Kubernetes CKA认证运维工程师笔记-Docker快速入门
1. Docker 概念与安装
1.1 Docker 是什么
- 使用最广泛的开源容器引擎
- 一种操作系统级的虚拟化技术
- 依赖于Linux内核特性:Namespace(资源隔离)和Cgroups(资源限制)
- 一个简单的应用程序打包工具
1.2 Docker 基本组成
1.3 版本与支持平台
Docker版本:
- 社区版(Community Edition,CE)
- 企业版(Enterprise Edition,EE)
支持平台:
- Linux(CentOS,Debian,Fedora,Oracle Linux,RHEL,SUSE和Ubuntu)
- Mac
- Windows
1.4 Docker 安装
# 关闭selinux和防火墙
[root@centos7 ~]# vi /etc/selinux/config
[root@centos7 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@centos7 ~]# getenforce
Disabled
[root@centos7 ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
# 修改主机名称,也可以不该改
[root@centos7 ~]# hostnamectl set-hostname docker02
[root@centos7 ~]# exit
# 安装docker的准备插件,下载docker的yum源,这里提供了两种yum源,一个是官方的,一个是阿里云的,这里以阿里云的为例
[root@docker02 ~]# yum install -y yum-utils
[root@docker02 ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@docker02 ~]# ls /etc/yum.repos.d/
CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo docker-ce.repo epel.repo
[root@docker02 ~]# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
--2021-11-03 22:58:48-- http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 61.240.132.241, 124.165.127.202, 61.240.142.60, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|61.240.132.241|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2081 (2.0K) [application/octet-stream]
Saving to: ‘docker-ce.repo’
100%[================================================================================================================================================>] 2,081 --.-K/s in 0s
2021-11-03 22:58:48 (425 MB/s) - ‘docker-ce.repo’ saved [2081/2081]
[root@docker02 ~]# mv docker-ce.repo /etc/yum.repos.d/
mv: overwrite ‘/etc/yum.repos.d/docker-ce.repo’? y
# 查看docker-ce阿里云仓库提供的版本
[root@docker02 ~]# yum list docker-ce --showduplicates | sort -r
* updates: mirrors.aliyun.com
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
* extras: mirrors.aliyun.com
docker-ce.x86_64 3:20.10.9-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.8-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.7-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.6-3.el7 docker-ce-stable
......
# 安装docker-ce
[root@docker02 ~]# yum install -y docker-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
......
Installed:
docker-ce.x86_64 3:20.10.10-3.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.119.2-1.911c772.el7_8 containerd.io.x86_64 0:1.4.11-3.1.el7
docker-ce-cli.x86_64 1:20.10.10-3.el7 docker-ce-rootless-extras.x86_64 0:20.10.10-3.el7 docker-scan-plugin.x86_64 0:0.9.0-3.el7 fuse-overlayfs.x86_64 0:0.7.2-6.el7_8
fuse3-libs.x86_64 0:3.6.1-4.el7 libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7
python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7 slirp4netns.x86_64 0:0.4.3-4.el7_8
Dependency Updated:
audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7 libselinux.x86_64 0:2.5-15.el7 libselinux-python.x86_64 0:2.5-15.el7
libselinux-utils.x86_64 0:2.5-15.el7 libsemanage.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7 policycoreutils.x86_64 0:2.5-34.el7
selinux-policy.noarch 0:3.13.1-268.el7_9.2 selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2
Complete!
# 查看docker系统信息
[root@docker02 ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.9.0)
Server:
ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
errors pretty printing info
[root@docker02 ~]# systemctl start docker;systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker02 ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.9.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.779GiB
Name: docker02
ID: 256O:LBZV:E2IT:R2Q5:IHWY:XMKK:SS4E:SCNX:A3HJ:6ZCJ:4JUD:O3MX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
# 发现有报错,修改配置文件解决报错问题
[root@docker02 ~]# vi /etc/sysctl.conf
[root@docker02 ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
# 在文件里添加下面两行代码
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# 然后 ESC 退出后 :wq 保存,执行下面语句使配置生效
[root@docker02 ~]# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# 问题解决
[root@docker02 ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.9.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.779GiB
Name: docker02
ID: 256O:LBZV:E2IT:R2Q5:IHWY:XMKK:SS4E:SCNX:A3HJ:6ZCJ:4JUD:O3MX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
# 列出容器
[root@docker02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
https://docs.docker.com/engine/install/centos/
官方文档:https://docs.docker.com
阿里云源:http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2. Docker 镜像管理
2.1 镜像是什么
- 一个分层存储的文件,不是一个单一的文件
- 一个软件的环境
- 一个镜像可以创建N个容器
- 一种标准化的交付
- 一个不包含Linux内核而又精简的Linux操作系统
2.2 配置加速器
Docker Hub是由Docker公司负责维护的公共镜像仓库,包含大量的容器镜像,Docker工具默认从这个公共镜像库下载镜像。
地址:https://hub.docker.com
配置镜像加速器:
# 编辑daemon.json文件,没有就创建
[root@docker02 ~]# vi /etc/docker/daemon.json
# 添加如下加速器内容
[root@docker02 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
# 重启docker
[root@docker02 ~]# systemctl restart docker
# 查看加速其内容是否生效,看最下面Registry Mirrors
[root@docker02 ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.9.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.779GiB
Name: docker02
ID: 256O:LBZV:E2IT:R2Q5:IHWY:XMKK:SS4E:SCNX:A3HJ:6ZCJ:4JUD:O3MX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://b9pmyelo.mirror.aliyuncs.com/
Live Restore Enabled: false
2.3 镜像常用管理命令
命令格式:
docker --help
docker image COMMAND
指令 | 描述 |
---|---|
ls | 列出镜像 |
build | 构建镜像来自Dockerfile |
history | 查看镜像历史 |
inspect | 显示一个或多个镜像详细信息 |
pull | 从镜像仓库拉取镜像 |
push | 推送一个镜像到镜像仓库 |
rm | 移除一个或多个镜像 |
prune | 移除没有被标记或者没有被任何容器引用的镜像 |
tag | 创建一个引用源镜像标记目录镜像 |
save | 保存一个或多个镜像到一个tar归档文件 |
load | 加载镜像来自tar归档或标准输入 |
#第一次运行会从本地找镜像,没有找到会直接从dockerhub上面下载,然后运行镜像
[root@docker02 ~]# docker run -d nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
b380bbd43752: Pull complete
fca7e12d1754: Pull complete
745ab57616cb: Pull complete
a4723e260b6f: Pull complete
1c84ebdff681: Pull complete
858292fd2e56: Pull complete
Digest: sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36
Status: Downloaded newer image for nginx:latest
443bad4b2b0672e1579c97a6f8608e9a7789841c4c5483d8efd973775ac14aa5
# 列出本地有的镜像
[root@docker02 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 87a94228f133 3 weeks ago 133MB
# 查看镜像构建历史和步骤
[root@docker02 ~]# docker history nginx
IMAGE CREATED CREATED BY SIZE COMMENT
87a94228f133 3 weeks ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
<missing> 3 weeks ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B
<missing> 3 weeks ago /bin/sh -c #(nop) EXPOSE 80 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr… 0B
<missing> 3 weeks ago /bin/sh -c #(nop) COPY file:09a214a3e07c919a… 4.61kB
<missing> 3 weeks ago /bin/sh -c #(nop) COPY file:0fd5fca330dcd6a7… 1.04kB
<missing> 3 weeks ago /bin/sh -c #(nop) COPY file:0b866ff3fc1ef5b0… 1.96kB
<missing> 3 weeks ago /bin/sh -c #(nop) COPY file:65504f71f5855ca0… 1.2kB
<missing> 3 weeks ago /bin/sh -c set -x && addgroup --system -… 64MB
<missing> 3 weeks ago /bin/sh -c #(nop) ENV PKG_RELEASE=1~buster 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ENV NJS_VERSION=0.6.2 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.21.3 0B
<missing> 3 weeks ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B
<missing> 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:910392427fdf089bc… 69.3MB
# 以json的文件格式显示该镜像的详细信息
[root@docker02 ~]# docker inspect nginx
[
{
"Id": "sha256:87a94228f133e2da99cb16d653cd1373c5b4e8689956386c1c12b60a20421a02",
"RepoTags": [
"nginx:latest"
],
"RepoDigests": [
"nginx@sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36"
],
"Parent": "",
"Comment": "",
"Created": "2021-10-12T02:03:40.360294686Z",
"Container": "21fd1c6cb532225ca7e04c77f6592e220574b919aec07021663576ef438e0fee",
"ContainerConfig": {
"Hostname": "21fd1c6cb532",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {
}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.3",
"NJS_VERSION=0.6.2",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"nginx\" \"-g\" \"daemon off;\"]"
],
"Image": "sha256:e30f1b92b2c67fbe72fb24af7353a945f6df4f48d9064d47bf0f51674311251e",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <[email protected]>"
},
"StopSignal": "SIGQUIT"
},
"DockerVersion": "20.10.7",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {
}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.3",
"NJS_VERSION=0.6.2",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "sha256:e30f1b92b2c67fbe72fb24af7353a945f6df4f48d9064d47bf0f51674311251e",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <[email protected]>"
},
"StopSignal": "SIGQUIT"
},
"Architecture": "amd64",
"Os": "linux",
"Size": 133277153,
"VirtualSize": 133277153,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a0dbf794833f4f7d28ee89d6debf3d5e4d22dc04903ffae85eda6643383f57b4/diff:/var/lib/docker/overlay2/2d260cb5960fa673679039e382578cb852adb0e8f0930e71f817af09edf8556c/diff:/var/lib/docker/overlay2/ee2f883e3a578d3d748c63435267598bbc49a1b9e8c05a1dea8fe11cbfc3147a/diff:/var/lib/docker/overlay2/9f5fbdfd68bb7d2d3a8a0c586a097507b50ff13ca1d77e83ddcc5b63a07296ab/diff:/var/lib/docker/overlay2/b069a3c660d3ed0eedd9c35dd1af33df7ed2a769598bda8e0f4c16d6fff780a6/diff",
"MergedDir": "/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/merged",
"UpperDir": "/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/diff",
"WorkDir": "/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:e81bff2725dbc0bf2003db10272fef362e882eb96353055778a66cda430cf81b",
"sha256:43f4e41372e42dd32309f6a7bdce03cf2d65b3ca34b1036be946d53c35b503ab",
"sha256:788e89a4d186f3614bfa74254524bc2e2c6de103698aeb1cb044f8e8339a90bd",
"sha256:f8e880dfc4ef19e78853c3f132166a4760a220c5ad15b9ee03b22da9c490ae3b",
"sha256:f7e00b807643e512b85ef8c9f5244667c337c314fa29572206c1b0f3ae7bf122",
"sha256:9959a332cf6e41253a9cd0c715fa74b01db1621b4d16f98f4155a2ed5365da4a"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
# 下载镜像,如果本地有会进行校验,如果没有就直接下载
[root@docker02 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
Digest: sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36
Status: Image is up to date for nginx:latest
docker.io/library/nginx:latest
[root@docker02 ~]# docker pull redis
Using default tag: latest
latest: Pulling from library/redis
7d63c13d9b9b: Pull complete
a2c3b174c5ad: Pull complete
283a10257b0f: Pull complete
7a08c63a873a: Pull complete
0531663a7f55: Pull complete
9bf50efb265c: Pull complete
Digest: sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe
Status: Downloaded newer image for redis:latest
docker.io/library/redis:latest
# 移除没有被标记或者没有被任何容器引用的镜像,加上-a是删除所有
[root@docker02 ~]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
[root@docker02 ~]# docker image prune -a
WARNING! This will remove all images without at least one container associated to them.
Are you sure you want to continue? [y/N] y
Deleted Images:
untagged: redis:latest
untagged: redis@sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe
deleted: sha256:7faaec68323851b2265bddb239bd9476c7d4e4335e9fd88cbfcc1df374dded2f
deleted: sha256:e6deb90762475cda72e21895911f830ed99fd1cc6d920d92873270be91235274
deleted: sha256:2649acad13241d9c8d81e49357bc66cce459b352ded7f423d70ede7bd3bb7b89
deleted: sha256:64007bba5fc220df4d3da33cecdc2d55dd6a73528c138b0fa1acd79fd6a9c217
deleted: sha256:b2cc2f1bf8b1cca8ba7c19e1697f7b73755903ad8f880b83673fd6a697aca935
deleted: sha256:fbd1283ab782925be4d990bd4bebe9ad5e5cf9a525abfb6fa87465e072da9d31
deleted: sha256:e8b689711f21f9301c40bf2131ce1a1905c3aa09def1de5ec43cf0adf652576e
Total reclaimed space: 112.7MB
# 下载镜像,保存下来;再传到另一台没有网的机器上,导入
[root@docker02 ~]# docker pull redis
Using default tag: latest
latest: Pulling from library/redis
7d63c13d9b9b: Pull complete
a2c3b174c5ad: Pull complete
283a10257b0f: Pull complete
7a08c63a873a: Pull complete
0531663a7f55: Pull complete
9bf50efb265c: Pull complete
Digest: sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe
Status: Downloaded newer image for redis:latest
docker.io/library/redis:latest
[root@docker02 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 7faaec683238 3 weeks ago 113MB
nginx latest 87a94228f133 3 weeks ago 133MB
[root@docker02 ~]# docker save redis --help
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save one or more images to a tar archive (streamed to STDOUT by default)
Options:
-o, --output string Write to a file, instead of STDOUT
[root@docker02 ~]# docker save redis -o redis.tar
[root@docker02 ~]# du -sh redis.tar
111M redis.tar
[root@docker02 ~]# tar xvf redis.tar
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/VERSION
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/json
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/layer.tar
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/VERSION
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/json
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/layer.tar
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/VERSION
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/json
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/layer.tar
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/VERSION
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/json
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/layer.tar
7faaec68323851b2265bddb239bd9476c7d4e4335e9fd88cbfcc1df374dded2f.json
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/VERSION
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/json
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/layer.tar
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/VERSION
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/json
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/layer.tar
manifest.json
tar: manifest.json: implausibly old time stamp 1970-01-01 08:00:00
repositories
tar: repositories: implausibly old time stamp 1970-01-01 08:00:00
[root@docker02 ~]# ls
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2
7faaec68323851b2265bddb239bd9476c7d4e4335e9fd88cbfcc1df374dded2f.json
anaconda-ks.cfg
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e
createuser.sh
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3
disk.sh
disk.txt
manifest.json
redis.tar
repositories
systeminfo.sh
user.txt
[root@docker02 ~]# scp redis.tar [email protected]:~
The authenticity of host '10.0.0.65 (10.0.0.65)' can't be established.
ECDSA key fingerprint is SHA256:OWuZy2NmY2roM1RqIamUATXYA+wqXai6nqsA1LesvjU.
ECDSA key fingerprint is MD5:04:af:eb:98:a5:8d:e0:a4:b4:16:29:80:8e:f9:e6:fc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.65' (ECDSA) to the list of known hosts.
[email protected]'s password:
redis.tar
[root@docker01 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker01 ~]# ls
anaconda-ks.cfg redis.tar
[root@docker01 ~]# docker load -i redis.tar
e8b689711f21: Loading layer [==================================================>] 83.86MB/83.86MB
b43651130521: Loading layer [==================================================>] 338.4kB/338.4kB
8b9770153666: Loading layer [==================================================>] 4.274MB/4.274MB
6b01cc47a390: Loading layer [==================================================>] 27.8MB/27.8MB
0bd13b42de4d: Loading layer [==================================================>] 2.048kB/2.048kB
146262eb3841: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: redis:latest
[root@docker01 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 7faaec683238 3 weeks ago 113MB
[root@docker01 ~]# docker run -d redis
38453ca627aa556868383d883a0c0020afee37b5e3c094eb5901e37b3d0add1b
[root@docker01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
38453ca627aa redis "docker-entrypoint.s…" 6 seconds ago Up 5 seconds 6379/tcp awesome_jang
[root@docker02 ~]# docker run -d -p 8080:80 nginx
5765ec59ef5c9c843d204513cccd2f1b9c3f5ad18b4e6aa3bacf01c19b4bf949
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5765ec59ef5c nginx "/docker-entrypoint.…" 15 seconds ago Up 11 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
3. Docker 容器管理
3.1 创建容器常用选项
命令格式:
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
选项 | 描述 |
---|---|
-i, –interactive | 交互式 |
-t, –tty | 分配一个伪终端 |
-d, –detach | 运行容器到后台 |
-e, –env | 设置环境变量 |
-p, –publish list | 发布容器端口到主机 |
-P, –publish-all | 发布容器所有EXPOSE的端口到宿主机随机端口 |
–name string | 指定容器名称 |
-h, –hostname | 设置容器主机名 |
–ip string | 指定容器IP,只能用于自定义网络 |
–network | 连接容器到一个网络 |
-v, –volume list;–mount mount(新方式) | 将文件系统附加到容器 |
–restart string | 容器退出时重启策略,默认no,可选值:[always |
-m,–memory | 容器可以使用的最大内存量 |
–memory-swap | 允许交换到磁盘的内存量 |
–memory-swappiness=<0-100> | 容器使用SWAP分区交换的百分比(0-100,默认为-1) |
–oom-kill-disable | 禁用OOM Killer |
–cpus | 可以使用的CPU数量 |
–cpuset-cpus | 限制容器使用特定的CPU核心,如(0-3, 0,1) |
–cpu-shares | CPU共享(相对权重) |
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5765ec59ef5c nginx "/docker-entrypoint.…" 15 seconds ago Up 11 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
[root@docker02 ~]# docker exec -it 5765ec59ef5c bash
root@5765ec59ef5c:/#
[root@docker02 ~]# docker run -d nginx
cc83449feeeb66ce1136aeaf9d315418c524076680934eccf01f44de3386eea6
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc83449feeeb nginx "/docker-entrypoint.…" 3 seconds ago Up 2 seconds 80/tcp agitated_driscoll
[root@docker02 ~]# docker run -d centos
a7a7b7e02c36561fbd0068869db4ebdae6cc7388bd84b776fdc949468c480173
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a7a7b7e02c36 centos "/bin/bash" 2 seconds ago Exited (0) 1 second ago serene_ellis
[root@docker02 ~]# docker run -it -d nginx
ba394b242d0f24195a06772374c530748aae79987dd82268bfc620ac5b3db786
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba394b242d0f nginx "/docker-entrypoint.…" 2 seconds ago Up 2 seconds 80/tcp strange_moser
[root@docker02 ~]# docker run -it -d centos
26ea932594a15c843f12ad0f70f119d2e5f8cad8442dcc3b71fa0a4aa68a3888
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
26ea932594a1 centos "/bin/bash" 2 seconds ago Up 1 second interesting_jones
[root@docker02 ~]# docker top ba394b242d0f
UID PID PPID C STIME TTY TIME CMD
root 3219 3198 0 22:51 pts/0 00:00:00 nginx: master process nginx -g daemon off;
101 3269 3219 0 22:51 pts/0 00:00:00 nginx: worker process
101 3270 3219 0 22:51 pts/0 00:00:00 nginx: worker process
[root@docker02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
26ea932594a1 centos "/bin/bash" 2 minutes ago Up 2 minutes interesting_jones
ba394b242d0f nginx "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 80/tcp strange_moser
cc83449feeeb nginx "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp agitated_driscoll
7a613f1de6e7 nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp elegant_lamport
5765ec59ef5c nginx "/docker-entrypoint.…" 21 minutes ago Up 21 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
443bad4b2b06 nginx "/docker-entrypoint.…" 47 minutes ago Up 47 minutes 80/tcp zealous_sutherland
[root@docker02 ~]# docker top 26ea932594a1
UID PID PPID C STIME TTY TIME CMD
root 3315 3295 0 22:51 pts/0 00:00:00 /bin/bash
[root@docker02 ~]# docker run nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/11/07 14:56:07 [notice] 1#1: using the "epoll" event method
2021/11/07 14:56:07 [notice] 1#1: nginx/1.21.3
2021/11/07 14:56:07 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6)
2021/11/07 14:56:07 [notice] 1#1: OS: Linux 3.10.0-862.el7.x86_64
2021/11/07 14:56:07 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/11/07 14:56:07 [notice] 1#1: start worker processes
2021/11/07 14:56:07 [notice] 1#1: start worker process 32
2021/11/07 14:56:07 [notice] 1#1: start worker process 33
[root@docker02 ~]# docker run -d -e env=prod -p 88:80 --name web -h web --restart=always nginx
65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628
[root@docker02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
65da0bbfccc8 nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 0.0.0.0:88->80/tcp, :::88->80/tcp web
26ea932594a1 centos "/bin/bash" 8 minutes ago Up 8 minutes interesting_jones
ba394b242d0f nginx "/docker-entrypoint.…" 8 minutes ago Up 8 minutes 80/tcp strange_moser
cc83449feeeb nginx "/docker-entrypoint.…" 10 minutes ago Up 10 minutes 80/tcp agitated_driscoll
7a613f1de6e7 nginx "/docker-entrypoint.…" 11 minutes ago Up 11 minutes 80/tcp elegant_lamport
5765ec59ef5c nginx "/docker-entrypoint.…" 27 minutes ago Up 27 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
443bad4b2b06 nginx "/docker-entrypoint.…" 53 minutes ago Up 53 minutes 80/tcp zealous_sutherland
[root@docker02 ~]# docker exec -it web bash
root@web:/# cd /usr/share/nginx/
root@web:/usr/share/nginx# ls
html
root@web:/usr/share/nginx# cd html/
root@web:/usr/share/nginx/html# ls
50x.html index.html
root@web:/usr/share/nginx/html# echo "<h1>hello world</h1>" > index.html
root@web:/usr/share/nginx/html# hostname
web
root@web:/usr/share/nginx/html# echo $env
prod
[root@docker02 ~]# docker inspect 65da0bbfccc8
[
{
"Id": "65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628",
"Created": "2021-11-07T14:59:41.715811333Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 3565,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-11-07T14:59:42.616017801Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:87a94228f133e2da99cb16d653cd1373c5b4e8689956386c1c12b60a20421a02",
"ResolvConfPath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/hostname",
"HostsPath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/hosts",
"LogPath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628-json.log",
"Name": "/web",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {
}
},
"NetworkMode": "default",
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "88"
}
]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3-init/diff:/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/diff:/var/lib/docker/overlay2/a0dbf794833f4f7d28ee89d6debf3d5e4d22dc04903ffae85eda6643383f57b4/diff:/var/lib/docker/overlay2/2d260cb5960fa673679039e382578cb852adb0e8f0930e71f817af09edf8556c/diff:/var/lib/docker/overlay2/ee2f883e3a578d3d748c63435267598bbc49a1b9e8c05a1dea8fe11cbfc3147a/diff:/var/lib/docker/overlay2/9f5fbdfd68bb7d2d3a8a0c586a097507b50ff13ca1d77e83ddcc5b63a07296ab/diff:/var/lib/docker/overlay2/b069a3c660d3ed0eedd9c35dd1af33df7ed2a769598bda8e0f4c16d6fff780a6/diff",
"MergedDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/merged",
"UpperDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff",
"WorkDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "web",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {
}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"env=prod",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.3",
"NJS_VERSION=0.6.2",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <[email protected]>"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a83252848774f4ac53075b126e02d4bb5774b5b853dbe48867dc618cfe3ab034",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "88"
},
{
"HostIp": "::",
"HostPort": "88"
}
]
},
"SandboxKey": "/var/run/docker/netns/a83252848774",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "9fe4a7a6575684a0b6585691831b1c988764b19761538a2ffd753fbf6b14a9c3",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.8",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:08",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "496733af375fa19fe4514181415b2af7596f2589732815af273ac8ad360a972b",
"EndpointID": "9fe4a7a6575684a0b6585691831b1c988764b19761538a2ffd753fbf6b14a9c3",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.8",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:08",
"DriverOpts": null
}
}
}
}
]
[root@docker02 ~]# ls /var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff
etc root run usr var
[root@docker02 ~]# ls /var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff/usr/share/nginx/html/index.html
/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff/usr/share/nginx/html/index.html
[root@docker02 ~]# cat /var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff/usr/share/nginx/html/index.html
<h1>hello world</h1>
[root@docker02 ~]# docker run -m="500M" --cpus="1" -d nginx
0112aaf0cd9dd6963d7f2f08fee1085df6edf95efae6c2045adf1830f322cbb0
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112aaf0cd9d nginx "/docker-entrypoint.…" 9 seconds ago Up 7 seconds 80/tcp unruffled_fermat
3.2 镜像常用管理命令
命令格式:
docker container COMMAND
选项 | 描述 |
---|---|
ls | 列出容器 |
inspect | 查看一个或多个容器详细信息 |
exec | 在运行容器中执行命令 |
commit | 创建一个新镜像来自一个容器 |
cp | 拷贝文件/文件夹到一个容器 |
logs | 获取一个容器日志 |
port | 列出或指定容器端口映射 |
top | 显示一个容器运行的进程 |
stats | 显示容器资源使用统计 |
stop/start/restart | 停止/启动一个或多个容器 |
rm | 删除一个或多个容器 |
prune | 移除已停止的容器 |
[root@docker02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112aaf0cd9d nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp unruffled_fermat
65da0bbfccc8 nginx "/docker-entrypoint.…" 22 minutes ago Up 22 minutes 0.0.0.0:88->80/tcp, :::88->80/tcp web
26ea932594a1 centos "/bin/bash" 31 minutes ago Up 31 minutes interesting_jones
ba394b242d0f nginx "/docker-entrypoint.…" 31 minutes ago Up 31 minutes 80/tcp strange_moser
cc83449feeeb nginx "/docker-entrypoint.…" 32 minutes ago Up 32 minutes 80/tcp agitated_driscoll
7a613f1de6e7 nginx "/docker-entrypoint.…" 34 minutes ago Up 34 minutes 80/tcp elegant_lamport
5765ec59ef5c nginx "/docker-entrypoint.…" 50 minutes ago Up 50 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
443bad4b2b06 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp zealous_sutherland
[root@docker02 ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112aaf0cd9d nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp unruffled_fermat
65da0bbfccc8 nginx "/docker-entrypoint.…" 23 minutes ago Up 23 minutes 0.0.0.0:88->80/tcp, :::88->80/tcp web
26ea932594a1 centos "/bin/bash" 31 minutes ago Up 31 minutes interesting_jones
ba394b242d0f nginx "/docker-entrypoint.…" 31 minutes ago Up 31 minutes 80/tcp strange_moser
cc83449feeeb nginx "/docker-entrypoint.…" 33 minutes ago Up 33 minutes 80/tcp agitated_driscoll
7a613f1de6e7 nginx "/docker-entrypoint.…" 34 minutes ago Up 34 minutes 80/tcp elegant_lamport
5765ec59ef5c nginx "/docker-entrypoint.…" 50 minutes ago Up 50 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
443bad4b2b06 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp zealous_sutherland
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112aaf0cd9d nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp unruffled_fermat
[root@docker02 ~]# docker exec web ls
bin
boot
dev
docker-entrypoint.d
docker-entrypoint.sh
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
[root@docker02 ~]# docker cp manifest.json web:/
[root@docker02 ~]# docker exec web ls /
bin
boot
dev
docker-entrypoint.d
docker-entrypoint.sh
etc
home
lib
lib64
manifest.json
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
[root@docker02 ~]# docker logs web -f
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/11/07 14:59:42 [notice] 1#1: using the "epoll" event method
2021/11/07 14:59:42 [notice] 1#1: nginx/1.21.3
2021/11/07 14:59:42 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6)
2021/11/07 14:59:42 [notice] 1#1: OS: Linux 3.10.0-862.el7.x86_64
2021/11/07 14:59:42 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/11/07 14:59:42 [notice] 1#1: start worker processes
2021/11/07 14:59:42 [notice] 1#1: start worker process 31
2021/11/07 14:59:42 [notice] 1#1: start worker process 32
10.0.0.1 - - [07/Nov/2021:15:02:26 +0000] "GET / HTTP/1.1" 200 21 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
2021/11/07 15:02:26 [error] 31#31: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.0.0.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.66:88", referrer: "http://10.0.0.66:88/"
10.0.0.1 - - [07/Nov/2021:15:02:26 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "http://10.0.0.66:88/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.0.0.1 - - [07/Nov/2021:15:28:18 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.0.0.1 - - [07/Nov/2021:15:28:19 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.0.0.1 - - [07/Nov/2021:15:28:19 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
[root@docker02 ~]# docker port web
80/tcp -> 0.0.0.0:88
80/tcp -> :::88
[root@docker02 ~]# docker top web
UID PID PPID C STIME TTY TIME CMD
root 3565 3543 0 22:59 ? 00:00:00 nginx: master process nginx -g daemon off;
101 3617 3565 0 22:59 ? 00:00:00 nginx: worker process
101 3618 3565 0 22:59 ? 00:00:00 nginx: worker process
[root@docker02 ~]# docker stats web --no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
65da0bbfccc8 web 0.00% 2.008MiB / 1.779GiB 0.11% 4.77kB / 2.93kB 0B / 13.3kB 3
[root@docker02 ~]# docker stats web --no-stream|awk '{print $2}'
ID
web
[root@docker02 ~]# docker stats web --no-stream|awk '{print $3}'
NAME
0.00%
[root@docker02 ~]# docker stats web --no-stream|awk 'NR==2{print $3}'
0.00%
[root@docker02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112aaf0cd9d nginx "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 80/tcp unruffled_fermat
65da0bbfccc8 nginx "/docker-entrypoint.…" 33 minutes ago Up 33 minutes 0.0.0.0:88->80/tcp, :::88->80/tcp web
26ea932594a1 centos "/bin/bash" 41 minutes ago Up 41 minutes interesting_jones
ba394b242d0f nginx "/docker-entrypoint.…" 42 minutes ago Up 41 minutes 80/tcp strange_moser
cc83449feeeb nginx "/docker-entrypoint.…" 43 minutes ago Up 43 minutes 80/tcp agitated_driscoll
7a613f1de6e7 nginx "/docker-entrypoint.…" 45 minutes ago Up 45 minutes 80/tcp elegant_lamport
5765ec59ef5c nginx "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
443bad4b2b06 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp zealous_sutherland
[root@docker02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112aaf0cd9d nginx "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 80/tcp unruffled_fermat
65da0bbfccc8 nginx "/docker-entrypoint.…" 33 minutes ago Up 33 minutes 0.0.0.0:88->80/tcp, :::88->80/tcp web
d14032f400f2 nginx "/docker-entrypoint.…" 36 minutes ago Exited (0) 36 minutes ago laughing_jennings
26ea932594a1 centos "/bin/bash" 41 minutes ago Up 41 minutes interesting_jones
ba394b242d0f nginx "/docker-entrypoint.…" 42 minutes ago Up 42 minutes 80/tcp strange_moser
a7a7b7e02c36 centos "/bin/bash" 43 minutes ago Exited (0) 43 minutes ago serene_ellis
cc83449feeeb nginx "/docker-entrypoint.…" 43 minutes ago Up 43 minutes 80/tcp agitated_driscoll
f7cf5a392650 centos "/bin/bash" 45 minutes ago Exited (0) 45 minutes ago angry_swartz
7a613f1de6e7 nginx "/docker-entrypoint.…" 45 minutes ago Up 45 minutes 80/tcp elegant_lamport
494b3e57bc76 centos "/bin/bash" 45 minutes ago Exited (0) 45 minutes ago tender_jemison
5765ec59ef5c nginx "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
443bad4b2b06 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp zealous_sutherland
[root@docker02 ~]# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:
d14032f400f2570ac8279a377b4bc11726acc3f46cbc9da02dde0f4741e51428
a7a7b7e02c36561fbd0068869db4ebdae6cc7388bd84b776fdc949468c480173
f7cf5a39265052be9a8518886d51fa4571a25598273a0c7f2f08487a89023f63
494b3e57bc765a19fd532798fee9813c53930fad3947b45d1497d2f4ca18b181
Total reclaimed space: 1.093kB
# 查看所有的容器,包含退出
[root@docker02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0112aaf0cd9d nginx "/docker-entrypoint.…" 17 minutes ago Up 17 minutes 80/tcp unruffled_fermat
65da0bbfccc8 nginx "/docker-entrypoint.…" 34 minutes ago Up 34 minutes 0.0.0.0:88->80/tcp, :::88->80/tcp web
26ea932594a1 centos "/bin/bash" 42 minutes ago Up 42 minutes interesting_jones
ba394b242d0f nginx "/docker-entrypoint.…" 42 minutes ago Up 42 minutes 80/tcp strange_moser
cc83449feeeb nginx "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 80/tcp agitated_driscoll
7a613f1de6e7 nginx "/docker-entrypoint.…" 46 minutes ago Up 46 minutes 80/tcp elegant_lamport
5765ec59ef5c nginx "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:8080->80/tcp, :::8080->80/tcp epic_bouman
443bad4b2b06 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp zealous_sutherland
# 列出所有的容器ID
[root@docker02 ~]# docker ps -q
0112aaf0cd9d
65da0bbfccc8
26ea932594a1
ba394b242d0f
cc83449feeeb
7a613f1de6e7
5765ec59ef5c
443bad4b2b06
[root@docker02 ~]# docker rm $(docker ps -q)
Error response from daemon: You cannot remove a running container 0112aaf0cd9dd6963d7f2f08fee1085df6edf95efae6c2045adf1830f322cbb0. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 26ea932594a15c843f12ad0f70f119d2e5f8cad8442dcc3b71fa0a4aa68a3888. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container ba394b242d0f24195a06772374c530748aae79987dd82268bfc620ac5b3db786. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container cc83449feeeb66ce1136aeaf9d315418c524076680934eccf01f44de3386eea6. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 7a613f1de6e77d314fdf1f2cee4e603e9c126edfaa4c2c99cb73385559f49ec5. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 5765ec59ef5c9c843d204513cccd2f1b9c3f5ad18b4e6aa3bacf01c19b4bf949. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 443bad4b2b0672e1579c97a6f8608e9a7789841c4c5483d8efd973775ac14aa5. Stop the container before attempting removal or force remove
# 删除所有容器
[root@docker02 ~]# docker rm -f $(docker ps -qa)
0112aaf0cd9d
65da0bbfccc8
26ea932594a1
ba394b242d0f
cc83449feeeb
7a613f1de6e7
5765ec59ef5c
443bad4b2b06
[root@docker02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3.3 容器数据持久化
Docker提供三种方式将数据从宿主机挂载到容器中:
- volumes:Docker管理宿主机文件系统的一部分(/var/lib/docker/volumes)。保存数据的最佳方式。
- bind mounts:将宿主机上的任意位置的文件或者目录挂载到容器中。
volumes示例:
1、创建数据卷
# docker volume create nginx-vol
# docker volume ls
# docker volume inspect nginx-vol
2、使用数据卷
# docker run -d --name=nginx-test --mount src=nginx-vol,dst=/usr/share/nginx/html nginx
# docker run -d --name=nginx-test -v nginx-vol:/usr/share/nginx/html nginx
bind mounts示例:
1、挂载宿主机目录到容器
# docker run -d --name=nginx-test --mount type=bind,src=/app/wwwroot,dst=/usr/share/nginx/html nginx
# docker run -d --name=nginx-test -v /app/wwwroot:/usr/share/nginx/html nginx
[root@docker02 ~]# docker run -d --name web -p 88:80 nginx
9fbcf88c1698577a72e7655a2d2b7486d49140229fb6e9f0f7acb0753c171a7e
[root@docker02 ~]# docker exec -it web bash
root@9fbcf88c1698:/# cd /usr/share/nginx/html/
root@9fbcf88c1698:/usr/share/nginx/html# echo "<h1>hello world</h1>" > index.htm
root@9fbcf88c1698:/usr/share/nginx/html# exit
exit
[root@docker02 ~]# docker rm -f web
web
[root@docker02 ~]# docker run -d --name web -p 88:80 nginx
26bc8776c3b8caa0ef8e5e5989f1a82f560da4127c4067778a13d2e475a2952d
[root@docker02 ~]# docker rm -f web
web
[root@docker02 ~]# mkdir /opt/wwwroot
[root@docker02 ~]# docker run -d --name web -p 88:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx
4d34c32b0eda8805110cfc7a70af5d487aa70ddb526e17dea852f1eff15589bb
[root@docker02 ~]# docker exec -it web bash
root@4d34c32b0eda:/# cd /usr/share/nginx/html/
root@4d34c32b0eda:/usr/share/nginx/html# ls
root@4d34c32b0eda:/usr/share/nginx/html# echo "<h1>hello world</h1>" > index.html
root@4d34c32b0eda:/usr/share/nginx/html# ls
index.html
root@4d34c32b0eda:/usr/share/nginx/html# exit
exit
[root@docker02 ~]# ls /opt/wwwroot/
index.html
[root@docker02 ~]# vi /opt/wwwroot/index.html
[root@docker02 ~]# cat /opt/wwwroot/index.html
<h1>hello world 666</h1>
[root@docker02 ~]# docker rm -f web
web
[root@docker02 ~]# docker run -d --name web -p 88:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx
9b9ce816851a2100fd0b77346f1de7b442011386f3996080e8d50ccc850e35fe
[root@docker02 ~]# cat /opt/wwwroot/index.html
<h1>hello world 666</h1>
制作镜像:
- 启动容器之后的应用程序服务产生的数据尽量放到一个目录 /data
- 构建不是将已经生成的应用程序数据打包进去的
例如:jenkins、gitlab使用docker都是采用-v将他们自身产生的数据持久化宿主机。
3.4 容器网络
- veth pair:成对出现的一种虚拟网络设备,数据从一端进,从另一端出。用于解决网络命名空间之间隔离。
- docker0:网桥是一个二层网络设备,通过网桥可以将Linux支持的不同的端口连接起来,并实现类似交换机那样的多对多的通信。
[root@docker02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:71:b7:92 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.66/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::9186:9ae5:e200:c1d6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:71:b7:9c brd ff:ff:ff:ff:ff:ff
inet 172.16.1.66/24 brd 172.16.1.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::b68c:781f:5d63:b897/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::2635:4769:2ff1:a02e/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:af:90:da:08 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:afff:fe90:da08/64 scope link
valid_lft forever preferred_lft forever
12: veth6eae606@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 7a:b5:4f:ad:77:87 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::78b5:4fff:fead:7787/64 scope link
valid_lft forever preferred_lft forever
Docker使用iptables实现网络通信
外部访问容器:
# iptables -t nat -vnL DOCKER
DNAT 目标网络地址转换
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9b9ce816851a nginx "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 0.0.0.0:88->80/tcp, :::88->80/tcp web
[root@docker02 ~]# docker run -itd busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
01c2cdc13739: Pull complete
Digest: sha256:15e927f78df2cc772b70713543d6b651e3cd8370abf86b2ea4644a9fba21107f
Status: Downloaded newer image for busybox:latest
002b9b970701f31c66e177acc2bf14429ef537d79b3e683f8c6b891edcb733f5
[root@docker02 ~]# ss -antp|grep 88
LISTEN 0 128 *:88 *:* users:(("docker-proxy",pid=2509,fd=4))
LISTEN 0 128 :::88 :::* users:(("docker-proxy",pid=2514,fd=4))
[root@docker02 ~]# iptables -t nat -vnL DOCKER
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
1 52 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 to:172.17.0.2:80
[root@docker02 ~]# ip route
default via 10.0.0.254 dev eth0 proto static metric 100
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.66 metric 100
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.66 metric 101
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
容器访问外部:
# iptables -t nat -vnL POSTROUTIN
SNAT 源地址转换
[root@docker02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
002b9b970701 busybox "sh" 6 minutes ago Up 6 minutes intelligent_hoover
[root@docker02 ~]# docker exec -it 002b9b970701 sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping baidu.com
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=127 time=14.265 ms
...
^C
--- baidu.com ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 10.652/17.532/23.245 ms
/ # ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 scope link src 172.17.0.3
/ # exit
[root@docker02 ~]# ip route
default via 10.0.0.254 dev eth0 proto static metric 100
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.66 metric 100
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.66 metric 101
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
[root@docker02 ~]# iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 46 packets, 3400 bytes)
pkts bytes target prot opt in out source destination
3 194 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80
4. Dockerfile 构建镜像
4.1 Dockerfile概述
Docker通过Dockerfile自动构建镜像,Dockerfile是一个包含用于组建镜像的文本文件,由一条一条的指令组成。
4.2 Dockerfile常用指令
指令 | 描述 |
---|---|
FROM | 构建新镜像是基于哪个镜像 |
LABEL | 标签 |
RUN | 构建镜像时运行的Shell命令 |
COPY | 拷贝文件或目录到镜像中 |
ADD | 解压压缩包并拷贝 |
ENV | 设置环境变量 |
USER | 为RUN、CMD和ENTRYPOINT执行命令指定运行用户 |
EXPOSE | 声明容器运行的服务端口 |
WORKDIR | 为RUN、CMD、ENTRYPOINT、COPY和ADD设置工作目录 |
CMD | 运行容器时默认执行,如果有多个CMD指令,最后一个生效 |
[root@docker02 ~]# mkdir dockerfile
[root@docker02 ~]# cd dockerfile/
[root@docker02 dockerfile]# vi Dockerfile
[root@docker02 dockerfile]# vi Dockerfile
[root@docker02 dockerfile]# cat Dockerfile
FROM centos:7
RUN yum install epel-release -y && \
yum install nginx -y
CMD ["nginx", "-g", "daemon off;"]
[root@docker02 dockerfile]# docker build -t nginx:v1 .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM centos:7
7: Pulling from library/centos
...
Step 3/3 : CMD ["nginx", "-g", "daemon off;"]
---> Running in c74e0549624e
Removing intermediate container c74e0549624e
---> a9f35ab28121
Successfully built a9f35ab28121
Successfully tagged nginx:v1
[root@docker02 dockerfile]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v1 a9f35ab28121 About a minute ago 420MB
busybox latest cabb9f684f8b 11 days ago 1.24MB
redis latest 7faaec683238 3 weeks ago 113MB
nginx latest 87a94228f133 3 weeks ago 133MB
centos 7 eeb6ee3f44bd 7 weeks ago 204MB
centos latest 5d0da3dc9764 7 weeks ago 231MB
[root@docker02 dockerfile]# docker run -d --name web2 -p 89:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx:v1
7135ecb5967f56197f8e24a09e6085850ec1e9e578112d6e8a760118a74e77b1
[root@docker02 dockerfile]# vi /opt/wwwroot/index.html
[root@docker02 dockerfile]# cat /opt/wwwroot/index.html
<h1>hello world 666789</h1>
4.3 构建镜像命令
Usage: docker build [OPTIONS] PATH | URL | -[flags]Options:
-t, --tag list # 镜像名称
-f, --file string # 指定Dockerfile文件位置
# docker build -t shykes/myapp .
# docker build -t shykes/myapp -f /path/Dockerfile /path
# docker build -t shykes/myapp http://www.example.com/Dockerfile
4.4 构建Nginx镜像
编译安装一个软件:
- 安装依赖包
- ./configure 检查环境依赖
- make 编译
- make install 安装
[root@docker02 dockerfile]# ls
java nginx php tomcat
[root@docker02 dockerfile]# cd nginx/
[root@docker02 nginx]# cat Dockerfile
FROM centos:7
LABEL maintainer www.ctnrs.com
RUN yum install -y gcc gcc-c++ make \
openssl-devel pcre-devel gd-devel \
iproute net-tools telnet wget curl && \
yum clean all && \
rm -rf /var/cache/yum/*
ADD nginx-1.15.5.tar.gz /
RUN cd nginx-1.15.5 && \
./configure --prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module && \
make -j 4 && make install && \
mkdir /usr/local/nginx/conf/vhost && \
cd / && rm -rf nginx* && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV PATH $PATH:/usr/local/nginx/sbin
COPY nginx.conf /usr/local/nginx/conf/nginx.conf
WORKDIR /usr/local/nginx
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
[root@docker02 nginx]# docker build -t nginx:v2 .
...
Step 10/10 : CMD ["nginx", "-g", "daemon off;"]
---> Running in 0b885420f346
Removing intermediate container 0b885420f346
---> 39a58753df37
Successfully built 39a58753df37
Successfully tagged nginx:v2
映射路径不同
[root@docker02 nginx]# docker run -d --name web3 -p 90:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx:v2
a75c1ca10771f4712a12cf104fc8dcfd26850ab706c7c0f4e4019f7bf8765e7f
[root@docker02 nginx]# docker run -d --name web4 -p 91:80 -v /opt/wwwroot/:/usr/local/nginx/html nginx:v2
cfab3c72c75d0e41c3668f4ffbe0f3ff495bf853d00f124bd9a27c9b30795b4b
4.5 构建Tomcat镜像
[root@docker02 nginx]# cd ..
[root@docker02 dockerfile]# ls
java nginx php tomcat
[root@docker02 dockerfile]# cd tomcat/
[root@docker02 tomcat]# ls
apache-tomcat-8.5.43.tar.gz Dockerfile ROOT.war
[root@docker02 tomcat]# cat Dockerfile
FROM centos:7
MAINTAINER www.ctnrs.com
ENV VERSION=8.5.43
RUN yum install java-1.8.0-openjdk wget curl unzip iproute net-tools -y && \
yum clean all && \
rm -rf /var/cache/yum/*
ADD apache-tomcat-${VERSION}.tar.gz /usr/local/
RUN mv /usr/local/apache-tomcat-${VERSION} /usr/local/tomcat && \
sed -i '1a JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"' /usr/local/tomcat/bin/catalina.sh && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV PATH $PATH:/usr/local/tomcat/bin
WORKDIR /usr/local/tomcat
EXPOSE 8080
CMD ["catalina.sh", "run"]
[root@docker02 tomcat]# docker build -t tomcat:v1 .
...
---> d6d915621b3e
Step 10/10 : CMD ["catalina.sh", "run"]
---> Running in 926cc405c91f
Removing intermediate container 926cc405c91f
---> 6fc8fb7f87a1
Successfully built 6fc8fb7f87a1
Successfully tagged tomcat:v1
[root@docker02 tomcat]# docker run -d -p 8081:8080 tomcat:v1
d7d711b2929429492ee21e07c01ea94bb1f7b4c5b87d2aa4f56c95bc07e49b24
[root@docker02 tomcat]# docker exec -it d7d711b2929429492ee21e07c01ea94bb1f7b4c5b87d2aa4f56c95bc07e49b24 bash
[root@d7d711b29294 tomcat]# cd webapps/
[root@d7d711b29294 webapps]# ls
ROOT docs examples host-manager manager
[root@d7d711b29294 webapps]# cd ROOT/
[root@d7d711b29294 ROOT]# ls
RELEASE-NOTES.txt asf-logo-wide.svg bg-middle.png bg-upper.png index.jsp tomcat.css tomcat.png
WEB-INF bg-button.png bg-nav.png favicon.ico tomcat-power.gif tomcat.gif tomcat.svg
[root@d7d711b29294 ROOT]# vi index.jsp
[root@d7d711b29294 ROOT]# cat index.jsp
<h1>hello tomcat</h1>
[root@d7d711b29294 ROOT]# pwd
/usr/local/tomcat/webapps/ROOT
[root@d7d711b29294 ROOT]# exit
exit
[root@docker02 tomcat]# docker run -d -p 8082:8080 -v /opt/wwwroot/:/usr/local/tomcat/webapps/ROOT tomcat:v1
0afd387c167117ec3829292420a8d2cec738637eae5b84276581faafd34381a1
5. Harbor 镜像仓库搭建与使用
5.1 Harbor概述
Harbor是由VMWare公司开源的容器镜像仓库。事实上,Harbor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
官方:https://goharbor.io/
Github:https://github.com/goharbor/harbor
5.2 Harbor 部署先决条件与部署
5.2.1 Harbor部署:先决条件
服务器硬件配置:
- 最低要求:CPU2核/内存4G/硬盘40GB
- 推荐:CPU4核/内存8G/硬盘160GB
软件:
- Docker CE 17.06版本+
- Docker Compose1.18版本+
Harbor安装有2种方式:
- 在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小
- 离线安装:安装包包含部署的相关镜像,因此安装包比较大
5.2.2 Harbor部署
1、先安装Docker和Docker Compose
https://github.com/docker/compose/releases
上传Harbor和docker-compose安装包
[root@docker02 ~]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@docker02 ~]# chmod +x /usr/bin/docker-compose
[root@docker02 ~]# docker-compose
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file
(default: docker-compose.yml)
-p, --project-name NAME Specify an alternate project name
(default: directory name)
-c, --context NAME Specify a context name
--verbose Show more output
--log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
--no-ansi Do not print ANSI control characters
-v, --version Print version and exit
-H, --host HOST Daemon socket to connect to
--tls Use TLS; implied by --tlsverify
--tlscacert CA_PATH Trust certs signed only by this CA
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the
name specified in the client certificate
--project-directory PATH Specify an alternate working directory
(default: the path of the Compose file)
--compatibility If set, Compose will attempt to convert keys
in v3 files to their non-Swarm equivalent
--env-file PATH Specify an alternate environment file
Commands:
build Build or rebuild services
config Validate and view the Compose file
create Create services
down Stop and remove containers, networks, images, and volumes
events Receive real time events from containers
exec Execute a command in a running container
help Get help on a command
images List images
kill Kill containers
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers
run Run a one-off command
scale Set number of containers for a service
start Start services
stop Stop services
top Display the running processes
unpause Unpause services
up Create and start containers
version Show the Docker-Compose version information
2、部署Harbor HTTP
# tar zxvf harbor-offline-installer-v2.0.0.tgz
# cd harbor
# cp harbor.yml.tmpl harbor.yml
# vi harbor.yml
hostname: reg.ctnrs.com
https: # 先注释https相关配置
harbor_admin_password: Harbor12345
# ./prepare
# ./install.sh
[root@docker02 ~]# tar zvxf harbor-offline-installer-v2.0.0.tgz
harbor/harbor.v2.0.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@docker02 ~]# cd harbor/
[root@docker02 harbor]# ls
common.sh harbor.v2.0.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@docker02 harbor]# cp harbor.yml.tmpl harbor.yml
[root@docker02 harbor]# ls
common.sh harbor.v2.0.0.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@docker02 harbor]# vi harbor.yml
[root@docker02 harbor]# cat harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 10.0.0.66
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
[root@docker02 harbor]# ./prepare
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.0.0' locally
v2.0.0: Pulling from goharbor/prepare
836b6c765c93: Pull complete
7d2118468cd6: Pull complete
ec361edd3da3: Pull complete
96018abb76c1: Pull complete
93a6102d0a5d: Pull complete
5ee1acfc0e3d: Pull complete
2b88cfa69516: Pull complete
5081e058f91e: Pull complete
Digest: sha256:529596e839c481354f9652b3f598b0aa634c57015840d047295dc65a27ffd880
Status: Downloaded newer image for goharbor/prepare:v2.0.0
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@docker02 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.10
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.26.0
[Step 2]: loading Harbor images ...
1f3458bb7308: Loading layer [==================================================>] 8.435MB/8.435MB
74e91bd5ca15: Loading layer [==================================================>] 6.317MB/6.317MB
...
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating redis ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-portal ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
[root@docker02 harbor]# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh Up (healthy) 5432/tcp
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up (healthy) 6379/tcp
registry /home/harbor/entrypoint.sh Up (healthy) 5000/tcp
registryctl /home/harbor/start.sh Up (healthy)
账号:admin
密码:Harbor12345
5.3 基本使用
1、配置http镜像仓库可信任
# vi /etc/docker/daemon.json
{"insecure-registries":["reg.ctnrs.com"]}
# systemctl restart docker
2、打标签
# docker tag centos:7 reg.ctnrs.com/library/centos:7
3、上传
# docker push reg.ctnrs.com/library/centos:7
4、下载
# docker pull reg.ctnrs.com/library/centos:7
[root@docker02 harbor]# docker tag tomcat:v1 10.0.0.66/library/tomcat:v1
[root@docker02 harbor]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.66/library/tomcat v1 6fc8fb7f87a1 34 minutes ago 459MB
tomcat v1 6fc8fb7f87a1 34 minutes ago 459MB
nginx v2 39a58753df37 46 minutes ago 377MB
nginx v1 a9f35ab28121 About an hour ago 420MB
busybox latest cabb9f684f8b 11 days ago 1.24MB
redis latest 7faaec683238 3 weeks ago 113MB
nginx latest 87a94228f133 3 weeks ago 133MB
centos 7 eeb6ee3f44bd 7 weeks ago 204MB
centos latest 5d0da3dc9764 7 weeks ago 231MB
goharbor/chartmuseum-photon v2.0.0 4db8d6aa63e9 18 months ago 127MB
goharbor/redis-photon v2.0.0 c89ea2e53cc0 18 months ago 72.2MB
goharbor/trivy-adapter-photon v2.0.0 6122c52b7e48 18 months ago 103MB
goharbor/clair-adapter-photon v2.0.0 dd2210cb7f53 18 months ago 62MB
goharbor/clair-photon v2.0.0 f7c7fcc52278 18 months ago 171MB
goharbor/notary-server-photon v2.0.0 983ac10ed8be 18 months ago 143MB
goharbor/notary-signer-photon v2.0.0 bee1b6d75e0d 18 months ago 140MB
goharbor/harbor-registryctl v2.0.0 c53c32d58d04 18 months ago 102MB
goharbor/registry-photon v2.0.0 afdc1b7ada36 18 months ago 84.5MB
goharbor/nginx-photon v2.0.0 17892f03e56c 18 months ago 43.6MB
goharbor/harbor-log v2.0.0 5f8ff08e795c 18 months ago 82MB
goharbor/harbor-jobservice v2.0.0 c68a2495bf55 18 months ago 116MB
goharbor/harbor-core v2.0.0 3aa3af64baf8 18 months ago 138MB
goharbor/harbor-portal v2.0.0 e0b1d3c894c4 18 months ago 52.4MB
goharbor/harbor-db v2.0.0 5c76f0296cec 18 months ago 154MB
goharbor/prepare v2.0.0 7266d49995ed 18 months ago 158MB
[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
Get "https://10.0.0.66/v2/": dial tcp 10.0.0.66:443: connect: connection refused
[root@docker02 harbor]# ss -antp|grep 443
[root@docker02 harbor]# vi /etc/docker/daemon.json
[root@docker02 harbor]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries": ["10.0.0.66"]
}
[root@docker02 harbor]# systemctl restart docker
[root@docker02 harbor]# docker info
Client:
Context: default
...
Insecure Registries:
10.0.0.66
127.0.0.0/8
Registry Mirrors:
https://b9pmyelo.mirror.aliyuncs.com/
Live Restore Enabled: false
[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
Get "http://10.0.0.66/v2/": dial tcp 10.0.0.66:80: connect: connection refused
[root@docker02 harbor]# docker-compose up -d
harbor-log is up-to-date
registry is up-to-date
registryctl is up-to-date
Starting harbor-db ...
Starting harbor-db ... done
Starting redis ... done
Starting harbor-core ... done
harbor-jobservice is up-to-date
Starting nginx ... done
[root@docker02 harbor]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (health: starting)
harbor-db /docker-entrypoint.sh Up (health: starting) 5432/tcp
harbor-jobservice /harbor/entrypoint.sh Up (health: starting)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp
nginx nginx -g daemon off; Up (health: starting) 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up (health: starting) 6379/tcp
registry /home/harbor/entrypoint.sh Up (healthy) 5000/tcp
registryctl /home/harbor/start.sh Up (healthy)
[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
98c4b29cf343: Preparing
9336ee301b63: Preparing
ce0d7b0e81fd: Preparing
174f56854903: Preparing
unauthorized: unauthorized to access repository: library/tomcat, action: push: unauthorized to access repository: library/tomcat, action: push
[root@docker02 harbor]# docker login 10.0.0.66
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
98c4b29cf343: Pushed
9336ee301b63: Pushed
ce0d7b0e81fd: Pushed
174f56854903: Pushed
v1: digest: sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b size: 1163
[root@docker02 harbor]# docker tag nginx:v1 10.0.0.66/library/nginx:v1
[root@docker02 harbor]# docker push 10.0.0.66/library/nginx:v1
The push refers to repository [10.0.0.66/library/nginx]
6ae04f43e068: Pushed
174f56854903: Mounted from library/tomcat
v1: digest: sha256:d6807cc4a6d11ac0b362cda23fb1a6684632f5c094e8e83e4e9030a4eabaa42e size: 741
[root@docker01 ~]# docker pull 10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
Error response from daemon: Get https://10.0.0.66/v2/: dial tcp 10.0.0.66:443: connect: connection refused
[root@docker01 ~]# vi /etc/docker/daemon.json
[root@docker01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["10.0.0.66"]
}
[root@docker01 ~]# systemctl restart docker
[root@docker01 ~]# docker pull 10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b: Pulling from library/tomcat
2d473b07cdd5: Already exists
b0b6304a25f3: Pull complete
0e352b2a6d9f: Pull complete
23b3f48b27f0: Pull complete
Digest: sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
Status: Downloaded newer image for 10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
[root@docker01 ~]# docker run -d -p 100:80 10.0.0.66/library/nginx:v1
f072c8139c48ee3397a0419109f5dd9e4976e5b89247bc00c2388b33c5cceefc
[root@docker01 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f072c8139c48 10.0.0.66/library/nginx:v1 "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:100->80/tcp zealous_cohen
[root@docker01 ~]# docker exec -it f072c8139c48 bash
[root@f072c8139c48 /]# cd /usr/share/nginx/html/
[root@f072c8139c48 html]# ls
404.html 50x.html en-US icons img index.html nginx-logo.png poweredby.png
[root@f072c8139c48 html]# ll
total 12
-rw-r--r-- 1 root root 3650 Oct 18 23:55 404.html
-rw-r--r-- 1 root root 3693 Oct 18 23:55 50x.html
lrwxrwxrwx 1 root root 20 Nov 8 14:40 en-US -> ../../doc/HTML/en-US
drwxr-xr-x 2 root root 27 Nov 8 14:40 icons
lrwxrwxrwx 1 root root 18 Nov 8 14:40 img -> ../../doc/HTML/img
lrwxrwxrwx 1 root root 25 Nov 8 14:40 index.html -> ../../doc/HTML/index.html
-rw-r--r-- 1 root root 368 Oct 18 23:55 nginx-logo.png
lrwxrwxrwx 1 root root 14 Nov 8 14:40 poweredby.png -> nginx-logo.png
[root@f072c8139c48 html]# rm -rf *
[root@f072c8139c48 html]# ll
total 0
[root@f072c8139c48 html]# echo 123 > index.html