Docker
- Official website: https://www.docker.com/
- Documentation: https://docs.docker.com/
- Warehouse: https://hub.docker.com/
The composition of Docker
- Mirror (images)
- Container
- Warehouse (registry)
1. Install Docker
#1.卸载原有的Docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#2.安装yum-utils软件包
sudo yum install -y yum-utils
#3.设置稳定的存储库
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
#4.安装Docker
sudo yum install docker-ce docker-ce-cli containerd.io
#5.启动Docker
sudo systemctl start docker
#6.查看版本
docker version
-------------------------------------------
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:25:42 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
#7.测试Docker
sudo docker run hello-world
-------------------------------------------
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
2. The underlying principle
-
Docker Client : Also known as Docker client. In fact, Docker provides command-line interface tools, which is the main way for many Docker users to interact with Docker.
-
Docker daemon : It is a server component that runs as a Linux background service. It is the core background process of Docker. We also call it a daemon. It is responsible for responding to requests from Docker Client and then translating these requests into system calls to complete container management operations.
-
Docker Image : It can be regarded as a special file system. In addition to providing the programs, libraries, resources, configuration and other files needed to run the container, it also contains some parameters (anonymous volume, environment variables, user Wait). The image does not contain any dynamic data, and its content will not be changed after it is built. We can regard the Docker image as a read-only template, through which Docker containers can be created.
-
Docker registry : is a repository for storing docker images
-
Docker Container : It is the running instance of the Docker image. It is the place where project programs are actually run, system resources are consumed, and services are provided.
3. Containers and Virtual Machines
Docker commands
1. Help commands
docker version #版本信息
docker info #详细信息
docker 命令 --help #帮助信息
2. Mirror command
docker images #查看镜像
--------------------------------
#REPOSITORY:镜像名称
#TAG:镜像版本
#IMAGE ID:镜像ID
#CREATED:镜像创建时间
#SIZE:镜像大小
docker images -a #显示所有信息
docker images -q #只显示镜像ID
docker search --help #搜索命令
-----------------------------------
Usage: docker search [可选参数] TERM
Options: #可选参数
-f, --filter filter 根据提供的条件过滤输出
--format string 使用Go模板进行打印搜索
--limit int 最大搜索结果数(默认25)
--no-trunc 不要截断输出
docker pull --help #镜像下载
----------------------------------
Usage: docker pull [可选参数] NAME[:版本号]
Options:
-a, --all-tags 下载存储库中所有标记的图像
--disable-content-trust 跳过图像验证(默认为true)
-q, --quiet 禁止详细输出
----------------------------------------------
[root@wdd ~]# docker pull mysql:5.7
5.7: Pulling from library/mysql#版本信息
afb6ec6fdc1c: Pull complete #分层下载
0bdc5971ba40: Pull complete
97ae94a2c729: Pull complete
f777521d340e: Pull complete
1393ff7fc871: Pull complete
a499b89994d9: Pull complete
7ebe8eefbafe: Pull complete
4eec965ae405: Pull complete
a531a782d709: Pull complete
10e94c02b508: Pull complete
799a94b968ef: Pull complete
Digest: sha256:5c9fd7949bc0f076429fa2c40d0e7406e095bdb5216a923257b31972a6f3ae4f
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7#真实地址
docker rmi --help #镜像删除
Usage: docker rmi [可选参数] IMAGE [镜像名。。。]
Options:
-f, --force 强制删除镜像
--no-prune 不要删除未标记的父级
---------------------------------------------------------
docker rmi -f b84d68d0a7db #删除镜像
docker rmi -f id1 id2 id3 #批量删除镜像
docker rmi -f $(docker images -aq) #删除所有镜像
3. Container Command
docker run --help #运行镜像
Usage: docker run [可选参数] IMAGE [命令] [参数]
--name 容器姓名区分
-d 后台运行
-p 指定端口映射
-P 随机端口映射
-it 交互模式运行,进入容器内部
-v 绑定挂载卷
-e 环境配置,运行内存等
#测试
docker pull centos
#启动
docker run -it 470671670cac /bin/bash
#容器停止并退出
exit
#容器不停止退出
ctrl+P+Q
#显示容器
docker ps 【参数】
-a #显示所有容器包括历史容器
-n=?#参数限定
-q #只显示ID
#删除容器
docker rm id #删除容器,不能删除
docker rm -f $(docker ps -aq) #删除所有容器
docker ps -a -q|xrags docker rm #删除所有容器
#容器启动和停止
docker strat id #启动容器
docker restart id #重启容器
docker stop id #停止容器
docker kill id #强制停止容器
4. Common commands
#后台运行容器
docker run -d id
#docker ps 时容器停止了,后台运行必须有一个前台进程,没有即停止
#查看日志
docker logs -t -f --tail 行数 id
#容器进程
docker top id
#容器元数据
docker inspect id
#进入容器
docker exec -it id /bin/bash #交互模式进入正在运行的容器中,进入后开启新的终端
docker attach id #进入容器正在执行的终端,没有创建新的进程
#拷贝命令
docker cp
Docker mirroring principle
1. Mirror
Mirror is a lightweight, executable independent software package, used to package the software operating environment and development software based on the operating environment, it contains
All the content required for a piece of software, including code, runtime, libraries, environment variables, and configuration files.
- Obtain the mirror image: remote warehouse + friend sharing + self-made
2. Union File System (UnionFS)
-
Union File System (UnionFS) is a hierarchical, lightweight and high-performance file system. It supports the modification of the file system as a one-time improvement.
With layers of overlays, different directories can be mounted under the same virtual file system.
-
The Union file system is the basis of Docker images.
-
Mirroring can be integrated through layers. Based on the basic mirroring, various specific application mirroring can be made.
-
Feature: Load multiple file systems at the same time, but from the outside, only one file system can be seen. Joint loading will stack all layers of file systems
Together, the final file system will contain all the underlying files and directories.
3. Docker image loading principle
-
The docker image is actually composed of a layered file system, this layered file system UnionFS.
-
bootfs (boot file system) mainly includes bootloader and kernel, bootloader is mainly boot loading kernel, Linux just started
When the bootfs file system is loaded, the bottom layer of the Docker image is bootfs. This layer is the same as our typical Linux/Unix system
, Including the boot loader and the kernel. When the boot loading is complete, the entire kernel is stored in the memory. At this time, the right to use the memory has been changed by bootfs
Transfer to the kernel, at this time the system will also uninstall bootfs.
-
roorfs (root file system), on top of bootfs. Included are the /dev, /proc, /bin, /etx and other standards in a typical Linux system
-
Standard directories and files. Rootfs is a variety of different operating system distributions. Such as Ubuntu, Centos and so on.
-
For a streamlined OS, rootfs can be very small, and only need to include the most basic commands, tools and libraries, because the bottom layer directly uses the Host (host) kernel, and you only need to provide rootfs. This shows that For different Linux distributions, bootfs is basically the same, and rootfs will be different, so different distributions can share bootfs.
4. Docker image
-
One of the biggest benefits of using this layered structure is to share resources. For example, if multiple images are built from the same base image, then the host
The machine only needs to save a base image on the disk,
-
At the same time, only one base image needs to be loaded in the memory to serve all containers. And every layer of the mirror can be shared.
-
Docker images are all read-only. When the container starts, a new writable layer is loaded on top of the image. This layer is usually called the "container
"Layer" and "container layer" are called mirror layer.
5. Commit mirror
docker commit [可选参数] 容器id [新镜像名[:版本]]
-a, --author string 作者
-c, --change list 将Dockerfile指令应用于创建的映像
-m, --message string 提交信息
-p, --pause 提交期间暂停容器(默认为true)
Container data volume
**Docker data persistence: **The data generated by the container during operation will not be written in the image. Restarting a new container with this image will initialize the image and add a new read and write layer to save the data . If you want to achieve data persistence, Docker provides a data volume or data container volume to solve the problem. In addition, you can submit a new image through commit to save the generated data.
1. Advantages:
- Bypass the "copy and write" system to [reach the performance of local disk IO], (such as running a container and modifying the content of the data volume in the container will directly change the content of the data volume on the host, so it is a local disk IO performance, instead of writing a copy in the container first, and finally copying the modified content in the container for synchronization.)
- Bypassing the "copy and write" system, some files [do not need to be packaged in docker commit] enter the mirror file.
- Data volume can share and reuse data [between containers]
- Data volume can share data between [Host] and [Container]
- Data volume changes are [direct modification]
- Data volumes are [persistent] until there is no device to use them. Even if the original data volume container or the middle-tier data volume container is deleted, as long as there are other containers using the data volume, the data inside will not be lost.
2. Command mount -v
docker run 【-d】【 -v 宿主机目录:容器目录】 【--name 容器名】 【-p 宿主端口:容器端口】 镜像ID
#启动mysql
#查看元数据
docker inspect 970ffe5b3623
-----------------------------------------
"Mounts": [ #挂载
{
"Type": "bind",
"Source": "/root/mysql/conf", #宿主机目录
"Destination": "/etc/mysql/conf.d", #容器目录,Mysql的配置文件
"Mode": "",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/root/mysql/logs",
"Destination": "/logs",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/root/mysql/data",
"Destination": "/var/lib/mysql",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
3. Named and anonymous mounting
#匿名挂载 -v 容器内路径
docker run -d -P --name nginx01 -v /etc/nginx nginx
#查看所有的卷信息
docker vplume ls
------------------------------
DRIVER VOLUME NAME
local 9f38292179faal78afcce54d80be99d4ddd68c91d2a68870bcece72d2b7ed061
#具名挂载 -v 卷名:容器内路径
docker run -d -P --name nginx02 -v juming-nginx:/etc/nginx nginx
docker volume Is
DRIVER VOLUME NAME
local juming-nginx
docker volume inspect juming-nginx
------------------------------------
Mountpoint:“/var/Lib/docker/voLumes/juming-nginx/_data”
#docker容器内没有指定目录时默认在 /var/Lib/docker/voLumes/xxx/_data
-v 容器路径 #匿名挂载
-v 卷名:容器路径 #具名挂载
-v /路径:容器路径 #路径挂载
docker run -d -P --name nginx02 -v juming-nginx:/etc/nginx:ro nginx
docker run -d -P --name nginx02 -v juming-nginx:/etc/nginx:rw nginx
#ro readonly 只读权限-----只能通过宿主机操作,容器内无法操作
#rw readwrite 可读可写权限
4. Dockerfile mount
vim dockerfile1
FROM centos
VOLUME ["volume1","volume1"] #匿名挂载
CMD echo "-----end------"
CMD /bin/bash
docker build -f /home/dockerfile1 -t wddcentos:1.0 .#创建镜像
5. Data volume synchronization with different containers
Parent container: data volume container
--volume-from #数据备份,双向拷贝
docker -it --name docker01 970ffe5b3623 #父容器
docker -it --name docker02 --volumes-from docker01 970ffe5b3623 #挂载docker01数据
docker -it --name docker03 --volumes-from docker01 970ffe5b3623 #挂载docker01数据
#docker01 docker02 docker03 挂载卷数据共享,持久化保存,删除某个容器数据仍存在
DockerFile
Dockerfile is a text file used to build a mirror. The text contains instructions and instructions for building a mirror.
- Create file-vim file-docker build-docker run-docker commit-docker push
1. dockerfile command
-
Keep keyword capitalization
-
Each command is a layer
-
#Comment
-
DockerFile-Docker image-Docker container
FROM #基础容器
MAINTAINER #作者 姓名+邮箱
RUN #用于执行后面跟着的命令行命令
ADD #
WORKDIR #镜像的工作目录
VOLUME #挂载的目录
EXPOSE #暴漏端口配置
CMD #指定这个容据启动的时候要运行的今,只有最后一个会生效,可被替代
ENTRYPOINT #指定这个容器启动的时候运行的指今,可追加命令
ONBUILD #用于延迟构建命令的执行,新的镜像使用镜像时,执行命令
Docker-Compose
Manage images by writing docker-compose.yml files
docker-compose up -d #启动docker-compose
docker-compose down #关闭docker容器
docker-compose restart #重启docker容器
docker-compose up -d --build #从新构建docker镜像
docker manage redis
version: '3'
services:
redis:
restart: always
image: redis:latest
container_name: redis
ports:
- 6379:6379
volumes:
- ./data:/data
- ./conf/redis.conf:/usr/local/redis/redis.conf
- ./logs:/logs
command:
redis-server /usr/local/redis/redis.conf"
docker-compose up -d
#Start docker-compose down #Close docker container
docker-compose restart #Restart docker container
docker-compose up -d --build #Build docker image from new
docker manage redis
version: '3'
services:
redis:
restart: always
image: redis:latest
container_name: redis
ports:
- 6379:6379
volumes:
- ./data:/data
- ./conf/redis.conf:/usr/local/redis/redis.conf
- ./logs:/logs
command:
redis-server /usr/local/redis/redis.conf"