.x86_64 0:219-19.el7 will be updated --> Processing Dependency: systemd = 219-19.el7 for package: systemd-sysv-219-19.el7.x86_64 ---> Package systemd.x86_64 0:219-62.el7_6.5 will be an update --> Processing Dependency: systemd-libs = 219-62.el7_6.5 for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Running transaction check ---> Package cryptsetup-libs.x86_64 0:1.6.7-1.el7 will be updated ---> Package cryptsetup-libs.x86_64 0:2.0.3-3.el7 will be an update ---> Package lz4.x86_64 0:1.7.5-2.el7 will be installed ---> Package systemd-libs.x86_64 0:219-19.el7 will be updated --> Processing Dependency: systemd-libs = 219-19.el7 for package: libgudev1-219-19.el7.x86_64 ---> Package systemd-libs.x86_64 0:219-62.el7_6.5 will be an update ---> Package systemd-sysv.x86_64 0:219-19.el7 will be updated ---> Package systemd-sysv.x86_64 0:219-62.el7_6.5 will be an update --> Running transaction check ---> Package libgudev1.x86_64 0:219-19.el7 will be updated ---> Package libgudev1.x86_64 0:219-62.el7_6.5 will be an update --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================================================================================================== Installing: docker-ce x86_64 3:18.09.3-3.el7 docker-ce-stable 19 M Updating: systemd x86_64 219-62.el7_6.5 updates 5.1 M Installing for dependencies: audit-libs-python x86_64 2.8.4-4.el7 base 76 k checkpolicy x86_64 2.5-8.el7 base 295 k container-selinux noarch 2:2.74-1.el7 extras 38 k containerd.io x86_64 1.2.4-3.1.el7 docker-ce-stable 22 M docker-ce-cli x86_64 1:18.09.3-3.el7 docker-ce-stable 14 M libcgroup x86_64 0.41-20.el7 base 66 k libseccomp x86_64 2.3.1-3.el7 base 56 k libsemanage-python x86_64 2.5-14.el7 base 113 k lz4 x86_64 1.7.5-2.el7 base 98 k policycoreutils-python x86_64 2.5-29.el7_6.1 updates 456 k python-IPy noarch 0.75-6.el7 base 32 k setools-libs x86_64 3.3.8-4.el7 base 620 k Updating for dependencies: audit x86_64 2.8.4-4.el7 base 250 k audit-libs x86_64 2.8.4-4.el7 base 100 k cryptsetup-libs x86_64 2.0.3-3.el7 base 338 k libgudev1 x86_64 219-62.el7_6.5 updates 96 k libselinux x86_64 2.5-14.1.el7 base 162 k libselinux-python x86_64 2.5-14.1.el7 base 235 k libselinux-utils x86_64 2.5-14.1.el7 base 151 k libsemanage x86_64 2.5-14.el7 base 151 k libsepol x86_64 2.5-10.el7 base 297 k policycoreutils x86_64 2.5-29.el7_6.1 updates 916 k selinux-policy noarch 3.13.1-229.el7_6.9 updates 483 k selinux-policy-targeted noarch 3.13.1-229.el7_6.9 updates 6.9 M systemd-libs x86_64 219-62.el7_6.5 updates 407 k systemd-sysv x86_64 219-62.el7_6.5 updates 84 k Transaction Summary ========================================================================================================================================================================================================================== Install 1 Package (+12 Dependent packages) Upgrade 1 Package (+14 Dependent packages) Total download size: 72 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/28): audit-libs-python-2.8.4-4.el7.x86_64.rpm | 76 kB 00:00:00 (2/28): audit-libs-2.8.4-4.el7.x86_64.rpm | 100 kB 00:00:00 (3/28): container-selinux-2.74-1.el7.noarch.rpm | 38 kB 00:00:00 (4/28): audit-2.8.4-4.el7.x86_64.rpm | 250 kB 00:00:00 (5/28): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00 (6/28): cryptsetup-libs-2.0.3-3.el7.x86_64.rpm | 338 kB 00:00:00 warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-18.09.3-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY ] 4.4 MB/s | 38 MB 00:00:07 ETA Public key for docker-ce-18.09.3-3.el7.x86_64.rpm is not installed (7/28): docker-ce-18.09.3-3.el7.x86_64.rpm | 19 MB 00:00:07 (8/28): libseccomp-2.3.1-3.el7.x86_64.rpm | 56 kB 00:00:00 (9/28): libselinux-2.5-14.1.el7.x86_64.rpm | 162 kB 00:00:00 (10/28): libcgroup-0.41-20.el7.x86_64.rpm | 66 kB 00:00:00 (11/28): libgudev1-219-62.el7_6.5.x86_64.rpm | 96 kB 00:00:00 (12/28): libselinux-utils-2.5-14.1.el7.x86_64.rpm | 151 kB 00:00:00 (13/28): libselinux-python-2.5-14.1.el7.x86_64.rpm | 235 kB 00:00:00 (14/28): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00 (15/28): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00 (16/28): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00 (17/28): lz4-1.7.5-2.el7.x86_64.rpm | 98 kB 00:00:00 (18/28): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00 (19/28): containerd.io-1.2.4-3.1.el7.x86_64.rpm | 22 MB 00:00:08 (20/28): policycoreutils-2.5-29.el7_6.1.x86_64.rpm | 916 kB 00:00:00 (21/28): selinux-policy-3.13.1-229.el7_6.9.noarch.rpm | 483 kB 00:00:00 (22/28): policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm | 456 kB 00:00:00 setools-libs-3.3.8-4.el7.x86_6 FAILED http://mirrors.aliyun.com/centos/7.6.1810/os/x86_64/Packages/setools-libs-3.3.8-4.el7.x86_64.rpm: [Errno 14] curl#18 - "transfer closed with 110896 bytes remaining to read" ] 4.9 MB/s | 47 MB 00:00:05 ETA Trying other mirror. (23/28): systemd-libs-219-62.el7_6.5.x86_64.rpm | 407 kB 00:00:00 (24/28): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00 (25/28): systemd-219-62.el7_6.5.x86_64.rpm | 5.1 MB 00:00:02 (26/28): systemd-sysv-219-62.el7_6.5.x86_64.rpm | 84 kB 00:00:02 (27/28): docker-ce-cli-18.09.3-3.el7.x86_64.rpm | 14 MB 00:00:05 (28/28): selinux-policy-targeted-3.13.1-229.el7_6.9.noarch.rpm | 6.9 MB 00:00:06 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 4.6 MB/s | 72 MB 00:00:15 Retrieving key from https://mirrors.aliyun.com/docker-ce/linux/centos/gpg Importing GPG key 0x621E9F35: Userid : "Docker Release (CE rpm) <docker@docker.com>" Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35 From : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : libsepol-2.5-10.el7.x86_64 1/43 Updating : libselinux-2.5-14.1.el7.x86_64 2/43 Updating : audit-libs-2.8.4-4.el7.x86_64 3/43 Updating : libsemanage-2.5-14.el7.x86_64 4/43 Updating : libselinux-utils-2.5-14.1.el7.x86_64 5/43 Updating : policycoreutils-2.5-29.el7_6.1.x86_64 6/43 Updating : selinux-policy-3.13.1-229.el7_6.9.noarch 7/43 Installing : lz4-1.7.5-2.el7.x86_64 8/43 Updating : systemd-libs-219-62.el7_6.5.x86_64 9/43 Updating : selinux-policy-targeted-3.13.1-229.el7_6.9.noarch 10/43 Installing : libsemanage-python-2.5-14.el7.x86_64 11/43 Installing : audit-libs-python-2.8.4-4.el7.x86_64 12/43 Installing : setools-libs-3.3.8-4.el7.x86_64 13/43 Updating : libselinux-python-2.5-14.1.el7.x86_64 14/43 Installing : 1:docker-ce-cli-18.09.3-3.el7.x86_64 15/43 Installing : checkpolicy-2.5-8.el7.x86_64 16/43 Installing : python-IPy-0.75-6.el7.noarch 17/43 Updating : cryptsetup-libs-2.0.3-3.el7.x86_64 18/43 Updating : systemd-219-62.el7_6.5.x86_64 19/43 Installing : libcgroup-0.41-20.el7.x86_64 20/43 Installing : policycoreutils-python-2.5-29.el7_6.1.x86_64 21/43 Installing : 2:container-selinux-2.74-1.el7.noarch 22/43 Updating : systemd-sysv-219-62.el7_6.5.x86_64 23/43 Installing : containerd.io-1.2.4-3.1.el7.x86_64 24/43 Installing : libseccomp-2.3.1-3.el7.x86_64 25/43 Installing : 3:docker-ce-18.09.3-3.el7.x86_64 26/43 Updating : audit-2.8.4-4.el7.x86_64 27/43 Updating : libgudev1-219-62.el7_6.5.x86_64 28/43 Cleanup : audit-2.4.1-5.el7.x86_64 29/43 Cleanup : selinux-policy-targeted-3.13.1-60.el7.noarch 30/43 Cleanup : selinux-policy-3.13.1-60.el7.noarch 31/43 Cleanup : systemd-sysv-219-19.el7.x86_64 32/43 Cleanup : policycoreutils-2.2.5-20.el7.x86_64 33/43 Cleanup : systemd-219-19.el7.x86_64 34/43 Cleanup : libsemanage-2.1.10-18.el7.x86_64 35/43 Cleanup : libselinux-utils-2.2.2-6.el7.x86_64 36/43 Cleanup : libselinux-python-2.2.2-6.el7.x86_64 37/43 Cleanup : libgudev1-219-19.el7.x86_64 38/43 Cleanup : systemd-libs-219-19.el7.x86_64 39/43 Cleanup : libselinux-2.2.2-6.el7.x86_64 40/43 Cleanup : libsepol-2.1.9-3.el7.x86_64 41/43 Cleanup : audit-libs-2.4.1-5.el7.x86_64 42/43 Cleanup : cryptsetup-libs-1.6.7-1.el7.x86_64 43/43 Verifying : libcgroup-0.41-20.el7.x86_64 1/43 Verifying : libseccomp-2.3.1-3.el7.x86_64 2/43 Verifying : 2:container-selinux-2.74-1.el7.noarch 3/43 Verifying : policycoreutils-2.5-29.el7_6.1.x86_64 4/43 Verifying : cryptsetup-libs-2.0.3-3.el7.x86_64 5/43 Verifying : audit-libs-2.8.4-4.el7.x86_64 6/43 Verifying : audit-2.8.4-4.el7.x86_64 7/43 Verifying : python-IPy-0.75-6.el7.noarch 8/43 Verifying : setools-libs-3.3.8-4.el7.x86_64 9/43 Verifying : systemd-219-62.el7_6.5.x86_64 10/43 Verifying : policycoreutils-python-2.5-29.el7_6.1.x86_64 11/43 Verifying : libgudev1-219-62.el7_6.5.x86_64 12/43 Verifying : systemd-libs-219-62.el7_6.5.x86_64 13/43 Verifying : libsemanage-python-2.5-14.el7.x86_64 14/43 Verifying : selinux-policy-3.13.1-229.el7_6.9.noarch 15/43 Verifying : libsemanage-2.5-14.el7.x86_64 16/43 Verifying : selinux-policy-targeted-3.13.1-229.el7_6.9.noarch 17/43 Verifying : lz4-1.7.5-2.el7.x86_64 18/43 Verifying : libsepol-2.5-10.el7.x86_64 19/43 Verifying : checkpolicy-2.5-8.el7.x86_64 20/43 Verifying : systemd-sysv-219-62.el7_6.5.x86_64 21/43 Verifying : libselinux-python-2.5-14.1.el7.x86_64 22/43 Verifying : audit-libs-python-2.8.4-4.el7.x86_64 23/43 Verifying : libselinux-utils-2.5-14.1.el7.x86_64 24/43 Verifying : 1:docker-ce-cli-18.09.3-3.el7.x86_64 25/43 Verifying : libselinux-2.5-14.1.el7.x86_64 26/43 Verifying : 3:docker-ce-18.09.3-3.el7.x86_64 27/43 Verifying : containerd.io-1.2.4-3.1.el7.x86_64 28/43 Verifying : systemd-sysv-219-19.el7.x86_64 29/43 Verifying : selinux-policy-targeted-3.13.1-60.el7.noarch 30/43 Verifying : libsemanage-2.1.10-18.el7.x86_64 31/43 Verifying : libgudev1-219-19.el7.x86_64 32/43 Verifying : systemd-219-19.el7.x86_64 33/43 Verifying : selinux-policy-3.13.1-60.el7.noarch 34/43 Verifying : systemd-libs-219-19.el7.x86_64 35/43 Verifying : libselinux-utils-2.2.2-6.el7.x86_64 36/43 Verifying : cryptsetup-libs-1.6.7-1.el7.x86_64 37/43 Verifying : libsepol-2.1.9-3.el7.x86_64 38/43 Verifying : libselinux-python-2.2.2-6.el7.x86_64 39/43 Verifying : audit-libs-2.4.1-5.el7.x86_64 40/43 Verifying : policycoreutils-2.2.5-20.el7.x86_64 41/43 Verifying : audit-2.4.1-5.el7.x86_64 42/43 Verifying : libselinux-2.2.2-6.el7.x86_64 43/43 Installed: docker-ce.x86_64 3:18.09.3-3.el7 Dependency Installed: audit-libs-python.x86_64 0:2.8.4-4.el7 checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.74-1.el7 containerd.io.x86_64 0:1.2.4-3.1.el7 docker-ce-cli.x86_64 1:18.09.3-3.el7 libcgroup.x86_64 0:0.41-20.el7 libseccomp.x86_64 0:2.3.1-3.el7 libsemanage-python.x86_64 0:2.5-14.el7 lz4.x86_64 0:1.7.5-2.el7 policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7 Updated: systemd.x86_64 0:219-62.el7_6.5 Dependency Updated: audit.x86_64 0:2.8.4-4.el7 audit-libs.x86_64 0:2.8.4-4.el7 cryptsetup-libs.x86_64 0:2.0.3-3.el7 libgudev1.x86_64 0:219-62.el7_6.5 libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7 libselinux-utils.x86_64 0:2.5-14.1.el7 libsemanage.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7 policycoreutils.x86_64 0:2.5-29.el7_6.1 selinux-policy.noarch 0:3.13.1-229.el7_6.9 selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 systemd-libs.x86_64 0:219-62.el7_6.5 systemd-sysv.x86_64 0:219-62.el7_6.5 Complete! [root@node101.yinzhengjie.org.cn ~]#
4>.使用案例的鏡像加速器(須要登陸阿里雲帳號)
5>.Docker 中國官方鏡像加速(不須要登陸)
除了使用阿里雲帳號的加速器,我們還可使用 其餘的加速方式:https://www.docker-cn.com/registry-mirror。
6>.啓動docker
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# mkdir /etc/docker [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# vi /etc/docker/daemon.json [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"] } [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# systemctl start docker [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker Usage: docker [OPTIONS] COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/root/.docker") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: builder Manage builds config Manage Docker configs container Manage containers engine Manage the docker engine image Manage images network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes Run 'docker COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
7>.查看docker信息
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker version Client: Version: 18.09.3 API version: 1.39 Go version: go1.10.8 Git commit: 774a1f4 Built: Thu Feb 28 06:33:21 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 18.09.3 API version: 1.39 (minimum version 1.12) Go version: go1.10.8 Git commit: 774a1f4 Built: Thu Feb 28 06:02:24 2019 OS/Arch: linux/amd64 Experimental: false [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.09.3 Storage Driver: devicemapper Pool Name: docker-8:3-134564763-pool Pool Blocksize: 65.54kB Base Device Size: 10.74GB Backing Filesystem: xfs Udev Sync Supported: true Data file: /dev/loop0 Metadata file: /dev/loop1 Data loop file: /var/lib/docker/devicemapper/devicemapper/data Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 11.8MB Data Space Total: 107.4GB Data Space Available: 49.96GB Metadata Space Used: 581.6kB Metadata Space Total: 2.147GB Metadata Space Available: 2.147GB Thin Pool Minimum Free Space: 10.74GB Deferred Removal Enabled: true Deferred Deletion Enabled: true Deferred Deleted Device Count: 0 Library Version: 1.02.107-RHEL7 (2015-10-14) Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: e6b3f5632f50dbc4e9cb6288d911bf4f5e95b18e runc version: 6635b4f0c6af3810594d2770f662f34ddc15b40d init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-327.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.688GiB Name: node101.yinzhengjie.org.cn ID: BHP7:OYDA:JWKP:ALPE:E7PX:RVJV:HHXC:JIJ6:IOCV:AWMK:LQFI:7IYH Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://tuv7rqqq.mirror.aliyuncs.com/ Live Restore Enabled: false Product License: Community Engine WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release. WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. [root@node101.yinzhengjie.org.cn ~]#
六.Docker的經常使用操做
1>.查看命令的幫助信息
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image --help Usage: docker image COMMAND Manage images Commands: build Build an image from a Dockerfile history Show the history of an image import Import the contents from a tarball to create a filesystem image inspect Display detailed information on one or more images load Load an image from a tar archive or STDIN ls List images prune Remove unused images pull Pull an image or a repository from a registry push Push an image or a repository to a registry rm Remove one or more images save Save one or more images to a tar archive (streamed to STDOUT by default) tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE Run 'docker image COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker container --help Usage: docker container COMMAND Manage containers Commands: attach Attach local standard input, output, and error streams to a running container commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem exec Run a command in a running container export Export a container's filesystem as a tar archive inspect Display detailed information on one or more containers kill Kill one or more running containers logs Fetch the logs of a container ls List containers pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container prune Remove all stopped containers rename Rename a container restart Restart one or more containers rm Remove one or more containers run Run a command in a new container start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers wait Block until one or more containers stop, then print their exit codes Run 'docker container COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
2>.docker event state
3>.獲取docker鏡像-redis(docker官方的鏡像下載地址:https://hub.docker.com/)
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker search redis NAME DESCRIPTION STARS OFFICIAL AUTOMATED redis Redis is an open source key-value store that… 6677 [OK] bitnami/redis Bitnami Redis Docker Image 107 [OK] sameersbn/redis 76 [OK] grokzen/redis-cluster Redis cluster 3.0, 3.2, 4.0 & 5.0 44 hypriot/rpi-redis Raspberry Pi compatible redis image 33 kubeguide/redis-master redis-master with "Hello World!" 28 rediscommander/redis-commander Alpine image for redis-commander - Redis man… 21 [OK] redislabs/redis Clustered in-memory database engine compatib… 19 redislabs/redisearch Redis With the RedisSearch module pre-loaded… 15 arm32v7/redis Redis is an open source key-value store that… 14 oliver006/redis_exporter Prometheus Exporter for Redis Metrics. Supp… 10 webhippie/redis Docker images for Redis 10 [OK] insready/redis-stat Docker image for the real-time Redis monitor… 7 [OK] s7anley/redis-sentinel-docker Redis Sentinel 7 [OK] rtoma/logspout-redis-logstash Logspout including Redis adapter for sending… 5 arm64v8/redis Redis is an open source key-value store that… 5 centos/redis-32-centos7 Redis in-memory data structure store, used a… 4 redislabs/redisgraph A graph database module for Redis 4 [OK] wodby/redis Redis container image with orchestration 2 [OK] frodenas/redis A Docker Image for Redis 2 [OK] circleci/redis CircleCI images for Redis 2 [OK] tiredofit/redis Redis Server w/ Zabbix monitoring and S6 Ove… 1 [OK] cflondonservices/redis Docker image for running redis 0 xetamus/redis-resource forked redis-resource 0 [OK] iadvize/redis 0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker pull redis:4-alpine 4-alpine: Pulling from library/redis 8e402f1a9c57: Pull complete 4c2113a1bbc9: Pull complete a4b5ad98d179: Pull complete 41457a7cc0c5: Pull complete f987c6e1a2b3: Pull complete 2a3ef38f1fd4: Pull complete Digest: sha256:7a543f606ea3e055a18ccbda719fb1e04f6922078f733cb39863619983e05031 Status: Downloaded newer image for redis:4-alpine [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE redis 4-alpine adbfeec2927e 3 days ago 36.2MB [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE redis 4-alpine adbfeec2927e 3 days ago 36.2MB [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image inspect redis:4-alpine [ { "Id": "sha256:adbfeec2927ea132da957bac11f683ae695bbcbf65afc9d60020f9d1ad95668a", "RepoTags": [ "redis:4-alpine" ], "RepoDigests": [ "redis@sha256:7a543f606ea3e055a18ccbda719fb1e04f6922078f733cb39863619983e05031" ], "Parent": "", "Comment": "", "Created": "2019-03-19T21:38:25.77087877Z", "Container": "b6c63fa16c4cbd45cf0e3c1d96845cf4316b7c43fdcadf22617c7fc60f365e3f", "ContainerConfig": { "Hostname": "b6c63fa16c4c", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ "/bin/sh", "-c", "#(nop) ", "CMD [\"redis-server\"]" ], "ArgsEscaped": true, "Image": "sha256:44db1a08fc16d4dfbf4519cbd8d0ca0a33cd3871d0e92ba8c74bf177f356e889", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": {} }, "DockerVersion": "18.06.1-ce", "Author": "", "Config": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ "redis-server" ], "ArgsEscaped": true, "Image": "sha256:44db1a08fc16d4dfbf4519cbd8d0ca0a33cd3871d0e92ba8c74bf177f356e889", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": null }, "Architecture": "amd64", "Os": "linux", "Size": 36192469, "VirtualSize": 36192469, "GraphDriver": { "Data": { "DeviceId": "7", "DeviceName": "docker-8:3-134564763-f6b941f961280569e170c2ba9ebe9ec5d849609596eb865fdf58d14282279955", "DeviceSize": "10737418240" }, "Name": "devicemapper" }, "RootFS": { "Type": "layers", "Layers": [ "sha256:bcf2f368fe234217249e00ad9d762d8f1a3156d60c442ed92079fa5b120634a1", "sha256:53b9ee4aa890cdf6fb54072145bc91e6e9f75aa37f49eeef7e177503449f4124", "sha256:abd36062f9fec1abd0b1a104476b3700763a9fdf6ea8ddc18687dea0609bb864", "sha256:f55d74f1440715c06b12175fc1afbfa9e872d3b9cceb4194e3f13640b8aef100", "sha256:8e10865a11e52a9812472898d45d46a151c71aef4aa20e361d1ce92790891056", "sha256:84b5f025422880a5dbb6536ef9053cfa515e09fb46bd6bf3b92c8e6f29fcdaf2" ] }, "Metadata": { "LastTagTime": "0001-01-01T00:00:00Z" } } ] [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
4>.啓獲取docker鏡像-CentOS
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker container run --help Usage: docker container run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container Options: --add-host list Add a custom host-to-IP mapping (host:ip) -a, --attach list Attach to STDIN, STDOUT or STDERR --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) --blkio-weight-device list Block IO weight (relative device weight) (default []) --cap-add list Add Linux capabilities --cap-drop list Drop Linux capabilities --cgroup-parent string Optional parent cgroup for the container --cidfile string Write the container ID to the file --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota --cpu-rt-period int Limit CPU real-time period in microseconds --cpu-rt-runtime int Limit CPU real-time runtime in microseconds -c, --cpu-shares int CPU shares (relative weight) --cpus decimal Number of CPUs --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) -d, --detach Run container in background and print container ID --detach-keys string Override the key sequence for detaching a container --device list Add a host device to the container --device-cgroup-rule list Add a rule to the cgroup allowed devices list --device-read-bps list Limit read rate (bytes per second) from a device (default []) --device-read-iops list Limit read rate (IO per second) from a device (default []) --device-write-bps list Limit write rate (bytes per second) to a device (default []) --device-write-iops list Limit write rate (IO per second) to a device (default []) --disable-content-trust Skip image verification (default true) --dns list Set custom DNS servers --dns-option list Set DNS options --dns-search list Set custom DNS search domains --entrypoint string Overwrite the default ENTRYPOINT of the image -e, --env list Set environment variables --env-file list Read in a file of environment variables --expose list Expose a port or a range of ports --group-add list Add additional groups to join --health-cmd string Command to run to check health --health-interval duration Time between running the check (ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy --health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) --health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name --init Run an init inside the container that forwards signals and reaps processes -i, --interactive Keep STDIN open even if not attached --ip string IPv4 address (e.g., 172.30.100.104) --ip6 string IPv6 address (e.g., 2001:db8::33) --ipc string IPC mode to use --isolation string Container isolation technology --kernel-memory bytes Kernel memory limit -l, --label list Set meta data on a container --label-file list Read in a line delimited file of labels --link list Add link to another container --link-local-ip list Container IPv4/IPv6 link-local addresses --log-driver string Logging driver for the container --log-opt list Log driver options --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory bytes Memory limit --memory-reservation bytes Memory soft limit --memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) --mount mount Attach a filesystem mount to the container --name string Assign a name to the container --network string Connect a container to a network (default "default") --network-alias list Add network-scoped alias for the container --no-healthcheck Disable any container-specified HEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) --pid string PID namespace to use --pids-limit int Tune container pids limit (set -1 for unlimited) --privileged Give extended privileges to this container -p, --publish list Publish a container's port(s) to the host -P, --publish-all Publish all exposed ports to random ports --read-only Mount the container's root filesystem as read only --restart string Restart policy to apply when a container exits (default "no") --rm Automatically remove the container when it exits --runtime string Runtime to use for this container --security-opt list Security Options --shm-size bytes Size of /dev/shm --sig-proxy Proxy received signals to the process (default true) --stop-signal string Signal to stop a container (default "SIGTERM") --stop-timeout int Timeout (in seconds) to stop a container --storage-opt list Storage driver options for the container --sysctl map Sysctl options (default map[]) --tmpfs list Mount a tmpfs directory -t, --tty Allocate a pseudo-TTY --ulimit ulimit Ulimit options (default []) -u, --user string Username or UID (format: <name|uid>[:<group|gid>]) --userns string User namespace to use --uts string UTS namespace to use -v, --volume list Bind mount a volume --volume-driver string Optional volume driver for the container --volumes-from list Mount volumes from the specified container(s) -w, --workdir string Working directory inside the container [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image pull centos:7 7: Pulling from library/centos 8ba884070f61: Pull complete Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861 Status: Downloaded newer image for centos:7 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker run -it --name test-centos7 centos:7 /bin/bash docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:293: copying bootstrap data to pipe caused \"write init-p: broken pipe\"": unknown. [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# docker run -it --name test centos:7 /bin/bash [root@d833df2d9ded /]# [root@d833df2d9ded /]# hostname d833df2d9ded [root@d833df2d9ded /]# [root@d833df2d9ded /]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@d833df2d9ded /]# [root@d833df2d9ded /]# exit exit [root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node101.yinzhengjie.org.cn ~/Downloads]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker run -it --name test centos:7 /bin/bash [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# yum -y install net-tools Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.nwsuaf.edu.cn * extras: mirrors.nwsuaf.edu.cn * updates: mirrors.nwsuaf.edu.cn base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/4): base/7/x86_64/primary_db | 6.0 MB 00:00:00 (2/4): extras/7/x86_64/primary_db | 187 kB 00:00:04 (3/4): base/7/x86_64/group_gz | 166 kB 00:00:06 (4/4): updates/7/x86_64/primary_db | 3.4 MB 00:01:30 Resolving Dependencies --> Running transaction check ---> Package net-tools.x86_64 0:2.0-0.24.20131004git.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================= Installing: net-tools x86_64 2.0-0.24.20131004git.el7 base 306 k Transaction Summary ============================================================================================================================================================================= Install 1 Package Total download size: 306 k Installed size: 918 k Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.24.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for net-tools-2.0-0.24.20131004git.el7.x86_64.rpm is not installed net-tools-2.0-0.24.20131004git.el7.x86_64.rpm | 306 kB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-6.1810.2.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Verifying : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Installed: net-tools.x86_64 0:2.0-0.24.20131004git.el7 Complete! [root@d7a717a5f2fd /]#
[root@d7a717a5f2fd /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) RX packets 3175 bytes 10682718 (10.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3174 bytes 174670 (170.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# exit exit [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:c5:a1:05:86 txqueuelen 0 (Ethernet) RX packets 3179 bytes 130434 (127.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3175 bytes 10682718 (10.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 00:0c:29:fe:9b:ef txqueuelen 1000 (Ethernet) RX packets 148755 bytes 181214006 (172.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 48024 bytes 3569703 (3.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 64 bytes 5792 (5.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 64 bytes 5792 (5.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 54 packets, 3711 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 2 packets, 464 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 79 packets, 5930 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 79 packets, 5930 bytes) pkts bytes target prot opt in out source destination 52 3247 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# iptables -t filter -vnL Chain INPUT (policy ACCEPT 26257 packets, 98M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5751 9807K DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0 5751 9807K DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0 2885 9689K ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 2866 118K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 25740 packets, 1159K bytes) pkts bytes target prot opt in out source destination Chain DOCKER (1 references) pkts bytes target prot opt in out source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 2866 118K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 5751 9807K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0 2866 118K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 5751 9807K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
5>.查看docker容器的運行狀態
[root@node101.yinzhengjie.org.cn ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" 12 seconds ago Up 10 seconds test2 d7a717a5f2fd centos:7 "/bin/bash" 7 minutes ago Exited (127) 5 minutes ago test [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# docker container ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" 55 seconds ago Up 54 seconds test2 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" About a minute ago Up About a minute test2 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
相關文章
- 1. 01 docker容器技術基礎入門
- 2. Docker容器技術基礎入門
- 3. 容器技術之Docker基礎入門
- 4. 01-docker容器技術基礎入門
- 5. 1.docker容器技術基礎入門
- 6. docker容器技術基礎入門
- 7. docker第一篇 容器技術入門
- 8. docker容器技術基礎
- 9. 容器技術-入門篇
- 10. 【個人Linux,我作主!】Docker容器技術基礎入門
- 更多相關文章...
- • Docker 容器連接 - Docker教程
- • Docker 容器使用 - Docker教程
- • Docker容器實戰(一) - 封神Server端技術
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 01 docker容器技術基礎入門
- 2. Docker容器技術基礎入門
- 3. 容器技術之Docker基礎入門
- 4. 01-docker容器技術基礎入門
- 5. 1.docker容器技術基礎入門
- 6. docker容器技術基礎入門
- 7. docker第一篇 容器技術入門
- 8. docker容器技術基礎
- 9. 容器技術-入門篇
- 10. 【個人Linux,我作主!】Docker容器技術基礎入門