C语言学习网

Docker 基础

发表于:2022-11-27 作者:安全数据网编辑
编辑最后更新 2022年11月27日,Docker基础一(基本配置)1、 配置docker0 ip地址;root@Userver01:~# cat /etc/docker/daemon.json{"bip": "172.16.10.1/2

Docker基础一(基本配置)

1、 配置docker0 ip地址;

root@Userver01:~# cat /etc/docker/daemon.json

{

"bip": "172.16.10.1/24"

}

root@Userver01:~# systemctl restart docker.service

root@Userver01:~# ip add l

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens32: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:cd:a0:83 brd ff:ff:ff:ff:ff:ff

inet 172.16.251.131/24 brd 172.16.251.255 scope global ens32

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fecd:a083/64 scope link

valid_lft forever preferred_lft forever

3: docker0: mtu 1500 qdisc noqueue state DOWN group default

link/ether 02:42:80:e8:b3:52 brd ff:ff:ff:ff:ff:ff

inet 172.16.10.1/24 brd 172.16.10.255 scope global docker0

valid_lft forever preferred_lft forever

2、 配置docker加速器;

root@Userver01:~# cat /etc/docker/daemon.json

{

"bip": "172.16.10.1/24",

"registry-mirrors": ["http://5dd4061a.m.daocloud.io"]

}

root@Userver01:~# systemctl restart docker.service

root@Userver01:~# docker info

Containers: 0

Running: 0

Paused: 0

Stopped: 0

Images: 0

Server Version: 18.09.0

Storage Driver: overlay2

Backing Filesystem: extfs

Supports d_type: true

Native Overlay Diff: true

Logging Driver: json-file

Cgroup Driver: cgroupfs

Plugins:

Volume: local

Network: bridge host macvlan null overlay

Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog

Swarm: inactive

Runtimes: runc

Default Runtime: runc

Init Binary: docker-init

containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39

runc version: 4fc53a81fb7c994640722ac585fa9ca548971871

init version: fec3683

Security Options:

apparmor

seccomp

Profile: default

Kernel Version: 4.4.0-131-generic

Operating System: Ubuntu 16.04.5 LTS

OSType: linux

Architecture: x86_64

CPUs: 8

Total Memory: 15.65GiB

Name: Userver01

ID: NB22:HKEI:YEOY:A2F4:TXZP:GEQO:OUME:CT4M:ENYA:VWIM:XXHG:KVK5

Docker Root Dir: /var/lib/docker

Debug Mode (client): false

Debug Mode (server): false

Registry: https://index.docker.io/v1/

Labels:

Experimental: false

Insecure Registries:

127.0.0.0/8

Registry Mirrors:

http://5dd4061a.m.daocloud.io/

Live Restore Enabled: false

Product License: Community Engine

WARNING: No swap limit support

3、 配置docker服务日志格式;

root@Userver01:~# cat /etc/docker/daemon.json

{

"bip": "172.16.10.1/24",

"registry-mirrors": ["http://5dd4061a.m.daocloud.io"],

"log-driver": "journald"

}

root@Userver01:~# systemctl restart docker.service

root@Userver01:~# journalctl -xe _SYSTEMD_UNIT=docker.service

Nov 26 16:40:20 Userver01 dockerd[1979]: time="2018-11-26T16:40:20.462003344+08:00" level=info msg="Loading containers: start."

Nov 26 16:40:20 Userver01 dockerd[1979]: time="2018-11-26T16:40:20.630612895+08:00" level=info msg="Loading containers: done."

Nov 26 16:40:20 Userver01 dockerd[1979]: time="2018-11-26T16:40:20.678251298+08:00" level=info msg="Docker daemon" commit=4d60db4 graphdriver(s)=o

Nov 26 16:40:20 Userver01 dockerd[1979]: time="2018-11-26T16:40:20.678752739+08:00" level=info msg="Daemon has completed initialization"

4、 配置docker dns;

root@Userver01:~# cat /etc/docker/daemon.json

{

"bip": "172.16.10.1/24",

"registry-mirrors": ["http://5dd4061a.m.daocloud.io"],

"log-driver": "journald",

"dns": ["223.5.5.5","223.6.6.6"]

}

root@Userver01:~# systemctl restart docker.service

5、 运行容器;

root@Userver01:~# docker run -d nginx:1.15

Unable to find image 'nginx:1.15' locally

1.15: Pulling from library/nginx

a5a6f2f73cd8: Pull complete

67da5fbcb7a0: Pull complete

e82455fa5628: Pull complete

Digest: sha256:372965e4f3a1d60ec5be171f839dfe9f8ea076700144f042bae87700a20c9ded

Status: Downloaded newer image for nginx:1.15

246b049b64e32ef924e30a0d614537061cf12a8d1a0408f469dbcf1030c0d554

root@Userver01:~# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

246b049b64e3 nginx:1.15 "nginx -g 'daemon of…" 22 seconds ago Up 21 seconds 80/tcp xenodochial_swirles

6、 登录容器系统;

root@Userver01:~# docker exec -it 246 /bin/bash

root@246b049b64e3:/# cat /etc/resolv.conf

search localdomain

nameserver 223.5.5.5

nameserver 223.6.6.6


Docker基础二(容器管理)

1、 运行容器

# 启动一个httpd容器,使其在后台运行并将其80端口映射到宿主机80端口

root@Userver01:~# docker run -d -p 80:80 httpd

Unable to find image 'httpd:latest' locally

latest: Pulling from library/httpd

a5a6f2f73cd8: Already exists

ac13924397e3: Pull complete

91b81769f14a: Pull complete

fec7170426de: Pull complete

992c7790d5f3: Pull complete

Digest: sha256:63dba1dad8fe8a920226a631f8189d736b4a5129c2d2edc046a46f36ffc0091c

Status: Downloaded newer image for httpd:latest

b911f2812e516b140f69f412923264670074ec83e4b7aef186041f0e40d57cd4

root@Userver01:~# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

b911f2812e51 httpd "httpd-foreground" 42 seconds ago Up 41 seconds 0.0.0.0:80->80/tcp modest_vaughan

# 启动一个ubuntu 16.04的容器,打印完"hello world"即退出

root@Userver01:~# docker run ubuntu:16.04 /bin/echo "hello world."

Unable to find image 'ubuntu:16.04' locally

16.04: Pulling from library/ubuntu

7b8b6451c85f: Pull complete

ab4d1096d9ba: Pull complete

e6797d1788ac: Pull complete

e25c5c290bde: Pull complete

Digest: sha256:e547ecaba7d078800c358082088e6cc710c3affd1b975601792ec701c80cdd39

Status: Downloaded newer image for ubuntu:16.04

hello world.

root@Userver01:~# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

4683e7b221b7 ubuntu:16.04 "/bin/echo 'hello wo…" 28 seconds ago Exited (0) 27 seconds ago pedantic_swirles

b911f2812e51 httpd "httpd-foreground" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp modest_vaughan

2、 容器的启动过程说明:

•检查本地是否存在指定的镜像,如果没有就从指定的仓库下载

•利用镜像启动一个容器

•分配一个文件系统,并在只读的镜像层外面挂载一层可读写层

•从宿主机配置的网桥接口中桥接一个虚拟接口到容器中去

•从地址池配置一个IP给容器

•执行用户指定的程序

•执行完毕后停止容器

3、 docker run常用选项说明

-t:配置一个伪终端并绑定到容器的标准输入上

-i:让容器的标准输入保持打开

-d:将容器放入后台运行

-c:指定分配该容器的cpu分片

-m:指定分配给该容器的内存大小,单位为B,K,M,G

4、 查看当前节点上的容器状态

docker ps #查看当前正在运行的容器

选项:

-a:查看所有容器,包括停止的

-q:只显示容器ID

-l:显示最后一次创建的容器

root@Userver01:~# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

a5a204b817cc ubuntu:16.04 "/bin/bash" 9 minutes ago Exited (0) 9 minutes ago gifted_tereshkova

4683e7b221b7 ubuntu:16.04 "/bin/echo 'hello wo…" 18 minutes ago Exited (0) 18 minutes ago pedantic_swirles

b911f2812e51 httpd "httpd-foreground" 21 minutes ago Up 21 minutes 0.0.0.0:80->80/tcp modest_vaughan

root@Userver01:~# docker ps -q

b911f2812e51

root@Userver01:~# docker ps -qa

a5a204b817cc

4683e7b221b7

b911f2812e51

root@Userver01:~# docker ps -ql

a5a204b817cc

5、 进入容器

docker exec -it <容器id/容器name> /bin/bash

root@Userver01:~# docker ps -qa

a5a204b817cc

4683e7b221b7

b911f2812e51

root@Userver01:~# docker exec -it b9 /bin/bash

root@b911f2812e51:/usr/local/apache2#

6、 容器按用途大致可分为两类:

•服务类容器,如webserver、database等

•工具类容器,如curl容器、redis-cli容器等

7、 容器的启停操作

# 容器的创建:

docker create

# 容器的启动:

docker start <容器id>

# 容器的停止:

docker stop <容器id>

docker kill <容器id>

# 容器的重启:

docker restart <容器id>

# 容器的删除:

docker rm <容器id>

选项:

-f:强行终止并删除一个运行中的容器

-v:删除容器挂载的数据卷

# 暂停容器:

docker pause <容器id>

# 从暂停中恢复:

docker unpause <容器id>

8、 容器生命周期管理

9、 容器资源限制

内存限制

-m:允许分配的内存大小

--memory-swap:允许分配的内存和swap的总大小

--memory-swapiness:控制内存与swap置换的比例

启动一个ubuntu容器,限制内存为200M, 内存与swap的总和为300M:

docker run -it -m 200M --memory-swap 300M ubuntu:16.04

CPU限制

docker可以通过-c--cpu-shares设置容器使用的cpu的权重。如果不指定默认为1024

docker run --name container_A -c 1024 ubuntu

docker run --name container_B -c 512 ubuntu

container_Acpu share 1024,是 container_B 的两倍。当两个容器都需要 CPU 资源时,container_A可以得到的 CPU container_B的两倍。

io 限制

•--device-read-bps,限制读某个设备的 bps

•--device-write-bps,限制写某个设备的 bps

•--device-read-iops,限制读某个设备的 iops

•--device-write-iops,限制写某个设备的 iops

# 创建一个容器,限制写的bps30M

docker run -it --device-write-bps /dev/sda:30MB ubuntu

Docker基础二(镜像管理)

1、 镜像命名

一个完整的镜像命名:

[Docker Registry地址/][项目目录/]<名称>:[标签]

示例:

mysql:5.6

ubuntu

hub.docker.com/library/centos:6.6

2、 获取镜像

root@Userver01:~# docker pull ubuntu:16.04

16.04: Pulling from library/ubuntu

7b8b6451c85f: Already exists

ab4d1096d9ba: Already exists

e6797d1788ac: Already exists

e25c5c290bde: Already exists

Digest: sha256:e547ecaba7d078800c358082088e6cc710c3affd1b975601792ec701c80cdd39

Status: Downloaded newer image for ubuntu:16.04

3、 查看镜像信息

root@Userver01:~# docker image ls

REPOSITORY TAG IMAGE ID CREATED SIZE

ubuntu 16.04 a51debf7e1eb 7 days ago 116MB

nginx 1.15 e81eb098537d 10 days ago 109MB

httpd latest 2a51bb06dc8b 11 days ago 132MB

centos 6.6 4e1ad2ce7f78 6 weeks ago 203MB

root@Userver01:~# docker inspect a51

[

{

"Id": "sha256:a51debf7e1eb2018400cef1e4b01f2e9f591f6c739de7b5d6c142f954f3715a7",

"RepoTags": [

"ubuntu:16.04"

],

"RepoDigests": [

"ubuntu@sha256:e547ecaba7d078800c358082088e6cc710c3affd1b975601792ec701c80cdd39"

],

"Parent": "",

"Comment": "",

"Created": "2018-11-19T21:23:53.455319926Z",

"Container": "f4879d05f303ba132b6cc82988306e44819b9d0872dc891d864374d3a9b51b08",

"ContainerConfig": {

"Hostname": "f4879d05f303",

"Domainname": "",

"User": "",

"AttachStdin": false,

"AttachStdout": false,

"AttachStderr": false,

"Tty": false,

"OpenStdin": false,

"StdinOnce": false,

"Env": [

"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

],

"Cmd": [

"/bin/sh",

"-c",

"#(nop) ",

"CMD [\"/bin/bash\"]"

],

"ArgsEscaped": true,

"Image": "sha256:d6ab6854552cda39995558786e1690e20092af93f8145294473ac62fd76c9b1b",

"Volumes": null,

"WorkingDir": "",

"Entrypoint": null,

"OnBuild": null,

"Labels": {}

},

"DockerVersion": "17.06.2-ce",

"Author": "",

"Config": {

"Hostname": "",

"Domainname": "",

"User": "",

"AttachStdin": false,

"AttachStdout": false,

"AttachStderr": false,

"Tty": false,

"OpenStdin": false,

"StdinOnce": false,

"Env": [

"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

],

"Cmd": [

"/bin/bash"

],

"ArgsEscaped": true,

"Image": "sha256:d6ab6854552cda39995558786e1690e20092af93f8145294473ac62fd76c9b1b",

"Volumes": null,

"WorkingDir": "",

"Entrypoint": null,

"OnBuild": null,

"Labels": null

},

"Architecture": "amd64",

"Os": "linux",

"Size": 116379573,

"VirtualSize": 116379573,

"GraphDriver": {

"Data": {

"LowerDir": "/var/lib/docker/overlay2/d24cfbca95c7fb4a2653aed1fef5e854164d5e452ec1ca1f08d256a841ec9cbe/diff:/var/lib/docker/overlay2/1bc9dd6a582662525ae316dca49703acbcc8087c0549354c622cd0c4eb7095de/diff:/var/lib/docker/overlay2/402ffcd593a76628eb8f3b6dd843b195396729227e55c51c896089ca668770ef/diff",

"MergedDir": "/var/lib/docker/overlay2/6f5f819b34a36a3cd93e84d2a12a86a3e61f5663a7401ae73cd308211cc3329f/merged",

"UpperDir": "/var/lib/docker/overlay2/6f5f819b34a36a3cd93e84d2a12a86a3e61f5663a7401ae73cd308211cc3329f/diff",

"WorkDir": "/var/lib/docker/overlay2/6f5f819b34a36a3cd93e84d2a12a86a3e61f5663a7401ae73cd308211cc3329f/work"

},

"Name": "overlay2"

},

"RootFS": {

"Type": "layers",

"Layers": [

"sha256:41c002c8a6fd36397892dc6dc36813aaa1be3298be4de93e4fe1f40b9c358d99",

"sha256:647265b9d8bc572a858ab25a300c07c0567c9124390fd91935430bf947ee5c2a",

"sha256:819a824caf709f224c414a56a2fa0240ea15797ee180e73abe4ad63d3806cae5",

"sha256:3db5746c911ad8c3398a6b72aa30580b25b6edb130a148beed4d405d9c345a29"

]

},

"Metadata": {

"LastTagTime": "0001-01-01T00:00:00Z"

}

}

]

4、 为镜像创建tag

root@Userver01:~# docker tag ubuntu:16.04 dl.dockerpool.com/library/ubuntu:16.04v1

root@Userver01:~# docker image ls

REPOSITORY TAG IMAGE ID CREATED SIZE

dl.dockerpool.com/library/ubuntu 16.04v1 a51debf7e1eb 7 days ago 116MB

ubuntu 16.04 a51debf7e1eb 7 days ago 116MB

nginx 1.15 e81eb098537d 10 days ago 109MB

httpd latest 2a51bb06dc8b 11 days ago 132MB

centos 6.6 4e1ad2ce7f78 6 weeks ago 203MB

5、 搜索镜像

root@Userver01:~# docker search mysql

NAME DESCRIPTION STARS OFFICIAL AUTOMATED

mysql MySQL is a widely used, open-source relation… 7407 [OK]

mariadb MariaDB is a community-developed fork of MyS… 2376 [OK]

mysql/mysql-server Optimized MySQL Server Docker images. Create… 552 [OK]

zabbix/zabbix-server-mysql Zabbix Server with MySQL database support 145 [OK]

hypriot/rpi-mysql RPi-compatible Docker Image with Mysql 102

zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server wi… 77 [OK]

centurylink/mysql Image containing mysql. Optimized to be link… 59 [OK]

1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 47 [OK]

6、 删除镜像(注:如果镜像有容器生成,需要先删除容器)

#如果一个镜像有多个tag,只会删除指定的tag,镜像本身不会删除,如果docker rmi后指定镜像ID,则所有tag都会被删除

root@Userver01:~# docker rmi dl.dockerpool.com/library/ubuntu:16.04v1

Untagged: dl.dockerpool.com/library/ubuntu:16.04v1

root@Userver01:~# docker image ls

REPOSITORY TAG IMAGE ID CREATED SIZE

ubuntu 16.04 a51debf7e1eb 7 days ago 116MB

nginx 1.15 e81eb098537d 10 days ago 109MB

httpd latest 2a51bb06dc8b 11 days ago 132MB

centos 6.6 4e1ad2ce7f78 6 weeks ago 203MB

root@Userver01:~# docker rmi ubuntu:16.04

Error response from daemon: conflict: unable to remove repository reference "ubuntu:16.04" (must force) - container 4683e7b221b7 is using its referenced image a51debf7e1eb

root@Userver01:~# docker rmi ubuntu:16.04 -f

Untagged: ubuntu:16.04

Untagged: ubuntu@sha256:e547ecaba7d078800c358082088e6cc710c3affd1b975601792ec701c80cdd39

Deleted: sha256:a51debf7e1eb2018400cef1e4b01f2e9f591f6c739de7b5d6c142f954f3715a7

root@Userver01:~# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

a5a204b817cc a51debf7e1eb "/bin/bash" About an hour ago Exited (0) About an hour ago gifted_tereshkova

4683e7b221b7 a51debf7e1eb "/bin/echo 'hello wo…" About an hour ago Exited (0) About an hour ago pedantic_swirles

b911f2812e51 httpd "httpd-foreground" About an hour ago Up About an hour 0.0.0.0:80->80/tcp modest_vaughan

root@Userver01:~# docker image ls

REPOSITORY TAG IMAGE ID CREATED SIZE

nginx 1.15 e81eb098537d 10 days ago 109MB

httpd latest 2a51bb06dc8b 11 days ago 132MB

centos 6.6 4e1ad2ce7f78 6 weeks ago 203MB

# 删除无标签镜像(即为none)

root@Userver01:~# docker rmi $(docker images -q --filter "dangling=true")

7、 导出和载入镜像

root@Userver01:~# docker save -o ubuntu_16.04.tar ubuntu:16.04

root@Userver01:~# docker rmi ubuntu:16.04 -f

Untagged: ubuntu:16.04

Deleted: sha256:a51debf7e1eb2018400cef1e4b01f2e9f591f6c739de7b5d6c142f954f3715a7

root@Userver01:~# docker load --input ubuntu_16.04.tar

Loaded image: ubuntu:16.04

8、 通过docker commit提交一个新镜像

docker commit -m "change httpd.conf file" -a "john" b911f2812e51 test #使用b911f2812e51容器生成一个名为test的镜像

-a:指定作者

-m:相关说明信息

-p:提交时暂停容器运行


0