一、前言
Docker是供开发人员和系统管理员 使用容器构建,共享和运行应用程序的平台。使用容器来部署应用程序称为容器化。容器不是新的,但用于轻松部署应用程序的容器却是新的。
容器化越来越受欢迎,因为容器是:
灵活:即使最复杂的应用程序也可以容器化。
轻量级:容器利用并共享主机内核,在系统资源方面比虚拟机更有效。
可移植:您可以在本地构建,部署到云并在任何地方运行。
松散耦合:容器是高度自给自足并封装的容器,使您可以在不破坏其他容器的情况下更换或升级它们。
可扩展:您可以在数据中心内增加并自动分发容器副本。
安全:容器将积极的约束和隔离应用于流程,而无需用户方面的任何配置。
二、安装
01环境准备
我是虚拟机环境安装的redhat 8.0操作系统,docker官方说linux内核至少3.8以上,建议3.10以上,在CentOS6或者redhat6的环境中,是可以支持docker,但是需要升级内核版本,所以一般使用linux 7以上的系统。
1、查看内核版本
[root@localhost ~]# uname -a
Linux docker 4.18.0-80.el8.x86_64 #1 SMP Wed Mar 13 12:02:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
02在线安装-方式一
1、安装所需的软件包,存储驱动程序需要 device-mapper-persistent-data 和 lvm2。因为目前没有8的源,所以我们使用7版本的yum源来安装更新软件包。
[root@localhost yum.repos.d]# wget http://mirrors.163.com/.help/CentOS7-Base-163.repo
--2019-12-04 04:03:19-- http://mirrors.163.com/.help/CentOS7-Base-163.repo
Resolving mirrors.163.com (mirrors.163.com)... 59.111.0.251
Connecting to mirrors.163.com (mirrors.163.com)|59.111.0.251|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1572 (1.5K) [application/octet-stream]
Saving to: ‘CentOS7-Base-163.repo’
CentOS7-Base-163.repo 100%[==================================================================================>] 1.54K --.-KB/s in 0s
2019-12-04 04:03:19 (69.5 MB/s) - ‘CentOS7-Base-163.repo’ saved [1572/1572]
yum install -y yum-utils device-mapper-persistent-data lvm2
2、下载docker软件源
[root@localhost ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2424 100 2424 0 0 2818 0 --:--:-- --:--:-- --:--:-- 2818
[root@localhost ~]# ls -l /etc/yum.repos.d/docker-ce.repo
-rw-r--r--. 1 root root 2424 Dec 4 05:49 /etc/yum.repos.d/docker-ce.repo
[root@localhost ~]# yum clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
16 files removed
3、安装docker,yum install docker-ce docker-ce-cli containerd.io
[root@localhost ~]# yum install docker-ce docker-ce-cli containerd.io
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
CentOS-7 - Base - 163.com 4.9 MB/s | 10 MB 00:02
CentOS-7 - Extras - 163.com 79 kB/s | 251 kB 00:03
CentOS-7 - Updates - 163.com 3.0 MB/s | 5.4 MB 00:01
Docker CE Stable - x86_64 7.0 kB/s | 21 kB 00:02
Dependencies resolved.
====================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================
Installing:
containerd.io x86_64 1.2.10-3.2.el7 docker-ce-stable 23 M
replacing runc.x86_64 1.0.0-54.rc5.dev.git2abd837.module+el8+2769+577ad176
docker-ce x86_64 3:19.03.5-3.el7 docker-ce-stable 24 M
docker-ce-cli x86_64 1:19.03.5-3.el7 docker-ce-stable 39 M
Installing dependencies:
libcgroup x86_64 0.41-21.el7 base 66 k
Transaction Summary
====================================================================================================================================================================
Install 4 Packages
Total download size: 87 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): libcgroup-0.41-21.el7.x86_64.rpm 386 kB/s | 66 kB 00:00
(2/4): containerd.io-1.2.10-3.2.el7.x86_64.rpm 4.3 MB/s | 23 MB 00:05
(3/4): docker-ce-19.03.5-3.el7.x86_64.rpm 3.4 MB/s | 24 MB 00:07
(4/4): docker-ce-cli-19.03.5-3.el7.x86_64.rpm 4.6 MB/s | 39 MB 00:08
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 10 MB/s | 87 MB 00:08
warning: /var/cache/dnf/base-8a7b2b482470a99b/packages/libcgroup-0.41-21.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
CentOS-7 - Base - 163.com 1.5 kB/s | 1.7 kB 00:01
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
Fingerprint: 6341 AB27 53D7 8A78 A7C2 7BB1 24C6 A8A7 F4A8 0EB5
From : http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Key imported successfully
warning: /var/cache/dnf/docker-ce-stable-091d8a9c23201250/packages/containerd.io-1.2.10-3.2.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Docker CE Stable - x86_64 1.3 kB/s | 1.6 kB 00:01
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) <[email protected]>"
Fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35
From : https://download.docker.com/linux/centos/gpg
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : docker-ce-cli-1:19.03.5-3.el7.x86_64 1/5
Running scriptlet: docker-ce-cli-1:19.03.5-3.el7.x86_64 1/5
Installing : containerd.io-1.2.10-3.2.el7.x86_64 2/5
Running scriptlet: containerd.io-1.2.10-3.2.el7.x86_64 2/5
Running scriptlet: libcgroup-0.41-21.el7.x86_64 3/5
Installing : libcgroup-0.41-21.el7.x86_64 3/5
Running scriptlet: libcgroup-0.41-21.el7.x86_64 3/5
Installing : docker-ce-3:19.03.5-3.el7.x86_64 4/5
Running scriptlet: docker-ce-3:19.03.5-3.el7.x86_64 4/5
Obsoleting : runc-1.0.0-54.rc5.dev.git2abd837.module+el8+2769+577ad176.x86_64 5/5
Running scriptlet: runc-1.0.0-54.rc5.dev.git2abd837.module+el8+2769+577ad176.x86_64 5/5
Verifying : libcgroup-0.41-21.el7.x86_64 1/5
Verifying : containerd.io-1.2.10-3.2.el7.x86_64 2/5
Verifying : runc-1.0.0-54.rc5.dev.git2abd837.module+el8+2769+577ad176.x86_64 3/5
Verifying : docker-ce-3:19.03.5-3.el7.x86_64 4/5
Verifying : docker-ce-cli-1:19.03.5-3.el7.x86_64 5/5
Installed products updated.
Installed:
containerd.io-1.2.10-3.2.el7.x86_64 docker-ce-3:19.03.5-3.el7.x86_64 docker-ce-cli-1:19.03.5-3.el7.x86_64 libcgroup-0.41-21.el7.x86_64
Complete!
[root@localhost ~]#
4、启动docker查看版本。
[root@localhost ~]# systemctl start docker
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:25:41 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:24:18 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
5、设置开机启动
[root@localhost ~]# systemctl enable docker
03离线安装-方式二
; 在线yum安装需要依靠互联网络才能完成,但是在实际生产上,一般的服务器环境并不不能满足需求,在内部网络。这种情况下,需要使用离线的方式进行安装。
1、找一台能够访问互联网的电脑,通过yum源下载需要安装docker的相关包。
[root@localhost yum.repos.d]# yum install docker-ce --downloadonly --downloaddir=/tmp/docker
[root@localhost yum.repos.d]# ls -l /tmp/docker/
总用量 100844
-rw-r--r--. 1 root root 261632 8月 23 05:20 audit-2.8.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root 104408 8月 23 05:20 audit-libs-2.8.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root 78256 8月 23 05:20 audit-libs-python-2.8.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root 302068 11月 12 2018 checkpolicy-2.5-8.el7.x86_64.rpm
-rw-r--r--. 1 root root 24250280 10月 19 05:56 containerd.io-1.2.10-3.2.el7.x86_64.rpm
-rw-r--r--. 1 root root 40212 9月 16 20:34 container-selinux-2.107-3.el7.noarch.rpm
-rw-r--r--. 1 root root 25671976 11月 15 02:19 docker-ce-19.03.5-3.el7.x86_64.rpm
-rw-r--r--. 1 root root 41396672 11月 15 02:19 docker-ce-cli-19.03.5-3.el7.x86_64.rpm
-rw-r--r--. 1 root root 67720 8月 23 05:29 libcgroup-0.41-21.el7.x86_64.rpm
-rw-r--r--. 1 root root 165932 11月 12 2018 libselinux-2.5-14.1.el7.x86_64.rpm
-rw-r--r--. 1 root root 241132 11月 12 2018 libselinux-python-2.5-14.1.el7.x86_64.rpm
-rw-r--r--. 1 root root 155092 11月 12 2018 libselinux-utils-2.5-14.1.el7.x86_64.rpm
-rw-r--r--. 1 root root 154244 11月 12 2018 libsemanage-2.5-14.el7.x86_64.rpm
-rw-r--r--. 1 root root 115284 11月 12 2018 libsemanage-python-2.5-14.el7.x86_64.rpm
-rw-r--r--. 1 root root 304196 11月 12 2018 libsepol-2.5-10.el7.x86_64.rpm
-rw-r--r--. 1 root root 938152 8月 23 05:39 policycoreutils-2.5-33.el7.x86_64.rpm
-rw-r--r--. 1 root root 468236 8月 23 05:39 policycoreutils-python-2.5-33.el7.x86_64.rpm
-rw-r--r--. 1 root root 32880 7月 4 2014 python-IPy-0.75-6.el7.noarch.rpm
-rw-r--r--. 1 root root 504072 12月 3 23:57 selinux-policy-3.13.1-252.el7_7.6.noarch.rpm
-rw-r--r--. 1 root root 7315152 12月 3 23:57 selinux-policy-targeted-3.13.1-252.el7_7.6.noarch.rpm
-rw-r--r--. 1 root root 635184 11月 12 2018 setools-libs-3.3.8-4.el7.x86_64.rpm
2、安装docker包
1、该列表是针对当前系统需要安装和更新的一些依赖包版本信息,可对照自己当前的系统是否满足。
====================================================================================================================================================================
Package 架构 版本 源 大小
====================================================================================================================================================================
正在安装:
docker-ce x86_64 3:19.03.5-3.el7 docker-ce-stable 24 M
为依赖而安装:
audit-libs-python x86_64 2.8.5-4.el7 base 76 k
checkpolicy x86_64 2.5-8.el7 base 295 k
container-selinux noarch 2:2.107-3.el7 extras 39 k
containerd.io x86_64 1.2.10-3.2.el7 docker-ce-stable 23 M
docker-ce-cli x86_64 1:19.03.5-3.el7 docker-ce-stable 39 M
libcgroup x86_64 0.41-21.el7 base 66 k
libsemanage-python x86_64 2.5-14.el7 base 113 k
policycoreutils-python x86_64 2.5-33.el7 base 457 k
python-IPy noarch 0.75-6.el7 base 32 k
setools-libs x86_64 3.3.8-4.el7 base 620 k
为依赖而更新:
audit x86_64 2.8.5-4.el7 base 256 k
audit-libs x86_64 2.8.5-4.el7 base 102 k
libselinux x86_64 2.5-14.1.el7 base 162 k
libselinux-python x86_64 2.5-14.1.el7 base 235 k
libselinux-utils x86_64 2.5-14.1.el7 base 151 k
libsemanage x86_64 2.5-14.el7 base 151 k
libsepol x86_64 2.5-10.el7 base 297 k
policycoreutils x86_64 2.5-33.el7 base 916 k
selinux-policy noarch 3.13.1-252.el7_7.6 updates 492 k
selinux-policy-targeted noarch 3.13.1-252.el7_7.6 updates 7.0 M
事务概要
====================================================================================================================================================================
安装 1 软件包 (+10 依赖软件包)
升级 ( 10 依赖软件包)
2、按以下顺序执行安装。
[root@localhost docker]# rpm -Uvh *
警告:containerd.io-1.2.10-3.2.el7.x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID 621e9f35: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:libsepol-2.5-10.el7 ################################# [ 3%]
2:libselinux-2.5-14.1.el7 ################################# [ 6%]
3:audit-libs-2.8.5-4.el7 ################################# [ 10%]
4:libsemanage-2.5-14.el7 ################################# [ 13%]
5:libselinux-utils-2.5-14.1.el7 ################################# [ 16%]
6:policycoreutils-2.5-33.el7 ################################# [ 19%]
7:selinux-policy-3.13.1-252.el7_7.6################################# [ 23%]
8:libcgroup-0.41-21.el7 ################################# [ 26%]
9:selinux-policy-targeted-3.13.1-25################################# [ 29%]
10:libsemanage-python-2.5-14.el7 ################################# [ 32%]
11:audit-libs-python-2.8.5-4.el7 ################################# [ 35%]
12:libselinux-python-2.5-14.1.el7 ################################# [ 39%]
13:setools-libs-3.3.8-4.el7 ################################# [ 42%]
14:python-IPy-0.75-6.el7 ################################# [ 45%]
15:docker-ce-cli-1:19.03.5-3.el7 ################################# [ 48%]
16:checkpolicy-2.5-8.el7 ################################# [ 52%]
17:policycoreutils-python-2.5-33.el7################################# [ 55%]
18:container-selinux-2:2.107-3.el7 ################################# [ 58%]
19:containerd.io-1.2.10-3.2.el7 ################################# [ 61%]
20:docker-ce-3:19.03.5-3.el7 ################################# [ 65%]
21:audit-2.8.5-4.el7 ################################# [ 68%]
正在清理/删除...
22:selinux-policy-targeted-3.13.1-16################################# [ 71%]
23:selinux-policy-3.13.1-166.el7 ################################# [ 74%]
24:policycoreutils-2.5-17.1.el7 ################################# [ 77%]
25:libsemanage-2.5-8.el7 ################################# [ 81%]
26:libselinux-utils-2.5-11.el7 ################################# [ 84%]
27:libselinux-python-2.5-11.el7 ################################# [ 87%]
28:libselinux-2.5-11.el7 ################################# [ 90%]
29:audit-2.7.6-3.el7 ################################# [ 94%]
30:audit-libs-2.7.6-3.el7 ################################# [ 97%]
31:libsepol-2.5-6.el7 ################################# [100%]
[root@localhost docker]#
3、启动服务,查看信息
[root@localhost docker]# systemctl start docker
[root@localhost docker]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since 三 2020-01-15 15:15:22 CST; 3s ago
Docs: http://docs.docker.com
Main PID: 13354 (dockerd-current)
CGroup: /system.slice/docker.service
├─13354 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgr...
└─13360 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --st...
1月 15 15:15:21 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:21.138051373+08:00" level=info msg="libcontainerd: new containerd p...: 13360"
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.276751112+08:00" level=info msg="Graph migration to content-addr...seconds"
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.277939418+08:00" level=info msg="Loading containers: start."
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.308882339+08:00" level=info msg="Firewalld running: true"
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.499607890+08:00" level=info msg="Default bridge (docker0) is ass...address"
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.780128577+08:00" level=info msg="Loading containers: done."
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.797867676+08:00" level=info msg="Daemon has completed initialization"
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.797925267+08:00" level=info msg="Docker daemon" commit="7f2769b/...n=1.13.1
1月 15 15:15:22 localhost.localdomain dockerd-current[13354]: time="2020-01-15T15:15:22.801762380+08:00" level=info msg="API listen on /var/run/docker.sock"
1月 15 15:15:22 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost docker]#
[root@localhost docker]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.5
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-693.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.4 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.789GiB
Name: localhost.localdomain
ID: J5RS:VTF7:YWWN:V2QR:YFW3:26XC:Z75X:KJ65:3BIY:HWGM:XJXN:4VDP
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: fals
三、配置docker
首先介绍一下docker一些常用的命令
1、镜像相关
docker search java:在Docker Hub(或阿里镜像)仓库中搜索关键字(如java)的镜像
docker pull java:8:从仓库中下载镜像,若要指定版本,则要在冒号后指定
docker images:列出已经下载的镜像
docker rmi java:删除本地镜像
docker build:构建镜像
2、容器相关
docker run -d -p 91:80 nginx :在后台运行nginx,若没有镜像则先下载,并将容器的80端口映射为宿主机的91端口。
-d:后台运行
-P:随机端口映射
-p:指定端口映射
-net:网络模式
docker ps:列出运行中的容器
docker ps -a :列出所有的容器
docker stop 容器id:停止容器
docker kill 容器id:强制停止容器
docker start 容器id:启动已停止的容器
docker inspect 容器id:查看容器的所有信息
docker container logs 容器id:查看容器日志
docker top 容器id:查看容器里的进程
docker exec -it 容器id /bin/bash:进入容器
exit:退出容器
docker rm 容器id:删除已停止的容器
docker rm -f 容器id:删除正在运行的容器
通过docker command --help命令可以查看更多详细用法
[root@localhost ~]# docker command --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default
"/root/.docker")
-c, --context string Name of the context to use to connect to the
daemon (overrides DOCKER_HOST env var and
default context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level
("debug"|"info"|"warn"|"error"|"fatal")
(default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default
"/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default
"/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default
"/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
builder Manage builds
config Manage Docker configs
container Manage containers
context Manage contexts
engine Manage the docker engine
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
修改docker存储位置
查看当前docker存储位置,默认是/var/lib/docker
[root@localhost ~]# docker info |grep 'Docker Root Dir'
Docker Root Dir: /var/lib/docker
修改docker默认的存储位置,然后重启docker服务。
[root@localhost ~]# vim /etc/docker/daemon.json
{
"graph": "/docker"
}
[root@localhost ~]# systemctl restart docker
查看修改后的存储路径,可以看到已经变为/docker
[root@localhost ~]# docker info |grep 'Docker Root Dir'
Docker Root Dir: /docker
配置Docke 镜像加速
1、默认是没有开启镜像加速的,需要在/etc/docker/daemon.json文件增加加速配置"registry-mirrors":[“https://registry.docker-cn.com”,注意和之前的配置之间用,号隔开
[root@localhost ~]# vi /etc/docker/daemon.json
{
"graph": "/docker",
"registry-mirrors":["https://registry.docker-cn.com"]
}
2、加载docker配置文件,并重启docker服务,可以看到下面已经有了镜像加速的信息
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.5
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-80.el8.x86_64
Operating System: Red Hat Enterprise Linux 8.0 (Ootpa)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.775GiB
Name: localhost.localdomain
ID: B76K:NGRC:Q66M:SAD6:S52Y:WPJK:TI5I:4XQR:5XJ4:QCT4:RGRT:QHWJ
Docker Root Dir: /docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
Live Restore Enabled: false
配置Docke 镜像
1、查看镜像,默认是没有镜像的
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]#
2、搜索镜像,并下载,以tomcat镜像为例
[root@localhost docker]# docker search tomcat
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
tomcat Apache Tomcat is an open source implementati… 2574 [OK]
tomee Apache TomEE is an all-Apache Java EE certif… 71 [OK]
dordoka/tomcat Ubuntu 14.04, Oracle JDK 8 and Tomcat 8 base… 53 [OK]
bitnami/tomcat Bitnami Tomcat Docker Image 30 [OK]
kubeguide/tomcat-app Tomcat image for Chapter 1 28
consol/tomcat-7.0 Tomcat 7.0.57, 8080, "admin/admin" 16 [OK]
cloudesire/tomcat Tomcat server, 6/7/8 15 [OK]
aallam/tomcat-mysql Debian, Oracle JDK, Tomcat & MySQL 12 [OK]
arm32v7/tomcat Apache Tomcat is an open source implementati… 10
rightctrl/tomcat CentOS , Oracle Java, tomcat application ssl… 5 [OK]
maluuba/tomcat7-java8 Tomcat7 with java8. 4
unidata/tomcat-docker Security-hardened Tomcat Docker container. 4 [OK]
amd64/tomcat Apache Tomcat is an open source implementati… 2
arm64v8/tomcat Apache Tomcat is an open source implementati… 2
i386/tomcat Apache Tomcat is an open source implementati… 1
camptocamp/tomcat-logback Docker image for tomcat with logback integra… 1 [OK]
99taxis/tomcat7 Tomcat7 1 [OK]
oobsri/tomcat8 Testing CI Jobs with different names. 1
ppc64le/tomcat Apache Tomcat is an open source implementati… 1
secoresearch/tomcat-varnish Tomcat and Varnish 5.0 0 [OK]
cfje/tomcat-resource Tomcat Concourse Resource 0
appsvc/tomcat 0
jelastic/tomcat An image of the Tomcat Java application serv… 0
picoded/tomcat7 tomcat7 with jre8 and MANAGER_USER / MANAGER… 0 [OK]
s390x/tomcat Apache Tomcat is an open source implementati… 0
[root@localhost docker]# docker pull tomcat
Using default tag: latest
latest: Pulling from library/tomcat
844c33c7e6ea: Pull complete
ada5d61ae65d: Pull complete
f8427fdf4292: Pull complete
f025bafc4ab8: Pull complete
67b8714e1225: Pull complete
64b12da521a3: Pull complete
2e38df533772: Pull complete
4144d55bbb47: Pull complete
a767078bbe38: Pull complete
81f4cc5808bc: Pull complete
Digest: sha256:996d406c509a4ebe2f4e96eeda331a354f1663b7ec0ff06685b75c4decef7325
Status: Downloaded newer image for tomcat:latest
docker.io/library/tomcat:latest
[root@localhost docker]#
可以查看到刚下载的镜像
[root@localhost docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 6408fdc94212 11 days ago 507MB
启动镜像容器
[root@localhost ~]# docker run -it tomcat /bin/bash
docker: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "process_linux.go:449: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
ERRO[0001] error waiting for container: context canceled
[root@localhost ~]# ls -l /proc/self/attr/keycreate
-rw-rw-rw-. 1 root root 0 Dec 9 02:32 /proc/self/attr/keycreate
[root@localhost ~]# more /etc/selinux/
config semanage.conf targeted/
[root@localhost ~]# more /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
报错docker: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused “process_linux.go:449: container init caused “write /proc/self/attr/keycreate: permission denied””: unknown.
ERRO[0001] error waiting for container: context canceled ,我们看keycreate文件是有写权限的,但是selinux显示是启用的,selinux是linux为了系统安全性做的控制,所以先关闭再试一下,将selinux改成disabled,然后重启操作系统。
重新启动容器,启动了一个bash交互终端,可以看到已经登陆到tomcat的容器里面了
[root@localhost ~]# docker run -it tomcat /bin/bash
root@2a8bbfb35a9f:/usr/local/tomcat#
root@2a8bbfb35a9f:/usr/local/tomcat# hostname
2a8bbfb35a9f
这种方式启动退出之后容器是没有运行的,我们需要加-d参数将容器放在后台运行,使用docker ps查看运行中的容器。
root@2a8bbfb35a9f:/usr/local/tomcat# exit
exit
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker run -dit tomcat /bin/bash
900348fc8288bbc6949fc452197c74035ef388ee9d8b98edb2a54af796c1b85d
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
900348fc8288 tomcat "/bin/bash" 8 seconds ago Up 7 seconds 8080/tcp vigilant_bhaskara
[root@localhost ~]# docker exec -it 900348fc8288 /bin/bash
root@900348fc8288:/usr/local/tomcat# exit
exit
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
900348fc8288 tomcat "/bin/bash" About a minute ago Up About a minute 8080/tcp vigilant_bhaskara
看到容器是启动了,但是我从外部访问不到,最后直接指定端口启动
[root@localhost docker]# docker run -d -p 8080:8080 tomcat
129ea7942bc7b5f8ce4bb8df930501937c1caf1a26b28cb9744cc9a44b73d711
[root@localhost docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
129ea7942bc7 tomcat "catalina.sh run" 3 minutes ago Up 3 minutes 0.0.0.0:8080->8080/tcp strange_meitner
可以看到tomcat已经启动成功
