1.Docker环境准备
Docker安装启动
[root@linux-node1 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) #推荐使用CentOS7或ubuntu系统,无需升级内核 [root@linux-node1 ~]# uname -a Linux linux-node1.example.com 3.10.0-327.18.2.el7.x86_64 #1 SMP Thu May 12 11:03:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@linux-node1 ~]# yum install -y docker #安装Docker [root@linux-node1 ~]# docker –v #查看Docker版本 #CentOS7默认装的版本为1.10,可以使用官方源安装最新版1.12 Docker version 1.10.3, build d381c64-unsupported [root@linux-node1 ~]# systemctl start docker #启动Docker [root@linux-node1 ~]# systemctl status docker #查看Docker运行状态 ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2016-10-06 23:43:41 CST; 2h 3min ago Docs: http://docs.docker.com Main PID: 3109 (docker-current) CGroup: /system.slice/docker.service └─3109 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald [root@linux-node1 ~]# ifconfig docker #Docker服务会创建一个docker0的网桥 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:20:6f:77:87 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.Docker镜像管理
探索镜像(docker search): 默认会从DockerHub中搜索镜像
获取镜像(docker pull)
[root@linux-node1 ~]# docker pull centos #会去官方pull一个centos和nginx的镜像 [root@linux-node1 ~]# docker pull nginx
导入导出镜像(docker load/save)
[root@linux-node1 ~]# docker load -i centos.tar #导入镜像,docker load < centos.tar也行 [root@linux-node1 ~]# docker save -o centos.tar centos #导出centos镜像
查看镜像(docker images)
删除镜像(docker rmi)
[root@linux-node1 ~]# docker rmi 4efb2fcdb1ab #删除镜像,有容器正在运行的镜像无法删除
3.Docker容器管理
启动容器(docker run)
[root@linux-node1 ~]# docker run centos /bin/echo 'hello world' hello world #启动一个容器,并输出hello world,然后容器自动停止 [root@linux-node1 ~]# docker ps #docker ps显示正在运行的镜像 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@linux-node1 ~]# docker ps –a #显示所有容器运行记录,容器名称,命令,创建结束时间 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c36bfe9c6852 centos "/bin/echo 'hello wor" 2 minutes ago Exited (0) 2 minutes ago jolly_fermi(容器自己随机取的名字) #新建一个mydocker的容器,镜像为centos,它有三个参数,--name 给容器起个名称,-t是伪终端分配一个tty,-i打开容器的标准输入,参数要放在镜像名称前,如果没有centos镜像,docker会去DockerHub上把centos镜像pull下来再启动,最后为要执行的命令,可以没有。 [root@linux-node1 ~]# docker run --name mydocker -t -i centos /bin/bash [root@dd67401551be /]# ls / #进入到容器里边 anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var [root@dd67401551be /]# uname –a Linux dd67401551be 3.10.0-327.18.2.el7.x86_64 #1 SMP Thu May 12 11:03:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@dd67401551be /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.3 0.0 11776 1868 ? Ss 18:12 0:00 /bin/bash root 16 0.0 0.0 47424 1656 ? R+ 18:12 0:00 ps aux [root@dd67401551be /]# cat /proc/cpuinfo #查看到的是物理机的硬件信息,docker隔离性没虚拟机做的好 processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz stepping : 3 microcode : 0x1e cpu MHz : 2494.237 cache size : 6144 KB [root@dd67401551be /]# free -h total used free shared buff/cache available Mem: 3.7G 811M 2.4G 9.1M 502M 2.7G Swap: 2.0G 0B 2.0G [root@dd67401551be /]# exit #退出容器,/bin/bash进程终止,容器也就终止,容器是给进程做隔离用的,虚拟机是给操作系统做隔离用的。 [root@linux-node1 ~]# docker start mydocker #使用容器名称启动容器,默认执行之前的命令 mydocker [root@linux-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dd67401551be centos "/bin/bash" 13 minutes ago Up 4 seconds mydocker
停止容器(docker stop)
[root@linux-node1 ~]# docker ps #查看当前正在运行的容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23451135be94 nginx "nginx -g 'daemon off" 4 hours ago Up 4 hours 80/tcp, 443/tcp gloomy_hypatia dd67401551be centos "/bin/bash" 5 hours ago Up 5 hours mydocker [root@linux-node1 ~]# docker stop mydocker #停止容器,stop后接容器名称或container id mydocker [root@linux-node1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23451135be94 nginx "nginx -g 'daemon off" 4 hours ago Up 4 hours 80/tcp, 443/tcp gloomy_hypatia
查看容器(docker ps)
[root@linux-node1 ~]# docker ps #查看当前正在运行的容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23451135be94 nginx "nginx -g 'daemon off" 4 hours ago Up 4 hours 80/tcp, 443/tcp gloomy_hypatia dd67401551be centos "/bin/bash" 5 hours ago Up 5 hours mydocker [root@linux-node1 ~]# docker ps -a #查看所有容器运行状态、记录、命令等信息 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23451135be94 nginx "nginx -g 'daemon off" 4 hours ago Up 4 hours 80/tcp, 443/tcp gloomy_hypatia dd67401551be centos "/bin/bash" 5 hours ago Exited (137) 2 minutes ago mydocker e40f77f4a2ad mynginx:v2 "nginx" 3 weeks ago Exited (137) 3 weeks ago elated_turing 2dbbb20d98a9 centos "/bin/bash" 3 weeks ago Exited (1) 3 weeks ago mynginx
进入容器(docker attach | docker exec | nsenter)
[root@linux-node1 ~]# docker attach mydocker #进入到正在运行的容器中,但是单用户模式,生产不用 [root@dd67401551be /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1872 ? Ss 18:25 0:00 /bin/bash root 15 0.0 0.0 47424 1660 ? R+ 18:32 0:00 ps aux
[root@linux-node1 ~]# docker exec mydocker ps aux #只执行命令看看,不进入容器中 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1660 ? Ss+ 18:39 0:00 /bin/bash root 96 0.0 0.0 47424 1660 ? Rs 18:54 0:00 ps aux [root@linux-node1 ~]# docker exec -it mydocker /bin/bash #进入容器执行,退出后会继续运行,最佳实践还是用脚本 [root@dd67401551be /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1660 ? Ss+ 18:39 0:00 /bin/bash root 100 0.1 0.0 11776 1876 ? Ss 18:55 0:00 /bin/bash root 113 0.0 0.0 47424 1656 ? R+ 18:56 0:00 ps aux [root@dd67401551be /]# exit exit [root@linux-node1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dd67401551be centos "/bin/bash" 44 minutes ago Up 16 minutes mydocker
#生产中使用nsenter进入容器,系统没有nsenter可以使用yum install -y util-linux安装,ns是命名空间的缩写,nsenter意思是进到命名空间里面
[root@dd67401551be /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 11776 1872 ? Ss 18:25 0:00 /bin/bash
root 15 0.0 0.0 47424 1660 ? R+ 18:32 0:00 ps aux
[root@linux-node1 ~]# docker start mydocker
mydocker
[root@linux-node1 ~]# docker inspect -f "{{ .State.Pid }}" mydocker #获取运行容器的Pid
5582
[root@linux-node1 ~]# nsenter -t 5582 -m -u -i -n –p #使用nsenter进入容器
[root@dd67401551be /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 18:39 ? 00:00:00 /bin/bash #容器运行的bash
root 14 0 0 18:43 ? 00:00:00 -bash #nsenter运行的bash
root 56 14 0 18:44 ? 00:00:00 ps –ef
#使用nsenter进入容器的时候创建的bash,所以现在退出容器不会终止,因为/bin/bash还在跑
[root@dd67401551be /]# exit #退出
logout
[root@linux-node1 ~]# docker ps #mydocker容器还在运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dd67401551be centos "/bin/bash" 35 minutes ago Up 8 minutes mydocker
#生产中进入容器方法:写一个脚本,给脚本传个容器名称
[root@linux-node1 ~]# vim docker_in.sh
#!/bin/bash
#Use nsenter go access docker
docker_in(){
NAME_ID=$1
PID=$(docker inspect -f "{{.State.Pid}}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1
[root@linux-node1 ~]# chmod +x docker_in.sh
[root@linux-node1 ~]# ./docker_in.sh mydocker
[root@dd67401551be /]# exit
logout
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dd67401551be centos "/bin/bash" 41 minutes ago Up 13 minutes mydocker删除容器(docker rm)
[root@linux-node1 ~]# docker rm mydocker #删除容器,如果容器正在运行加-f参数即可 mydocker [root@linux-node1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23451135be94 nginx "nginx -g 'daemon off" 5 hours ago Up 5 hours 80/tcp, 443/tcp gloomy_hypatia [root@linux-node1 ~]# docker run --rm centos /bin/echo "haha" #执行完命令后删除容器 haha [root@linux-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dd67401551be centos "/bin/bash" 50 minutes ago Up 22 minutes mydocker e40f77f4a2ad mynginx:v2 "nginx" 3 weeks ago Exited (137) 3 weeks ago elated_turing 2dbbb20d98a9 centos "/bin/bash" 3 weeks ago Exited (1) 3 weeks ago mynginx
后台运行容器(docker run -d)
[root@linux-node1 ~]# docker run -d nginx #后台运行docker容器并输出容器ID号 23451135be949f507c810aba7f6c815ef14083adda777e59b0779fefc148b71c [root@linux-node1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23451135be94 nginx "nginx -g 'daemon off" 5 seconds ago Up 4 seconds 80/tcp, 443/tcp gloomy_hypatia
容器日志(docker logs)
[root@linux-node1 ~]# docker logs 23451135be94 #docker logs后接容器名或id #查看容器访问日志,由于没有访问故无输出,下章写docker容器网络访问再演示。
