1. Docker image operation
1. Display Mirroring
docker images
Show all images (including intermediate layers)
docker images -a
show image ID
docker images -q
combination
docker images -qa
Display summary information about an image
docker images --digests
Show full image information
docker images --no-trunc
2. Search mirror
docker search XX
3. Download mirror
docker pull XX
Download the specified version
docker pull XX:版本
4. Delete the image
docker rmi 镜像名称:版本
force delete
docker rmi -f 镜像名称:版本
Delete multiple spaces separated by spaces
docker rmi -f 镜像名称:版本 镜像名称:版本
clear all
docker rmi -f $(docker images -qa)
2. Docker container operation
1. Create and start the container
--name=“new container name”: specify a name for the container:
-i: run the container in interactive mode, usually used with -t
-t: reassign a pseudo-input terminal for the container, usually Used with -i
-d: run the container in the background and return the container ID;
-P: random port mapping, the internal port of the container is randomly mapped to the port of the host
-p: specified port mapping, the format is: host (host) port: container port
docker run -it -p 8888:8080 tomcat
random port
docker run -it -P tomcat
docker run -it --name (alias) image ID to run a container, take an alias, run in interactive mode, and assign a pseudo-terminal
daemon:
docker run -di --name(别名) 镜像ID
Commonly used:
docker run -it --name 别名 -d -p 8888:8080 镜像ID
Map command:
docker run --name 容器名称 -d -p (服务器端口):(Docker端口) image-name
docker run --name tomcattest7 -d -p 8888:8080 镜像ID
2. List containers
List running containers
docker ps
show all containers
docker ps -a
View stopped containers
docker ps -f status=exited
3. Exit the container
The container stops exiting
exit
Container does not stop exiting
Ctrl+P+Q
4. Enter the container
docker attach 容器ID or 容器名
5. Start the container
docker start 容器ID or 容器名
6. Restart the container
docker restart 容器ID or 容器名
7. Stop the container
docker stop容器ID or 容器名
Kill the process directly
docker kill 容器ID or 容器名
8. Delete the container
docker rm 容器ID or 容器名
force delete
docker rm -f 容器ID or 容器名
Delete multiple spaces separated by spaces
docker rm -f 容器ID or 容器名 容器ID or 容器名
clear all
docker rm -f $(docker ps -qa)
9. Enter the running container
docker exec -it 容器名称 或者 容器ID
docker exec -it edbef195b590
docker exec -it edbef195b590 /bin/bash
10. The webapps directory is empty when tomcat starts and cannot be accessed externally . There are things we need under webapps.dist
. Enter the container directory
docker exec -it 容器ID /bin/bash
Modify webapps to webapps2
mv webapps webapps2
Modify webapps.dist to webapps
mv webapps.dist webapps
11. Submit the runtime container as a mirror image
docker commit -a='作者' -m='备注' 运行时容器ID 新镜像名称:TAG(版本)
12. Push the image to the hub server
Step 1:
https://hub.docker.com/ Register to get the docker id and password
kaylove/abcd1234
Step 2:
We use docker login to log in to the hub server
Step 3:
docker push push
docker push 本地镜像名称:TAG(版本)
13. Push to Aliyun
Step 1:
Enter: https://cr.console.aliyun.com Aliyun mirror console, the mirror console password is set separately;
Step 2:
Enter the console, we first create a namespace, and then create Mirror image;
Create a personal instance
Create a namespace
Create a mirror warehouse
docker Command operation
1) Log in to Alibaba Cloud Docker Registry
sudo docker login [email protected] registry.cn-shenzhen.ali
yuncs.com
The user name used to log in is the full name of the Alibaba Cloud account, and the password is the password set when the service is activated.
You can modify the credential password on the Access Credentials page.
2) Pull the image from Registry
sudo docker pull registry.cn-shenzhen.aliyuncs.com/kayluo/tomcat:[镜像版本号]
3) Push the image to Registry
sudo docker login --username=kay.5****@qq.com registry.cn-shenzhen.aliyuncs.com
sudo docker tag [ImageId] registry.cn-shenzhen.aliyuncs.com/kayluo/tomcat:[镜像版本号]
sudo docker push registry.cn-shenzhen.aliyuncs.com/kayluo/tomcat:[镜像版本号]
--Please replace the [ImageId] and [Image Version Number] parameters in the example according to the actual image information.
14. View the container log
Enter the directory: /var/lib/docker/containers/
. The end of the log is the log
3. Docker container directory mount
1. Grammar
docker run -it -v /宿主机目录:/容器目录 镜像ID
docker run -it -v /home/testData:/cData 2173a72bba6b
docker run --name tomcattest7 -d -p 8888:8080 -v /home/testData:/cData 镜像ID
2. Mount multiple directories
docker run -it -v /宿主机目录:/容器目录 -v /宿主机目录2:/容器目录2 镜像名
Note:
If you are synchronizing a multi-level directory, there may be a prompt of insufficient permissions;
this is because the security module selinux in Centos7 has banned permissions, we need to add --privileged=true to solve the problem that the mounted directory does not have permissions The problem;
docker run --name tomcattest7 -d -p 8888:8080 -v /home/testData:/cData 镜像ID --privileged=true
3. Mount the read-only directory
docker run -it -v /宿主机目录:/容器目录:ro 镜像ID
docker run --name tomcattest7 -d -p 8888:8080 -v /home/testData:/cData:ro 镜像ID
Four, Docker common software installation
1. Tomcat installation and mounting
Step 1: Run the container docker run -it --name alias -d -p 8888:8080 image ID
docker exec -it 容器ID /bin/bash
mv webapps webapps2
mv webapps.dist webapps
exit
Step 2: Create a new tomcat directory under the home directory of the host, copy the conf and webapps in the container to the host
docker cp 容器id:/usr/local/tomcat/conf /home/tomcat/conf/
docker cp 容器id:/usr/local/tomcat/webapps /home/tomcat/webapps/
Step 3: Mount the webapp, logs, and conf in the tomcat in the container to the tomcat directory of the host machine, which is convenient for uploading code, synchronizing persistent logs, and configuring tomcat; turn off the container, and start the container:
docker run -d --name 别名 -p 80:8080 -v /home/tomcat/conf/:/usr/local/tomcat/conf/ -v /home/tomcat/webapps/:/usr/local/tomcat/webapps/ -v /home/tomcat/logs/:/usr/local/tomcat/logs/ 镜像名称
Step 4: Configure tomcat server.xml and upload the war package synchronously
under the <Host node
<Context path="" docBase="/usr/local/tomcat/webapps/WebTest" debug="0" reloadable="true" / > 2. Installation and mounting of mysql5.7
Step 1: Run the container
Step 2: Create a new mysql directory under the home directory in the host, copy the conf and webapps in the container to the host
docker cp 容器id:/etc/mysql/conf.d /home/mysql/
docker cp 容器id:/var/log /home/mysql/
docker cp 容器id:/var/lib/mysql /home/mysql/
Turn off the container and start it again with the mount
Step 3: Mount the webapp, logs, and conf in the mysql container in the container to the tomcat directory of the host machine, which is convenient for uploading code, synchronizing persistent logs, and conveniently configuring tomcat
docker run --name 别名 -itd -p 3306:3306 -v /home/mysql/conf/:/etc/mysql/conf.d/ -v /home/mysql/log/:/var/log -v /home/mysql/mysql/:/var/lib/mysql/ -e MYSQL_ROOT_PASSWORD=123456 镜像ID
Step 4: Use sqlyog to connect to the database in the docker, and import the sql script.
Note: the database connection address in the running project must write the virtual IP address where the mysql container in the docker is located; the communication IP between the containers;
view the container meta information:
docker inspect 容器ID
Find IPAddress: the corresponding address
Five, Docker migration and backup
When we develop, we often customize the image, and then submit the image as a commit to the local warehouse, but when we publish it to the client server, we can use the above mentioned to get the official hub or Alibaba Cloud, but some confidential projects are Public network storage is prohibited, so we can only achieve it through docker image backup and migration;
backup image:
docker save -o 备份镜像的名称 源镜像名称:tag版本
docker save -o mytomcat7.1.tar tomcat7:7.1
The backup is in the current path
to restore the image:
docker load -i 镜像文件
docker load -i mytomcat7.1.tar
6. Docker File
1). Introduction
Dockerfile is a script composed of a series of commands and parameters. These commands are applied to the base image of the operating system (centos or Ubuntu) and finally create a new image; we mentioned earlier to modify the
configuration file manually. , or adding or deleting file directories to build a new image; this manual method is cumbersome, error-prone, and cannot be reused; here we talk about Dockerfile, using scripts
to build automation, reusability, and high efficiency The method of creating mirror images is the preferred method for enterprise-level development;
in the software system development life cycle, Dockerfile is used to build mirror images;
1. For developers: it can provide a completely consistent development environment for the development team;
2. For testers : You can directly take the image built during development or build a new image through the Dockerfile file to start working;
3. For operation and maintenance personnel: During deployment, seamless migration of applications can be achieved.
2). The common command of Dockerfile
FROM image_name:tag defines which base image is used to start the build process
MAINTAINER user_info declares mirror maintainer information
LABEL key value Image description meta information (multiple items can be written)
ENV key value Set environment variables (multiple entries can be written)
RUN command The command that needs to be run when building the container (multiple entries can be written)
WORKDIR path_dir Set the default working directory of the terminal login
EXPOSE port The port exposed by the current container
ADD source_dir/file dest_dir/file Copy the host's file into the container. If it is a compressed file, it will be automatically decompressed after copying. source_dir: the current directory,
usually the directory where the dockerFile file is placed file dest_dir: the directory file
to be generated
:file name
COPY source_dir/file dest_dir/file is similar to ADD, but if there is a compressed file, it cannot be decompressed
VOLUME creates a mount point that can be mounted from the local host or other containers, generally used to store databases and data that needs to be kept, etc.
CMD specifies the command to run when the container starts. If there are multiple CMDs, the last one will take effect. In
exec mode and shell mode,
CMD specifies the command to run when the container starts. If there are multiple CMDs, the last one will take effect.
Syntax format:
CMD <command> 或
CMD ["<executeable>","<param1>","<param2>",...]
CMD ["<param1>","<param2>",...]
ENTRYPOINT Specifies the command to run when the container starts ONBUILD The command to run when building an inherited DockerFile, the onbuild of the parent image is triggered after the parent image is inherited by the child image. You can understand ONBUILD as a trigger.
When writing Dockerfile, other commands are for its own image service, only ONBUILD is for sub-image service;
simple example: parent image Dockerfile:
FROM centos
ONBUILD RUN yum -y install vim
CMD /bin/bash
Submirrors are simpler:
FROM parent
Just one sentence;
when building a sub-mirror, the ONBUILD of the parent mirror will be triggered, and the sub-mirror will directly install vim; in
practical applications, generally ONBUILD executes some things that the parent mirror cannot execute temporarily, such as some COPY, ADD, you can To start some services, the parent image is used as a template, which only provides basic support, and then the specific implementation is the sub-image operation.
3).Dockerfile Build custom centos
Write Dockerfile: the file name is myCentosDockerfile without suffix
FROM centos
MAINTAINER kaytest
LABEL name="kaytest CentOS Image" \
build-date="20191112"
ENV WORKPATH /home/
WORKDIR $WORKPATH
RUN yum -y install net-tools
RUN yum -y install vim
EXPOSE 80
CMD /bin/bash
Build:
Enter the linux cd /home/ directory to create a dockerfile folder, put the dockerFile file just written into it,
enter the dockerfile directory cd /home/dockerfile/
docker build -f DockerfileName -t 镜像名:TAG .
docker build -f myCentosDockerFile -t kaytestcentos:1.0 .
Note: The image name must be in lowercase, you can use /. At the end, you need to add a space and end with an English period.
Run: docker run -it mirror ID
view mirror history docker history mirror ID
4).Dockerfile build custom tomcat
write Dockerfile: file name is myTomcatDockerfile do not add suffix
FROM centos
MAINTAINER kaytomcattest
LABEL name="kay Tomcat Image" \
build-date="20191115"
COPY copyright.txt /home/copyright.txt
ADD server-jre-8u151-linux-x64.tar.gz /home/
ADD apache-tomcat-8.5.37.tar.gz /home/
ENV WORKPATH /home/apache-tomcat-8.5.37/
WORKDIR $WORKPATH
ENV JAVA_HOME /home/jdk1.8.0_151
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /home/apache-tomcat-8.5.37/
ENV CATALINA_BASE /home/apache-tomcat-8.5.37/
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
EXPOSE 8080
CMD ["/home/apache-tomcat-8.5.37/bin/catalina.sh","run"]
Build:
Enter the linux cd /home/ directory to create a dockerfile folder, put the dockerFile file just written in it, put the copyright.txt file in it, put the server-jre-8u151-linux-x64.tar.gz file in it, Put the apache-tomcat-8.5.37.tar.gz file in,
enter the dockerfile directory cd /home/dockerfile/
docker build -f DockerfileName -t 镜像名:TAG .
docker build -f myTomcatDockerFile -t kaytesttomcat:1.0 .
Note: The image name must be in lowercase, you can use /. At the end, you need to add a space and then end with an English period.
Run: Refer to Mount Run
5).Dockerfile build custom redis
Write Dockerfile: the file name is myRedisDockerfile without adding a suffix
#
# Dockerfile for Redis-4.0.2
#
FROM centos:7
MAINTAINER kaytest
RUN yum clean all
RUN yum -y update
# Install libs
RUN yum install deltarpm rpm make tar gcc gcc-c++ epel-release -y
RUN mkdir -p /home/work/apps/
RUN mkdir -p /var/log/redis/
# Copy Redis tar.gz and auto uncompress
ADD redis-4.0.2.tar.gz /home/work/apps
ADD etc/redis.conf /etc/redis.conf
#COPY supervisord.conf /etc/supervisord.conf
VOLUME ["/home/work/apps/","/var/log/redis/"]
# Install redis
WORKDIR /home/work/apps/redis-4.0.2/
RUN make
RUN make && make install
#CMD ["/usr/bin/supervisord"]
CMD redis-server /etc/redis.conf
# Expose ports.
EXPOSE 6379
Construction:
Enter the linux cd /home/ directory to create a dockerfile folder, put the dockerFile file just written into it, put the etc folder in the past including the redis.conf file inside, and put redis-4.0.2.tar.gz in the past and
enter dockerfile directory cd /home/dockerfile/
docker build -f DockerfileName -t 镜像名:TAG .
docker build -f myTomcatDockerFile -t kaytestredis:1.0 .
Note: The image name must be in lowercase, you can use /. At the end, you need to add a space and then end with a period in English.
Run: Refer to Mount Run
6). Dockerfile realizes container volume through VOLUME,
which is similar to the previous -v command, and mounts the container directory and the host directory
VOLUME['/home/v1','/home/v2']
Note: The startup command -v host directory: container volume directory is used to mount the container volume directory.
However, when defining the Dockerfile, there is no guarantee that there is such a specific directory on all hosts,
so in the Dockerfile definition , you can only specify the container volume directory;
write Dockerfile: the file name is myCentosDockerfile without adding a suffix
FROM centos
VOLUME ["/home/v1","/home/v2"]
CMD /bin/bash
Build: Refer to the above
Run: Daemon run
docker run -di --name(别名) 镜像ID
Test:
After running, we enter the home directory of the container and find two container volume directories, v1 and v2;
docker exec -it 容器ID /bin/bash/
cd /home/
Then we use the docker inspect container ID to check the host directory corresponding to the container volume generated by default; under the Mounts node, the general directory is empty, corresponding to the /home/v1 directory of the container.
Through creating and modifying files, we found that synchronization can be achieved without any problems; in
my opinion, to realize container volumes, it is still necessary to use the -v startup command mentioned above, using the dockerfile method, which is more fucked, and the host directory cannot be customized; 7
) The difference and connection between .CMD and ENTRYPOINT 1.
The difference and connection between CMD and ENTRYPOINT in DockerFile CMD and
ENTRYPOINT are executed when the container starts; both support exec and shell methods; general usage is a single CMD, or first ENTRYPOINT, combined with the latter CMD;
if there are multiple CMDs, with command parameters when starting, it will overwrite the previous CMD command, and the last command will take effect, so when we usually use CMD, there is a situation where a single CMD command is Yes, the startup command does not take parameters;
we mainly learn the common usage; let's test it;
first look at the dockerfile of tomcat's official image;
Since there are multiple CMD commands, they will be overwritten, and only the last one will be executed; so we test the startup;
There is nothing wrong with starting without parameters like this, and tomcat can start normally;
But if we add parameters such as /bin/bash or ls -l
Then it will overwrite the CMD ["catalina.sh","run"] in the dockerfile, and tomcat will not execute it;
What is executed is the specific parameters brought during startup;
Let's look at the redis official dockerfile again;
This is the second common usage we are talking about. First create an ENTRYPOINT to execute the next execution command, and then follow it with CMD to splice the specific execution parameters; the
final execution is docker-entrypoint.sh redis-server;
after the above two cases , I believe everyone has a certain understanding of CMD, ENTRYPOINT;
let's take a look at the detailed syntax;
CMD syntax;
CMD ["executable","param1","param2"] (exec form, this is the preferred form)
CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
CMD command param1 param2 (shell form)
The first usage: run an executable file and provide parameters.
The second usage: specify parameters for ENTRYPOINT.
The third usage (shell form): the command is executed in the "/bin/sh -c" method.
ENTRYPOINT syntax;
ENTRYPOINT [“executable”, “param1”, “param2”] (exec 格式, 推荐)
ENTRYPOINT command param1 param2 (shell 格式)
We generally recommend using the exec format for official development; it is easy to use;
Let's take a look at the actual usage of CMD and ENTRYPOINT through some simple examples;
the first dockerfile
FROM centos
CMD echo "abc"
#CMD ["/bin/echo", "defg"]
We can run the test to see the results, and remove the second CMD to see the results;
and run the command followed by the running parameters to see the results; we can understand that if there are multiple CMDs, only the last one will take effect;
The second dockerfile
FROM centos
ENTRYPOINT ["ls"]
CMD ["-l"]
For this dockerfile, we use ENTRYPOINT to execute an ls command and then add parameters to CMD,
which is equivalent to the default parameter of CMD. If we need to change the parameters when starting, we can directly replace them;
Seven, Docker private warehouse
1. Introduction
Docker’s private warehouse is mainly used to store images within the enterprise. Compared with official warehouses and Alibaba Cloud warehouses, it has a higher level of confidentiality and security; 2. The first step in warehouse construction: pull the
private
warehouse image (private warehouse program itself is a mirror image)
docker pull registry
Step 2: Start the private warehouse container
docker run -di --name=myRegistry -p 5000:5000 registry
Step Three: Test
http://192.168.1.112:5000/v2/_catalog
See this instruction to start OK. Because there is no image in the warehouse, it is empty;
the fourth step:
sudo vi /etc/docker/daemon.json 修改daemon.json,让docker信任私有仓库地址
"insecure-registries": ["192.168.1.112:5000"]
Step 5: Restart docker after modifying the configuration;
systemctl restart docker
3. Private warehouse test
Step 1: mark this mirror as a mirror of a private warehouse
docker tag 镜像名:TAG 192.168.1.112:5000/仓库镜像名
docker tag tomcat:7 192.168.1.112:5000/mytomcat7
Step 2: Upload the image to the private warehouse
docker push 192.168.1.112:5000/mytomcat7
At this time, there is already this image in the private warehouse;
the third step: delete the 192.168.1.112:5000/mytomcat7 local warehouse image
docker rmi -f 192.168.1.112:5000/mytomcat7
Step 4: Pull the 192.168.1.112:5000/mytomcat7 image from the private warehouse and run it;
docker run -itd -p 8080:8080 192.168.1.112:5000/mytomcat7
Step 5: Browser runs http://192.168.1.112:8080 test
8. Docker shipyard container (stop updating)
1. Pull the shipyard related image
docker pull shipyard/shipyard
docker pull swarm
docker pull shipyard/docker-proxy
docker pull alpine
docker pull microbox/etcd
docker pull rethinkdb
2. Build the shipyard container
docker run -ti -d --restart=always --name shipyard-rethinkdb rethinkdb
docker run -ti -d -p 4001:4001 -p 7001:7001 --restart=always --name shipyard-discovery microbox/etcd:latest -name discovery
docker run -ti
-d -p 2375:2375 --hostname=$HOSTNAME
--restart=always --name shipyard-proxy
-v /var/run/docker.sock:/var/run/docker.sock
-e PORT=2375 shipyard/docker-proxy:latest
docker run -ti -d --restart=always --name shipyard-swarm-manager
swarm:latest manage --host tcp://0.0.0.0:3375 etcd://<IP-OF-HOST>:4001
docker run -ti -d --restart=always --name shipyard-swarm-agent
swarm:latest join --addr <ip-of-host>:2375 etcd://<ip-of-host>:4001
docker run -ti -d --restart=always --name shipyard-controller --link
shipyard-rethinkdb:rethinkdb --link shipyard-swarm-manager:swarm -
p 8888:8080 dockerclub/shipyard:latest server -d tcp://swarm:3375
注:替换 <IP-OF-HOST >为实际宿主机地址
访问shipyard<ip-of-host>:8080
默认用户名:admin 密码:shipyard
Install docker-compose
yum install docker-compose
Execute docker-compose
to enter the same directory as docker-compose.yml
docker-compose up -d
Nine, Docker portainer visualization official recommendation
1.
docker volume create portainer_data
2.
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
3.
http://localhost:9000
4. Set the admin user password, you need to enter the same password twice
10. Docker operates commands on all images/containers (use with caution)
Start all container commands in docker
docker start $(docker ps -a | awk '{ print $1}' | tail -n +2)
Close all container commands in docker
docker stop $(docker ps -a | awk '{ print $1}' | tail -n +2)
Delete all container commands in docker
docker rm $(docker ps -a | awk '{ print $1}' | tail -n +2)
Delete all images in docker
docker rmi $(docker images | awk '{print $3}' |tail -n +2)