Docker-day02
[TOC]
2. Docker端口映射
#1. 端口映射
-p #端口映射
例子: -p80:81 -p宿主机端口:容器内部端口
[root@docker01 ~]# docker pull nginx:1.18.0
1.18.0: Pulling from library/nginx
afb6ec6fdc1c: Pull complete
........................
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.18.0 741d47c34fe0 2 weeks ago 132MB
[root@docker01 ~]# docker run --name nginx01 -d -p81:80 nginx:1.18.0
1732bbfe4b8f6c59bc43718826f9836acb3dfe062ef774fcb1c6479557741df7
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1732bbfe4b8f nginx:1.18.0 "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 0.0.0.0:81->80/tcp nginx01
[root@docker01 ~]# netstat -lnt
tcp6 0 0 :::81 :::* LISTEN 2000/docker-proxy
#访问页面成功
3. Docker挂载数据卷
#baidu的首页
[root@docker01 ~]# mkdir html
[root@docker01 ~]# cd html
[root@docker01 html]# wget www.baidu.com -O index.html &>/dev/null && ll
-rw-r--r-- 1 root root 2381 Jun 3 09:10 index.html
#运行容器进行挂载
-v宿主机的目录:容器的目录
[root@docker01 html]# docker run --name nginx02 -d -p82:80 -v/root/html:/usr/share/nginx/html qls123/nginx:v1.18.0
07565a8670008b66beb4d11359fc6d7dacce0d83a1db4506b0ca38fdd656e1d7
[root@docker01 html]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07565a867000 qls123/nginx:v1.18.0 "nginx -g 'daemon of…" 4 seconds ago Up 4 seconds 0.0.0.0:82->80/tcp nginx02
#访问页面测试成功
10.0.0.181:82
#查看挂载信息
[root@docker01 html]# docker inspect 07565a867000 | grep /usr/share
"/root/html:/usr/share/nginx/html"
"Destination": "/usr/share/nginx/html"
4. Docker容器传递环境变量
[root@docker01 html]# docker run --rm -e TEST=hello qls123/nginx:v1.18.0 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=16526ff23fff
TEST=helle
NGINX_VERSION=1.18.0
NJS_VERSION=0.4.0
PKG_RELEASE=1~buster
HOME=/root
-e #传递环境变量
5. Docker容器内安装软件
[root@docker01 html]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07565a867000 qls123/nginx:v1.18.0 "nginx -g 'daemon of…" 13 minutes ago Up 13 minutes 0.0.0.0:82->80/tcp nginx02
[root@docker01 html]# docker exec -ti nginx02 /bin/bash
root@07565a867000:/# tee /etc/apt/sources.list << EOF
> deb http://mirrors.163.com/debian/ jessie main non-free contrib
> deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
> EOF
deb http://mirrors.163.com/debian/ jessie main non-free contrib
deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
root@07565a867000:/# apt-get update && apt-get install curl inetutils-ping -y
[root@docker01 html]# docker commit -p 07565a867000 gcc123/nginx:1.18.0-curl
sha256:eb440e3971002b51aa6465eddb565c933ef238ed2715e9e8c4d6ebefd4793ba7
[root@docker01 html]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gcc123/nginx 1.18.0-curl eb440e397100 8 seconds ago 153MB
nginx 1.18.0 741d47c34fe0 2 weeks ago 132MB
[root@docker01 html]# docker push gcc123/nginx:1.18.0-curl
The push refers to repository [docker.io/qls123/nginx]
17cf1ea49bfe: Pushed
3c445cf708a5: Mounted from library/nginx
3e1e3bb78a57: Mounted from library/nginx
91776dace4ca: Mounted from library/nginx
ffc9b21953f4: Mounted from library/nginx
1.18.0-curl: digest: sha256:3ce416551486669167f4e9e02e9c297f209c94c4c3c1cc952ee0cc89f8a12f80 size: 1367
6. Docker容器的生命周期
1. 检查本地是否存在镜像,如果没有则从远程官方仓库查询下载
2. 利用镜像启动容器
3. 分配一个文件系统,并在只读的镜像层外挂载一层可读可写层 这个就是容器
4. 从宿主机配置的网桥接口中桥接一个虚拟接口到容器
5. 从地址池配置一个IP地址给容器
6. 执行用户指定的命令
7. 执行完毕后容器终止
#了解更多的docker指令
[root@docker01 html]# docker --help
7. Dockerfile应用
如何自定义一个镜像
docker commit
黑箱操作: 不知道别人在里面做了写什么,维护非常困难 不建议通过commit方式来创建镜像
简单,方便
Dockerfile制作镜像
就是一个文本文件 文件名只能是dockerfile 里面其实就是一组组命令
docker build 进行构建镜像
Dockerfile的规则:
1. 格式
#注释
指令大写,内容小写 大小写是没有太多的强制要求, 我们强烈要求使用指令大写,内容小写
2. Dockerfile是按照顺序执行里面的指令的 从上到下依次执行
3. 每一个dockerfile的第一个非注释指令,必须是“FROM” 用户为镜像文件创建的过程中,指定的基础镜像
4. 在实践中,基础镜像可以是任何可用的镜像文件,默认情况下,docker build会在本地查找dockerfile上面指定的镜像,当本地不存在这个镜像时,则会从官方远程仓库拉取
Dockerfile核心指
FROM #指定基础镜像
USER #指定运行的用户
WORKDIR #指定的工作目录
COPY #复制文件
ADD #高级复制,会自动解压文件
RUN #执行的命令
EXPOSE #指定对外的端口,用到的不多 -p -P
ENV #设置环境变量
CMD #容器启动后执行的命令
ENTRYPOINT #容器启动后执行的命令
RUN命令执行命令并创建新的镜像层,通常用于安装软件包
CMD命令设置容器启动后默认执行的命令及其参数,但CMD设置的命令能够被docker run命令后面的命令行参数替换
ENTRYPOINT配置容器启动时的执行命令(不会被忽略,一定会被执行,即使运行 docker run时指定了其他命令)
8. USER/WORKDIR指令
[root@docker01 ~]# mkdir /data/dockerfile -p
[root@docker01 ~]# cd /data/dockerfile/
[root@docker01 dockerfile]# vim Dockerfile
[root@docker01 dockerfile]# cat Dockerfile
FROM qls123/nginx:v1.18.0
USER nginx
WORKDIR /usr/share/nginx/html
[root@docker01 dockerfile]# docker build . -t qls123/nginx:v1.18.0_with_user_workdir
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM qls123/nginx:v1.18.0
---> 741d47c34fe0
.........................................
[root@docker01 dockerfile]# docker images |grep with_user_workdir
qls123/nginx v1.18.0_with_user_workdir 4330bb7b48b9 43 seconds ago 132MB
[root@docker01 dockerfile]# docker run --rm -ti --name nginx03 qls123/nginx:v1.18.0_with_user_workdir /bin/bash
nginx@4430adea4186:/usr/share/nginx/html$
nginx@4430adea4186:/usr/share/nginx/html$
nginx@4430adea4186:/usr/share/nginx/html$ pwd
/usr/share/nginx/html
nginx@4430adea4186:/usr/share/nginx/html$ whoami
nginx
nginx@4430adea4186:/usr/share/nginx/html$ exit
exit
#只要一连接,你的pwd就在你指定的WORKDIR位置,然后用户是nginx
9. ADD/EXPOSE指令
[root@docker01 dockerfile]# cat Dockerfile
FROM qls123/nginx:v1.18.0
ADD html/index.html /usr/share/nginx/html/index.html
EXPOSE 80
[root@docker01 dockerfile]# docker build . -t qls123/nginx:v1.18.0_with_index_expose
Sending build context to Docker daemon 6.656kB
Step 1/3 : FROM qls123/nginx:v1.18.0
---> 741d47c34fe0
Step 2/3 : ADD html/index.html /usr/share/nginx/html/index.html
.......................................
[root@docker01 dockerfile]# docker images | grep with_index_expose
qls123/nginx v1.18.0_with_index_expose 3ec08a1f4e21 49 seconds ago 132MB
[root@docker01 dockerfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1977de4e3cd0 qls123/nginx:v1.18.0_with_index_expose "nginx -g 'daemon of…" 5 seconds ago Up 4 seconds 0.0.0.0:32768->80/tcp nginx04
#访问10.0.0.181:32768显示指定的index页面
[root@docker01 dockerfile]# docker exec -ti nginx04 /bin/bash
root@1977de4e3cd0:/#
root@1977de4e3cd0:/#
root@1977de4e3cd0:/# pwd
/
root@1977de4e3cd0:/# ls /usr/share/nginx/html
50x.html index.html
root@1977de4e3cd0:/#
10. RUN/ENV指令
[root@docker01 dockerfile]# cat Dockerfile
FROM centos:7.7.1908
ENV VER 4.9.2
RUN yum install -y tcpdump-$VER
[root@docker01 dockerfile]# docker build . -t gcc/centos:7.7.1908_with_env_run
Sending build context to Docker daemon 7.68kB
Step 1/3 : FROM centos:7.7.1908
7.7.1908: Pulling from library/centos
..................................................
[root@docker01 dockerfile]# docker images | grep centos
gcc/centos 7.7.1908_with_env_run 428dfd24f45b 39 seconds ago 276MB
centos 7.7.1908 08d05d1d5859 6 months ago 204MB
[root@docker01 dockerfile]# docker run --rm -ti gcc/centos:7.7.1908_with_env_run /bin/bash
[root@fcc5a8b2c4a1 /]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@fcc5a8b2c4a1 /]# printenv | grep VER
VER=4.9.2
[root@fcc5a8b2c4a1 /]# tcpdump --version
tcpdump version 4.9.2
libpcap version 1.5.3
OpenSSL 1.0.2k-fips 26 Jan 2017
[root@fcc5a8b2c4a1 /]# exit
exit
11. CMD/ENTPYPOINT指令
##CMD指令
[root@docker01 dockerfile]# cat Dockerfile
FROM centos:7.7.1908
RUN yum install httpd -y
CMD ["httpd","-D","FOREGROUND"]
[root@docker01 dockerfile]# docker build . -t gcc/centos:7.7.1908_with_httpd
Sending build context to Docker daemon 8.704kB
Step 1/3 : FROM centos:7.7.1908
---> 08d05d1d5859
Step 2/3 : RUN yum install httpd -y
[root@docker01 dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gcc/centos 7.7.1908_with_httpd f7fb892b142a 27 seconds ago 308MB
[root@docker01 dockerfile]# docker run --rm -d --name httpd01 -p83:80 gcc/centos:7.7.1908_with_httpd
4b5a0991571d6c84860eb8ee349c2207acbc912afb841871210df8c808bf16b2
[root@docker01 dockerfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b5a0991571d gcc/centos:7.7.1908_with_httpd "httpd -D FOREGROUND" 12 seconds ago Up 11 seconds 0.0.0.0:83->80/tcp httpd01
[root@docker01 dockerfile]# netstat -lntp |grep 83
tcp6 0 0 :::83 :::* LISTEN 14896/docker-proxy
##ENTPYPOINT指令
[root@docker01 dockerfile]# cat Dockerfile
FROM centos:7.7.1908
COPY entrypoint.sh /entrypoint.sh
RUN yum install epel-release -y && yum install -y nginx
ENTRYPOINT /entrypoint.sh
#编写脚本
[root@docker01 dockerfile]# cat entrypoint.sh
#!/bin/bash
/sbin/nginx -g "daemon off;"
[root@docker01 dockerfile]# chmod +x entrypoint.sh
[root@docker01 dockerfile]# docker build . -t gcc/centos:7.7.1908_with_entrypoint
Sending build context to Docker daemon 9.728kB
Step 1/4 : FROM centos:7.7.1908
---> 08d05d1d5859
Step 2/4 : COPY entrypoint.sh /entrypoint.sh
[root@docker01 dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gcc/centos 7.7.1908_with_entrypoint 31d6ad566c7f 27 seconds ago 389MB
[root@docker01 dockerfile]# docker run -d --name nginx06 -p84:80 qls123/centos:7.7.1908_with_entrypoint
99b1852dfe890e387b1d9d67e4be93ff3347f64729a4620c64924931a9d2bd3a
[root@docker01 dockerfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
99b1852dfe89 gcc/centos:7.7.1908_with_entrypoint "/bin/sh -c /entrypo…" 4 seconds ago Up 3 seconds 0.0.0.0:84->80/tcp nginx06
[root@docker01 dockerfile]# netstat -lntp
..................
tcp6 0 0 :::32768 :::* LISTEN 14207/docker-proxy
12. Docker综合实验
#使用域名的方式访问百度首页
[root@docker01 dockerfile]# cat Dockerfile
FROM qls123/nginx:v1.18.0
USER root
ENV WWW /usr/share/nginx/html
ENV CONF /etc/nginx/conf.d
RUN echo 'Asia/Shanghai' >/etc/timezone
WORKDIR $WWW
ADD html/index.html $WWW/index.html
ADD qls.baidu.com.conf $CONF/qls.baidu.com.conf
CMD ["nginx","-g","daemon off;"]
[root@docker01 dockerfile]# ll html/
total 4
-rw-r--r-- 1 root root 2381 Jun 3 09:10 index.html
[root@docker01 dockerfile]# vim qls.baidu.com.conf
[root@docker01 dockerfile]# cat qls.baidu.com.conf
server {
listen 80;
server_name qls.baidu.com;
root /usr/share/nginx/html;
}
[root@docker01 dockerfile]# docker build . -t qls123/nginx:v1.18.0_with_baidu
Sending build context to Docker daemon 11.78kB
Step 1/9 : FROM qls123/nginx:v1.18.0
---> 741d47c34fe0
Step 2/9 : USER root
[root@docker01 dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
qls123/nginx v1.18.0_with_baidu c1e18f0ed130 22 seconds ago 132MB
[root@docker01 dockerfile]# docker run --rm -d -p80:80 gcc/nginx:v1.18.0_with_baidu
c0788d266b637400ccdabe9d6b88e4183c9879e3ba2ee73d2a4c6f2886202f00
[root@docker01 dockerfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c0788d266b63 gcc/nginx:v1.18.0_with_baidu "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 0.0.0.0:80->80/tcp suspicious_volhard
#配置hosts
#访问页面 gcc.baidu.com
#实现一个小游戏
[root@docker01 dockerfile]# cat Dockerfile
FROM qls123/nginx:v1.18.0
USER root
ENV WWW /usr/share/nginx/html
ENV CONF /etc/nginx/conf.d
RUN echo 'Asia/Shanghai' >/etc/timezone
ADD xiaoniao.tar.gz $WWW/
ADD xiaoniao.com.conf $CONF/xiaoniao.com.conf
CMD ["nginx","-g","daemon off;"]
[root@docker01 dockerfile]# cat xiaoniao.com.conf
server {
listen 80;
server_name xiaoniao.com;
root /usr/share/nginx/html/xiaoniao;
}
[root@docker01 dockerfile]# docker build . -t gcc/nginx:v1.18.0_with_xiaoniao
Sending build context to Docker daemon 106.5kB
Step 1/8 : FROM qls123/nginx:v1.18.0
---> 741d47c34fe0
Step 2/8 : USER root
[root@docker01 dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
qls123/nginx v1.18.0_with_xiaoniao 7dc18f3dbbae 17 seconds ago 132MB
[root@docker01 dockerfile]# docker run --rm -d --name xiaonaio -p81:80 gcc/nginx:v1.18.0_with_xiaoniao
3522a2f9a357bbf3ae450941694768907ce93f2284ed69e8942e850e5c0e90be
[root@docker01 dockerfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3522a2f9a357 gcc/nginx:v1.18.0_with_xiaoniao "nginx -g 'daemon of…" 3 seconds ago Up 3 seconds 0.0.0.0:81->80/tcp xiaonaio
13. Docker registry
本地镜像仓库 镜像注册中心
#普通的registry
创建容器时没有添加参数 --restart=always ,导致的后果是:当 Docker 重启时,容器未能自动启动。
[root@docker01 dockerfile]# docker run -d -p5000:5000 --restart=always --name registry -v/data/myregistry:/var/lib/registry registry
[root@docker01 dockerfile]# docker images | grep registry
registry latest 708bc6af7e5e 4 months ago 25.8MB
[root@docker01 dockerfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cfb55998b06 registry "/entrypoint.sh /etc…" 50 seconds ago Up 49 seconds 0.0.0.0:5000->5000/tcp registry
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1235/sshd
tcp6 0 0 :::5000 :::* LISTEN 16571/docker-proxy
tcp6 0 0 :::81 :::* LISTEN 16324/docker-proxy
[root@docker01 dockerfile]# docker tag nginx:1.18.0 47.102.199.135:5000/qls/nginx:v1.18.0
[root@docker01 dockerfile]# docker push 47.102.199.135:5000/qls/nginx:v1.18.0
The push refers to repository [47.102.199.135:5000/qls/nginx]
Get https://47.102.199.135:5000/v2/: http: server gave HTTP response to HTTPS client
[root@docker01 dockerfile]#
[root@docker01 dockerfile]# cat /etc/docker/daemon.json
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io","47.102.199.135:5000"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.151.143.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
[root@docker01 dockerfile]# systemctl restart docker
[root@docker01 dockerfile]# docker push 47.102.199.135:5000/qls/nginx:v1.18.0
The push refers to repository [47.102.199.135:5000/qls/nginx]
3c445cf708a5: Pushed
3e1e3bb78a57: Pushed
91776dace4ca: Pushed
ffc9b21953f4: Pushed
v1.18.0: digest: sha256:637488545a21a1ff771549ef65f5e3c1a8dbd92c98d360ac489d76b857021a55 size: 1155
[root@docker01 dockerfile]# ll /data/myregistry/docker/registry/v2/repositories/qls/nginx/
total 12
drwxr-xr-x 3 root root 4096 Jun 3 15:52 _layers
drwxr-xr-x 4 root root 4096 Jun 3 15:53 _manifests
drwxr-xr-x 2 root root 4096 Jun 3 15:53 _uploads
#拉取本地仓库镜像
[root@docker01 dockerfile]# docker pull 47.102.199.135:5000/qls/nginx:v1.18.0
v1.18.0: Pulling from qls/nginx
Digest: sha256:637488545a21a1ff771549ef65f5e3c1a8dbd92c98d360ac489d76b857021a55
Status: Downloaded newer image for 47.102.199.135:5000/qls/nginx:v1.18.0
47.102.199.135:5000/qls/nginx:v1.18.0
#其他主机上传下载
[root@docker01 ~]# docker pull 47.102.199.135:5000/qls/nginx:v1.18.0
v1.18.0: Pulling from qls/nginx
afb6ec6fdc1c: Pull complete
2e231683bfde: Pull complete
511e2efefada: Pull complete
e8fd0ec105c9: Pull complete
Digest: sha256:637488545a21a1ff771549ef65f5e3c1a8dbd92c98d360ac489d76b857021a55
Status: Downloaded newer image for 47.102.199.135:5000/qls/nginx:v1.18.0
47.102.199.135:5000/qls/nginx:v1.18.0
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
qls123/alpine v3.12.0 a24bb4013296 4 days ago 5.57MB
47.102.199.135:5000/qls/nginx v1.18.0 741d47c34fe0 2 weeks ago 132MB
hello-world latest bf756fb1ae65 5 months ago 13.3kB
[root@docker01 ~]# docker tag a24bb4013296 47.102.199.135:5000/qls/alpine:v3.12.0
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
47.102.199.135:5000/qls/alpine v3.12.0 a24bb4013296 4 days ago 5.57MB
qls123/alpine v3.12.0 a24bb4013296 4 days ago 5.57MB
47.102.199.135:5000/qls/nginx v1.18.0 741d47c34fe0 2 weeks ago 132MB
hello-world latest bf756fb1ae65 5 months ago 13.3kB
[root@docker01 ~]# docker push 47.102.199.135:5000/qls/alpine:v3.12.0
The push refers to repository [47.102.199.135:5000/qls/alpine]
50644c29ef5a: Pushed
v3.12.0: digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65 size: 528
14. 带basic认证的registry
#下载一个生产密码的软件
[root@docker01 dockerfile]# yum install httpd-tools -y
[root@docker01 ~]# mkdir -p /data/registry-var/auth
[root@docker01 ~]# htpasswd -Bbn qls 123456 >>/data/registry-var/auth/htpasswd
[root@docker01 ~]# cat /data/registry-var/auth/htpasswd
qls:$2y$05$ndBJeubQ84GeR4SjXtC4xO45rnUEC0Rg20kEHpIhNdixA9OMIThKm
[root@docker01 ~]# docker rm -f registry
registry
[root@docker01 ~]# docker run -d -p5000:5000 -v/data/registry-var/auth/:/auth/ -v/data/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
2b5c6a379cdaca6452c255d1819435364d2211a35b100bdb13c3837eba523fdf
[root@docker01 ~]# docker tag eb440e397100 47.102.199.135:5000/qls/nginx:v1.18.0-curl
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
47.102.199.135:5000/qls/nginx v1.18.0-curl eb440e397100 7 hours ago 153MB
[root@docker01 ~]# docker push 47.102.199.135:5000/qls/nginx:v1.18.0-curl
Error response from daemon: Get http://47.102.199.135:5000/v2/qls/nginx/manifests/v1.18.0-curl: no basic auth credentials
[root@docker01 ~]# docker push 47.102.199.135:5000/qls/nginx:v1.18.0-curl
The push refers to repository [47.102.199.135:5000/qls/nginx]
17cf1ea49bfe: Pushed
3c445cf708a5: Layer already exists
3e1e3bb78a57: Layer already exists
91776dace4ca: Layer already exists
ffc9b21953f4: Layer already exists
v1.18.0-curl: digest: sha256:3ce416551486669167f4e9e02e9c297f209c94c4c3c1cc952ee0cc89f8a12f80 size: 1367
#另外一个主机下载镜像
[root@docker01 ~]# docker pull 47.102.199.135:5000/qls/nginx:v1.18.0-curl
Error response from daemon: Get http://47.102.199.135:5000/v2/qls/nginx/manifests/v1.18.0-curl: no basic auth credentials
[root@docker01 ~]# docker login 47.102.199.135:5000
Username: qls
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker01 ~]# docker pull 47.102.199.135:5000/qls/nginx:v1.18.0-curl
v1.18.0-curl: Pulling from qls/nginx
afb6ec6fdc1c: Already exists
2e231683bfde: Already exists
511e2efefada: Already exists
e8fd0ec105c9: Already exists
ca64879d5edd: Pull complete
Digest: sha256:3ce416551486669167f4e9e02e9c297f209c94c4c3c1cc952ee0cc89f8a12f80
Status: Downloaded newer image for 47.102.199.135:5000/qls/nginx:v1.18.0-curl
47.102.199.135:5000/qls/nginx:v1.18.0-curl
#删除仓库里面的镜像
#删除repo
/ # rm -rf /var/lib/registry/docker/registry/v2/repositories/qls/nginx/
#清除blob
/ # registry garbage-collect /etc/docker/registry/config.yml
15. Docker网路模型
#1. NAT(默认) Bridge
[root@docker01 ~]# docker exec -ti 2b5c6a379cda /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:97:8f:02 brd ff:ff:ff:ff:ff:ff
inet 172.151.143.2/24 brd 172.151.143.255 scope global eth0
valid_lft forever preferred_lft forever
#2. None
不为容器配置任何网络
[root@docker01 ~]# docker run -ti --rm --net=none alpine /bin/sh
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
df20fa9351a1: Pull complete
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
#3. Host
与宿主机共享网络 性能最高
[root@docker01 ~]# docker run -ti --rm --net=host alpine:latest /bin/sh
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:3e:0c:f5:f8 brd ff:ff:ff:ff:ff:ff
inet 172.19.151.143/20 brd 172.19.159.255 scope global dynamic eth0
valid_lft 315329713sec preferred_lft 315329713sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ba:16:7c:80 brd ff:ff:ff:ff:ff:ff
inet 172.151.143.1/24 brd 172.151.143.255 scope global docker0
valid_lft forever preferred_lft forever
37: veth15e9b65@if36: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 4e:cb:a7:65:21:80 brd ff:ff:ff:ff:ff:ff
#4. 联合网络
与另一个运行中的容器共享网络
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b5c6a379cda registry "/entrypoint.sh /etc…" 47 minutes ago Up 47 minutes 0.0.0.0:5000->5000/tcp sad_meninsky
[root@docker01 ~]# docker exec -ti 2b5c6a379cda /bin/bash
OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown
[root@docker01 ~]# docker exec -ti 2b5c6a379cda /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:97:8f:02 brd ff:ff:ff:ff:ff:ff
inet 172.151.143.2/24 brd 172.151.143.255 scope global eth0
valid_lft forever preferred_lft forever
/ # exit
[root@docker01 ~]# docker run -ti --rm --net=container:2b5c6a379cda alpine:latest /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:97:8f:02 brd ff:ff:ff:ff:ff:ff
inet 172.151.143.2/24 brd 172.151.143.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
16. Docker-Compose应用
#单机编排工具
通过yaml文件进行
工程 project
服务 service
容器 container
#安装Docker-compose
[root@docker01 ~]# yum install -y docker-compose
[root@docker01 ~]# docker-compose -v
docker-compose version 1.18.0, build 8dd22a9
[root@docker01 ~]# mkdir /data/docker-compose
[root@docker01 ~]# cd /data/docker-compose
[root@docker01 docker-compose]# mkdir wordpress
[root@docker01 docker-compose]# cd wordpress
[root@docker01 wordpress]#
[root@docker01 wordpress]# cat docker-compose.yaml
version: '3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- web_data:/var/www/html
ports:
- "80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
web_data:
[root@docker01 ~]# docker-compose up -d
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53d59cde1a0d wordpress:latest "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 0.0.0.0:32768->80/tcp wordpress_wordpress_1
3e29e83fc01d mysql:5.7 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 3306/tcp, 33060/tcp wordpress_db_1
2b5c6a379cda registry "/entrypoint.sh /etc…" About an hour ago Up About an hour 0.0.0.0:5000->5000/tcp sad_meninsky
docker-compose 常用命令
docker-compose up 启动所有容器
-d #放入到后台运行
docker-compose down
[root@docker01 wordpress]# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------------
wordpress_db_1 docker-entrypoint.sh mysqld Up 3306/tcp, 33060/tcp
wordpress_wordpress_1 docker-entrypoint.sh apach ... Up 0.0.0.0:32770->80/tcp
[root@docker01 wordpress]# docker-compose stop
Stopping wordpress_wordpress_1 ... done
Stopping wordpress_db_1 ... done
[root@docker01 wordpress]# docker-compose start
Starting db ... done
Starting wordpress ... done
[root@docker01 wordpress]# docker-compose logs
17. Docker跨主机容器之间的通信
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
8a69b5227305 bridge bridge local
0ef42ec5e12e host host local
76a3e990ef90 none null local
#创建macvlan网络
[root@docker01 ~]# docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
d1cdabe73593bbdcb49e4d63c2c41a5ab69cdffd2d06eaf22867400a036cb600
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
8a69b5227305 bridge bridge local
0ef42ec5e12e host host local
d1cdabe73593 macvlan_1 macvlan local
76a3e990ef90 none null local
[root@docker01 ~]# docker run --rm -ti --network macvlan_1 --ip=10.0.0.101 qls123/alpine:v3.12.0 /bin/sh
/ #
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
47: eth0@if44: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 02:42:0a:00:00:65 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.101/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 10.0.0.102
PING 10.0.0.102 (10.0.0.102): 56 data bytes
64 bytes from 10.0.0.102: seq=0 ttl=64 time=0.326 ms
64 bytes from 10.0.0.102: seq=1 ttl=64 time=0.350 ms
^C
--- 10.0.0.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.326/0.338/0.350 ms
[root@docker02 ~]# docker run --rm -ti --network macvlan_1 --ip=10.0.0.102 alpine:3.12.0 /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 02:42:0a:00:00:66 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.102/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 10.0.0.101
PING 10.0.0.101 (10.0.0.101): 56 data bytes
64 bytes from 10.0.0.101: seq=0 ttl=64 time=2.328 ms
64 bytes from 10.0.0.101: seq=1 ttl=64 time=0.611 ms
^C
--- 10.0.0.101 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.611/1.469/2.328 ms
/ #