docker基础
滕学义
docker基础
docker发展史
容器技术的发展经过的阶段:
1979年—Chroot
容器技术的概念可以追溯到1979年的UNIX Chroot。这项功能将Root目录及其它子目录变更至文件系统内的新位置,且只接受特定进程的访问,其设计目的在于为每个进程提供一套隔离化磁盘空间。1982年其被添加至BSD。
2000年—FreeBSD Jails
FreeBSD Jails与Chroot的定位类似,不过其中包含有进程沙箱机制以对文件系统、用户及网络等资源进行隔离。通过这种方式,它能够为每个Jail、定制化软件安装包乃至配置方案等提供一个对应的IP地址。Jails技术为FreeBSD系统提供了一种简单的安全隔离机制。它的不足在于这种简单性的隔离也同时会影响Jails中应用访问系统资源的灵活性。
2004年 — Solaris Zones
Solaris Zone技术为应用程序创建了虚拟的一层,让应用在隔离的Zone中运行,并实现有效的资源管理。Solaris Zone技术真正的引入了容器资源管理的概念。在应用部署的时候为Zone配置一定的资源,在运行中可以根据Zone的负载动态修改这个资源限制并且是实时生效的,在其他Zone不需要资源的时候,资源会自动切换给需要的资源的Zone,这种切换是即时的不需要人工干预的,最大化资源的利用率,在必要的情况下,也可以为单个Zone隔离一定的资源。
2008年 — LXC
LXC指代的是Linux Containers,其功能通过Cgroups以及Linux Namespaces实现。也是第一套完整的Linux容器管理实现方案。在LXC出现之前, Linux上已经有了类似 Linux-Vserver、OpenVZ 和 FreeVPS。虽然这些技术都已经成熟,但是这些解决方案还没有将它们的容器支持集成到主流 Linux 内核。相较于其它容器技术,LXC能够在无需任何额外补丁的前提下运行在原版Linux内核之上。目前LXC项目由Canonical有限公司负责赞助及托管。
2013年 — Docker
Docker项目最初是由一家名为DotCloud的平台即服务厂商所打造,其后该公司更名为Docker。Docker在起步阶段使用LXC,而后利用自己的Libcontainer库将其替换下来。与其它容器平台不同,Docker引入了一整套与容器管理相关的生态系统。其中包括一套高效的分层式容器镜像模型、一套全局及本地容器注册表、一个精简化REST API以及一套命令行界面等等。
2014年4月9日
Docker1.0发布
虚拟机属于虚拟化技术,Docker容器技术,也是一种虚拟化技术,Docker基于Go语言开发的
docker基本用法
docker对象
当你使用docker时,你是在创建和使用映像、容器、网络、卷、插件和其他对象。
- 镜像
- 映像是一个只读模板,带有创建docker容器的说明。
- 通常,一个映像基于另一个映像,并带有一些额外的定制。
- 您可以创建自己的映像,也可以只使用其他人创建并在注册表中发布的映像。
- 容器
- 容器是映像的可运行实例。
- 您可以使用docker API或CLI创建、运行、停止、移动或删除容器。
- 您可以将一个容器连接到一个或多个网络,将存储附加到它,甚至根据它的当前状态创建一个新的映像。
安装及使用docker
docker安装
//yum源安装
[root@localhost ~]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --100 1919 100 1919 0 0 9138 0 --:--:-- --:--:-- --100 1919 100 1919 0 0 9138 0 --:--:-- --:--:-- --:--:-- 9094
[root@localhost ~]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
[root@localhost ~]# ls
anaconda-ks.cfg docker-ce.repo
[root@localhost ~]# mv docker-ce.repo /etc/yum.repos.d/
[root@localhost ~]# ls /etc/yum.repos.d/
CentOS-Stream-AppStream.repo
CentOS-Stream-BaseOS.repo
CentOS-Stream-Debuginfo.repo
CentOS-Stream-Extras.repo
CentOS-Stream-HighAvailability.repo
CentOS-Stream-Media.repo
CentOS-Stream-PowerTools.repo
CentOS-Stream-RealTime.repo
docker-ce.repo
[root@localhost ~]# yum -y install docker-ce
Failed to set locale, defaulting to C.UTF-8
CentOS Stream 8 - AppStream 1.3 MB/s | 24 MB 00:18
CentOS Stream 8 - BaseOS 7.1 MB/s | 25 MB 00:03
CentOS Stream 8 - Extras 8.4 kB/s | 18 kB 00:02
Docker CE Stable - x86_64 31 kB/s | 26 kB 00:00
Dependencies resolved.
==================================================================
Package Arch Version Repository Size
==================================================================
Installing:
docker-ce x86_64 3:20.10.17-3.el8 docker-ce-stable 22 M
Upgrading:
libsemanage x86_64 2.9-8.el8 baseos 168 k
policycoreutils x86_64 2.9-19.el8 baseos 374 k
...................................................
[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enable>
Active: active (running) since Fri 2022-08-05 15:01:32 CST; 19>
Docs: https://docs.docker.com
Main PID: 40626 (dockerd)
Tasks: 7
Memory: 33.5M
CGroup: /system.slice/docker.service
└─40626 /usr/bin/dockerd -H fd:// --containerd=/run/co>
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain dockerd[40626]: time="2022->
Aug 05 15:01:32 localhost.localdomain systemd[1]: Started Docker >
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
docker加速
//在阿里云中找到自己的加速器
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://chg2yeus.mirror.aliyuncs.com"]
}
//重启
[root@localhost ~]# systemctl restart docker
//查看版本号
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:03:11 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:29 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
//查看加速器是否配成功
[root@localhost ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-257.el8.x86_64
Operating System: CentOS Stream 8
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.903GiB
Name: localhost.localdomain
ID: SM34:ABOD:NLYU:WMEG:JRSP:J6BX:VAAM:E7BP:EZXY:HXK5:6XGW:B2ZD
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://chg2yeus.mirror.aliyuncs.com/
Live Restore Enabled: false
//拉取镜像
[root@localhost ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
docker常用操作
| 命令 | 功能 |
|---|---|
| docker search | 在Docker Hub上搜索映像 |
| docker pull | 从注册表中提取映像或存储库 |
| docker images | 图片列表 |
| docker create | 创建一个新的容器 |
| docker start | 启动一个或多个停止的容器 |
| docker run | 在新容器中运行命令 |
| docker attach | 连接到运行的容器 |
| docker ps | 列表容器 |
| docker logs | 获取容器日志 |
| docker restart | 重启一个容器 |
| docker stop | 停止一个或多个运行中的容器 |
| docker kill | 杀死一个或多个运行中的容器 |
| docker rm | 移除onne或多个容器 |
| docker exec | 在运行的容器中运行命令 |
| docker info | 显示整个系统的信息 |
| docker inspect | 返回Docker对象的低级信息 |
//在Docker Hub上搜索映像
[root@localhost ~]# docker search httpd
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
httpd The Apache HTTP Server Project 4107 [OK]
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 44
centos/httpd 35 [OK]
clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser… 2
hypoport/httpd-cgi httpd-cgi 2 [OK]
solsson/httpd-openidc mod_auth_openidc on official httpd image, ve… 2 [OK]
dockerpinata/httpd 1
nnasaki/httpd-ssi SSI enabled Apache 2.4 on Alpine Linux 1
lead4good/httpd-fpm httpd server which connects via fcgi proxy h… 1 [OK]
inanimate/httpd-ssl A play container with httpd, ssl enabled, an… 1 [OK]
publici/httpd httpd:latest 1 [OK]
dariko/httpd-rproxy-ldap Apache httpd reverse proxy with LDAP authent… 1 [OK]
manageiq/httpd Container with httpd, built on CentOS for Ma… 1 [OK]
centos/httpd-24-centos8 1
manasip/httpd 0
amd64/httpd The Apache HTTP Server Project 0
patrickha/httpd-err 0
manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK]
httpdss/archerysec ArcherySec repository 0 [OK]
paketobuildpacks/httpd 0
httpdocker/kubia 0
sandeep1988/httpd-new httpd-new 0
e2eteam/httpd 0
19022021/httpd-connection_test This httpd image will test the connectivity … 0
sherazahmedvaival/httpd-php-fpm74 0
//拉取镜像
[root@localhost ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
//列出镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest beae173ccac6 7 months ago 1.24MB
centos latest 5d0da3dc9764 10 months ago 231MB
//创建容器
[root@localhost ~]# docker create busybox
a40586c08b1f43baab3ed1b1c6630d7e5abaf98fec3a9331e5b5e4461e2b055e
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a40586c08b1f busybox "sh" 8 seconds ago Created compassionate_jemison
//启动容器
[root@localhost ~]# docker start a40586c08b1f
a40586c08b1f
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a40586c08b1f busybox "sh" 2 minutes ago Exited (0) 9 seconds ago compassionate_jemison
//在新容器中运行命令
[root@localhost ~]# docker run -d --name jiang -p 80:80 httpd
Unable to find image 'httpd:latest' locally
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete
dcc4698797c8: Pull complete
41c22baa66ec: Pull complete
67283bbdd4a0: Pull complete
d982c879c57e: Pull complete
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
693309fb9988381bace79b1c3a097aa4364169ed86ca1513e7c6070a60d26202
docker: Error response from daemon: driver failed programming external connectivity on endpoint jiang (c103dbb502e7c9a90d7e73114e59411cc2ab6d7bdbc43f8c3d438210a3524332): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.3:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
//移除onne或多个容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
22427e48e3ef httpd "httpd-foreground" About a minute ago Created web
693309fb9988 httpd "httpd-foreground" About a minute ago Created jiang
33958a6f8cfc busybox "sleep 6000" 6 minutes ago Up 6 minutes busy_gates
a40586c08b1f busybox "sh" 9 minutes ago Exited (0) 7 minutes ago compassionate_jemison
[root@localhost ~]# docker rm -f jiang
jiang
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
22427e48e3ef httpd "httpd-foreground" About a minute ago Created web
33958a6f8cfc busybox "sleep 6000" 6 minutes ago Up 6 minutes busy_gates
a40586c08b1f busybox "sh" 9 minutes ago Exited (0) 7 minutes ago compassionate_jemison
//列表容器
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa78f9a269ea httpd "httpd-foreground" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, :::80->80/tcp jiang
33958a6f8cfc busybox "sleep 6000" 9 minutes ago Up 8 minutes busy_gates
//查看日志
[root@localhost ~]# docker logs jiang
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
[Fri Aug 05 07:55:04.335414 2022] [mpm_event:notice] [pid 1:tid 140415116041536] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Fri Aug 05 07:55:04.335525 2022] [core:notice] [pid 1:tid 140415116041536] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.205.1 - - [05/Aug/2022:07:57:47 +0000] "GET / HTTP/1.1" 200 45
192.168.205.1 - - [05/Aug/2022:07:57:48 +0000] "GET /favicon.ico HTTP/1.1" 404 196
192.168.205.1 - - [05/Aug/2022:07:57:52 +0000] "GET / HTTP/1.1" 304 -
192.168.205.1 - - [05/Aug/2022:07:57:54 +0000] "GET / HTTP/1.1" 304 -
//重启
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa78f9a269ea httpd "httpd-foreground" 4 minutes ago Up 4 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp jiang
33958a6f8cfc busybox "sleep 6000" 11 minutes ago Up 11 minutes busy_gates
[root@localhost ~]# docker restart busy_gates
busy_gates
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa78f9a269ea httpd "httpd-foreground" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp jiang
33958a6f8cfc busybox "sleep 6000" 13 minutes ago Up 24 seconds busy_gates
//停止
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa78f9a269ea httpd "httpd-foreground" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp jiang
33958a6f8cfc busybox "sleep 6000" 13 minutes ago Up 24 seconds busy_gates
[root@localhost ~]# docker stop jiang
jiang
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
33958a6f8cfc busybox "sleep 6000" 14 minutes ago Up About a minute busy_gates
//杀死
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
33958a6f8cfc busybox "sleep 6000" 15 minutes ago Up 2 minutes busy_gates
[root@localhost ~]# docker kill 33958a6f8cfc
33958a6f8cfc
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
//删除所有容器
[root@localhost ~]# docker ps -aq
d5d7b39a2727
2c8b6ad3b62d
5733aa439b39
82acfd1482de
fa78f9a269ea
22427e48e3ef
33958a6f8cfc
a40586c08b1f
[root@localhost ~]# docker rm -f $(docker ps -aq)
d5d7b39a2727
2c8b6ad3b62d
5733aa439b39
82acfd1482de
fa78f9a269ea
22427e48e3ef
33958a6f8cfc
a40586c08b1f
[root@localhost ~]# docker ps -aq
//查看更加详细的信息
[root@localhost ~]# docker run -d httpd
6a9ae218e276aa3e6c62a7500d7fe025ca47748c2b62270a232924ff658e2487
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6a9ae218e276 httpd "httpd-foreground" 4 seconds ago Up 3 seconds 80/tcp confident_banach
[root@localhost ~]# docker inspect 6a9ae218e276
[
{
"Id": "6a9ae218e276aa3e6c62a7500d7fe025ca47748c2b62270a232924ff658e2487",
"Created": "2022-08-05T08:07:24.240743215Z",
"Path": "httpd-foreground",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 165179,
"ExitCode": 0,
...............................................
//进入容器
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6a9ae218e276 httpd "httpd-foreground" 2 minutes ago Up 2 minutes 80/tcp confident_banach
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# docker attach 6a9ae218e276
//进入容器
[root@localhost ~]# docker exec -it 6a9ae218e276 /bin/bash
存储驱动
每个docker容器都有一个本地存储空间,用于保护层叠的镜像层(Image Layer)以及挂载的容器文件系统。
默认情况下,容器的所有读写操作都发生在其镜像层上或挂载的文件系统上,所以存储是容器的性能和稳定性不可获取的一个环节。
对比以往的本地存储,本地存储是通过存储驱动(Storage Driver)进行管理的,有时候也称之为Graph Driver或者GraphDriver。
虽然存储驱动在上层抽象设计中都采用栈式镜像层存储和写时复制的设计思想,但是docker在linux底层支持几种不同的存储驱动的具体实现,每一种实现方式都采用了不同的方法实现了镜像层和写时复制。
总结,如下表所示:
| 传统存储驱动 | Docker存储驱动 | |
|---|---|---|
| 设计思想 | 栈式镜像存储 | 栈式镜像存储 |
| 设计思想 | 写时复制 | 写时复制 |
| 区别(linux) | 单一实现 | 基于linux底层支持,采用了不同的方法实现上述两种思想 |
| 区别(windows) | 单一实现 | windows Filter |
类似资料: