一、概述
1.概念
容器是隔离环境中运行的一个进程;如果进程结束,容器会自动停止。容器的隔离环境拥有独立的IP地址、系统文件、主机名和进程。
|
程序:代码或命令的集合 进程:正在运行的程序 |
2.容器和虚拟化的区别
虚拟机
- 需要硬件CPU支持(VT虚拟化)
- 模拟计算机硬件
- 模拟开机启动流程
|
启动流程 BIOS自检 -> BIOS启动菜单选取启动项 -> 读取硬盘初始扇区(GRUB/UEFI) -> 加载系统内核(硬件初始化) -> 启动系统初始进程 |
容器
- 不需要硬件CPU支持
- 共用宿主机内核(无需模拟开机启动流程)
3.容器优势
- 启动快(秒级启动)
- 性能高
- 性能损耗少
-
程序轻量级
二、Docker-CE基础
Docker是一款基于软件打包技术,使用Go语言开发的C/S架构程序
| 软件数据目录:/var/lib/docker |
1.安装
step 0 配置环境
若系统之前安装过docker,需先删除docker程序
| yum remove docker docker-common docker-selinux docker-engine |
安装依赖程序
| yum install -y yum-utils device-mapper-persistent-data lvm2 |
step 1 下载并安装docker
|
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo #指定Docker安装文件 sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo #修改官方安装源至清华安装源 yum install docker-ce #安装Docker |
[root@docker01 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
--2020-04-07 16:45:25-- https://download.docker.com/linux/centos/docker-ce.repo
Resolving download.docker.com (download.docker.com)... 13.249.171.6, 13.249.171.37, 13.249.171.64, ...
Connecting to download.docker.com (download.docker.com)|13.249.171.6|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2424 (2.4K) [binary/octet-stream]
Saving to: ‘/etc/yum.repos.d/docker-ce.repo’
100%[=================================================>] 2,424 --.-K/s in 0s
2020-04-07 16:45:25 (152 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [2424/2424]
[root@docker01 ~]# sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
[root@docker01 ~]# yum install -y docker-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
......
Dependency Updated:
audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7
policycoreutils.x86_64 0:2.5-33.el7
Complete!
[root@docker01 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?step 2 启动Docker
| systemctl start docker |
[root@docker01 ~]# systemctl start dockerstep 3 验证
| docker version |
[root@docker01 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:25:42 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683 2.基础命令
镜像相关
- 搜索镜像(从官方仓库检索)
| docker search 关键字 |
镜像选择原则:官方镜像 > stars数量较高镜像
[root@docker01 ~]# docker search nginx| head -5
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 12968 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1772 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 764 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 104 - 拉取/上传镜像
|
docker pull 镜像名称:版本 #从官方仓库拉取指定镜像 若不指定版本,默认使用最新版本 docker pull 仓库链接/镜像名称:版本 #从第三方仓库拉取指定镜像 docker push 仓库链接/镜像名称:版本 #推送镜像(上传镜像) 向官方仓库推送镜像,需要登录官方仓库; |
[root@docker01 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
c499e6d256d6: Pull complete
74cda408e262: Pull complete
ffadbd415ab7: Pull complete
Digest: sha256:282530fcb7cd19f3848c7b611043f82ae4be3781cb00105a1d593d7e6286b596
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest- 导入/导出镜像
镜像的导入会自动解压缩镜像文件,镜像的导出会自动压缩镜像
|
docker load -i 镜像文件 #导入镜像文件 docker image import 镜像文件 #导入镜像文件(不导入镜像的名称和版本) docker save 镜像名称:版本 -o 导出文件名称 #导出镜像文件 |
[root@docker01 ~]# docker load -i images/docker_alpine.tar.gz
1bfeebd65323: Loading layer 5.844MB/5.844MB
Loaded image: alpine:latest
[root@docker01 ~/images]# docker import docker_alpine.tar.gz
sha256:60a97f31fff274bbfa7178cb9151267d2258e71d36c628a70e60e956b9a56a1d
[root@docker01 ~/images]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 60a97f31fff2 6 seconds ago 5.85MB
nginx latest ed21b7a8aee9 13 days ago 127MB
alpine latest b7b28af77ffe 9 months ago 5.58MB#批量导入镜像
[root@docker01 ~]# cat docker_image.sh
#!/bin/bash
for i in docker_centos6.9.tar.gz docker_k8s_dns.tar.gz docker-mysql-5.7.tar.gz docker_busybox.tar.gz docker_centos7.tar.gz docker_monitor_node.tar.gz docker_nginx.tar.gz
do
docker load -i images/${i};
done
echo "Finish Loading."
[root@docker01 ~]# sh docker_image.sh
b5e11aae8a8e: Loading layer 202.9MB/202.9MB
Loaded image: centos:6.9
8ac8bfaff55a: Loading layer 1.293MB/1.293MB
5f70bf18a086: Loading layer 1.024kB/1.024kB
b79219965469: Loading layer 45.91MB/45.91MB
Loaded image: gcr.io/google_containers/kubedns-amd64:1.9
3fc666989c1d: Loading layer 5.046MB/5.046MB
5f70bf18a086: Loading layer 1.024kB/1.024kB
9eed5e14d7fb: Loading layer 348.7kB/348.7kB
00dc4ffe8624: Loading layer 2.56kB/2.56kB
Loaded image: gcr.io/google_containers/kube-dnsmasq-amd64:1.4
9007f5987db3: Loading layer 5.05MB/5.05MB
5f70bf18a086: Loading layer 1.024kB/1.024kB
......[root@docker01 ~]# docker save nginx:latest -o docker_image_nginx:lastest.tar.gz
[root@docker01 ~]# ls
anaconda-ks.cfg docker_image_nginx:lastest.tar.gz docker_image.sh images
[root@docker01 ~]# file docker_image_nginx\:lastest.tar.gz
docker_image_nginx:lastest.tar.gz: POSIX tar archive
# 将多个镜像导出为一个文件
[root@docker01 ~]# docker save nginx:latest alpine:latest -o docker_image_test.tar.gz- 查看镜像列表
默认按创建时间排序
|
docker image ls docker images
--all #显示隐藏镜像
|
[root@docker01 ~]# docker images | head -5
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 60a97f31fff2 13 minutes ago 5.85MB
nginx <none> ed21b7a8aee9 13 days ago 127MB
nginx latest 540a289bab6c 5 months ago 126MB
alpine latest b7b28af77ffe 9 months ago 5.58MB
[root@docker01 ~]# docker image ls | tail -4
gcr.io/google_containers/dnsmasq-metrics-amd64 1.0 5271aabced07 3 years ago 14MB
gcr.io/google_containers/kube-dnsmasq-amd64 1.4 3ec65756a89b 3 years ago 5.13MB
gcr.io/google_containers/exechealthz-amd64 1.2 93a43bfb39bf 3 years ago 8.37MB
mysql 5.7 b7dc06006192 3 years ago 386MB- 删除镜像
|
docker image rm 镜像名称:版本 docker rmi 镜像名称:版本 |
[root@docker01 ~]# docker image rm nginx:latest
Untagged: nginx:latest
Deleted: sha256:540a289bab6cb1bf880086a9b803cf0c4cefe38cbb5cdefa199b69614525199f
Deleted: sha256:ab18af7cee69bfb22c1771e54d5e0e68b1a1bf57bb46516142da0380b1771f4a
Deleted: sha256:02f7daf1e14541cd61a3dda1a61cc0f78fee8de2984d488b8ba5bbd3cbad9b57
Deleted: sha256:b67d19e65ef653823ed62a5835399c610a40e8205c16f839c5cc567954fcf594
[root@docker01 ~]# docker rmi centos:7
Untagged: centos:7
Deleted: sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1
Deleted: sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854
[root@docker01 ~]# docker rmi 60a97f31fff2
Deleted: sha256:60a97f31fff274bbfa7178cb9151267d2258e71d36c628a70e60e956b9a56a1d
Deleted: sha256:2cb2ead8b08aafc4960438c907a395460e5ab7c6b1fe97a3137737eb025f8c2a
#删除多个镜像
[root@docker01 ~]# docker rmi gcr.io/google_containers/kubedns-amd64:1.9 gcr.io/google_containers/dnsmasq-metrics-amd64:1.0 gcr.io/google_containers/kube-dnsmasq-amd64:1.4 gcr.io/google_containers/exechealthz-amd64:1.2
Untagged: gcr.io/google_containers/kubedns-amd64:1.9
Deleted: sha256:26cf1ed9b14486b93acd70c060a17fea13620393d3aa8e76036b773197c47a05
Deleted: sha256:7b37313fc7da414986398281f18060298eccc130505a7b57e0bcfb5ea6555554
Untagged: gcr.io/google_containers/dnsmasq-metrics-amd64:1.0
Deleted: sha256:5271aabced07deae353277e2b8bd5b2e30ddb0b4a5884a5940115881ea8753ef- 查看镜像属性
| docker image inspect 镜像名称:版本 |
[root@docker01 ~]# docker image inspect alpine:latest | head -5
[
{
"Id": "sha256:b7b28af77ffec6054d13378df4fdf02725830086c7444d9c278af25312aa39b9",
"RepoTags": [
"alpine:latest"
[root@docker01 ~]# docker inspect alpine:latest | head -5
[
{
"Id": "sha256:b7b28af77ffec6054d13378df4fdf02725830086c7444d9c278af25312aa39b9",
"RepoTags": [
"alpine:latest"- 清理系统无效镜像
| docker image prune |
[root@docker01 ~]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Deleted Images:
untagged: nginx@sha256:282530fcb7cd19f3848c7b611043f82ae4be3781cb00105a1d593d7e6286b596
deleted: sha256:ed21b7a8aee9cc677df6d7f38a641fa0e3c05f65592c592c9f28c42b3dd89291
deleted: sha256:8a305f371a6c3c445a1dfc500c1364743868a269ab8cdaf95902692e82168352
deleted: sha256:d079ef06ec1f10a8050887365f9a940b39547ba6bcc46b16a463e740984f3223
deleted: sha256:c3a984abe8a88059915bb6c7a1d249fd1ccc16d931334ac8816540b0eb686b45
Total reclaimed space: 126.8MB- 设置镜像标签
|
docker image tag 镜像ID 镜像名称:版本 docker tag 镜像ID 镜像名称:版本 |
[root@docker01 ~]# docker import images/docker_alpine.tar.gz
sha256:866487acea46ce12b11b3c49d8a71342845c24319cf78ed7338982f913c4cb19
[root@docker01 ~]# docker images | head -2
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 866487acea46 14 seconds ago 5.85MB
[root@docker01 ~]# docker tag 866487acea46 aspen:9
[root@docker01 ~]# docker images | head -2
REPOSITORY TAG IMAGE ID CREATED SIZE
aspen 9 866487acea46 34 seconds ago 5.85MB- 查看镜像操作记录
| docker image history 镜像:版本 |
[root@docker01 ~]# docker image history nginx:latest
IMAGE CREATED CREATED BY SIZE COMMENT
540a289bab6c 7 months ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
<missing> 7 months ago /bin/sh -c #(nop) STOPSIGNAL SIGTERM 0B
<missing> 7 months ago /bin/sh -c #(nop) EXPOSE 80 0B
<missing> 7 months ago /bin/sh -c ln -sf /dev/stdout /var/log/nginx… 22B
<missing> 7 months ago /bin/sh -c set -x && addgroup --system -… 57MB
<missing> 7 months ago /bin/sh -c #(nop) ENV PKG_RELEASE=1~buster 0B
<missing> 7 months ago /bin/sh -c #(nop) ENV NJS_VERSION=0.3.6 0B
<missing> 7 months ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.17.5 0B
<missing> 7 months ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B
<missing> 7 months ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 7 months ago /bin/sh -c #(nop) ADD file:74b2987cacab5a6b0… 69.2MB 5.85MB Imported from -容器相关
|
进程停止,容器结束;因此容器的初始命令必须在前台一直运行(夯住) 容器默认的主机名就是容器本身的容器ID(12位) |
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
924b85ecb8bb centos:6.9 "tail -f /etc/hosts" 17 seconds ago Up 16 seconds charming_golick
3f5a7884702a centos:6.9 "/bin/bash" 33 seconds ago Exited (0) 32 seconds ago magical_merkle- 创建并启动容器
|
docker run 镜像名称:版本 初始命令 #创建并启动容器
-d #以守护进程形式运行
-h 主机名 #设置容器主机名
--env "变量名=变量值" #设置环境变量
-p 宿主机端口:容器端口 #设置端口映射
-v 宿主机目录:容器目录 #数据卷挂载
-it #进入容器
--network=网络类型 #指定容器网络类型
--link 容器名称:别名 #与指定容器创建链接
--resart=always #指定该容器伴随docker重启
--workdir 目录 #指定进入容器目录
--name 名称 #指定容器名称
--cpus 十进制数 #限定容器CPU资源
--memory 资源数量 #限定容器内存资源
docker create 镜像名称:版本 #创建容器
--name 名称 #指定容器名称
docker start 容器ID #启动容器 |
|
docker run每次都会启动一个新容器,不指定初始命令时,容器使用自定义初始命令运行。 docker run的镜像如果本地不存在,docker会自动从官方仓库拉取指定镜像。 |
[root@docker01 ~]# docker run -it --name aspenOS centos:6.9
[root@51610c70bcc3 /]# cat /etc/centos-release
CentOS release 6.9 (Final)
[root@51610c70bcc3 /]# uname -r
3.10.0-957.el7.x86_64
[root@51610c70bcc3 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 02:25 pts/0 00:00:00 /bin/bash
root 15 1 0 02:28 pts/0 00:00:00 ps -ef
[root@docker01 ~]# docker run -d -p 81:80 nginx:latest
5a8ba13a817350c80dd7ef86a9cf15dba7cfb3dbd07145b15d09fdd3364da6c5
[root@docker01 ~]# netstat -lntp | awk NR==5
tcp6 0 0 :::81 :::* LISTEN 9162/docker-proxy[root@docker01 ~]# docker create --name centOS centos:7
f0213eaf06e8453eabdcab6a560eb642d8d006fbb67cb2d89226bea76dd7b770
[root@docker01 ~]# docker create --name http_server nginx:latest
16f75214e0c4687ef794e3b7195cebfe340b6a6ece06a63c960a59480c91ae4d
[root@docker01 ~]# docker start http_server
http_server- 查看容器列表
|
docker ps #查看容器列表(默认仅显示运行状态的容器)
-a #查看所有容器
-l #显示最新启动的容器
-q #静默输出容器列表(仅显示容器ID)
--no-trunc #显示全部内容
|
[root@docker01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4616a34c2207 nginx:latest "nginx -g 'daemon of…" 8 seconds ago Up 7 seconds 0.0.0.0:81->80/tcp thirsty_kapitsa
2a5792e47223 nginx:latest "nginx -g 'daemon of…" About a minute ago Up 50 seconds 80/tcp http_server
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4616a34c2207 nginx:latest "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 0.0.0.0:81->80/tcp thirsty_kapitsa
a5581b1649a0 centos:6.9 "/bin/bash" 3 minutes ago Exited (0) 3 minutes ago aspenOS
2a5792e47223 nginx:latest "nginx -g 'daemon of…" 4 minutes ago Up 4 minutes 80/tcp http_server
5239203924a1 centos:7 "/bin/bash" 4 minutes ago Created centOS
[root@docker01 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4616a34c2207 nginx:latest "nginx -g 'daemon of…" 41 seconds ago Up 40 seconds 0.0.0.0:81->80/tcp thirsty_kapitsa
[root@docker01 ~]# docker ps -q
4616a34c2207
2a5792e47223- 查看容器占用资源
|
docker stats
--no-stream #仅显示当前数据(不实时显示)
|
[root@docker01 ~]# docker stats --no-stream
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
adf66f1b66f2 0.00% 1.352 MiB / 1.934 GiB 0.07% 1.22 kB / 656 B 0 B / 0 B 2
654ab7af5187 0.00% 272 KiB / 1.934 GiB 0.01% 1.22 kB / 656 B 0 B / 0 B 4
71fc1b1a7300 0.00% 1.348 MiB / 1.934 GiB 0.07% 2.83 kB / 656 B 5.71 MB / 0 B 2
ceb6b4356bdf 0.00% 1.34 MiB / 1.934 GiB 0.07% 3.01 kB / 656 B 1.99 MB / 0 B 2
fdae9f0e5ce6 0.00% 272 KiB / 1.934 GiB 0.01% 2.83 kB / 656 B 0 B / 0 B 4
787dea4a2f94 0.00% 268 KiB / 1.934 GiB 0.01% 3.01 kB / 656 B 53.2 kB / 0 B 4
[root@docker01 ~]# docker run -d --cpus 0.30 --memory 50M 10.0.0.140:5000/alpine:latest sleep 10000
098f0a61a05f4f06429329c8f894ed6229ed4d4bc6ccad6bbf6f7bacc2fe5d13
[root@docker01 ~]# docker stats --no-stream |head -2
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
098f0a61a05f 0.00% 40 KiB / 50 MiB 0.08% 656 B / 656 B 28.7 kB / 0 B 1- 进入容器(仅能进入处于运行状态的容器)
|
docker exec -it 容器ID 初始命令 docker exec -it 容器名字 初始命令 |
[root@docker01 ~]# docker exec -it 3f5a7884702a /bin/bash
Error response from daemon: Container 3f5a7884702a631ac9269ed949d243fdcfc4d0203ec11bdb48c29e8117f9e6ea is not running
[root@docker01 ~]# docker exec -it 924b85ecb8bb /bin/bash
[root@924b85ecb8bb /]# - 停止容器
|
docker stop 容器ID docker stop 容器名称 docker kill 容器ID #强制结束容器 docker kill 容器名称 #强制结束容器 |
[root@docker01 ~]# docker stop 16f75214e0c4
16f75214e0c4
[root@docker01 ~]# docker kill elastic_hofstadter
elastic_hofstadter- 删除容器(仅能删除已经退出的容器)
|
docker rm 容器ID docker rm 容器名称
-f #强制删除容器(可删除处于运行状态的容器)
docker rm -f $(docker ps -a -q) #清空容器 |
[root@docker01 ~]# docker rm http_server
http_server
[root@docker01 ~]# docker rm -f `docker ps -a -q`
f0213eaf06e8
5a8ba13a8173
51610c70bcc3
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES- 查看容器日志
|
docker logs 容器ID
-f #跟踪浏览容器日志
|
[root@docker01 /opt/docker-compose/zabbix]# docker ps -al
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5628a29d353 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabb…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp, 443/tcp zabbix_zabbix-web-nginx-mysql_1
[root@docker01 /opt/docker-compose/zabbix]# docker logs -f c5628a29d353
......
10.0.0.1 - - [11/Jun/2020:08:04:55 +0000] "POST /jsrpc.php?output=json-rpc HTTP/1.1" 200 149 "http://10.0.0.110/zabbix.php?action=dashboard.view&ddreset=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36" "-"
10.0.0.1 - - [11/Jun/2020:08:05:06 +0000] "POST /jsrpc.php?output=json-rpc HTTP/1.1" 200 149 "http://10.0.0.110/zabbix.php?action=dashboard.view&ddreset=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36" "-"- 查看容器进程
| docker container top 容器ID |
[root@docker01 ~]# docker container top 716b95ea8ffd
UID PID PPID C STIME TTY TIME CMD
root 8164 8145 0 14:16 ? 00:00:00 /bin/bash /init.sh 1234567
root 8199 8164 0 14:16 ? 00:00:00 php-fpm: master process (/etc/php-fpm.conf)
polkitd 8201 8199 0 14:16 ? 00:00:00 php-fpm: pool www
polkitd 8202 8199 0 14:16 ? 00:00:00 php-fpm: pool www
polkitd 8203 8199 0 14:16 ? 00:00:00 php-fpm: pool www
polkitd 8204 8199 0 14:16 ? 00:00:00 php-fpm: pool www
polkitd 8205 8199 0 14:16 ? 00:00:00 php-fpm: pool www
root 8206 8164 0 14:16 ? 00:00:00 nginx: master process nginx
root 8207 8164 0 14:16 ? 00:00:00 /usr/sbin/sshd -D
polkitd 8208 8206 0 14:16 ? 00:00:00 nginx: worker process- 拷贝容器内文件到宿主机
docker cp可以拷贝已经停止容器中的文件
| docker cp 容器ID:容器文件 宿主机目录 |
[root@docker01 ~]# ls /tmp
[root@docker01 ~]# docker ps -al
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9fff48fc0793 kod:v1 "/bin/bash" 5 minutes ago Exited (0) 5 minutes ago stupefied_goodall
[root@docker01 ~]# docker cp 9fff48fc0793:/etc/centos-release /tmp
[root@docker01 ~]# cat /tmp/centos-release
CentOS release 6.9 (Final)
[root@docker01 ~]# docker cp 9fff48fc0793:/etc/hostname /tmp
[root@docker01 ~]# cat /tmp/hostname
9fff48fc07933.端口映射
Docker实现端口映是基于系统内核转发参数,通过生成iptables规则,实现端口映射。
[root@docker01 ~]# docker run -d -p 81:80 nginx:latest
3101e0ad0c2f43f0a9d8a5df0da46dcf7d276a03baa75e5b7aa11c8056920aa3
[root@docker01 ~]# docker run -d -p 82:80 nginx:latest
c3a6880caa33f47ee8d06c48a8a4aadfe5027b8e51efbe13ab30ec074b05c40f[root@docker01 ~]# sysctl -a 2>/dev/null | grep ipv4 |grep ip_forward | head -1
net.ipv4.ip_forward = 1
[root@docker01 ~]# iptables -t nat -L -n | grep MASQUERADE
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
MASQUERADE tcp -- 172.17.0.3 172.17.0.3 tcp dpt:80
[root@docker01 ~]# iptables -t nat -L -n | tail -2
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 to:172.17.0.2:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:82 to:172.17.0.3:80
# 断开所有容器网络(关闭内核转发)
[root@docker01 ~]# sysctl net.ipv4.ip_forward=0
net.ipv4.ip_forward = 0- Docker可以借助宿主机辅助地址,使得多个容器绑定同一个宿主机端口
| docker run -p 宿主机IP:宿主机端口:容器端口 镜像 |
[root@docker01 ~]# ifconfig eth0:1 10.0.0.121/24 up
[root@docker01 ~]# ifconfig eth0:2 10.0.0.122/24 up
[root@docker01 ~]# ifconfig eth0:1
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.121 netmask 255.255.255.0 broadcast 10.0.0.255
ether 00:0c:29:03:a5:87 txqueuelen 1000 (Ethernet)
[root@docker01 ~]# ifconfig eth0:2
eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.122 netmask 255.255.255.0 broadcast 10.0.0.255
ether 00:0c:29:03:a5:87 txqueuelen 1000 (Ethernet)[root@docker01 ~]# docker run -d -p 10.0.0.121:80:80 nginx:latest
371a4c16212f058c9091c90ad23c0a3b3c12dcb9c764c27ac25d2d2b12385382
[root@docker01 ~]# docker run -d -p 10.0.0.122:80:80 nginx:latest
64ce75a7d5f505c4f813ba69b763b6d2e4d1f55c9da2c905119a651d6bc4eeb0
[root@docker01 ~]# netstat -lntup | head -4
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.0.0.122:80 0.0.0.0:* LISTEN 17662/docker-proxy
tcp 0 0 10.0.0.121:80 0.0.0.0:* LISTEN 17571/docker-proxy - 随机端口映射
| docker run -p 宿主机IP::容器端口 镜像 |
[root@docker01 ~]# docker run -d -p 10.0.0.110::80 nginx:latest
ba4abc8f766f66753c1c7d5bab17fd139c19d5e04b97a2a4ffd4bc6c3e318838
[root@docker01 ~]# netstat -lntup | grep 'docker'
tcp 0 0 10.0.0.110:32769 0.0.0.0:* LISTEN 7937/docker-proxy 随机端口范围默认是由内核参数决定的,Cent OS默认范围是32768-60999
[root@docker01 ~]# sysctl -a 2>/dev/null | grep ip| grep range | head -1
net.ipv4.ip_local_port_range = 32768 60999- 基于UDP协议的端口映射
|
docker run -p 宿主机端口:容器端口/udp 镜像 #若不指定UDP,默认是基于TCP协议的端口映射 |
[root@docker01 ~]# docker run -d -p 80:80/udp nginx:latest
e18adb2bef5e24bffea015092b34da2849c19f3ad54d0eb042f012806bf723d2
[root@docker01 ~]# docker run -d -p :80/udp nginx:latest
ae3ea863df947c477a760f3be9424189f97ae4184a9f823991f92c0190888d0a
[root@docker01 ~]# docker run -d -p 10.0.0.110::80/udp nginx:latest
52d5d902c1fd7b8004cfea468c9407b2310a110519817517448849673857e993
[root@docker01 ~]# netstat -lntup| grep docker
udp 0 0 10.0.0.110:32770 0.0.0.0:* 18703/docker-proxy
udp6 0 0 :::32771 :::* 18612/docker-proxy
udp6 0 0 :::80 :::* 18524/docker-proxy - 多端口映射
|
docker run -p 宿主机端口1:容器端口1 -p 宿主机端口2:容器端口2 ... 镜像 docker run -p 宿主机起始端口-宿主机结束端口:容器起始端口-容器机结束端口 镜像 |
[root@docker01 ~]# docker run -d -p 2000:22 -p 80:80 nginx:latest
2c05da0afb87ff0d69b3e912b4c7d8abde33136d42fa28b788b9435461d46191
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2c05da0afb87 nginx:latest "nginx -g 'daemon of…" 8 seconds ago Up 7 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:2000->22/tcp vibrant_napier
[root@docker01 ~]# netstat -lntup | grep docker
tcp6 0 0 :::80 :::* LISTEN 19380/docker-proxy
tcp6 0 0 :::2000 :::* LISTEN 19369/docker-proxy
[root@docker01 ~]# docker run -d -p 8000-8010:9000-9010 nginx:latest
3a93f25e72f1678b809c808822443597ba8d9300ea6a06f8605020bc849376ad
[root@docker01 ~]# docker ps -al
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a93f25e72f1 nginx:latest "nginx -g 'daemon of…" 38 seconds ago Up 36 seconds 80/tcp, 0.0.0.0:8000->9000/tcp, 0.0.0.0:8001->9001/tcp, 0.0.0.0:8002->9002/tcp, 0.0.0.0:8003->9003/tcp, 0.0.0.0:8004->9004/tcp, 0.0.0.0:8005->9005/tcp, 0.0.0.0:8006->9006/tcp, 0.0.0.0:8007->9007/tcp, 0.0.0.0:8008->9008/tcp, 0.0.0.0:8009->9009/tcp, 0.0.0.0:8010->9010/tcp magical_goodall
[root@docker01 ~]# netstat -lntup | grep docker | egrep '80(0|1)'
tcp6 0 0 :::8007 :::* LISTEN 19712/docker-proxy
tcp6 0 0 :::8008 :::* LISTEN 19701/docker-proxy
tcp6 0 0 :::8009 :::* LISTEN 19690/docker-proxy
tcp6 0 0 :::8010 :::* LISTEN 19679/docker-proxy
tcp6 0 0 :::8000 :::* LISTEN 19789/docker-proxy
tcp6 0 0 :::8001 :::* LISTEN 19778/docker-proxy
tcp6 0 0 :::8002 :::* LISTEN 19767/docker-proxy
tcp6 0 0 :::8003 :::* LISTEN 19756/docker-proxy
tcp6 0 0 :::8004 :::* LISTEN 19745/docker-proxy
tcp6 0 0 :::8005 :::* LISTEN 19734/docker-proxy
tcp6 0 0 :::8006 :::* LISTEN 19723/docker-proxy 4.数据卷管理
|
示例代码 提取码:mz18 |
- 基础挂载
| docker run -v 宿主机目录:容器目录 镜像 #将容器指定目录挂载到宿主机目录下 |
[root@docker01 ~]# docker run -d -p 80:80 -v /opt/docker/web_data/html:/usr/share/nginx/html nginx:latest
89448d8ef642ca7659a7080fe34d156ecafee5c15e78962c54898ee601e6b4c5
[root@docker01 ~]# cd /opt/docker/web_data/html/
[root@docker01 /opt/docker/web_data/html]# rz -E
XB00000000000000rz waiting to receive.
[root@docker01 /opt/docker/web_data/html]# unzip xiaoniaofeifei.zip
Archive: xiaoniaofeifei.zip
inflating: sound1.mp3
creating: img/
...
[root@docker01 /opt/docker/web_data/html]# rm -f xiaoniaofeifei.zip
[root@docker01 /opt/docker/web_data/html]# ls
2000.png 21.js icon.png img index.html sound1.mp3
[root@docker01 /opt/docker/web_data/html]# docker exec -it 89448d8ef642 /bin/bash
root@89448d8ef642:/# cd /usr/share/nginx/html/
root@89448d8ef642:/usr/share/nginx/html# ls
2000.png 21.js icon.png img index.html sound1.mp3
- 创建数据卷用于持久化容器目录下数据
|
docker run -v 容器目录 镜像 docker run -v 数据卷名称:容器目录 镜像 |
[root@docker01 ~]# docker run -d -p 80:80 -v /usr/share/nginx/html nginx:latest
2066acfec7d2abaf32afba264ff44efd464158ba5c8f3200dbd88e725d290f40
[root@docker01 ~]# docker run -d -p 81:80 -v nginx_web_data:/usr/share/nginx/html nginx:latest
dbec7a26c26b6b28ef4b35fa971a9088c360381b7d5b6cf0cfeefb746eeb52f1
[root@docker01 ~]# cd /var/lib/docker/volumes/nginx_web_data/_data/
[root@docker01 /var/lib/docker/volumes/nginx_web_data/_data]# cp -r /opt/docker/web_data/html/* .
[root@docker01 /var/lib/docker/volumes/nginx_web_data/_data]# ls
2000.png 21.js icon.png img index.html sound1.mp3- 跟随挂载数据卷
| docker run --volumes-from 容器ID 镜像 #跟某一容器挂载所有相同的数据卷 |
[root@docker01 ~]# docker run -d -p 82:80 --volumes-from dbec7a26c26b nginx:latest
7c17d9784062e73b89f61b027570a77ca4d8a8959dbf814a2fb48dac5c381f6c
- 查看数据卷
|
docker volume ls #查看数据卷列表 docker volume inspect 数据卷 #查看数据卷属性 |
[root@docker01 ~]# docker volume ls
DRIVER VOLUME NAME
local a71d29d363a1fa72c2a7d44720d3a7654c0b70b8135b85d7f0930fade8b43840
local nginx_web_data
[root@docker01 ~]# docker volume inspect nginx_web_data
[
{
"CreatedAt": "2020-04-21T15:10:01+08:00", #创建时间
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/nginx_web_data/_data", #目录挂载点
"Name": "nginx_web_data", #数据卷名称
"Options": null,
"Scope": "local"
}
]5.容器间互联
link参数的本质就是在hosts文件中添加解析记录。link参数必须指定已运行的容器,否则会报错。
| docker run --link 容器名称:别名 镜像名称:版本 #与指定容器进行互联 |
#准备环境
[root@docker01 ~]# docker run -it --name host alpine:3.11
/ # ip addr show eth0
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever[root@docker01 ~]# docker run -it --link host:test alpine:3.11
/ # ping -c 3 -W 1 host
PING host (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.048 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.159 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.056 ms
--- host ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.048/0.087/0.159 ms
/ # tail -2 /etc/hosts
172.17.0.2 test 930fdd2b930f host
172.17.0.3 aa99c4967e5cZabbix多容器示例
|
示例镜像文件 文件提取码:np2k 注:官网拉取的zabbix_web_nginx_mysql镜像文件中,nginx配置文件使用8080端口,但是官方文档中使用的是80端口; |
# 环境准备
[root@docker01 ~]# for i in `ls ./zabbix_images`; do docker load -i ./zabbix_images/$i;done
......
92b768a78c5b: Loading layer 3.584kB/3.584kB
b8168dd207de: Loading layer 35.84kB/35.84kB
Loaded image: zabbix/zabbix-web-nginx-mysql:latest# 启动MYSQL服务器实例
[root@docker01 ~]# docker run --name mysql-server -t \
> -e MYSQL_DATABASE="zabbix" \
> -e MYSQL_USER="zabbix" \
> -e MYSQL_PASSWORD="zabbix_pwd" \
> -e MYSQL_ROOT_PASSWORD="root_pwd" \
> -d mysql:5.7 \
> --character-set-server=utf8 --collation-server=utf8_bin
472345bbd3fcd8019f4799eb976f6441bc83d69e77ac0a779d3c70eec52d13c1
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
472345bbd3fcd8019f4799eb976f6441bc83d69e77ac0a779d3c70eec52d13c1 mysql:5.7 "docker-entrypoint.sh --character-set-server=utf8 --collation-server=utf8_bin" 17 seconds ago Up 17 seconds 3306/tcp mysql-server# 启动Zabbix Java gateway实例
[root@docker01 ~]# docker run --name zabbix-java-gateway -t \
> -d zabbix/zabbix-java-gateway:latest
d99f8367f6440e1084648be88eca185c1c977247bafcc401a609c72ade249036
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d99f8367f6440e1084648be88eca185c1c977247bafcc401a609c72ade249036 zabbix/zabbix-java-gateway:latest "/bin/bash /run_zabbix_component.sh java-gateway none" 3 seconds ago Up 2 seconds 10052/tcp zabbix-java-gateway# 启动 Zabbix server 实例,并将其关联到已创建的 MySQL server 实例
[root@docker01 ~]# docker run --name zabbix-server-mysql -t \
> -e DB_SERVER_HOST="mysql-server" \
> -e MYSQL_DATABASE="zabbix" \
> -e MYSQL_USER="zabbix" \
> -e MYSQL_PASSWORD="zabbix_pwd" \
> -e MYSQL_ROOT_PASSWORD="root_pwd" \
> -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
> --link mysql-server:mysql \
> --link zabbix-java-gateway:zabbix-java-gateway \
> -p 10051:10051 \
> -d zabbix/zabbix-server-mysql:latest
e02e95190c4549966486041bdef515ef6bd8e2a8efc07428c7bf3184511a2d06
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e02e95190c4549966486041bdef515ef6bd8e2a8efc07428c7bf3184511a2d06 zabbix/zabbix-server-mysql:latest "/bin/bash /run_zabbix_component.sh server mysql" 4 seconds ago Up 3 seconds 162/udp, 0.0.0.0:10051->10051/tcp zabbix-server-mysql# 启动Zabbix Web界面,并将其关联到已创建的MySQL server和Zabbix server实例
[root@docker01 ~]# docker run --name zabbix-web-nginx-mysql -t \
> -e DB_SERVER_HOST="mysql-server" \
> -e MYSQL_DATABASE="zabbix" \
> -e MYSQL_USER="zabbix" \
> -e MYSQL_PASSWORD="zabbix_pwd" \
> -e MYSQL_ROOT_PASSWORD="root_pwd" \
> --link mysql-server:mysql \
> --link zabbix-server-mysql:zabbix-server \
> -p 80:80 \
> -d zabbix/zabbix-web-nginx-mysql:latest
aea17ffcccb502068cdb087cff9f6fe45933ec9face99567b2a07aaa826ca849
[root@docker01 ~]# docker ps -al --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aea17ffcccb502068cdb087cff9f6fe45933ec9face99567b2a07aaa826ca849 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabbix_component.sh frontend mysql nginx" 3 seconds ago Up 2 seconds 0.0.0.0:80->80/tcp, 443/tcp zabbix-web-nginx-mysql#验证
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aea17ffcccb5 zabbix/zabbix-web-nginx-mysql:latest "/bin/bash /run_zabb…" 35 seconds ago Up 34 seconds 0.0.0.0:80->80/tcp, 443/tcp zabbix-web-nginx-mysql
e02e95190c45 zabbix/zabbix-server-mysql:latest "/bin/bash /run_zabb…" About a minute ago Up About a minute 162/udp, 0.0.0.0:10051->10051/tcp zabbix-server-mysql
d99f8367f644 zabbix/zabbix-java-gateway:latest "/bin/bash /run_zabb…" 2 minutes ago Up 2 minutes 10052/tcp zabbix-java-gateway
472345bbd3fc mysql:5.7 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 3306/tcp mysql-server