1、docker简介
docker通过内核虚拟化技术(namespace及cgroups等)来提供容器的资源隔离与安全保障等,由于docker通过操作系统层的虚拟化实现隔离,所以docker容器在运行时,不需要类似虚拟机额外的操作系统开销,提供资源利用率
2、docker vs kvm
3、docker vs vms
4、docker三大组件
镜像(image)、容器(container)、仓库(repository)
一、docker安装
[root@docker ~]#tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
[root@docker ~]# yum install docker-engine -y
二、比较常用命令参数
查看Docker的版本信息
docker version
在Docker Hub上搜索一个指定镜像
docker search
在Docker Hub上搜索一个指定镜像并至少有10颗星
docker search -s 10 ubuntu
从一个Docker的注册服务器上拉取一个镜像或一个私有仓库
docker pull ubuntu
查看镜像列表
docker images
在一个新的容器中运行一个命令
docker run
移除一个或多个镜像
docker rmi
移除一个或多个容器
docker rm
附着一个运行的容器
docker attach
运行一个命令在一个运行的容器中
docker exec
从一个Dockerfile文件中构建一个镜像
docker build
查看镜像构建历史
docker history
查看容器更为详细的配置信息
docker inspect
保存一个镜像对归档tar中
docker save
从一个归档tar中加载一个镜像
docker load
启动、停止、重启一个运行的容器
docker start| stop| restart
杀掉一个正在运行的容器
docker kill
进入容器命令:
docker attach:登陆到运行的容器中
docker exec:在宿主机上运行命令到容器内部,类似在打开一个容器的终端
docker nsenter:连接到容器,需要容器PID
三、docker基础操作
[root@docker ~]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker ~]# systemctl start docker.service
[root@docker ~]#
[root@docker ~]# docker pull centos #拉取镜像
[root@docker ~]# docker pull daocloud.io/library/nginx
有时候拉取速度很慢,采用国内源加速
root@docker ~]# vim /usr/lib/systemd/system/docker.service 增加下面这行
EnvironmentFile=/etc/sysconfig/docker
新建配置文件[root@docker ~]# vim /etc/sysconfig/docker
在https://dashboard.daocloud.io/ 注册,然后点击加速器生成加速链接
OPTIONS=--registry-mirror=curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s
[root@docker ~]# docker search nginx #搜索镜像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 0584b3d2cf6d 2 weeks ago 196.5 MB
导出镜像
[root@docker ~]# docker save -o nginx.tar daocloud.io/library/nginx
[root@docker ~]# docker save -o cnetos.tar centos
导入镜像
[root@docker ~]# docker load --input cnetos.tar 或者 [root@docker ~]# docker load < cnetos.tar
删除镜像
[root@docker ~]# docker rmi 0584b3d2cf6d (镜像ID)
[root@docker ~]# docker run centos /bin/echo "Hello world"
Hello world
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e381e68a385 centos "/bin/echo 'Hello wor" 6 seconds ago Exited (0) 5 seconds ago clever_lamarr
[root@docker ~]# docker run --name mydocker -t -i centos /bin/bash
[root@1a67f4c92b6e /]#
[root@1a67f4c92b6e /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 18:56 ? 00:00:00 /bin/bash
root 14 1 0 18:56 ? 00:00:00 ps -ef
[root@1a67f4c92b6e /]# exit
exit
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1a67f4c92b6e centos "/bin/bash" 12 minutes ago Exited (0) 6 seconds ago mydocker
5e381e68a385 centos "/bin/echo 'Hello wor" 16 minutes ago Exited (0) 16 minutes ago clever_lamarr
[root@docker ~]# docker run --name docker-demo -d centos /bin/bash -d代表放入后台执行
6c5a777467b9552714f9cd3322e677750e2b8b5b0bd2d81e79094ad560828a5e
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6c5a777467b9 centos "/bin/bash" 11 seconds ago Exited (0) 11 seconds ago docker-demo
1a67f4c92b6e centos "/bin/bash" 17 minutes ago Exited (0) 4 minutes ago mydocker
5e381e68a385 centos "/bin/echo 'Hello wor" 21 minutes ago Exited (0) 21 minutes ago clever_lamarr
[root@docker ~]# docker stop mydocker 停止容器
[root@docker ~]# docker start 1a67f4c92b6e 启动容器
[root@docker ~]# docker run -d --name mynginx daocloud.io/library/nginx
225a9b0459630c62dcf2199d6244b16a74ad9412471abf0be03755768df3ae63
[root@docker ~]#
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
225a9b045963 daocloud.io/library/nginx "nginx -g 'daemon off" 6 seconds ago
Up 5 seconds 80/tcp, 443/tcp mynginx
进入容器脚步
[root@docker ~]# cat docker_in.sh
#!/bin/bash
docker_in(){
NAME_ID=$1
PID=$(docker inspect --format "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1
四、docker网络
root@docker ~]# docker run -d -P --name nginx-test1 daocloud.io/library/nginx
9b1d36d40127fe2c84bbe7750802e435a817a15b4159b24fc49bfb1107a2cb74
[root@docker ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9b1d36d40127 daocloud.io/library/nginx "nginx -g 'daemon off" 2 minutes ago Up 2 minutes 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp nginx-test1
[root@docker ~]# netstat -lntup|grep 32768
tcp6 0 0 :::32768 :::* LISTEN 11213/docker-proxy
[root@docker ~]# curl -I http://172.16.80.132:32769
HTTP/1.1 200 OK
Server: nginx/1.11.5
Date: Thu, 24 Nov 2016 05:58:47 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 11 Oct 2016 15:03:01 GMT
Connection: keep-alive
ETag: "57fcff25-264"
Accept-Ranges: bytes
转换前
[root@docker ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
转换后
[root@docker ~]# docker run -d -P --name nginx-test1 daocloud.io/library/nginx
42783cf5053639383004f82b9e72fe0223c7c028d2754b2d0f74429824715f05
[root@docker ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42783cf50536 daocloud.io/library/nginx "nginx -g 'daemon off" 9 seconds ago Up 7 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp nginx-test1
[root@docker ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:80
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
[root@docker ~]# sh docker_in.sh nginx-test1
root@42783cf50536:/#
root@42783cf50536:/#
root@42783cf50536:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
五、docker数据存储
[root@docker ~]# docker run -d --name nginx-volume-test1 -v /data daocloud.io/library/nginx
88b24d79a4f3b021325592ceac20e86291166d675b213d60db017548c4d9d960
[root@docker ~]# sh docker_in.sh nginx-volume-test1
root@88b24d79a4f3:/# cd /data/
root@88b24d79a4f3:/data# ls
root@88b24d79a4f3:/data# touch hehe
root@88b24d79a4f3:/data# ls -l
total 0
-rw-r--r-- 1 root root 0 Nov 24 06:30 hehe
[root@docker ~]# cd /var/lib/docker/
[root@docker docker]# ll
total 32
drwx------ 6 root root 4096 Nov 24 14:28 containers
drwx------ 5 root root 4096 Nov 24 02:05 devicemapper
drwx------ 3 root root 4096 Nov 24 01:20 image
drwxr-x--- 3 root root 4096 Nov 24 01:20 network
drwx------ 2 root root 4096 Nov 24 01:20 swarm
drwx------ 2 root root 4096 Nov 24 10:09 tmp
drwx------ 2 root root 4096 Nov 24 01:20 trust
drwx------ 3 root root 4096 Nov 24 14:28 volumes
[root@docker docker]# cd volumes/
[root@docker volumes]# ls
4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60 metadata.db
[root@docker volumes]# cd 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60/
[root@docker 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# ls
_data
[root@docker 4c60775f938a840e5484aee9088bc612977c25a01f5bd164690d94c962e66e60]# cd _data/ 容器内的文件实际在物理机上面的的保存目录
[root@docker _data]# ls
hehe
[root@docker ~]# docker run -d --name nginx-volume-test2 -v /data/mysql:/mysql daocloud.io/library/nginx
f7278ce9bd88c26a0c5aaefcb2b39f1f9df0066bc94edb7a530213815e166f5e
#-v /data/mysql:/mysql 表示把物理机的/data/mysql目录挂载到容器内的/mysql目录下面
[root@docker ~]# docker run -d --name nginx-volumes -v /data/mysql:/mysql daocloud.io/library/nginx
28c616e44352fc4eafeb2f87dbbb7b6eb9df447235afe027034efa96df1c5071
[root@docker ~]#
[root@docker ~]# docker run -d --name web-node1 --volumes-from nginx-volumes daocloud.io/library/nginx
0f022ce56e8b800cb1a4ac76bb8a326d42e198093146e8661ad3ac8925ad317d
[root@docker ~]#
[root@docker ~]# docker run -d --name web-node2 --volumes-from nginx-volumes daocloud.io/library/nginx
03d5e88c15f6604eeee2b8af500b8f356ba69adc34710f3c19b813530f19dc3d
六、基于Dockerfile来创建mysql镜像
1)创建Dockerfile文件
[root@localhost ~]# mkdir mysql_ubuntu
[root@localhost ~]# cd mysql_ubuntu/
[root@localhost mysql_ubuntu]# cat Dockerfile
FROM ubuntu:14.04
RUN apt-get update
RUN apt-get -y install mysql-client mysql-server
RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
ADD ./startup.sh /opt/startup.sh
EXPOSE 3306
CMD ["/bin/bash", "/opt/startup.sh"]
2)创建mysql服务启动脚本文件
[root@localhost mysql_ubuntu]# cat startup.sh
#!/bin/bash
if [ ! -f /var/lib/mysql/ibdata1 ]; then
mysql_install_db
/usr/bin/mysqld_safe &
sleep 10s
echo "GRANT ALL ON *.* TO admin@'%' IDENTIFIED BY 'changeme' WITH GRANT OPTION; FLUSH PRIVILEGES" | mysql
killall mysqld
sleep 10s
fi
/usr/bin/mysqld_safe
3)构建mysql镜像
docker build -t centos/mysql .
4)查看镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos/mysql latest f58add96ecb7 About a minute ago 338.9 MB
5)基于新镜像创建mysql容器
[root@localhost ~]# mkdir /data/mysql -p
[root@localhost ~]# docker run -d -p 3306:3306 -v /data/mysql:/var/lib/mysql centos/mysql
0112ba90e4a30a13e4f3af26f4a5bcd73e91ae3afa881a36fadd34cd953d0ada
[root@localhost ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112ba90e4a3 centos/mysql:latest "/bin/bash /opt/star 4 seconds ago Up 3 seconds 0.0.0.0:3306->3306/tcp reverent_hawking
[root@localhost ~]# ll /data/mysql/
total 28680
-rw-rw----. 1 103 106 18874368 Apr 25 17:46 ibdata1
-rw-rw----. 1 103 106 5242880 Apr 25 19:09 ib_logfile0
-rw-rw----. 1 103 106 5242880 Apr 25 17:45 ib_logfile1
drwx------. 2 103 root 4096 Apr 25 17:45 mysql
drwx------. 2 103 106 4096 Apr 25 17:45 performance_schema
6)测试mysql容器
[root@localhost ~]# mysql -uadmin -p123456 -h192.168.0.104 -P 3306 -e 'show databases'
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
或者提供一个登陆mysql客户端脚本
run-client.sh
#!/bin/sh
TAG="mysql"
CONTAINER_ID=$(docker ps | grep $TAG | awk '{print $1}')
IP=$(docker inspect $CONTAINER_ID | python -c 'import json,sys;obj=json.load(sys.stdin);print obj[0]["NetworkSettings"]["IPAddress"]')
mysql -u admin -p -h $IP
用dockerfile文件构建docker镜像灵活简便,推荐多多运用。
