docker 安装及使用介绍
docker 安装及使用用介绍
安装docker所依赖的基础环境
1 64 bits CPU
2 Linux Kernel 3.10+ //如果低于则需要手动给内核打补丁。因为分层构建联合挂载系统得在3.10内核以版本才有的
3 Linux Kernel Cgroups and Namespace
因为我这里是用yum安装,所以需要有extras repository 仓库。
安装:
~]# yum repolist
...
extras/primary_db //安装依赖于extras仓库,只要有此仓库即可
~]# yum info docker //查看docker安装信息
~]# yum install docker -y //安装docker
~]# rpm -ql docker | less //查看docker安装了哪些文件
- 如果需要对下面某个子命令查看帮助,可以: ~]# docker help attach 或 ~] docker attach --help
- [中文手册 http://www.widuu.com](http://www.widuu.com)
docker命令使用简述:
[root@localhost ~]# docker --help
Usage: docker [OPTIONS] COMMAND [arg...]
docker [ --help | -v | --version ]
A self-sufficient runtime for containers.
Options:
--config=~/.docker Location of client config files
-D, --debug Enable debug mode
-H, --host=[] Daemon socket(s) to connect to
-h, --help Print usage
-l, --log-level=info Set the logging level
--tls Use TLS; implied by --tlsverify
--tls3acert=~/.docker/ca.pem Trust certs signed only by this CA
--tlscert=~/.docker/cert.pem Path to TLS certificate file
--tlskey=~/.docker/key.pem Path to TLS key file
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Commands:
attach Attach to a running container //附加至某运行状态的容器的终端设备
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes on a container's filesystem
events Get real time events from the server
exec Run a command in a running container //让运行中的容器运行一个额外的程序
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images //列出本地已有镜像
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on a container, image or task
kill Kill one or more running containers //杀死一个容器。还有一种当内存用完成,自动停止容器
load Load an image from a tar archive or STDIN
login Log in to a Docker registry. //登陆到register,然后pull或push镜像
logout Log out from a Docker registry.
logs Fetch the logs of a container //容器内部程序运行时输出到终端的信息,如果有终端的话,包括用户所键入的信息"也就是命令"
network Manage Docker networks //让容器加入网络,默认为docker0
node Manage Docker Swarm nodes
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers //列出正在运行的容器, 加-a,列出所有
pull Pull an image or a repository from a registry //下载镜像
push Push an image or a repository to a registry //上传镜像
rename Rename a container
restart Restart a container
rm Remove one or more containers //容器运行终止即自行删除
rmi Remove one or more Images //删除镜像
run Run a command in a new container //包含create和start
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images //搜索镜像文件
service Manage Docker services
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers //停止一个容器
swarm Manage Docker Swarm
tag Tag an image into a repository
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
volume Manage Docker volumes
wait Block until a container stops, then print its exit code
~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
仓库 标签 镜像自己的ID 创建时间 镜像的大小
~]# docker search busybox
~]# docker pull docker.io/busybox:latest //冒号后标签可不写,默认库最新的。此时本机会联上docker.io register去拉取最新的镜像。
~]# docker help run
--name string //名称
--rm //容器一停,立即删除
-i, --interactive //交互式接口,一启动便可交互
-t, --tty //附加一个终端
--network string //让容器附加在某个网络上
~]# ip a
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:e7:f3:cc:df brd ff:ff:ff:ff:ff:ff
inet **172.17.0.1/16** scope global docker0
valid_lft forever preferred_lft forever
//在启动docker服务时,docker会自动创建一个桥叫docker0,NAT桥
~]# iptables -t nat -vnL
Chain POSTROUTING (policy ACCEPT 15 packets, 1800 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
//这一条规则就说明了,此docker0的网络是NAT模式的。自带dhcp功能
可以启动busybox服务:
~]# docker run --name test1 -it docker.io/busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet **172.17.0.2/16** scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
/ #
//可以看到启动的busybox已经分配到了ip地址
//重新打开一个会话窗口
[root@localhost ~]# docker ps -a //列出当前容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2fd90aedeb8 docker.io/busybox:latest "sh" 12 seconds ago Up 11 seconds test1
注意:
创建容器:基于镜像,镜像文件得有默认运行的程序
运行的容器内部必须有一个工作于前台的程序,切不可转换至后台;
docker的容器通常也是仅为运行一个程序;
要想在容器内运行多个程序,一般需要提供一个管控程序,例如:supervised
~]# docker -it //这个选项是因为bash这个程序一直运行于前台,并且交互中启动的程序都是bash进程下的子进程,这样是启动多个进程的一种方式。
常用命令
启动相关命令:
--name string
--rm : 容器运行终止即自行删除
--network BRIDGE : 让容器加入相应的网络,默认为docker0
交互式启动容器:
-i,--interactive : 交互式
-t,--tty : 启动一个终端
从终端拆除: ctrl+p,ctrl+q 连续按ctrl+p+q 也可以。如果想在次连接进入容器,可直接 ~]# docker attach "NAMES"
attach : 附加至某运行状态的容器的终端设备
查看容器相关信息:
logs : 容器内部程序运行时输出到终端的信息,如果有终端的话,包括用户所键入的信息"也就是命令"
ps : list containers
-a,--all :列出所有容器
-filter,-f : 过滤条件显示
name=
status{stopped|running|paused}
stats : 动态方式显示容器的资源占用状态
top :显示一个容器内部正在运行的命令
容器的状态
- created
- running
- paused
- stop
- deleted
下图非常详细的解释每种状态的变化:
