Docker 架构
Docker 包括三个基本概念:
- 镜像(Image):Docker 镜像(Image),就相当于是一个 root 文件系统。比如官方镜像 ubuntu:16.04 就包含了完整的一套 Ubuntu16.04 最小系统的 root 文件系统。
- 容器(Container):镜像(Image)和容器(Container)的关系,就像是面向对象程序设计中的类和实例一样,镜像是静态的定义,容器是镜像运行时的实体。容器可以被创建、启动、停止、删除、暂停等。
- 仓库(Repository):仓库可看成一个代码控制中心,用来保存镜像。
安装
卸载旧版本
$ sudo yum remove docker*
设置仓库
$ sudo yum install -y yum-utils
配置国内源
$ sudo yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker
Docker 安装完默认未启动。并且已经创建好 docker 用户组,但该用户组下没有用户。
$ sudo yum install -y docker-ce docker-ce-cli containerd.io
启动
开机启动且立即启动
$ sudo systemctl enable docker --now
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker info
Client: Docker Engine - Community
Version: 26.1.2
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.14.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.27.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 26.1.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e377cd56a71523140ca6ae87e30244719194a521
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
seccomp
Profile: builtin
Kernel Version: 3.10.0-1160.114.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.794GiB
Name: iZ2ze5r95mlp6nxsm5ak6lZ
ID: 852d0fa7-5f8c-4484-b17a-b76ca6941565
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
镜像加速
阿里云镜像获取地址:cr.console.aliyun.com/cn-hangzhou…
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://44w8oqlc.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
命令
镜像操作
images
列出本地主机上的镜像
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d2c94e258dcb 12 months ago 13.3kB
nginx latest 605c77e624dd 2 years ago 141MB
redis latest 7614ae9453d1 2 years ago 113MB
search
查找镜像
$ sudo docker search nginx
pull
拉取镜像(默认下载最新版,想指定版本,去tag查找)
$ sudo docker pull nginx
rmi
删除镜像(后面可以加镜像名称,也可以加IMAGE ID)
$ docker rmi 7614ae9453d1
Untagged: redis:latest
Untagged: redis@sha256:db485f2e245b5b3329fdc7eff4eb00f913e09d8feb9ca720788059fdc2ed8339
Deleted: sha256:7614ae9453d1d87e740a2056257a6de7135c84037c367e1fffa92ae922784631
Deleted: sha256:49c70179bc923a7d48583d58e2b6c21bde1787edf42ed1f8de9e9b96e2e88e65
Deleted: sha256:396e06df5d1120368a7a8a4fd1e5467cdc2dd4083660890df078c654596ddc1c
Deleted: sha256:434d118df2e9edb51238f6ba46e9efdfa21be68e88f54787531aa39a720a0740
Deleted: sha256:2047f09c412ff06f4e2ee8a25d105055e714d99000711e27a55072e640796294
Deleted: sha256:13d71c9ccb39b206211dd1900d06aa1984b0f5ab8abaa628c70b3eb733303a65
commit
提交改变
- -a:作者
- -m: 备注
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker commit -a "yhq" -m "修改yhq" yhqnginx-port yhq-nginx:v0.1
sha256:7e8d1ab3cf835af5634e0c74d8a5d5b08a9f3ffdad9b8d2616a61ff6bdea700e
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
yhq-nginx v0.1 7e8d1ab3cf83 4 seconds ago 141MB
hello-world latest d2c94e258dcb 12 months ago 13.3kB
nginx latest 605c77e624dd 2 years ago 141MB
save
将镜像生成一个本地文件
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
yhq-nginx v0.1 7e8d1ab3cf83 15 minutes ago 141MB
hello-world latest d2c94e258dcb 12 months ago 13.3kB
nginx latest 605c77e624dd 2 years ago 141MB
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker save -o yhq-nginx.tar 7e8d1ab3cf83
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# ll
总用量 142504
-rw------- 1 root root 145924096 5月 14 00:03 yhq-nginx.tar
load
加载文件形式的镜像
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker load -i yhq-nginx.tar
tag
创建一个标记
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
yhq-nginx v0.1 7e8d1ab3cf83 41 minutes ago 141MB
hello-world latest d2c94e258dcb 12 months ago 13.3kB
nginx latest 605c77e624dd 2 years ago 141MB
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker tag 7e8d1ab3cf83 hongquanyang/yhq-nginx:v0.1
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hongquanyang/yhq-nginx v0.1 7e8d1ab3cf83 51 minutes ago 141MB
yhq-nginx v0.1 7e8d1ab3cf83 51 minutes ago 141MB
hello-world latest d2c94e258dcb 12 months ago 13.3kB
nginx latest 605c77e624dd 2 years ago 141MB
push
将镜像推送到远程仓库(需要先登录,使用login命令,推送完使用logout退出)
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker push hongquanyang/yhq-nginx:v0.1
容器操作
run
启动容器
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
docker run 设置项 镜像名 镜像启动运行命令(镜像默认有)
-
--name:为容器指定名称
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker run --name=yhqnginx nginx /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2024/05/13 14:56:38 [notice] 1#1: using the "epoll" event method 2024/05/13 14:56:38 [notice] 1#1: nginx/1.21.5 2024/05/13 14:56:38 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 2024/05/13 14:56:38 [notice] 1#1: OS: Linux 3.10.0-1160.114.2.el7.x86_64 2024/05/13 14:56:38 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576 2024/05/13 14:56:38 [notice] 1#1: start worker processes 2024/05/13 14:56:38 [notice] 1#1: start worker process 31 -
-d:后台运行(守护进程)
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker run --name=yhqnginx -d nginx 536bca38644733f2fb07d40045409adee37857526abcdddb9daece11640b72c6 [root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 536bca386447 nginx "/docker-entrypoint.…" 2 seconds ago Up 1 second 80/tcp yhqnginx 5eed93f03479 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago cool_tharp -
--restart:跟随系统开机自启
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker run --name=yhqnginx-restart -d --restart=always nginx 6b398f935d67a06a157c83f954353ed562a35fbcf595777e9a2b10a1d78704e7 -
-p:端口映射(开启安全组)
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker run --name=yhqnginx-port -d --restart=always -p 88:80 nginx c098b9fde52d87ca4aefdd43885f164f23aea6b9510a8e8d50a21d0217d613f5 [root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c098b9fde52d nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 0.0.0.0:88->80/tcp, :::88->80/tcp yhqnginx-port -
-v:挂载目录(挂载主机目录到容器)
将主机目录挂载到容器目录,
:ro代表的只读,wo代表读写。[root@iZ2ze5r95mlp6nxsm5ak6lZ data]# docker run --name=mount-nginx -d --restart=always -p 88:80 -v /data/html:/usr/share/nginx/html:ro nginx cc33019daa6fdae78a0c04e7dc79124233130a767926d418a5398d262f7bde97
ps
查看正在运行的容器
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d990c87df313 nginx "/docker-entrypoint.…" 42 seconds ago Up 41 seconds 80/tcp yhqnginx
查看所有容器(默认查看正在运行的容器)
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d990c87df313 nginx "/docker-entrypoint.…" 2 minutes ago Exited (0) 12 seconds ago yhqnginx
5eed93f03479 hello-world "/hello" 3 hours ago Exited (0) 3 hours ago cool_tharp
rm
删除容器
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d990c87df313 nginx "/docker-entrypoint.…" 2 minutes ago Exited (0) 12 seconds ago yhqnginx
5eed93f03479 hello-world "/hello" 3 hours ago Exited (0) 3 hours ago cool_tharp
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker rm yhqnginx
yhqnginx
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5eed93f03479 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago cool_tharp
删除正在运行的容器
$ docker rm -f yhqnginx
stop
停止容器
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
536bca386447 nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp yhqnginx
5eed93f03479 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago cool_tharp
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker stop 536bca386447
536bca386447
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
536bca386447 nginx "/docker-entrypoint.…" About a minute ago Exited (0) 2 seconds ago yhqnginx
5eed93f03479 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago cool_tharp
start
启动容器
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
536bca386447 nginx "/docker-entrypoint.…" About a minute ago Exited (0) 2 seconds ago yhqnginx
5eed93f03479 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago cool_tharp
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker start 536bca386447
536bca386447
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
536bca386447 nginx "/docker-entrypoint.…" 3 minutes ago Up 1 second 80/tcp yhqnginx
5eed93f03479 hello-world "/hello" 4 hours ago Exited (0) 4 hours ago cool_tharp
update
更改容器项,不能修改端口映射
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker update yhqnginx --restart=always
yhqnginx
exec
进入容器(-it:交互模式)
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c098b9fde52d nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 0.0.0.0:88->80/tcp, :::88->80/tcp yhqnginx-port
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]# docker exec -it c098b9fde52d /bin/bash
root@c098b9fde52d:/#
修改内容
这里以
nginx静态页为例
root@c098b9fde52d:/# cd /usr/share/nginx/html
root@c098b9fde52d:/usr/share/nginx/html# ls
50x.html index.html
root@c098b9fde52d:/usr/share/nginx/html# echo "<h1>yhq</h1>" > index.html
root@c098b9fde52d:/usr/share/nginx/html# cat index.html
<h1>yhq</h1>
exit:退出
root@c098b9fde52d:/usr/share/nginx/html# exit
exit
[root@iZ2ze5r95mlp6nxsm5ak6lZ ~]#
logs
查看运行日志
[root@iZ2ze5r95mlp6nxsm5ak6lZ data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc33019daa6f nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 0.0.0.0:88->80/tcp, :::88->80/tcp mount-nginx
[root@iZ2ze5r95mlp6nxsm5ak6lZ data]# docker logs cc33019daa6f
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/05/14 01:31:18 [notice] 1#1: using the "epoll" event method
2024/05/14 01:31:18 [notice] 1#1: nginx/1.21.5
2024/05/14 01:31:18 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2024/05/14 01:31:18 [notice] 1#1: OS: Linux 3.10.0-1160.114.2.el7.x86_64
2024/05/14 01:31:18 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/05/14 01:31:18 [notice] 1#1: start worker processes
2024/05/14 01:31:18 [notice] 1#1: start worker process 31
123.112.18.54 - - [14/May/2024:01:31:21 +0000] "GET / HTTP/1.1" 200 24 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-"
123.112.18.54 - - [14/May/2024:01:31:22 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-"
123.112.18.54 - - [14/May/2024:01:32:03 +0000] "GET / HTTP/1.1" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-"
2024/05/14 01:36:20 [error] 31#31: *3 open() "/usr/share/nginx/html/yhq" failed (2: No such file or directory), client: 123.112.18.54, server: localhost, request: "GET /yhq HTTP/1.1", host: "8.146.211.61:88"
123.112.18.54 - - [14/May/2024:01:36:20 +0000] "GET /yhq HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-"
2024/05/14 01:36:36 [error] 31#31: *5 open() "/usr/share/nginx/html/yhq" failed (2: No such file or directory), client: 123.6.49.10, server: localhost, request: "GET /yhq HTTP/1.1", host: "8.146.211.61:88"
123.6.49.10 - - [14/May/2024:01:36:36 +0000] "GET /yhq HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Linux; Android 8.0; Pixel 2 Build/OPD3.170816.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36" "-"
2024/05/14 01:36:36 [error] 31#31: *5 open() "/usr/share/nginx/html/yhq" failed (2: No such file or directory), client: 123.6.49.10, server: localhost, request: "GET /yhq HTTP/1.1", host: "8.146.211.61:88", referrer: "http://baidu.com/"
123.6.49.10 - - [14/May/2024:01:36:36 +0000] "GET /yhq HTTP/1.1" 404 555 "http://baidu.com/" "Mozilla/5.0 (Linux; Android 8.0; Pixel 2 Build/OPD3.170816.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36" "-"
cp
将容器中的文件复制到主机,也可以将主机文件复制到容器
[root@iZ2ze5r95mlp6nxsm5ak6lZ data]# docker cp cc33019daa6f:/etc/nginx/nginx.conf /data/conf
Successfully copied 2.56kB to /data/conf
[root@iZ2ze5r95mlp6nxsm5ak6lZ data]# docker cp /data/conf cc33019daa6f:/etc/nginx/nginx.conf
Successfully copied 2.56kB to /data/conf
Dockerfile
Dockerfile 是一个用来构建镜像的文本文件,文本内容包含了一条条构建镜像所需的指令和说明。
-
每条保留字指令都
必须大写且后面要跟一个参数 -
指令按照从上至下,顺序执行
-
#表示注释 -
每条指令都会创建一个新的镜像层并对镜像进行提交
保留字
FROM
基础镜像,当前镜像是基于哪个镜像的,指定一个已存在的镜像作为模板。
MAINTAINER
镜像维护者的姓名和邮箱
RUN
容器构建时需要运行的命令,RUN是在docker build 时运行。
EXPOSE
容器对外的端口
WORKDIR
指定在创建容器后,终端默认进入的工作目录。
USER
指定镜像运行的用户,默认root。
ENV
用来在构建镜像过程中设置环境变量
VOLUME
容器数据卷,用于数据保存和持久化工作
ADD
将主机下的文件拷贝进镜像且会自动处理URL和解压tar包。
COPY
将主机下的文件拷贝进镜像
CMD
指定容器启动后要做的事情
Dockerfile可以有多个CMD命令,但只有最后一个生效,CMD会被docker run之后的参数替换。
ENTRYPOINT
也是用来指定容器时要运行的命令,类似于CMD,但是ENTRYPOINT不会被docker run后面的命令覆盖,而且会被当做参数传给ENTPYPOINT。
