docker
越胤
"""
[root@docker ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)
# 阿里云开源镜像站:
https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/
# 官方站点:
https://docs.docker.com/ https://docs.docker.com/install/linux/docker-ce/centos/
# 二者下载皆可 但是阿里云更快一些
1.什么是docker
docker出现对于现有技术的冲击和革命性的改变
业界大佬都纷纷打造了自己的“docker”产品
"""
查看系统的版本
[root@server3 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.3 (Maipo)
"""
安装完docker后如果 发现tab命令不能补全 是因为缺少一个包 yum install bash-* -y
[root@docker docker]# docker load -i game2048.tar
011b303988d2: Loading layer 5.05MB/5.05MB
36e9226e74f8: Loading layer 51.46MB/51.46MB
192e9fad2abc: Loading layer 3.584kB/3.584kB
6d7504772167: Loading layer 4.608kB/4.608kB
88fca8ae768a: Loading layer 629.8kB/629.8kB
Loaded image: game2048:latest
[root@docker docker]# docker history game2048:latest
IMAGE CREATED CREATED BY SIZE COMMENT
19299002fdbe 2 years ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "sed … 0B
<missing> 2 years ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B
<missing> 2 years ago /bin/sh -c #(nop) COPY dir:cb74e9c037a3d501c… 600kB
<missing> 2 years ago /bin/sh -c #(nop) MAINTAINER Golfen Guo <go… 0B
<missing> 2 years ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
<missing> 2 years ago /bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp 0B
<missing> 2 years ago /bin/sh -c #(nop) COPY file:d15ceb73c6ea776c… 1.1kB
<missing> 2 years ago /bin/sh -c #(nop) COPY file:af94db45bb7e4b8f… 643B
<missing> 2 years ago /bin/sh -c GPG_KEYS=B0F4253373F8F6F510D42178… 50.1MB
<missing> 2 years ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.11.7 0B
<missing> 3 years ago /bin/sh -c #(nop) MAINTAINER NGINX Docker M… 0B
<missing> 3 years ago /bin/sh -c #(nop) ADD file:7afbc23fda8b0b387… 4.8MB
[root@docker docker]# docker run -d --name game1 -p 80:80 game2048
0acffeb182560a4195fb1de39733b9ac1db9c5d3e20abcc5b3fc8df82df6dfa2
[root@docker docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0acffeb18256 game2048 "/bin/sh -c 'sed -i …" 5 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp, 443/tcp game1
在浏览器中测试:ip地址 eg:网页游戏
"""
解决“警告”问题:
docker info
可以看到
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
cd /etc/sysctl.d
# 过滤内核参数 将这些改成 1
sysctl -a | grep forwarding
sysctl -a | grep bridge
怎么改:
在当前目录下
vim docker.conf
inet.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 1
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.docker0.mc_forwarding = 1
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 1
net.bridge.bridge-nf-call-ip6tables = 1
sysctl --system #使其立即生效
"""
####################################################
# docker的所有数据都存放在此
[root@docker docker]# ls
builder containers network plugins swarm trust
buildkit image overlay2 runtimes tmp volumes
[root@docker docker]# pwd
/var/lib/docker
docker镜像
镜像是docker容器的基石,容器是镜像的运行实例,有了镜像才能启动容器
[root@foundation0 ~]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 latest 0a3eb3fde7fd 4 years ago 140 MB
为什么一个rhel7只有140MB
linux操作系统由内核空间和用户空间组成(rootfs bootfs)
内核空间是kernel,linux刚启动的时候会加载bootfs文件系统,之后bootfs会被卸载掉
用户空间的文件系统是rootfs,包括我们熟悉鹅/dev,/proc,/bin 等目录
对于base镜像来说,底层直接用host的kernel,自己只需要提供rootfs就行了
而对于一个精简版的os,rootfs可以很小,只需要包括最基本的命令,工具和程序就可以了
base镜像提供的是最小安装的Linux发行版本 支持运行多种Linux OS 不同的Linux发行版的区主要就是rootfs
比如Ubuntu 使用upstat 管理服务 apt管理软件包 而centos 7 使用systemd和yum 这些都是用户空间上的区别
linux kernel差别不大
##注意:容器的内核版本和宿主机的版本是一致的
##可通过:uname -r来看
##所有容器都共用host的kernel,在容器中没办法对kernel升级,如果容器对kernel有要求(比如某个应用只能在某个kernel版本下运行),则不建议用容器,这种场景虚拟机更适合
3.镜像的分层结构
docker支持通过扩展现有镜像,创建新的镜像
实际上,docker hub中99%的镜像都是通过在base镜像中安装和配置需要的软件构建出来的
新的镜像是从base镜像一层一层叠加生成的,每安装一个软件,就在现有的基础
增加一层
为什么docker镜像要采用这种分层结构呢?
最大的一个好处是:共享资源 比如:有多个镜像都从相同的base镜像构建而来,那么docker
host只需在磁盘上保存一份base镜像:同时内存中也只需加载一份base镜像,就可以为所有容器服务了,而其镜像的每一层都可以被共享
那么一个疑问是:如果多个容器共享一份基础镜像,当某个容器修改了基础镜像的内容,比如/etc下的文件,这时其他容器的/etc是否也会被修改???
答案是不会
修改会被限制在单个容器内
这就是我们接下来要学习的容器copy-on-write特性
可写的容器层
当容器启动时,一个新的可写层被加载到镜像的顶部 这一层通常被叫做“容器层”,“容器层”之下的都叫“镜像层”
所有对容器的改动,无论添加,删除,还是修改文件都只会发生在容器层,只有容器层是可写的,容器层下面的所有镜像层都是只读的
具体细节
镜像层数量可能会很多,所有镜像层会联合在一起组成一个统一的文件系统,如果不同层中有一个相同路径的文件,比如/a,上层的/a会覆盖下层的/a,也就是说用户只能访问到山层中的文件/a,在容器层中,用户看到的是一个叠加之后的文件系统
1.添加文件,在容器中创建文件时,新文件被添加到容器层中
2.读取文件,在容器中读取某个文件时,docker会从上往下依次在各个镜像层中查找到此文件,一旦找到,打开并读入内存
3.修改文件,在容器中修改已经存在的文件时,docker会从上往下依次在各个镜像层中查找到此文件,一旦找到,立即将其复制到容器层,然后修改
4.删除文件,在容器中删除文件时,docker也是从上往下依次在镜像层中查找此文件,找到后,会在容器层中记录下此删除操作
只有当修改的时候才复制一份数据,这种特性被称作copy-on-write,可见,容器层保存的是镜像变化的部分,不会对镜像本身进行任何修改
这样就解释了我们前面提出的问题:容器层记录对镜像的修改,所有镜像层都是只读的,不会被容器修改,所以镜像可以被多个容器共享
####################################################
docker run -it --name ubuntu #-it 以交互式模式开启一个终端
# 我们可以看到 容器和虚拟机共享内核
# 到底怎么共享的呢?
[root@docker docker]# hostnamectl
Static hostname: docker
Icon name: computer-vm
Chassis: vm
Machine ID: e26d28698aed47fb9ec897d00ec96f27
Boot ID: 4f549a312dff439b80de72c1c74a0682
Virtualization: kvm
Operating System: Red Hat Enterprise Linux Server 7.5 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.5:GA:server
Kernel: Linux 3.10.0-862.el7.x86_64
Architecture: x86-64
[root@server3 sysctl.d]# docker run -it --name vm1 ubuntu #run
:创建并运行一个容器 -it:以交互式的形式 --name:给容器起个名字 ubuntu:镜像名称
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
7413c47ba209: Pull complete
0fe7e7cbb2e8: Pull complete
1d425c982345: Pull complete
344da5c95cec: Pull complete
Digest: sha256:c303f19cfe9ee92badbbbd7567bc1ca47789f79303ddcef56f77687d4744cd7a
Status: Downloaded newer image for ubuntu:latest
Try 'uname --help' for more information.
root@b16f9eaab99e:/# uname -r #可以见得 docker是对我们操作系统内核有一定的要求的
3.10.0-514.el7.x86_64
[root@docker docker]# docker run -it --name vm1 ubuntu
root@4154d58490f2:/# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
root@4154d58490f2:/# touch file1 #改变的是容器层
root@4154d58490f2:/# touch file2
可写的容器层
当容器启动时,一个新的可写层被加载到镜像的顶部 这一层通常被叫做“容器层”,“容器层”之下的都叫“镜像层”
所有对容器的改动,无论添加,删除,还是修改文件都只会发生在容器层,只有容器层是可写的,容器层下面的所有镜像层都是只读的
#注意:一个镜像层最多127层(镜像层最好不要太多)
具体细节
镜像层数量可能会很多,所有镜像层会联合在一起组成一个统一的文件系统,如果不同层中有一个相同路径的文件,比如/a,上层的/a会覆盖下层的/a,也就是说用户只能访问到山层中的文件/a,在容器层中,用户看到的是一个叠加之后的文件系统
1.添加文件,在容器中创建文件时,新文件被添加到容器层中
2.读取文件,在容器中读取某个文件时,docker会从上往下依次在各个镜像层中查找到此文件,一旦找到,打开并读入内存
3.修改文件,在容器中修改已经存在的文件时,docker会从上往下依次在各个镜像层中查找到此文件,一旦找到,立即将其复制到容器层,然后修改
4.删除文件,在容器中删除文件时,docker也是从上往下依次在镜像层中查找此文件,找到后,会在容器层中记录下此删除操作
"""
共享宿主机的kernel
base镜像提供的是最小的linux发行版本
同一docker主句支持运行多种linux发行版
采用分层结构的最大好处是:共享资源
"""
此时,退出容器 我们用docker ps -a 依然是可以看到容器的
但是,如果我们只是运行容器 然后退出 不保存容器的化 容器中我们
所做的工作是不会被保存和持久化的
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b16f9eaab99e ubuntu "/bin/bash" 41 hours ago Exited (255) 3 minutes ago vm1
0600bb9b1fc6 game2048 "/bin/sh -c 'sed -..." 42 hours ago Exited (137) 42 hours ago game1
可用docker rm 命令删除
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b16f9eaab99e ubuntu "/bin/bash" 41 hours ago Exited (255) 5 minutes ago vm1
0600bb9b1fc6 game2048 "/bin/sh -c 'sed -..." 42 hours ago Exited (137) 42 hours ago game1
[root@server3 ~]# docker rm b16f9eaab99e
b16f9eaab99e
[root@server3 ~]# docker rm 0600bb9b1fc6
0600bb9b1fc6
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
"""
1.共享宿主机的kernel
2.base镜像提供的是最小的linux发行版
3.同一docker主机支持运行多种linux发行版
4.采用分层结构的最大好处是:共享资源
"""
"""
Copy-on-Write可写容器层
容器层意所有镜像层都是只读的 docker从上往下依次查找文件 容器层保存镜像变换的部分 并不会对镜像本身进行任何修改
一个镜像最多127层
镜像的构建
docker commit 构建镜像三部曲
运行容器
修改容器
将容器保存为新的镜像
缺点
效率低 可重复性弱 容易出错
使用者无法对镜像进行审计,存在安全隐患
[root@server3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 3556258649b2 2 weeks ago 64.2 MB
game2048 latest 19299002fdbe 2 years ago 55.5 MB
[root@server3 ~]# docker history ubuntu:latest # 保存每一层的镜像修改
IMAGE CREATED CREATED BY SIZE COMMENT
3556258649b2 2 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
<missing> 2 weeks ago /bin/sh -c mkdir -p /run/systemd && echo '... 7 B
<missing> 2 weeks ago /bin/sh -c set -xe && echo '#!/bin/sh' >... 745 B
<missing> 2 weeks ago /bin/sh -c [ -z "$(apt-get indextargets)" ] 987 kB
<missing> 2 weeks ago /bin/sh -c #(nop) ADD file:3ddd02d976792b6... 63.2 MB
# <missing>的意思是 这些操作不是在本机操作的 所有找不到 这并没有什么关系
演示案例:
# busybox:这个镜像非常的轻量级 适合我们在学习和实验中去使用
[root@server3 ~]# docker run -it --name test busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
ee153a04d683: Pull complete
Digest: sha256:9f1003c480699be56815db0f8146ad2e22efea85129b5b5983d0e0fb52d9ab70
Status: Downloaded newer image for busybox:latest
/ # echo helloworld >testfile
/ # ls
bin etc proc sys tmp var
dev home root testfile usr
/ # cat testfile
helloworld
/ # exit #退出并停止运行 ctrl p+q 退出不停止运行
[root@server3 ~]# docker ps -a #注意:我们只是退出了运行中的容器 并没有删除它
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6789012d8958 busybox "sh" About a minute ago Exited (0) 5 seconds ago test
[root@server3 ~]# docker start test #我们将在后台保存的容器运行起来
test
[root@server3 ~]# docker attach test #此命令可以进入在后台运行起来的容器
[root@server3 ~]# docker commit test test:v1 #将我们所修改的容器保存
sha256:c1a9c80bccb0b51e410cc90bbe56460c4b84e2119741aee133d99a45da702857
[root@server3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test v1 c1a9c80bccb0 5 seconds ago 1.22 MB
ubuntu latest 3556258649b2 2 weeks ago 64.2 MB
busybox latest db8ee88ad75f 3 weeks ago 1.22 MB
game2048 latest 19299002fdbe 2 years ago 55.5 MB
[root@server3 ~]# docker history test:v1 #我们可以看到 相同的底层是共享的(在我们当前的文件系统之上是只保存一份的) 基于busybox构建的
IMAGE CREATED CREATED BY SIZE COMMENT
c1a9c80bccb0 24 seconds ago sh 59 B
db8ee88ad75f 3 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:9ceca008111a4dd... 1.22 MB
# 缺点是:我们无法得知我们对这个容器到底做了什么操作 虽然它已经被保存了
[root@server3 ~]# docker rm 6789012d8958
Error response from daemon: You cannot remove a running container 6789012d89587629aa79031fdde5101671265849ed92b042f5e1dda7b7909f07. Stop the container before attempting removal or use -f
# 可以强制删除正在运行中的容器
[root@server3 ~]# docker rm -f 6789012d8958
6789012d8958
[root@server3 ~]# docker rm -f 6789012d8958
6789012d8958
# 我们可以看到 新运行的容器也是有我们之前所保存的数据的
[root@server3 ~]# docker run -it --name vm1 test:v1
/ # ls
bin etc proc sys tmp var
dev home root testfile usr
/ # cat testfile
helloworld
以下是我们比较推荐的保存镜像的方式,也是我们工作中比较常用的方式,以Dockerfile文件的方式
1.创建一个Dockerfile
注意:一定要创建一个新的目录 因为在构建镜像的时候,会默认把dockerfile所在的目录中的所有目录发送给docker引擎,举个例子
如果你把dockerfile放在/目录下 那么这个过程会变得非常的缓慢
[root@server3 mnt]# pwd
/mnt
[root@server3 mnt]# ls
docker
[root@server3 mnt]# cd docker/
[root@server3 docker]# ls
[root@server3 docker]# vim dockerfile
FROM busybox #以哪个基础镜像为模板
RUN echo testfile > file1 #在新镜像中你要执行的哪些动作
RUN echo testfile > file2
[root@server3 docker]# docker build -t test:v2 #镜像名称 . #.代表当前目录
Sending build context to Docker daemon 2.048 kB #把dockerfile所在的目录中的所有目录发送给docker引擎
Step 1/3 : FROM busybox
---> db8ee88ad75f
Step 2/3 : RUN echo testfile > file1
---> Running in 4c00ef6f0753
---> e8a1fbac8837
Removing intermediate container 4c00ef6f0753 #临时镜像层删掉
Step 3/3 : RUN echo testfile > file2
---> Running in cd7a46bb3269
---> 5fc404485b27
Removing intermediate container cd7a46bb3269
Successfully built 5fc404485b27
[root@server3 docker]# cat dockerfile
FROM busybox #以哪个基础镜像为模板
RUN echo testfile > file1 #在新镜像中你要执行的哪些动作
RUN echo testfile > file2
[root@server3 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test v2 5fc404485b27 About a minute ago 1.22 MB
test v1 c1a9c80bccb0 19 minutes ago 1.22 MB
ubuntu latest 3556258649b2 2 weeks ago 64.2 MB
busybox latest db8ee88ad75f 3 weeks ago 1.22 MB
game2048 latest 19299002fdbe 2 years ago 55.5 MB
[root@server3 docker]# docker history test:v2
IMAGE CREATED CREATED BY SIZE COMMENT
5fc404485b27 About a minute ago /bin/sh -c echo testfile > file2 9 B
e8a1fbac8837 About a minute ago /bin/sh -c echo testfile > file1 9 B
db8ee88ad75f 3 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:9ceca008111a4dd... 1.22 MB
[root@server3 docker]# docker history busybox:latest
IMAGE CREATED CREATED BY SIZE COMMENT
db8ee88ad75f 3 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:9ceca008111a4dd... 1.22 MB
# 缓存特性
# 再次更改dockerfile 注意:不要随便加空格(要使用缓存 之前内容不能随便更改)
[root@server3 docker]# cat dockerfile
FROM busybox
RUN echo testfile > file1
RUN echo testfile > file2
RUN echo testfile > file3
[root@server3 docker]# docker build -t test:v3 .
Sending build context to Docker daemon 2.048 kB
Step 1/4 : FROM busybox
---> db8ee88ad75f
Step 2/4 : RUN echo testfile > file1
---> Using cache #已经运行过的不再运行
---> e8a1fbac8837
Step 3/4 : RUN echo testfile > file2
---> Using cache
---> 5fc404485b27
Step 4/4 : RUN echo testfile > file3
---> Running in e2e4d6f4c565 #运行新的指令
---> edd40df71d11
Removing intermediate container e2e4d6f4c565
Successfully built edd40df71d11
##如果我们希望在构建镜像时不使用缓存,可以在docker build命令中加上 --no-cache参数
#dockerfile中每一个指令都会创建一个镜像层,上层是依赖于下层的,无论什么时候,只要某一层发生变化,其上面所有层的缓存都会失败
# 对比来看 v2和v3 有几层是一样的 每一个RUN就会构建一层镜像
# 而且我们可以看到 每一层的操作
# 再次说明 共同的镜像层之间的共享的
[root@server3 docker]# docker history test:v3
IMAGE CREATED CREATED BY SIZE COMMENT
edd40df71d11 52 seconds ago /bin/sh -c echo testfile > file3 9 B
5fc404485b27 6 minutes ago /bin/sh -c echo testfile > file2 9 B
e8a1fbac8837 6 minutes ago /bin/sh -c echo testfile > file1 9 B
db8ee88ad75f 3 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:9ceca008111a4dd... 1.22 MB
[root@server3 docker]# docker history test:v2
IMAGE CREATED CREATED BY SIZE COMMENT
5fc404485b27 6 minutes ago /bin/sh -c echo testfile > file2 9 B
e8a1fbac8837 6 minutes ago /bin/sh -c echo testfile > file1 9 B
db8ee88ad75f 3 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:9ceca008111a4dd... 1.22 MB
# 本质:dockerfile中的每一层其实就是执行了一个docker commit
dockerfile的详解
便于我们书写更成熟的dockerfile文件
dockerfile常用指令
FROM:指定base镜像,如果本地不存在会从远程仓库下载(虚拟机要配置上网)
MAINTAINER:设置镜像的作者,比如用户邮箱等 (不是必须的)
COPY:把文件从buile context复制到镜像
支持两种形式:COPY src dest 和 COPY [“src”,“dest”]
src必须指定build context中的文件或目录
[root@server3 docker]# vim dockerfile
FROM busybox
COPY testfile /tmp
[root@server3 docker]# vim testfile
hello~
[root@server3 docker]# docker build -t test:v4 .
Sending build context to Docker daemon 3.072 kB
Step 1/2 : FROM busybox
---> db8ee88ad75f
Step 2/2 : COPY testfile /tmp
---> ff437a8d3732
Removing intermediate container e79887133199
Successfully built ff437a8d3732
[root@server3 docker]# docker history test:v4
IMAGE CREATED CREATED BY SIZE COMMENT
ff437a8d3732 9 seconds ago /bin/sh -c #(nop) COPY file:d93a5a916d7ae8... 7 B
db8ee88ad75f 3 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:9ceca008111a4dd... 1.22 MB
[root@server3 docker]# docker run -it --name vm1 test:v4
/ # ls
bin dev etc home proc root sys tmp usr var
/ # cd /tmp/
/tmp # ls
testfile
/tmp # cat testfile
hello~
# 建议:不用的容器 要即使删除
ADD:用法与COPY类似,不同的是src可以是归档压缩文件,文件会被自动解压到dest,也可以下载URL并拷贝到镜像
eg:ADD html.tar /var/www
ADD http://ip/html.tar /var/www
[root@server3 docker]# ls
dockerfile nginx-1.15.9.tar.gz testfile
[root@server3 docker]# vim dockerfile
FROM busybox
COPY testfile /tmp
ADD nginx-1.15.9.tar.gz /tmp
[root@server3 docker]# docker build -t test:v5 .
Sending build context to Docker daemon 1.036 MB
Step 1/3 : FROM busybox
---> db8ee88ad75f
Step 2/3 : COPY testfile /tmp
---> Using cache
---> ff437a8d3732
Step 3/3 : ADD nginx-1.15.9.tar.gz /tmp
---> 9db2ad29e44f
Removing intermediate container f84d556d43dc
Successfully built 9db2ad29e44f
[root@server3 docker]# docker run -it --name vm2 test:v5
/ # cd /tmp/
/tmp # ls
nginx-1.15.9 testfile
/tmp # cd nginx-1.15.9/
/tmp/nginx-1.15.9 # ls
CHANGES README configure man
CHANGES.ru auto contrib src
LICENSE conf html
ENV:设置环境变量,变量可以被后续的指令使用(不是必须的)
ENV HOSTNAME server1.example.com
EXPOSE:如果容器运行应用服务,可以把服务的端口暴露出去
[root@server3 docker]# docker history game2048
IMAGE CREATED CREATED BY SIZE COMMENT
19299002fdbe 2 years ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "se... 0 B
<missing> 2 years ago /bin/sh -c #(nop) EXPOSE 80/ tcp 0 B # 服务的端口暴露出去 方便我们去做端口映射和用户在容器启动后去访问的
<missing> 2 years ago /bin/sh -c #(nop) COPY dir:cb74e9c037a3d50... 600 kB
<missing> 2 years ago /bin/sh -c #(nop) MAINTAINER Golfen Guo <... 0 B
<missing> 2 years ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daem... 0 B
<missing> 2 years ago /bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp 0 B
<missing> 2 years ago /bin/sh -c #(nop) COPY file:d15ceb73c6ea77... 1.1 kB
<missing> 2 years ago /bin/sh -c #(nop) COPY file:af94db45bb7e4b... 643 B
<missing> 2 years ago /bin/sh -c GPG_KEYS=B0F4253373F8F6F510D421... 50.1 MB
<missing> 2 years ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.11.7 0 B
<missing> 2 years ago /bin/sh -c #(nop) MAINTAINER NGINX Docker... 0 B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:7afbc23fda8b0b3... 4.8 MB
"""
VOLUME:申明数据卷,通常指定的是应用的数据挂在点
#后面会有专门去讲解的 #目的:容器数据持久化的
VOLUME ["/var/www/html"]
[root@server3 docker]# vim dockerfile
FROM busybox
COPY testfile /tmp
ADD nginx-1.15.9.tar.gz /tmp
VOLUME ["/data"] #在启动容器的时候会帮我们自动的新建
[root@server3 docker]# docker build -t test:v6 .
Sending build context to Docker daemon 1.036 MB
Step 1/4 : FROM busybox
---> db8ee88ad75f
Step 2/4 : COPY testfile /tmp
---> Using cache
---> ff437a8d3732
Step 3/4 : ADD nginx-1.15.9.tar.gz /tmp
---> Using cache
---> 9db2ad29e44f
Step 4/4 : VOLUME /data
---> Running in 5f03d4efc260
---> 680a9d07e8e9
Removing intermediate container 5f03d4efc260
Successfully built 680a9d07e8e9
[root@server3 docker]# docker run -it --name vm2 test:v6
/ # ls
bin dev home root tmp var
data etc proc sys usr
/ # cd data/
#我们可以通过docker inspect 6a8af9225428 这个命令看到
#容器中的/data目录与宿主机上的一个新建的本地目录发生了联系
"Mounts": [
{
"Type": "volume",
"Name": "54322e71d6257057e0b785efdfa5853a53422a287048780753fba37df3a2470b",
"Source": "/var/lib/docker/volumes/54322e71d6257057e0b785efdfa5853a53422a287048780753fba37df3a2470b/_data",
我们进入到这个目录中去:
# 注意:此目录是docker引擎自动帮我们创建出来的
# 目录名是随机生成的
[root@server3 /]# cd /var/lib/docker/volumes/54322e71d6257057e0b785efdfa5853a53422a287048780753fba37df3a2470b/_data
[root@server3 _data]# ls
[root@server3 _data]# touch file1
[root@server3 _data]# touch file2
[root@server3 _data]# docker attach vm2
/ # cd /data/
/data # ls
file1 file2
/data # rm -rf file1
/data # exit
[root@server3 _data]# ls
file2
#如需自己创建
#手工指定挂载点 如不存在 会自动创建
[root@server3 _data]# docker run -it --name vm3 -v /opt/data(宿主机上的路径 如果没有会自动帮我们创建):/data(容器内的路径) test:v
v1 v2 v3 v4 v5 v6
[root@server3 _data]# docker run -it --name vm3 -v /opt/data:/data test:v6
/ # cd /data/
/data # ls
/data # ls
/data # touch file2
/data # ls
file1 file2
/data # [root@server3 _data]# cd /opt/
[root@server3 opt]# cd data/
[root@server3 data]# ls
file1 file2
WOEKDIR:为RUN CMD ENTRYPOINT ADD COPY 指令设置镜像中的当前工作目录(类似于cd ),如果目录不存在会自动创建
RUN:在容器中运行命令并创建新的镜像层,常用于安装包 # 每一个RUN指令都会构建一层镜像层 尽可能将多个命令放在一个RUN指令下
RUN yum install -y vim
CMD与ENTRYPOINT:这两个指令都是用于设置容器启动后执行的命令,但CMD会被docker
run后面的命令覆盖,而ENTRYPOINT不会被忽略,一定会被执行 docker
run后面的参数可以传递给ENTRYPOINT指令当作参数
dockerfile中只能指定一个ENTRYPOINT,如果指定了很多,只有最后一个有效
CMD与ENTRYPOINT(容器启动后要运行的!!) RUN :在创建容器的时候!!!(在容器中)
两种书写格式的区别 shell exec
[root@server3 docker]# docker build -t test:v7 .
Sending build context to Docker daemon 1.036 MB
Step 1/3 : FROM busybox
---> db8ee88ad75f
Step 2/3 : ENV name world
---> Running in 67e1d402e2b6
---> 9771be0e3225
Removing intermediate container 67e1d402e2b6
Step 3/3 : ENTRYPOINT echo "hello,$name"
---> Running in 51af15777274
---> f6ec975c2f75
Removing intermediate container 51af15777274
Successfully built f6ec975c2f75
[root@server3 docker]# docker run --rm(一次性的 运行停止后就删除) test:v7
hello,world
[root@server3 docker]# cat dockerfile #shell的方式
FROM busybox
ENV name world #ENV:定义变量
ENTRYPOINT echo "hello,$name"
[root@server3 docker]# docker build -t test:v8 .
Sending build context to Docker daemon 1.036 MB
Step 1/3 : FROM busybox
---> db8ee88ad75f
Step 2/3 : ENV name world
---> Using cache
---> 9771be0e3225
Step 3/3 : ENTRYPOINT /bin/echo hello,$name
---> Running in 6bc8e3d7e2d8
---> 77cecb1b6c1c
Removing intermediate container 6bc8e3d7e2d8
Successfully built 77cecb1b6c1c
[root@server3 docker]# docker run --rm test:v8 #发现问题 变量无法被解析
hello,$name
[root@server3 docker]# cat dockerfile #exec的方式
FROM busybox
ENV name world
ENTRYPOINT ["/bin/echo","hello,$name"]
shell格式底层会掉用/bin/sh -c 来执行命令,可以解析变量,而exec
格式不会
所以我们需要修改写法
[root@server3 docker]# docker build -t test:v9 .
Sending build context to Docker daemon 1.036 MB
Step 1/3 : FROM busybox
---> db8ee88ad75f
Step 2/3 : ENV name world
---> Using cache
---> 9771be0e3225
Step 3/3 : ENTRYPOINT /bin/sh -c echo hello,$name
---> Running in 5ab8da5fc8ca
---> 6f26d3c56e7e
Removing intermediate container 5ab8da5fc8ca
Successfully built 6f26d3c56e7e
[root@server3 docker]# docker run --rm test:v9
hello,world
[root@server3 docker]# cat dockerfile
FROM busybox
ENV name world
ENTRYPOINT ["/bin/sh","-c","echo hello,$name"]
exec格式时,ENTRYPOINT可以通过CMD提供的额外参数,CMD的额外参数可以在容器启动时动态替换,在shell格式时ENTRYPOINT会忽略任何CMD或docker
run提供的参数
[root@server3 docker]# docker build -t test:v10 .
Sending build context to Docker daemon 1.036 MB
Step 1/3 : FROM busybox
---> db8ee88ad75f
Step 2/3 : ENTRYPOINT /bin/echo hello
---> Running in abf418860a24
---> 6265a469ddca
Removing intermediate container abf418860a24
Step 3/3 : CMD world
---> Running in 5d4ec18b4a7d
---> 5998937f8ea3
Removing intermediate container 5d4ec18b4a7d
Successfully built 5998937f8ea3
[root@server3 docker]# docker run --rm test:v10
hello world
[root@server3 docker]# cat dockerfile
FROM busybox
ENTRYPOINT ["/bin/echo","hello"]
CMD ["world"]
[root@server3 docker]# docker run --rm test:v10 westos
hello westos
# westos 覆盖了dockerfile CMD后面的值
镜像的优化
选择最经简的基础镜像
减少镜像的层数
清理镜像构建的中间产物
注意优化网络请求
尽量去构建缓存
使用多阶段构建镜像
前提:保证镜像存在于本地
[root@server3 docker]# docker load -i rhel7.tar
[root@server3 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 3556258649b2 2 weeks ago 64.2 MB
busybox latest db8ee88ad75f 3 weeks ago 1.22 MB
game2048 latest 19299002fdbe 2 years ago 55.5 MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140 MB
"""
[rhel7.3]
name=rhel7.3
baseurl=http://172.25.0.250/rhel7.3/x86_64/dvd
gpgcheck=0
[root@server3 docker]# docker build -t nginx:v1 .
[root@server3 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v1 6baf2165c143 30 seconds ago 295 MB
ubuntu latest 3556258649b2 2 weeks ago 64.2 MB
busybox latest db8ee88ad75f 3 weeks ago 1.22 MB
game2048 latest 19299002fdbe 2 years ago 55.5 MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140 MB
# 实例:部署nginx
[root@server3 docker]# cat dockerfile
FROM rhel7
EXPOSE 80
MAINTAINER dd@westos.org
COPY dvd.repo /etc/yum.repos.d/
RUN rpmdb --rebuilddb #重新构建rpm数据库 如不执行这一条命令 会报错 #上课示例的时候可以先不加这一句 让学生看下报错
RUN yum install -y gcc make pcre-devel zlib-devel
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
# 通过exec的方式
# nginx的启动方式
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
给镜像"瘦身":减少中间产物
[root@server3 docker]# docker build -t nginx:v2 .
[root@server3 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v2 d21df066fe46 5 seconds ago 272 MB
nginx v1 6baf2165c143 5 minutes ago 295 MB
ubuntu latest 3556258649b2 2 weeks ago 64.2 MB
busybox latest db8ee88ad75f 3 weeks ago 1.22 MB
game2048 latest 19299002fdbe 2 years ago 55.5 MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140 MB
[root@server3 docker]# cat dockerfile
FROM rhel7
EXPOSE 80
MAINTAINER dd@westos.org
COPY dvd.repo /etc/yum.repos.d/
RUN rpmdb --rebuilddb
RUN yum install -y gcc make pcre-devel zlib-devel && yum clean all #清理yum缓存
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
RUN rm -rf /mnt/nginx-1.15.9 #删除原始编译路径
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
# 注意:一但改动 缓存就不能用了
给镜像"瘦身":减少镜像层数 #合并多个RUN
# 注意:修改了指令 哪怕是一个空格 缓存就不能用了 使用缓存可以加快镜像构建速度
[root@server3 docker]# docker build -t nginx:v3 .
[root@server3 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v3 49349f668909 33 seconds ago 253 MB
nginx v2 d21df066fe46 5 minutes ago 272 MB
nginx v1 6baf2165c143 11 minutes ago 295 MB
ubuntu latest 3556258649b2 2 weeks ago 64.2 MB
busybox latest db8ee88ad75f 3 weeks ago 1.22 MB
game2048 latest 19299002fdbe 2 years ago 55.5 MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140 MB
[root@server3 docker]# cat dockerfile
FROM rhel7
EXPOSE 80
MAINTAINER dd@westos.org
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
RUN rpmdb --rebuilddb && yum install -y gcc make pcre-devel zlib-devel && yum clean all && ./configure --prefix=/usr/local/nginx && make && make install && rm -rf /mnt/nginx-1.15.9
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
层数对比:
[root@server3 docker]# docker history nginx:v1
IMAGE CREATED CREATED BY SIZE COMMENT
6baf2165c143 11 minutes ago /bin/sh -c #(nop) CMD ["/usr/local/nginx/... 0 B
a0c55fb15186 11 minutes ago /bin/sh -c make install 3.86 MB
c2818114b626 11 minutes ago /bin/sh -c make 12.3 MB
42cfafda467f 12 minutes ago /bin/sh -c ./configure --prefix=/usr/local... 71.6 kB
b53295c86125 12 minutes ago /bin/sh -c #(nop) WORKDIR /mnt/nginx-1.15.9 0 B
3d39ff802d4d 12 minutes ago /bin/sh -c #(nop) ADD file:a2cce44ecbad0bd... 6.2 MB
e45257d6ece4 12 minutes ago /bin/sh -c yum install -y gcc make pcre-de... 126 MB
3a812a20583c 12 minutes ago /bin/sh -c rpmdb --rebuilddb 6.64 MB
ca37225041bb 14 minutes ago /bin/sh -c #(nop) COPY file:45a94bb87479f6... 81 B
8c63445a8161 14 minutes ago /bin/sh -c #(nop) MAINTAINER dd@westos.org 0 B
0544c1ca4b61 14 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0 B
0a3eb3fde7fd 5 years ago 140 MB Imported from -
[root@server3 docker]# docker history nginx:v2
IMAGE CREATED CREATED BY SIZE COMMENT
d21df066fe46 6 minutes ago /bin/sh -c #(nop) CMD ["/usr/local/nginx/... 0 B
84cef4bc300b 6 minutes ago /bin/sh -c rm -rf /mnt/nginx-1.15.9 0 B
9fd5173e4d04 6 minutes ago /bin/sh -c make install 3.86 MB
d8a1f114e45e 6 minutes ago /bin/sh -c make 12.3 MB
64d1ab9f3fef 6 minutes ago /bin/sh -c ./configure --prefix=/usr/local... 71.6 kB
b6380cfd1f52 6 minutes ago /bin/sh -c #(nop) WORKDIR /mnt/nginx-1.15.9 0 B
b1e894d7b421 6 minutes ago /bin/sh -c #(nop) ADD file:a2cce44ecbad0bd... 6.2 MB
5a77bfb745f5 6 minutes ago /bin/sh -c yum install -y gcc make pcre-de... 102 MB
3a812a20583c 12 minutes ago /bin/sh -c rpmdb --rebuilddb 6.64 MB
ca37225041bb 14 minutes ago /bin/sh -c #(nop) COPY file:45a94bb87479f6... 81 B
8c63445a8161 14 minutes ago /bin/sh -c #(nop) MAINTAINER dd@westos.org 0 B
0544c1ca4b61 14 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0 B
0a3eb3fde7fd 5 years ago 140 MB Imported from -
[root@server3 docker]# docker history nginx:v3
IMAGE CREATED CREATED BY SIZE COMMENT
49349f668909 About a minute ago /bin/sh -c #(nop) CMD ["/usr/local/nginx/... 0 B
a181a5f0e37e About a minute ago /bin/sh -c rpmdb --rebuilddb && yum instal... 106 MB
89980b82160c About a minute ago /bin/sh -c #(nop) WORKDIR /mnt/nginx-1.15.9 0 B
2e72df71ca13 About a minute ago /bin/sh -c #(nop) ADD file:a2cce44ecbad0bd... 6.2 MB
ca37225041bb 14 minutes ago /bin/sh -c #(nop) COPY file:45a94bb87479f6... 81 B
8c63445a8161 14 minutes ago /bin/sh -c #(nop) MAINTAINER dd@westos.org 0 B
0544c1ca4b61 14 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0 B
0a3eb3fde7fd 5 years ago 140 MB Imported from -
镜像的优化(续)
使用多阶段构建镜像 #比较优秀的方式(杀手锏)
#细看dockerfile 我们其实只需要编译好的nginx的二进制文件
[root@server3 docker]# docker build -t nginx:v4 . #很快:安装包完全使用缓存
[root@server3 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 b218a266197d 5 minutes ago 144MB
nginx v3 49349f668909 About an hour ago 253MB
nginx v2 d21df066fe46 About an hour ago 272MB
nginx v1 6baf2165c143 2 hours ago 295MB
ubuntu latest 3556258649b2 2 weeks ago 64.2MB
busybox latest db8ee88ad75f 3 weeks ago 1.22MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
[root@server3 docker]# cat dockerfile
FROM rhel7:latest as build
EXPOSE 80
MAINTAINER dd@westos.org
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
RUN rpmdb --rebuilddb && yum install -y gcc make pcre-devel zlib-devel && yum clean all && ./configure --prefix=/usr/local/nginx && make && make install && rm -rf /mnt/nginx-1.15.9
####以上只是一个桥梁
FROM rhel7:latest #基于rhel7的基础镜像
EXPOSE 80
MAINTAINER dd@westos.org
VOLUME ["/usr/local/nginx/html"]
COPY --from=build /usr/local/nginx /usr/local/nginx #从上一层的构建中拷贝
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
那我们有没有办法去减小基础镜像
https://github.com/search?utf8=%E2%9C%93&q=distroless&type=
谷歌为我们提供了非常精简的镜像
###############################################################
docker容器
1.运行容器
docker run是启动容器的方法
ot@foundation0 ~]# docker run ubuntu pwd
/
[root@foundation0 ~]# docker run ubuntu ls
bin
boot
dev
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
[root@foundation0 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation0 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78de5865fa6b ubuntu "ls" 30 seconds ago Exited (0) 30 seconds ago ecstatic_rosalind
1dad5c3ab1a3 ubuntu "pwd" 34 seconds ago Exited (0) 34 seconds ago suspicious_hoover
cad37603f9ff registry "/entrypoint.sh /e..." 19 hours ago Exited (2) 17 hours ago registry
# -a会显示所有状态的容器,可以看到,之前鹅的容器已经退出了,状态为exited
# 但是“一闪而过”的容器通常不是我们想要的结果,我们希望容器能够保持running状态,这样才能被我们使用
让容器长期运行
如何让容器保存运行呢?
因为容器的生命周期依赖于启动时执行的命令,只要该命令不结束,容器也就不会退出
[root@foundation0 ~]# docker run ubuntu /bin/bash -c 'while true;do sleep 1;done'
#while语句让bash不会退出,可以打开另一个终端查看容器的状态
[root@foundation0 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
737a0cd00a9b ubuntu "/bin/bash -c 'whi..." 12 seconds ago Up 12 seconds focused_swartz
##通过while启动的容器虽然能够保持运行,但实际上没有干什么有意义的事情,容器常见的用途是运行后台服务
##--name指定容器的名字
[root@foundation0 ~]# docker run --name "my_http_server" -d httpd
4f4dfeb5f3a0125c2bd7171ce108bc3b0cc0622f0a3fdd2019052c39ec0f8a56
[root@foundation0 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4f4dfeb5f3a0 httpd "httpd-foreground" 4 seconds ago Up 4 seconds 80/tcp my_http_server
2.两种进入容器的方法
我们经常需要进入到容器里去做一些工作,比如查看日志,调式,启动其他进程等,有两种方法进入容器:attach exec
attach
# -d 以后台的方式启动容器
[root@foundation0 ~]# docker run -d rhel7 /bin/bash -c "while true; do sleep 1;e
cho I_am_in_container;done
039c0b492b5da9301d576b0d7db269545d0289cf31f5706d575e708258b20502
# 通过docker attach可以attach到容器启动命令的终端
[root@foundation0 ~]# docker attach 039c0b492b5da9301d576b0d7db269545d0289cf31f5706d575e708258b20502
I_am_in_container
I_am_in_container
I_am_in_container
I_am_in_container
I_am_in_container
exec
[root@foundation0 ~]# docker run -d rhel7-up /bin/bash -c "while true; do sleep1;echo I_am_in_container;done"
c72e8ee26615ca661093d6114c0dbb143e50ef423382730d0f3d8a92d01b2e0c
# -it:以交互模式打开pseudo-TTY,执行bash,其结果就是打开了一个bash终端
[root@foundation0 ~]# docker exec -it c72e8ee26615ca661093d6114c0dbb143e50ef423382730d0f3d8a92d01b2e0c bash
bash-4.2# yum install procps-ng-3.3.10-10.el7.x86_64 -y
bash-4.2# ps -elf
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S root 1 0 41 80 0 - 2902 wait 23:47 ? 00:00:52 /bin/
4 S root 8178 0 0 80 0 - 2935 wait 23:47 ? 00:00:00 bash
0 R root 21603 8178 0 80 0 - 11845 - 23:49 ? 00:00:00 ps -e
"""
attach与exec主要的区别
1.attach直接进入容器启动命令的终端,不会启动新的进程
2.exec则是在容器中打开新的终端,并且可以启动新的进程
3.如果想直接在终端中查看启动命令的输入,用attach,其他情况使用exec
"""
#当然,如果只是为了查看启动命令的输出,可以使用docker logs命令
docker logs -f c72e8ee26615
# -f的作用与tail -f 类似,能够持续打印输出
=====================================================
按用途容器大致可分为两类:服务类容器和工具类容器
服务类容器以daemon的形式运行,对外提供服务,比如web server,数据库等,通过-d以后台方式启动这类容器是非常合适的,如果要排查问题,可以通过exec -it进入容器
工具类容器通常能给我们提供一个临时的工作环境,通常以run -it方式运行
###############################################################
Docker仓库
什么是仓库
Docker Hub
配置镜像加速器
registry工作原理
搭建私有仓库
什么是仓库
docker仓库是用来保存镜像的位置,docker提供一个注册服务器(register)来保存多个仓库,每个仓库又可以包含多个具备不同的tag的镜像
docker运行中使用的默认仓库是docker Hub 公共仓库
docker hub:是docker公司维护的公共仓库,用户可以免费使用,也可以购买私有仓库
使用公共registry
# 保存和分发镜像的最直接的方法就是使用DockerHub
# 1.在docker hub上注册一个帐号 2.登陆
[root@server1 docker]# docker login -u dangdangwestos
Password: #密码:dangdang
Login Succeeded
"""
[root@docker ~]# docker login -u dangdangwestos
Password:
# 这个警告的意思是 密码这样存储会有安全问题
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker ~]# cat .docker/config.json #做过一个认证后就把认证信息放在文件中
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6NjQ1MTkzMjM2"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.6 (linux)"
}
"""
# 3.修改镜像的名字 使之与Docker Hub帐号匹配
docker hub为了区分不同用户的镜像名 镜像的名字中要包含用户名 完整格式为
[username]/xxx:tag
"""
我们可以通过以下命令搜寻docker官方仓库中的镜像
可以清楚的看到 除了官方镜像外 其余镜像均要按照官方的要求更改镜像的标签
# 不同的人可以上传不同的镜像
[root@server3 ~]# docker search busybox
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 1658 [OK]
progrium/busybox 70 [OK]
radial/busyboxplus Full-chain, Internet enabled, busybox made f… 24 [OK]
arm32v7/busybox Busybox base image. 7
yauritux/busybox-curl Busybox with CURL 5
armhf/busybox Busybox base image. 5
arm64v8/busybox Busybox base image. 3
aarch64/busybox Busybox base image. 2
[root@docker ~]# docker search dangdangwestos #搜索自己的
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
dangdangwestos/rhel7-up 0
dangdangwestos/busybox 0
dangdangwestos/rhel7-addifconfig 0
dangdangwestos/httpd 0
"""
#上传
[root@server3 ~]# docker tag busybox:latest dangdangwestos/busybox:latest
[root@server3 ~]# docker push dangdangwestos/busybox
dangdangwestos/busybox dangdangwestos/busybox:latest
[root@server3 ~]# docker push dangdangwestos/busybox:latest
The push refers to repository [docker.io/dangdangwestos/busybox]
0d315111b484: Mounted from library/busybox
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527
# 拉取 会先检索本地的镜像 如果存在则不会被拉取
[root@server3 ~]# docker pull dangdangwestos/busybox:latest
latest: Pulling from dangdangwestos/busybox
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Image is up to date for dangdangwestos/busybox:latest
# 先删除之前的再拉取
[root@server3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 b218a266197d 2 days ago 144MB
nginx v3 49349f668909 2 days ago 253MB
nginx v2 d21df066fe46 2 days ago 272MB
nginx v1 6baf2165c143 2 days ago 295MB
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
busybox latest db8ee88ad75f 4 weeks ago 1.22MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
[root@server3 ~]# docker pull dangdangwestos/busybox:latest
latest: Pulling from dangdangwestos/busybox
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Downloaded newer image for dangdangwestos/busybox:latest
[root@server3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 b218a266197d 2 days ago 144MB
nginx v3 49349f668909 2 days ago 253MB
nginx v2 d21df066fe46 2 days ago 272MB
nginx v1 6baf2165c143 2 days ago 295MB
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
dangdangwestos/busybox latest db8ee88ad75f 4 weeks ago 1.22MB
busybox latest db8ee88ad75f 4 weeks ago 1.22MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
# 可再次打标签 #觉得用户名太长太复杂的化
[root@server3 ~]# docker tag dangdangwestos/busybox:latest busybox:latest
# 删除docker hub上的镜像
registry工作原理
"""
一次docker pull或 push背后发生的事情
index服务器主要提供镜像索引以及用户认证的功能,当下载一个镜像的时候,首先回去index服务器上做认证,然后查找镜像所在的registry的地址并回给docker客户端,docker客户端再从registry下载镜像,在下载的过程中registry会去index校验客户端token的合法性,不同镜像可以保存在不同哦的registry服务上,其检索信息都放在index服务器上
index:负责并维护有关账户,镜像的校验以及公共命名空间的信息(并不会存放真正的镜像层)
web UI
元数据存储
认证服务
符号化
registry:是镜像和图表的仓库,它不具有本地数据库以及不提供用户认证
registry client:docker充当registry客户端来维护推送和拉取,以及客户端的授权
"""
场景讲解:
Docker Client ---> index ----> registry
A:用户要获取并下载镜像
B:用户要推送镜像到registry中(index会创建镜像的命名空间)
C:用户要从index或registry中删除镜像
镜像加速
搭建私有仓库(搭建本地registry)
docker hub虽然方便 但还是有些限制,比如:
1.需要连接internet,下载和上传速度慢
2.上传到docker hub的镜像任何人都能访问
3.因安全原因很多组织不允许将镜像放到外网
解决方案就是搭建本地的registry
docker已经将registry开源了,同时在docker hub上也有官方的镜像registry
[root@server3 ~]# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry The Docker Registry 2.0 implementation for s… 2655 [OK]
# 拉取镜像
[root@server3 ~]# docker pull registry #拉取最新版
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Downloaded newer image for registry:latest
# 查看
[root@server3 ~]# docker images
registry latest f32a97de94e1 5 months ago 25.8MB
[root@server3 ~]# docker history registry
IMAGE CREATED CREATED BY SIZE COMMENT
f32a97de94e1 5 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 5 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 5 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 5 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 5 months ago /bin/sh -c set -ex && apk add --no-cache… 1.27MB
<missing> 5 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 5 months ago /bin/sh -c #(nop) ADD file:38bc6b51693b13d84… 4.41MB
# 运行 映射到本机的5000端口
[root@server3 ~]# docker run -d --name registry -p 5000:5000 registry #端口映射到本机 便于外部访问
4579de1e48406e35648ade8a29f3dc38855d3ad84edca050c099d7b6a744c9c5
# 查看容器的信息 可以看到与本地文件系统发生的关联
[root@server3 ~]# docker inspect 4579de1e48406e35648ade8a29f3dc38855d3ad84edca050c099d7b6a744c9c5
"Mounts": [
{
"Type": "volume",
"Name": "37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52",
"Source": "/var/lib/docker/volumes/37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52/_data",
"Destination": "/var/lib/registry",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
[root@server3 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4579de1e4840 registry "/entrypoint.sh /etc…" 54 seconds ago Up 53 seconds 0.0.0.0:5000->5000/tcp registry
[root@server3 ~]# netstat -antlpe
tcp6 0 0 :::5000 :::*
# 默认上传到docker hub中去
# 修改标签 使其上传的时候明白要往哪里去
[root@server3 ~]# docker tag nginx:v1 localhost:5000/nginx:v1
# 查看上传成功
[root@server3 ~]# docker push localhost:5000/nginx
The push refers to repository [localhost:5000/nginx]
7d1f91d2183b: Pushed
44e042b8c4f1: Pushed
4ee9ed108b64: Pushed
faa0d2dbf883: Pushed
a5e52a0ea4d4: Pushed
38ab3572be9b: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v1: digest: sha256:1f42e2af016eae42bf2db8dc0d4a522b4f44c88ef2e786bcd160886bc0fc1242 size: 2000
[root@server3 image]# cd /var/lib/docker/volumes/37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52/_data
[root@server3 _data]# ls
docker
[root@server3 _data]# cd docker/
[root@server3 _data]# tree .
[root@server3 docker]# ls
registry
[root@server3 docker]# cd registry/
[root@server3 registry]# ls
v2
[root@server3 registry]#
# 以上操作有安全问题(没有认证)和使用的问题(localhost 如果不是本机就使用不了localhost)
作为企业级的私有仓库是远远不够的
为docker仓库添加证书加密功能
官方文档
https://docs.docker.com/registry/insecure/
[root@server3 ~]# mkdir -p certs
# 使用一个自签名证书
[root@server3 ~]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key \
> -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
..............................................................................................................................................................................................................++
................................++
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:Westos
Organizational Unit Name (eg, section) []:Linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org
[root@server3 ~]# ls certs/
westos.org.crt (证书) westos.org.key(私钥)
# 删除之前运行的registry容器
[root@server3 ~]# docker rm -f registry
registry
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# 怎么样进行部署
https://docs.docker.com/registry/deploying/#get-a-certificate
# 注意此处:REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 registry 不是:/root/...
[root@server3 ~]# docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 registry
3ebba5226703e6a15df3301ebc12207a213f939fb92af861c7f64c6ca2fd107b
"""
docker run -d :启动容器并打入后台
--restart=always --name registry #容器自启动(docker引擎启动的同时会启动容器)
-v "$(pwd)"/certs:/certs #本地的certs目录挂接到容器的certs目录
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 #-e 编辑 监听本机443的加密端口
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt #证书
-e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key #私钥
-p 443:443 registry
"""
# 开启了443端口
[root@server3 ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 649/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 852/master
tcp 0 0 172.25.0.3:22 172.25.0.250:54274 ESTABLISHED 2062/sshd: root@pts
tcp 0 0 172.25.0.3:22 172.25.0.250:56174 ESTABLISHED 5189/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 649/sshd
tcp6 0 0 ::1:25 :::* LISTEN 852/master
tcp6 0 0 :::443 :::* LISTEN 7421/docker-proxy
# 注意:此时 docker的server端已经跑起来了 那么们的本地要去做Tls连接的话也是需要加密证书的
# 因为我们所使用的域名是westos.org 所以主机名要有解析
[root@server3 ~]# ping westos.org
PING server3 (172.25.0.3) 56(84) bytes of data.
64 bytes from server3 (172.25.0.3): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from server3 (172.25.0.3): icmp_seq=2 ttl=64 time=0.027 ms
[root@server3 ~]# cd /etc/docker/
[root@server3 docker]# ls
daemon.json key.json
[root@server3 docker]# mkdir certs.d
[root@server3 docker]# cd certs.d/
[root@server3 certs.d]# mkdir westos.org
[root@server3 certs.d]# cd westos.org/
[root@server3 westos.org]# ls
[root@server3 westos.org]# cp /root/certs/westos.org.crt ca.crt
[root@server3 westos.org]# ls
ca.crt
[root@server3 westos.org]# docker tag nginx:v3 westos.org/nginx:v3
[root@server3 westos.org]# docker push westos.org/nginx
The push refers to repository [westos.org/nginx]
7eb94711c590: Pushed
cdb9e6fdd1dd: Pushed
ac047a8a6c70: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v3: digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5 size: 1366
# 添加客户端的push认证
# 在之前的443更改 不用官网的5000
[root@server3 ~]# mkdir auth
[root@server3 ~]# docker run --rm entrypoint htpasswd registry -Bbn admin westos >auth/htpasswd
"""
admin 用户名
westos 密码
多个用户名可追加
docker run --rm entrypoint htpasswd registry -Bbn redhat redhat >>auth/htpasswd
"""
# 之前的registry要删除
[root@docker ~]# docker rm -f registry
registry
#在加密的基础上做认证 #一定是先加密再认证 要不是不安全的
[root@server3 ~]# docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 -v "$(pwd)"/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
2fb465d2f79e4a547a72e8014fe80c25cfc0321948ac83da45532f166c29fe80
"""
"""
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2fb465d2f79e registry "/entrypoint.sh /etc…" 5 seconds ago Up 5 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@server3 ~]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server3 ~]# docker logout westos.org #退出登陆
Removing login credentials for westos.org
# push提示报错
[root@server3 ~]# docker push westos.org/nginx
westos.org/nginx westos.org/nginx:v3
The push refers to repository [westos.org/rhel7]
18af9eb19b5f: Preparing
no basic auth credentials
westos.org/nginx westos.org/nginx:v3
[root@server3 ~]# docker login westos.org
[root@server3 ~]# docker push westos.org/nginx:v3
The push refers to repository [westos.org/nginx]
7eb94711c590: Preparing
cdb9e6fdd1dd: Preparing
ac047a8a6c70: Preparing
e16686814e10: Preparing
18af9eb19b5f: Preparing
no basic auth credentials #提示我们没有认证
[root@server3 ~]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server3 ~]# docker push westos.org/nginx:v3
The push refers to repository [westos.org/nginx]
7eb94711c590: Pushed
cdb9e6fdd1dd: Pushed
ac047a8a6c70: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v3: digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5 size: 1366
#远程主机怎么连接
再打开一台虚拟机,安装docker并启动
主机名要有解析
[root@server2 docker包]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.0.1 server1
172.25.0.2 server2
172.25.0.3 server3 westos.org
172.25.0.4 server4
172.25.0.5 server5
172.25.0.6 server6
172.25.0.7 server7
172.25.0.8 server8
[root@server2 docker包]# ping westos.org
PING server3 (172.25.0.3) 56(84) bytes of data.
64 bytes from server3 (172.25.0.3): icmp_seq=1 ttl=64 time=0.397 ms
要有认证文件,这个文件可以从server3这台主机获得
# 现有证书才能完成认证
[root@server3 ~]# cd /etc/docker/
[root@server3 docker]# ls
certs.d daemon.json key.json
[root@server3 docker]# scp -r certs.d/ server2:/etc/docker/
The authenticity of host 'server2 (172.25.0.2)' can't be established.
ECDSA key fingerprint is 67:9d:41:df:c9:b5:0e:f3:e1:30:72:c7:c9:07:69:e0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2,172.25.0.2' (ECDSA) to the list of known hosts.
root@server2's password:
ca.crt 100% 2098 2.1KB/s 00:00
[root@server2 docker包]# cd /etc/docker/
[root@server2 docker]# ls
certs.d key.json
先认证再拉取
[root@server2 certs.d]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server2 certs.d]# docker pull westos.org/nginx
Using default tag: latest
Error response from daemon: manifest for westos.org/nginx:latest not found
[root@server2 certs.d]# docker pull westos.org/nginx:v3
v3: Pulling from nginx
48f5bbc9baf5: Pull complete
15f1fc4f91e0: Pull complete
98331229c5fd: Pull complete
4c7f36e2f886: Pull complete
df58a187e237: Pull complete
Digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5
Status: Downloaded newer image for westos.org/nginx:v3
测试运行成功
[root@server2 certs.d]# docker run -d --name nginx -p 80:80 westos.org/nginx:v3
299df76d6167d789883a1b7bdb9e338659f49be2e146bd4098e409a7f35d6a02
[root@server2 certs.d]# docker pa
docker: 'pa' is not a docker command.
See 'docker --help'
[root@server2 certs.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
299df76d6167 westos.org/nginx:v3 "/usr/local/nginx/sb…" 9 seconds ago Up 8 seconds 0.0.0.0:80->80/tcp nginx
[root@server2 certs.d]# curl localhost
我们需要一个web页面
# 拉取一个镜像
# 可以先search一下
[root@server3 docker]# docker pull hyper/docker-registry-web
Using default tag: latest
latest: Pulling from hyper/docker-registry-web
04c996abc244: Pull complete
d394d3da86fe: Pull complete
bac77aae22d4: Pull complete
b48b86b78e97: Pull complete
09b3dd842bf5: Pull complete
69f4c5394729: Pull complete
b012980650e9: Pull complete
7c7921c6fda1: Pull complete
e20331c175ea: Pull complete
40d5e82892a5: Pull complete
a414fa9c865a: Pull complete
0304ae3409f3: Pull complete
13effc1a664f: Pull complete
e5628d0e6f8c: Pull complete
0b0e130a3a52: Pull complete
d0c73ab65cd2: Pull complete
240c0b145309: Pull complete
f1fd6f874e5e: Pull complete
40b5e021928e: Pull complete
88a8c7267fbc: Pull complete
f9371a03010e: Pull complete
Digest: sha256:723ffa29aed2c51417d8bd32ac93a1cd0e7ef857a0099c1e1d7593c09f7910ae
Status: Downloaded newer image for hyper/docker-registry-web:latest
#去git hub搜索 按照文档做操作
https://github.com/mkuchin/docker-registry-web
[root@server3 ~]# cat .docker/config.json #查看之前的认证信息
{
"auths": {
"": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6ZGFuZ2Rhbmc="
},
"https://index.docker.io/v1/": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6ZGFuZ2Rhbmc="
},
"westos.org": {
"auth": "YWRtaW46d2VzdG9z" #-e REGISTRY_BASIC_AUTH="YWRtaW46d2VzdG9z"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.6 (linux)"
}
[root@server3 ~]# docker run -it -p 8080:8080 --name registry-web --link registry:westos.org -e REGISTRY_URL=https://westos.org/v2 -e REGISTRY_TRUST_ANY_SSL=true -e REGISTRY_BASIC_AUTH="YWRtaW46d2VzdG9z" -e REGISTRY_NAME=westos.org:443 hyper/docker-registry-web #v2:是一个版本
在浏览器测试:http://172.25.0.3:8080/
# 推荐学习:https://goharbor.io/
https://docs.docker.com/compose/install/
docker-compose的部署
下载,授予执行权限
[root@docker ~]# curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 109 0 --:--:-- 0:00:05 --:--:-- 172
100 15.4M 100 15.4M 0 0 100k 0 0:02:37 0:02:37 --:--:-- 117k
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
Harbor的搭建
tar zxf harbor-online-installer-v1.8.2.tgz
cd harbor/
# 修改配置文件
vim harbor.yml
hostname: westos.org
13 https:
14 # # https port for harbor, default is 443
15 port: 443
16 # # The path of cert and key files for nginx
17 certificate: /root/certs/westos.org.crt
18 private_key: /root/certs/westos.org.key
27 harbor_admin_password: westos
28
29 # Harbor DB configuration
30 database:
31 # The password for the root user of Harbor DB. Change this be fore any production use.
32 password: westos
# 更新配置文件
./prepare
# 安装并启动
./install.sh
查看容器状态
docker ps -a
docker-compose ps
在真机做好解析,浏览器中访问https://westos.org/
docker login westos.org
docker tag rhel7:latest westos.org/library/rhel7
# 这里一定要注意的是:tag的修改 必须加项目名称 而这个项目名称可以自己在网页中创建
docker push westos.org/library/rhel7
类似资料: