一:Docker简介
(1)概念
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的。
Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。非常方便。
(2)架构
一个完整的Docker有以下几个部分组成:
- DockerClient客户端
- Docker Daemon守护进程
- Docker Image镜像
- DockerContainer容器
Docker daemon 一般在宿主主机后台运行,等待接收来自客户端的消息。 Docker
客户端则为用户提供一系列可执行命令,用户用这些命令实现跟 Docker daemon 交互
(3)特性
- Automating the packaging and deployment of applications(使应用的打包与部署自动化)
- Creation of lightweight, private PAAS environments(创建轻量、私密的PAAS环境)
- Automated testing and continuous integration/deployment(实现自动化测试和持续的集成/部署)
- Deploying and scaling web apps, databases and backend services(部署与扩展webapp、数据库和后台服务)
由于其基于LXC的轻量级虚拟化的特点,docker相比KVM之类最明显的特点就是启动快,资源占用小。因此对于构建隔离的标准化的运行环境,轻量级的PaaS(如dokku),
构建自动化测试和持续集成环境,以及一切可以横向扩展的应用(尤其是需要快速启停来应对峰谷的web应用)。
(4)局限
Docker是基于Linux 64bit的,无法在32bit的linux/Windows/unix环境下使用
LXC是基于cgroup等linux kernel功能的,因此container的guest系统只能是linux base的
隔离性相比KVM之类的虚拟化方案还是有些欠缺,所有container公用一部分的运行库 网络管理相对简单,主要是基于namespace隔离
cgroup的cpu和cpuset提供的cpu功能相比KVM的等虚拟化方案相比难以度量(所以dotcloud主要是按内存收费)
Docker对disk的管理比较有限 container随着用户进程的停止而销毁,container中的log等用户数据不便收集
(5)Docker和Vm区别
1.实现原理不同
VM通过Hypervisor提供基础环境实现虚拟机 Docker通过docker
engine与物理机共享操作系统而不是在向虚拟机一样,完全仿真一个虚拟操作系统,Docker达到了类似虚拟机的效果,但是又没有虚拟机的开销,它虚拟的层次更加高。
Docker不虚拟机器,仅仅虚拟应用的运行环境
2.使用上的区别
Docker在宿主机器的操作系统上创建Docker引擎,直接在宿主主机的操作系统上调用硬件资源,而不是虚拟化操作系统和硬件资源,所以操作速度快。
这个其实安装一个ubuntu的虚拟机和拉取一个Docker的ubuntu镜像文件,运行一下就知道了,区别很明显,虚拟机开一下大概得2分多钟,而Docker只需要2秒钟。
二:docker三个特征
镜像
容器
仓库
docker实际可以理解为简易版的linux系统
容器就是镜像的一个实例
仓库(Repository)是存放镜像的厂所
仓库注册服务器(Registry)放着多个仓库,每个仓库又放着多个镜像,每个镜像又有不同的标签(类似版本号)
仓库分为公开仓库和私有仓库两种形式 最大的公开库是Docker Hub。(太慢,国外网站) 国内公开仓库包括阿里云,网易云
三、docker的安装及测试
部署环境:
[root@a ~]# ping qq.com PING qq.com (125.39.52.26) 56(84) bytes of data. 64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=50 time=59.6 ms 64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=50 time=152 ms 64 bytes from no-data (125.39.52.26): icmp_seq=3 ttl=50 time=210 ms 64 bytes from no-data (125.39.52.26): icmp_seq=4 ttl=50 time=88.2 ms ^C --- qq.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3015ms rtt min/avg/max/mdev = 59.646/127.784/210.411/58.431 ms [root@a ~]# cat /etc/redhat-release CentOS Linux release 7.7.1908 (Core) [root@a ~]# uname -r 3.10.0-1062.el7.x86_64
1、设置yum源
[root@a ~]# yum install -y yum-utils [root@a ~]# yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo [root@a ~]# yum makecache fast Docker安装报错:containerd.io-1.2.13-3.1.el7.x86_64 (docker-ce-stable) 需要:container-selinux >= 2:2.74 解决方案: [root@a ~]# yum install -y wget [root@a ~]# wget -O http://mirrors.aliyun.com/repo/Centos-7.repo [root@a ~]# mv Centos-7.repo /etc/yum.repos.d/ [root@a ~]# yum install epel-release [root@a ~]# yum install container-selinux
2、安装最新版本的 Docker Engine-Community 和 containerd
[root@a ~]# yum install docker-ce docker-ce-cli containerd.io ... Installed: containerd.io.x86_64 0:1.2.13-3.2.el7 docker-ce.x86_64 3:19.03.8-3.el7 docker-ce-cli.x86_64 1:19.03.8-3.el7 Complete!
3、启动服务
[root@a ~]# systemctl start docker [root@a ~]# docker --version Docker version 19.03.8, build afacb8b
4、配置镜像加速器
登录阿里云搜素镜像加速器 [root@a ~]# mkdir -p /etc/docker [root@a ~]# tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://..............."] } EOF [root@a ~]# systemctl daemon-reload [root@a ~]# systemctl restart docker [root@a ~]# ps -ef |grep docker root 12225 1 0 08:10 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 12362 1737 0 08:12 pts/0 00:00:00 grep --color=auto docker
5、测试
[root@a ~]# docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 0e03bdcc26d7: Pull complete Digest: sha256:6a65f928fb91fcfbc963f7aa6d57c8eeb426ad9a20c7ee045538ef34847f44f1 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/
6、run有什么用?
开始>>>docker在本机中寻找镜像>>>本机是否有该镜像{1.有,以镜像为模板生产容器实例运行 2.没有,去dockerHub上找}>>>dockerHub上能否找到{1.能,下载镜像到本地,以镜像为模板生产容器实例运行 2.不能,返回错误值结束}
7、基础命令
一、帮助命令
1、docker version(查看docker基本信息) [root@a ~]# docker version Client: Docker Engine - Community Version: 19.03.8 API version: 1.40 Go version: go1.12.17 Git commit: afacb8b Built: Wed Mar 11 01:27:04 2020 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.8 API version: 1.40 (minimum version 1.12) Go version: go1.12.17 Git commit: afacb8b Built: Wed Mar 11 01:25:42 2020 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.13 GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc: Version: 1.0.0-rc10 GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd docker-init: Version: 0.18.0 GitCommit: fec3683
二、docker info(查看容器信息)
[root@a ~]# docker info Client: Debug Mode: false Server: Containers: 1 Running: 0 Paused: 0 Stopped: 1 Images: 1 Server Version: 19.03.8 Storage Driver: overlay2 Backing Filesystem: <unknown> Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-1062.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 972.4MiB Name: a ID: VIBZ:LAXM:EH6G:R2JL:MQYU:7D25:HCZT:V234:BEP5:ZV67:RPG7:LZFY Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://wuz1gh9p.mirror.aliyuncs.com/ Live Restore Enabled: false
三、docker --help
[root@a ~]# docker --help Usage: docker [OPTIONS] COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/root/.docker") -c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: builder Manage builds config Manage Docker configs container Manage containers context Manage contexts engine Manage the docker engine image Manage images network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit
