[root@centos-1 ~]# vim /etc/systemd/system/docker.service #修改docker的系统启动文件
——————————————————————————
在'12'行添加'-H tcp://0.0.0.0:2375',表示启动时占用端口,从而能够远程连接
添加'-H unix'这段表示允许本地,不加重启后会使用docker命令会报错
还有一个是tls可以使用ssl证书进行连接,但是需要指定证书位置
——————————————————————————
1 [Unit]
2 Description=Docker Application Container Engine
3 Documentation=https://docs.docker.com
4 After=network-online.target firewalld.service
5 Wants=network-online.target
6
7 [Service]
8 Type=notify
9 # the default is not to use systemd for cgroups because the delegate issues still
10 # exists and systemd currently does not support the cgroup feature set required
11 # for containers run by docker
12 ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
13 ExecReload=/bin/kill -s HUP $MAINPID
14 # Having non-zero Limit*s causes performance problems due to accounting overhead
15 # in the kernel. We recommend using cgroups to do container-local accounting.
16 LimitNOFILE=infinity
17 LimitNPROC=infinity
18 LimitCORE=infinity
19 # Uncomment TasksMax if your systemd version supports it.
20 # Only systemd 226 and above support this version.
21 #TasksMax=infinity
22 TimeoutStartSec=0
23 # set delegate yes so that systemd does not reset the cgroups of docker containers
24 Delegate=yes
25 # kill only the docker process, not all processes in the cgroup
26 KillMode=process
27 # restart the docker process if it exits prematurely
28 Restart=on-failure
29 StartLimitBurst=3
30 StartLimitInterval=60s
31
32 [Install]
33 WantedBy=multi-user.target
#保存退出
[root@centos-1 ~]# systemctl daemon-reload
[root@centos-1 ~]# systemctl restart docker
[root@centos-1 ~]# netstat -ntpl | grep 2375
tcp6 0 0 :::2375 :::* LISTEN 1313/dockerd
###注意:
(1)如果开启防火墙则需要配置允许端口通过
(2)阿里云的ECS上部署的Docker,还需在安全组规则添加入方向、tcp、2375端口的开通
- 先下载docker-py
pip install docker-py
- 安装好之后,进入交互模式查看版本
PS D:\工作\work> python
Python 3.10.4 (tags/v3.10.4:9d38120, Mar 23 2022, 23:13:41) [MSC v.1929 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import docker
>>> docker.version_info
(1, 10, 6)
>>> docker.version
'1.10.6'
docker.client
模块中,此模块提供了对docker引擎的相关操作docker服务器对外提供的时web接口,即接收http消息并且返回http响应
,但这里并不直接向docker服务发送http消息,而是使用客户端的高层接口函数来解决这个问题
使用接口函数相会更加直观、方便,并且和docker命令行客户端的用法类似
在对docker服务器进行操作之前,需要先建立连接,可以使用docker.from.env()
接口函数来建立连接,大多数情况下不需要传入参数就可以正常建立连接,例如:
client = docker.from_env()
还有一种连接的方式是构造一个client对象,该对象的初始化函数可以接收下面的参数:
client = docker.Client(base_url='tcp://10.10.30.69:2375',version='1.21',timeout=5) #远程连接
base_url:
连接哪个 Docker 服务器,默认值是本机的 Docker 服务器。version:
使用的协议版本。timeout:
连接超时时间,单位为秒。如果在指定的时间内没有连接成功,则表示连接失败,返回值是 None。tls:
是否使用 TLS 作为传输层,默认值是 False,如果要使用的话,还需要指定ssl文件。
下面来看一个python如何与docker建立连接:
#在centos环境下
[root@centos-1 ~]# python3 -m venv tutorial-env #创建虚拟环境目录
[root@centos-1 ~]# source tutorial-env/bin/activate #进入虚拟环境
(tutorial-env) [root@centos-1 ~]# pip install docker-py #下载docker,前面出现tutorial-env,表示进入虚拟环境
(tutorial-env) [root@centos-1 ~]# python3
Python 3.9.9 (main, May 13 2022, 15:23:56)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import docker
>>> docker.version
'1.10.6'
>>> client = docker.Client()
>>> if client is None:
... print('connection error')
... else:
... print('connection ok')
...
connection ok #连接成功
>>> client.base_url
'http+docker://localunixsocket'
>>> client.timeout
60
>>> ver_info = client.version()
>>> ver_info
{'Platform': {'Name': ''}, 'Components': [{'Name': 'Engine', 'Version': '18.06.1-ce', 'Details': {'ApiVersion': '1.38', 'Arch': 'amd64', 'BuildTime': '2018-08-21T17:28:38.000000000+00:00', 'Experimental': 'false', 'GitCommit': 'e68fc7a', 'GoVersion': 'go1.10.3', 'KernelVersion': '3.10.0-693.el7.x86_64', 'MinAPIVersion': '1.12', 'Os': 'linux'}}], 'Version': '18.06.1-ce', 'ApiVersion': '1.38', 'MinAPIVersion': '1.12', 'GitCommit': 'e68fc7a', 'GoVersion': 'go1.10.3', 'Os': 'linux', 'Arch': 'amd64', 'KernelVersion': '3.10.0-693.el7.x86_64', 'BuildTime': '2018-08-21T17:28:38.000000000+00:00'}
>>> ver_info['Version']
'18.06.1-ce'
>>> ver_info['ApiVersion']
'1.38'
>>> ver_info['KernelVersion']
'3.10.0-693.el7.x86_64'
>>> ver_info['BuildTime']
'2018-08-21T17:28:38.000000000+00:00'
docker的镜像就是软件的安装包,对其操作主要有下载
、删除
、推送
等,对于到docker命令就是pull
、push
和rmi
如果想要下载某个镜像,默认的命令是docker pull imagename
,例如:
docker pull alpine:3.9
使用python实现的话,可以这样写:
import docker
client = docker.from_env()
imgs1 = client.images() # 列出所有本地的镜像
client.pull("nginx") # 下载所有的alpine镜像,不要执行这个,这个会全部下载
imgs2 = client.images() # 再次查看所有的本地镜像
for img in imgs2:
if img not in imgs1:
print(img)
上面的代码会把alpine相关镜像全部下载,最好不要执行,我们可以加标签来指定下载的镜像:
import docker
client = docker.from_env()
imgs1 = client.images() # 列出所有本地的镜像
client.pull("nginx:1.20") # 下载所有的alpine镜像,不要执行这个,这个会全部下载
imgs2 = client.images() # 再次查看所有的本地镜像
for img in imgs2:
if img not in imgs1:
print(img)
还可以看到下载的过程
import docker
client = docker.from_env()
out_stream = client.pull("nginx:1.20", stream=True)
for line in out_stream:
print(line)
#输出信息:
b'{"status":"Downloading","progressDetail":{"current":24861068,"total":25334886},"progress":"[=================================================\\u003e ] 24.86MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Downloading","progressDetail":{"current":25123212,"total":25334886},"progress":"[=================================================\\u003e ] 25.12MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Verifying Checksum","progressDetail":{},"id":"43bc2143131d"}\r\n'
b'{"status":"Download complete","progressDetail":{},"id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":262144,"total":25334886},"progress":"[\\u003e
] 262.1kB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":2097152,"total":25334886},"progress":"[====\\u003e
] 2.097MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":3670016,"total":25334886},"progress":"[=======\\u003e
] 3.67MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":5505024,"total":25334886},"progress":"[==========\\u003e
] 5.505MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":7864320,"total":25334886},"progress":"[===============\\u003e
] 7.864MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":10223616,"total":25334886},"progress":"[====================\\u003e
] 10.22MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":13369344,"total":25334886},"progress":"[==========================\\u003e
] 13.37MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":15728640,"total":25334886},"progress":"[===============================\\u003e
] 15.73MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":18087936,"total":25334886},"progress":"[===================================\\u003e
] 18.09MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":20447232,"total":25334886},"progress":"[========================================\\u003e ] 20.45MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":22806528,"total":25334886},"progress":"[=============================================\\u003e ] 22.81MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":24379392,"total":25334886},"progress":"[================================================\\u003e ] 24.38MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":25334886,"total":25334886},"progress":"[==================================================\\u003e] 25.33MB/25.33MB","id":"43bc2143131d"}\r\n'
b'{"status":"Pull complete","progressDetail":{},"id":"43bc2143131d"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":601,"total":601},"progress":"[==================================================\\u003e] 601B/601B","id":"45e2f4bfb543"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":601,"total":601},"progress":"[==================================================\\u003e] 601B/601B","id":"45e2f4bfb543"}\r\n'
b'{"status":"Pull complete","progressDetail":{},"id":"45e2f4bfb543"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":894,"total":894},"progress":"[==================================================\\u003e] 894B/894B","id":"18bc137763b4"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":894,"total":894},"progress":"[==================================================\\u003e] 894B/894B","id":"18bc137763b4"}\r\n'
b'{"status":"Pull complete","progressDetail":{},"id":"18bc137763b4"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":664,"total":664},"progress":"[==================================================\\u003e] 664B/664B","id":"504f3151a203"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":664,"total":664},"progress":"[==================================================\\u003e] 664B/664B","id":"504f3151a203"}\r\n'
b'{"status":"Pull complete","progressDetail":{},"id":"504f3151a203"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":1393,"total":1393},"progress":"[==================================================\\u003e] 1.393kB/1.393kB","id":"520efdb29b04"}\r\n'
b'{"status":"Extracting","progressDetail":{"current":1393,"total":1393},"progress":"[==================================================\\u003e] 1.393kB/1.393kB","id":"520efdb29b04"}\r\n'
b'{"status":"Pull complete","progressDetail":{},"id":"520efdb29b04"}\r\n'
b'{"status":"Digest: sha256:ec8e997ca71be5046070b2db6043fb7100e1681b91bb2fcb49d551b7fc9b2ba4"}\r\n'
b'{"status":"Status: Downloaded newer image for nginx:1.20"}\r\n'
上面说了查看镜像和下载镜像,现在来看删除镜像:
import docker # 这个必须有,引入Docker包
client = docker.from_env() # 和Docker服务器建立连接
imgs = client.images() # 得到Docker镜像列表
for img in imgs: # 遍历所有的镜像
# 一个镜像可能有几个tag,只要有一个符合要求即可
for tag in img['RepoTags']:
if tag == "nginx:1.20": # tag是我们要找的
client.remove_image(img['Id']) # 删除挑选出来的镜像
#执行脚本,之后可以使用docker images进行查看
有时,可能镜像已经创建容器,并且在运行中,那么上面的代码就会报错,可以使用强制删除的方式:
import docker # 必须要引入的Docker包
client = docker.from_env() # 和Docker服务器建立连接
imgs = client.images() # 得到所有的本地镜像
for img in imgs:
for tag in img['RepoTags']:
if tag == "nginx:1.20": # 有我们要找的标签
client.remove_image(img['Id'], force=True) # 添加force=True进行强制删除
如果想要删除全部镜像:
import docker
client = docker.from_env() # 和Docker服务器建立连接
imgs = client.images() # 得到所有的本地镜像
for img in imgs: # 依次遍历镜像文件
client.remove_image(img['Id']) # 直接删除镜像文件,不在向上面那样做if判断
还可以进行推送镜像,例如:
import docker
client = docker.from_env()
# 指定用户名、密码和服务器
login_ret = client.login(username="docker", # 用户名
password="123.com", # 密码
registry="repo.docker.com") # 服务器信息
print("login_ret:", login_ret)
# 将指定的镜像推送到服务器上
push_rsp = client.push("test:test", stream=False)
print("push_rsp:", push_rsp)
如果想要使用Dockerfile创建镜像,可以这样使用:
——vim Dockerfile
FROM nginx:v1.0
CMD ["/bin/sh"]
#保存退出
——vim test.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import docker
client = docker.from_env()
# 注意,一定要以二进制方式打开
fd = open("./Dockerfile", "rb")
result = client.build(fileobj=fd, rm=True, tag='pydocker/demo')
fd.close()
for line in result:
print(line)
#保存退出
——python3 test.py
#输出结果:
b'{"stream":"Step 1/2 : FROM nginx:v1.0"}\r\n'
b'{"stream":"\\n"}\r\n'
b'{"stream":" ---\\u003e 5dd2557ae711\\n"}\r\n'
b'{"stream":"Step 2/2 : CMD [\\"/bin/sh\\"]"}\r\n'
b'{"stream":"\\n"}\r\n'
b'{"stream":" ---\\u003e Running in 6daaf3f6dd12\\n"}\r\n'
b'{"stream":"Removing intermediate container 6daaf3f6dd12\\n"}\r\n'
b'{"stream":" ---\\u003e af2b53a2923a\\n"}\r\n'
b'{"stream":"Successfully built af2b53a2923a\\n"}\r\n'
b'{"stream":"Successfully tagged pydocker/demo:latest\\n"}\r\n'
——docker images #查看镜像是否创建成功
看了关于镜像的相关操作后,现在来看创建容器的相关操作:
#查看所有容器
import docker
client = docker.from_env()
container_list = client.containers() # 得到所有的容器
for container_inst in container_list:
print(container_inst['Id']) # 显示所有容器的ID
还有其他参数,例如:
######暂停:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
'test docker'
__author__ = 'ren'
import docker
client = docker.Client(base_url='tcp://10.10.30.69:2375',version='1.21',timeout=5)
containers = client.containers('trunc')
for i in containers:
container_id = i['Id']
print(container_id)
client.pause(container_id) #暂停使用client.pause(容器id)
[root@centos-1 nginx]# docker ps -a #status的后面都有一个paused,表示暂停
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
48f4c3a9893d 5dd2557ae711 "/docker-entrypoint.…" 2 minutes ago Up 2 minutes (Paused) 80/tcp suspicious_lichterman
aea13aa523b7 5dd2557ae711 "/docker-entrypoint.…" 2 minutes ago Up 2 minutes (Paused) 80/tcp awesome_proskuriakova
######取消暂停
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
'test docker'
__author__ = 'ren'
import docker
client = docker.Client(base_url='tcp://10.10.30.69:2375',version='1.21',timeout=5)
containers = client.containers('trunc')
for i in containers:
container_id = i['Id']
print(container_id)
client.unpause(container_id) #取消暂停使用unpause
[root@centos-1 nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
48f4c3a9893d 5dd2557ae711 "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp suspicious_lichterman
aea13aa523b7 5dd2557ae711 "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp awesome_proskuriakova
######关闭容器
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
'test docker'
__author__ = 'ren'
import docker
client = docker.Client(base_url='tcp://10.10.30.69:2375',version='1.21',timeout=5)
containers = client.containers('trunc')
for i in containers:
container_id = i['Id']
print(container_id)
client.kill(container_id) #使用kill
[root@centos-1 nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
48f4c3a9893d 5dd2557ae711 "/docker-entrypoint.…" 5 minutes ago Exited (137) 4 seconds ago suspicious_lichterman
aea13aa523b7 5dd2557ae711 "/docker-entrypoint.…" 5 minutes ago Exited (137) 3 seconds ago awesome_proskuriakova
查看容器的运行状态可以使用这个,但是无法查看已经关闭的容器
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
'test docker'
__author__ = 'ren'
import docker
client = docker.Client(base_url='tcp://10.10.30.69:2375',version='1.21',timeout=5)
containers = client.containers('trunc')
for i in containers:
container_id = i['Id']
print(container_id)
#client.start(container_id)
container_status = client.inspect_container(container_id) #利用inspect_container方法查看
print(container_status['State']['Status'])
#输出信息
48f4c3a9893d5005af0ad03dd150024d01331c31237b273dd78a27d392aff646
running
aea13aa523b79a3c33321d9acfd3a8dbc7a334ff417b6d4673b074caa5122d28
running