Docker学习笔记 —— Docker管理容器

Posted 爱敲代码的三毛

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker学习笔记 —— Docker管理容器相关的知识,希望对你有一定的参考价值。

文章目录


Docker管理容器

1. 容器&镜像&仓库&daemon&client之间的关系

  • docker客户端下达命令到 docker daemon
  • docker daemon 下载 (到镜像仓库下载镜像到本地)
  • docker daemon 生成容器

2. 启动容器

验证是否有镜像在本地

[root@docker ~]# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

本地没有镜像,需要去seacrch镜像

仓库:dockerhub

[root@docker ~]# docker search centos
NAME                                         DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
centos                                       The official build of CentOS.                   7330      [OK]       

下载镜像到本地

[root@docker ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete 
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
[root@docker ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
centos       latest    5d0da3dc9764   12 months ago   231MB

运行容器

# 运行一个命令在centos镜像容器中,容器名为test
[root@docker ~]# docker run -it --name=test centos:latest /bin/bash
[root@3335fd83cd10 /]# 

-i:交互式操作
-t:终端
centos:latest :centos的latest版本镜像
/bin/bash:放在镜像名后的是命令,这里我们希望有个交互式 Shell,因此用的是 /bin/bash。
--name: 容器名
[root@3335fd83cd10 /]# ps
  PID TTY          TIME CMD
    1 pts/0    00:00:00 bash
   15 pts/0    00:00:00 ps
[root@3335fd83cd10 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

3.docker daemon管理

  • 远程管理docker daemon充分条件
    1.可以把 docker client与docker daemon分开部署
    2.可以通过第三方软件管理docker daemon创建的容器

第一步:关闭docker daemon

修改docker配置文件前,请先关闭docker守护进程

[root@docker ~]# systemctl stop docker

第二步:修改docker daemon配置文件

如果想使用/etc/docker/daemon.json管理docker daemon,默认情况下,/etc/docker目录中并没有daemon.json文件,添加后会导致docker daemon无法启动,在添加daemon.json文件之前,请先修改如下文件内容:

[root@docker ~]# cp /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker.service.bak
[root@docker ~]# vim /usr/lib/systemd/system/docker.service

修改前:

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# #删除-H(含)后面所有内容

修改后:

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd

第三步:加载配置文件

修改完成后,一定要加载此配置文件

[root@docker ~]# systemctl daemon-reload

第四步:第四步:重新开启docker守护进程

[root@docker ~]# systemctl start docker

第五步:添加配置文件对docker daemon配置

通过/etc/docker/daemon.json文件对docker守护进程文件进行配置

[root@docker ~]# cd /etc/docker/
[root@docker docker]# vim daemon.json

        "hosts": ["tcp://0.0.0.0:2480","unix:///var/run/docker.sock"]

[root@docker docker]# systemctl restart docker
[root@docker docker]# ss -anput | grep ":2375"
tcp    LISTEN     0      128    [::]:2375               [::]:*                   users:(("dockerd",pid=17729,fd=9))

docker daemon默认侦听使用的是unix格式,侦听文件:UNIX:///run/docker.sock,添加tcp://0.0.0.0:2375
可实现远程管理

第六步:实例远程连接方法

在另外一台机器上安装docker操作

# docker -H 远程容器主机 version

注意:不要在命令行后面添加端口

[root@localhost ~]# docker -H 192.168.44.100 images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
centos       latest    5d0da3dc9764   12 months ago   231MB
[root@localhost ~]# docker -H 192.168.44.100 version
Client: Docker Engine - Community
 Version:           20.10.18
 API version:       1.41
 Go version:        go1.18.6
 Git commit:        b40c2f6
 Built:             Thu Sep  8 23:14:08 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.18
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.6
  Git commit:       e42327a
  Built:            Thu Sep  8 23:12:21 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.8
  GitCommit:        9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

4. docker命令行

管理类命令是对普通命令的一个分类加以补充

[root@docker ~]# docker --help

Usage:  docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -c, --context string     Name of the context to use to connect to the daemon (overrides DOCKER_HOST env
                           var and default context set with "docker context use")
  -D, --debug              Enable debug mode
  -H, --host list          Daemon socket(s) to connect to
  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands: # 管理类
  app*        Docker App (Docker Inc., v0.9.1-beta3)
  builder     Manage builds
  buildx*     Docker Buildx (Docker Inc., v0.9.1-docker)
  config      Manage Docker configs
  container   Manage containers
  context     Manage contexts
  image       Manage images
  manifest    Manage Docker image manifests and manifest lists
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  scan*       Docker Scan (Docker Inc., v0.17.0)
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  trust       Manage trust on Docker images
  volume      Manage volumes

Commands: # 普通命令
  attach      Attach local standard input, output, and error streams to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

5. docker命令行实现容器管理

容器镜像获取

  • 系统镜像
  • 应用镜像

搜索镜像(dockerhub)

普通命令

搜索centos镜像
[root@docker ~]# docker search centos

管理类命令

获取镜像(pull)

从镜像仓库拉取镜像到本地

普通命令

[root@docker ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Image is up to date for centos:latest
docker.io/library/centos:latest

管理命令

[root@docker ~]# docker image pull centos
Using default tag: latest
latest: Pulling from library/centos
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Image is up to date for centos:latest
docker.io/library/centos:latest

打包传输镜像

[root@docker ~]# images
-bash: images: command not found
[root@docker ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
centos       latest    5d0da3dc9764   12 months ago   231MB
[root@docker ~]# docker save --help

Usage:  docker save [OPTIONS] IMAGE [IMAGE...]

Save one or more images to a tar archive (streamed to STDOUT by default)

Options:
  -o, --output string   Write to a file, instead of STDOUT
# 打包镜像(也可以通过IMAGE ID打包)
[root@docker ~]# docker save -o centos.tar centos:latest
[root@docker ~]# ls
centos.tar

传输到另外一台机器

[root@docker ~]# scp centos.tar 192.168.44.150:/root/
The authenticity of host '192.168.44.100 (192.168.44.150)' can't be established.
ECDSA key fingerprint is SHA256:lv6Ct2Pe0nmV/L+HrcBoxowbywIueXoCOom6I2dD3fU.
ECDSA key fingerprint is MD5:8c:05:db:2e:ea:01:89:97:d5:87:4b:3f:f0:83:cf:1e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.44.150' (ECDSA) to the list of known hosts.
root@192.168.44.100's password: 
centos.tar                                                                     100%  228MB  88.8MB/s   00:02

在另外一台机器上安装docker环境

[root@localhost ~]# docker load --help

Usage:  docker load [OPTIONS]

Load an image from a tar archive or STDIN

Options:
  -i, --input string   Read from tar archive file, instead of STDIN
  -q, --quiet          Suppress the load output
  
# 导入命令
[root@localhost ~]# docker load -i centos.tar
74ddd0ec08fa: Loading layer [==================================================>]  238.6MB/238.6MB
Loaded image: centos:latest
[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
centos       latest    5d0da3dc9764   12 months ago   231MB

启动容器

启动容器运行一个bash命令的容器

[root@localhost ~]# docker run -it --name=centos1 centos:latest /bin/bash
[root@7692fb02aa29 /]# exit
exit
或者
[root@localhost ~]# docker container run -it --name=centos2 centos:latest /bin/bash
[root@9bf096f5761d /]# exit

启动一个运行httpd服务的容器

[root@localhost ~]# docker container run -it --name=http centos:latest /bin/bash

在容器中安装hhtpd

[root@3ff9bcdf3e6b ~]# yum install httpd -y
[root@3ff9bcdf3e6b ~]# /usr/sbin/httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
httpd (pid 144) already running
[root@3ff9bcdf3e6b]# echo "hello docker" >> /var/www/html/index.html
[root@3ff9bcdf3e6b]# curl http://localhost/index.html 
hello docker

解决docker中的CtenOS8镜像无法使用yum

# cd /etc/yum.repos.d/
# sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
# sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
# yum makecache

基于容器生成文件导入为容器镜像

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND       CREATED          STATUS          PORTS     NAMES
3ff9bcdf3e6b   centos:latest   "/bin/bash"   38 minutes ago   Up 38 minutes             http
# http为刚才上面创建的容器名,也可以用容器id
[root@localhost ~]# docker export -o centos-httpd.tar http
[root@localhost ~]# ll
total 502832
-rw-------. 1 root root 276310528 Oct  3 00:34 centos-httpd.tar
[root@docker ~]# docker import --help

Usage:  docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]

Import the contents from a tarball to create a filesystem image

Options:
  -c, --change list       Apply Dockerfile instruction to the created image
  -m, --message string    Set commit message for imported image
      --platform string   Set platform if server is multi-platform capable
# 导入镜像,-m类似于注释
[root@docker ~]# docker import -m httpd应用镜像 centos-httpd.tar centos-httpd:v1
sha256:bec35d25ea77e2e62ec8f31b5ef608f34939d942daabca7a081d92c5663f5c77
[root@docker ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED         SIZE
centos-httpd   v1        bec35d25ea77   7 seconds ago   269MB
centos         latest    5d0da3dc9764   12 months ago   231MB

[root@docker ~]# docker history centos-httpd:v1    
IMAGE          CREATED          CREATED BY   SIZE      COMMENT
bec35d25ea77   43 seconds ago                269MB     httpd应用镜像

运行阿帕奇镜像

[root@docker ~]# docker run -it --name centos-httpd centos-httpd:v1 /bin/bash
[root@caa21637996a /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
# 可以看到和前面的内容是一样的
[root@caa21637996a /]# curl http://localhost/index.html
hello docker

查看容器Ip地址

[root@docker ~]# ip a

3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:85:ef:e7:12 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:85ff:feef:e712/64 scope link 
       valid_lft forever preferred_lft forever
# 默认连接的网桥

查看方法1:直接在容器内ip a 查看

[root@docker ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED         SIZE
centos-httpd   v1        bec35d25ea77   9 minutes ago   269MB
centos         latest    5d0da3dc9764   12 months ago   231MB
[root@docker ~]# docker run -it --name=test centos-httpd:v1 /bin/bash
[root@e8204ea0c133 /]# ip a # 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 #由docker0网桥分配
       valid_lft forever preferred_lft forever

查看方法2:查看容器详细信息

[root@docker ~]# docker inspect test
.....
"Networks": 
                "bridge": 
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "738d11b55a3d7848ad645cb43f899ae1cf2b5df267d1f3eb81a71e60f4f090c9",
                    "EndpointID": "b34195d3629554e911e022bd5f6a1d198a6af0d1fe4ad34e4f22d425999c2486",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                
            

查看方法3:在容器外执行容器内命令

[root@docker ~]# docker exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

停止运行中的容器

[root@docker ~]# docker ps #查看正在运行的容器
CONTAINER ID   IMAGE             COMMAND       CREATED         STATUS         PORTS     NAMES
e8204ea0c133   centos-httpd:v1   "/bin/bash"   6 minutes ago   Up 6 minutes             test
#停止一个正在运行的容器,d是容器ID简写,也可以写容器名称,但是ID要能够唯一识别
[root@docker ~]# docker stop e82
e82
[root@docker ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@docker ~]# docker ps --all # 查看所有容器
CONTAINER ID   IMAGE             COMMAND       CREATED          STATUS                      PORTS     NAMES
e8204ea0c133   centos-httpd:v1   "/bin/bash"   7 minutes ago    Exited (0) 15 seconds ago             test
caa21637996a   centos-httpd:v1   "/bin/bash"   13 minutes ago   Exited (0) 8 minutes ago              centos-httpd
# 启动多个容器
[root@docker ~]# docker start e8 ca
e8
ca
[root@docker ~]# docker ps
CONTAINER ID   IMAGE             COMMAND       CREATED          STATUS          PORTS     NAMES
e8204ea0c133   centos-httpd:v1   "/bin/bash"   8 minutes ago    Up 14 seconds             test
caa21637996a   centos-httpd:v1   "/bin/bash"   14 minutes ago   Up 14 seconds             centos-httpd
# 关闭多个正在运行的容器
[root@docker ~]# docker stop test centos-httpd
test
centos-httpd
[root@docker ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

开启已停止的容器

启动

[root@docker ~]# docker ps --all
CONTAINER ID   IMAGE             COMMAND       CREATED          STATUS                     PORTS     NAMES
e8204ea0c133   centos-httpd:v1   "/bin/bash"   11 minutes ago   Exited (0) 2 minutes ago             test
caa21637996a   centos-httpd:v1   "/bin/bash"   18 minutes ago   Exited (0) 2 minutes ago             centos-httpd
[root@docker ~]# docker start test
test

进入容器

[root@docker ~]# docker attach --help

Usage:  docker attach [OPTIONS] CONTAINER

Attach local standard input, output, and error streams to a running container

Options:
      --detach-keys string   Override the key sequence for detaching a container
      --no-stdin             Do not attach STDIN
      --sig-proxy            Proxy all received signals to the process (default true)
[root@docker ~]# docker attach test
[root@e8204ea0c133 /]# 

删除已停止的容器

注意:容器在运行中是不能停止的

[root@docker ~]# docker ps
CONTAINER ID   IMAGE             COMMAND       CREATED          STATUS         PORTS     NAMES
e8204ea0c133   centos-httpd:v1   "/bin/bash"   14 minutes ago   Up 2 minutes             test
[root@docker ~]# docker rm test
Error response from daemon: You cannot remove a running container e8204ea0c133aec17cb7e7ad47ea650d77531ac4f301300690614c9dd3f4a80f. Stop the container before attempting removal or force remove

停止后在删除

[root@docker ~]# docker stop test
test
[root@docker ~]# docker rm test
test
[root@docker ~]# docker ps --all
CONTAINER ID   IMAGE             COMMAND       CREATED          STATUS                     PORTS     NAMES
caa21637996a   centos-httpd:v1   "/bin/bash"   22 minutes ago   Exited (0) 6 minutes ago             centos-httpd

容器端口映射

我们知道容器的ip网段默认生成的是172.12网段的,在容器的宿主机上是可以访问的,那么怎么让一个和宿主机在同一网段的另外一台机也能访问到该容器呢?

这就可以用端口映射了。

准备两台机器

主机名ip备注
docker192.168.44.100安装docker,创键一个容器,在容器安装http
test192.168.44.150用来访问docker主机的http容器的index.html文件

注意:关闭防火墙和SELinux

在docker上操作

[root@docker ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED          SIZE
centos-httpd   v1        bec35d25ea77   39 minutes ago   269MB
centos         latest    5d0da3dc9764   12 months ago    231MB
# 端口映射
[root@docker ~]# docker run -it -p 80:80 --name=test-port centos-httpd:v1 /bin/bash
[root@70a5ad9c2560 /]# yum install -y httpd

[root@70a5ad9c2560 /]# echo "test httpd-port" > /var/www/html/index.html 
[root@70a5ad9c2560 /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[root@70a5ad9c2560 /]# curl http://172.17.0.2/index.html 
test httpd-port

#在docker宿主机上访问容器ip
[root@docker ~]# curl http://172.17.0.2
test httpd-port
# 访问自己的80 端口
[root@docker ~]# curl http://192.168.44.100
test httpd-port

在test主机上访问docker主机的的80端口

# 最终访问到了docker主机容器中的httpd
[root@test ~]# curl http://192.168.44.100
test httpd-port

查看docker机器上的容器状态

# 可以看到物理机的80端口转发到了某一个容器的80端口上了
[root@docker ~]# docker ps
CONTAINER ID   IMAGE             COMMAND       CREATED          STATUS          PORTS                               NAMES
70a5ad9c2560   centos-httpd:v1   "/bin/bash"   20 minutes ago   Up 20 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   test-port

如果主机上同时运行多个http服务的容器,端口怎么映射?

因为端口是稀缺资源

  • TCP:1~65535
  • UDP:1~65535
[root@docker ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED             SIZE
centos-httpd   v1        bec35d25ea77   About an hour ago   269MB
centos         latest    5d0da3dc9764   12 months ago       231MB
[root@docker ~]# docker run -it -p 80 --name test centos:latest /bin/bash
#如果仅定义了容器的端口,那么容器主机会随机添加映射端口到容器80端口,随机端口大于或等于32768
[root@docker ~]# docker ps
CONTAINER ID   IMAGE           COMMAND       CREATED         STATUS         PORTS                                     NAMES
b6d97eb9b396   centos:latest   "/bin/bash"   7 seconds ago   Up 6 seconds   0.0.0.0:49153->80/tcp, :::49153->80/tcp   test

使用容器主机的某一IP地址上的端口做随机映射

如果机器上有多个网卡或者多个IP地址,就可以指定ip做随机映射,端口也是随机的

[root@docker ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED             SIZE
centos-httpd   v1        bec35d25ea77   About an hour ago   269MB
centos         latest    5d0da3dc9764   12 months ago       231MB
[root@docker ~]# docker run -it -p 192.168.44.100::80 --name=centos centos:latest /bin/bash
[root@1e4ec6b9e6af /]# 


[root@docker ~]# docker ps
CONTAINER ID   IMAGE           COMMAND       CREATED         STATUS         PORTS                          NAMES
1e4ec6b9e6af   centos:latest   "/bin/bash"   5 seconds ago   Up 4 seconds   192.168.44.100:49153->80/tcp   centos

容器使用Docker Host存储数据

容器的数据持久化存储

第一步:在Dokcer Host 创建用于存储目录

[root@docker ~]# mkdir /opt/cvolume

第二步:运行容器并挂载上述目录

[root@docker ~]# docker run -it -v /opt/cvloume:/data --name=test centos:latest /bin/bash
[root@2cd56e044963 /]# ls /
bin   dev  home  lib64       media  opt   root  sbin  sys  usr
data(这个目录是创建容器时自动创建的)  etc  lib   lost+found  mnt    proc  run   srv   tmp  var

示例:运行在容器中的http服务,使用docker host的/web目录中的网页文件,并能够在doker host上进行修改,修改后立即生效

第一步:创建/web并添加网页文件

[root@docker ~]# mkdir /web
[root@docker ~]# echo "test web" >> /web/index.html

第二步:启动容器对/web目录进行挂载

[root@docker ~]# docker images
REPOSITORY     TAG       IMAGE ID       CREATED         SIZE
centos-httpd   v1        bec35d25ea77   2 hours ago     269MB
centos         latest    5d0da3dc9764   12 months ago   231MB
[root@docker ~]# docker run -it -p 8080:80/tcp -v /web:/var/www/html --name=centos-web centos:latest /bin/bash
[root@2b0c9dc8f6d9 /]# ls /var/www/html 
index.html
# 安装httpd并启动
[root@2b0c9dc8f6d9 /]# yum install httpd -y
[root@2b0c9dc8f6d9 /]# httpd -k start

第三步:访问http(在docker主机访问自己的8080端口)

[root@docker ~]# curl http://192.168.44.100:8080
test web

再次添加内容测试

[root@docker ~]# echo "hello" >> /web/index.html

到容器里查看

[root@eb08ccaebac4 /]# cat /var/www/html/index.html 
test web
hello

同样在容器里写入数据也会马上同步到宿主机docker上
[root@eb08ccaebac4 /]# echo "docker" >> /var/www/html/index.html 

[root@docker ~]# cat /web/index.html
test web
hello
docker

同步容器与docker host时间

[root@docker ~]# docker run -it -v /etc/localtime:/etc/localtime centos:latest /bin/bash
[root@24aed789dbd5 /]# date
Sun Oct  2 19:07:27 CST 2022

在容器外执行容器内命令

# 在名为centos的容器里执行 ls命令
[root@docker ~]# docker exec centos ls
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var

容器间互联(–link)

第一步:创建被依赖容器

[root@docker ~]# docker run -it --name=test centos:latest /bin/bash  
[root@caa54f58490e /]# 

第二步:创建依赖于源容器的容器

# test:mysqldb 给test容器起一个别名
[root@docker ~]# docker run --link test:mysqldb -it --name=web centos:latest /bin/bash

[root@57b694db72cd /]# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2      mysqldb caa54f58490e test
172.17.0.3      57b694db72cd


[root@57b694db72cd /]# ping mysqldb
PING mysqldb (172.17.0.2) 56(84) bytes of data.
64 bytes from mysqldb (172.17.0.2): icmp_seq=1 ttl=64 time=0.078 ms
64 bytes from mysqldb (172.17.0.2): icmp_seq=2 ttl=64 time=0.109 ms
64 bytes from mysqldb (172.17.0.2): icmp_seq=3 ttl=64 time=0.059 ms

第三步:验证

关闭容器

[root@docker ~]# docker stop test web
test
web

添加一个新的容器,用于抢占test的IP (172.17.0.2)

[root@docker ~]# docker run -it centos /bin/bash   
[root@2f7557ecf96e /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
46: eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

先启动被依赖test容器,在启动web容器

[root@docker ~]# docker start test
test
[root@docker ~]# docker start web
web
[root@docker ~]# docker exec test cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3      caa54f58490e
[root@docker ~]# docker exec web cat /etc/hosts    
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3      mysqldb caa54f58490e test
172.17.0.4      57b694db72cd

是否能够ping通

[root@docker ~]# docker exec web  ping test
PING mysqldb (172.17.0.3) 56(84) bytes of data.
64 bytes from mysqldb (172.17.0.3): icmp_seq=1 ttl=64 time=0以上是关于Docker学习笔记 —— Docker管理容器的主要内容,如果未能解决你的问题,请参考以下文章

Docker学习笔记Docker容器相关技术

Docker容器的文件系统管理

关于Docker中 容器镜像管理,数据卷网络,本地仓库,容器监控的一些笔记

Docker 学习笔记

Docker 学习笔记

Docker学习笔记