docker学习笔记一

IPC：进程间通信ƒ
user隔离是在内核3.8+以上才实现

centos初始化配置docker

uname -a
cat /etc/redhat-release 
getenforce
systemctl status firewalld
systemctl stop firewalld

cat /etc/yum.repos.d/CentOS-Base.repo 
yum list docker --show-duplicates
yum install yum-utils -y
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --show-duplicates
yum install docker-ce -y
systemctl enable docker
systemctl start docker
docker info

[root@huan ~]# vim /etc/docker/daemon.json

{
  "graph": "/data/docker",
  "storage-driver": "overlay2",
  "insecure-registries": ["registry.access.redhat.com","quay.io"],
  "registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
  "bip": "172.91.245.1/24",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "live-restore": true
}

参数	作用
graph	工作目录
storage-driver	存储驱动
insecure-registries	私有仓库
registry-mirrors	镜像源
bip	docker地址网段，中间两位改成和IP地址后两个方便排查
exec-opts	额外的参数，cgroupdriver设置成systemd
live-restore	配置成true 当docker服务挂掉后，docker容器还能存活不依赖于docker服务本身

docker容器、镜像、仓库之间的关系

创建hub.docker.com账号

[root@huan ~]# docker login docker.io

[root@huan ~]# docker search alpine
[root@huan ~]# docker pull alpine

只是删除标签

[root@huan ~]# docker rmi docker.io/xxxxxxxxxxxx/alpine:latest
Untagged: xxxxxxxxxxxx/alpine:latest

删除镜像需要带上镜像id

docker rmi a24bb4013296
Error response from daemon: conflict: unable to delete a24bb4013296 (must be forced) - image is referenced in multiple repositories
# 有其他镜像关联到此镜像，加上-f是强制删除
docker rmi -f a24bb4013296
Untagged: alpine:latest
Untagged: alpine@sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Untagged: xxxxxxxxxxxx/alpine:v3.10.3
Untagged: xxxxxxxxxxxx/alpine:v3.10.3
Untagged: xxxxxxxxxxxx/alpine@sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Deleted: sha256:a24bb4013296f61e89ba57005a7b3e52274d8edd3ae2077d04395f806b63d83e
Deleted: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

从自己的镜像仓库下载下来

[root@huan ~]# docker pull docker.io/xxxxxxxxxxxx/alpine:latest

docker镜像特性

AUSS

如果base image很大，每次变更的增量部分很小， 1个G那也能接受，镜像绝对大小毫无意义。

启动容器（运行镜像）

[root@huan ~]# docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

OPTIONS选项

-i：表示启动一个可交互的容器，并持续打开标准输入

-t：表示使用终端关联到容器的标准输入上输出

-d：表示将容器放置后台运行

-p：表示容器运行时所需要的端口号

-v：表示需要将容器运行时所需要挂载到宿主机的目录

--rm：退出后即删除容器

--name：给容器自定义一个唯一名称，如果不指定随机生成一个名字

IMAGE：表示要运行的镜像

COMMAND：表示启动容器时要运行的命令

启动

[root@huan ~]# docker run -it xxxxxxxxxxxx/alpine

/ # cat /etc/issue 
Welcome to Alpine Linux 3.12
Kernel 
 on an m (l)

/ # exit

[root@huan ~]# docker ps
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS              PORTS               NAMES
68376c046405        xxxxxxxxxxxx/alpine   "/bin/sh"           33 seconds ago      Up 33 seconds                           intelligent_leakey
[root@huan ~]# docker ps -a
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS                     PORTS               NAMES
68376c046405        xxxxxxxxxxxx/alpine   "/bin/sh"           2 minutes ago       Exited (0) 5 seconds ago                       intelligent_leakey

[root@huan ~]# docker run --rm xxxxxxxxxxxx/alpine:latest /bin/echo hello
hello

# 批量删除已退出的容器
[root@huan ~]# for i in `docker ps -a|grep -i exit|awk '{print $1}'`;do docker rm -f $i;done

docker容器有自己的文件系统树，做了文件系统之间的隔离，文件隔离，网络隔离，ipc隔离等等

[root@huan ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
alpine              3.10.1              b7b28af77ffe        13 months ago       5.58MB

提交容器

[root@huan ~]# docker commit
[root@huan ~]# docker commit -p myalpine oldboy1103/alpine:v3.10.3_with_1.txt

固化到只读层了

docker导出镜像到宿主机

[root@huan ~]# docker save b7b28af77ffe > alpine:v3.10.3_with_1.txt.tar
[root@huan ~]# ll
-rw-r--r-- 1 root root   5852160 8月  15 20:03 alpine:v3.10.3_with_1.txt.tar

导入镜像

[root@huan ~]# docker load < alpine:v3.10.3_with_1.txt.tar
[root@huan ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
<none>              <none>              b7b28af77ffe        13 months ago       5.58MB

使用docker images发现REPOSITORY和TAG都是none，使用tag即可打标签

[root@huan ~]# docker tag b7b28af77ffe oldboy1103/alpine:v3.10.3_with_1.txt
[root@huan ~]# docker images
REPOSITORY          TAG                  IMAGE ID            CREATED             SIZE
oldboy1103/alpine   v3.10.3_with_1.txt   b7b28af77ffe        13 months ago       5.58MB

把标准输出重定向到日志

docker run hello-world 2>&1 >>/dev/null

查看日志，不加-f也可以

docker logs -f 容器镜像ID

docker容器的高级操作

不是因为难，而是因为特别重要。

下载nginx

[root@huan ~]# docker pull nginx:1.12.2
[root@huan ~]# docker tag 4037a5562b03 oldboy1103/nginx:v1.12.2
[root@huan ~]# docker images
REPOSITORY          TAG                  IMAGE ID            CREATED             SIZE
oldboy1103/alpine   v3.10.3_with_1.txt   b7b28af77ffe        13 months ago       5.58MB
nginx               1.12.2               4037a5562b03        2 years ago         108MB
oldboy1103/nginx    v1.12.2              4037a5562b03        2 years ago         108MB

端口映射，容器外端口:容器内端口

[root@huan ~]# docker run --rm --name mynginx -d -p81:80 oldboy1103/nginx:v1.12.2

下载百度首页进行演示

[root@huan ~]# mkdir html
[root@huan html]# wget www.baidu.com -O index.html
[root@huan html]# docker run -d --rm --name nginx_with_baidu -d -p82:80 -v /root/html:/usr/share/nginx/html oldboy1103/nginx:v1.12.2

inspect命令

docker inspect 容器ID

容器传递环境变量

[root@huan ~]# docker run --rm -e E_OPTS=abcdefg oldboy1103/alpine:latest printenv

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=b6759d28963f
E_OPTS=abcdefg
HOME=/root

进入容器

[root@huan ~]# docker exec -ti nginx_with_baidu /bin/bash

root@0ffcc450e2f6:/# tee /etc/apt/sources.list << EOF
> deb http://mirrors.163.com/debian/ jessie main non-free contrib
> deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
> EOF
deb http://mirrors.163.com/debian/ jessie main non-free contrib
deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib

root@0ffcc450e2f6:/# apt-get update && apt-get install curl -y

开始固化

[root@huan ~]# docker ps
CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS                NAMES
0ffcc450e2f6        oldboy1103/nginx:v1.12.2   "nginx -g 'daemon of…"   5 minutes ago       Up 4 minutes        0.0.0.0:82->80/tcp   nginx_with_baidu

[root@huan ~]# docker commit -p 0ffcc450e2f6 xxxxxxxxxxxx/nginx:curl
[root@huan ~]# docker images
REPOSITORY           TAG                  IMAGE ID            CREATED             SIZE
xxxxxxxxxxxx/nginx   curl                 6f10e7047510        2 minutes ago       136MB

[root@huan ~]# docker push xxx/nginx:curl
The push refers to repository [docker.io/xxxxxxxxxxxx/nginx]
761966e456bc: Pushed
4258832b2570: Mounted from library/nginx

mounted在push的时候，就会从公网的library/nginx中mount过来一层，这样就会节省网络流量z

容器内安装软件（工具）

生产干货：公司用的容器最多的发行版本是debian系，生产上大量的都是用的debian系，反而红帽系很少，包括老外。