本文介绍了Docker的基础知识,包括OCI和OCF标准、docker架构、镜像与镜像仓库、核心对象(镜像和容器)以及Docker在CentOS8上的安装、配置加速器和常用操作。通过学习,读者可以掌握Docker的基本用法。
OCI&OCF
-
OCI
OCI(Open Container Initiative)Linux基金会于2015年6月成立组织,旨在围绕容器格式和运行时制定一个开放的工业化标准,包括容器运行时的规范和镜像文件的规范。 -
OCF
OCF (Open Container Format)容器的开放标准。
runC 是一个 CLI 工具,根据 OCI 规范,生成和运行容器、
容器作为 runC 的子进程启动,可以嵌入到各种其他系统中,而无需运行守护进程
runC 建立在 libcontainer 之上,同样的容器技术支持数百万个 Docker 引擎安装
docker架构
客户端(client)执行命令 到docker 主机,docker daemon服务收到指令后会去本地找到相应镜像文件 启动容器,如果在本地仓库没有找到,docker daemon会去registry找所需要的镜像,拉取镜像并启动服务。所以此服务一般设置为开机自启。
·
docker镜像与镜像仓库
镜像不仅种类繁多,而且同一种镜像也会有很多版本,而registry就像一个码头,存储各种种类和各种版本的镜像文件。
镜像是静态的只读的,而容器是动态的(可写层),容器有其生命周期,镜像与容器的关系类似于程序与进程的关系。镜像类似于文件系统中的程序文件,而容器则类似于将一个程序运行起来的状态,也即进程。所以容器是可以删除的,容器被删除后其镜像是不会被删除的。
docker对象
当你使用 docker 时,你就是在创建和使用镜像、容器、网络、卷、插件和其他对象。
镜像
①镜像是一个只读模板,其中包含创建 docker 容器的说明。
②通常一个镜像基于另一个镜像产生,有一些额外的定制操作。
③你可以创建自己的镜像,也可以使用其他人创建的镜像(发布在registry)。
容器
①容器是镜像的可运行实例。
②可以使用 docker API 或 CLI 创建、运行、停止、移动或删除容器。
③可以将容器连接到一个或多个网络,保存起来,甚至可以基于当前状态创建新镜像。
docker的安装及使用
- 环境说明
centos8 系统 国内阿里云镜像仓库
docker安装
[root@rookie ~]# cd /etc/yum.repos.d/
[root@rookie yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@rookie yum.repos.d]# ls
CentOS-Base.repo epel-modular.repo epel-testing-modular.repo
docker-ce.repo epel.repo epel-testing.repo
[root@rookie yum.repos.d]#cd
[root@rookie ~]# dnf -y install docker-ce
已安装:
checkpolicy-2.9-1.el8.x86_64
container-selinux-2:2.167.0-1.module_el8.5.0+911+f19012f9.noarch
containerd.io-1.5.11-3.1.el8.x86_64
docker-ce-3:20.10.14-3.el8.x86_64
docker-ce-cli-1:20.10.14-3.el8.x86_64
docker-ce-rootless-extras-20.10.14-3.el8.x86_64
docker-scan-plugin-0.17.0-3.el8.x86_64
fuse-overlayfs-1.7.1-1.module_el8.5.0+890+6b136101.x86_64
fuse3-3.2.1-12.el8.x86_64
fuse3-libs-3.2.1-12.el8.x86_64
libcgroup-0.41-19.el8.x86_64
libslirp-4.4.0-1.module_el8.5.0+890+6b136101.x86_64
policycoreutils-python-utils-2.9-16.el8.noarch
python3-audit-3.0-0.17.20191104git1c2f876.el8.x86_64
python3-libsemanage-2.9-6.el8.x86_64
python3-policycoreutils-2.9-16.el8.noarch
python3-setools-4.3.0-2.el8.x86_64
slirp4netns-1.1.8-1.module_el8.5.0+890+6b136101.x86_64
完毕!
docker加速
配置加速器,以便快速拉取镜像,docker-ce的配置文件是/etc/docker/daemon.json,此文件默认不存在,需要我们手动创建并进行配置,而docker的加速就是通过配置此文件来实现的。
docker的加速有多种方式:
- docker cn
- 中国科技大学加速器
- 阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
[root@rookie ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@rookie ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: dis>
Active: active (running) since Sun 2022-04-24 18:54:43 CST; 15s ago
[root@rookie docker]# cat > /etc/docker/daemon.json <<EOF
> {
> "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
> }
> EOF
[root@rookie docker]# systemctl daemon-reload
[root@rookie docker]# systemctl restart docker
[root@rookie docker]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.14
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc version: v1.0.3-0-gf46b6ba
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-365.el8.x86_64
Operating System: CentOS Stream 8
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.744GiB
Name: rookie
ID: V2CS:3UYE:J7RL:WM3O:XMP2:5XP4:CLYK:UNXO:OVJF:CV3W:KSJ2:4QDX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://docker.mirrors.ustc.edu.cn/ //看到这里说明加速器配置成功
Live Restore Enabled: false
docker常用操作
| 命令 | 功能 |
|---|---|
| dockersearch | Search the Docker Hub for images |
| docker pull | Pull an image or a repository from a registry |
| docker images | List images |
| docker create | Create a new conntainer |
| docker start | Start one or more stopped containers |
| docker run | Run a command in a new container |
| docker attach | Attach to a runninng container |
| docker ps | List containers |
| docker logs | Fetch the logs of a container |
| docker restart | Restart a container |
| docker stop | Stop one or more running containers |
| docker kill | Kill one or more running containers |
| docker rm | Remove onne or more containers |
| docker exec | Run a command in a running container |
| docker info | Display system-wide information |
| vdocker inspect | Return low-level information on Docker objects |
- docker search(搜索镜像)
[root@rookie ~]# docker search httpd
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
httpd The Apache HTTP Server Project 3976 [OK]
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 44
centos/httpd 35 [OK]
solsson/httpd-openidc mod_auth_openidc on official httpd image, ve… 2 [OK]
hypoport/httpd-cgi httpd-cgi 2 [OK]
dariko/httpd-rproxy-ldap Apache httpd reverse proxy with LDAP authent… 1 [OK]
manageiq/httpd Container with httpd, built on CentOS for Ma… 1 [OK]
dockerpinata/httpd 1
publici/httpd httpd:latest 1 [OK]
clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser… 1
jonathanheilmann/httpd-alpine-rewrite httpd:alpine with enabled mod_rewrite 1 [OK]
inanimate/httpd-ssl A play container with httpd, ssl enabled, an… 1 [OK]
centos/httpd-24-centos8 1
lead4good/httpd-fpm httpd server which connects via fcgi proxy h… 1 [OK]
manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK]
e2eteam/httpd 0
paketobuildpacks/httpd 0
httpdocker/kubia-unhealthy 0
httpdss/archerysec ArcherySec repository 0 [OK]
19022021/httpd-connection_test This httpd image will test the connectivity … 0
patrickha/httpd-err 0
httpdocker/kubia 0
sandeep1988/httpd-new httpd-new 0
itsziget/httpd24 Extended HTTPD Docker image based on the off… 0 [OK]
manasip/httpd 0
- docker pull(在镜像仓库拉取镜像)
[root@rookie ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete
dcc4698797c8: Pull complete
41c22baa66ec: Pull complete
67283bbdd4a0: Pull complete
d982c879c57e: Pull complete
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[root@rookie ~]# docker pull httpd:2.4.53
2.4.53: Pulling from library/httpd
1fe172e4850f: Pull complete
e2fa1fe9b1ec: Pull complete
60dd7398e74e: Pull complete
ea2ca81c6d4c: Pull complete
f646c69a26ec: Pull complete
Digest: sha256:e02a2ef36151905c790efb0a8472f690010150f062639bd8c0760e7b1e884c07
Status: Downloaded newer image for httpd:2.4.53
docker.io/library/httpd:2.4.53
- docker info(查看镜像信息)
[root@rookie docker]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.14
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc version: v1.0.3-0-gf46b6ba
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-365.el8.x86_64
Operating System: CentOS Stream 8
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.744GiB
Name: rookie
ID: V2CS:3UYE:J7RL:WM3O:XMP2:5XP4:CLYK:UNXO:OVJF:CV3W:KSJ2:4QDX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://docker.mirrors.ustc.edu.cn/
Live Restore Enabled: false
- docker images(列出镜像)
[root@rookie ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
- docker create(创建容器)
[root@rookie ~]# docker create --name web -p 80:80 httpd
e34c9afca33177b47c222a10a569bad2515e1bf38359572156c53432ab2af42b
- docker ps(列出容器)
解释:-a 查看所有容器,包括没启动的,默认查看启动了的
-aq 列出所有容器id
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e34c9afca331 httpd "httpd-foreground" About a minute ago Created web
- docker start(启动镜像)
[root@rookie ~]# docker start web
web
[root@rookie ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e34c9afca331 httpd "httpd-foreground" About a minute ago Up 6 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp web
- docker stop(停止镜像)
[root@rookie ~]# docker stop e34c9afca331
e34c9afca331
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e34c9afca331 httpd "httpd-foreground" 8 minutes ago Exited (0) 3 seconds ago web
- socker restart(重启镜像)
[root@rookie ~]# docker restart e34c9afca331
e34c9afca331
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e34c9afca331 httpd "httpd-foreground" 10 minutes ago Up 8 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp web
- docker kill(杀死镜像的进程)
[root@rookie ~]# docker kill web
web
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e34c9afca331 httpd "httpd-foreground" 14 minutes ago Exited (137) 3 seconds ago web
- docker logs(获取日志)
[root@rookie ~]# docker start web
web
[root@rookie ~]# docker logs web| tail -3
192.168.177.1 - - [24/Apr/2022:11:31:33 +0000] "-" 408 -
192.168.177.1 - - [24/Apr/2022:11:37:21 +0000] "GET / HTTP/1.1" 304 -
192.168.177.1 - - [24/Apr/2022:11:38:12 +0000] "-" 408
- docker rm(删除容器)
(删除的是容器 镜像会保留)
[root@rookie ~]# docker stop web
web
[root@rookie ~]# docker rm web
web
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@rookie ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
- docker run(运行命令)
可以做到docker pull&docker create& docker start 三步变一步
- 解释: -i 交互式模式 -t 指定终端 -d 运行一个容器在后台运行
[root@rookie ~]# docker run -it --name xyx busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # exit
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98b74ab02ea5 busybox "/bin/sh" About a minute ago Exited (0) 7 seconds ago xyx
- docker attach(进入容器 退出后容器终止)
[root@rookie ~]# docker start xyx
xyx
[root@rookie ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98b74ab02ea5 busybox "/bin/sh" 2 minutes ago Up 8 seconds xyx
[root@rookie ~]# docker attach xyx
/ # exit
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98b74ab02ea5 busybox "/bin/sh" 4 minutes ago Exited (0) 50 seconds ago
- docker exec(进入容器 退出后容器继续运行)
[root@rookie ~]# docker start xyx
xyx
[root@rookie ~]# docker exec -it xyx /bin/sh
/ # exit
[root@rookie ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98b74ab02ea5 busybox "/bin/sh" 4 minutes ago Up 21 seconds xyx
- docker inspect(查看容器的详细信息)
[root@rookie ~]# docker inspect xyx
[
{
"Id": "98b74ab02ea5030052a4acc8071466a702db8de60ea2b34c0ccf3fc8bd7c8aef",
"Created": "2022-04-24T11:50:03.954367485Z",
"Path": "/bin/sh",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 5704,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-04-24T11:54:24.859210468Z",
"FinishedAt": "2022-04-24T11:53:12.8571006Z"
},
......
"EndpointID": "a831daf022d3e598d20f9f3cff5a59f4a139a975c4f90d0c294d06e0c5ee2e1e",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
扫一扫
4635
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
