实践Docker

安装

Deepin 15.11

$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/debian/gpg | sudo apt-key add -

# 添加repository，如果报错，人工加入到/etc/apt/sources.list
$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/debian stretch stable"

$ sudo apt-get update
# 其实docker-ce依赖docker-ce-cli containerd.io
$ sudo apt-get install docker-ce docker-ce-cli containerd.io

控制docker状态

$ sudo systemctl [start|stop|status|disable|enable] docker.service
$ sudo systemctl [start|stop|status|disable|enable] containerd.service

命令

$ sudo docker --help

Usage:    docker COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -D, --debug              Enable debug mode
      --help               Print usage
  -H, --host list          Daemon socket(s) to connect to (default [])
  -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  container   Manage containers
  image       Manage images
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  volume      Manage volumes

Commands:
  attach      Attach to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

镜像

镜像好比模板，静态形式，类比虚拟机的镜像，便于维护、扩展和交流，一般用来创建容器。

列举镜像

1	`$ docker images`

拉取镜像

1	`$ docker pull fedora:21`

查找镜像

在Docker Hub上检索镜像

1	`$ docker search fedora`

删除镜像

1	`$ docker rmi <image_id>`

保存加载

# 保存镜像
$ sudo docker save showdoc > showdoc-save.tar

# 加载镜像
$ sudo docker load < showdoc-save.tar

构建镜像

commit

build和Dockerfile

编写Dockerfile文件

FROM tomcat:7.0-jre8
MAINTAINER Angi WANG "angi.wang.afe@gmail.com"
RUN apt-get update
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#公钥登录
ADD authorized_keys /root/.ssh/authorized_keys
#sshd启动脚步
ADD run.sh /run.sh
RUN chmod 755 /run.sh
EXPOSE 22
CMD ["/run.sh"]

构建

$ sudo docker build -t="AngiWANG/tomcat:ssh" .

推送到Docker Hub

1	`$ sudo docker push AngiWANG/tomcat:ssh`

容器

容器，基于镜像创建，动态形式

创建容器

运行（启动）并创建容器且执行命令（前台）

$ sudo docker run -it tomcat:7.0-jre8 /bin/bash
root@875584e55268:/usr/local/tomcat#

定制容器名称（默认docker随机生成名称），相比于容器ID，更容易识别，便于人工操作。

$ sudo docker run --name tomcat-7.0-jre-8 -it tomcat:7.0-jre8 /bin/bash
root@875584e55268:/usr/local/tomcat#

shell中exit退出，容器也即停止

root@875584e55268:/usr/local/tomcat# exit
$

运行并创建容器且执行命令（后台）

$ sudo docker run -d tomcat:7.0-jre8 /bin/sh -c "while true; do echo hello world; sleep 1; done"

停止容器

1	`$ docker stop <container_id>`

列举容器

$ sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
875584e55268        tomcat:7.0-jre8     "/bin/bash"         9 minutes ago       Up 9 minutes        8080/tcp            elastic_brown

启动容器

启动已经停止的容器（沿用run命令的参数）

$ sudo docker start elastic_brown
elastic_brown
$

附着到运行中的容器（沿用run命令的参数）【可能需要按下回车键才能进入该会话】

$ sudo docker attach elastic_brown
root@875584e55268:/usr/local/tomcat#

在容器内部运行命令（前台）

$ sudo docker exec -it distracted_poitras /bin/bash
root@9890f06d2120:/usr/local/tomcat#

在容器内部运行命令（后台）

# 新建一个文件
$ sudo docker exec -d distracted_poitras touch /etc/new_config_file
root@9890f06d2120:/usr/local/tomcat#

删除容器

$ sudo docker rm distracted_poitras

导出导入

# 导出容器
$ sudo docker export showdoc > showdoc-export.tar

# 导入容器
cat showdoc-export.tar | docker import - showdoc

端口映射

宿主机4999端口映射到容器80端口上

$ docker run -d --name showdoc -p 4999:80 showdoc
# 宿主机指定ip
$ docker run -d --name showdoc -p 127.0.0.1:4999:80 showdoc

宿主机端口随机映射到容器80端口上

$ docker run -d --name showdoc -p 80 showdoc
# 宿主机指定ip
$ docker run -d --name showdoc -p 127.0.0.1::80 showdoc

查看宿主机与容器的端口映射

1	`$ docker port showdoc 80`

对外开放Dockerfile中EXPOSE的端口，宿主机端口随机

$ docker run -d --name showdoc -P showdoc

数据管理

# 本地目录/home/angi/workspace/showdoc挂载到容器/var/www/html目录
$ docker run -d -v /home/angi/workspace/showdoc:/var/www/html --name showdoc-out -p 80:80 showdoc

权限

两目录的userId、groupId和权限等一模一样，但是由于宿主机和容器两系统中user和group的ID分配是不一样的，相同ID代表的内容不一样，因而可能会出现权限问题。例如：

容器

root@cb988f5ea19e:/var/www/html# ls -l
total 56
drwxr-xr-x  5 1000 1000 4096 Aug 31 04:00 Application
-rw-r--r--  1 1000 1000  397 Aug 25 09:23 Dockerfile
-rw-r--r--  1 1000 1000 1743 Aug 31 06:12 LICENSE.txt
drwxr-xr-x 14 1000 1000 4096 Aug 25 09:23 Public
-rw-r--r--  1 1000 1000 4058 Aug 25 09:23 README.md
drwxr-xr-x  2 1000 1000 4096 Aug 25 09:23 Sqlite
drwxr-xr-x  8 1000 1000 4096 Aug 25 09:23 ThinkPHP
-rw-r--r--  1 1000 1000  563 Aug 25 09:23 composer.json
-rw-r--r--  1 1000 1000 4286 Aug 25 09:23 favicon.ico
-rw-r--r--  1 1000 1000 1009 Aug 25 09:23 index.php
drwxr-xr-x  2 1000 1000 4096 Aug 31 04:59 install
-rw-r--r--  1 1000 1000   30 Aug 25 09:23 robots.txt
drwxr-xr-x  3 1000 1000 4096 Aug 25 09:23 server
root@cb988f5ea19e:/var/www/html#

宿主机

angi@angi-deepin:~/workspace/showdoc$ ls -l
总用量 56
drwxr-xr-x  5 angi angi 4096 8月  31 12:00 Application
-rw-r--r--  1 angi angi  563 8月  25 17:23 composer.json
-rw-r--r--  1 angi angi  397 8月  25 17:23 Dockerfile
-rw-r--r--  1 angi angi 4286 8月  25 17:23 favicon.ico
-rw-r--r--  1 angi angi 1009 8月  25 17:23 index.php
drwxr-xr-x  2 angi angi 4096 8月  31 14:53 install
-rw-r--r--  1 angi angi 1743 8月  31 14:12 LICENSE.txt
drwxr-xr-x 14 angi angi 4096 8月  25 17:23 Public
-rw-r--r--  1 angi angi 4058 8月  25 17:23 README.md
-rw-r--r--  1 angi angi   30 8月  25 17:23 robots.txt
drwxr-xr-x  3 angi angi 4096 8月  25 17:23 server
drwxr-xr-x  2 angi angi 4096 8月  31 14:54 Sqlite
drwxr-xr-x  8 angi angi 4096 8月  25 17:23 ThinkPHP
angi@angi-deepin:~/workspace/showdoc$ 

容器中Apache进程用户为www-data，ID为33，对/var/www/html目录没有写权限，导致无法showdoc无法安装成功。

在宿主机将属主变更为33即可，例如：

$ sudo chown -R 33 showdoc

但是这样可能导致宿主机的权限问题，可以通过group增加权限。

$ sudo chmod -R g+w showdoc

仓库

docker hub

#登录到docker hub
$ sudo docker login
[sudo] angi 的密码：
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username (angiwangafe):
Password:
Login Succeeded
$

docker-registry

distribution

Compose

Compose一种编配工具，原本需要一个容器一个容器的启动/停止等操作，借助compose通过编排（docker-compose.yml）可以同时操作多个容器。

安装

通过package管理器安装

$ sudo apt install docker-compose
$ docker-compose --version
docker-compose version 1.8.0, build unknown

或者人工安装

$ sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

$ sudo chmod +x /usr/local/bin/docker-compose

$ docker-compose --version
docker-compose version 1.26.0, build d4451659

命令

$ sudo docker-compose up [-d]
$ sudo docker-compose down

docker-compose.xml

docker-compose.yml sample:

web:
  image: jamtur01/composeapp
  command: python app.py
  ports:
   - "5000:5000"
  volumes:
   - .:/composeapp
  links:
   - redis
redis:
  image: redis

指令：

image

command

build

ports

volumes

links

Machine

Swarm

Swarm一种集群管理工具，可以构建CaaS

Swarm Mode

Dockerfile指令

.dockerignore定义忽略处理的文件

安装

命令

镜像

列举镜像

拉取镜像

查找镜像

删除镜像

保存加载

构建镜像

容器

创建容器

停止容器

列举容器

启动容器

删除容器

导出导入

端口映射

数据管理

权限

仓库

Compose

安装

命令

docker-compose.xml

Machine

Swarm

Swarm Mode

Dockerfile指令

FROM

MAINTAINER

RUN

EXPOSE

CMD

ENTRYPOINT

WORKDIR

ENV

USER

VOLUME

ADD

COPY

LABEL

STOPSIGNAL

ARG

ONBUILD