Docker 镜像的基础管理
中央仓库
- 官方中央仓库:hub.docker.com
- 国内镜像仓库:
- 网易蜂巢:c.163yun.com/hub(需要登陆)
- daoCloud:hub.daocloud.io
- 私服仓库:
- 需要在/etc/docker/daemon.json;添加配置项(具体配置详解下面)
- 重启两个服务:
systemctl daemon-reload systemctl restart docker
获取镜像
- 基础镜像拉取
docker search centos //搜索
docker pull centos:6.9 //从hub拉取
docker pull nginx//默认最新,可以指定版本
- 镜像查看
[root@localhost ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 2622e6cca7eb 2 weeks ago 132MB
nginx 1.15 53f3fd8007f7 13 months ago 109MB
标识镜像唯一性的方法
-
REPOSITORY:TAG
nginx:1.15
-
IMAGE ID(sha256:64位号码,默认只截取12位)
53f3fd8007f7
[root@localhost ~]# docker image ls --no-trunc
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163 2 weeks ago 132MB
nginx 1.15 sha256:53f3fd8007f76bd23bf663ad5f5009c8941f63828ae458cef584b5f85dc0a7bf 13 months ago 109MB
镜像详细信息查看
[root@localhost ~]# docker image inspect 2622e6cca7eb
[root@localhost ~]# docker image inspect nginx:1.15
只查看镜像的id
[root@localhost ~]# docker image ls -q
2622e6cca7eb
53f3fd8007f7
镜像的导入和导出
[root@localhost ~]# docker image save 2622e6cca7eb >/media/nginxDocker.tar
[root@localhost ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.15 53f3fd8007f7 13 months ago 109MB
[root@localhost ~]# docker image load -i /media/nginxDocker.tar
13cb14c2acd3: Loading layer [==================================================>] 72.49MB/72.49MB
d4cf327d8ef5: Loading layer [==================================================>] 63.8MB/63.8MB
7c7d7f446182: Loading layer [==================================================>] 3.072kB/3.072kB
9040af41bb66: Loading layer [==================================================>] 4.096kB/4.096kB
f978b9ed3f26: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image ID: sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163
[root@localhost ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 2622e6cca7eb 2 weeks ago 132MB
nginx 1.15 53f3fd8007f7 13 months ago 109MB
镜像的删除
[root@localhost ~]# docker image rm 2622e6cca7eb
Untagged: nginx:latest
Untagged: nginx@sha256:21f32f6c08406306d822a0e6e8b7dc81f53f336570e852e25fbe1e3e3d0d0133
Deleted: sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163
Deleted: sha256:e86d1b8b130bec203609b4b1d7b851bd763fa16e513e5a3fa6102ebea23260e0
Deleted: sha256:8f9f007533543813bb1aef80b791a16e5e16c7cbbbc456a3a483d0fa7a9effcc
Deleted: sha256:e2c0065a77fee75795cdcf9f19a72f11769332423cd52ec9e19aacfb878aec8b
Deleted: sha256:059442698ef65fe8545e4fe9657988a10329b9c3663b368ae7ee0007a9c43949
Deleted: sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74
[root@localhost ~]# docker image rm -f nginx:1.15
Untagged: nginx:1.15
Untagged: nginx@sha256:23b4dcdf0d34d4a129755fc6f52e1c6e23bb34ea011b315d87e193033bcd1b68
Deleted: sha256:53f3fd8007f76bd23bf663ad5f5009c8941f63828ae458cef584b5f85dc0a7bf
[root@localhost ~]# docker image rm `docker image ls -q`
Docker 容器的基础管理
交互式容器
[root@localhost ~]# docker container run -it 53f3fd8007f7 //指定image来运行container
[root@localhost ~]# docker container run -it --name="demo1" 53f3fd8007f7 //指定用户名启动,不指定的话自动生成
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
STATUS:容器运行状态(Exited、Up)
注意交互式容器退出时按ctrl+P,Q,才可以保证使其在后台运行,而不会在退出时直接down掉
守护式容器
[root@localhost ~]# docker container run -d --name="demo" 53f3fd8007f7
a12716c0357e84cbb63e65f835fb6afa277e1a4ae3887364b42c414219c94388
[root@localhost ~]# docker container inspect demo //查看容器详细信息
容器的应用场景
交互式容器:工具类;开发,测试,临时性任务
守护式容器:网络服务
容器的启动、关闭、连接
- 守护式容器的关闭和启动
[root@localhost ~]# docker container stop demo
demo
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a12716c0357e 53f3fd8007f7 "nginx -g 'daemon of…" 8 minutes ago Exited (0) 5 seconds ago demo
[root@localhost ~]# docker container start demo
demo
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a12716c0357e 53f3fd8007f7 "nginx -g 'daemon of…" 10 minutes ago Up 3 seconds 80/tcp demo
- 交互式容器的关闭和启动
[root@localhost ~]# docker container stop demo1
[root@localhost ~]# docker container start -i demo1
- 容器的连接方式
[root@localhost ~]# docker container attach demo
//子进程的方式登录,在已有的工作容器中生成子进程,做登录,可以用于容器的调试,退出时也不会影响当前容器
[root@localhost ~]# docker container exec -it demo /bin/bash
root@a12716c0357e:/#
- 容器的前台和后台运行
- ctrl+P,Q attach调用到前台
- 让程序前台一直允许(夯在前台);制作守护式容器时,常用此方法
开启个docker,打开consul的可视化web界面查看注册的服务;
[root@localhost ~]# docker run -d --name="consuldemo2" -p 8500:8500 consul agent -server -bootstrap -ui -client 0.0.0.0
a6a4898572f6ee93eb71da5002b47c863203bbf5a06a403109e86f889701f77b
-server:表示以服务端的方式开启
-bootstrap:指定自己为leader不需要经过选举
-ui:启动一个内置管理的web界面
-client 0.0.0.0:指定客户端可以访问的IP
容器的删除
[root@localhost ~]# docker container rm `docker container ls -q` //只能删除stop的容器
Error response from daemon: You cannot remove a running container 978f4cbad5fdff9564927fd276054961e307da44f715163356c1116cfe23e5c2. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container bc338f9a0b28d3bdad05017ed016495260345626b8f247fb282ee0afd0bb2560. Stop the container before attempting removal or force remove
[root@localhost ~]# docker container rm `docker container ls -qf status=exited `//删除指定状态的容器
a12716c0357e
4f4d330fdc52
daa1d08c1f63
96c397696bfc
98c782a638e9
efeb8685799d
df6e77d42b9e
9785f702c1f8
015d2bf4c9b5
c580c9e97914
容器的网络映射
- 指定映射(dokcker 自动添加一条iptables规则来实现端口映射)
-p hostPort:containerPort
-p ip:hostPort:containerPort
-p ip::containerPort//(随机端口:32768-60999)
-p hostPort:containerPort/udp
-p 81:80 -p 443:443 //多端口映射
- 随机映射
docker run -p 80
[root@localhost ~]# docker container run -d -p 8000:80 --name="test" nginx:1.14
[root@localhost ~]# docker container run -d -p 192.168.241.129:8000:80 --name="test" nginx:1.14
[root@localhost ~]# docker container run -d -p 80 --name="test" nginx:1.14
[root@localhost ~]# docker container run -d -p 192.168.241.129::80 --name="test" nginx:1.14
容器的其他管理
docker ps -a -q //=docer container ls -a -q
docker top 8e07217a381f //=docker container top 8e07217a381f
查看日志
[root@localhost ~]# docker logs test
192.168.241.1 - - [30/Jun/2020:04:42:50 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "-"
[root@localhost ~]# docker logs -tf test
2020-06-30T04:42:50.272233587Z 192.168.241.1 - - [30/Jun/2020:04:42:50 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "-"
[root@localhost ~]# docker logs -t test
2020-06-30T04:42:50.272233587Z 192.168.241.1 - - [30/Jun/2020:04:42:50 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "-"
[root@localhost ~]# docker logs -tf --tail 3 test
2020-06-30T04:42:51.192872914Z 192.168.241.1 - - [30/Jun/2020:04:42:51 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "-"
2020-06-30T04:42:51.363250310Z 192.168.241.1 - - [30/Jun/2020:04:42:51 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "-"
2020-06-30T04:43:00.583430633Z 192.168.241.1 - - [30/Jun/2020:04:43:00 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "-"
制作本地局域网的yum源
-
安装vsftpd软件
yum install -y vsftpd
-
启动ftp
systemctl enable vsftpd //将vsftpd加入到开机自动启动的服务中 systemctl start vsftpd //开启服务
-
上传系统到虚拟机
-
配置yum仓库
[root@localhost ftp]# mount -o loop /mnt/hgfs/www/yum_sources/CentOS-6.9-x86_64-bin-DVD1.iso /var/ftp/centos0.0/ //将目标系统挂载到ftp访问目录中
-
windows 验证
ftp://192.168.241.129/centos0.0/
Docker构建私有registry
构建的私有registry 也是放在容器中的
- 建立registry容器
[root@localhost docker]# docker container run -d -p 5000:5000 --restart=always --name="registry" -v /opt/registry:/var/lib/registry registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete
47112e65547d: Pull complete
46bcb632e506: Pull complete
c1cc712bcecd: Pull complete
3db6272dcbfa: Pull complete
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
306e8e455a7f5ea001cf93446b61acb4aa0e305b75b2de1710b90670c41d79be
–restart=always 命令是当docker重启时会自动启动该容器;不会因为关闭重启docker而导致容器关闭
-
修改配置文件
[root@localhost ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com"],//指定镜像下载源(官方是外网,所以需要用中文镜像网站) "insecure-registries":["192.168.241.129:5000"]//注册本地registry的下载地址 }
-
制作本地镜像并push到私有registry中
这边标记本地nginx:latest镜像,将其归入指定仓库
[root@localhost ~]# docker tag nginx:latest 197.128.241.129:5000/wzbwzt/nginx:v1//这边前面是registry地址+项目名+具体镜像名
[root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE registry latest 2d4f4b5309b1 13 days ago 26.2MB 197.128.241.129:5000/wzbwzt/nginx v1 53f3fd8007f7 14 months ago 109MB nginx 1.15 53f3fd8007f7 14 months ago 109MB nginx 1.14 295c7be07902 15 months ago 109MB centos 6.9 2199b8eb8390 15 months ago 195MB
push到本地registry
[root@localhost ~]# docker push 192.168.241.129:5000/wzbwzt/nginx:v1 The push refers to repository [192.168.241.129:5000/wzbwzt/nginx] f978b9ed3f26: Pushed 9040af41bb66: Pushed 7c7d7f446182: Pushed d4cf327d8ef5: Pushed 13cb14c2acd3: Pushed v1: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size: 1362
-
异地进行pull镜像
[root@localhost ~]# docker pull 192.168.241.129:5000/wzbwzt/nginx:v1
本地仓库加安全验证
往registry中推送image需要先验证
- 下载httpd-tool做账号密码验证
[root@localhost ~]# yum install -y httpd-tools
[root@localhost ~]# mkdir /opt/registry-auth
[root@localhost opt]# htpasswd -Bbn wzb 123123 > /opt/registry-auth/htpasswd
[root@localhost registry-auth]# cat htpasswd
wzb:$2y$05$BGrfbP4JgEA7OhRQs/vAIOmatL3/rURjjod1RTuC3O.UFJqsaNU0G
- 生成带密钥功能的registry容器
[root@localhost ~]# docker run -d -p 5000:5000 --name="registry-auth" -v /opt/registry-auth/:/auth/ -v /opt/registry/:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
WARNING: IPv4 forwarding is disabled. Networking will not work.
22c0397455c87e0517e53834ce082c1c43abd997f0f487e6e95b39e377633ef3
//-e 后面跟的是配置参数
- push镜像需要先验证(pull不需要)
[root@localhost ~]# docker push 192.168.241.129:5000/wzbwzt/nginx:v1
The push refers to repository [192.168.241.129:5000/wzbwzt/nginx]
f978b9ed3f26: Preparing
9040af41bb66: Preparing
7c7d7f446182: Preparing
d4cf327d8ef5: Preparing
13cb14c2acd3: Preparing
no basic auth credentials
//显示无验证
[root@localhost ~]# docker login 192.168.241.129:5000 //登录
Username: wzb
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@localhost ~]# docker push 192.168.241.129:5000/wzb/nginx:v2 //推送
The push refers to repository [192.168.241.129:5000/wzb/nginx]
f978b9ed3f26: Mounted from wzbwzt/nginx
9040af41bb66: Mounted from wzbwzt/nginx
7c7d7f446182: Mounted from wzbwzt/nginx
d4cf327d8ef5: Mounted from wzbwzt/nginx
13cb14c2acd3: Mounted from wzbwzt/nginx
v2: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size: 1362