目前常用的Linux发行版主要包括Debian/Ubuntu系列和CentOS/Fedora系统。前者以自带软件包版本较新而出名,后者则宣称运行更稳定一些。选择哪个操作系统取决于读者的具体需求。同时,社区学推出了完全基于Docker的Linux发行版CentOS。
使用Docker,只需要一个命令就能快速获取一个Linux发行版镜像,这是以往包括各种虚拟化技术都难以实现的。这些镜像一般都很精简,但是可以支持完整Linux系统的大部分功能。
本章将介绍如何使用Docker安装和使用BusyBox、Alphine、Debin/Ubuntu、CentOS/Fedora等操作系统。
9.1 BusyBox
BusyBox是一个集成了一百多个最常用Linux命令和工具的精简工具箱,它只有几MB的大小,很方便进行各种快速验证。
在Docker Hub中搜索busybox相关的镜像:
[root@localhost ~]# docker search busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED busybox Busybox base image. 1251 [OK] progrium/busybox 66 [OK] hypriot/rpi-busybox-httpd Raspberry Pi compatible Docker Image with a … 40 radial/busyboxplus Full-chain, Internet enabled, busybox made f… 19 [OK] hypriot/armhf-busybox Busybox base image for ARM. 9 arm32v7/busybox Busybox base image. 5 armhf/busybox Busybox base image. 4 i386/busybox Busybox base image. 2 p7ppc64/busybox Busybox base image for ppc64. 2 prom/busybox Prometheus Busybox Docker base images 2 [OK] aarch64/busybox Busybox base image. 2 yauritux/busybox-curl Busybox with CURL 2 sequenceiq/busybox 2 [OK] s390x/busybox Busybox base image. 2 armel/busybox Busybox base image. 2 onsi/grace-busybox 2 ppc64le/busybox Busybox base image. 1 arm64v8/busybox Busybox base image. 1 spotify/busybox Spotify fork of https://hub.docker.com/_/bus… 1 odise/busybox-curl 1 [OK] concourse/busyboxplus 0 ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK] cfgarden/garden-busybox 0 trollin/busybox 0 amd64/busybox Busybox base image. 0
用户可以使用docker pull指令下载镜像busybox:latest
[root@localhost ~]# dockekr pull busybox:latlst
下载后,可以看到busybox镜像只有1.15M
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 7 e934aafc2206 4 weeks ago 199MB busybox latest 8ac48589692a 5 weeks ago 1.15MB
启动一人busybox容器,并在容器内查看挂载信息,如下所示:
[root@localhost ~]# docker run -it busybox / # mount rootfs on / type rootfs (rw) /dev/mapper/docker-253:0-68001902-e3fbd5b445be3be17b7696e714f4b5619c86aefd2960655c6f7eae2898558734 on / type xfs (rw,seclabel,relatime,nouuid,attr2,inode64,logbsize=64k,sunit=128,swidth=128,noquota) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755) devpts on /dev/pts type devpts (rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666) sysfs on /sys type sysfs (ro,seclabel,nosuid,nodev,noexec,relatime) tmpfs on /sys/fs/cgroup type tmpfs (ro,seclabel,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/net_cls type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/hugetlb type cgroup (ro,nosuid,nodev,noexec,relatime,hugetlb) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio) mqueue on /dev/mqueue type mqueue (rw,seclabel,nosuid,nodev,noexec,relatime) /dev/mapper/centos-root on /etc/resolv.conf type xfs (rw,seclabel,relatime,attr2,inode64,noquota) /dev/mapper/centos-root on /etc/hostname type xfs (rw,seclabel,relatime,attr2,inode64,noquota) /dev/mapper/centos-root on /etc/hosts type xfs (rw,seclabel,relatime,attr2,inode64,noquota) shm on /dev/shm type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=65536k) devpts on /dev/console type devpts (rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666) proc on /proc/bus type proc (ro,relatime) proc on /proc/fs type proc (ro,relatime) proc on /proc/irq type proc (ro,relatime) proc on /proc/sys type proc (ro,relatime) proc on /proc/sysrq-trigger type proc (ro,relatime) tmpfs on /proc/kcore type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755) tmpfs on /proc/keys type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755) tmpfs on /proc/timer_list type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755) tmpfs on /proc/timer_stats type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755) tmpfs on /proc/sched_debug type tmpfs (rw,seclabel,nosuid,size=65536k,mode=755) tmpfs on /proc/scsi type tmpfs (ro,seclabel,relatime) tmpfs on /sys/firmware type tmpfs (ro,seclabel,relatime) / #
busybox镜像虽然小巧,但包括了大量常见的Linux命令,读者可以用它快速熟悉Linux命令。
9.2 Alpine
包管理工具:
https://pkgs.alpinelinux.org/packages 查询包信息。
通过apk命令直接查询安装各种软件。
1.使用官方镜像
[root@localhost ~]# docker run alpine echo '123' Unable to find image 'alpine:latest' locally latest: Pulling from library/alpine ff3a5c916c92: Pull complete Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0 Status: Downloaded newer image for alpine:latest 123
用了7s
[root@localhost ~]# time docker run alpine echo '123' Unable to find image 'alpine:latest' locally latest: Pulling from library/alpine ff3a5c916c92: Pull complete Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0 Status: Downloaded newer image for alpine:latest 123 real 0m7.072s user 0m0.139s sys 0m0.038s
9.3 Debian/Ubuntu
1.Debian系统简介和使用
搜索debian镜像
[root@localhost ~]# docker search debian NAME DESCRIPTION STARS OFFICIAL AUTOMATED ubuntu Ubuntu is a Debian-based Linux operating sys… 7657 [OK] debian Debian is a Linux distribution that's compos… 2567 [OK] google/debian 52 [OK] neurodebian NeuroDebian provides neuroscience research s… 50 [OK] arm32v7/debian Debian is a Linux distribution that's compos… 35 armhf/debian Debian is a Linux distribution that's compos… 31 itscaro/debian-ssh debian:jessie 23 [OK] resin/armv7hf-debian Debian is a Linux distro composed entirely o… 18 samueldebruyn/debian-git a minimal docker container with debian and g… 16 [OK] eboraas/debian Debian base images, for all currently-availa… 8 [OK] i386/debian Debian is a Linux distribution that's compos… 7 rockyluke/debian Docker images of Debian. 5 smartentry/debian debian with smartentry 4 [OK] vergissberlin/debian-development Docker debian image to use for development, … 4 [OK] vicamo/debian Debian docker images for all versions/archit… 3 ppc64le/debian Debian is a Linux distribution that's compos… 2 s390x/debian Debian is a Linux distribution that's compos… 2 vpgrp/debian Docker images of Debian. 1 holgerimbery/debian debian multiarch docker base image 1 dockershelf/debian Repository for docker images of Debian. Test… 1 [OK] jdub/debian-sources-resource Concourse CI resource to check for updated D… 0 [OK] trollin/debian 0 igneoussystems/base-debian-client Base image for debian clients 0 casept/debian-amd64 A debian image built from scratch. Mostly fo… 0 fleshgrinder/debian Debian base images for production and multis… 0 [OK] [root@localhost ~]#面向科研领域neurodebin镜像
[root@localhost ~]# docker run -it debian bash Unable to find image 'debian:latest' locally latest: Pulling from library/debian cc1a78bfd46b: Pull complete Digest: sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f Status: Downloaded newer image for debian:latest root@f4d68aee7222:/#debian镜像很适合作为基础镜像,用于构建自定义镜像。
2.ubuntu系统简介和使用
ubuntu相关镜像有很多,在docker hub 上使用-s 10 参数进行搜索,只搜索那些收藏10次以上的镜像:
[root@localhost ~]# docker search -s 10 ubuntu Flag --stars has been deprecated, use --filter=stars=3 instead NAME DESCRIPTION STARS OFFICIAL AUTOMATED ubuntu Ubuntu is a Debian-based Linux operating sys… 7657 [OK] dorowu/ubuntu-desktop-lxde-vnc Ubuntu with openssh-server and NoVNC 180 [OK] rastasheep/ubuntu-sshd Dockerized SSH service, built on top of offi… 146 [OK] ansible/ubuntu14.04-ansible Ubuntu 14.04 LTS with ansible 91 [OK] ubuntu-upstart Upstart is an event-based replacement for th… 86 [OK] neurodebian NeuroDebian provides neuroscience research s… 50 [OK] ubuntu-debootstrap debootstrap --variant=minbase --components=m… 38 [OK] 1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 34 [OK] nuagebec/ubuntu Simple always updated Ubuntu docker images w… 23 [OK] tutum/ubuntu Simple Ubuntu docker images with SSH access 18 i386/ubuntu Ubuntu is a Debian-based Linux operating sys… 13 ppc64le/ubuntu Ubuntu is a Debian-based Linux operating sys… 12
下面以Ubuntu 14.04为例,演示如何使用该容器安装一些常用软件。
首先使用-ti参数启动容器,登录bash,查看ubuntu的发行版本号:
[root@localhost ~]# docker run -ti ubuntu:14.04 /bin/bash root@b412a5b98153:/# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty root@b412a5b98153:/#
当月试图直接使用apt-get安装一个软件的时候,会提示E: Unable to locate package curl
root@b412a5b98153:/# apt-get install curl Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package curl
怕并非系统不支持apt-get命令。Docker镜像在制作时为了精简清除了apt仓库信息,因此需要执行apt-get update命令来更新仓库信息。更新信息后,即可成功通过apt-get命令安装软件:
root@b412a5b98153:/# apt-get update Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB] Ign http://archive.ubuntu.com trusty InRelease Get:2 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB] Get:3 http://security.ubuntu.com trusty-security/universe Sources [88.0 kB] Get:4 http://archive.ubuntu.com trusty-backports InRelease [65.9 kB] Get:5 http://archive.ubuntu.com trusty Release.gpg [933 B] Get:6 http://security.ubuntu.com trusty-security/main amd64 Packages [913 kB] Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [252 kB] Get:8 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1339 kB] Get:9 http://security.ubuntu.com trusty-security/restricted amd64 Packages [18.1 kB] Get:10 http://security.ubuntu.com trusty-security/universe amd64 Packages [289 kB] Get:11 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [21.4 kB] Get:12 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [584 kB] Get:13 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4725 B] Get:14 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [16.0 kB] Get:15 http://archive.ubuntu.com trusty-backports/main amd64 Packages [14.7 kB] Get:16 http://archive.ubuntu.com trusty-backports/restricted amd64 Packages [40 B] Get:17 http://archive.ubuntu.com trusty-backports/universe amd64 Packages [52.5 kB] Get:18 http://archive.ubuntu.com trusty-backports/multiverse amd64 Packages [1392 B] Get:19 http://archive.ubuntu.com trusty Release [58.5 kB] Get:20 http://archive.ubuntu.com trusty/universe Sources [7926 kB] Get:21 http://archive.ubuntu.com trusty/main amd64 Packages [1743 kB] Get:22 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0 kB] Get:23 http://archive.ubuntu.com trusty/universe amd64 Packages [7589 kB] Get:24 http://archive.ubuntu.com trusty/multiverse amd64 Packages [169 kB] Fetched 21.3 MB in 40s (523 kB/s) Reading package lists... Done root@b412a5b98153:/#
安装curl 工具
root@b412a5b98153:/# apt-get install curl -y Reading package lists... Done Building dependency tree Reading state information... Done ... Processing triggers for libc-bin (2.19-0ubuntu6.14) ... Processing triggers for ca-certificates (20170717~14.04.1) ... Updating certificates in /etc/ssl/certs... 148 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d....done. root@b412a5b98153:/#
接下来,再安装apache服务:
root@b412a5b98153:/# apt-get install -y apache2
启动这个apache服务,然后使用curl来测试本地访问:
root@b412a5b98153:/# service apache2 start * Starting web server apache2 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message *
配合使用-p参数对外映射服务端口,可以允许外来容器访问该服务。
9.4 Centos/Fedora
在Docker Hub上使用docker search命令搜索标星至少为25的CentOS相关镜像,如下所示:
[root@localhost ~]# docker search -f stars=25 centos NAME DESCRIPTION STARS OFFICIAL AUTOMATED centos The official build of CentOS. 4275 [OK] ansible/centos7-ansible Ansible on Centos7 109 [OK] jdeathe/centos-ssh CentOS-6 6.9 x86_64 / CentOS-7 7.4.1708 x86_… 95 [OK] consol/centos-xfce-vnc Centos container with "headless" VNC session… 52 [OK] imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 40 [OK] tutum/centos Simple CentOS docker image with SSH access 39 gluster/gluster-centos Official GlusterFS Image [ CentOS-7 + Glust… 30 [OK] centos/mysql-57-centos7 MySQL 5.7 SQL database server 27
2.Fedora系统简介及使用
在Docker Hub 上使用docker search命令来搜索标星至少为2的Fedrora相关镜像,结果如下:
[root@localhost ~]# docker search -f stars=2 fedora NAME DESCRIPTION STARS OFFICIAL AUTOMATED fedora Official Docker builds of Fedora 657 [OK] mattdm/fedora A basic Fedora image corresponding roughly t… 49 fedora/apache 34 [OK] mattsch/fedora-nzbhydra Fedora NZBHydra 5 [OK] darksheer/fedora22 Base Fedora 22 Image -- Updated hourly 2 [OK] vbatts/fedora-varnish https://github.com/vbatts/laughing-octo/tree… 2 [OK]
使用docker run 命令直接运行Fedora官方镜像,并登录bash:
[root@localhost ~]# docker run -it fedora bash Unable to find image 'fedora:latest' locally latest: Pulling from library/fedora e71c36a80ba9: Pull complete Digest: sha256:74d8985b737de78af3d06450b8e48768b66fedf8868684e8fcf47c8253f84282 Status: Downloaded newer image for fedora:latest [root@6811667a13ac /]# cat /etc/redhat-release Fedora release 28 (Twenty Eight) [root@6811667a13ac /]#
9.5 本章小结
本章讲解了典型操作系统镜像的下载和使用,除了官方的镜像之外,在Docker Hub上还有许多第三方组织或个人上传的Docker镜像。读者可以根据具体情况来选择。一般来说注意如下 几点:
官方镜像体积都比较小,只带有一些基本的组件。精简的系统有利于安全、稳定和高效运行,也适合进行定制。
个别第三方镜像(如tutum,已被Docker收购)质量非常高。这些镜像通常针对某个具体应用进行配置,比如、包含LAMP组件的Ubuntu镜像。
出于安全考虑,几乎所有的官方制作的镜像都没有安装SSH服务,无法使用用户名和密码直接登录。
后续章节中,笔者将介绍如何创建一个带SSH服务的Docker镜像。