一、使用Docker的限制
1、要想使用linux容器,内核版本要高于3.8以上,并且至少在linux内核级要支持两种技术,namespaces和CGroups。接着借助于在用户空间组织一些工具,利用内核级所提供的这些技术, 从而实现容器运行的目的,Docker在容器运行使用简化的道路上又近了一步,Docker提供了镜像,而且是分层构建联合挂载的方式,使得容器技术的使用更加被简化。后来在Docker的主导下,又有了OCI和OCF标准。
OCI(Open Container Initiative):由Linux基金会主导于2015年6月创立,OCI定义了容器运行时的标准,
OCI有两部分组成:
the Runtime Specification:运行时标准
the image Specification:镜像格式标准
OCF(Open Container Format):runC是Docker按照开放容器格式标准(OCF)制定的一种具体实现,runC是从Docker的libcontainer中迁移而来的,实现了容器启停,资源隔离等功能,Docker默认提供了docker-runc实现。
二、Docker的镜像
默认Docker的镜像是集中放置在Docker Hub上的,docker在创建容器时,Docker会先检查本地是否有镜像,如果没有会到docker hub上去下载指定的镜像到本地,并且下载下来的镜像在容器使用结束后不会删除,镜像是不可修改的,只能重构。下面是docker的整体架构
三、Docker的安装及使用
3.1、依赖及基础环境:
1、64 bits CPU
2、Linux Kernel 3.10+
3、 Linux Kernel cgroups and namespaces
3.2、centos 7安装方式
1、extras repository;默认centos7的yum仓库extras就有docker,版本比较老,下载新版本的docker的yum仓库
[root@MiWiFi-R3L-srv ~]# cd /etc/yum.repos.d/
[root@MiWiFi-R3L-srv yum.repos.d]# wget https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
[root@MiWiFi-R3L-srv yum.repos.d]# sed -i 's#https://download.docker.com#https://mirrors.tuna.tsinghua.edu.cn/docker-ce#g' docker-ce.repo
[root@MiWiFi-R3L-srv yum.repos.d]# yum update
[root@MiWiFi-R3L-srv yum.repos.d]# yum install docker-ce
2、docker-ce的配置文件;需要手动创建
[root@MiWiFi-R3L-srv yum.repos.d]# mkdir /etc/docker/
[root@MiWiFi-R3L-srv docker]# echo -e '{\n\t"registry-mirrors": ["https://registry.docker-cn.com"]\n}' >/etc/docker/daemon.json
[root@MiWiFi-R3L-srv docker]# systemctl start docker.service
[root@MiWiFi-R3L-srv docker]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.06.1-ce
Storage Driver: overlay2 # docker要实现分层构建,联合挂载。必须使用这种文件系统来支持。在centos7.4以前用的是device mapper,这种是lvm的实现,在docker上性能极差,还不稳定,已经废弃。
......
......
......
在能看到上面的一系列信息,说明docker已经安装成功并可以使用了
3、docker 仓库格式
[root@MiWiFi-R3L-srv docker]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 10034 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con?? 1440 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of?? 633 [OK]
jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container to use with nginx as p?? 428 [OK]
kong Open-source Microservice & API Management la?? 237 [OK]
webdevops/php-nginx Nginx with PHP-FPM 117 [OK]
kitematic/hello-world-nginx A light-weight nginx container that demonstr?? 112
zabbix/zabbix-web-nginx-mysql Zabbix frontend based on Nginx web-server wi?? 74 [OK]
bitnami/nginx Bitnami nginx Docker Image 58 [OK]
1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 48 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS?? 42
tobi312/rpi-nginx NGINX on Raspberry Pi / armhf 23 [OK]
blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 12 [OK]
wodby/drupal-nginx Nginx for Drupal container image 11 [OK]
centos/nginx-18-centos7 Platform for running nginx 1.8 or building n?? 8
webdevops/nginx Nginx container 8 [OK]
nginxdemos/hello NGINX webserver that serves a simple page co?? 8 [OK]
centos/nginx-112-centos7 Platform for running nginx 1.12 or building ?? 5
1science/nginx Nginx Docker images that include Consul Temp?? 4 [OK]
travix/nginx NGinx reverse proxy 2 [OK]
mailu/nginx Mailu nginx frontend 2 [OK]
pebbletech/nginx-proxy nginx-proxy sets up a container running ngin?? 2 [OK]
toccoag/openshift-nginx Nginx reverse proxy for Nice running on same?? 1 [OK]
ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 0 [OK]
wodby/nginx Generic nginx 0 [OK]
上面列表中,没有/分隔开的仓库是顶级仓库,一般是docker hub官方的。带/分隔开的是个人用户创建的镜像
4、启动一个docker镜像
docker run命令启动容器时会先在本地仓库查找镜像,如果没有在去docker hub仓库中下载镜像并启动
[root@MiWiFi-R3L-srv docker]# docker container run --name nginx1 -d nginx:stable
Unable to find image 'nginx:stable' locally # 说明本地仓库中没有nginx:stable镜像
stable: Pulling from library/nginx
f17d81b4b692: Pull complete
3df1ab0a1750: Pull complete
576b56a453df: Pull complete
Digest: sha256:8b600a4d029481cc5b459f1380b30ff6cb98e27544fc02370de836e397e34030
Status: Downloaded newer image for nginx:stable # 从docker hub仓库中下载nginx:stable镜像成功
d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1
[root@MiWiFi-R3L-srv docker]# docker container ls # 查看正在运行的容器,发现nginx:stable已经正常运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 4 minutes ago Up 4 minutes 80/tcp nginx1
查看正在运行的容器详细信息
[root@MiWiFi-R3L-srv docker]# docker container inspect nginx1
[
{
"Id": "d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1",
"Created": "2018-10-31T13:45:39.761183953Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 30605,
"ExitCode": 0,
"Error": "",
"StartedAt": "2018-10-31T13:45:40.064902138Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:ecc98fc2f376d6560311b66d6958e4350a5a485ee07aa2d1235842d0bce440da",
"ResolvConfPath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/hostname",
"HostsPath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/hosts",
"LogPath": "/var/lib/docker/containers/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1/d5eb28ecbc5cbe86fb430c4098361b7199c9147e79c06096868746dc638ebec1-json.log",
"Name": "/nginx1",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/asound",
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b-init/diff:/var/lib/docker/overlay2/30039edd43cad0ec36a0fb2e546da0b33bb38336d2fa548e2cfca11a382b1ecb/diff:/var/lib/docker/overlay2/3e588e0ac8a29338bf759041cee08eff0bc955e47f7f32b0fe65c6536cb83a2b/diff:/var/lib/docker/overlay2/c80f5826b0afb09f3cd5ff12fa5a16e67aa2aaed0ae7ea0b36aeffc218559abd/diff",
"MergedDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b/merged",
"UpperDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b/diff",
"WorkDir": "/var/lib/docker/overlay2/99e98bcb3268cca54fb9964a69452a424e9de607df50ef6ce1631da4be9f203b/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "d5eb28ecbc5c",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.14.0-1~stretch",
"NJS_VERSION=1.14.0.0.2.0-1~stretch"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"ArgsEscaped": true,
"Image": "nginx:stable",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGTERM"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "045cba9e5a6f39424dfb35c57d0ca43c9e335004d76c3dda36552aac740e014f",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/045cba9e5a6f",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "3c28fb379c1c2018d05ae03ff163aae9a0c5c12621282e0d98f803daadaf97a6",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "0a0cc62c3f1fba5667917f833b002ad0f5c1342acb61ff67317e17544e7a7ea1",
"EndpointID": "3c28fb379c1c2018d05ae03ff163aae9a0c5c12621282e0d98f803daadaf97a6",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
IPAddress是当前容器监听的网络地址,下面尝试访问nginx
[root@MiWiFi-R3L-srv docker]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h2>Welcome to nginx!</h2>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
5、停止一个容器
[root@MiWiFi-R3L-srv docker]# docker container stop nginx1 # 停止一个运行中的容器,kill相当于 kill -9 ,stop相当于kill -15
nginx1
[root@MiWiFi-R3L-srv docker]# docker container ls # ls 只能看到正在运行中的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@MiWiFi-R3L-srv docker]# docker container ls -a # ls -a 可以看到停止状态的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 11 minutes ago Exited (0) 10 seconds ago nginx1
6、启动一个停止的容器
[root@MiWiFi-R3L-srv docker]# docker container start nginx1
nginx1
[root@MiWiFi-R3L-srv docker]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 14 minutes ago Up 3 seconds 80/tcp nginx1
7、暂停/取消暂停一个运行中的容器
[root@MiWiFi-R3L-srv docker]# docker container pause nginx1 # 暂停一个nginx容器
nginx1
[root@MiWiFi-R3L-srv docker]# docker container ls # 可以看到nginx的容器现在处于Paused状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 15 minutes ago Up About a minute (Paused) 80/tcp nginx1
[root@MiWiFi-R3L-srv docker]#
[root@MiWiFi-R3L-srv docker]# docker container unpause nginx1 # 取消一个容器的暂停状态
nginx1
[root@MiWiFi-R3L-srv docker]# docker container ls # nginx容器的状态又恢复运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5eb28ecbc5c nginx:stable "nginx -g 'daemon of?? 16 minutes ago Up About a minute 80/tcp nginx1
8、在容器中执行交互命令
[root@MiWiFi-R3L-srv docker]# docker container exec -it redis1 /bin/sh
/data # ps
PID USER TIME COMMAND
1 redis 0:00 redis-server
25 root 0:00 /bin/sh
29 root 0:00 ps
9、在终端查看容器中进程的日志
[root@MiWiFi-R3L-srv docker]# docker container logs nginx1
172.17.0.1 - - [31/Oct/2018:13:54:40 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
172.17.0.1 - - [31/Oct/2018:14:02:19 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
172.17.0.1 - - [31/Oct/2018:14:14:17 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
四、docker容器的状态转换和各常用命令