docker命令总结

时间 2019-11-18

标签 docker 命令总结栏目 Docker 繁體版

原文原文链接




用 docker pull 拉取镜像

root@lishichao-virtual-machine:~# docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
d1725b59e92d: Pull complete 
Digest: sha256:1a6fd470b9ce10849be79e99529a88371dff60c60aab424c077007f6979b4812
Status: Downloaded newer image for hello-world:latest

用 docker images 命令查看镜像的信息。mysql

root@lishichao-virtual-machine:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
httpd               latest              c5a621af54e4        6 hours ago         178MB
hello-world         latest              4ab4c602aa5e        5 weeks ago         1.84kB

经过 docker run 运行。 docker run --help 查看帮助nginx

root@lishichao-virtual-machine:~# docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

root@lishichao-virtual-machine:~#

-it 参数的做用是以交互模式进入容器，并打开终端。5d1eb9e31f58 是容器的内部 ID。sql

root@lishichao-virtual-machine:~# docker run -it centos
[root@5d1eb9e31f58 /]#

docker ps 查看运行中的容器docker

root@lishichao-virtual-machine:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
4d85f20b58c6        centos              "/bin/bash"         50 seconds ago      Up 49 seconds                           brave_jennings

镜像命令操做ubuntu

docker search 到镜像仓库搜索镜像

docker search centos

docker images 查看本地已有的镜像

[root@dns-server ~]# docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
centos-vim-dockerfile           latest              f39351a5d35c        30 hours ago        355MB
mysql                           5.7                 1b30b36ae96a        3 days ago          372MB
mysql                           latest              ee1e8adfcefb        3 days ago          484MB
nginx                           latest              dbfc48660aeb        3 days ago          109MB

docker save 导出镜像

[root@dns-server ~]# docker save -o nginx.tar nginx
[root@dns-server ~]# ls
anaconda-ks.cfg  docker_login.sh    nginx.tar
[root@dns-server ~]#

docker load --input 导入镜像

[root@dns-server ~]# docker load --input nginx.tar 
Loaded image: nginx:latest

docker rmi 删除镜像

[root@dns-server ~]# docker rmi f39351a5d35c
Untagged: centos-vim-dockerfile:latest
Deleted: sha256:f39351a5d35ca9e00dc101c43464c3f55e9e08a240daaafc4eded43692f745fb
Deleted: sha256:f1b1df6c5b8314f3a0b3a1d5a6a96d7f20501f770b042ac1ad18b6f84164cabc

docker commitvim

docker commit 命令是建立新镜像最直观的方法，其过程包含三个步骤：centos

运行容器
修改容器
将容器保存为新的镜像

举个例子：在 Centos base 镜像中安装 vim 并保存为新镜像。安全

第一步，运行容器 bash

root@lishichao-virtual-machine:~# docker run -it centos
[root@4d85f20b58c6 /]#

-it 参数的做用是以交互模式进入容器，并打开终端。4d85f20b58c6 是容器的内部 ID。app

第二步，安装 vim

确认vim没有安装
[root@4d85f20b58c6 /]# vim
bash: vim: command not found
安装vim
[root@4d85f20b58c6 /]# yum install vim

第三步，保存为新镜像

a.在新窗口中查看当前运行的容器。

root@lishichao-virtual-machine:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
4d85f20b58c6        centos              "/bin/bash"         50 seconds ago      Up 49 seconds                           brave_jennings

brave_jennings 是 Docker 为咱们的容器随机分配的名字。

b. 执行 docker commit 命令将容器保存为镜像。

root@lishichao-virtual-machine:~# docker commit brave_jennings centos-with-vim
sha256:a55c595ffacac70fdd2995d898bab31dd932f6ddeeed59fdfcd52a0f695a0c82

新镜像命名为 ubuntu-with-vi。

c. 查看新镜像的属性。

root@lishichao-virtual-machine:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos-with-vim     latest              a55c595ffaca        4 seconds ago       355MB
httpd               latest              c5a621af54e4        6 hours ago         178MB
centos              latest              75835a67d134        6 days ago          200MB
hello-world         latest              4ab4c602aa5e        5 weeks ago         1.84kB
ubuntu              latest              cd6d8154f1e1        5 weeks ago         84.1MB

从 size 上看到镜像由于安装了软件而变大了。

d. 重新镜像启动容器，验证 vi 已经可使用。

root@lishichao-virtual-machine:~# docker -it centos-with-vim
[root@c2b086c59d36 /]# which vim
/usr/bin/vim

以上演示了如何用 docker commit 建立新镜像。然而，Docker 并不建议用户经过这种方式构建镜像。缘由以下：

一、这是一种手工建立镜像的方式，容易出错，效率低且可重复性弱。好比要在 debian base 镜像中也加入 vi，还得重复前面的全部步骤。

二、更重要的：使用者并不知道镜像是如何建立出来的，里面是否有恶意程序。也就是说没法对镜像进行审计，存在安全隐患。

既然 docker commit 不是推荐的方法，咱们干吗还要花时间学习呢？

缘由是：即使是用 Dockerfile（推荐方法）构建镜像，底层也 docker commit 一层一层构建新镜像的。学习 docker commit 可以帮助咱们更加深刻地理解构建过程和镜像的分层结构。