docker基本知识和部署在centos系统
docker是一個(gè)軟件,使用go語(yǔ)言開(kāi)發(fā)的一個(gè)軟件,是對(duì)容器進(jìn)行管理。
docker是容器技術(shù)的經(jīng)典代表,docker 容器啟動(dòng)軟件,顛覆了我們傳統(tǒng)的軟件安裝的方式。
docker在centos系統(tǒng)的安裝過(guò)程:
1.卸載原來(lái)安裝過(guò)的docker,如果沒(méi)有安裝可以不需要卸載
yum remove docker \
? ? ? ? ? ? ? ? ? docker-client \
? ? ? ? ? ? ? ? ? docker-client-latest \
? ? ? ? ? ? ? ? ? docker-common \
? ? ? ? ? ? ? ? ? docker-latest \
? ? ? ? ? ? ? ? ? docker-latest-logrotate \
? ? ? ? ? ? ? ? ? docker-logrotate \
? ? ? ? ? ? ? ? ? docker-engine
#The Docker Engine package is now called docker-ce.
2.安裝yum相關(guān)的工具,下載docker-ce.repo文件
yum install -y yum-utils
yum-config-manager \
> ? ? --add-repo \
> ? ? https://download.docker.com/linux/centos/docker-ce.repo
添加docker官方的yum倉(cāng)庫(kù)文件,一會(huì)需要去docker官方的yum倉(cāng)庫(kù)下載軟件
如果下載比較慢的話,可以自己更改下載源。
[root@sc-docker yum.repos.d]# cd /etc/yum.repos.d/ ?存放所有的yum倉(cāng)庫(kù)文件的
[root@sc-docker?yum.repos.d]# ls
CentOS-Base.repo ?CentOS-Debuginfo.repo ?CentOS-Media.repo ? ?CentOS-Vault.repo ? ? ? ? ?docker-ce.repo
CentOS-CR.repo ? ?CentOS-fasttrack.repo ?CentOS-Sources.repo ?CentOS-x86_64-kernel.repo ?nginx.repo
docker-ce.repo 就是我們剛剛下載的
3.安裝docker-ce軟件
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
container engine 容器引擎
docker是一個(gè)容器管理的軟件
docker-ce 是服務(wù)器端軟件 server
docker-ce-cli 是客戶端軟件 client
docker-compose-plugin 是compose插件,用來(lái)批量啟動(dòng)很多容器,在單臺(tái)機(jī)器上
containerd.io ?底層用來(lái)啟動(dòng)容器的
4.啟動(dòng)docker,并且設(shè)置docker開(kāi)機(jī)啟動(dòng)
[root@sc-docker yum.repos.d]# systemctl start docker
[root@sc-docker yum.repos.d]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@sc-docker yum.repos.d]# ps aux|grep docker
root ? ? ? 16210 ?0.4 ?2.0 1368904 79400 ? ? ? ? Ssl ?17:29 ? 0:00 /usr/bin/dockerd-H fd:// --containerd=/run/containerd/containerd.sock
root ? ? ? 16363 ?0.0 ?0.0 ?12348 ?1112 pts/0 ? ?S+ ? 17:30 ? 0:00 grep --color=auto docker
docker的一個(gè)容器,背后就是一個(gè)進(jìn)程。
5.測(cè)試運(yùn)行一個(gè)docker容器,下載nginx鏡像并且啟動(dòng)一個(gè)nignx的服務(wù)。
[root@sc-docker?yum.repos.d]# docker pull ?nginx ?下載nginx的鏡像
Using default tag: latest
latest: Pulling from library/nginx
7a6db449b51b: Pull complete?
ca1981974b58: Pull complete?
d4019c921e20: Pull complete?
7cb804d746d4: Pull complete?
e7a561826262: Pull complete?
7247f6e5c182: Pull complete?
Digest: sha256:b95a99feebf7797479e0c5eb5ec0bdfa5d9f504bc94da550c2f58e839ea6914f
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@sc-docker?yum.repos.d]# docker images
REPOSITORY ? TAG ? ? ? IMAGE ID ? ? ? CREATED ? ? ?SIZE
nginx ? ? ? ?latest ? ?2b7d6430f78d ? 2 days ago ? 142MB
[root@sc-docker?yum.repos.d]#
啟動(dòng)docker容器
啟動(dòng)一個(gè)容器,可以理解為開(kāi)啟一臺(tái)虛擬機(jī)
[root@sc-docker?yum.repos.d]# docker run -d -p 8090:80 --name ?sc-nginx ?nginx
bda1e5c73838b5e48e711f27f3473f1749006786c28e061a9469f49e93439e32
docker run 是啟動(dòng)容器的命令
?-d 在后臺(tái)運(yùn)行 daemon 守護(hù)進(jìn)程
-p 8090:80 ?指定端口映射 ? ?DNAT 訪問(wèn)本機(jī)的8090端口,轉(zhuǎn)發(fā)到docker容器的80端口
--name ?sc-nginx ?指定容器的名字
?nginx 是鏡像的名字
在客戶機(jī)上測(cè)試能否訪問(wèn)宿主機(jī)的8090端口
http://192.168.1.183:8090/
============
使用容器啟動(dòng)一個(gè)MySQL的服務(wù):
1.下載鏡像
[root@sc-docker ~]# docker pull mysql:5.7.39
5.7.39: Pulling from library/mysql
9815334b7810: Pull complete?
f85cb6fccbfd: Pull complete?
b63612353671: Pull complete?
447901201612: Pull complete?
9b6bc806cc29: Pull complete?
24ec1f4b3b0d: Pull complete?
207ed1eb2fd4: Pull complete?
27cbde3edd97: Pull complete?
0a5aa35cc154: Pull complete?
e6c92bf6471b: Pull complete?
07b80de0d1af: Pull complete?
Digest: sha256:c1bda6ecdbc63d3b0d3a3a3ce195de3dd755c4a0658ed782a16a0682216b9a48
Status: Downloaded newer image for mysql:5.7.39
docker.io/library/mysql:5.7.39
2.啟動(dòng)容器
[root@sc-docker ~]# docker run -d --name sc-mysql-1 -p 3306:3306 -e MYSQL_ROOT_PASSWORD="sc123456
3d15dbc364ac4ed187ceb68c1a2215c33b6512680864cc49a31bf799052b277c
[root@sc-docker ~]# docker ps
CONTAINER ID ? IMAGE ? ??COMMAND ?CREATED ? STATUS ? ? PORTS ? ?NAMES
3d15dbc364ac ? mysql:5.7.39 ? "docker-entrypoint.s…" ? 3 seconds ago ? Up 3 seconds ? 0.0.0.0:330cp, 33060/tcp ? sc-mysql-1
73e618b7f293 ? nginx ? ? ? ? ?"/docker-entrypoint.…" ? 3 hours ago ? ? Up 3 hours ? ? 0.0.0.0:809 ? ? ? ? ? ? ? ?sc-nginx
3.進(jìn)入mysql容器里
docker exec 進(jìn)入容器內(nèi)容,執(zhí)行命令 execute
-it 開(kāi)啟一個(gè)終端,交互式登陸進(jìn)入
sc-mysql-1 ?容器的名字
?bash 進(jìn)入容器里運(yùn)行的程序?
[root@sc-docker ~]# docker exec -it sc-mysql-1 bash
bash-4.2# ls
bin ? dev?? ??? ??? ? ?entrypoint.sh ?home ?lib64 ?mnt ?proc ?run ? srv ?tmp ?var
boot ?docker-entrypoint-initdb.d ?etc?? ??? ? lib ? media ?opt ?root ?sbin ?sys ?usr
bash-4.2# cat /etc/re
redhat-release ?resolv.conf ? ??
bash-4.2# cat /etc/redhat-release?
Red Hat Enterprise Linux Server release 7.9 (Maipo)
bash-4.2# mysql -uroot -p"sc123456"
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. ?Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.39 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database ? ? ? ? ? |
+--------------------+
| information_schema |
| mysql ? ? ? ? ? ? ?|
| performance_schema |
| sys ? ? ? ? ? ? ? ?|
+--------------------+
4 rows in set (0.00 sec)
mysql> exit
Bye
bash-4.2# exit
exit
[root@sc-docker ~]#?
啟動(dòng)失敗的排錯(cuò)過(guò)程;
[root@sc-docker?yum.repos.d]# docker logs a5b752cc4485 查看容器啟動(dòng)失敗的日志
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [ERROR] [Entrypoint]: Database is uninitialized and password option is not specified
? ? You need to specify one of the following:
? ? - MYSQL_ROOT_PASSWORD
? ? - MYSQL_ALLOW_EMPTY_PASSWORD
? ? - MYSQL_RANDOM_ROOT_PASSWORD
[root@sc-docker?yum.repos.d]# docker logs sc-mysql-1
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [ERROR] [Entrypoint]: Database is uninitialized and password option is not specified
? ? You need to specify one of the following:
? ? - MYSQL_ROOT_PASSWORD
? ? - MYSQL_ALLOW_EMPTY_PASSWORD
? ? - MYSQL_RANDOM_ROOT_PASSWORD
docker rmi nginx 刪除鏡像
[root@sc-docker?yum.repos.d]# docker ps -a
CONTAINER ID ? IMAGE ? ? ? ? ?COMMAND ? ? ? ? ? ? ? ? ?CREATED ? ? ? ? STATUS ? ? ? ? ? ? ? ? ? ? PORTS ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? NAMES
a5b752cc4485 ? mysql:5.7.39 ? "docker-entrypoint.s…" ? 6 minutes ago ? Exited (1) 6 minutes ago ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? sc-mysql-1
bda1e5c73838 ? nginx ? ? ? ? ?"/docker-entrypoint.…" ? 3 hours ago ? ? Up 3 hours ? ? ? ? ? ? ? ? 0.0.0.0:8090->80/tcp, :::8090->80/tcp ? sc-nginx
[root@sc-docker? yum.repos.d]# docker rm sc-mysql-1 ?刪除啟動(dòng)失敗的容器,正在運(yùn)行的容器不能直接刪除 sc-mysql-1
==========
docker的一些命令:
docker version? 查看docker的版本
docker pull ?nginx ?下載nginx的鏡像
docker run ? ?創(chuàng)建一個(gè)新的容器
docker start ?啟用一個(gè)已經(jīng)存在的容器
docker images 查看下載的鏡像
?service docker restart ? 會(huì)導(dǎo)致所有的正在運(yùn)行的容器暫停
docker ps -a? ? ? ? ?查看所有的容器進(jìn)程
docker rmi nginx 刪除鏡像
可以是docker? --help來(lái)查看更多的命令
[root@sc-docker ~]# docker --help
? attach ? ? ?Attach local standard input, output, and error streams to a running container
? build ? ? ? Build an image from a Dockerfile
? commit ? ? ?Create a new image from a container's changes
? cp ? ? ? ? ?Copy files/folders between a container and the local filesystem
? create ? ? ?Create a new container
? diff ? ? ? ?Inspect changes to files or directories on a container's filesystem
? events ? ? ?Get real time events from the server
? exec ? ? ? ?Run a command in a running container
? export ? ? ?Export a container's filesystem as a tar archive
? history ? ? Show the history of an image
? images ? ? ?List images
? import ? ? ?Import the contents from a tarball to create a filesystem image
? info ? ? ? ?Display system-wide information
? inspect ? ? Return low-level information on Docker objects
? kill ? ? ? ?Kill one or more running containers
? load ? ? ? ?Load an image from a tar archive or STDIN
? login ? ? ? Log in to a Docker registry
? logout ? ? ?Log out from a Docker registry
? logs ? ? ? ?Fetch the logs of a container
? pause ? ? ? Pause all processes within one or more containers
? port ? ? ? ?List port mappings or a specific mapping for the container
? ps ? ? ? ? ?List containers
? pull ? ? ? ?Pull an image or a repository from a registry
? push ? ? ? ?Push an image or a repository to a registry
? rename ? ? ?Rename a container
? restart ? ? Restart one or more containers
? rm ? ? ? ? ?Remove one or more containers
? rmi ? ? ? ? Remove one or more images
? run ? ? ? ? Run a command in a new container
? save ? ? ? ?Save one or more images to a tar archive (streamed to STDOUT by default)
? search ? ? ?Search the Docker Hub for images
? start ? ? ? Start one or more stopped containers
? stats ? ? ? Display a live stream of container(s) resource usage statistics
? stop ? ? ? ?Stop one or more running containers
? tag ? ? ? ? Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
? top ? ? ? ? Display the running processes of a container
? unpause ? ? Unpause all processes within one or more containers
? update ? ? ?Update configuration of one or more containers
? version ? ? Show the Docker version information
? wait ? ? ? ?Block until one or more containers stop, then print their exit codes
============
容器和虛擬機(jī)的區(qū)別?
docker的優(yōu)勢(shì):啟動(dòng)速度快;資源消耗小;擴(kuò)展方便。缺點(diǎn)是:app隔離沒(méi)有虛擬機(jī)徹底
虛擬機(jī)的安全性要高一些。
層次不一樣:虛擬機(jī)多一層封裝
docker底層是如何做隔離的?
name space;kernel lxc;control groups;lxc+namespace+cgroups
Docker Engine 使用了以下 Linux 的隔離技術(shù):
The pid namespace: 管理 PID 命名空間 (PID: Process ID)
The net namespace: 管理網(wǎng)絡(luò)命名空間(NET: Networking)
The ipc namespace: 管理進(jìn)程間通信命名空間(IPC: InterProcess Communication)
The mnt namespace: 管理文件系統(tǒng)掛載點(diǎn)命名空間 (MNT: Mount)
The uts namespace: Unix 時(shí)間系統(tǒng)隔離. (UTS: Unix Timesharing System)
namespace有什么作用?
1.隔離資源
2.是內(nèi)存里存放數(shù)據(jù)的一個(gè)空間
關(guān)閉防火墻對(duì)docker的影響?
關(guān)閉防火墻或者清除防火墻規(guī)則,會(huì)導(dǎo)致iptables里的docker相關(guān)SNAT或者DNAT等策略失效,導(dǎo)致容器不能和外面的機(jī)器通信
重啟docker服務(wù),會(huì)自動(dòng)添加docker相關(guān)的iptables規(guī)則
總結(jié)
以上是生活随笔為你收集整理的docker基本知识和部署在centos系统的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: H3 BPM嵌入式流程解决方案 (文末附
- 下一篇: 精灵图片