docker

原创已于 2024-05-23 16:12:59 修改 · 1.1k 阅读

19 ·

CC 4.0 BY-SA版权

文章标签：

#docker #容器 #运维

于 2024-01-08 21:50:06 首次发布

本文围绕Docker展开，介绍了其安装步骤，包括特定版本安装，还提及国内访问仓库失败、配置镜像加速后启动失败等安装常见问题的解决办法。详细阐述了Docker的命令使用，如查看日志、镜像操作、容器管理等，还涉及在Windows上使用、构建Nginx服务器等内容。

docker install

sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo (if you can't connect to https://download.docker.com, please use next step.)
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo yum install -y containerd.io-1.2.13 docker-ce-19.03.11 docker-ce-cli-19.03.11 (install specific version)
sudo systemctl start docker
sudo systemctl enable docker 开机启动
sudo docker version
mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml (generate default configuration file)

install FAQ

国内访问docker仓库失败，需配置阿里云加速

docker: Error response from daemon: Head "https://registry-1.docker.io/v2/library/hello-world/manifests/latest": read tcp 192.168.1.105:59804->3.216.34.172:443: read: connection reset by peer.

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://8xxvcaud.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

解决配置镜像加速后docker起不来：配置文件是一个json格式的文件，在json文件中对齐的时候不能存在空格，直接拷贝整个tee命令执行

run docker command without sudo:

sudo usermod -a -G docker USERNAME && newgrp docker

when install docker it will add a new group "docker"

docker CMD

查看log：

docker logs -n 100 -t containerid
docker logs -ft containerid
docker logs -ft containerid --since 30m 查看最近30分钟的日志
docker logs -ft -since 0m containerid 2>&1 | tee ~/test.log 记录当前时间以后的日志，并进行屏显

docker image

sudo docker pull imagename[:tag]
sudo docker images
sudo docker commit containerid imagename[:tag]
sudo docker rmi imagename
sudo docker inspect imageid/containerid
docker login repourl -u username -p passwd

credential will be recorded in $HOME/.docker/config.json

docker push reponame[:tag]
docker load -i tarfile : manually load images from a export tar
docker save -o tarfile images
docker run

-it
-d
-p
-P
-v
-e

docker container

sudo docker start containerid
sudo docker attach containerid
sudo docker stop containerid
sudo docker rm containerid
sudo docker ps -a
sudo docker exec containerid cmd
sudo docker ceate --name containername image:基于image创建container，container状态是create
sudo docker run -it --entrypoint cmdname --name containername image cmdargs:覆盖entrypoint
sudo docker run -it --name containername image cmd args:覆盖cmd

docker run

-e a=b:添加环境变量
--user username:以什么用户运行
-it
-v: 磁盘挂载
-w:工作目录
--rm:运行结束删除container
--network=host：运行的网络docker network

docker network create --driver bridge --gateway 192.168.0.1 --subnet 192.168.0.0/24 test_net
docker network ls
docker inspect networkid
bridge/host(it will share network with host)

docker windows

docker pull mcr.microsoft.com/windows:ltsc2019

docker build

GIT_AUTH_TOKEN=<token> docker buildx build \
--secret id=GIT_AUTH_TOKEN \
https://github.com/user/private.git

docker build --file test.Dockerfile - < foo.tar.gz

docker build --build-arg a=b --secret id=a,env=b

docker file

# syntax=
FROM：指定images，在FROM指令后前面的ARG会失效，需要重新获取
USER：切换用户
RUN
ARG:
ENV:image中设置环境变量

docker swarm

docker swarm init --advertise-addr 192.168.73.141
docker swarm leave --force
docker swarm join-token worker
docker node ls
docker swarm leave
docker node rm

[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-3krq7qkuscnh5o91q1w4r1ps041ipatc8ne4y2qgqbu7o6qy44-a862je8dng2vxnuuc5q7jg3gt 192.168.73.255:2377
Error response from daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 192.168.73.255:2377: connect: network is unreachable"
[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-1awgiow7j7dvs8651chiiiqdn6pxs6ui085hcc018zh5baahpf-d5dgh42kcw4xziy8k60j7q6ij 192.168.73.141:2377
Error response from daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 192.168.73.141:2377: connect: no route to host"
[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-1awgiow7j7dvs8651chiiiqdn6pxs6ui085hcc018zh5baahpf-d5dgh42kcw4xziy8k60j7q6ij 192.168.73.141:2377
Error response from daemon: remote CA does not match fingerprint. Expected: 3445a1a11bac390f8d09bd7f31149c5d3c3a1ae6b7f712ebf3feca93ba3d5e23
[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-1h0378e5d715ufrsp8xcr82rpfh3t02yb5pux0lhxsrffp374j-5rxjx15oeud4cg0hx91a78k8g 192.168.73.141:2377

[root@localhost ~]# docker swarm join --token SWMTKN-1-5q8e2tevh5lmio5rp06t07houh1c754rtwnrm9vao11i39cff0-7w3icgk110pifhun9xxhie4su 192.168.73.141:2377
Error response from daemon: manager stopped: can't initialize raft node: rpc error: code = Unknown desc = could not connect to prospective new cluster member using its advertised address: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 192.168.73.143:2377: connect: no route to host"

[pdguser@localhost ~]$ docker node ls
Error response from daemon: rpc error: code = Unknown desc = The swarm does not have a leader. It's possible that too few managers are online. Make sure more than half of the managers are online.

[pdguser@localhost ~]$ docker swarm leave
Error response from daemon: You are attempting to leave the swarm on a node that is participating as a manager. The only way to restore a swarm that has lost consensus is to reinitialize it with `--force-new-cluster`. Use `--force` to suppress this message.

docker node  rm

FAQ : need to add port 2377 in white list

[root@localhost ~]# firewall-cmd --zone=public --add-port=2377/tcp --permanent
success
[root@localhost ~]# firewall-cmd --query-port=2377/tcp
no
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --query-port=2377/tcp

docker build nginx server

setup mount folder

mkdir -p /home/nginx/conf
mkdir -p /home/nginx/log
mkdir -p /home/nginx/html

run latest images

docker run --name nginx -p 9001:80 -d nginx

copy configuration files

docker cp nginx:/etc/nginx/nginx.conf /home/nginx/conf/nginx.conf
docker cp nginx:/etc/nginx/conf.d /home/nginx/conf/conf.d
docker cp nginx:/usr/share/nginx/html /home/nginx/html

change configuration files, make it work as a file server

/home/nginx/conf/nginx.conf

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;


    # 显示目录
    autoindex on;
    # 显示文件大小
    autoindex_exact_size on;
    # 显示文件时间
    autoindex_localtime on;
    server {
                listen 80;
                server_name localhost;
                # 本地文件路径
                root  /usr/share/nginx/data/repo;
    }
}

run a nginx container with exist configuration files

docker run \
-p 9002:80 \
--name nginx \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /home/nginx/log:/var/log/nginx \
-v /home/nginx/html:/usr/share/nginx/html \
-v /home/nginx/repo:/usr/share/nginx/data/repo \
-d nginx:latest