Docker第二章:docker基础1--镜像,容器&仓库
Posted 隔壁老梁
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker第二章:docker基础1--镜像,容器&仓库相关的知识,希望对你有一定的参考价值。
1、镜像
Dcoker运行容器之前需要本地存在对应的镜像,如果本地不存在对应的镜像,Docker会尝试从默认镜像仓库下载(默认使用Docker Hub公共注册服务器中的仓库),用户也可以通过配置,使用自定义的本地仓库。
-
下载一个镜像到本地
命令:docker pull centos
[[email protected] ~]# docker pull centos #可以指定特定版本的镜像 latest: Pulling from centos 5932f74ff0cd: Pull complete 4a7b890637c2: Pull complete 4beff0251382: Pull complete Digest: sha256:cb2a2bffb199880da9c69e7f647c01c720c6f95b186a86cfbd3ef168b8032074 Status: Downloaded newer image for centos:latest [[email protected] ~]#
也可以从其他指定的仓库下载
docker pull d1.dockerpool.com:5000/cetos
- 查看镜像信息
使用docker images命令可以列出本地主机上已有的镜像
[[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos latest 4beff0251382 3 weeks ago 192.5 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]#
在列出的信息中,可以看到几个字段的信息:
1、来自于哪个仓库,如centos仓库
2、镜像的标签信息
3、镜像的ID号,ID号是唯一的。
4、创建时间
5、镜像大小
使用docker inspect ID号,可以查看该镜像的详细信息
- 搜索镜像
docker search TERM,可以搜索远端仓库中共享的镜像,默认搜索Docker Hub官方仓库中的镜像。
支持的参数:
1、--automated=false 仅显示自动创建的镜像。
2、--no-trunc=false 输出信息不截断显示
3、-s,--stars=0 指定仅显示评价为指定星级以上的镜像
[[email protected] ~]# docker search centos NAME DESCRIPTION STARS OFFICIAL AUTOMATED centos The official build of CentOS. 3369 [OK] jdeathe/centos-ssh CentOS-6 6.9 x86_64 / CentOS-7 7.3.1611 x8... 70 [OK] nimmis/java-centos This is docker images of CentOS 7 with dif... 26 [OK] consol/centos-xfce-vnc Centos container with "headless" VNC sessi... 26 [OK] gluster/gluster-centos Official GlusterFS Image [ CentOS-7 + Glu... 19 [OK] million12/centos-supervisor Base CentOS-7 with supervisord launcher, h... 16 [OK] kinogmt/centos-ssh CentOS with SSH 13 [OK] egyptianbman/docker-centos-nginx-php A simple and highly configurable docker co... 9 [OK] torusware/speedus-centos Always updated official CentOS docker imag... 8 [OK] nathonfowlie/centos-jre Latest CentOS image with the JRE pre-insta... 5 [OK] centos/mariadb55-centos7 5 [OK] consol/sakuli-centos-xfce Sakuli javascript based end-2-end testing ... 3 [OK] darksheer/centos Base Centos Image -- Updated hourly 3 [OK] harisekhon/centos-java Java on CentOS (OpenJDK, tags jre/jdk7-8) 2 [OK] harisekhon/centos-scala Scala + CentOS (OpenJDK tags 2.10-jre7 - 2... 2 [OK] freenas/centos Simple CentOS Linux interactive container 1 [OK] blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK] timhughes/centos Centos with systemd installed and running 1 [OK] vorakl/centos CentOS7, EPEL, tools. Updated/Tested daily! 1 [OK] kz8s/centos Official CentOS plus epel-release 0 [OK] grossws/centos CentOS 6 and 7 base images with gosu and l... 0 [OK] vcatechnology/centos A CentOS Image which is updated daily 0 [OK] vcatechnology/centos-ci A CentOS image that is used in the VCA Tec... 0 [OK] januswel/centos yum update-ed CentOS image 0 [OK] repositoryjp/centos Docker Image for CentOS. 0 [OK] [[email protected] ~]#
NAME:镜像仓库源的名称
DESCRIPTION:镜像的描述
OFFICIAL:是否docker官方发布
- 删除镜像
使用docker rmi 命令可以删除镜像,命令格式为docker rmi IMAGE,其中IMAGE可以为标签或ID
-
创建镜像
创建镜像的方法有三种:基于已有镜像的容器创建、基于本地模板导入、基于Dockerfile创建。
1、基于已有镜像的容器创建
该方法主要是使用docker commit命令,格式为:docker commit 【OPTIONS】 CONTAINER 【REPOSITORY【:TAG】】,选项包括:
-a,--author=“” 指定镜像是由何人提交
-m,--message=“” 描述信息
-p,--pause=true 提交是暂停容器运行。
例:首先启动一个容器
docker run -d -p 5000:5000 registry
使用docker ps/docker image可以查看容器的ID信息
docker commit -m="this is a test to update images" -a="lw" e218edb10161 lw/centos:v2 sha256:70bf1840fd7c0d2d8ef0a42a817eb29f854c1af8f7c59fc03ac7bdee9545aff8
创建完成后可以使用docker images 查看镜像信息
[[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE lw/centos v2 cd58eba2104d 9 seconds ago 33.17 MB centos latest 4beff0251382 3 weeks ago 192.5 MB registry latest bb682e0824bd 3 weeks ago 33.17 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]#
2、基于本地模板导入
在OPENVZ上面下载一个模板到本地,地址:https://openvz.org/Download/template/precreated
例如我本地下载了一个centos的镜像:centos-5-x86-devel.tar.gz
导入:
cat centos-5-x86-devel.tar.gz |docker import - centos:test #test为标签名字
-
存出和导入镜像
可以使用docker save和docker load命令来存出和导入镜像
存出镜像:将镜像在镜像库中导入到本地
1 [[email protected] ~]# docker images 2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 3 lw/centos v2 cd58eba2104d 9 minutes ago 33.17 MB 4 centos latest 4beff0251382 3 weeks ago 192.5 MB 5 registry latest bb682e0824bd 3 weeks ago 33.17 MB 6 hello-world latest 7a5a2d73abce 4 months ago 1.84 kB 7 [[email protected] ~]# docker save -o centos.tar lw/centos 8 [[email protected] ~]# ll 9 total 34908 10 -rw-------. 1 root root 1211 Apr 6 16:59 anaconda-ks.cfg 11 -rw-r--r-- 1 root root 35693056 Jun 5 10:57 centos.tar 12 -rw-r--r--. 1 root root 6623 Apr 7 14:13 inital.sh 13 -rw-r--r--. 1 root root 28614 Apr 6 16:59 install.log 14 -rw-r--r--. 1 root root 7572 Apr 6 16:57 install.log.syslog 15 [[email protected] ~]#
导入镜像:将本地镜像导入到镜像库中
例子略,可自行测试
-
上传镜像
使用docker push命令上传镜像到仓库,默认上传到DockerHub官方仓库(需要登录),命令格式:docker push NAME【:TAG】
-
设置镜像标签
可以使用docker tag来为镜像添加一个新的标签。
[[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE lw/centos v2 cd58eba2104d 17 minutes ago 33.17 MB centos latest 4beff0251382 3 weeks ago 192.5 MB registry latest bb682e0824bd 3 weeks ago 33.17 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]# docker tag cd58eba2104d lw11/centos:ops [[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE lw/centos v2 cd58eba2104d 19 minutes ago 33.17 MB lw11/centos ops cd58eba2104d 19 minutes ago 33.17 MB centos latest 4beff0251382 3 weeks ago 192.5 MB registry latest bb682e0824bd 3 weeks ago 33.17 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]#
3、Docfile 后面讲
2、容器
容器是使用镜像创建的,相当于python中类的一个实例,对实例的任何操作不会对类本身造成影响,可以理解为容器是镜像实例化后的一个对象,在镜像的上一层创建一个可写层,对容器的任何操作都是在可写层进行的,对镜像本身无任何影响,镜像不会有任何改变,可以对容器进行commit创建一个新的镜像。
-
创建容器
1、docker create 创建一个新的容器,新建的容器处于stop状态,想要启动需要执行docker start命令
命令格式:docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
[[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE lw/centos v2 cd58eba2104d 19 minutes ago 33.17 MB lw11/centos ops cd58eba2104d 19 minutes ago 33.17 MB centos latest 4beff0251382 3 weeks ago 192.5 MB registry latest bb682e0824bd 3 weeks ago 33.17 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]# docker create --name mycentos lw11/centos:ops f01346d74213aad76712a28d3ed568cb898469dd737651021bf84162e892f394 [[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f01346d74213 lw11/centos:ops "/entrypoint.sh /etc 29 seconds ago mycentos 46adfd7889ea registry "/entrypoint.sh /etc 2 days ago Up 2 days 0.0.0.0:5000->5000/tcp agitated_einstein 68b8d624ca6d centos "/bin/bash" 9 days ago Exited (0) 9 days ago drunk_pare [[email protected] ~]#
--name 指定容器名字
2、docker run创建并启动一个容器
命令格式:docker run 镜像名,命令【可选】
[[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE lw/centos v2 cd58eba2104d 3 hours ago 33.17 MB lw11/centos ops cd58eba2104d 3 hours ago 33.17 MB centos latest 4beff0251382 3 weeks ago 192.5 MB registry latest bb682e0824bd 3 weeks ago 33.17 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]# docker run centos [[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 391a4afa7f97 centos "/bin/bash" 8 seconds ago Exited (0) 6 seconds ago stupefied_meitner f01346d74213 lw11/centos:ops "/entrypoint.sh /etc 2 hours ago mycentos 46adfd7889ea registry "/entrypoint.sh /etc 2 days ago Up 2 days 0.0.0.0:5000->5000/tcp agitated_einstein 68b8d624ca6d centos "/bin/bash" 9 days ago Exited (0) 9 days ago drunk_pare [[email protected] ~]#
[[email protected] ~]# docker run centos /bin/echo "Hello world" #跟本地直接执行/bin/echo "Hello world"感觉不到区别
Hello world [[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8db0cc40e83c centos "/bin/echo ‘Hello wo 4 seconds ago Exited (0) 2 seconds ago lonely_payne
391a4afa7f97 centos "/bin/bash" About a minute ago Exited (0) About a minute ago stupefied_meitner
f01346d74213 lw11/centos:ops "/entrypoint.sh /etc 2 hours ago mycentos
46adfd7889ea registry "/entrypoint.sh /etc 2 days ago Up 2 days 0.0.0.0:5000->5000/tcp agitated_einstein
68b8d624ca6d centos "/bin/bash" 9 days ago Exited (0) 9 days ago drunk_pare [[email protected] ~]#
当利用docker run来创建并启动容器时,docker在后台运行的操作包括:
-
- 检测本地是否存在指定镜像,如果不存在,则首先在公共仓库中下载。
- 利用镜像创建并启动一个容器。
- 分配一个文件系统,并在只读的镜像层外面挂载一层可写层。
- 从宿主机配置的网桥接口中桥接一个虚拟接口道容器中去。
- 从地址池配置一个IP地址给容器。
- 执行用户执行的应用程序。
- 执行完毕后容器被终止。
下面的命令则启动一个bash终端,允许用户进行交互:
[[email protected] ~]# docker run -t -i centos /bin/bash [[email protected] /]# [[email protected] /]# ls anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var [[email protected] /]# pwd /
[[email protected] /]# exit
exit
[[email protected] ~]#
其中-t选项让Docker分配一个伪终端,并绑定到容器的标准输入上,-i则让容器的标准输入保持打开。在容器内执行ps查看进程,可以看到只运行了bash应用,并没有运行其他不需要的进程,exit退出容器后,改容器就会自动处于终止状态。
3、守护态运行
更多时候,需要让Docker容器在后台以守护态形式运行,可以通过添加-d参数来实现
[[email protected] ~]# docker run -itd centos /bin/bash 30ed4e190c3bdb69af44bcb2809dc01f346c880e4922e50285893aa78b957667 [[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30ed4e190c3b centos "/bin/bash" 3 seconds ago Up 2 seconds gloomy_mestorf 46adfd7889ea registry "/entrypoint.sh /etc 4 days ago Up 4 days 0.0.0.0:5000->5000/tcp agitated_einstein [[email protected] ~]#
-
进入容器
进入到运行在后台的容器的方法常见的有三种:docker attach命令、docker exec命令,以及nsenter工具等
1、attach命令
docker attach是docker自带的命令
[[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30ed4e190c3b centos "/bin/bash" 3 seconds ago Up 2 seconds gloomy_mestorf 46adfd7889ea registry "/entrypoint.sh /etc 4 days ago Up 4 days 0.0.0.0:5000->5000/tcp agitated_einstein [[email protected] ~]# docker attach gloomy_mestorf #gloomy_mestorf是容器名字
[[email protected] /]# [[email protected] /]# ls anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
使用attach命令进入容器并不方便,当多个窗口同时attac到同一个容器的时候,所有窗口都会同步显示。
2、exec命令
docker 自1.3版本起,提供了一个更加方便的工具exec,可以直接在容器内运行命令。
[[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30ed4e190c3b centos "/bin/bash" 58 minutes ago Up 21 seconds gloomy_mestorf 46adfd7889ea registry "/entrypoint.sh /etc 4 days ago Up About a minute 0.0.0.0:5000->5000/tcp agitated_einstein [[email protected] ~]# docker exec -it 30ed4e190c3b /bin/bash #可以跟容器名字,也可以跟ID号 [[email protected] /]# exit exit [[email protected] ~]# docker exec -it gloomy_mestorf /bin/bash [[email protected] /]# exit exit [[email protected] ~]#
3、nsenter工具
①nsenter 工具在Linux2.23版本后包含,如果系统中没有该命令,首先安装:
curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar -zxf- cd util-linux-2.24 ./configure --without-ncurses make nsenter cp nsenter /usr/local/bin
②连接到容器:
首先需要找到容器进程的PID,然后通过PID进入到容器:
[[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30ed4e190c3b centos "/bin/bash" 58 minutes ago Up 21 seconds gloomy_mestorf [[email protected] ~]#docker inspect --format "{{ .State.Pid }}" 30ed4e190c3b 2788 [[email protected] ~]# nsenter --target 2788 --mount --uts --ipc --net --pid [[email protected] /]# ls anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var [[email protected] /]#
-
删除容器
可以使用docker rm命令删除容器,命令格式:
docker rm 容器ID/容器名字
支持的参数包括:
-f,--force=false 强制终止并删除一个运行中的容器
-l,--link=false 删除容器的连接,但保留容器
-v,--volumes=false 删除容器挂载的数据卷
[[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30ed4e190c3b centos "/bin/bash" About an hour ago Up 47 minutes gloomy_mestorf 46adfd7889ea registry "/entrypoint.sh /etc 4 days ago Up 48 minutes 0.0.0.0:5000->5000/tcp agitated_einstein [[email protected] ~]# docker rm -f agitated_einstein agitated_einstein [[email protected] ~]# [[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30ed4e190c3b centos "/bin/bash" About an hour ago Up 50 minutes gloomy_mestorf [[email protected] ~]#
-
导入和导出容器
1、导出容器
使用docker export命令将一个已经创建的容器导出到一个文件,不管此时这个容器是否处于运行状态。
docker export 后可跟容器ID/容器name
[[email protected] ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30ed4e190c3b centos "/bin/bash" About an hour ago Up 58 minutes gloomy_mestorf 26a89d53df8e centos "/bin/bash" About an hour ago Exited (0) About an hour ago mad_mclean ce1b92def01f centos "/bin/bash" 46 hours ago Exited (0) 46 hours ago drunk_wright [[email protected] ~]# docker export 30ed4e190c3b >test1.tar [[email protected] ~]# ls anaconda-ks.cfg centos.tar inital.sh install.log install.log.syslog test1.tar [[email protected] ~]# docker export mad_mclean>test2.tar [[email protected] ~]# ls anaconda-ks.cfg centos.tar inital.sh install.log install.log.syslog test1.tar test2.tar [[email protected] ~]#
2、导入容器
可以使用docker import 命令将导出的文件导入成镜像,注意:这里是导入成镜像。
3、仓库
因为下载镜像会用到仓库,所以,先说仓库
仓库(Repository)是集中存放镜像的地方
仓库和注册服务器(Registry):
注册服务器是存放仓库的具体服务器,每个服务器上可以有多个仓库,每个仓库下面有多个镜像。
例如:dl.dockerpool.com/centos来说,dl.dockerpool.com是注册服务,centos是仓库名
仓库又分公共仓库和私有仓库
1.1 Docker Hub
Docker官方维护了一个公共仓库https://hub.docker.com
- 登录
首先在官网上面创建一个账户,然后在服务器上面使用docker login登录:
Password: [[email protected] ~]# docker login Username: xxxx Password: Email: [email protected] WARNING: login credentials saved in /root/.docker/config.json Login Succeeded [[email protected] ~]#
- 创建私有仓库
docker run -d -p 5000:5000 registry
上面的命令将自动创建一个registry容器,创建本地的私有仓库服务,此时,在本地将启动一个私有仓库服务,端口为5000.
默认情况下,会将仓库创建在容器的/tmp/registry目录下,可以通过 -v 参数来将镜像文件存放在本地的指定路径上
- 管理私有仓库镜像
将已有镜像添加新的标记
[[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE lw/centos v2 cd58eba2104d 2 days ago 33.17 MB lw11/centos ops cd58eba2104d 2 days ago 33.17 MB centos latest 4beff0251382 3 weeks ago 192.5 MB registry latest bb682e0824bd 3 weeks ago 33.17 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]# docker tag centos:latest 10.40.1.240:5000/test [[email protected] ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE lw/centos v2 cd58eba2104d 2 days ago 33.17 MB lw11/centos ops cd58eba2104d 2 days ago 33.17 MB 10.40.1.240:5000/test latest 4beff0251382 3 weeks ago 192.5 MB centos latest 4beff0251382 3 weeks ago 192.5 MB registry latest bb682e0824bd 3 weeks ago 33.17 MB hello-world latest 7a5a2d73abce 4 months ago 1.84 kB [[email protected] ~]#
使用docker push上传标记的镜像到私有仓库
[[email protected] ~]# docker push 10.40.1.240:5000/test The push refers to a repository [10.40.1.240:5000/test] (len: 1) 4beff0251382: Image already exists 4a7b890637c2: Image already exists 5932f74ff0cd: Image successfully pushed Digest: sha256:59e13fd53a3804bca8f110d1a6eb3085e95447471dd53b853ad5336f359c31ab
现在可以在任意一台能访问到10.40.1.240地址的机器上面下载这个镜像了
以上是关于Docker第二章:docker基础1--镜像,容器&仓库的主要内容,如果未能解决你的问题,请参考以下文章
Docker学习笔记 —— 镜像制作(Dockerfile)