Docker的安装与使用

一、概述

1.概念

容器是隔离环境中运行的一个进程;如果进程结束,容器会自动停止。容器的隔离环境拥有独立的IP地址、系统文件、主机名和进程。

程序:代码或命令的集合
进程:正在运行的程序

2.容器和虚拟化的区别

虚拟机

  • 需要硬件CPU支持(VT虚拟化)
  • 模拟计算机硬件
  • 模拟开机启动流程
启动流程
BIOS自检 -> BIOS启动菜单选取启动项 -> 读取硬盘初始扇区(GRUB/UEFI) -> 加载系统内核(硬件初始化) -> 启动系统初始进程

容器

  • 不需要硬件CPU支持
  • 共用宿主机内核(无需模拟开机启动流程)

3.容器优势

  • 启动快(秒级启动)
  • 性能高
  • 性能损耗少
  • 程序轻量级

    二、Docker-CE基础

Docker是一款基于软件打包技术,使用Go语言开发的C/S架构程序

软件数据目录:/var/lib/docker

1.安装

docker安装指南

step 0 配置环境

若系统之前安装过docker,需先删除docker程序

yum remove docker docker-common docker-selinux docker-engine

安装依赖程序

yum install -y yum-utils device-mapper-persistent-data lvm2

step 1 下载并安装docker

wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo #指定Docker安装文件
sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo #修改官方安装源至清华安装源
yum install docker-ce #安装Docker
[root@docker01 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
--2020-04-07 16:45:25--  https://download.docker.com/linux/centos/docker-ce.repo
Resolving download.docker.com (download.docker.com)... 13.249.171.6, 13.249.171.37, 13.249.171.64, ...
Connecting to download.docker.com (download.docker.com)|13.249.171.6|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2424 (2.4K) [binary/octet-stream]
Saving to: ‘/etc/yum.repos.d/docker-ce.repo’

100%[=================================================>] 2,424       --.-K/s   in 0s      

2020-04-07 16:45:25 (152 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [2424/2424]

[root@docker01 ~]# sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
[root@docker01 ~]# yum install -y docker-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
......
Dependency Updated:
  audit.x86_64 0:2.8.5-4.el7                     audit-libs.x86_64 0:2.8.5-4.el7           
  policycoreutils.x86_64 0:2.5-33.el7           

Complete!
[root@docker01 ~]# docker version 
Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b
 Built:             Wed Mar 11 01:27:04 2020
 OS/Arch:           linux/amd64
 Experimental:      false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

step 2 启动Docker

systemctl start docker
[root@docker01 ~]# systemctl start docker

step 3 验证

docker version
[root@docker01 ~]# docker version
Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b
 Built:             Wed Mar 11 01:27:04 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b
  Built:            Wed Mar 11 01:25:42 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683 

2.基础命令

镜像相关

Docker官方仓库

  • 搜索镜像(从官方仓库检索)
docker search 关键字

镜像选择原则:官方镜像 > stars数量较高镜像

[root@docker01 ~]# docker search nginx| head -5
NAME                               DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
nginx                              Official build of Nginx.                        12968               [OK]                
jwilder/nginx-proxy                Automated Nginx reverse proxy for docker con…   1772                                    [OK]
richarvey/nginx-php-fpm            Container running Nginx + PHP-FPM capable of…   764                                     [OK]
linuxserver/nginx                  An Nginx container, brought to you by LinuxS…   104                                     
  • 拉取/上传镜像
docker pull 镜像名称:版本 #从官方仓库拉取指定镜像
若不指定版本,默认使用最新版本
docker pull 仓库链接/镜像名称:版本 #从第三方仓库拉取指定镜像
docker push 仓库链接/镜像名称:版本 #推送镜像(上传镜像)
向官方仓库推送镜像,需要登录官方仓库;
[root@docker01 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
c499e6d256d6: Pull complete 
74cda408e262: Pull complete 
ffadbd415ab7: Pull complete 
Digest: sha256:282530fcb7cd19f3848c7b611043f82ae4be3781cb00105a1d593d7e6286b596
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
  • 导入/导出镜像

镜像的导入会自动解压缩镜像文件,镜像的导出会自动压缩镜像

docker load -i 镜像文件 #导入镜像文件
docker image import 镜像文件 #导入镜像文件(不导入镜像的名称和版本)
docker save 镜像名称:版本 -o 导出文件名称 #导出镜像文件
[root@docker01 ~]# docker load -i images/docker_alpine.tar.gz 
1bfeebd65323: Loading layer  5.844MB/5.844MB
Loaded image: alpine:latest
[root@docker01 ~/images]# docker import docker_alpine.tar.gz 
sha256:60a97f31fff274bbfa7178cb9151267d2258e71d36c628a70e60e956b9a56a1d
[root@docker01 ~/images]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
<none>              <none>              60a97f31fff2        6 seconds ago       5.85MB
nginx               latest              ed21b7a8aee9        13 days ago         127MB
alpine              latest              b7b28af77ffe        9 months ago        5.58MB
#批量导入镜像
[root@docker01 ~]# cat docker_image.sh 
#!/bin/bash
for i in docker_centos6.9.tar.gz docker_k8s_dns.tar.gz docker-mysql-5.7.tar.gz docker_busybox.tar.gz docker_centos7.tar.gz docker_monitor_node.tar.gz docker_nginx.tar.gz
do
  docker load -i  images/${i};
done
echo "Finish Loading."

[root@docker01 ~]# sh docker_image.sh 
b5e11aae8a8e: Loading layer  202.9MB/202.9MB
Loaded image: centos:6.9
8ac8bfaff55a: Loading layer  1.293MB/1.293MB
5f70bf18a086: Loading layer  1.024kB/1.024kB
b79219965469: Loading layer  45.91MB/45.91MB
Loaded image: gcr.io/google_containers/kubedns-amd64:1.9
3fc666989c1d: Loading layer  5.046MB/5.046MB
5f70bf18a086: Loading layer  1.024kB/1.024kB
9eed5e14d7fb: Loading layer  348.7kB/348.7kB
00dc4ffe8624: Loading layer   2.56kB/2.56kB
Loaded image: gcr.io/google_containers/kube-dnsmasq-amd64:1.4
9007f5987db3: Loading layer   5.05MB/5.05MB
5f70bf18a086: Loading layer  1.024kB/1.024kB
......
[root@docker01 ~]# docker save nginx:latest -o docker_image_nginx:lastest.tar.gz
[root@docker01 ~]# ls
anaconda-ks.cfg  docker_image_nginx:lastest.tar.gz  docker_image.sh  images
[root@docker01 ~]# file docker_image_nginx\:lastest.tar.gz 
docker_image_nginx:lastest.tar.gz: POSIX tar archive
# 将多个镜像导出为一个文件
[root@docker01 ~]# docker save nginx:latest alpine:latest  -o docker_image_test.tar.gz
  • 查看镜像列表

默认按创建时间排序

docker image ls
docker images

--all #显示隐藏镜像
[root@docker01 ~]# docker images | head -5
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
<none>                                           <none>              60a97f31fff2        13 minutes ago      5.85MB
nginx                                            <none>              ed21b7a8aee9        13 days ago         127MB
nginx                                            latest              540a289bab6c        5 months ago        126MB
alpine                                           latest              b7b28af77ffe        9 months ago        5.58MB
[root@docker01 ~]# docker image ls | tail -4
gcr.io/google_containers/dnsmasq-metrics-amd64   1.0                 5271aabced07        3 years ago         14MB
gcr.io/google_containers/kube-dnsmasq-amd64      1.4                 3ec65756a89b        3 years ago         5.13MB
gcr.io/google_containers/exechealthz-amd64       1.2                 93a43bfb39bf        3 years ago         8.37MB
mysql                                            5.7                 b7dc06006192        3 years ago         386MB
  • 删除镜像
docker image rm 镜像名称:版本
docker rmi 镜像名称:版本
[root@docker01 ~]# docker image rm nginx:latest 
Untagged: nginx:latest
Deleted: sha256:540a289bab6cb1bf880086a9b803cf0c4cefe38cbb5cdefa199b69614525199f
Deleted: sha256:ab18af7cee69bfb22c1771e54d5e0e68b1a1bf57bb46516142da0380b1771f4a
Deleted: sha256:02f7daf1e14541cd61a3dda1a61cc0f78fee8de2984d488b8ba5bbd3cbad9b57
Deleted: sha256:b67d19e65ef653823ed62a5835399c610a40e8205c16f839c5cc567954fcf594
[root@docker01 ~]# docker rmi centos:7 
Untagged: centos:7
Deleted: sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1
Deleted: sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854
[root@docker01 ~]# docker rmi 60a97f31fff2
Deleted: sha256:60a97f31fff274bbfa7178cb9151267d2258e71d36c628a70e60e956b9a56a1d
Deleted: sha256:2cb2ead8b08aafc4960438c907a395460e5ab7c6b1fe97a3137737eb025f8c2a

#删除多个镜像
[root@docker01 ~]# docker rmi gcr.io/google_containers/kubedns-amd64:1.9 gcr.io/google_containers/dnsmasq-metrics-amd64:1.0 gcr.io/google_containers/kube-dnsmasq-amd64:1.4 gcr.io/google_containers/exechealthz-amd64:1.2 
Untagged: gcr.io/google_containers/kubedns-amd64:1.9
Deleted: sha256:26cf1ed9b14486b93acd70c060a17fea13620393d3aa8e76036b773197c47a05
Deleted: sha256:7b37313fc7da414986398281f18060298eccc130505a7b57e0bcfb5ea6555554
Untagged: gcr.io/google_containers/dnsmasq-metrics-amd64:1.0
Deleted: sha256:5271aabced07deae353277e2b8bd5b2e30ddb0b4a5884a5940115881ea8753ef
  • 查看镜像属性
docker image inspect 镜像名称:版本
[root@docker01 ~]# docker image inspect alpine:latest | head -5
[
    {
        "Id": "sha256:b7b28af77ffec6054d13378df4fdf02725830086c7444d9c278af25312aa39b9",
        "RepoTags": [
            "alpine:latest"
[root@docker01 ~]# docker inspect alpine:latest | head -5
[
    {
        "Id": "sha256:b7b28af77ffec6054d13378df4fdf02725830086c7444d9c278af25312aa39b9",
        "RepoTags": [
            "alpine:latest"
  • 清理系统无效镜像
docker image prune
[root@docker01 ~]# docker image prune 
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Deleted Images:
untagged: nginx@sha256:282530fcb7cd19f3848c7b611043f82ae4be3781cb00105a1d593d7e6286b596
deleted: sha256:ed21b7a8aee9cc677df6d7f38a641fa0e3c05f65592c592c9f28c42b3dd89291
deleted: sha256:8a305f371a6c3c445a1dfc500c1364743868a269ab8cdaf95902692e82168352
deleted: sha256:d079ef06ec1f10a8050887365f9a940b39547ba6bcc46b16a463e740984f3223
deleted: sha256:c3a984abe8a88059915bb6c7a1d249fd1ccc16d931334ac8816540b0eb686b45

Total reclaimed space: 126.8MB
  • 设置镜像标签
docker image tag 镜像ID 镜像名称:版本
docker tag 镜像ID 镜像名称:版本
[root@docker01 ~]# docker import images/docker_alpine.tar.gz 
sha256:866487acea46ce12b11b3c49d8a71342845c24319cf78ed7338982f913c4cb19
[root@docker01 ~]# docker images | head -2 
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
<none>                                           <none>              866487acea46        14 seconds ago      5.85MB
[root@docker01 ~]# docker tag 866487acea46 aspen:9
[root@docker01 ~]# docker images | head -2 
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
aspen                                            9                   866487acea46        34 seconds ago      5.85MB
  • 查看镜像操作记录
docker image history 镜像:版本
[root@docker01 ~]# docker image history nginx:latest 
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
540a289bab6c        7 months ago        /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemon…   0B               
<missing>           7 months ago        /bin/sh -c #(nop)  STOPSIGNAL SIGTERM           0B               
<missing>           7 months ago        /bin/sh -c #(nop)  EXPOSE 80                    0B               
<missing>           7 months ago        /bin/sh -c ln -sf /dev/stdout /var/log/nginx…   22B             
<missing>           7 months ago        /bin/sh -c set -x     && addgroup --system -…   57MB             
<missing>           7 months ago        /bin/sh -c #(nop)  ENV PKG_RELEASE=1~buster     0B               
<missing>           7 months ago        /bin/sh -c #(nop)  ENV NJS_VERSION=0.3.6        0B               
<missing>           7 months ago        /bin/sh -c #(nop)  ENV NGINX_VERSION=1.17.5     0B               
<missing>           7 months ago        /bin/sh -c #(nop)  LABEL maintainer=NGINX Do…   0B               
<missing>           7 months ago        /bin/sh -c #(nop)  CMD ["bash"]                 0B               
<missing>           7 months ago        /bin/sh -c #(nop) ADD file:74b2987cacab5a6b0…   69.2MB                       5.85MB              Imported from -

容器相关

进程停止,容器结束;因此容器的初始命令必须在前台一直运行(夯住)
容器默认的主机名就是容器本身的容器ID(12位)
[root@docker01 ~]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                      PORTS               NAMES
924b85ecb8bb        centos:6.9          "tail -f /etc/hosts"   17 seconds ago      Up 16 seconds                                   charming_golick
3f5a7884702a        centos:6.9          "/bin/bash"            33 seconds ago      Exited (0) 32 seconds ago                       magical_merkle
  • 创建并启动容器
docker run 镜像名称:版本 初始命令 #创建并启动容器

-d #以守护进程形式运行
-h 主机名 #设置容器主机名
--env "变量名=变量值" #设置环境变量
-p 宿主机端口:容器端口 #设置端口映射
-v 宿主机目录:容器目录 #数据卷挂载
-it #进入容器
--network=网络类型 #指定容器网络类型
--link 容器名称:别名 #与指定容器创建链接
--resart=always #指定该容器伴随docker重启
--workdir 目录 #指定进入容器目录
--name 名称 #指定容器名称

docker create 镜像名称:版本 #创建容器

--name 名称 #指定容器名称

docker start 容器ID #启动容器
docker start 容器名称 #启动容器
docker restart 容器ID #重启容器
docker restart 容器名称 #重启容器

docker run每次都会启动一个新容器,不指定初始命令时,容器使用自定义初始命令运行。
docker run的镜像如果本地不存在,docker会自动从官方仓库拉取指定镜像。
[root@docker01 ~]# docker run -it --name aspenOS centos:6.9 
[root@51610c70bcc3 /]# cat /etc/centos-release 
CentOS release 6.9 (Final)
[root@51610c70bcc3 /]# uname -r
3.10.0-957.el7.x86_64
[root@51610c70bcc3 /]# ps -ef 
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 02:25 pts/0    00:00:00 /bin/bash
root         15      1  0 02:28 pts/0    00:00:00 ps -ef
[root@docker01 ~]# docker run -d -p 81:80 nginx:latest 
5a8ba13a817350c80dd7ef86a9cf15dba7cfb3dbd07145b15d09fdd3364da6c5
[root@docker01 ~]# netstat -lntp | awk NR==5
tcp6       0      0 :::81                   :::*                    LISTEN      9162/docker-proxy
[root@docker01 ~]# docker create --name centOS centos:7
f0213eaf06e8453eabdcab6a560eb642d8d006fbb67cb2d89226bea76dd7b770
[root@docker01 ~]# docker create --name http_server nginx:latest 
16f75214e0c4687ef794e3b7195cebfe340b6a6ece06a63c960a59480c91ae4d
[root@docker01 ~]# docker start http_server
http_server
  • 查看容器列表
docker ps #查看容器列表(默认仅显示运行状态的容器)

-a #查看所有容器
-l #显示最新启动的容器
-q #静默输出容器列表(仅显示容器ID)
--no-trunc #显示全部内容
[root@docker01 ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                NAMES
4616a34c2207        nginx:latest        "nginx -g 'daemon of…"   8 seconds ago        Up 7 seconds        0.0.0.0:81->80/tcp   thirsty_kapitsa
2a5792e47223        nginx:latest        "nginx -g 'daemon of…"   About a minute ago   Up 50 seconds       80/tcp               http_server
[root@docker01 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                NAMES
4616a34c2207        nginx:latest        "nginx -g 'daemon of…"   3 minutes ago       Up 3 minutes               0.0.0.0:81->80/tcp   thirsty_kapitsa
a5581b1649a0        centos:6.9          "/bin/bash"              3 minutes ago       Exited (0) 3 minutes ago                        aspenOS
2a5792e47223        nginx:latest        "nginx -g 'daemon of…"   4 minutes ago       Up 4 minutes               80/tcp               http_server
5239203924a1        centos:7            "/bin/bash"              4 minutes ago       Created                                         centOS
[root@docker01 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
4616a34c2207        nginx:latest        "nginx -g 'daemon of…"   41 seconds ago      Up 40 seconds       0.0.0.0:81->80/tcp   thirsty_kapitsa
[root@docker01 ~]# docker ps -q
4616a34c2207
2a5792e47223
  • 进入容器(仅能进入处于运行状态的容器)
docker exec -it 容器ID 初始命令
docker exec -it 容器名字 初始命令
[root@docker01 ~]# docker exec -it 3f5a7884702a /bin/bash
Error response from daemon: Container 3f5a7884702a631ac9269ed949d243fdcfc4d0203ec11bdb48c29e8117f9e6ea is not running
[root@docker01 ~]# docker exec -it 924b85ecb8bb  /bin/bash
[root@924b85ecb8bb /]# 
  • 停止容器
docker stop 容器ID
docker stop 容器名称
docker kill 容器ID #强制结束容器
docker kill 容器名称 #强制结束容器
[root@docker01 ~]# docker stop 16f75214e0c4
16f75214e0c4
[root@docker01 ~]# docker kill elastic_hofstadter
elastic_hofstadter
  • 删除容器(仅能删除已经退出的容器)
docker rm 容器ID
docker rm 容器名称

-f #强制删除容器(可删除处于运行状态的容器)

docker rm -f $(docker ps -a -q) #清空容器

[root@docker01 ~]# docker rm http_server
http_server
[root@docker01 ~]# docker rm -f `docker ps -a -q`
f0213eaf06e8
5a8ba13a8173
51610c70bcc3
[root@docker01 ~]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
  • 查看容器日志
docker logs 容器ID

-f #跟踪浏览容器日志
 [root@docker01 /opt/docker-compose/zabbix]# docker ps -al 
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS                         NAMES
c5628a29d353        zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabb…"   5 minutes ago       Up 5 minutes        0.0.0.0:80->80/tcp, 443/tcp   zabbix_zabbix-web-nginx-mysql_1
[root@docker01 /opt/docker-compose/zabbix]# docker logs -f c5628a29d353
......
10.0.0.1 - - [11/Jun/2020:08:04:55 +0000] "POST /jsrpc.php?output=json-rpc HTTP/1.1" 200 149 "http://10.0.0.110/zabbix.php?action=dashboard.view&ddreset=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36" "-"
10.0.0.1 - - [11/Jun/2020:08:05:06 +0000] "POST /jsrpc.php?output=json-rpc HTTP/1.1" 200 149 "http://10.0.0.110/zabbix.php?action=dashboard.view&ddreset=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36" "-"
  • 查看容器进程
docker container top 容器ID
[root@docker01 ~]# docker container top 716b95ea8ffd
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                8164                8145                0                   14:16               ?                   00:00:00            /bin/bash /init.sh 1234567
root                8199                8164                0                   14:16               ?                   00:00:00            php-fpm: master process (/etc/php-fpm.conf)
polkitd             8201                8199                0                   14:16               ?                   00:00:00            php-fpm: pool www
polkitd             8202                8199                0                   14:16               ?                   00:00:00            php-fpm: pool www
polkitd             8203                8199                0                   14:16               ?                   00:00:00            php-fpm: pool www
polkitd             8204                8199                0                   14:16               ?                   00:00:00            php-fpm: pool www
polkitd             8205                8199                0                   14:16               ?                   00:00:00            php-fpm: pool www
root                8206                8164                0                   14:16               ?                   00:00:00            nginx: master process nginx
root                8207                8164                0                   14:16               ?                   00:00:00            /usr/sbin/sshd -D
polkitd             8208                8206                0                   14:16               ?                   00:00:00            nginx: worker process
  • 拷贝容器内文件到宿主机

docker cp可以拷贝已经停止容器中的文件

docker cp 容器ID:容器文件 宿主机目录
[root@docker01 ~]# ls /tmp
[root@docker01 ~]# docker ps -al 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
9fff48fc0793        kod:v1              "/bin/bash"         5 minutes ago       Exited (0) 5 minutes ago                       stupefied_goodall
[root@docker01 ~]# docker cp 9fff48fc0793:/etc/centos-release /tmp
[root@docker01 ~]# cat /tmp/centos-release 
CentOS release 6.9 (Final)
[root@docker01 ~]# docker cp 9fff48fc0793:/etc/hostname /tmp
[root@docker01 ~]# cat /tmp/hostname 
9fff48fc0793

3.端口映射

Docker实现端口映是基于系统内核转发参数,通过生成iptables规则,实现端口映射。

[root@docker01 ~]# docker run -d -p 81:80 nginx:latest 
3101e0ad0c2f43f0a9d8a5df0da46dcf7d276a03baa75e5b7aa11c8056920aa3
[root@docker01 ~]# docker run -d -p 82:80 nginx:latest 
c3a6880caa33f47ee8d06c48a8a4aadfe5027b8e51efbe13ab30ec074b05c40f
[root@docker01 ~]# sysctl -a 2>/dev/null | grep ipv4 |grep ip_forward | head -1
net.ipv4.ip_forward = 1

[root@docker01 ~]# iptables -t nat -L -n | grep MASQUERADE
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:80
MASQUERADE  tcp  --  172.17.0.3           172.17.0.3           tcp dpt:80
[root@docker01 ~]# iptables -t nat -L -n | tail -2
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:81 to:172.17.0.2:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:82 to:172.17.0.3:80

# 断开所有容器网络(关闭内核转发)
[root@docker01 ~]# sysctl net.ipv4.ip_forward=0
net.ipv4.ip_forward = 0
  • Docker可以借助宿主机辅助地址,使得多个容器绑定同一个宿主机端口
docker run -p 宿主机IP:宿主机端口:容器端口 镜像
[root@docker01 ~]# ifconfig eth0:1 10.0.0.121/24 up
[root@docker01 ~]# ifconfig eth0:2 10.0.0.122/24 up
[root@docker01 ~]# ifconfig eth0:1
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.121  netmask 255.255.255.0  broadcast 10.0.0.255
        ether 00:0c:29:03:a5:87  txqueuelen 1000  (Ethernet)

[root@docker01 ~]# ifconfig eth0:2
eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.122  netmask 255.255.255.0  broadcast 10.0.0.255
        ether 00:0c:29:03:a5:87  txqueuelen 1000  (Ethernet)
[root@docker01 ~]# docker run -d -p 10.0.0.121:80:80 nginx:latest 
371a4c16212f058c9091c90ad23c0a3b3c12dcb9c764c27ac25d2d2b12385382
[root@docker01 ~]# docker run -d -p 10.0.0.122:80:80 nginx:latest 
64ce75a7d5f505c4f813ba69b763b6d2e4d1f55c9da2c905119a651d6bc4eeb0
[root@docker01 ~]# netstat -lntup | head -4
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 10.0.0.122:80           0.0.0.0:*               LISTEN      17662/docker-proxy  
tcp        0      0 10.0.0.121:80           0.0.0.0:*               LISTEN      17571/docker-proxy 
  • 随机端口映射
docker run -p 宿主机IP::容器端口 镜像
[root@docker01 ~]# docker run -d -p 10.0.0.110::80 nginx:latest 
ba4abc8f766f66753c1c7d5bab17fd139c19d5e04b97a2a4ffd4bc6c3e318838
[root@docker01 ~]# netstat -lntup | grep 'docker'
tcp        0      0 10.0.0.110:32769        0.0.0.0:*               LISTEN      7937/docker-proxy  

随机端口范围默认是由内核参数决定的,Cent OS默认范围是32768-60999

[root@docker01 ~]# sysctl -a 2>/dev/null | grep ip| grep range | head -1 
net.ipv4.ip_local_port_range = 32768    60999
  • 基于UDP协议的端口映射
docker run -p 宿主机端口:容器端口/udp 镜像
#若不指定UDP,默认是基于TCP协议的端口映射
[root@docker01 ~]# docker run -d -p 80:80/udp nginx:latest 
e18adb2bef5e24bffea015092b34da2849c19f3ad54d0eb042f012806bf723d2
[root@docker01 ~]# docker run -d -p :80/udp nginx:latest 
ae3ea863df947c477a760f3be9424189f97ae4184a9f823991f92c0190888d0a
[root@docker01 ~]# docker run -d -p 10.0.0.110::80/udp nginx:latest 
52d5d902c1fd7b8004cfea468c9407b2310a110519817517448849673857e993
[root@docker01 ~]# netstat -lntup| grep docker
udp        0      0 10.0.0.110:32770        0.0.0.0:*                           18703/docker-proxy  
udp6       0      0 :::32771                :::*                                18612/docker-proxy  
udp6       0      0 :::80                   :::*                                18524/docker-proxy  
  • 多端口映射
docker run -p 宿主机端口1:容器端口1 -p 宿主机端口2:容器端口2 ... 镜像
docker run -p 宿主机起始端口-宿主机结束端口:容器起始端口-容器机结束端口 镜像
[root@docker01 ~]# docker run -d -p 2000:22 -p 80:80 nginx:latest 
2c05da0afb87ff0d69b3e912b4c7d8abde33136d42fa28b788b9435461d46191
[root@docker01 ~]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                      NAMES
2c05da0afb87        nginx:latest        "nginx -g 'daemon of…"   8 seconds ago       Up 7 seconds        0.0.0.0:80->80/tcp, 0.0.0.0:2000->22/tcp   vibrant_napier
[root@docker01 ~]# netstat -lntup | grep docker
tcp6       0      0 :::80                   :::*                    LISTEN      19380/docker-proxy  
tcp6       0      0 :::2000                 :::*                    LISTEN      19369/docker-proxy  

[root@docker01 ~]# docker run -d -p 8000-8010:9000-9010 nginx:latest 
3a93f25e72f1678b809c808822443597ba8d9300ea6a06f8605020bc849376ad
[root@docker01 ~]# docker ps -al
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                                                                                                                                                                                                                            NAMES
3a93f25e72f1        nginx:latest        "nginx -g 'daemon of…"   38 seconds ago      Up 36 seconds       80/tcp, 0.0.0.0:8000->9000/tcp, 0.0.0.0:8001->9001/tcp, 0.0.0.0:8002->9002/tcp, 0.0.0.0:8003->9003/tcp, 0.0.0.0:8004->9004/tcp, 0.0.0.0:8005->9005/tcp, 0.0.0.0:8006->9006/tcp, 0.0.0.0:8007->9007/tcp, 0.0.0.0:8008->9008/tcp, 0.0.0.0:8009->9009/tcp, 0.0.0.0:8010->9010/tcp   magical_goodall
[root@docker01 ~]# netstat -lntup | grep docker | egrep '80(0|1)'
tcp6       0      0 :::8007                 :::*                    LISTEN      19712/docker-proxy  
tcp6       0      0 :::8008                 :::*                    LISTEN      19701/docker-proxy  
tcp6       0      0 :::8009                 :::*                    LISTEN      19690/docker-proxy  
tcp6       0      0 :::8010                 :::*                    LISTEN      19679/docker-proxy  
tcp6       0      0 :::8000                 :::*                    LISTEN      19789/docker-proxy  
tcp6       0      0 :::8001                 :::*                    LISTEN      19778/docker-proxy  
tcp6       0      0 :::8002                 :::*                    LISTEN      19767/docker-proxy  
tcp6       0      0 :::8003                 :::*                    LISTEN      19756/docker-proxy  
tcp6       0      0 :::8004                 :::*                    LISTEN      19745/docker-proxy  
tcp6       0      0 :::8005                 :::*                    LISTEN      19734/docker-proxy  
tcp6       0      0 :::8006                 :::*                    LISTEN      19723/docker-proxy  

4.数据卷管理

示例代码
提取码:mz18
  • 基础挂载
docker run -v 宿主机目录:容器目录 镜像 #将容器指定目录挂载到宿主机目录下
[root@docker01 ~]# docker run -d -p 80:80 -v /opt/docker/web_data/html:/usr/share/nginx/html nginx:latest 
89448d8ef642ca7659a7080fe34d156ecafee5c15e78962c54898ee601e6b4c5
[root@docker01 ~]# cd /opt/docker/web_data/html/
[root@docker01 /opt/docker/web_data/html]# rz -E
XB00000000000000rz waiting to receive.
[root@docker01 /opt/docker/web_data/html]# unzip xiaoniaofeifei.zip 
Archive:  xiaoniaofeifei.zip
  inflating: sound1.mp3              
   creating: img/
...
[root@docker01 /opt/docker/web_data/html]# rm -f xiaoniaofeifei.zip 
[root@docker01 /opt/docker/web_data/html]# ls
2000.png  21.js  icon.png  img  index.html  sound1.mp3
[root@docker01 /opt/docker/web_data/html]# docker exec -it 89448d8ef642 /bin/bash
root@89448d8ef642:/# cd /usr/share/nginx/html/
root@89448d8ef642:/usr/share/nginx/html# ls
2000.png  21.js  icon.png  img  index.html  sound1.mp3

  • 创建数据卷用于持久化容器目录下数据
docker run -v 容器目录 镜像
docker run -v 数据卷名称:容器目录 镜像
[root@docker01 ~]# docker run -d -p 80:80 -v /usr/share/nginx/html nginx:latest 
2066acfec7d2abaf32afba264ff44efd464158ba5c8f3200dbd88e725d290f40
[root@docker01 ~]# docker run -d -p 81:80 -v nginx_web_data:/usr/share/nginx/html nginx:latest 
dbec7a26c26b6b28ef4b35fa971a9088c360381b7d5b6cf0cfeefb746eeb52f1
[root@docker01 ~]# cd /var/lib/docker/volumes/nginx_web_data/_data/
[root@docker01 /var/lib/docker/volumes/nginx_web_data/_data]# cp -r /opt/docker/web_data/html/* .
[root@docker01 /var/lib/docker/volumes/nginx_web_data/_data]# ls
2000.png  21.js  icon.png  img  index.html  sound1.mp3
  • 跟随挂载数据卷
docker run --volumes-from 容器ID 镜像 #跟某一容器挂载所有相同的数据卷
 [root@docker01 ~]# docker run -d -p 82:80 --volumes-from dbec7a26c26b nginx:latest
7c17d9784062e73b89f61b027570a77ca4d8a8959dbf814a2fb48dac5c381f6c

  • 查看数据卷
docker volume ls #查看数据卷列表
docker volume inspect 数据卷 #查看数据卷属性
[root@docker01 ~]# docker volume ls
DRIVER              VOLUME NAME
local               a71d29d363a1fa72c2a7d44720d3a7654c0b70b8135b85d7f0930fade8b43840
local               nginx_web_data
[root@docker01 ~]# docker volume inspect nginx_web_data 
[
    {
        "CreatedAt": "2020-04-21T15:10:01+08:00", #创建时间
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/nginx_web_data/_data", #目录挂载点
        "Name": "nginx_web_data", #数据卷名称
        "Options": null,
        "Scope": "local"
    }
]

5.容器间互联

link参数的本质就是在hosts文件中添加解析记录。link参数必须指定已运行的容器,否则会报错。

docker run --link 容器名称:别名 镜像名称:版本 #与指定容器进行互联
#准备环境
[root@docker01 ~]# docker run -it --name host alpine:3.11 
/ # ip addr show eth0
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@docker01 ~]# docker run -it --link host:test alpine:3.11
/ # ping -c 3 -W 1 host
PING host (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.048 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.159 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.056 ms

--- host ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.048/0.087/0.159 ms
/ # tail -2 /etc/hosts
172.17.0.2  test 930fdd2b930f host
172.17.0.3  aa99c4967e5c

Zabbix多容器示例

Zabbix官方文档

示例镜像文件
文件提取码:np2k
注:官网拉取的zabbix_web_nginx_mysql镜像文件中,nginx配置文件使用8080端口,但是官方文档中使用的是80端口;
# 环境准备
[root@docker01 ~]# for i in `ls ./zabbix_images`; do docker load -i ./zabbix_images/$i;done
......
92b768a78c5b: Loading layer  3.584kB/3.584kB
b8168dd207de: Loading layer  35.84kB/35.84kB
Loaded image: zabbix/zabbix-web-nginx-mysql:latest
# 启动MYSQL服务器实例
[root@docker01 ~]# docker run --name mysql-server -t \
>       -e MYSQL_DATABASE="zabbix" \
>       -e MYSQL_USER="zabbix" \
>       -e MYSQL_PASSWORD="zabbix_pwd" \
>       -e MYSQL_ROOT_PASSWORD="root_pwd" \
>       -d mysql:5.7 \
>       --character-set-server=utf8 --collation-server=utf8_bin
472345bbd3fcd8019f4799eb976f6441bc83d69e77ac0a779d3c70eec52d13c1
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID                                                       IMAGE               COMMAND                                                                          CREATED             STATUS              PORTS               NAMES
472345bbd3fcd8019f4799eb976f6441bc83d69e77ac0a779d3c70eec52d13c1   mysql:5.7           "docker-entrypoint.sh --character-set-server=utf8 --collation-server=utf8_bin"   17 seconds ago      Up 17 seconds       3306/tcp            mysql-server
# 启动Zabbix Java gateway实例
[root@docker01 ~]# docker run --name zabbix-java-gateway -t \
>       -d zabbix/zabbix-java-gateway:latest
d99f8367f6440e1084648be88eca185c1c977247bafcc401a609c72ade249036
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID                                                       IMAGE                               COMMAND                                                  CREATED             STATUS              PORTS               NAMES
d99f8367f6440e1084648be88eca185c1c977247bafcc401a609c72ade249036   zabbix/zabbix-java-gateway:latest   "/bin/bash /run_zabbix_component.sh java-gateway none"   3 seconds ago       Up 2 seconds        10052/tcp           zabbix-java-gateway
# 启动 Zabbix server 实例,并将其关联到已创建的 MySQL server 实例
[root@docker01 ~]# docker run --name zabbix-server-mysql -t \
>       -e DB_SERVER_HOST="mysql-server" \
>       -e MYSQL_DATABASE="zabbix" \
>       -e MYSQL_USER="zabbix" \
>       -e MYSQL_PASSWORD="zabbix_pwd" \
>       -e MYSQL_ROOT_PASSWORD="root_pwd" \
>       -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
>       --link mysql-server:mysql \
>       --link zabbix-java-gateway:zabbix-java-gateway \
>       -p 10051:10051 \
>       -d zabbix/zabbix-server-mysql:latest
e02e95190c4549966486041bdef515ef6bd8e2a8efc07428c7bf3184511a2d06
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID                                                       IMAGE                               COMMAND                                             CREATED             STATUS              PORTS                               NAMES
e02e95190c4549966486041bdef515ef6bd8e2a8efc07428c7bf3184511a2d06   zabbix/zabbix-server-mysql:latest   "/bin/bash /run_zabbix_component.sh server mysql"   4 seconds ago       Up 3 seconds        162/udp, 0.0.0.0:10051->10051/tcp   zabbix-server-mysql
# 启动Zabbix Web界面,并将其关联到已创建的MySQL server和Zabbix server实例
[root@docker01 ~]# docker run --name zabbix-web-nginx-mysql -t \
>       -e DB_SERVER_HOST="mysql-server" \
>       -e MYSQL_DATABASE="zabbix" \
>       -e MYSQL_USER="zabbix" \
>       -e MYSQL_PASSWORD="zabbix_pwd" \
>       -e MYSQL_ROOT_PASSWORD="root_pwd" \
>       --link mysql-server:mysql \
>       --link zabbix-server-mysql:zabbix-server \
>       -p 80:80 \
>       -d zabbix/zabbix-web-nginx-mysql:latest
aea17ffcccb502068cdb087cff9f6fe45933ec9face99567b2a07aaa826ca849
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID                                                       IMAGE                                  COMMAND                                                     CREATED             STATUS              PORTS                         NAMES
aea17ffcccb502068cdb087cff9f6fe45933ec9face99567b2a07aaa826ca849   zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabbix_component.sh frontend mysql nginx"   3 seconds ago       Up 2 seconds        0.0.0.0:80->80/tcp, 443/tcp   zabbix-web-nginx-mysql
#验证
[root@docker01 ~]# docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED              STATUS              PORTS                               NAMES
aea17ffcccb5        zabbix/zabbix-web-nginx-mysql:latest   "/bin/bash /run_zabb…"   35 seconds ago       Up 34 seconds       0.0.0.0:80->80/tcp, 443/tcp         zabbix-web-nginx-mysql
e02e95190c45        zabbix/zabbix-server-mysql:latest      "/bin/bash /run_zabb…"   About a minute ago   Up About a minute   162/udp, 0.0.0.0:10051->10051/tcp   zabbix-server-mysql
d99f8367f644        zabbix/zabbix-java-gateway:latest      "/bin/bash /run_zabb…"   2 minutes ago        Up 2 minutes        10052/tcp                           zabbix-java-gateway
472345bbd3fc        mysql:5.7                              "docker-entrypoint.s…"   3 minutes ago        Up 3 minutes        3306/tcp                            mysql-server

发表评论

您的电子邮箱地址不会被公开。