Docker容器技术基础入门篇
Docker容器技术基础入门篇
html
做者:尹正杰前端
版权声明:原创做品,谢绝转载!不然将追究法律责任。node
一.容器(Container)python
1>.什么是容器linux
容器是一种基础工具;泛指任何能够用于容纳其它物品的工具,能够部分或彻底封闭,被用于容纳,存储,运输物品;物体能够被放置在容器中,而容器则能够保护内容物。
人类使用容器的历史至少有十万年,甚至可能有数百万的历史。
2>.容器的类型git
瓶:
指口部比腹部窄小,颈长的容器。
罐:
指那些开口较大,通常为近圆筒形的器皿。
箱:
一般是立方体或圆柱体。形状固定。
蓝:
以条形物编织而成。
桶:
一种圆柱形的容器。
袋:
柔性材料制成的容器,形状会受内容物而变化。
翁:
一般是指陶制,口小肚大的容器。
碗:
用来盛载食物的容器。
柜:
指由一个盒组成的家俱。
鞘:
用于装载刀刃的容器。
3>.什么是 Linux 容器?github
Linux容器是与系统其余部分隔离开的一系列进程。运行这些进程所需的全部文件都由另外一个镜像提供,这意味着从开发到测试再到生产的整个过程当中,Linux 容器都具备可移植性和一致性。于是,相对于依赖重复传统测试环境的开发渠道,容器的运行速度要快得多。
假设您在开发一个应用。您使用的是一台笔记本电脑,并且您的开发环境具备特定的配置。其余开发人员身处的环境配置可能稍有不一样。您正在开发的应用不止依赖于您当前的配置,还须要某些特定的库、依赖项和文件。与此同时,您的企业还拥有标准化的开发和生产环境,有着本身的配置和一系列支持文件。您但愿尽量多在本地模拟这些环境,而不产生从新建立服务器环境的开销。所以,您要如何确保应用可以在这些环境中运行和经过质量检测,而且在部署过程当中不出现使人头疼的问题,也无需从新编写代码和进行故障修复?答案就是使用容器。
容器能够确保您的应用拥有必需的库、依赖项和文件,让您能够在生产中自如地迁移这些应用,无需担忧会出现任何负面影响。实际上,您能够将容器镜像中的内容,视为 Linux 发行版的一个安装实例,由于其中完整包含 RPM 软件包、配置文件等内容。可是,安装容器镜像发行版,要比安装新的操做系统副本容易得多。这样能够避免危机,作到皆大欢喜。详情请参考:https://www.redhat.com/zh/topics/containers/whats-a-linux-container。
4>.容器不就是虚拟化吗?web
不彻底如此。更确切的说法应该是:二者为互补关系。咱们用一种简单方式来思考一下:
主机级虚拟化:
虚拟化使得您的操做系统(Windows 或 Linux)可同时在单个硬件系统上运行。即须要虚拟整个完整物理硬件平台,典型表明就是咱们常见的“VMware Workstation”。
容器级虚拟化:
容器则可共享同一个操做系统内核,将应用进程与系统其余部分隔离开。例如:ARM Linux 系统运行 ARM Linux 容器,x86 Linux 系统运行 x86 Linux 容器,x86 Windows 系统运行 x86 Windows 容器。Linux 容器具备极佳的可移植性,但前提是它们必须与底层系统兼容。
这意味着什么?虚拟化会使用虚拟机监控程序模拟硬件,从而使多个操做系统可以并行运行。但这不如容器轻便。事实上,在仅拥有容量有限的有限资源时,您须要可以能够进行密集部署的轻量级应用。Linux 容器在本机操做系统上运行,与全部容器中共享该操做系统,所以应用和服务可以保持轻巧,并行化快速运行。
Linux 容器是咱们开发、部署和管理应用方式的又一次飞跃。Linux 容器镜像提供了可移植性和版本控制,确保可以在开发人员的笔记本电脑上运行的应用,一样也能在生产环境中正常运行。相较于虚拟机,Linux 容器在运行时所占用的资源更少,使用的是标准接口(启动、中止、环境变量等),并会与应用隔离开;此外,做为(包含多个容器)大型应用的一部分时更加易于管理,并且这些多容器应用能够跨多个云环境进行编排。
5>.容器简史redis
容器并不是起源于 Linux,但开源世界的最精彩之处就在于借鉴、修改和改进,容器也不例外。 咱们如今称为容器技术的概念最初出如今 2000 年,时称 FreeBSD jail,这种技术可将 FreeBSD 系统分区为多个子系统(也称为 Jail)。Jail 是做为安全环境而开发的,系统管理员可与企业内部或外部的多个用户共享这些 Jail。Jail 的目的是让进程在通过修改的 chroot 环境中建立,而不会脱离和影响整个系统 — 在 chroot 环境中,对文件系统、网络和用户的访问都实现了虚拟化。尽管 Jail 在实施方面存在局限性,但最终人们找到了脱离这种隔离环境的方法。但这个概念很是有吸引力。 2001 年,经过 Jacques Gélinas 的 VServer 项目,隔离环境的实施进入了 Linux 领域。正如 Gélinas 所说,这项工做的目的是“在高度独立且安全的单一环境中运行多个通用 Linux 服务器 [sic]。” 在完成了这项针对 Linux 中多个受控制用户空间的基础性工做后,Linux 容器开始逐渐成形并最终发展成了如今的模样。
6>.容器变得具备实用性docker
很快,更多技术结合进来,让这种隔离方法从构想变为现实。控制组 (cgroups) 是一项内核功能,可以控制和限制一个进程或多组进程的资源使用。而 systemd 初始化系统可设置用户空间,而且管理它们的进程,cgroups 使用该系统来更严密地控制这些隔离进程。这两种技术在增长对 Linux 的总体控制的同时,也成为了保持环境隔离的重要框架。
内核命名空间的改进,推进了容器的进一步发展。利用内核命名空间,从进程 ID 到网络名称,一切均可在 Linux 内核中实现虚拟化。新增的用户命名空间“使得用户和组 ID 能够按命名空间进行映射。对于容器而言,这意味着用户和组能够在容器内部拥有执行某些操做的特权,而在容器外部则没有这种特权。”Linux 容器项目 (LXC) 还添加了用户急需的一些工具、模板、库和语言绑定,从而推进了这些进步,进而改善了使用容器的用户体验。
虽然 LXC 使得用户可以经过简单的命令行界面轻松地启动使用容器,可是和咱们过去使用的虚拟机来说,它的复杂程度并无多大下降,并且其隔离性依旧没有虚拟机好。
LXC最大的好处就是在性能和资源上有所节约,可是在大规模容器使用上LXC依然没有找到很好的突破口,因而后来就出现了Docker。从这个角度来说,Docker是什么东西呢?它是LXC的加强版,本身也不是容器,而是容器的前端应用工具。容器时Linux内核中的技术,Docker只是把容器技术的使用用它的简化得以普及而已。
7>.进入 Docker 技术时代
2008 年,Docker 公司凭借与公司同名的容器技术经过 dotCloud 登上了舞台。Docker 技术带来了不少新的概念和工具,包括可运行和构建新的分层镜像的简单命令行界面、服务器守护进程、含有预构建容器镜像的库以及注册表服务器概念。经过综合运用这些技术,用户能够快速构建新的分层容器,并轻松地与他人共享这些容器。 红帽意识到了在这个全新的生态系统中协做可以产生的巨大力量,于是在咱们的 OpenShift 容器平台中采用了底层技术。为了不如此重要的技术被单个供应商掌控,Docker Inc. 向社区主导型开源项目提供了不少底层组件(runc 源自开放容器计划,containerd 已移交给 CNCF)。 咱们可经过三个主要标准,来确保各类容器技术间的互操做性,即 OCI 镜像、分发和运行时规范。经过遵循上述规范,社区项目、商用产品和云技术提供商能够构建可互操做的容器技术(可将您自行构建的镜像,推送至云技术提供商的注册表服务器——完成这一操做后,镜像才能正常工做)。当前,红帽和 Docker 等公司都是开放容器计划(OCI)的成员,致力于实现容器技术的开放行业标准化。
二.Linux Namespaces种类
从内核版本4.10开始,有7种命名空间。命名空间功能在全部类型中都是相同的:每一个进程都与命名空间相关联,而且只能查看或使用与该命名空间关联的资源,以及适用的后代命名空间。这样,每一个进程(或其组)能够具备关于资源的惟一视图。隔离哪一个资源取决于为给定进程组建立的命名空间的类型。如下内容参考自:https://en.wikipedia.org/wiki/Linux_namespaces。
1>.装载(Mount ,简称:mnt) 挂载命名空间控制挂载点。建立后,当前mount命名空间中的挂载将复制到新的命名空间,但以后建立的挂载点不会在命名空间之间传播(使用共享子树,能够在命名空间之间传播挂载点)。 用于建立此类型的新命名空间的克隆标志是CLONE_NEWNS - “NEW NameSpace”的缩写。这个术语不是描述性的(由于它没有说明要建立哪一种命名空间),由于mount命名空间是第一种命名空间,设计者没有预料到会有其余命名空间。 系统调用参数为:"CLONE_NEWNS",从内核版本"2.4.19"就开始支持。 2>.进程ID(Process ID 简称:pid) PID命名空间为进程提供来自其余命名空间的独立进程ID(PID)集。PID名称空间是嵌套的,这意味着在建立新进程时,它将为每一个名称空间从其当前名称空间到初始PID名称空间具备PID。所以,初始PID命名空间可以查看全部进程,尽管具备与其余命名空间不一样的PID将看到进程。 在PID命名空间中建立的第一个进程被分配了进程ID号1,而且接收了大多数与正常init进程相同的特殊处理,最值得注意的是命名空间中的孤立进程被附加到它。这也意味着此PID 1进程的终止将当即终止其PID命名空间和任何后代中的全部进程。 系统调用参数为:"CLONE_NEWPID",从内核版本"2.6.24"就开始支持。 3>.网络(Network 简称:net) 网络命名空间虚拟化网络堆栈。在建立时,网络命名空间仅包含环回接口。 每一个网络接口(物理或虚拟)都存在于1个命名空间中,能够在命名空间之间移动。 每一个命名空间都有一组私有IP地址,本身的路由表,套接字列表,链接跟踪表,防火墙和其余与网络相关的资源。 销毁网络命名空间会破坏其中的任何虚拟接口,并将其中的任何物理接口移回初始网络命名空间。 系统调用参数为:"CLONE_NEWNET",从内核版本"2.6.29"就开始支持。 4>.进程间通讯(Interprocess Communication 简称:ipc) IPC名称空间将进程与SysV样式的进程间通讯隔离开来。这能够防止不一样IPC名称空间中的进程使用例如SHM系列函数在两个进程之间创建一系列共享内存。相反,每一个进程将可以为共享内存区域使用相同的标识符,并生成两个这样的不一样区域。同一机器之间进程通讯的方式有不少,好比消息队列(message queues),共享内存(shared memory)等等。跨主机之间的通讯咱们称之为套接字通讯,也是咱们应用最多的! 系统调用参数为:"CLONE_NEWIPC",从内核版本"2.6.19"就开始支持。 5>.悉尼科技大学(简称:UTS) UTS名称空间容许单个系统看起来具备不一样进程的主机名和域名。 系统调用参数为:"CLONE_NEWUTS",从内核版本"2.6.19"就开始支持。 6>.用户ID(User ID 简称:user) 用户命名空间是一种在多组进程中提供权限隔离和用户标识隔离的功能。经过管理帮助,能够构建具备看似管理权限的容器,而无需实际提高用户进程的权限。与PID命名空间同样,用户命名空间是嵌套的,而且每一个新用户命名空间都被视为建立它的用户命名空间的子节点。 用户命名空间包含一个映射表,用于将用户ID从容器的角度转换为系统的角度。例如,这容许root用户在容器中具备用户id 0,但实际上系统将其视为用户ID 1,400,000以进行全部权检查。相似的表用于组ID映射和全部权检查。 为了促进管理操做的权限隔离,每一个命名空间类型在建立时基于活动用户命名空间被用户命名空间认为。在相应的用户命名空间中具备管理权限的用户将被容许在该其余命名空间类型中执行管理操做。例如,若是进程具备更改网络接口的IP地址的管理权限,则只要其本身的用户命名空间与拥有网络命名空间的用户命名空间(或其祖先)相同,它就能够这样作。所以,初始用户命名空间具备对系统中全部命名空间类型的管理控制。 系统调用参数为:"CLONE_NEWUSER",从内核版本"3.8"就开始支持,所以CentOS 6.x 自然就排除在外了,由于CentOS 6.x 使用的是2.6.x的内核。 7>.对照组(也叫控制组,英文名称为:Control group 简称:cgroup) cgroup命名空间类型隐藏了进程所属的控制组的标识。 在这样的命名空间中的进程,检查任何进程所属的控制组,将看到实际上相对于在建立时设置的控制组的路径,隐藏其真实的控制组位置和身份。 此命名空间类型自Linux 4.6以来就已存在。 对cgroups来说,它无非就是把系统级的资源分红多个组,而后把每个组内的资源量分配到特定的用户空间的进程上去的事情。它包括如下资源: blkio:
块设备IO cpu:
分配CPU cpuacct:
CPU资源使用报告 cpuset:
多处理平台上的CPU集合 devices:
设备访问 freezzer:
挂在或恢复任务 memory:
内存用量及报告 perf_event:
对cgroup中的任务进行统一性能测试 net_cls:
cgroup中的任务建立的数据报告的类别标识符
三.Docker简史
1>.什么是Docker
LXC最大的好处就是在性能和资源上有所节约,可是在大规模容器使用上LXC依然没有找到很好的突破口,因而后来就出现了Docker。从这个角度来说,Docker是什么东西呢?它是LXC的加强版,本身也不是容器,而是容器的前端应用工具。容器时Linux内核中的技术,Docker只是把容器技术的使用用它的简化得以普及而已。 咱们知道LXC在大规模建立容器很难,或者在另外一台主机克隆一个和当前主机容器如出一辙的容器也很难。所以Docker就在这方面找解决方案了。 早期的Docker就是一个LXC的二次封装发行版(后来Docker公司研发了libcontainer来替代LXC,不过此时Docker已被CNCF挟持了,固然容器的话语权依旧归Docker公司,这并非说CNCF组织没有能力Docker的标准,只不过他们真那样作就太欺负Docker公司了,后来Docker又转型到runC)。功能上是这样实现的:利用LXC作容器管理引擎,可是在建立容器用户空间时不在用LXC的模板现场安装生成容器,而是实事先经过一种镜像技术(相似于KVM镜像启动),把一个操做系统用户空间所要用到的全部组件事先准备编排好打包成一个文件,这个文件Docker称之为镜像文件。 “Docker” 一词指代了多个概念,包括开源社区项目、开源项目使用的工具、主导支持此类项目的公司 Docker Inc. 以及该公司官方支持的工具。技术产品和公司使用同一名称,的确让人有点困惑。咱们来简单说明一下: IT 软件中的 “Docker” 是指容器化技术,用于建立和使用 Linux 容器。 开源 Docker 社区致力于改进这类技术,并免费提供给全部用户,互利双赢。 Docker Inc. 公司凭借 Docker 社区产品起家,它主要负责提高社区版本的安全性,并将技术进步与广大技术社区分享。此外,它还专门对这些技术产品进行完善和安全加固,服务于企业客户。 借助 Docker,您可将容器当作轻巧、模块化的虚拟机使用。同时,您还将得到高度的灵活性,从而能够高效地建立、部署和复制容器,并能将其从一个环境顺利迁移至另外一个环境。详情请参考:https://www.redhat.com/zh/topics/containers/what-is-docker。
2>.Docker容器编排技术
Docker 在最初设计时只关注了单一容器该如何更好的运行,随后不久他们意识到了单一容器自己的管理是没有太大价值的。换句话说,docker本身的价值在单一的docker中并无发挥出来,而是须要用容器编排系统的支撑他才能发挥出来。所以想法设法的,既要维护容器技术,另一方面开始去开发容器编排系统。因而就有了docker容器编排三剑客,即docker-machine,docker-swarm以及docker-compose等技术都是docker的容器编排系统。 Apache软件基金会(也就是Apache Software Foundation,简称为ASF)开源的统一资源调度和分配工具Mesos,Mesos结合中间层Marathon就能够实现容器编排功能啦。 Google这家公司秘而不宣在公司内部使用容器技术(Borg为容器编排技术)已经有十几年的历史啦,听说每一周新建和销毁的容器就多达几十亿个,Docker居然因缘巧合摸到了这个门道并且还作成了开源软件,此时Google公司就坐不住了,但此时Docker已经在容器技术上独霸话语权啦,而Google内部使用的Borg和Omega均是内部自用的容器调度工具(作大数据运维的小伙伴应该有了解这两个组件)是闭源的,公司内部用的不能直接开源。惋惜Docker阵营并不团结,CoreOS公司从Docker分手后,开发了Rocket容器(简称rkt,Github地址为:https://github.com/rkt/rkt)与Docker争雄。此时Google公司扶持Rocket来和Docker反着干。但惋惜rkt并非Docker的对手。此时Google发现Docker容器编排技术依旧是其弱项,因而Google凭借着本身内部使用的Brog和Omage的十几年使用经验开源了kubernetes容器编排技术,Kubernetes(简称K8S)的横空出世这对Docker简直就是降维打击!这让docker自研的容器编排招架不住(这三家公司原本市场打的很精彩的,在2017年12月基本已尘埃落定,K8s占据了80%左右的市场份额,成了实时上的标准。在此基础之上,Google还主导成立了"Cloud Native Computing Foundation",简称"CNCF")。 有人说Docker技术仍在,Docker公司已死,说是Docker公司拿了一手好牌(Docker容器)却打的稀烂,主要是讽刺Docker公司在容器编排上一无建树。咱们做为过后诸葛亮怎么评论都容易,若是让你成为Docker主事者未必能带领Docker走上更好的方向,这也不必定。
其实kubernetes的在谷歌公司内部获得了很普遍的应用。容器技术不少公司都在搞,Google 再用,阿里也在用,只不过阿里有他们本身的容器化技术,应用的普遍性和Docker还无法比!
3>.Docker发行版本
咱们知道Docker在容器编排技术上败给了K8s,大量市场被Google公司拿下,所以它没有找到一个很好的变现方式。 为了让Docker项目作的更大,目的是吸引更多的投资人,未来未上市就想成为传说中的"独角兽",此时发现Docker这个关键词在互联网上很是火,该公司始终没法变现。因而将Docker开源版作了双发行版本,即Docker社区版和Docke企业版。后来Docker公司负责人讲开源的Docker开源版本改名为"Moby",而互联网想要搜索"Docker"关键词的流量都引入了"Docker 企业版"网站。这样作估计你们也理解,由于它是一家商业公司。后来有一段时间Docker社区版对此作法有不少不满。后来Docker的CEO不得不解释说是为了Docker 社区版更好的发展。不少码农估计都念叨过:“我信你个鬼,你个糟老头子坏得很!” K8S将Docker社区版合并的代码贡献给CNCF组织,其目的是要告诉你们Google公司不会讲K8S私有化,这样你们方能大胆使用。如今K8S使用Go语言研发(Docker也是使用Go语言研发),而k8s目前还未成熟,更新版本迭代是至关之快。 最先的时候docker就是一个开源项目,主要由docker公司维护。2017年年初,docker公司将原先的docker项目更名为moby,并建立了docker-ce和docker-ee。这三者的关系是: 1>.moby是继承了原先的docker的项目,是社区维护的的开源项目,谁均可以在moby的基础打造本身的容器产品; 2>.docker-ce是docker公司维护的开源项目,是一个基于moby项目的免费的容器产品; 3>.docker-ee是docker公司维护的闭源产品,是docker公司的商业产品;
moby project由社区维护,docker-ce project是docker公司维护,docker-ee是闭源的。要使用免费的docker,从网页docker-ce上获取。要使用收费的docker,从网页docker-ee上获取。
docker-ce的发布计划v1.13.1以后,发布计划更改成: Edge: 月版本,每个月发布一次,命名格式为YY.MM,维护到下个月的版本发布 Stable: 季度版本,每季度发布一次,命名格式为YY.MM,维护4个月
博主推荐阅读一:https://blog.csdn.net/m2l0zgssvc7r69efdtj/article/details/78944851 博主推荐阅读二:https://blog.csdn.net/yk20091201/article/details/80016135
4>.Docker种的容器
咱们如今不少人应该都知道容器目前分为两大组织,一个是Google为首的CNCF组织,该组织有一种另起灶炉想要把Google公司排挤在外的意图,随着容器的发展无疑是要有一款标准化开源产品,而这个标准由谁来定制呢?CNCF彻底有这个实例来开发一套容器开源产品,由于该组织里面有意见超大型互联网公司Google,而目前关于容器的发言权依旧是给了Docker公司,由该公司来定制Docker的标准,Docker已经开发libcontainer容器引擎来替换LXC引擎,后来有研发了runC容器引擎来替换libcontainer。如今runC已经称为了容器运行时的工业标准。总的来讲,Docker中的容器演变过程为:lxc ---> libcontainer ---> runC 。
后来在Docker的主导下,孕育了OCF和OCI(Open Container Initiative)。
Open Container Initiative(简称OCI):
1>.由Linux仅仅会主导2015年6月创立;
2>.旨在围绕容器格式和运行时定制一个开放的工业化标准;
3>.两个标准分别为运行时标准(the Runtime Specification(runtime-spec))和镜像格式标准(the Image Specification(image-spec));
Open Container Format(简称OCF):
1>.runC是OCF重要实现之一;
2>.目前runC是当前Docker使用的容器引擎;
无论咱们怎么认为Docker被人欺负,可是到今天为止,Docker确实是你们心中的容器技术。谈到容器你可能不知道LXC是什么,也可能不知道Linux名称空间究竟是什么,可是你们都知道Docker。因此到今天位置不管k8s本身认为在容器编排领域多么一家独大,但依然没法摆脱Docker。尽管K8s支持不少种容器(Docker只是其中一种),但Docker依旧是在主流。在实际工做种大多数都是K8S+Docker。所以咱们想要很好的掌握k8s还不得不要好好学习一下Docker。
四.Docker架构
Docker 采用的是 Client/Server 架构。客户端向服务器发送请求,服务器负责构建、运行和分发容器。客户端和服务器能够运行在同一个 Host 上,客户端也能够经过 socket 或 REST API 与远程的服务器通讯。参考连接:https://www.cnblogs.com/CloudMan6/p/6763789.html
一.Client: Docker 客户端,最经常使用的 Docker 客户端是 docker 命令。经过docker咱们能够方便地在Host上构建和运行容器。 docker 支持不少操做( docker 命令行工具),用户也能够经过 REST API 与服务器通讯。 Client和Docker daemon通讯可以使用https/http协议进行通讯,为了安全起见,默认使用的就是https协议。 二.Docker daemon: Docker daemon 是服务器组件(Docker 守护进程服务器 ),以 Linux 后台服务的方式运行。 Docker daemon 运行在 Docker host 上,负责建立、运行、监控容器,构建、存储镜像。默认配置下,Docker daemon 只能响应来自本地 Host 的客户端请求。若是要容许远程客户端请求,须要在配置文件中打开TCP监听(支持IPV4和IPV6)。 三.Image: 可将Docker镜像当作只读模板,经过它能够建立Docker容器。例如某个镜像可能包含一个Ubuntu操做系统、一个Apache HTTP Server以及用户开发的Web应用。 镜像有多种生成方法: 能够从无到有开始建立镜像; 也能够下载并使用别人建立好的现成的镜像 还能够在现有镜像上建立新的镜像 咱们能够将镜像的内容和建立步骤描述在一个文本文件中,这个文件被称做 Dockerfile,经过执行 docker build <docker-file> 命令能够构建出 Docker 镜像。 Docker官方镜像地址: https://hub.docker.com/。 阿里的docker镜像地址: https://mirrors.aliyun.com/docker-ce/linux/ 清华大学docker镜像地址: https://mirrors.tuna.tsinghua.edu.cn/docker-ce/ 四.Registry:
咱们去构建镜像时,镜像作好以后应该有一个统一存放位置,咱们称之为Docker仓库,Registry是存放Docker镜像的仓库(官方默认仓库在"https://hub.docker.com"),Registry分私有和公有两种。Images和Registry之间默认使用的时https协议,固然若是你非要指定为http协议也是能够的。 启动容器时,docker daemon会试图从本地获取相关的镜像;本地镜像不存在时,其将从Registry中下载该镜像并保存到本地。
Registry用于保存docker镜像,包括镜像的层次结构和元数据。用户可自建Registry,也可以使用官方的Docker Hub。
Docker Registry可分为如下几类:
Sponsor Registry:第三方的registry,供客户端和Docker社区使用。
Mirror Registry:第三方的registry,只让客户使用。
Vendor Registry:由发布Docker镜像的供应商提供的registry。
Private Registry:经过设有防火墙和额外的安全层的私有实体提供的registry。
Registry包括Repository和Index,详细说明以下:
Repository:
由某特定的docker镜像的全部迭代版本组成的镜像仓库;
一个Registry中能够存在多个Repository:
Repository可分为"顶层仓库"和"用户仓库";
用户仓库名称格式为"用户名/仓库名"。
每一个仓库能够包含多个Tag(标签),每一个标签对应一个镜像;
Index:
维护用户帐户,镜像的校验以及公共命名空间的信息;
至关于为Registry提供了一个完成用户认证等功能的检索接口。
Docker Registry中的镜像一般由开发人员制做,然后推送至"公共"或"私有"Registry上保存,供其它人员使用,例如"部署"到生产环境。
五.Container: Docker容器,用于加载Docker镜像。换句话说,Docker容器就是Docker镜像的运行实例。咱们知道镜像(Image)是只读的,在启动一个Container时,其实就是基于Image来新建一个专用的可写仓供用户使用。
五.安装Docker
1>.查看Docker-ce的官方文档(https://docs.docker.com/install/)
2>.下载docker的yum的阿里云源
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install wget Loaded plugins: fastestmirror base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/4): base/7/x86_64/group_gz | 166 kB 00:00:00 (2/4): extras/7/x86_64/primary_db | 187 kB 00:00:00 (3/4): updates/7/x86_64/primary_db | 3.3 MB 00:00:02 (4/4): base/7/x86_64/primary_db | 6.0 MB 00:00:05 Determining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.neusoft.edu.cn * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package wget.x86_64 0:1.14-18.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================================================================================================== Installing: wget x86_64 1.14-18.el7 base 547 k Transaction Summary ========================================================================================================================================================================================================================== Install 1 Package Total download size: 547 k Installed size: 2.0 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-18.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY================================================- ] 0.0 B/s | 511 kB --:--:-- ETA Public key for wget-1.14-18.el7.x86_64.rpm is not installed wget-1.14-18.el7.x86_64.rpm | 547 kB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wget-1.14-18.el7.x86_64 1/1 Verifying : wget-1.14-18.el7.x86_64 1/1 Installed: wget.x86_64 0:1.14-18.el7 Complete! [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo --2019-03-23 07:45:05-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 116.136.134.81, 27.221.93.97, 27.221.93.93, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|116.136.134.81|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2640 (2.6K) [application/octet-stream] Saving to: ‘/etc/yum.repos.d/docker-ce.repo’ 100%[================================================================================================================================================================================>] 2,640 --.-K/s in 0s 2019-03-23 07:45:07 (41.1 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [2640/2640] [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
3>.安装docker
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install docker-ce Loaded plugins: fastestmirror docker-ce-stable | 3.5 kB 00:00:00 (1/2): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:00 (2/2): docker-ce-stable/x86_64/primary_db | 25 kB 00:00:00 Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.neusoft.edu.cn * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package docker-ce.x86_64 3:18.09.3-3.el7 will be installed --> Processing Dependency: container-selinux >= 2.9 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: containerd.io >= 1.2.2-3 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libseccomp >= 2.3 for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: docker-ce-cli for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libcgroup for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Processing Dependency: libseccomp.so.2()(64bit) for package: 3:docker-ce-18.09.3-3.el7.x86_64 --> Running transaction check ---> Package container-selinux.noarch 2:2.74-1.el7 will be installed --> Processing Dependency: selinux-policy-targeted >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: selinux-policy-base >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: selinux-policy >= 3.13.1-216.el7 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: policycoreutils >= 2.5-11 for package: 2:container-selinux-2.74-1.el7.noarch --> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.74-1.el7.noarch ---> Package containerd.io.x86_64 0:1.2.4-3.1.el7 will be installed ---> Package docker-ce-cli.x86_64 1:18.09.3-3.el7 will be installed ---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed ---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed --> Running transaction check ---> Package policycoreutils.x86_64 0:2.2.5-20.el7 will be updated ---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update --> Processing Dependency: libsepol >= 2.5-10 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsepol.so.1(LIBSEPOL_1.1)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsepol.so.1(LIBSEPOL_1.0)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage.so.1(LIBSEMANAGE_1.1)(64bit) for package: policycoreutils-2.5-29.el7_6.1.x86_64 ---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be installed --> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 --> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64 ---> Package selinux-policy.noarch 0:3.13.1-60.el7 will be updated ---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.9 will be an update ---> Package selinux-policy-targeted.noarch 0:3.13.1-60.el7 will be updated ---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 will be an update --> Running transaction check ---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed --> Processing Dependency: audit-libs(x86-64) = 2.8.4-4.el7 for package: audit-libs-python-2.8.4-4.el7.x86_64 ---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed ---> Package libselinux-utils.x86_64 0:2.2.2-6.el7 will be updated ---> Package libselinux-utils.x86_64 0:2.5-14.1.el7 will be an update --> Processing Dependency: libselinux(x86-64) = 2.5-14.1.el7 for package: libselinux-utils-2.5-14.1.el7.x86_64 ---> Package libsemanage.x86_64 0:2.1.10-18.el7 will be updated ---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update ---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed ---> Package libsepol.x86_64 0:2.1.9-3.el7 will be updated ---> Package libsepol.x86_64 0:2.5-10.el7 will be an update ---> Package python-IPy.noarch 0:0.75-6.el7 will be installed ---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed --> Running transaction check ---> Package audit-libs.x86_64 0:2.4.1-5.el7 will be updated --> Processing Dependency: audit-libs = 2.4.1-5.el7 for package: audit-2.4.1-5.el7.x86_64 ---> Package audit-libs.x86_64 0:2.8.4-4.el7 will be an update ---> Package libselinux.x86_64 0:2.2.2-6.el7 will be updated --> Processing Dependency: libselinux = 2.2.2-6.el7 for package: libselinux-python-2.2.2-6.el7.x86_64 ---> Package libselinux.x86_64 0:2.5-14.1.el7 will be an update --> Running transaction check ---> Package audit.x86_64 0:2.4.1-5.el7 will be updated ---> Package audit.x86_64 0:2.8.4-4.el7 will be an update ---> Package libselinux-python.x86_64 0:2.2.2-6.el7 will be updated ---> Package libselinux-python.x86_64 0:2.5-14.1.el7 will be an update --> Processing Conflict: libselinux-2.5-14.1.el7.x86_64 conflicts systemd < 219-20 --> Restarting Dependency Resolution with new changes. --> Running transaction check ---> Package systemd.x86_64 0:219-19.el7 will be updated --> Processing Dependency: systemd = 219-19.el7 for package: systemd-sysv-219-19.el7.x86_64 ---> Package systemd.x86_64 0:219-62.el7_6.5 will be an update --> Processing Dependency: systemd-libs = 219-62.el7_6.5 for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-62.el7_6.5.x86_64 --> Running transaction check ---> Package cryptsetup-libs.x86_64 0:1.6.7-1.el7 will be updated ---> Package cryptsetup-libs.x86_64 0:2.0.3-3.el7 will be an update ---> Package lz4.x86_64 0:1.7.5-2.el7 will be installed ---> Package systemd-libs.x86_64 0:219-19.el7 will be updated --> Processing Dependency: systemd-libs = 219-19.el7 for package: libgudev1-219-19.el7.x86_64 ---> Package systemd-libs.x86_64 0:219-62.el7_6.5 will be an update ---> Package systemd-sysv.x86_64 0:219-19.el7 will be updated ---> Package systemd-sysv.x86_64 0:219-62.el7_6.5 will be an update --> Running transaction check ---> Package libgudev1.x86_64 0:219-19.el7 will be updated ---> Package libgudev1.x86_64 0:219-62.el7_6.5 will be an update --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================================================================================================== Installing: docker-ce x86_64 3:18.09.3-3.el7 docker-ce-stable 19 M Updating: systemd x86_64 219-62.el7_6.5 updates 5.1 M Installing for dependencies: audit-libs-python x86_64 2.8.4-4.el7 base 76 k checkpolicy x86_64 2.5-8.el7 base 295 k container-selinux noarch 2:2.74-1.el7 extras 38 k containerd.io x86_64 1.2.4-3.1.el7 docker-ce-stable 22 M docker-ce-cli x86_64 1:18.09.3-3.el7 docker-ce-stable 14 M libcgroup x86_64 0.41-20.el7 base 66 k libseccomp x86_64 2.3.1-3.el7 base 56 k libsemanage-python x86_64 2.5-14.el7 base 113 k lz4 x86_64 1.7.5-2.el7 base 98 k policycoreutils-python x86_64 2.5-29.el7_6.1 updates 456 k python-IPy noarch 0.75-6.el7 base 32 k setools-libs x86_64 3.3.8-4.el7 base 620 k Updating for dependencies: audit x86_64 2.8.4-4.el7 base 250 k audit-libs x86_64 2.8.4-4.el7 base 100 k cryptsetup-libs x86_64 2.0.3-3.el7 base 338 k libgudev1 x86_64 219-62.el7_6.5 updates 96 k libselinux x86_64 2.5-14.1.el7 base 162 k libselinux-python x86_64 2.5-14.1.el7 base 235 k libselinux-utils x86_64 2.5-14.1.el7 base 151 k libsemanage x86_64 2.5-14.el7 base 151 k libsepol x86_64 2.5-10.el7 base 297 k policycoreutils x86_64 2.5-29.el7_6.1 updates 916 k selinux-policy noarch 3.13.1-229.el7_6.9 updates 483 k selinux-policy-targeted noarch 3.13.1-229.el7_6.9 updates 6.9 M systemd-libs x86_64 219-62.el7_6.5 updates 407 k systemd-sysv x86_64 219-62.el7_6.5 updates 84 k Transaction Summary ========================================================================================================================================================================================================================== Install 1 Package (+12 Dependent packages) Upgrade 1 Package (+14 Dependent packages) Total download size: 72 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/28): audit-libs-python-2.8.4-4.el7.x86_64.rpm | 76 kB 00:00:00 (2/28): audit-libs-2.8.4-4.el7.x86_64.rpm | 100 kB 00:00:00 (3/28): container-selinux-2.74-1.el7.noarch.rpm | 38 kB 00:00:00 (4/28): audit-2.8.4-4.el7.x86_64.rpm | 250 kB 00:00:00 (5/28): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00 (6/28): cryptsetup-libs-2.0.3-3.el7.x86_64.rpm | 338 kB 00:00:00 warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-18.09.3-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY ] 4.4 MB/s | 38 MB 00:00:07 ETA Public key for docker-ce-18.09.3-3.el7.x86_64.rpm is not installed (7/28): docker-ce-18.09.3-3.el7.x86_64.rpm | 19 MB 00:00:07 (8/28): libseccomp-2.3.1-3.el7.x86_64.rpm | 56 kB 00:00:00 (9/28): libselinux-2.5-14.1.el7.x86_64.rpm | 162 kB 00:00:00 (10/28): libcgroup-0.41-20.el7.x86_64.rpm | 66 kB 00:00:00 (11/28): libgudev1-219-62.el7_6.5.x86_64.rpm | 96 kB 00:00:00 (12/28): libselinux-utils-2.5-14.1.el7.x86_64.rpm | 151 kB 00:00:00 (13/28): libselinux-python-2.5-14.1.el7.x86_64.rpm | 235 kB 00:00:00 (14/28): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00 (15/28): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00 (16/28): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00 (17/28): lz4-1.7.5-2.el7.x86_64.rpm | 98 kB 00:00:00 (18/28): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00 (19/28): containerd.io-1.2.4-3.1.el7.x86_64.rpm | 22 MB 00:00:08 (20/28): policycoreutils-2.5-29.el7_6.1.x86_64.rpm | 916 kB 00:00:00 (21/28): selinux-policy-3.13.1-229.el7_6.9.noarch.rpm | 483 kB 00:00:00 (22/28): policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm | 456 kB 00:00:00 setools-libs-3.3.8-4.el7.x86_6 FAILED http://mirrors.aliyun.com/centos/7.6.1810/os/x86_64/Packages/setools-libs-3.3.8-4.el7.x86_64.rpm: [Errno 14] curl#18 - "transfer closed with 110896 bytes remaining to read" ] 4.9 MB/s | 47 MB 00:00:05 ETA Trying other mirror. (23/28): systemd-libs-219-62.el7_6.5.x86_64.rpm | 407 kB 00:00:00 (24/28): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00 (25/28): systemd-219-62.el7_6.5.x86_64.rpm | 5.1 MB 00:00:02 (26/28): systemd-sysv-219-62.el7_6.5.x86_64.rpm | 84 kB 00:00:02 (27/28): docker-ce-cli-18.09.3-3.el7.x86_64.rpm | 14 MB 00:00:05 (28/28): selinux-policy-targeted-3.13.1-229.el7_6.9.noarch.rpm | 6.9 MB 00:00:06 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 4.6 MB/s | 72 MB 00:00:15 Retrieving key from https://mirrors.aliyun.com/docker-ce/linux/centos/gpg Importing GPG key 0x621E9F35: Userid : "Docker Release (CE rpm) <docker@docker.com>" Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35 From : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : libsepol-2.5-10.el7.x86_64 1/43 Updating : libselinux-2.5-14.1.el7.x86_64 2/43 Updating : audit-libs-2.8.4-4.el7.x86_64 3/43 Updating : libsemanage-2.5-14.el7.x86_64 4/43 Updating : libselinux-utils-2.5-14.1.el7.x86_64 5/43 Updating : policycoreutils-2.5-29.el7_6.1.x86_64 6/43 Updating : selinux-policy-3.13.1-229.el7_6.9.noarch 7/43 Installing : lz4-1.7.5-2.el7.x86_64 8/43 Updating : systemd-libs-219-62.el7_6.5.x86_64 9/43 Updating : selinux-policy-targeted-3.13.1-229.el7_6.9.noarch 10/43 Installing : libsemanage-python-2.5-14.el7.x86_64 11/43 Installing : audit-libs-python-2.8.4-4.el7.x86_64 12/43 Installing : setools-libs-3.3.8-4.el7.x86_64 13/43 Updating : libselinux-python-2.5-14.1.el7.x86_64 14/43 Installing : 1:docker-ce-cli-18.09.3-3.el7.x86_64 15/43 Installing : checkpolicy-2.5-8.el7.x86_64 16/43 Installing : python-IPy-0.75-6.el7.noarch 17/43 Updating : cryptsetup-libs-2.0.3-3.el7.x86_64 18/43 Updating : systemd-219-62.el7_6.5.x86_64 19/43 Installing : libcgroup-0.41-20.el7.x86_64 20/43 Installing : policycoreutils-python-2.5-29.el7_6.1.x86_64 21/43 Installing : 2:container-selinux-2.74-1.el7.noarch 22/43 Updating : systemd-sysv-219-62.el7_6.5.x86_64 23/43 Installing : containerd.io-1.2.4-3.1.el7.x86_64 24/43 Installing : libseccomp-2.3.1-3.el7.x86_64 25/43 Installing : 3:docker-ce-18.09.3-3.el7.x86_64 26/43 Updating : audit-2.8.4-4.el7.x86_64 27/43 Updating : libgudev1-219-62.el7_6.5.x86_64 28/43 Cleanup : audit-2.4.1-5.el7.x86_64 29/43 Cleanup : selinux-policy-targeted-3.13.1-60.el7.noarch 30/43 Cleanup : selinux-policy-3.13.1-60.el7.noarch 31/43 Cleanup : systemd-sysv-219-19.el7.x86_64 32/43 Cleanup : policycoreutils-2.2.5-20.el7.x86_64 33/43 Cleanup : systemd-219-19.el7.x86_64 34/43 Cleanup : libsemanage-2.1.10-18.el7.x86_64 35/43 Cleanup : libselinux-utils-2.2.2-6.el7.x86_64 36/43 Cleanup : libselinux-python-2.2.2-6.el7.x86_64 37/43 Cleanup : libgudev1-219-19.el7.x86_64 38/43 Cleanup : systemd-libs-219-19.el7.x86_64 39/43 Cleanup : libselinux-2.2.2-6.el7.x86_64 40/43 Cleanup : libsepol-2.1.9-3.el7.x86_64 41/43 Cleanup : audit-libs-2.4.1-5.el7.x86_64 42/43 Cleanup : cryptsetup-libs-1.6.7-1.el7.x86_64 43/43 Verifying : libcgroup-0.41-20.el7.x86_64 1/43 Verifying : libseccomp-2.3.1-3.el7.x86_64 2/43 Verifying : 2:container-selinux-2.74-1.el7.noarch 3/43 Verifying : policycoreutils-2.5-29.el7_6.1.x86_64 4/43 Verifying : cryptsetup-libs-2.0.3-3.el7.x86_64 5/43 Verifying : audit-libs-2.8.4-4.el7.x86_64 6/43 Verifying : audit-2.8.4-4.el7.x86_64 7/43 Verifying : python-IPy-0.75-6.el7.noarch 8/43 Verifying : setools-libs-3.3.8-4.el7.x86_64 9/43 Verifying : systemd-219-62.el7_6.5.x86_64 10/43 Verifying : policycoreutils-python-2.5-29.el7_6.1.x86_64 11/43 Verifying : libgudev1-219-62.el7_6.5.x86_64 12/43 Verifying : systemd-libs-219-62.el7_6.5.x86_64 13/43 Verifying : libsemanage-python-2.5-14.el7.x86_64 14/43 Verifying : selinux-policy-3.13.1-229.el7_6.9.noarch 15/43 Verifying : libsemanage-2.5-14.el7.x86_64 16/43 Verifying : selinux-policy-targeted-3.13.1-229.el7_6.9.noarch 17/43 Verifying : lz4-1.7.5-2.el7.x86_64 18/43 Verifying : libsepol-2.5-10.el7.x86_64 19/43 Verifying : checkpolicy-2.5-8.el7.x86_64 20/43 Verifying : systemd-sysv-219-62.el7_6.5.x86_64 21/43 Verifying : libselinux-python-2.5-14.1.el7.x86_64 22/43 Verifying : audit-libs-python-2.8.4-4.el7.x86_64 23/43 Verifying : libselinux-utils-2.5-14.1.el7.x86_64 24/43 Verifying : 1:docker-ce-cli-18.09.3-3.el7.x86_64 25/43 Verifying : libselinux-2.5-14.1.el7.x86_64 26/43 Verifying : 3:docker-ce-18.09.3-3.el7.x86_64 27/43 Verifying : containerd.io-1.2.4-3.1.el7.x86_64 28/43 Verifying : systemd-sysv-219-19.el7.x86_64 29/43 Verifying : selinux-policy-targeted-3.13.1-60.el7.noarch 30/43 Verifying : libsemanage-2.1.10-18.el7.x86_64 31/43 Verifying : libgudev1-219-19.el7.x86_64 32/43 Verifying : systemd-219-19.el7.x86_64 33/43 Verifying : selinux-policy-3.13.1-60.el7.noarch 34/43 Verifying : systemd-libs-219-19.el7.x86_64 35/43 Verifying : libselinux-utils-2.2.2-6.el7.x86_64 36/43 Verifying : cryptsetup-libs-1.6.7-1.el7.x86_64 37/43 Verifying : libsepol-2.1.9-3.el7.x86_64 38/43 Verifying : libselinux-python-2.2.2-6.el7.x86_64 39/43 Verifying : audit-libs-2.4.1-5.el7.x86_64 40/43 Verifying : policycoreutils-2.2.5-20.el7.x86_64 41/43 Verifying : audit-2.4.1-5.el7.x86_64 42/43 Verifying : libselinux-2.2.2-6.el7.x86_64 43/43 Installed: docker-ce.x86_64 3:18.09.3-3.el7 Dependency Installed: audit-libs-python.x86_64 0:2.8.4-4.el7 checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.74-1.el7 containerd.io.x86_64 0:1.2.4-3.1.el7 docker-ce-cli.x86_64 1:18.09.3-3.el7 libcgroup.x86_64 0:0.41-20.el7 libseccomp.x86_64 0:2.3.1-3.el7 libsemanage-python.x86_64 0:2.5-14.el7 lz4.x86_64 0:1.7.5-2.el7 policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7 Updated: systemd.x86_64 0:219-62.el7_6.5 Dependency Updated: audit.x86_64 0:2.8.4-4.el7 audit-libs.x86_64 0:2.8.4-4.el7 cryptsetup-libs.x86_64 0:2.0.3-3.el7 libgudev1.x86_64 0:219-62.el7_6.5 libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7 libselinux-utils.x86_64 0:2.5-14.1.el7 libsemanage.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7 policycoreutils.x86_64 0:2.5-29.el7_6.1 selinux-policy.noarch 0:3.13.1-229.el7_6.9 selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 systemd-libs.x86_64 0:219-62.el7_6.5 systemd-sysv.x86_64 0:219-62.el7_6.5 Complete! [root@node101.yinzhengjie.org.cn ~]#
4>.使用案例的镜像加速器(须要登陆阿里云帐号)
5>.Docker 中国官方镜像加速(不须要登陆)
除了使用阿里云帐号的加速器,我们还可使用 其余的加速方式:https://www.docker-cn.com/registry-mirror。
6>.启动docker
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# mkdir /etc/docker [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# vi /etc/docker/daemon.json [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"] } [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# systemctl start docker [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker Usage: docker [OPTIONS] COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/root/.docker") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: builder Manage builds config Manage Docker configs container Manage containers engine Manage the docker engine image Manage images network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes Run 'docker COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
7>.查看docker信息
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker version Client: Version: 18.09.3 API version: 1.39 Go version: go1.10.8 Git commit: 774a1f4 Built: Thu Feb 28 06:33:21 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 18.09.3 API version: 1.39 (minimum version 1.12) Go version: go1.10.8 Git commit: 774a1f4 Built: Thu Feb 28 06:02:24 2019 OS/Arch: linux/amd64 Experimental: false [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.09.3 Storage Driver: devicemapper Pool Name: docker-8:3-134564763-pool Pool Blocksize: 65.54kB Base Device Size: 10.74GB Backing Filesystem: xfs Udev Sync Supported: true Data file: /dev/loop0 Metadata file: /dev/loop1 Data loop file: /var/lib/docker/devicemapper/devicemapper/data Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 11.8MB Data Space Total: 107.4GB Data Space Available: 49.96GB Metadata Space Used: 581.6kB Metadata Space Total: 2.147GB Metadata Space Available: 2.147GB Thin Pool Minimum Free Space: 10.74GB Deferred Removal Enabled: true Deferred Deletion Enabled: true Deferred Deleted Device Count: 0 Library Version: 1.02.107-RHEL7 (2015-10-14) Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: e6b3f5632f50dbc4e9cb6288d911bf4f5e95b18e runc version: 6635b4f0c6af3810594d2770f662f34ddc15b40d init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-327.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.688GiB Name: node101.yinzhengjie.org.cn ID: BHP7:OYDA:JWKP:ALPE:E7PX:RVJV:HHXC:JIJ6:IOCV:AWMK:LQFI:7IYH Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://tuv7rqqq.mirror.aliyuncs.com/ Live Restore Enabled: false Product License: Community Engine WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release. WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. [root@node101.yinzhengjie.org.cn ~]#
六.Docker的经常使用操做
1>.查看命令的帮助信息
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image --help Usage: docker image COMMAND Manage images Commands: build Build an image from a Dockerfile history Show the history of an image import Import the contents from a tarball to create a filesystem image inspect Display detailed information on one or more images load Load an image from a tar archive or STDIN ls List images prune Remove unused images pull Pull an image or a repository from a registry push Push an image or a repository to a registry rm Remove one or more images save Save one or more images to a tar archive (streamed to STDOUT by default) tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE Run 'docker image COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker container --help Usage: docker container COMMAND Manage containers Commands: attach Attach local standard input, output, and error streams to a running container commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem exec Run a command in a running container export Export a container's filesystem as a tar archive inspect Display detailed information on one or more containers kill Kill one or more running containers logs Fetch the logs of a container ls List containers pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container prune Remove all stopped containers rename Rename a container restart Restart one or more containers rm Remove one or more containers run Run a command in a new container start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers wait Block until one or more containers stop, then print their exit codes Run 'docker container COMMAND --help' for more information on a command. [root@node101.yinzhengjie.org.cn ~]#
2>.docker event state
3>.获取docker镜像-redis(docker官方的镜像下载地址:https://hub.docker.com/)
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker search redis NAME DESCRIPTION STARS OFFICIAL AUTOMATED redis Redis is an open source key-value store that… 6677 [OK] bitnami/redis Bitnami Redis Docker Image 107 [OK] sameersbn/redis 76 [OK] grokzen/redis-cluster Redis cluster 3.0, 3.2, 4.0 & 5.0 44 hypriot/rpi-redis Raspberry Pi compatible redis image 33 kubeguide/redis-master redis-master with "Hello World!" 28 rediscommander/redis-commander Alpine image for redis-commander - Redis man… 21 [OK] redislabs/redis Clustered in-memory database engine compatib… 19 redislabs/redisearch Redis With the RedisSearch module pre-loaded… 15 arm32v7/redis Redis is an open source key-value store that… 14 oliver006/redis_exporter Prometheus Exporter for Redis Metrics. Supp… 10 webhippie/redis Docker images for Redis 10 [OK] insready/redis-stat Docker image for the real-time Redis monitor… 7 [OK] s7anley/redis-sentinel-docker Redis Sentinel 7 [OK] rtoma/logspout-redis-logstash Logspout including Redis adapter for sending… 5 arm64v8/redis Redis is an open source key-value store that… 5 centos/redis-32-centos7 Redis in-memory data structure store, used a… 4 redislabs/redisgraph A graph database module for Redis 4 [OK] wodby/redis Redis container image with orchestration 2 [OK] frodenas/redis A Docker Image for Redis 2 [OK] circleci/redis CircleCI images for Redis 2 [OK] tiredofit/redis Redis Server w/ Zabbix monitoring and S6 Ove… 1 [OK] cflondonservices/redis Docker image for running redis 0 xetamus/redis-resource forked redis-resource 0 [OK] iadvize/redis 0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker pull redis:4-alpine 4-alpine: Pulling from library/redis 8e402f1a9c57: Pull complete 4c2113a1bbc9: Pull complete a4b5ad98d179: Pull complete 41457a7cc0c5: Pull complete f987c6e1a2b3: Pull complete 2a3ef38f1fd4: Pull complete Digest: sha256:7a543f606ea3e055a18ccbda719fb1e04f6922078f733cb39863619983e05031 Status: Downloaded newer image for redis:4-alpine [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE redis 4-alpine adbfeec2927e 3 days ago 36.2MB [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE redis 4-alpine adbfeec2927e 3 days ago 36.2MB [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image inspect redis:4-alpine [ { "Id": "sha256:adbfeec2927ea132da957bac11f683ae695bbcbf65afc9d60020f9d1ad95668a", "RepoTags": [ "redis:4-alpine" ], "RepoDigests": [ "redis@sha256:7a543f606ea3e055a18ccbda719fb1e04f6922078f733cb39863619983e05031" ], "Parent": "", "Comment": "", "Created": "2019-03-19T21:38:25.77087877Z", "Container": "b6c63fa16c4cbd45cf0e3c1d96845cf4316b7c43fdcadf22617c7fc60f365e3f", "ContainerConfig": { "Hostname": "b6c63fa16c4c", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ "/bin/sh", "-c", "#(nop) ", "CMD [\"redis-server\"]" ], "ArgsEscaped": true, "Image": "sha256:44db1a08fc16d4dfbf4519cbd8d0ca0a33cd3871d0e92ba8c74bf177f356e889", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": {} }, "DockerVersion": "18.06.1-ce", "Author": "", "Config": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ "redis-server" ], "ArgsEscaped": true, "Image": "sha256:44db1a08fc16d4dfbf4519cbd8d0ca0a33cd3871d0e92ba8c74bf177f356e889", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": null }, "Architecture": "amd64", "Os": "linux", "Size": 36192469, "VirtualSize": 36192469, "GraphDriver": { "Data": { "DeviceId": "7", "DeviceName": "docker-8:3-134564763-f6b941f961280569e170c2ba9ebe9ec5d849609596eb865fdf58d14282279955", "DeviceSize": "10737418240" }, "Name": "devicemapper" }, "RootFS": { "Type": "layers", "Layers": [ "sha256:bcf2f368fe234217249e00ad9d762d8f1a3156d60c442ed92079fa5b120634a1", "sha256:53b9ee4aa890cdf6fb54072145bc91e6e9f75aa37f49eeef7e177503449f4124", "sha256:abd36062f9fec1abd0b1a104476b3700763a9fdf6ea8ddc18687dea0609bb864", "sha256:f55d74f1440715c06b12175fc1afbfa9e872d3b9cceb4194e3f13640b8aef100", "sha256:8e10865a11e52a9812472898d45d46a151c71aef4aa20e361d1ce92790891056", "sha256:84b5f025422880a5dbb6536ef9053cfa515e09fb46bd6bf3b92c8e6f29fcdaf2" ] }, "Metadata": { "LastTagTime": "0001-01-01T00:00:00Z" } } ] [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
4>.启获取docker镜像-CentOS
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker container run --help Usage: docker container run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container Options: --add-host list Add a custom host-to-IP mapping (host:ip) -a, --attach list Attach to STDIN, STDOUT or STDERR --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) --blkio-weight-device list Block IO weight (relative device weight) (default []) --cap-add list Add Linux capabilities --cap-drop list Drop Linux capabilities --cgroup-parent string Optional parent cgroup for the container --cidfile string Write the container ID to the file --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota --cpu-rt-period int Limit CPU real-time period in microseconds --cpu-rt-runtime int Limit CPU real-time runtime in microseconds -c, --cpu-shares int CPU shares (relative weight) --cpus decimal Number of CPUs --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) -d, --detach Run container in background and print container ID --detach-keys string Override the key sequence for detaching a container --device list Add a host device to the container --device-cgroup-rule list Add a rule to the cgroup allowed devices list --device-read-bps list Limit read rate (bytes per second) from a device (default []) --device-read-iops list Limit read rate (IO per second) from a device (default []) --device-write-bps list Limit write rate (bytes per second) to a device (default []) --device-write-iops list Limit write rate (IO per second) to a device (default []) --disable-content-trust Skip image verification (default true) --dns list Set custom DNS servers --dns-option list Set DNS options --dns-search list Set custom DNS search domains --entrypoint string Overwrite the default ENTRYPOINT of the image -e, --env list Set environment variables --env-file list Read in a file of environment variables --expose list Expose a port or a range of ports --group-add list Add additional groups to join --health-cmd string Command to run to check health --health-interval duration Time between running the check (ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy --health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) --health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name --init Run an init inside the container that forwards signals and reaps processes -i, --interactive Keep STDIN open even if not attached --ip string IPv4 address (e.g., 172.30.100.104) --ip6 string IPv6 address (e.g., 2001:db8::33) --ipc string IPC mode to use --isolation string Container isolation technology --kernel-memory bytes Kernel memory limit -l, --label list Set meta data on a container --label-file list Read in a line delimited file of labels --link list Add link to another container --link-local-ip list Container IPv4/IPv6 link-local addresses --log-driver string Logging driver for the container --log-opt list Log driver options --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory bytes Memory limit --memory-reservation bytes Memory soft limit --memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) --mount mount Attach a filesystem mount to the container --name string Assign a name to the container --network string Connect a container to a network (default "default") --network-alias list Add network-scoped alias for the container --no-healthcheck Disable any container-specified HEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) --pid string PID namespace to use --pids-limit int Tune container pids limit (set -1 for unlimited) --privileged Give extended privileges to this container -p, --publish list Publish a container's port(s) to the host -P, --publish-all Publish all exposed ports to random ports --read-only Mount the container's root filesystem as read only --restart string Restart policy to apply when a container exits (default "no") --rm Automatically remove the container when it exits --runtime string Runtime to use for this container --security-opt list Security Options --shm-size bytes Size of /dev/shm --sig-proxy Proxy received signals to the process (default true) --stop-signal string Signal to stop a container (default "SIGTERM") --stop-timeout int Timeout (in seconds) to stop a container --storage-opt list Storage driver options for the container --sysctl map Sysctl options (default map[]) --tmpfs list Mount a tmpfs directory -t, --tty Allocate a pseudo-TTY --ulimit ulimit Ulimit options (default []) -u, --user string Username or UID (format: <name|uid>[:<group|gid>]) --userns string User namespace to use --uts string UTS namespace to use -v, --volume list Bind mount a volume --volume-driver string Optional volume driver for the container --volumes-from list Mount volumes from the specified container(s) -w, --workdir string Working directory inside the container [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker image pull centos:7 7: Pulling from library/centos 8ba884070f61: Pull complete Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861 Status: Downloaded newer image for centos:7 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker run -it --name test-centos7 centos:7 /bin/bash docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:293: copying bootstrap data to pipe caused \"write init-p: broken pipe\"": unknown. [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# docker run -it --name test centos:7 /bin/bash [root@d833df2d9ded /]# [root@d833df2d9ded /]# hostname d833df2d9ded [root@d833df2d9ded /]# [root@d833df2d9ded /]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@d833df2d9ded /]# [root@d833df2d9ded /]# exit exit [root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# [root@node101.yinzhengjie.org.cn ~/Downloads]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node101.yinzhengjie.org.cn ~/Downloads]#
[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker run -it --name test centos:7 /bin/bash [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# yum -y install net-tools Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.nwsuaf.edu.cn * extras: mirrors.nwsuaf.edu.cn * updates: mirrors.nwsuaf.edu.cn base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/4): base/7/x86_64/primary_db | 6.0 MB 00:00:00 (2/4): extras/7/x86_64/primary_db | 187 kB 00:00:04 (3/4): base/7/x86_64/group_gz | 166 kB 00:00:06 (4/4): updates/7/x86_64/primary_db | 3.4 MB 00:01:30 Resolving Dependencies --> Running transaction check ---> Package net-tools.x86_64 0:2.0-0.24.20131004git.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================= Installing: net-tools x86_64 2.0-0.24.20131004git.el7 base 306 k Transaction Summary ============================================================================================================================================================================= Install 1 Package Total download size: 306 k Installed size: 918 k Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.24.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for net-tools-2.0-0.24.20131004git.el7.x86_64.rpm is not installed net-tools-2.0-0.24.20131004git.el7.x86_64.rpm | 306 kB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-6.1810.2.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Verifying : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Installed: net-tools.x86_64 0:2.0-0.24.20131004git.el7 Complete! [root@d7a717a5f2fd /]#
[root@d7a717a5f2fd /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) RX packets 3175 bytes 10682718 (10.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3174 bytes 174670 (170.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 [root@d7a717a5f2fd /]# [root@d7a717a5f2fd /]# exit exit [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:c5:a1:05:86 txqueuelen 0 (Ethernet) RX packets 3179 bytes 130434 (127.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3175 bytes 10682718 (10.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 00:0c:29:fe:9b:ef txqueuelen 1000 (Ethernet) RX packets 148755 bytes 181214006 (172.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 48024 bytes 3569703 (3.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 64 bytes 5792 (5.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 64 bytes 5792 (5.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 54 packets, 3711 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 2 packets, 464 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 79 packets, 5930 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 79 packets, 5930 bytes) pkts bytes target prot opt in out source destination 52 3247 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# iptables -t filter -vnL Chain INPUT (policy ACCEPT 26257 packets, 98M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5751 9807K DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0 5751 9807K DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0 2885 9689K ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 2866 118K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 25740 packets, 1159K bytes) pkts bytes target prot opt in out source destination Chain DOCKER (1 references) pkts bytes target prot opt in out source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 2866 118K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 5751 9807K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0 2866 118K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 5751 9807K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
5>.查看docker容器的运行状态
[root@node101.yinzhengjie.org.cn ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" 12 seconds ago Up 10 seconds test2 d7a717a5f2fd centos:7 "/bin/bash" 7 minutes ago Exited (127) 5 minutes ago test [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# docker container ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" 55 seconds ago Up 54 seconds test2 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20f52b7776da centos:7 "/bin/bash" About a minute ago Up About a minute test2 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
相关文章
- 1. 01 docker容器技术基础入门
- 2. Docker容器技术基础入门
- 3. 容器技术之Docker基础入门
- 4. 01-docker容器技术基础入门
- 5. 1.docker容器技术基础入门
- 6. docker容器技术基础入门
- 7. docker第一篇 容器技术入门
- 8. docker容器技术基础
- 9. 容器技术-入门篇
- 10. 【个人Linux,我作主!】Docker容器技术基础入门
- 更多相关文章...
- • Docker 容器连接 - Docker教程
- • Docker 容器使用 - Docker教程
- • Docker容器实战(一) - 封神Server端技术
- • Docker容器实战(七) - 容器眼光下的文件系统
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章
- 1. 01 docker容器技术基础入门
- 2. Docker容器技术基础入门
- 3. 容器技术之Docker基础入门
- 4. 01-docker容器技术基础入门
- 5. 1.docker容器技术基础入门
- 6. docker容器技术基础入门
- 7. docker第一篇 容器技术入门
- 8. docker容器技术基础
- 9. 容器技术-入门篇
- 10. 【个人Linux,我作主!】Docker容器技术基础入门