docker基本操作
容器的基本操作
- 下载镜像
格式:docker pull 镜像名:TAG
docker pull tomcat
我的阿里云镜像加速器地址:
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://ehp8oymj.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
- 查看镜像
docker images #查看本地所有的镜像
- 删除镜像
docker rmi -f 镜像ID或镜像名:TAG
#删除指定的镜像
# -f 表示强制删除
- 获取元数据信息
docker inspect 镜像ID或镜像名:TAG
#镜像的元信息,详细信息
- 查看镜像ID
docker image ls -q
docker ps -aq
- 镜像的导入和导出
格式:docker image save 镜像ID或者镜像名:TAG >存储路径/文件名 docker image save tomcat >/opt/tomcat.tar.gz #导出 格式:docker image load -i 文件路径 docker image load -i /opt/tomcat.tar.gz docker image tag 镜像ID 新镜像名
- 容器运行
格式: docker run --name '容器名' -p 对外端口:内部接口 -d 镜像名 docker run --name tom -p 6666:8080 -d tomcat:8 格式: docker run -it -name '容器名' -p 对外端口:内部接口 -d 镜像名 docker run --name tom -p 6666:8080 -it tomcat
注: --rm 退出即容器删除 (交互式)
--restart=always 启动docker后,容器自动启动
- 容器删除
docker rm $(docker ps -aq) #删除所有容器
- 容器的连接方式
docker attach 容器名
docker exec -it 容器名 /bin/bash
- 查看日志
格式:docker logs [-tf] 容器名称或容器ID
docker logs tom
- 查看容器PID
格式:docker container top 镜像ID
docker container top 36b4da4330f4
- 容器的数据卷
格式: docker run --name '容器名' -p 对外端口:内部接口 -d -v 宿主机目录:容器内目录 镜像名 docker run -d -p 80:8080 -v /opt/html:/usr/local/tomcat/webapps/ROOT tomcat:8
- 数据卷容器
格式: docker run --name '数据卷名称' -p 对外端口:内部接口 -d -v 宿主机目录:容器内目录 镜像名 docker run -d --volumes-from 数据卷名称 --name 容器名字 镜像名字
创建镜像
有时从仓库中下载的镜像不能满足我们的要求,需要我们自己创建一个自定义镜像
两种方式:
- 更新镜像 docker commit 命令
- 构建镜像 docker build 命令 需要Dockerfile文件
更新镜像
先使用
mkdir /var/run/sshd echo 'UseDNS no' >> /etc/ssh/sshd_config sed -i -e '/pam_logiinuid.so/d' /etc/pam.d/sshd echo 'root:123456'| chpasswd /usr/bin/ssh-keygen -A
创建仓库
- registry仓库配置
1.启动容器 docker run -d -p 5000:5000 --restart=always --name=registry -v /opt/regitsry:/var/lib/registry registry 2.修改配置文件 /etc/docker/daemon.json 中添加如下; { "insecure-registries":["10.0.0.88:5000"], "registry-mirrors": ["https://ehp8oymj.mirror.aliyuncs.com"] } 3.重启容器 systemctl restart docker
- 本地仓库加安全认证
yum install httpd-tools -y mkdir /opt/registry-auth/ -p htpasswd -Bbn qin 123456 > /opt/registry-auth/htpasswd docker run -d -v /opt/registry-auth/:/auth/ -v /opt/registry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 5000:5000 --restart=always --privileged=true --name registry registry
- 验证仓库
docker login 10.0.0.88:5000 Username: qin Password: Login Succeeded docker push 10.0.0.88:5000/qin/centos:v2
-
私有仓库habor配置
1. 下载软件
- 安装docker-compose:方便管理docker容器的一个软件,官网地址:https://github.com/docker/compose/releases/,可以在里面找一个合适的版本下载。
放到/usr/local/bin下,给执行权限.
curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 要安装其他版本的Compose,请替换1.25.5 为要使用的Compose版本。 chmod +x /usr/local/bin/docker-compose
- 下载解压安装包:官网地址:https://github.com/vmware/harbor/releases/,我下载的是2.0版本。
cd /usr/local/src wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz
2. 解压软件安装依赖
[root@localhost harbor]# yum install docker-compose -y [root@localhost harbor]# docker-compose --version docker-compose version 1.18.0, build 8dd22a9 [root@localhost src]# tar xf harbor-offline-installer-v2.0.0.tgz
3. 配置证书
配置https:默认harbor是https,所以需要配置下https。
- 1.需要的文件
harbor.com.crt:服务器端的证书文件
harbor.com.key:服务器端的秘钥
ca.crt:客户端的证书文件
- 2.生成秘钥和自签名证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
- 3.生成证书签名请求
openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.com.key -out harbor.com.csr
- 4.生成证书
openssl x509 -req -days 365 -in harbor.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.com.crt
-
5.证书统一规划
[root@localhost harbor]# mkdir -p /etc/cert/harbor
[root@localhost harbor]# cp harbor.com.crt harbor.com.key /etc/cert/harbor
4. 修改配置文件
[root@localhost harbor]# egrep -v '#|^$' harbor.yml hostname: harbor.com http: port: 80 https: port: 443 certificate: /etc/cert/harbor/harbor.com.crt private_key: /etc/cert/harbor/harbor.com.key harbor_admin_password: 123456 database: password: root123 max_idle_conns: 50 max_open_conns: 100 data_volume: /data/harbor clair: updaters_interval: 12 trivy: ignore_unfixed: false skip_update: false insecure: false jobservice: max_job_workers: 10 notification: webhook_job_max_retry: 10 chart: absolute_url: disabled log: level: info local: rotate_count: 50 rotate_size: 200M location: /var/log/harbor _version: 2.0.0 proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - clair - trivy
5.安装harbar
[root@localhost harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 18.03.1 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.18.0 [Step 2]: loading Harbor images ... Loaded image: goharbor/notary-signer-photon:v2.0.0 Loaded image: goharbor/clair-adapter-photon:v2.0.0 Loaded image: goharbor/chartmuseum-photon:v2.0.0 Loaded image: goharbor/harbor-log:v2.0.0 Loaded image: goharbor/harbor-registryctl:v2.0.0 Loaded image: goharbor/registry-photon:v2.0.0 Loaded image: goharbor/clair-photon:v2.0.0 Loaded image: goharbor/notary-server-photon:v2.0.0 Loaded image: goharbor/redis-photon:v2.0.0 Loaded image: goharbor/nginx-photon:v2.0.0 Loaded image: goharbor/harbor-core:v2.0.0 Loaded image: goharbor/harbor-db:v2.0.0 Loaded image: goharbor/harbor-jobservice:v2.0.0 Loaded image: goharbor/trivy-adapter-photon:v2.0.0 Loaded image: goharbor/prepare:v2.0.0 Loaded image: goharbor/harbor-portal:v2.0.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Creating harbor-log ... done Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Creating registry ... done Creating harbor-core ... done Creating network "harbor_harbor" with the default driver Creating nginx ... done Creating redis ... Creating registryctl ... Creating harbor-portal ... Creating registry ... Creating harbor-db ... Creating harbor-core ... Creating harbor-jobservice ... Creating nginx ... ✔ ----Harbor has been installed and started successfully.----
网络类型
- 本地网络
docker network ls
bridge # 默认模式 相当于NAT模式
host # 公有宿主机network NameSace
none # 无网络模式
container # 与其他容器公用network NameSace
- 跨主机之间的网络
1.macvlan网络的实现 (不能上外网)
#宿主机1 docker network create --driver macvlan --subnet=10.0.0.0/24 --gateway=10.0.0.254 -o parent=ens33 macvlan_1 docker run -it --network=macvla1 --ip=10.0.0.11 centos /bin/bash #宿主机2 docker network create --driver macvlan --subnet=10.0.0.0/24 --gateway=10.0.0.254 -o parent=ens33 macvlan_1 docker run -it --network=macvlan_1 --ip=10.0.0.12 centos /bin/bash
2. overlay 实现跨主机网络
1.启动consul docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap 2.配置文件添加内容 (宿主机都要修改) /etc/docker/daemon.json { "hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"], "cluster-store" : "consul://10.0.0.88:8500", "cluster-advertise" :"10.0.0.88:2375" }
#其中标红的地址根据各自的ip修改 3.重启服务 systemctl restart docker
- 创建overlay网络
docker network create -d overlay --subnet 172.18.0.0/24 --gateway 172.18.0.254 overlay_1
# 创建网络 -d 指定网络驱动程序为 overlay multi_host
docker network create -d
注:再任意节点创建后会通过overlay同步到已连接的节点下创建网络。 命令:docker network ls 651b70b7c68c overlay_1 overlay global
- 测试
docker run -it --net=overlay_1 busybox
#在一台主机上测试连通性 / # ping 10.0.0.3 PING 10.0.0.3 (10.0.0.3): 56 data bytes 64 bytes from 10.0.0.3: seq=0 ttl=64 time=49.553 ms 64 bytes from 10.0.0.3: seq=1 ttl=64 time=0.654 ms 64 bytes from 10.0.0.3: seq=2 ttl=64 time=0.724 ms 64 bytes from 10.0.0.3: seq=3 ttl=64 time=1.022 ms 64 bytes from 10.0.0.3: seq=4 ttl=64 time=0.774 ms
浙公网安备 33010602011771号