Author: Jing brother docker Technology Introduction
1. What has docker changed?
- Environment 192.168.29.157
- Product-oriented: product interaction
- For development: simplify environment configuration
- Test-oriented: multi-version testing
- For operation and maintenance: environmental consistency
- Architecture-oriented: Automated expansion and contraction (microservices)
2. Docker installation
- Install yum source
Since yum does not have Docker-CE, we need to add docker repo first:
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - Use yum to install docker to
view the kernel version Docker requires that the kernel version of the CentOS system is higher than 3.10
[root@localhost ~]# uname -r
3.10.0-327.el7.x86_64
Upgrade the kernel: yum -y update kernel
first install Docker necessary dependencies :
Yum install -y yum-utils device-mapper-persistent-data lvm2
View the docker version in the warehouse
[root@localhost ~]# yum list docker-ce --showduplicates | sort -r
[root@localhost ~]# yum install- y docker-ce #Install docker
verification:
[root@localhost ~]# echo $?
0
[root@localhost ~]# docker -v
Docker version 19.03.4, build 9013bf583a - 启动docker
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker.service
[root@localhost ~]# systemctl enable docker #开机启动 - Docker public warehouse optimization
Because domestic access to Docker Hub is slow, you can use the domestic mirror source provided by Tencent Cloud to speed up access to Docker Hub
and execute the following commands in sequence
echo "OPTIONS='--registry-mirror=https://mirror.ccs.tencentyun. com'” >> /etc/sysconfig/docker
systemctl daemon-reload
systemctl restart docker.service - Docker uses domestic mirror warehouses
[root@localhost ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": [ "https://registry.docker-cn.com"],"graph":"/data/docker"
}
Download path: "graph":"/data/docker"
-
Docker directory information
docker console log path: /var/lib/docker/containers #nginx console log is also here.
Mirror acceleration:
https://www.daocloud.io/mirror#accelerator-doccurl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
3.Docker command
3.1、查看远程仓库的镜像: docker search centos -s 10 #前10名的
3.2、下载远程仓库的镜像: docker pull centos #centos是远程镜像的名字
3.3、查看本地下载的镜像: docker images
3.4、保存镜像到本地: docker save centos > /opt/centos2019.tar.gz
3.5、删除本地镜像:docker rmi 0f3e07c0138f #0f3e07c0138f是IMAGE ID 多个ID请删除名字:版本
3.6、导入本地镜像包:docker load < /opt/centos2019.tar.gz
3.7、启动一个镜像容器:docker run --name mycentos -t -i centos /bin/bash
3.8、查看镜像运行的容器:docker ps -a
3.9、退出已进入的容器:exit
3.10、重启之前的容器:docker start 07d9dc0f9d90 #07d9dc0f9d90 容器的 id
3.11、进去容器:docker attach 07d9dc0f9d90 #退出后容器也退出 容器是单进程的
3.12、获取容器的pid:docker inspect --format "{
{.State.Pid}}" 07d9dc0f9d90
3.13、进入容器:nsenter -t $pid -u -i -p
3.14、停止一个容器:docker stop 07d9dc0f9d90
3.15、删除一个容器:docker rm 07d9dc0f9d90
3.16、说明:删除一个运行的容器需要加-f
4. Docker network and storage
- docker network
description: docker uses port mapping by default to make a certain port of the container map to the outside, one is random mapping, the other is designated mapping
4.1, ip a #Query has a nat mode docker 0 network card
4.2, random mapping: docker run -d -P --name mytestnginx nginx
4.3, view the log of the docker running process: docker logs 7d1c49bb9d3d # 7d1c49bb9d3d is the id of the container
4.4, specify the port mapping: docker run -d -p 88:80 --name mynginx88 nginx - Docker storage
Description: Docker provides three different ways to mount data from the host to the container:
volumes, bind mounts and tmpfs
volumes: Docker manages a part of the host's file system (/var/lib/docker/volumes)
bind mounts : Can be stored in any location of the host system (equivalent to being a soft connection)
tmpfs: mount is stored in the memory of the host system, and will not be written to the host's file system (rarely used)
management volume:
[ root@VM_192_8_centos ~]# docker volume ls #Query the created volume
[root@VM_192_8_centos ~]# docker volume create nginx-vol #Create the storage volume used by nginx
[root@VM_192_8_centos ~]# docker volume inspect nginx-vol #Query Information of the
created volume Create a container with the volume:
[root@VM_192_8_centos ~]# docker run -d -it --name=nginx-test --mount src=nginx-vol,dst=/usr/share/nginx/html nginx
[root@VM_192_8_centos ~]# docker run -d -it -p 88:80 --name=nginx-test -v nginx-vol:/usr/share/nginx/html nginx
enters the container:
[root@VM_192_8_centos _data]# docker exec -it nginx-test bash
root@dbc79dc3099a:/# cd /usr/share/nginx/html/
root@dbc79dc3099a:/usr/share/nginx/html# ls
50x.html index.html xiajing.html
root@dbc79dc3099a:/usr/share/nginx/html# vi xiajing.html
bash: vi: command not found
root@dbc79dc3099a:/usr/share/nginx/html# echo "2019" > xiajing.html
There are two default storage methods for docker: 1, data volume 2, data volume container
4.5, data volume: docker run -it -v /opt/test:/opt --name mycentos centos
4.6, data volume container:
- Create a data volume: docker run -d --name mytestcentos -v /data centos
- View container information: docker inspect 63e22e4c2b1a #Find the physical path where monts is mounted
- Create a data volume container: docker run -it --name mytest1 --volumes-from mytestcentos centos
5. Manually create a mirror
5.1.
Instructions for installing nginx in the container : https://mirrors.aliyun.com/epel/ download the rpm source
[root@localhost ~]# docker run --name mynginx -it centos
[root@9bbcb0090fb2 /]# rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
Retrieving https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.KarnVr: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:epel-release-7-12 ################################# [100%]
[root@9bbcb0090fb2 /]# yum install -y nginx
5.2. Create your own mirror:
[root@localhost ~]# docker commit -m "my frist docker" 9bbcb0090fb2 xiajing/mynginx:v1
sha256:76bfcefe561365d043e0e2caa7465a74a56725e96e03d4dd510791caa56ae36f
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 540a289bab6c Less than a second ago 126MB
centos latest 0f3e07c0138f Less than a second ago 220MB
xiajing/mynginx v1 76bfcefe5613 9 seconds ago 331MB
[root@localhost ~]#
Start the created image: docker run -it --name mycentos-nginx xiajing/mynginx:v1
Modify the container nginx foreground operation: [root@ca5a843f5fc8 /]# vi /etc/nginx/nginx.conf
daemon off;
5.3. Create the foreground Run the nginx image:
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca5a843f5fc8 xiajing/mynginx:v1 "/bin/bash" 4 minutes ago Exited (130) 11 seconds ago mycentos-nginx
9bbcb0090fb2 centos "/bin/bash" 27 minutes ago Exited (130) 15 minutes ago mynginx
c11596e6d6d9 centos "/bin/bash" 39 minutes ago Exited (127) 29 minutes ago mydata
fac7cbcdcdb1 centos "/bin/bash" 45 minutes ago Exited (0) 42 minutes ago mytestcentos1
63e22e4c2b1a centos "/bin/bash" 53 minutes ago Exited (0) 53 minutes ago mytestcentos
ba951ffe5a8d centos "/bin/bash" About an hour ago Exited (0) About an hour ago mycentos
6eaf16f7b61f nginx "nginx -g 'daemon of…" 3 hours ago Up 3 hours 0.0.0.0:88->80/tcp mynginx88
[root@localhost ~]# docker commit -m "my 2 docker" ca5a843f5fc8 xiajing/mynginx:v2
sha256:93eb1231cfcd0601ce78abb2b8529370b41a3cebf30fca4df027dfb19f1651d9
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 540a289bab6c Less than a second ago 126MB
centos latest 0f3e07c0138f Less than a second ago 220MB
xiajing/mynginx v2 93eb1231cfcd 50 seconds ago 331MB
xiajing/mynginx v1 76bfcefe5613 11 minutes ago 331MB
[root@localhost ~]#
5.4. Start the container you installed:
docker run -d -p 85:80 --name mycentos-nginx2 xiajing/mynginx:v2 nginx # nginx is the command to start nginx
docker run -d -v /opt/test:/usr/share /nginx/html -p 89:80 --name mycentos-nginx3 xiajing/mynginx:v2 nginx
6, Dockerfile build image
Dockerfile construction steps: 1. Basic image information 2. Maintainer information 3. Image operation instructions 4. Container startup and execution commands
Dockerfile construction commands:
7, docker transportation
Reference: https://blog.csdn.net/egworkspace/article/details/80518647
-
Apply for a free certificate in Tencent Cloud
Use the domain name m5c.top you applied for to apply for a Tencent Cloud ssl certificate for docker.m5c.top, otherwise you need to use OpenSSL to generate it yourself. This is also the practice mentioned in many blog posts and does not guarantee success; -
Installation and configuration An nginx
installation and configuration an nginx, using a proxy can use user authentication; (nginx optional)
nginx http configuration:upstream docker { zone myapp1 64k; server 127.0.0.1:5000 weight=1 max_fails=3 fail_timeout=30s; } server { listen 443; server_name docker.m5c.top; ssl on; ssl_certificate /usr/local/ssl_nginx/1_docker.m5c.top_bundle.crt; ssl_certificate_key /usr/local/ssl_nginx/2_docker.m5c.top.key; client_max_body_size 0; chunked_transfer_encoding on; location / { auth_basic Docker"; auth_basic_user_file /usr/local/nginx/conf/dockerpasswd; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass https://docker; } }Authentication command information: htpasswd -c /usr/local/nginx/conf/dockerpasswd Docker #Enter the password
Our user is Docker and the password is xiajing3673 -
Docker downloads a Docker Registry
command: docker pull registry:2
Note: When I pull, I specify TAG, which means that the v2 version of the registry is used. For the v1 version of the registry, readers don’t need to care about it, it is basically eliminated ;
Run command: docker run -d -p 5000:5000 -v /usr/local/registry:/var/lib/registry --restart=always --name registry registry:2
verification, readers can pull a busybox image ( Because of its small size), perform experiments:
docker pull busybox
pulls the latest busybox image, then tag it and prepare to publish it to the Registry:
docker tag busybox localhost:5000/bosybox:v1.0 and
finally push it to the Registry;
docker push localhost:5000/bosybox:v1.0
At this point, the Registry has a busybox:v1.0 image. At this time, you don’t need to go to the Docker Hub to pull it. You can use the self-built Registry to
docker pull localhost:5000 /bosybox:v1.0
If you want to check which mirrors the remote warehouse has, you can run the following command: curl http://localhost:5000/v2/_catalog
Note: So far, we have built a "semi-finished product" of the Docker Registry. It is said to be a "semi-finished product" because the Registry can only work normally on the local machine. If you try to push the image up on other hosts, the result will fail. -
Transform the Registry based on the SSL certificate.
My domain name docker.m5c.top's SSL Tencent certificate has been configured in nginx
in the nginx.conf configuration file. You need to pay attention because the access to the Registry is done through the REST API, and it is the HTTPS access protocol. , So in the configuration of the location node, proxy_pass is configured as https://registry. If it is configured as http://registry, once the Docker Registry is enabled with SSL, it will not be accessible.
Re-enable a container:
docker run -d -p 5000:5000 -v /usr/local/registry:/var/lib/registry -v /usr/local/ssl_nginx:/ssl_nginx -e REGISTRY_HTTP_TLS_CERTIFICATE=/ssl_nginx/1_docker.m5c.top_bundle.crt -e REGISTRY_HTTP_TLS_KEY=/ssl_nginx/2_docker.m5c.top.key --restart=always --name registry registry:2
如果没有安装nginx的读者,可运行这条命令:
```
docker run -d \
-p 443:443 \
-v /usr/local/registry:/var/lib/registry \
-v /usr/local/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
–restart=always \
–name registry \
registry:2
可以浏览器访问:https://docker.m5c.top/v2/_catalog
接下来,我们实验一下在另外一台主机,重复上述步骤,依然可以成功;
* **异常处理**
服务器时间不一致异常
[root@localhost ~]# docker login docker.m5c.top
Username: Docker
Password:
Error response from daemon: Get https://docker.m5c.top/v2/: x509: certificate has expired or is not yet valid
此异常时服务器时间不同步导致的;使用 ntpdate cn.pool.ntp.org 同步时间
* **其它服务器测试**
[root@localhost ~]# docker login https://docker.m5c.top
[root@localhost ~]# docker tag xiajing/mynginx:v2 docker.m5c.top/mynginx:v1.0
[root@localhost ~]# docker push docker.m5c.top/mynginx:v1.0
The push refers to repository [docker.m5c.top/mynginx]
7ed5b7f8d9f7: Layer already exists
1acb874f057c: Layer already exists
9e607bb861a7: Layer already exists
v1.0: digest: sha256:64bae4b0ef2a7d75b91d613bf8a06c36a8dc9716117676ad559d7f788992b499 size: 949
[root@localhost ~]#
[root@localhost ~]# docker pull docker.m5c.top/mynginx:v1.0
v1.0: Pulling from mynginx
Digest: sha256:64bae4b0ef2a7d75b91d613bf8a06c36a8dc9716117676ad559d7f788992b499
Status: Downloaded newer image for docker.m5c.top/ mynginx:v1.0
docker.m5c.top/mynginx:v1.0
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 540a289bab6c 6 days ago 126MB
centos latest 0f3e07c0138f 3 weeks ago 220MB
docker.m5c.top/zhrtcentos latest 0f3e07c0138f 3 weeks ago 220MB
xiajing/mynginx v2 93eb1231cfcd 6 weeks ago 331MB
docker.m5c.top/mynginx v1.0 93eb1231cfcd 6 weeks ago 331MB
xiajing/mynginx v1 76bfcefe5613 6 weeks ago 331MB
[root@localhost ~]#