docker image
Docker image is an extremely simplified version of the Linux program running environment. The java image on the official website includes fewer things, unless it is an image overlay method such as centos+java7
Docker image is an installation package that needs to be customized to build, including the base image + application binary deployment package
It is not recommended to have configuration files that need to be modified during runtime in the docker image
Dockerfile is used to create a custom image that contains user-specified software dependencies, etc. The current directory contains Dockerfile, use the command build to create a new image
One of the best practices for docker images is to reuse and use the base images publicly available on the Internet as much as possible
Add a domestic image to docker to speed up the download of the image:
Modify the configuration file /etc/docker/daemon.json, and create it if it does not exist:
[root@docker ~]# cat /etc/docker/daemon.json { "dns": ["192.168.101.2","8.8.8.8"], "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"] }
Then restart docker:
# systemctl restart docker
Some commands about image:
Search mirrors:
# docker search nginx
nginx is the image name (image names such as centos, nginx, redis)
Pull the image:
# docker pull nginx
List local mirrors:
# docker images(docker images --help)
Delete mirror:
# docker rmi nginx (docker rmi image_name/image_id)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@aliyun ~]
# docker image ls -q
4760dc956b2d
2d743d41a4ba
57601981c989
5cb13972bd2b
5d4d51c57ea8
006de56999d1
5fbc887a9773
ffcdd49c4f06
fed968450a87
9d95756f4947
a92c139758db
9b179c4d385e
ff426288ea90
3f8a4339aadd
6704d778b3ba
|
# docker save -o centos. tar hundreds
# docker load --input centos.tar
Docker container:
Docker container是image的实例,共享内核
Docker container里可以运行不同os的image,比如Ubuntu的或者centos
Docker container不建议内部开启一个sshd服务,1.3版本后新增了docker exec命令进入容器进行排查问题
Docker container没有ip地址,通常不会有服务端口暴露,是一个封闭的沙盒
Docker daemon:
Docker daemon是创建和运行container的Linux守护进程,也是Docker 最主要的核心组件
Docker daemon可以理解为Docker container的container
Docker daemon可以绑定本地端口并提供REST API服务,用来远程访问和控制
Docker container的一些命令操作:
查看容器:
# docker ps
查看所有的容器:
# docker ps -a
启动一个容器:
# docker run --help Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container # docker run 启动一个容器并执行命令(容器是本机host的一个进程,如果进程没有后续操作,那么状态将是exited)
创建一个名称为mycentos的container,并执行/bin/bash:
# docker run --name mycentos centos /bin/bash
--name:表示容器的name,后面的centos表示使用的哪个镜像(镜像name)
/bin/bash:表示执行的command
# docker start mycentos
关闭容器:
# docker stop mycentos
删除容器:
# docker rm mycentos
上面的操作都可以使用容器的唯一标识(容器名称或者容器id)
-f:force强制删除
创建一个具有tty伪终端的容器:
# docker run -t --name mycentos centos /bin/bash
[root@92f0af59184d /]#
可以看见直接进入到了容器的终端,但是由于没有使用-i(交互功能,所以使用命令会卡住)
此时查看该容器状态:
查看本机host进程:
可以看出进程中包含的一长串字符就是该容器的uuid,由于进程没有关闭所以容器状态就是up
现在将容器关闭掉:
可以看见容器状态已经exited了
而相应的本机host的进程已经结束了
# docker ps -a -q|xargs docker rm
创建一个以后台模式运行的容器:
[root@docker ~]# docker run -d --name mycentos centos /bin/bash
f61a3e75ebb5f78d1f593e7c92bf2a997077abc38287991818749550367b8150
[root@docker ~]# docker run -d --name mycentos centos sh -c "while true;do echo hello world;sleep 2;done" 5ef7fa20faa1071ad1a6eff2241368b113cbf45e1b89c6a292907a4f1a3e4269
# docker stop mycentos
# docker start mycentos
-t与命令/bin/bash结合进入到了终端,但是却不能操作:
[root@docker ~]# docker run -t --name test saltstack/ubuntu-14.04 /bin/bash root@b588c6131109:/# ls
上述在终端不具有交互功能,于是加上-i:
[root@docker ~]# docker run -it --name mycentos centos /bin/bash [root@176f5440f328 /]# ls anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@176f5440f328 /]# exit
exit
[root@docker ~]# docker run -dt --name mycentos centos sh -c "while true;do echo hello world;sleep 2;done" 8179b8e95e31675986ccda57bb95650d6ea460105e23a67a4e692b7966354250
docker exec和nsenter的区别:
[root@docker ~]# docker exec --help Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] Run a command in a running container
现在创建一个一直运行的container:
[root@docker ~]# docker run -d --name mycentos centos sh -c "while true;do echo hello world;sleep 2;done" 292cf95a7853e70978657d7c05f7abd4bff27f1c4e73d97a32b4639d1c0165fc [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 292cf95a7853 centos "sh -c 'while true..." 3 seconds ago Up 3 seconds mycentos
docker exec表示在一个运行的container中执行命令
Options: -d, --detach Detached mode: run command in the background --detach-keys string Override the key sequence for detaching a container -e, --env list Set environment variables --help Print usage -i, --interactive Keep STDIN open even if not attached --privileged Give extended privileges to the command -t, --tty Allocate a pseudo-TTY -u, --user string Username or UID (format: <name|uid>[:<group|gid>])
执行某一个命令ls /
[root@docker ~]# docker exec -it 292cf95a7853 ls / anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
还可以标准输入命令:
[root@docker ~]# docker exec 292cf95a7853 echo hello hello
当docker exec执行如下可以进入到container中:
同等的nsenter命令也可以完全进入到container中:
如果没有这个命令需要进行安装:yum install util-linux
1、确定该container的pid:
[root@docker ~]# docker inspect -f {{.State.Pid}} 292cf95a7853 27515
2、使用nsenter连接:
[root@docker ~]# nsenter --target `docker inspect -f {{.State.Pid}} 292cf95a7853` --net --ipc --pid --mount --uts [root@292cf95a7853 /]# ls anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
nsenter是关于namespace命名空间的命令,能够是一些资源能够进行隔离