一、什么是Docker
1、什么是Docker
Docker是一个由GO语言写的程序运行的“容器”(Linux containers, LXCs); 目前云服务的基石是操作系统级别的隔离,在同一台物理服务器上虚拟出多个主机。 Docker则实现了一种应用程序级别的隔离; 它改变我们基本的开发、操作单元,由直接操作虚拟主机(VM),转换到操作程序运行的“容器”上来。 Docker是为开发者和系统管理员设计的,用来发布和运行分布式应用程序的一个开放性平台。
Docker组成部分:
Client Server:如果docker服务停掉后,所有的docker容器就停掉了
Docker三个组件:
镜像:Image 容器:docker用容器来运行业务。从镜像创建一个实例 仓库:Reposity
二、docker安装
1、环境准备
环境准备
IP 主机名 操作系统 192.168.56.11 linux-node1 centos7 注意:我这里使用的是centos7,如果是使用centos5或者centos6,需要升级操作系统内核,否则Docker的许多新功能都无法使用
2、docker安装
这里我们使用yum方式安装
[[email protected] ~]#yum install docker -y
启动docker
[[email protected] ~]# systemctl start docker
查看docker启动状态
[[email protected] ~]# ps -ef|grep docker root 5340 1 6 12:14 ? 00:00:00 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald root 5454 5208 0 12:14 pts/0 00:00:00 grep --color=auto do [[email protected] ~]# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2016-09-14 12:14:15 CST; 2min 47s ago Docs: http://docs.docker.com Main PID: 5340 (docker-current) CGroup: /system.slice/docker.service └─5340 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald Sep 14 12:14:14 linux-node1 docker-current[5340]: time="2016-09-14T12:14:14.727023180+08:00" level=info msg="Firewalld running: false" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.478602413+08:00" level=info msg="Default bridge (docker...ddress" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.589496307+08:00" level=info msg="Loading containers: start." Sep 14 12:14:15 linux-node1 docker-current[5340]: ...time="2016-09-14T12:14:15.687963245+08:00" level=error msg="Error unmounting c...ounted" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.690846134+08:00" level=error msg="Error unmounting cont...ounted" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.704046889+08:00" level=info msg="Loading containers: done." Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.704081570+08:00" level=info msg="Daemon has completed i...zation" Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.704101582+08:00" level=info msg="Docker daemon" commit=...=1.10.3 Sep 14 12:14:15 linux-node1 systemd[1]: Started Docker Application Container Engine. Sep 14 12:14:15 linux-node1 docker-current[5340]: time="2016-09-14T12:14:15.713964042+08:00" level=info msg="API listen on /var/run...r.sock" Hint: Some lines were ellipsized, use -l to show in full. 可以看到docker已经正常启动
3、docker镜像
对docker镜像的操作包括搜索镜像、导入镜像、导出镜像、删除镜像
搜索镜像
[[email protected] ~]# docker search centos INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/centos The official build of CentOS. 2645 [OK] docker.io docker.io/ansible/centos7-ansible Ansible on Centos7 85 [OK] docker.io docker.io/jdeathe/centos-ssh CentOS-6 6.8 x86_64 / CentOS-7 7.2.1511 x8... 33 [OK] docker.io docker.io/jdeathe/centos-ssh-apache-php CentOS-6 6.8 x86_64 / Apache / PHP / PHP M... 19 [OK] docker.io docker.io/nimmis/java-centos This is docker images of CentOS 7 with dif... 15 [OK] docker.io docker.io/million12/centos-supervisor Base CentOS-7 with supervisord launcher, h... 12 [OK] docker.io docker.io/jdeathe/centos-ssh-mysql CentOS-6 6.8 x86_64 / MySQL. 9 [OK] docker.io docker.io/torusware/speedus-centos Always updated official CentOS docker imag... 8 [OK] docker.io docker.io/centos/mariadb55-centos7 3 [OK] docker.io docker.io/nathonfowlie/centos-jre Latest CentOS image with the JRE pre-insta... 3 [OK] docker.io docker.io/blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK] docker.io docker.io/darksheer/centos Base Centos Image -- Updated hourly 1 [OK] docker.io docker.io/harisekhon/centos-java Java on CentOS (OpenJDK, tags jre/jdk7-8) 1 [OK] docker.io docker.io/timhughes/centos Centos with systemd installed and running 1 [OK] docker.io docker.io/aguamala/centos CentOS base image 0 [OK] docker.io docker.io/dmglab/centos CentOS with some extras - This is for the ... 0 [OK] docker.io docker.io/grayzone/centos auto build for centos. 0 [OK] docker.io docker.io/grossws/centos CentOS 6 and 7 base images with gosu and l... 0 [OK] docker.io docker.io/harisekhon/centos-scala Scala + CentOS (OpenJDK tags 2.10-jre7 - 2... 0 [OK] docker.io docker.io/januswel/centos yum update-ed CentOS image 0 [OK] docker.io docker.io/jsmigel/centos-epel Docker base image of CentOS w/ EPEL installed 0 [OK] docker.io docker.io/kz8s/centos Official CentOS plus epel-release 0 [OK] docker.io docker.io/repositoryjp/centos Docker Image for CentOS. 0 [OK] docker.io docker.io/sgfinans/docker-centos CentOS with a running sshd and Docker 0 [OK] docker.io docker.io/ustclug/centos USTC centos 0 [OK]
导入镜像
[[email protected] ~]# docker load –input centos.tar
查看镜像
[[email protected] ~]# docker images
导出镜像
[[email protected] ~]# docker pull centos #先拉取镜像 [[email protected] ~]# docker save -o centos.tar centos #导出
删除镜像
[[email protected] ~]# docker rmi 镜像ID
三、运行docker容器
运行Docker容器
[[email protected] ~]# docker run centos /bin/echo ‘Hello world’ #centos是镜像的名称,如果有参数,参数写在镜像名称前面
查看容器
[[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d6e7283abf0a centos "/bin/bash" About a minute ago Exited (0) About a minute ago romantic_kilby 7ada4ff8323a nginx "nginx -g ‘daemon off" 13 days ago Exited (137) 4 days ago 80/tcp, 443/tcp condescending_franklin c627741a7dc1 centos "/bin/bash" 13 days ago Exited (137) 4 days ago mydocker 9476c8be9125 centos "/bin/echo ‘hello wor" 13 days ago Exited (0) 13 days ago small_darwin 注意:查看docker运行情况时,加上-a参数,查看所有运行和不运行的容器
运行容器时给Docker容器命名
[[email protected] ~]# docker run --name mydocker -t -i centos /bin/bash -t让docker分配一个伪终端,-i打开标准输入,centos是镜像的名称 如果最后一个参数不是命令,那么最后的永远是镜像的名称。 即使在系统上没有安装docker,这个命令也可以执行,执行后docker会pull下来一个镜像然后启动。 进入Docker容器后查看系统内核版本 [[email protected] /]# uname -a Linux c627741a7dc1 3.10.0-327.18.2.el7.x86_64 #1 SMP Thu May 12 11:03:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [[email protected] /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.3 0.0 11776 1872 ? Ss 12:03 0:00 /bin/bash root 17 0.0 0.0 47424 1660 ? R+ 12:04 0:00 ps aux [[email protected] /]# 此时进入了docker里面,但是它不是一个虚拟机。因为正常情况下,操作系统进程号为1的是/usr/lib/systemd/systemd [[email protected] ~]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.2 0.1 188880 3940 ? Ss 10:16 0:05 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 Docker做的是进程的隔离 虚拟机做的是操作系统的隔离
查看cpuinfo时,看到的是物理机的信息。
[[email protected] /]# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 2 siblings : 1 core id : 0 cpu cores : 1 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 4 siblings : 1 core id : 0 cpu cores : 1 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 model : 69 model name : Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz stepping : 1 microcode : 0x1d cpu MHz : 2294.689 cache size : 3072 KB physical id : 6 siblings : 1 core id : 0 cpu cores : 1 apicid : 6 initial apicid : 6 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid xsaveopt bogomips : 4589.37 clflush size : 64 cache_alignment : 64 address sizes : 42 bits physical, 48 bits virtual power management:
四、进入正在运行的docker容器
1、使用docker attach方式进入
[[email protected] ~]# docker attach mydocker 使用docker attach命令有个缺点就是操作是同步的,一个用户操作时,另一个用户可以看到操作。 [[email protected] /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1868 ? Ss 12:09 0:00 /bin/bash root 16 0.0 0.0 47424 1664 ? R+ 12:15 0:00 ps aux
[[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c627741a7dc1 centos "/bin/bash" 12 minutes ago Exited (0) 7 seconds ago mydocker 9476c8be9125 centos "/bin/echo ‘hello wor" 15 minutes ago Exited (0) 15 minutes ago small_darwin
2、使用nsenter方式
生产环境进入docker,使用nsenter;这个工具集成在util-linux内
如果这个工具没有安装,可以使用yum install -y util-linux进行安装
使用nsenter进入docker容器之前,必须先获取Docker的PID
[[email protected] ~]# docker inspect -f "{{ .State.Pid }}" mydocker
3989
如果获取的值是0,证明docker容器没有启动。
使用nsenter进入容器
[[email protected] /usr/local/src]#nsenter -t 3989 -m -u -i -n –p -t指定pid [[email protected] /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 12:20 ? 00:00:00 /bin/bash root 16 0 0 12:24 ? 00:00:00 -bash root 38 16 0 12:24 ? 00:00:00 ps -ef [[email protected] /]# /bin/bash进程执行的第一个进程 -bash是使用nsenter命令时创建的进程。 如果退出后,/bin/bash仍然运行。 执行docker ps -a可以查看状态 [[email protected] /usr/local/src]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c627741a7dc1 centos "/bin/bash" 21 minutes ago Up 4 minutes mydocker 9476c8be9125 centos "/bin/echo ‘hello wor" 24 minutes ago Exited (0) 24 minutes ago small_darwin [[email protected] /usr/local/src]#
我们可以写一个脚本,把获取docker的PID,进入容器的操作都放入脚本内,这样就不用每次都敲很多命令
[[email protected] ~]# cat docker_in.sh
#!/bin/bash
docker_in(){
NAME_ID=$1
PID=$(docker inspect -f "{{ .State.Pid }}" $NAME_ID)
nsenter -t $PID -m -u -i -n -p
}
docker_in $1 #给docker_in传递一个参数进去
例如:
[[email protected] ~]# ./docker_in.sh mydocker [[email protected] /]# exit logout [[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c627741a7dc1 centos "/bin/bash" 26 minutes ago Up 9 minutes mydocker
3、使用docker exec
使用docker exec时,需加上-it参数
[[email protected] ~]# docker exec -it mydocker /bin/bash [[email protected] /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 11776 1664 ? Ss+ 03:36 0:00 /bin/bash root 23 2.7 0.0 11776 1868 ? Ss 03:41 0:00 /bin/bash root 38 0.0 0.0 47424 1660 ? R+ 03:41 0:00 ps aux
实际生产中,我们可能不需要进入容器,执行一个命令后就退出,可以使用如下方式:
[[email protected] ~]# docker exec mydocker whoami root
时间: 2024-10-04 20:33:20