1 容器与虚拟机
| 特性 | 容器 | 虚拟机 |
| 启动 | 秒级 | 分钟级 |
| 硬盘使用 | 一般为 MB | 一般为 GB |
| 性能 | 接近原生 | 弱于 |
| 系统支持量 | 单机支持上千个容器 | 一般几十个 |
A brief explanation of containers
An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files.
A container is a runtime instance of an image—what the image becomes in memory when actually executed. It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so.
Containers run apps natively on the host machine’s kernel. They have better performance characteristics than virtual machines that only get virtual access to host resources through a hypervisor. Containers can get native access, each one running in a discrete process, taking no more memory than any other executable.
Containers vs. virtual machines
Consider this diagram comparing virtual machines to containers:
Virtual Machine diagram
Virtual machines run guest operating systems—note the OS layer in each box. This is resource intensive, and the resulting disk image and application state is an entanglement of OS settings, system-installed dependencies, OS security patches, and other easy-to-lose, hard-to-replicate ephemera.
Container diagram
Containers can share a single kernel, and the only information that needs to be in a container image is the executable and its package dependencies, which never need to be installed on the host system. These processes run like native processes, and you can manage them individually by running commands likedocker ps—just like you would run ps on Linux to see active processes. Finally, because they contain all their dependencies, there is no configuration entanglement; a containerized app “runs anywhere.”
2 安装docker
| 项目 | 说明 |
| 版本格式 | YY.MM |
| Stable 版本 | 每个季度发行 |
| Edge 版本 | 每个月发行 |
| 当前 Docker CE Stable版本 | 17.09 |
| 当前 Docker CE Edge版本 | 17.11 |
同时 Docker 划分为 CE 和 EE 。 CE 即社区版(免费,支持周期三个月) , EE 即企业版,强
调安全,付费使用。
2.1 准备工作
系统要求
Docker CE 支持以下版本的Ubuntu操作系统:
Artful 17.10 (Docker CE 17.11 Edge)
Zesty 17.04
Xenial 16.04 (LTS)
Trusty 14.04 (LTS)卸载旧版本
旧版本的 Docker 称为 docker 或者 docker-engine ,使用以下命令卸载旧版本:
$ sudo apt-get remove docker docker-engine docker.io It’s OK if apt-get reports that none of these packages are installed.
The contents of /var/lib/docker/, including images, containers, volumes, and networks, are preserved. The Docker CE package is now called docker-ce.
存储层驱动
Docker CE now uses the overlay2 storage driver by default, and it is recommended that you use it instead of aufs. If you need to use aufs, you will need to do additional preparation.
XENIAL 16.04 AND NEWER
For Ubuntu 16.04 and higher, the Linux kernel includes support for OverlayFS, and Docker CE will use the overlay2storage driver by default. If you need to use aufs instead, you need to configure it manually. See aufs
TRUSTY 14.04
Unless you have a strong reason not to, install the linux-image-extra-* packages, which allow Docker to use the aufsstorage drivers.
$ sudo apt-get update
$ sudo apt-get install \
linux-image-extra-$(uname -r) \
linux-image-extra-virtual2.2 安装
三种方法:
-
Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach.
-
Some users download the DEB package and install it manually and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.
-
In testing and development environments, some users choose to use automated convenience scripts to install Docker.
Before you install Docker CE for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.
2.2.1 安装前的设置
1 更新apt软件包缓存
$ sudo apt-get update2 添加使用HTTPS 传输的软件包以及 CA 证书
$ sudo apt-get install apt-transport-https ca-certificates curl software-properties-common3 添加软件源的 GPG 密钥
为了确认所下载软件包的合法性,需要添加软件源的 GPG密钥。
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
, by searching for the last 8 characters of the fingerprint.
$ sudo apt-key fingerprint 0EBFCD88
pub 4096R/0EBFCD88 2017-02-22
Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid Docker Release (CE deb) <docker@docker.com>
sub 4096R/F273FCD8 2017-02-224 向 source.list 中添加Docker软件源
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"也会包含稳定版本的 Docker 。
使用国内源:
国内源
为了确认所下载软件包的合法性,需要添加软件源的 GPG 密钥。
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add
-
然后,我们需要向 source.list 中添加 Docker 软件源
$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"2.2.2 安装
1 更新apt软件包缓存
$ sudo apt-get update2 安装最新版
$ sudo apt-get install docker-ce
查看可安装版本:
root@ubuntu:~# apt-cache madison docker-ce
docker-ce | 17.09.0~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.2~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.1~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.0~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.2~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
安装指定版本:
$ sudo apt-get install docker-ce=<VERSION>The Docker daemon starts automatically.
root@ubuntu:~# ps -ef | grep docker
root 27981 1 1 14:09 ? 00:00:00 /usr/bin/dockerd -H fd://
root 28002 27981 0 14:09 ? 00:00:00 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc3 启动 Docker CE
$ sudo systemctl enable docker
$ sudo systemctl start docker
Ubuntu 14.04请使用以下命令启动:
$ sudo service docker start
4 测试 Docker 是否安装正确
root@ubuntu:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
ca4f61b1923c: Pull complete
Digest: sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/若能正常输出以上信息,则说明安装成功。
5 加速
鉴于国内网络问题,后续拉取 Docker 镜像十分缓慢,强烈建议安装 Docker 之后配置 国内镜像加速Docker 官方和国内很多云服务商都提供了国内加速器服务,例如:
Docker 官方提供的中国registry mirror
阿里云加速器
DaoCloud 加速器
我们以 Docker 官方加速器为例进行介绍。
Ubuntu 14.04、Debian 7 Wheezy
对于使用 upstart的系统而言,编辑/etc/default/docker文件,在其中的DOCKER_OPTS中添加获得的加速器配置:
DOCKER_OPTS="--registry-mirror=https://registry.docker-cn.com"重新启动服务。
$ sudo service docker restart
Ubuntu 16.04+、Debian 8+、CentOS 7
对于使用 systemd的系统,请在/etc/docker/daemon.json中写入如下内容(如果文件不存在请新建该文件)
{
"registry-mirrors": [
"https://registry.docker-cn.com"
]
}之后重新启动服务。
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker注意:如果您之前查看旧教程,修改了docker.service文件内容,请去掉您添加的内容(--registry-mirror=https://registry.docker-cn.com) ,这里不再赘述。
6 查看版本和信息
root@ubuntu:~# docker version
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:18 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:56 2017
OS/Arch: linux/amd64
Experimental: false
信息:
root@ubuntu:~# docker info
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 17.09.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.10.0-28-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 31.33GiB
Name: ubuntu
ID: TIWM:WOAT:4AHA:X7PB:DAYJ:SM2T:WGQ5:JZWC:EXRN:MJHN:QVRG:W6I7
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
Live Restore Enabled: false
WARNING: No swap limit support
使用systemctl status查看
root@ubuntu:~# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2017-12-04 14:21:13 CST; 20min ago
Docs: https://docs.docker.com
Main PID: 28662 (dockerd)
Tasks: 28
Memory: 31.0M
CPU: 2.636s
CGroup: /system.slice/docker.service
├─28662 /usr/bin/dockerd -H fd://
└─28672 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libconta
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917319341+08:00" level=warning msg="Your kernel does not support swap memory limit"
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917372491+08:00" level=warning msg="Your kernel does not support cgroup rt period"
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917387223+08:00" level=warning msg="Your kernel does not support cgroup rt runtime"
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917915755+08:00" level=info msg="Loading containers: start."
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.065048722+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.102800534+08:00" level=info msg="Loading containers: done."
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.148239897+08:00" level=info msg="Docker daemon" commit=afdb6d4 graphdriver(s)=overlay2 version=17.09.0-ce
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.148326663+08:00" level=info msg="Daemon has completed initialization"
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.167017323+08:00" level=info msg="API listen on /var/run/docker.sock"
12月 04 14:21:13 ubuntu systemd[1]: Started Docker Application Container Engine.
3 卸载docker
-
Uninstall the Docker CE package:
$ sudo apt-get purge docker-ce -
Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:
$ sudo rm -rf /var/lib/docker
You must delete any edited configuration files manually.
4 基本概念
Docker
包括三个基本概念镜像( Image )
容器( Container )
仓库( Repository )
理解了这三个概念,就理解了 Docker 的整个生命周期。
参考:
1 Docker — 从入门到实践:https://github.com/yeasy/docker_practice
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
