/etc/docker/daemon.json
docker配置文件,默认是没有配置的。手动创建daemon.json文件,并systemctl daemon-reload来加载配置文件使之生效。
grep
grep命令是查找含有指定文本行的意思,grep -v则是反向查找的意思,grep -v REPOSITORY就是查找不含有REPOSITORY字段的行。
过滤空白行
grep -v '^\$' abc.txt
不显示以#开头的行
grep -v '^#' abc.txt
docker导出镜像
docker save nginx > nginx.tar
如果是导出多个镜像,语法如下:
docker save image1 image2 image3 ... > file.tar
切勿使用下面方式
docker save image1 > file.tar
docker save image2 >> file.tar
docker attach
docker attach是进入容器正在执行的终端。
和docker exec的区别
docker exec是进入当前容器之后开启一个新的终端,可以在里面操作,exec之后,container还是live的。
docker attach是进入容器正在执行命令的终端,不能在里面操作,多个窗口可以attach到同一个容器时,同步显示。但是在执行exit命令之后,container就退出了,用docker ps就看不到这个容器了。可以通过在创建容器时添加--restart=always选项保证退出容器自动关闭的问题。
查看容器的ip
# 查看所有容器的ip
docker network inspect bridge
docker inspect -f '{{.Name}} => {{.NetworkSettings.IPAddress }}' $(docker ps -aq)
#查看具体容器的ip
docker inspect containerid
自定义创建image
#创建dockerfile内容如下
#示例一
[root@server1 dockercfg]# cat Dockerfile
#from 指定镜像
from centos
#maintainer维护者信息
MAINTAINER Summer
#run 想在临时容器里执行的操作系统命令
RUN cd /etc/yum.repos.d/
RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
RUN yum install net-tools -y
#CMD 指定镜像创建出来的容器运行什么进程,与后面指定的"[]"内容之间一定要有空格,否则会报错。
CMD ["/bin/bash"]
#示例二
from centos
MAINTAINER Summer
RUN cd /etc/yum.repos.d/
RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
RUN yum install -y nginx
#add file /path/: 把物理机里file拷贝到镜像指定的目录/path.
ADD index.html /usr/share/nginx/html
#expose 指定镜像容器使用的端口
EXPOSE 80
#在容器里nginx作为守护进程运行的话,必须要以nginx -g daemon off这个格式运行。
CMD ["nginx", "-g", "daemon off;"]
#构建新的image
[root@server1 dockercfg]# docker build -t centos:v1 .
其中.表示当前目录,如果构建镜像的文件名不是Dockerfile的话,需要使用-f指定文件名,
[root@server1 dockercfg]# docker build -t nginx:v1 . -f dockerfile1
构建完成之后可以通过docker images查看新生成的镜像。
在自定义创建images的时候,ADD和COPY都可以把当前目录里的文件拷贝到临时容器里。但是ADD和COPY在拷贝压缩文件的时候存在一些区别,ADD把压缩文件拷贝到临时容器里时会自动解压,COPY不带解压功能。
删除images
docker rmi imageid
如果images被container占用的话,需要先删除container然后再删除image
删除container
docker rm containerid
如果是在running的container,必须先stop再删除
显示所有的container id
docker ps -a -q
查看docker-compose是否安装
docker-compose --version
docker-compose version
which docker-compose
以上方式都可以
搭建私有仓库
使用registry
1.docker pull registry
2.创建/修改 /etc/docker/daemon.json
添加以下内容:
{"insecure-registries":["ip:port"]}
用真实的ip和port替换
3.重启docker service
systemctl restart docker
使用docker harbor搭建
1. 安装docker-compose
2. 安装harbor
#下载安装包
wget -c https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz
#解压
[root@localhost data]# tar zxvf harbor-offline-installer-v2.8.2.tgz
harbor/harbor.v2.8.2.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
#切换到harbor目录,导入harbor所需要的镜像
[root@localhost harbor]# docker load -i harbor.v2.8.2.tar.gz
#生成harbor.yml文件
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
#修改harbor.yml
修改hostname为本主机ip
注释https
#https
#port: 443
#certificate: /your/certificate/path
#private_key : /your/private/key/path
#修改harbor_admin_password
#运行./install.sh
[root@localhost harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.3
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.17.2
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-log:v2.8.2
Loaded image: goharbor/harbor-db:v2.8.2
Loaded image: goharbor/registry-photon:v2.8.2
Loaded image: goharbor/harbor-core:v2.8.2
Loaded image: goharbor/harbor-jobservice:v2.8.2
Loaded image: goharbor/harbor-registryctl:v2.8.2
Loaded image: goharbor/notary-signer-photon:v2.8.2
Loaded image: goharbor/trivy-adapter-photon:v2.8.2
Loaded image: goharbor/prepare:v2.8.2
Loaded image: goharbor/harbor-portal:v2.8.2
Loaded image: goharbor/redis-photon:v2.8.2
Loaded image: goharbor/harbor-exporter:v2.8.2
Loaded image: goharbor/nginx-photon:v2.8.2
Loaded image: goharbor/notary-server-photon:v2.8.2
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 1.0s
✔ Container registryctl Started 1.7s
✔ Container harbor-portal Started 1.7s
✔ Container harbor-db Started 1.6s
✔ Container redis Started 1.6s
✔ Container registry Started 1.7s
✔ Container harbor-core Started 2.1s
✔ Container nginx Started 2.8s
✔ Container harbor-jobservice Started 2.8s
✔ ----Harbor has been installed and started successfully.----
以上就是全部安装过程
安装完成之后可以配置Project和user
#登录私有仓库,在登录之前需要更新/etc/docker/daemon.json文件内容。
root@server2:/etc/docker# docker login harboripaddress
Username: summer
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
在root的当前用户目录下会生成一个隐藏文件夹.docker
root@server2:/etc/docker# ls .docker/
ls: cannot access '.docker/': No such file or directory
root@server2:/etc/docker# cd ~
root@server2:~# ls .docker/
config.json
#测试镜像推送
root@server2:~# docker tag postgres:11.17-alpine harboripaddress/cka/postgres:v11
此处添加tag一定要保证harboripaddress/cka对应的是真实的harbor的地址和project名字,否则会报错
*denied: requested access to the resource is denied
unauthorized: authentication required*
root@ts-cnter02:~# docker login harboripaddress
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@server2:~# docker push harboripaddress/cka/postgres:v11
The push refers to repository [harboripaddress/cka/postgres]
cd73e7fca6d7: Pushed
b0414e2eee45: Pushed
18a73cfca57d: Pushed
54e45deeab1d: Pushed
2c6aae2fb0b9: Pushed
1191ff787554: Pushed
c107d84c5ee5: Pushed
994393dc58e7: Pushed
v11: digest: sha256:631b874fd499f66ff44a33c1704ede91a8b3a75ee998cfeaba57318be58bcc56 size: 1985
报错处理
在push image的时候遇到下面报错,一定要检查image确保路径是harbor的真实路径。
docker tag <要push的镜像> <传到dockerhub上的路径>
errors:
denied: requested access to the resource is denied
unauthorized: authentication required
