3 Common commands of Docker
3.1 Help commands
docker version #显示Docker的版本信息
docker info #显示Docker的系统信息,包括镜像和容器的数量
docker [ command ] --help #万能命令
The address of the help document: https://docs.docker.com/engine/reference/commandline/docker/
3.2 Mirror command
3.2.1 docker images
View all local images on this machine
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 11 months ago 13.3kB
#解释
REPOSITORY 镜像的仓库源
TAG 镜像的表情
IMAGE ID 镜像的ID号
CREATED 镜像的创建时间
SIZE 镜像的大小
name, shorthand | default | describe |
---|---|---|
–all,-a | Show all images (middle images hidden by default) | |
–digests | Show summary | |
–filter,-f | Filter output based on the provided conditions | |
–format | Print beautiful images using Go templates | |
–no-trunc | Do not truncate output | |
–quiet,-q | Show image ID only |
3.2.2 docker search
Search for images
$ docker search mysql
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 13053 [OK]
mariadb MariaDB Server is a high performing open sou… 4995 [OK]
#可选项,通过收藏进行过滤
--filte=STARS=3000 #搜索出来的镜像就是 STARS 大于3000的镜像
$ docker search --filter=STARS=3000 mysql
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 13053 [OK]
mariadb MariaDB Server is a high performing open sou… 4995 [OK]
3.2.3 docker pull
Download image
#下载镜像 docker pull 镜像名[:tag]
$ docker pull mysql
Using default tag: latest #如果不写Tag,默认就是 latest
latest: Pulling from library/mysql
72a69066d2fe: Pull complete #分层下载,docker image的核心,联合文件系统
93619dbc5b36: Pull complete
99da31dd6142: Pull complete
626033c43d70: Pull complete
37d5d7efb64e: Pull complete
ac563158d721: Pull complete
d2ba16033dad: Pull complete
688ba7d5c01a: Pull complete
00e060b6d11d: Pull complete
1c04857f594f: Pull complete
4d7cfa90e6ea: Pull complete
e0431212d27d: Pull complete
Digest: sha256:e9027fe4d91c0153429607251656806cc784e914937271037f7738bd5b8e7709 #签名
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest #真实的地址
$ docker pull mysql
#等价于
$ docker pull docker.io/library/mysql:latest
#指定镜像版本下载
$ docker pull mysql:5.7
5.7: Pulling from library/mysql
72a69066d2fe: Already exists
93619dbc5b36: Already exists
99da31dd6142: Already exists
626033c43d70: Already exists
37d5d7efb64e: Already exists
ac563158d721: Already exists
d2ba16033dad: Already exists
0ceb82207cd7: Pull complete
37f2405cae96: Pull complete
e2482e017e53: Pull complete
70deed891d42: Pull complete
Digest: sha256:f2ad209efe9c67104167fc609cca6973c8422939491c9345270175a300419f94
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7
#查看镜像
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 c20987f18b13 8 months ago 448MB
mysql latest 3218b38490ce 8 months ago 516MB
hello-world latest feb5d9fea6a5 11 months ago 13.3kB
3.2.4 docker rmi
Delete image
#删除指定的镜像
docker rmi <Image_ID>
#删除多个镜像
docker rmi <Image_ID> <Image_ID> <Image_ID> <Image_ID>
#删除全部的镜像
docker rmi -f $(docker images -aq)
3.3 Container commands
Note: We can only create containers if we have an image. For Linux, download a CentOS 7.9.2009 image to test and learn.
$ docker pull centos:7.9.2009
Create a new container and start it
$ docker run [可选参数] image
#参数说明
--name="Name" 容器名字 tomcat01 tomcat02,用来区分容器
-d 后台运行
-it 使用交互方式运行,进入容器查看内容
-p 指定容器的端口 -p 8080:8080
-p ip:主机端口:容器端口
-p 主机端口:容器端口(常用)
-p 容器端口
容器端口
-P 随机分配端口
#测试
$ docker run -it --name centos-node01 centos:7.9.2009 /bin/bash
#查看容器内的CentOS,基础环境,很多命令是不完善的
[root@094cce7271cd /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
#从容器中退回主机
[root@094cce7271cd /]# exit
exit
List all running containers
#docker ps 命令
#默认是列出当前正在运行的容器
-a #列出当前正在运行的容器+带出历史运行过的容器
-n=? #显示最近创建的容器
-q #只显示容器的编号
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
094cce7271cd centos:7.9.2009 "/bin/bash" 2 minutes ago Up 2 minutes centos-node01
495be2b73cf1 feb5d9fea6a5 "/hello" 24 hours ago Exited (0) 24 hours ago thirsty_faraday
Exit container
exit #直接容器停止并退出
Ctrl+P+Q #容器不停止退出
Delete container
#删除指定的容器,不能删除正在运行的容器,如果要强制删除 docker rm -f
docker rm 容器ID
#删除所有的容器
docker rm -f $(docker ps -aq)
docker ps -aq | xargs docker rm -f
Starting and stopping container operations
#启动容器
docker start 容器ID
#重启容器
docker restart 容器ID
#停止当前正在运行容器
docker stop 容器ID
#强制停止当前容器
docker kill 容器ID
3.4 Other commonly used commands
Start container in background
#命令 docker run -d 镜像名!
docker run -d centos:7.9.2009
#问题 docker ps ,发现 centos:7.9.2009 停止了
#常见的坑,docker 容器使用后台运行,就必须要有一个前台进程,docker发现没有应用,就会自动停止
#nginx,容器启动后,发现自己没有提供服务,就会立刻停止,就是没有程序了。
#测试
docker run -d -it --name centos-node02 centos:7.9.2009 /bin/bash
View log
$ docker logs -f -t --tail [指定条目数] 容器
#显示日志
-tf :显示日志(-f动态显示,-t时间戳显示)
--tail :要显示日志的条目数
#启动容器时指定相应的命令
$ docker run -itd \
--name centos-node03 \
--restart=always \
centos:7.9.2009 /bin/bash -c "while true;do echo hello,world;done;sleep 1"
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
707f6716e19c centos:7.9.2009 "/bin/bash -c 'while…" 38 seconds ago Up 37 seconds centos-node03
$ docker logs -f -t --tail 10 centos-node03
View process information in the container
#命令 docker top 容器ID
$ docker top centos-node03
UID PID PPID C STIME TTY TIME CMD
root 15876 15855 82 22:37 ? 00:03:18 /bin/bash -c while true;do echo hello,world;done;sleep 1
View container metadata
#命令
docker inspect 容器ID
#测试
$ docker inspect centos-node03
[
{
"Id": "707f6716e19ceea875cdd61dc2969b3542aed5523ffa78bb8f65c460050d08ed",
"Created": "2022-08-23T14:37:13.462762788Z",
"Path": "/bin/bash",
"Args": [
"-c",
"while true;do echo hello,world;done;sleep 1"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 15876,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-08-23T14:37:13.81511042Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9",
"ResolvConfPath": "/var/lib/docker/containers/707f6716e19ceea875cdd61dc2969b3542aed5523ffa78bb8f65c460050d08ed/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/707f6716e19ceea875cdd61dc2969b3542aed5523ffa78bb8f65c460050d08ed/hostname",
"HostsPath": "/var/lib/docker/containers/707f6716e19ceea875cdd61dc2969b3542aed5523ffa78bb8f65c460050d08ed/hosts",
"LogPath": "/var/lib/docker/containers/707f6716e19ceea875cdd61dc2969b3542aed5523ffa78bb8f65c460050d08ed/707f6716e19ceea875cdd61dc2969b3542aed5523ffa78bb8f65c460050d08ed-json.log",
"Name": "/centos-node03",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {
}
},
"NetworkMode": "default",
"PortBindings": {
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/72f30a5ccf50446ae62fd2722e318bea1a2dabc9eef978a37d60a7739350f8d8-init/diff:/var/lib/docker/overlay2/a37fa3541021205d4cc6fe5a51d6bda9a627c860fe9e0d6b23b317fd03e02dd8/diff",
"MergedDir": "/var/lib/docker/overlay2/72f30a5ccf50446ae62fd2722e318bea1a2dabc9eef978a37d60a7739350f8d8/merged",
"UpperDir": "/var/lib/docker/overlay2/72f30a5ccf50446ae62fd2722e318bea1a2dabc9eef978a37d60a7739350f8d8/diff",
"WorkDir": "/var/lib/docker/overlay2/72f30a5ccf50446ae62fd2722e318bea1a2dabc9eef978a37d60a7739350f8d8/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "707f6716e19c",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash",
"-c",
"while true;do echo hello,world;done;sleep 1"
],
"Image": "centos:7.9.2009",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201113",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS",
"org.opencontainers.image.created": "2020-11-13 00:00:00+00:00",
"org.opencontainers.image.licenses": "GPL-2.0-only",
"org.opencontainers.image.title": "CentOS Base Image",
"org.opencontainers.image.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7e286039cc7562f9fe6b6174ef9dae698a6dc049414cfc56d666ca471689a78d",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
},
"SandboxKey": "/var/run/docker/netns/7e286039cc75",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "4b0a08726af85c28a4a6181d335491dd61c0e0b5530248f6be9adfc8ed9f6f41",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:04",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ab0a6a7d99f1b549817749b69872806ed8989be4f03d330498f0f6becdd2b010",
"EndpointID": "4b0a08726af85c28a4a6181d335491dd61c0e0b5530248f6be9adfc8ed9f6f41",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:04",
"DriverOpts": null
}
}
}
}
]
Enter the currently running container
#通常容器都是使用后台方式运行的,需要进入容器,修改一些配置
#命令
docker attach 容器ID
docker exec -it 容器ID bashShell
#测试
$ docker exec -it centos-node03 /bin/bash
[root@707f6716e19c /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 85 14:37 pts/0 00:09:17 /bin/bash -c while true;do echo hello,world;done;sleep 1
root 7 0 0 14:47 pts/1 00:00:00 /bin/bash
root 21 7 0 14:48 pts/1 00:00:00 ps -ef
[root@707f6716e19c /]# exit
exit
#测试
$ docker attach centos-node03
hello,world
hello,world
hello,world
#正在执行当前的代码
#docker exec #进入容器后开启一个新的终端,可以在里面操作(常用)
#docker attach #进入容器正在执行的终端,不会启动新的进程
Copy files from the container to the host
docker cp 容器ID:容器内路径 宿主机路径
#宿主机创建一个文件
$ echo "hello,docker" > host.txt
#将宿主机的文件传到容器内
$ docker cp host.txt centos-node03:/tmp
$ docker exec -it centos-node03 cat /tmp/host.txt #容器内有该文件
hello,docker
#容器内创建文件
$ docker exec -it centos-node03 /bin/bash
[root@707f6716e19c /]# cd /tmp/
[root@707f6716e19c tmp]# echo "hello,dockerhost" > docker.txt
[root@707f6716e19c tmp]# exit
#容器内的文件传到宿主机中
$ docker cp centos-node03:/tmp/docker.txt /tmp
$ cat /tmp/docker.txt
hello,dockerhost
#拷贝是一个手动过程,未来我们使用 -v 卷的技术,可以实现
3.5 Summary
attach
Attach to a running container — Attach the specified running container under the current shell.build
Build an image from a Dockerfile — Customize the image through Dockerfilecommit
Create a new image from a container’s changes — Submit the current container as a new imagecp
Copy files/folders from the containers filesystem to the host past — Copy specified files or directories from the container to the hostcreate
Create a new container — Create a new container, same as run, but does not start the containerdiff
Inspect changes on a container’s filesystem — Inspect changes on a docker containerevents
Get real time events from the server — Get container real-time events from the docker serviceexec
Run a command in a running container — run a command in an existing containerexport
Stream the contents of a container as a tar archive — Export the contents stream of a container as a tar archive [corresponds to import]history
Show the history of an image — Show the history of an imageimages
List images — List the current images of the local systeminfo
Display system-wide information — Display system-wide informationinspect
Return low-level information on Docker objects — View container detailskill
Kill a runnning containers — kill specified docker containersload
Load an image from a tar archive — Load an image from a tar archive [corresponds to save ]login
Log in to a Docker registry — Register or log in to a docker source serverlogout
Log out from a Docker registry — Log out from the current Docker Registrylogs
Fetch the logs of a container — Output the current container log informationport
List port mappings or a specific mapping for the container — View the container’s internal source port corresponding to the mapped portpause
Pause all processes within one or more containers — Pause containersps
List containers — list containerspull
Pull an image or a repository from a registry — Pull the specified image or library image from the docker image source serverpush
Push an image or a repository to a registry — Push the specified image or library image to the docker image source serverrestart
Restart one or more containers — Restart running containersrm
Remove one or more containers — Remove one or more containersrmi
Remove one or more images — Remove one or more images [No container can use this image to output, otherwise you need to output related containers to continue or -f to force deletion]run
Run a command in a new container — Create a new container and run a commandsave
Save one or more images to a tar archive — Save an image as a tar package [corresponds to load ]search
Search the Docker Hub for images — Search the Docker Hub for imagesstart
Start one or more stopped containers — Start containersstop
Stop one or more running containers — Stop containerstats
Display a live stream of container(s) resource usage statistics — Display a live stream of container(s) resource usage statisticstag
Tag an image into a repository — tag an image in the sourcetop
Display the running processes of a container — View information about processes running in a containerunpause
Unpause a pause container — Unpause a containerversion
Show the Docker version information — View the Docker version numberwait
Block until one or more containers stop, then print their exit codes — intercept the exit status value when the container stops
There are many docker commands. The above are the most commonly used commands for containers and images.
3.6 Homework exercises
3.6.1 Deploy Nginx
#1.搜索nginx镜像 docker search 建议去dockerhub搜索,可以看到帮助文档
#2.下载镜像 docker pull
$ docker pull nginx:1.23.1-alpine
$ docker images nginx:1.23.1-alpine
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.23.1-alpine 804f9cebfdc5 13 days ago 23.5MB
#3.启动容器
#-d 后台运行
#--name 给容器命名
#-p 宿主机端口:容器内部端口
$ docker run -itd --name nginx01 -p 3344:80 --restart=always nginx:1.23.1-alpine
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d0edd598caa1 nginx:1.23.1-alpine "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 0.0.0.0:3344->80/tcp, :::3344->80/tcp nginx01
$ curl localhost:3344
$ docker port nginx01
80/tcp -> 0.0.0.0:3344
80/tcp -> :::3344
The concept of port exposure
Question to think about: Every time we change the Nginx configuration, do we need to enter the container? It is very troublesome. What if a mapping path can be provided outside the container so that if the file name is modified in the container, it can be automatically modified inside the container?
Solution: -v data volume
3.6.2 Deploy Tomcat
#官方的使用
$ docker run -it --rm tomcat:9.0
#之前的启动都是后台,停止了容器之后,容器还可以 docker ps 查到
#docker run -it --rm 一般用来测试,用完就删除容器
#下载在启动
$ docker pull tomcat:9.0
$ docker run -it -p 3355:8080 --name tomcat01 -d tomcat:9.0
#测试访问没有问题
#进入容器
$ docker exec -it tomcat01 /bin/bash
root@2cf8573ed4e2:/usr/local/tomcat# cp -av webapps.dist/* webapps/
root@2cf8573ed4e2:/usr/local/tomcat# exit
exit
#发现问题:
#1.Linux命令少了
#2.webapps目录下没有web文件。镜像的原因,默认是最小的镜像,所有不必要的都剔除掉。
#保证最小可运行的环境
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2cf8573ed4e2 tomcat:9.0 "catalina.sh run" 4 minutes ago Up 4 minutes 0.0.0.0:3355->8080/tcp, :::3355->8080/tcp tomcat01
$ docker port tomcat01
8080/tcp -> 0.0.0.0:3355
8080/tcp -> :::3355
Question to think about: We will deploy projects in the future. Will it be very troublesome if we have to enter the container every time? If only we could provide a mapping path outside the container, webapps, if we place the project outside, it would be automatically synchronized to the inside!
3.6.3 Department ES+Kibana
#ES has many exposed ports
#ES consumes a lot of memory
#ES data generally needs to be placed in a safe directory! mount
$ docker network create somenetwork
#启动 elasticsearch 容器
$ docker run -d --name elasticsearch \
--net somenetwork \
-p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" elasticsearch:7.17.5
#启动了 elasticsearch容器后,docker stats 查看CPU状态
$ docker stats --no-stream elasticsearch
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
90e93d93b0b0 elasticsearch 1.41% 1.226GiB / 3.682GiB 33.28% 2.38kB / 0B 0B / 1.02MB 45
#测试ES是否成功了,增加内存的设置
$ curl localhost:9200
{
"name" : "90e93d93b0b0",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "W4bf0m9_TU2e5TxRgifsqg",
"version" : {
"number" : "7.6.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
"build_date" : "2020-03-26T06:34:37.794943Z",
"build_snapshot" : false,
"lucene_version" : "8.4.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
#设置容器的内存限制,修改配置文件-e环境配置修改
$ docker run -d --name elasticsearch \
--net somenetwork \
-p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms256m -Xmx512m" elasticsearch:7.17.5
#再次查看 docker stats 容器资源状态
$ docker stats --no-stream elasticsearch
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
c4479d160c62 elasticsearch 1.52% 364.6MiB / 3.682GiB 9.67% 656B / 0B 0B / 849kB 46
$ curl localhost:9200
{
"name" : "c4479d160c62",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "xj_fi6P2Tc2DldYqSCz2dw",
"version" : {
"number" : "7.6.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
"build_date" : "2020-03-26T06:34:37.794943Z",
"build_snapshot" : false,
"lucene_version" : "8.4.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
#安装Kibana
$ mkdir -p /mydata/elasticsearch/kibana/config/
$ cat > /mydata/elasticsearch/kibana/config/kibana.yml <<EOF
#
# ** THIS IS AN AUTO-GENERATED FILE **
#
# Default Kibana configuration for docker target
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://10.0.0.101:9200" ]
monitoring.ui.container.elasticsearch.enabled: true
EOF
$ docker run -d \
--name kibana \
--net somenetwork \
-v /mydata/elasticsearch/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \
-p 5601:5601 kibana:7.17.5
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aa2b70cdab6f kibana:7.17.5 "/bin/tini -- /usr/l…" 2 minutes ago Up 2 minutes 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp kibana#安装Kibana
$ mkdir -p /mydata/elasticsearch/kibana/config/
$ cat > /mydata/elasticsearch/kibana/config/kibana.yml <<EOF
#
# ** THIS IS AN AUTO-GENERATED FILE **
#
# Default Kibana configuration for docker target
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://10.0.0.101:9200" ]
monitoring.ui.container.elasticsearch.enabled: true
EOF
$ docker run -d \
--name kibana \
--net somenetwork \
-v /mydata/elasticsearch/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \
-p 5601:5601 kibana:7.17.5
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aa2b70cdab6f kibana:7.17.5 "/bin/tini -- /usr/l…" 2 minutes ago Up 2 minutes 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp kibana
4 Docker images
4.1 What is Docker image
- What is a Docker image?
An image is a lightweight, executable independent software package that contains everything needed to run a certain software. We package the application and configuration dependencies to form a deliverable running environment (including code, runtime requirements libraries, environment variables and configuration files, etc.), this packaged running environment is the image mirror file.
Only through this image file can a Docker container instance be generated (similar to an object created by new in Java)
All future applications will be directly packaged into Docker images and can be run directly.
How to get a mirror?
- Download from remote repository
- Friends and classmates get copies
- Make your own image Dockerfile
- layered mirroring
Using pull as an example, during the download process you can see that the docker image seems to be downloaded layer by layer.
$ docker pull tomcat
4.2 Docker image loading principle
- UnionFS (Union File System)
UnionFS (Union File System): Union File System (UnionFS) is a hierarchical, lightweight and high-performance file system that supports 对文件系统的修改作为一次提交来一层一层的叠加
and can combine different Directories are mounted into the same virtual file system (Unite several directories into a single virtual filesystem). The Union file system is the basis of Docker images. 镜像可以通过分层来进行继承
, based on the basic image (no parent image), various specific application images can be produced.
特性:一次同时加载多个文件系统,但是从外面看起来,只能看到一个文件系统,联合加载会把各种文件系统叠加起来,这样最终的文件系统会包含所有底层的文件和目录。
Union File System: A layered, lightweight, and aggregable mirror foundation.
- Docker image loading principle
Docker image loading principle:
Docker 的镜像实际上是由一层一层的文件系统组成
, this level of file system UnionFS.
bootfs (boot file system) mainly includes bootloader (root loading) and kernel (Linux kernel). The bootloader mainly boots the loading kernel. When Linux first starts, it will load the bootfs file system (mainly booting the Linux kernel).在Docker 镜像的最底层时引导文件系统 bootfs
. This layer is the same as our typical Linux/Unix system, including the boot loader and kernel. When the boot loading is completed, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also uninstall bootfs.
rootfs (root file system), above bootfs, contains standard directories and files such as /dev, /proc, /bin, /etc, etc. in a typical Linux system. rootfs 就是各种不同的操作系统发行版
, such as Ubuntu, CentOS, etc.
Summarize:
- bootfs: When the system starts, the bootloader is required to load the kernel. Bootfs will uninstall it and give the memory trial rights to the kernel.
- rootfs: the standard directories and files of Linux systems, similar to a small castrated version of a virtual machine environment
- The system consists of three parts, bootfs + rootfs + application. Bootfs is very large, but it is common in Docker. Bootfs is not included in all images. The image is mainly composed of rootfs + application, so it is relatively small.
Usually the CentOS we install on virtual machines weighs several GB. Why is Docker only 200 MB here?
Answer: For a streamlined OS, the rootfs can be very small and only needs to include the most basic commands, tools and libraries. Because the underlying layer directly uses the Host's kernel, you only need to provide the rootfs yourself. It can be seen that for different Linux distributions, bootfs is basically the same, but rootfs will be different, so different distributions can share bootfs.
This is also the reason why virtual machines are on the minute level and containers are on the second level. The container is just an environment for running commands and applications, and the bottom layer calls the kernel of the host.
~ docker images centos:centos7.9.2009
REPOSITORY TAG IMAGE ID CREATED SIZE
centos centos7.9.2009 eeb6ee3f44bd 11 months ago 204MB
4.3 Hierarchical understanding
underlying image
We can download an image and observe the log output. We can see that it is downloading layer by layer!
- Why does Docker image adopt this layered structure?
One of the biggest benefits of Docker image layering is to share resources and facilitate copying and migration, just for复用
.
For example, if multiple images are built from the same base image, Docker Host only needs to save one base image on the disk; at the same time, it only needs to load one base image into the memory to serve all containers. And every layer of the image can be shared.
To view the image layering, you can use the docker image inspect command
~ docker image inspect redis
...省略部分输出...
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f",
"sha256:9b24afeb7c2f21e50a686ead025823cd2c6e9730c013ca77ad5f115c079b57cb",
"sha256:4b8e2801e0f956a4220c32e2c8b0a590e6f9bd2420ec65453685246b82766ea1",
"sha256:529cdb636f61e95ab91a62a51526a84fd7314d6aab0d414040796150b4522372",
"sha256:9975392591f2777d6bf4d9919ad1b2c9afa12f9a9b4d260f45025ec3cc9b18ed",
"sha256:8e5669d8329116b8444b9bbb1663dda568ede12d3dbcce950199b582f6e94952"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
understand:
All Docker images start from a base image layer. When modifications are made or new content is added, a new image layer will be created on top of the current image layer.
To give a simple example, if you create a new image based on Ubuntu Linux 16.04, this is the first layer of the new image; if you add a Python package to the image, you will need to add and modify it on top of the basic image layer. content and commit to create a second image layer; if you continue to add a security patch, a third image layer will be created.
The image currently contains 3 image layers, as shown in the figure below (this is just a very simple example for demonstration).
It is important to understand that while adding additional image layers, the image always remains a combination of all current images. A simple example is given below. Each image layer contains 3 files, and the image contains 6 files from the two image layers.
The mirror layer silver in the picture above is different from the road in the previous picture. The main purpose is to display documents.
The figure below shows a slightly complex three-layer image. From the outside, the entire image only has 6 files. This is because file 7 in the top layer is an updated version of file 5.
In this case, the files in the upper image layer overwrite the files in the lower image layer, so that the updated version of the file is added to the image as a new image layer. Docker implements the image layer stack through a storage engine (the new version adopts a snapshot mechanism) and ensures that multiple image layers are displayed as a unified file system.
The storage engines available on Linux are AUF5, Overlay2, Device Mapper, Btrfs and .zZFS. As the name suggests, each storage engine is based on the corresponding file system or block device technology in Linux, and each storage engine has its own unique performance characteristics.
Docker supports windowstilter, a storage engine on Windows, which implements layering and CoW[1] based on the NTFS file system.
The image below shows the same three-layer image as the system display. All mirroring layers are stacked and merged to provide a unified view to the outside world.
Features:
Docker images are read-only, and when the container starts, a new writable layer is loaded on top of the image!
This layer is what we usually call the container layer, and everything below the container is called the mirror layer!
Key points to understand
Docker 镜像层都是只读的,容器层是可写的。
When the container starts, a new writable layer is loaded on top of the image. This layer is usually called the "container layer", and everything below the "container layer" is called the mirror layer.
All changes to the container, whether adding, deleting, or modifying files, will only occur in the container. Only the container layer is writable, and all image layers below the container layer are read-only.
4.4 How to submit an own image
4.4.1 commit image
docker commit 提交容器成为一个新的版本
#命令和Git的原理类似
docker commit -m "提交的描述信息" -a "作者" 容器ID 目标镜像名:[TAG]
example:
#启动一个默认的Tomcat
$ docker run -it -d -p 8080:8080 --name tomcat01 tomcat
#发现这个默认的Tomcat新版本是没有webapps应用,是由于镜像的原因:官方的新镜像默认Tomcat下的webapps目录下是没有文件的
$ docker exec -it tomcat01 /bin/bash
#将webapps.dist目录下的文件拷贝到webapps中
root@82b9be0838cd:/usr/local/tomcat# cp -av webapps.dist/ webapps
root@82b9be0838cd:/usr/local/tomcat# cd webapps
root@82b9be0838cd:/usr/local/tomcat/webapps# ls
ROOT docs examples host-manager manager
root@82b9be0838cd:/usr/local/tomcat/webapps# exit
exit
$ curl localhost:8080
#将操作过的容器通过 commit 提交为一个镜像
$ docker commit \
-a "zhongzhiwei <[email protected]>" \
-m "拷贝webapps.dist目录下的内容到webapps" \
tomcat01 kube-tomcat:1.0
#查看提交的镜像
$ docker images kube-tomcat:1.0
REPOSITORY TAG IMAGE ID CREATED SIZE
kube-tomcat 1.0 0cf24bc18be1 4 seconds ago 684MB
$ docker history kube-tomcat:1.0
IMAGE CREATED CREATED BY SIZE COMMENT
0cf24bc18be1 3 minutes ago catalina.sh run 4.43MB 拷贝webapps.dist目录下的内容到webapps
fb5657adc892 8 months ago /bin/sh -c #(nop) CMD ["catalina.sh" "run"] 0B
<missing> 8 months ago /bin/sh -c #(nop) EXPOSE 8080 0B
<missing> 8 months ago /bin/sh -c set -eux; nativeLines="$(catalin… 0B
<missing> 8 months ago /bin/sh -c set -eux; savedAptMark="$(apt-m… 20.2MB
<missing> 8 months ago /bin/sh -c #(nop) ENV TOMCAT_SHA512=c2d2ad5… 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV TOMCAT_VERSION=10.0.14 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV TOMCAT_MAJOR=10 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV GPG_KEYS=A9C5DF4D22E9… 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV LD_LIBRARY_PATH=/usr/… 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV TOMCAT_NATIVE_LIBDIR=… 0B
<missing> 8 months ago /bin/sh -c #(nop) WORKDIR /usr/local/tomcat 0B
<missing> 8 months ago /bin/sh -c mkdir -p "$CATALINA_HOME" 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV PATH=/usr/local/tomca… 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV CATALINA_HOME=/usr/lo… 0B
<missing> 8 months ago /bin/sh -c #(nop) CMD ["jshell"] 0B
<missing> 8 months ago /bin/sh -c set -eux; arch="$(dpkg --print-… 343MB
<missing> 8 months ago /bin/sh -c #(nop) ENV JAVA_VERSION=11.0.13 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV LANG=C.UTF-8 0B
<missing> 8 months ago /bin/sh -c #(nop) ENV PATH=/usr/local/openj… 0B
<missing> 8 months ago /bin/sh -c {
echo '#/bin/sh'; echo 'echo "$J' 27B
<missing> 8 months ago /bin/sh -c #(nop) ENV JAVA_HOME=/usr/local/… 0B
<missing> 8 months ago /bin/sh -c set -eux; apt-get update; apt-g… 11.3MB
<missing> 8 months ago /bin/sh -c apt-get update && apt-get install… 152MB
<missing> 8 months ago /bin/sh -c set -ex; if ! command -v gpg > /… 18.9MB
<missing> 8 months ago /bin/sh -c set -eux; apt-get update; apt-g… 10.7MB
<missing> 8 months ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 8 months ago /bin/sh -c #(nop) ADD file:c03517c5ddbed4053… 124MB
#使用我们修改提交的新镜像,那么就会发现在 webapps 目录下有相应的文件
$ docker run -it -p 8085:8080 --name mytomcat01 -d kube-tomcat:1.0
$ docker exec -it mytomcat01 /bin/bash
root@6b8f51a773ee:/usr/local/tomcat# ls webapps
ROOT docs examples host-manager manager
root@6b8f51a773ee:/usr/local/tomcat# exit
exit
$ curl localhost:8085
Description of learning methods: Understanding concepts can be vague, but you must practice them, and finally combine practice with theory.
If you want to save the status of the current container, you can submit the image through commit and obtain an image. Similar to the snapshot function of a virtual machine.