<服务>Docker

时间:March 16, 2017 分类:

目录:

Docker的介绍

此部分内容出自Docker技术入门与实战。

什么是Docker呢?

用过Linux的人肯定都用过虚拟机,Docker就是一个小型的虚拟机,和虚拟机一样从系统资源中划分出一块来使用,可以随意的创建和销毁,与虚拟机不同的是不用安装操作系统,里边只有一个应用,甚至就可以理解为一个应用,每个容器之间资源隔离。并且不用自己去配置容器,类似于yum一样直接获取和分发,更新。

Docker被称为容器技术,到底什么是容器呢,用过DNS,FTP的都应该熟悉chroot,这就是早起的容器。

为什么需要Docker?

因为随着硬件配置的不断提升,虽然现在也遇到物理方面的瓶颈,但是也满足了当今绝大公司对硬件需要,客户对需求越来复杂,导致开发和运维人员需要准备更多的环境,进而促使很多的伪虚拟化的产生,进而产生了Docker。

Docker的优势在哪里?

快速部署,更高效的资源利用,更轻松的迁移和扩展。

Docker的三大概念

镜像(Image) 容器(Container) 仓库(Repository)

Docker镜像

Docker镜像类似虚拟机的镜像,可以理解为一个面向Docker引擎的只读文件。每个镜像可以包含一个应用或一个操作系统,镜像是创建容器的基础。

Docker容器

Docker容器是一个轻量级的沙箱,用来运行和隔离镜像应用,可以理解为一个简易版的操作系统环境。容器启动镜像后会在镜像上添加一个可写层,类似LVM快照后的可写层。

Docker仓库

Docker仓库是集中存放镜像文件的场所,可以理解为每个yum的repo指向不同的目录。仓库又分公开仓库和私有仓库。目前最大的仓库是Docker Hub,国内则为Docker Pool,可以提供稳定的网络访问。我们也可以在本地创建自己的私有仓库。

需要明确的内容

  • 与KVM的不同是,KVM上是客户机的操作系统,而docker引擎上直接为应用,依赖的也是一些内核对容器的支持。
  • docker可设定占用的系统资源的大小,所以说,docker之间的资源使用是隔离的
  • docker也为C/S的架构
  • docker镜像是只读的,在镜像启动的时候,添加一个可写层
  • docker相对KVM等虚拟机,浪费的性能更少

Docker的使用场景

  • 简化环境配置
  • 开发环境
  • 应用的隔离
  • 服务器整合
  • 合适多租户
  • 快速部署
  • 面向产品 面向开发 面向测试 面向运维 面向自动化进行扩容
  • 环境的一致性

安装Docker

安装epel源

[root@why-2 mongodb]# rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm

安装docker

[root@why-2 mongodb]# yum install -y docker-io

注意要确保不要安装docker,否则会报错

Transaction Check Error:
  file /usr/bin/docker from install of docker-io-1.7.1-2.el6.x86_64 conflicts with file from package docker-1.5-5.el6.x86_64

Error Summary
-------------

启动docker

[root@why-2 ~]# service docker start
Starting cgconfig service:                                 [确定]
Starting docker:                                       [确定]
[root@why-2 ~]# service docker status
docker (pid  1855) 正在运行...

可能会出现的问题1

[root@why-2 ~]# ps -ef | grep docker
root     15455 12526  0 11:43 pts/0    00:00:00 grep docker
[root@why-2 ~]# docker images 
Cannot connect to the Docker daemon. Is 'docker -d' running on this host?
[root@why-2 ~]# sudo docker -d
WARN[0000] You are running linux kernel version 2.6.32-431.el6.x86_64, which might be unstable running docker. Please upgrade your kernel to 3.10.0. 
INFO[0000] Listening for HTTP on unix (/var/run/docker.sock) 
docker: relocation error: docker: symbol dm_task_get_info_with_deferred_remove, version Base not defined in file libdevmapper.so.1.02 with link time reference

提示内核版本过低,可以升级内核

  • 目前没有http://www.elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm,可以使用http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm,修改日期2017年8月3日16时37分
[root@why-2 ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
[root@why-2 ~]# rpm -ivh http://www.elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
Retrieving http://www.elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
Preparing...                ########################################### [100%]
   1:elrepo-release         ########################################### [100%]
[root@why-2 ~]# yum --enablerepo=elrepo-kernel install kernel-lt -y
[root@why-2 ~]# vim /etc/grub.conf
设置default值(从0开始),一般新安装的内核在第一个位置,所以设置default=0
default=1改为default=0
[root@why-2 ~]# cat /etc/grub.conf 
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda2
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (3.10.105-1.el6.elrepo.x86_64)
    root (hd0,0)
    kernel /vmlinuz-3.10.105-1.el6.elrepo.x86_64 ro root=UUID=996eaafa-069a-4e1d-bb5c-a54ba85e8756 rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_MD LANG=zh_CN.UTF-8 rd_NO_LVM rd_NO_DM rhgb quiet crashkernel=auto
    initrd /initramfs-3.10.105-1.el6.elrepo.x86_64.img
title Red Hat Enterprise Linux (2.6.32-431.el6.x86_64)
    root (hd0,0)
    kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=UUID=996eaafa-069a-4e1d-bb5c-a54ba85e8756 rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_MD LANG=zh_CN.UTF-8 rd_NO_LVM rd_NO_DM rhgb quiet
    initrd /initramfs-2.6.32-431.el6.x86_64.img
[root@why-2 ~]# reboot即可

重启后的加载界面

[root@why-2 ~]# uname -a
Linux why-2 3.10.105-1.el6.elrepo.x86_64 #1 SMP Fri Feb 10 10:48:08 EST 2017 x86_64 x86_64 x86_64 GNU/Linux

可能会出现的问题2

[root@why ~]# docker -d
INFO[0000] Listening for HTTP on unix (/var/run/docker.sock) 
fatal error: unexpected signal during runtime execution
[signal 0xb code=0x1 addr=0x0 pc=0x0]

runtime stack:
runtime.gothrow(0xd64790, 0x2a)
    /usr/lib/golang/src/runtime/panic.go:503 +0x8e
runtime.sigpanic()
    /usr/lib/golang/src/runtime/sigpanic_unix.go:14 +0x5e

goroutine 1 [syscall, locked to thread]:
runtime.cgocall_errno(0x404f40, 0xc2083e2d10, 0x0)
    /usr/lib/golang/src/runtime/cgocall.go:130 +0xf5 fp=0xc2083e2cf0 sp=0xc2083e2cc8
github.com/docker/docker/pkg/devicemapper._Cfunc_dm_task_get_info(0x222bca0, 0xc2083e2d2c, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/pkg/devicemapper/:134 +0x43 fp=0xc2083e2d10 sp=0xc2083e2cf0
github.com/docker/docker/pkg/devicemapper.dmTaskGetInfoFct(0x222bca0, 0xc20810b0e0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/pkg/devicemapper/devmapper_wrapper.go:211 +0x96 fp=0xc2083e2d78 sp=0xc2083e2d10
github.com/docker/docker/pkg/devicemapper.(*Task).GetInfo(0xc208038340, 0x0, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/pkg/devicemapper/devmapper.go:220 +0x76 fp=0xc2083e2da0 sp=0xc2083e2d78
github.com/docker/docker/pkg/devicemapper.GetInfo(0xc208190360, 0x18, 0xc3e200, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/pkg/devicemapper/devmapper.go:540 +0xdc fp=0xc2083e2e00 sp=0xc2083e2da0
github.com/docker/docker/daemon/graphdriver/devmapper.(*DeviceSet).initDevmapper(0xc2081ae140, 0xc2081e0001, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go:1061 +0xa94 fp=0xc2083e30b8 sp=0xc2083e2e00
github.com/docker/docker/daemon/graphdriver/devmapper.NewDeviceSet(0xc2081c2d00, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x473b3f, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/graphdriver/devmapper/deviceset.go:1792 +0x4e7 fp=0xc2083e32a0 sp=0xc2083e30b8
github.com/docker/docker/daemon/graphdriver/devmapper.Init(0xc2081c2d00, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go:43 +0x172 fp=0xc2083e3368 sp=0xc2083e32a0
github.com/docker/docker/daemon/graphdriver.GetDriver(0xc87350, 0xc, 0xc20816bfa0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/graphdriver/driver.go:99 +0x1a4 fp=0xc2083e3408 sp=0xc2083e3368
github.com/docker/docker/daemon/graphdriver.New(0xc20816bfa0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/graphdriver/driver.go:123 +0xa9d fp=0xc2083e3628 sp=0xc2083e3408
github.com/docker/docker/daemon.NewDaemon(0x126f7c0, 0xc208038a50, 0x0, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/daemon.go:733 +0x93d fp=0xc2083e3a10 sp=0xc2083e3628
main.mainDaemon()
    /builddir/build/BUILD/docker-1.7.1/docker/daemon.go:143 +0x82e fp=0xc2083e3bf8 sp=0xc2083e3a10
main.main()
    /builddir/build/BUILD/docker-1.7.1/docker/docker.go:93 +0x6b4 fp=0xc2083e3f98 sp=0xc2083e3bf8
runtime.main()
    /usr/lib/golang/src/runtime/proc.go:63 +0xf3 fp=0xc2083e3fe0 sp=0xc2083e3f98
runtime.goexit()
    /usr/lib/golang/src/runtime/asm_amd64.s:2232 +0x1 fp=0xc2083e3fe8 sp=0xc2083e3fe0

goroutine 5 [syscall]:
os/signal.loop()
    /usr/lib/golang/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
    /usr/lib/golang/src/os/signal/signal_unix.go:27 +0x35

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
    /usr/lib/golang/src/runtime/asm_amd64.s:2232 +0x1

goroutine 11 [chan receive]:
github.com/docker/docker/pkg/listenbuffer.(*defaultListener).Accept(0xc2081c28a0, 0x0, 0x0, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/pkg/listenbuffer/buffer.go:73 +0xb6
net/http.(*Server).Serve(0xc2081431a0, 0x7f55e2140d28, 0xc2081c28a0, 0x0, 0x0)
    /usr/lib/golang/src/net/http/server.go:1728 +0x92
github.com/docker/docker/api/server.(*HttpServer).Serve(0xc2081c2a80, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/api/server/server.go:128 +0x4d
github.com/docker/docker/api/server.func·002(0x7f55e2140db0, 0xc2081c2a80)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/api/server/server.go:104 +0x40
created by github.com/docker/docker/api/server.(*Server).ServeApi
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/api/server/server.go:108 +0x6ac

goroutine 9 [chan receive]:
github.com/docker/docker/api/server.(*Server).ServeApi(0xc208092840, 0xc2080aa830, 0x1, 0x1, 0x0, 0x0)
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/api/server/server.go:113 +0x74f
main.func·003()
    /builddir/build/BUILD/docker-1.7.1/docker/daemon.go:129 +0x5f
created by main.mainDaemon
    /builddir/build/BUILD/docker-1.7.1/docker/daemon.go:135 +0x6b6

goroutine 10 [chan receive]:
github.com/docker/docker/daemon.func·021()
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/debugtrap.go:17 +0x5c
created by github.com/docker/docker/daemon.setupSigusr1Trap
    /builddir/build/BUILD/docker-1.7.1/_build/src/github.com/docker/docker/daemon/debugtrap.go:20 +0x18e

解决方式

关闭docker,删除pid等文件

[root@why ~]# service docker stop
[root@why ~]# service docker status
docker dead but pid file exists
[root@why ~]# rm -f /var/run/docker.
docker.pid   docker.sock  
[root@why ~]# rm -f /var/run/docker.*
[root@why ~]# service docker status
docker dead but subsys locked
[root@why ~]# rm -f /var/lock/subsys/docker 
[root@why ~]# service docker status
docker is stopped

安装依赖包

[root@why ~]# yum install device-mapper device-mapper-libs
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package device-mapper.x86_64 0:1.02.79-8.el6 will be updated
--> Processing Dependency: device-mapper = 1.02.79-8.el6 for package: device-mapper-event-1.02.79-8.el6.x86_64
---> Package device-mapper.x86_64 0:1.02.117-12.el6 will be an update
---> Package device-mapper-libs.x86_64 0:1.02.79-8.el6 will be updated
---> Package device-mapper-libs.x86_64 0:1.02.117-12.el6 will be an update
--> Running transaction check
---> Package device-mapper-event.x86_64 0:1.02.79-8.el6 will be updated
---> Package device-mapper-event.x86_64 0:1.02.117-12.el6 will be an update
--> Processing Dependency: device-mapper-event-libs = 1.02.117-12.el6 for package: device-mapper-event-1.02.117-12.el6.x86_64
--> Running transaction check
---> Package device-mapper-event-libs.x86_64 0:1.02.79-8.el6 will be updated
---> Package device-mapper-event-libs.x86_64 0:1.02.117-12.el6 will be an update
--> Processing Conflict: device-mapper-event-1.02.117-12.el6.x86_64 conflicts lvm2-libs < 2.02.111
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package lvm2-libs.x86_64 0:2.02.100-8.el6 will be updated
--> Processing Dependency: lvm2-libs = 2.02.100-8.el6 for package: lvm2-2.02.100-8.el6.x86_64
---> Package lvm2-libs.x86_64 0:2.02.143-12.el6 will be an update
--> Running transaction check
---> Package lvm2.x86_64 0:2.02.100-8.el6 will be updated
---> Package lvm2.x86_64 0:2.02.143-12.el6 will be an update
--> Processing Dependency: device-mapper-persistent-data >= 0.6.2 for package: lvm2-2.02.143-12.el6.x86_64
--> Running transaction check
---> Package device-mapper-persistent-data.x86_64 0:0.2.8-4.el6_5 will be updated
---> Package device-mapper-persistent-data.x86_64 0:0.6.2-0.1.rc7.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================================================================================================================================
 Package                                                                         Arch                                                     Version                                                                Repository                                              Size
==============================================================================================================================================================================================================================================================================
Updating:
 device-mapper                                                                   x86_64                                                   1.02.117-12.el6                                                        base                                                   218 k
 device-mapper-libs                                                              x86_64                                                   1.02.117-12.el6                                                        base                                                   257 k
 lvm2-libs                                                                       x86_64                                                   2.02.143-12.el6                                                        base                                                   1.0 M
Updating for dependencies:
 device-mapper-event                                                             x86_64                                                   1.02.117-12.el6                                                        base                                                   134 k
 device-mapper-event-libs                                                        x86_64                                                   1.02.117-12.el6                                                        base                                                   126 k
 device-mapper-persistent-data                                                   x86_64                                                   0.6.2-0.1.rc7.el6                                                      base                                                   463 k
 lvm2                                                                            x86_64                                                   2.02.143-12.el6                                                        base                                                   941 k

Transaction Summary
==============================================================================================================================================================================================================================================================================
Upgrade       7 Package(s)

Total download size: 3.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): device-mapper-1.02.117-12.el6.x86_64.rpm                                                                                                                                                                                                        | 218 kB     00:00     
(2/7): device-mapper-event-1.02.117-12.el6.x86_64.rpm                                                                                                                                                                                                  | 134 kB     00:00     
(3/7): device-mapper-event-libs-1.02.117-12.el6.x86_64.rpm                                                                                                                                                                                             | 126 kB     00:00     
(4/7): device-mapper-libs-1.02.117-12.el6.x86_64.rpm                                                                                                                                                                                                   | 257 kB     00:00     
(5/7): device-mapper-persistent-data-0.6.2-0.1.rc7.el6.x86_64.rpm                                                                                                                                                                                      | 463 kB     00:00     
(6/7): lvm2-2.02.143-12.el6.x86_64.rpm                                                                                                                                                                                                                 | 941 kB     00:00     
(7/7): lvm2-libs-2.02.143-12.el6.x86_64.rpm                                                                                                                                                                                                            | 1.0 MB     00:00     
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                                                         1.1 MB/s | 3.1 MB     00:02     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : device-mapper-1.02.117-12.el6.x86_64                                                                                                                                                                                                                      1/14 
  Updating   : device-mapper-libs-1.02.117-12.el6.x86_64                                                                                                                                                                                                                 2/14 
  Updating   : device-mapper-event-libs-1.02.117-12.el6.x86_64                                                                                                                                                                                                           3/14 
  Updating   : device-mapper-event-1.02.117-12.el6.x86_64                                                                                                                                                                                                                4/14 
  Updating   : lvm2-libs-2.02.143-12.el6.x86_64                                                                                                                                                                                                                          5/14 
  Updating   : device-mapper-persistent-data-0.6.2-0.1.rc7.el6.x86_64                                                                                                                                                                                                    6/14 
  Updating   : lvm2-2.02.143-12.el6.x86_64                                                                                                                                                                                                                               7/14 
  Cleanup    : lvm2-2.02.100-8.el6.x86_64                                                                                                                                                                                                                                8/14 
  Cleanup    : lvm2-libs-2.02.100-8.el6.x86_64                                                                                                                                                                                                                           9/14 
  Cleanup    : device-mapper-event-1.02.79-8.el6.x86_64                                                                                                                                                                                                                 10/14 
  Cleanup    : device-mapper-event-libs-1.02.79-8.el6.x86_64                                                                                                                                                                                                            11/14 
  Cleanup    : device-mapper-1.02.79-8.el6.x86_64                                                                                                                                                                                                                       12/14 
  Cleanup    : device-mapper-libs-1.02.79-8.el6.x86_64                                                                                                                                                                                                                  13/14 
  Cleanup    : device-mapper-persistent-data-0.2.8-4.el6_5.x86_64                                                                                                                                                                                                       14/14 
  Verifying  : device-mapper-libs-1.02.117-12.el6.x86_64                                                                                                                                                                                                                 1/14 
  Verifying  : lvm2-2.02.143-12.el6.x86_64                                                                                                                                                                                                                               2/14 
  Verifying  : device-mapper-event-libs-1.02.117-12.el6.x86_64                                                                                                                                                                                                           3/14 
  Verifying  : lvm2-libs-2.02.143-12.el6.x86_64                                                                                                                                                                                                                          4/14 
  Verifying  : device-mapper-1.02.117-12.el6.x86_64                                                                                                                                                                                                                      5/14 
  Verifying  : device-mapper-event-1.02.117-12.el6.x86_64                                                                                                                                                                                                                6/14 
  Verifying  : device-mapper-persistent-data-0.6.2-0.1.rc7.el6.x86_64                                                                                                                                                                                                    7/14 
  Verifying  : device-mapper-1.02.79-8.el6.x86_64                                                                                                                                                                                                                        8/14 
  Verifying  : device-mapper-event-libs-1.02.79-8.el6.x86_64                                                                                                                                                                                                             9/14 
  Verifying  : device-mapper-event-1.02.79-8.el6.x86_64                                                                                                                                                                                                                 10/14 
  Verifying  : lvm2-libs-2.02.100-8.el6.x86_64                                                                                                                                                                                                                          11/14 
  Verifying  : device-mapper-libs-1.02.79-8.el6.x86_64                                                                                                                                                                                                                  12/14 
  Verifying  : device-mapper-persistent-data-0.2.8-4.el6_5.x86_64                                                                                                                                                                                                       13/14 
  Verifying  : lvm2-2.02.100-8.el6.x86_64                                                                                                                                                                                                                               14/14 

Updated:
  device-mapper.x86_64 0:1.02.117-12.el6                                                   device-mapper-libs.x86_64 0:1.02.117-12.el6                                                   lvm2-libs.x86_64 0:2.02.143-12.el6                                                  

Dependency Updated:
  device-mapper-event.x86_64 0:1.02.117-12.el6                      device-mapper-event-libs.x86_64 0:1.02.117-12.el6                      device-mapper-persistent-data.x86_64 0:0.6.2-0.1.rc7.el6                      lvm2.x86_64 0:2.02.143-12.el6                     

Complete!
[root@why ~]# service docker status
docker is stopped
[root@why ~]# service docker start
Starting docker:                                       [  OK  ]
[root@why ~]# service docker status
docker (pid  2116) is running...

可能会出现的问题3

修改了/etc/grub.conf文件后,启动依然使用原来的内核。

需要修改/boot/grub/grub.conf中的default,问题出现的在新版的阿里云CentOS6.8的镜像上,去年的镜像还没有遇到以下的问题,出现时间为2017年8月12日

Docker使用

[root@why-2 ~]# service docker start
[root@why-2 ~]# service docker status
docker (pid  1855) 正在运行...
[root@why-2 ~]# docker search centos            #搜索docker镜像
NAME                                   DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
centos                                 The official build of CentOS.                   3164      [OK]       
jdeathe/centos-ssh                     CentOS-6 6.8 x86_64 / CentOS-7 7.3.1611 x8...   62                   [OK]
nimmis/java-centos                     This is docker images of CentOS 7 with dif...   23                   [OK]
consol/centos-xfce-vnc                 Centos container with "headless" VNC sessi...   22                   [OK]
gluster/gluster-centos                 Official GlusterFS Image [ CentOS-7 +  Glu...   18                   [OK]
million12/centos-supervisor            Base CentOS-7 with supervisord launcher, h...   13                   [OK]
torusware/speedus-centos               Always updated official CentOS docker imag...   8                    [OK]
egyptianbman/docker-centos-nginx-php   A simple and highly configurable docker co...   6                    [OK]
nathonfowlie/centos-jre                Latest CentOS image with the JRE pre-insta...   5                    [OK]
centos/mariadb55-centos7                                                               4                    [OK]
consol/sakuli-centos-xfce              Sakuli JavaScript based end-2-end testing ...   3                    [OK]
harisekhon/centos-scala                Scala + CentOS (OpenJDK tags 2.10-jre7 - 2...   2                    [OK]
harisekhon/centos-java                 Java on CentOS (OpenJDK, tags jre/jdk7-8)       2                    [OK]
centos/redis                           Redis built for CentOS                          2                    [OK]
timhughes/centos                       Centos with systemd installed and running       1                    [OK]
darksheer/centos                       Base Centos Image -- Updated hourly             1                    [OK]
blacklabelops/centos                   CentOS Base Image! Built and Updates Daily!     1                    [OK]
freenas/centos                         Simple CentOS Linux interactive container       1                    [OK]
smartentry/centos                      centos with smartentry                          0                    [OK]
januswel/centos                        yum update-ed CentOS image                      0                    [OK]
termbox/centos                         CentOS                                          0                    [OK]
repositoryjp/centos                    Docker Image for CentOS.                        0                    [OK]
otagoweb/centos                        Apache (with PHP7), built on CentOS 7           0                    [OK]
vcatechnology/centos                   A CentOS Image which is updated daily           0                    [OK]
labengine/centos                       Centos image base                               0                    [OK]

下载docker镜像

[root@why-2 docker]# docker pull centos
latest: Pulling from centos
3690474eb5b4: Pull complete 
0a444b299d5a: Downloading [==========================================>        ] 60.01 MB/70.39 MB
a04895de1996: Download complete 
d4350798c2ee: Download complete 
d4350798c2ee: Pulling fs layer 

下载完成后
[root@why-2 docker]# docker pull centos
latest: Pulling from centos
3690474eb5b4: Pull complete 
0a444b299d5a: Pull complete 
a04895de1996: Pull complete 
d4350798c2ee: Pull complete 
Digest: sha256:6e45de12a92ce6fcc0e3d0ffca8000833675f96679b3f1ecf71485c339826f27
Status: Downloaded newer image for centos:latest

查看当前镜像

[root@why-2 ~]# docker images                           #当前系统存在的镜像
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
<none>              <none>              3690474eb5b4        6 months ago        0 B
仓库                标签                镜像ID              创建时间            镜像大小
centos              latest              d4350798c2ee        12 weeks ago        191.8 MB

使用Docker镜像

[root@why-2 ~]# docker run centos /bin/echo 'hello world'       #指定docker命令
hello world
[root@why-2 ~]# docker ps -a                            #查看docker状态
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                      PORTS               NAMES
6f14a3cb3865        centos              "/bin/echo 'hello wo   20 seconds ago      Exited (0) 18 seconds ago                       insane_ptolemy    
容器ID              镜像                运行的命令              创建时间           当前状态                    端口                名字
[root@why-2 ~]# docker run --name whysdocker -it centos /bin/bash
[root@646befdd34b2 /]# ls /
anaconda-post.log  bin  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@646befdd34b2 /]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.3  11768  1888 ?        Ss   09:13   0:00 /bin/bash
root        19  0.0  0.3  47440  1672 ?        R+   09:14   0:00 ps aux
[root@646befdd34b2 /]# mkdir why
[root@646befdd34b2 /]# cd why/
[root@646befdd34b2 /]# exit
exit
[root@why-2 ~]# 
  • --name mydocker 给docker起名称
  • -i让容器打开终端模式
  • -t开启一个伪终端tty绑定到容器

docker容器只能启动一个应用程序,如果应用程序退出,则容器关闭

[root@why-2 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                          PORTS               NAMES
646befdd34b2        centos              "/bin/bash"            12 minutes ago      Exited (1) About a minute ago                       whysdocker          
6f14a3cb3865        centos              "/bin/echo 'hello wo   14 minutes ago      Exited (0) 14 minutes ago                           insane_ptolemy      
[root@why-2 ~]# docker rm 6f14a3cb3865              #如果删除启动中的容器,需要先关闭,删除镜像使用rmi
6f14a3cb3865
[root@why-2 ~]# docker rm 646befdd34b2  
646befdd34b2
[root@why-2 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@why-2 ~]# docker run -d -i -t --name whysdocker2 centos /bin/bash         #后台运行一个docker容器 
b40305320fc2fa1f6945174dd497bbfd936bb497be9042a2bba0cce3bb37702c
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
b40305320fc2        centos              "/bin/bash"         8 seconds ago       Up 6 seconds                            whysdocker2   

下载Docker镜像

[root@why-2 ~]# docker pull nginx  
latest: Pulling from nginx
4d43e3e8873c: Pull complete 
cfae62ad9233: Pull complete 
4d4b5520c444: Pull complete 
425e28bb756f: Pull complete 
6f8e5cd1315f: Pull complete 
8dacaa3090b8: Pull complete 
d9be8e2e1d68: Pull complete 
00bba88663ff: Pull complete 
Digest: sha256:26532e321df5f20bb87aa760e27ab7b7248977fe4e34b001e361a87c83492107
Status: Downloaded newer image for nginx:latest
如果不下载在指定镜像名称后也会自动下载
[root@why-2 ~]# docker run -d --name whynginx nginx
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS               NAMES
5efe09aa1828        nginx               "nginx -g 'daemon of   3 days ago          Up 3 days           80/tcp, 443/tcp     whynginx      

获取容器pid

[root@why-2 ~]# docker inspect --format "{{.State.Pid}}" whynginx
8916

进入容器

如果没有nsenter可通过以下进行安装
[root@why-2 ~]# yum install -y util-linux
[root@why-2 ~]# nsenter --target 8916 --mount --uts --ipc --net --pid
root@5efe09aa1828:/# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.5  31864  2944 ?        Ss   14:24   0:00 nginx: master process nginx -g daemon off;
nginx        5  0.0  0.3  32252  1668 ?        S    14:25   0:00 nginx: worker process
root         6  0.0  0.3  20256  1912 ?        S    14:29   0:00 -bash
root        10  0.0  0.2  17492  1148 ?        R+   14:33   0:00 ps aux
root@5efe09aa1828:/# cd /etc/nginx/
root@5efe09aa1828:/etc/nginx# ls
conf.d  fastcgi_params  koi-utf  koi-win  mime.types  modules  nginx.conf  scgi_params  uwsgi_params  win-utf
root@5efe09aa1828:/etc/nginx# cat conf.d/default.conf 
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

镜像中如果少程序可以通过centos的可以通过yum或者ubuntu的可以通过apt-get进行安装

root@5efe09aa1828:/etc/nginx# apt-get update   
Hit http://nginx.org jessie InRelease                                                                           
Get:1 http://nginx.org jessie/nginx amd64 Packages [21.0 kB]                                                    
Hit http://security.debian.org jessie/updates InRelease                                                                                                                                       
Get:2 http://security.debian.org jessie/updates/main amd64 Packages [448 kB]                                                                                                                  
Ign http://deb.debian.org jessie InRelease                                                                                                                                                    
Hit http://deb.debian.org jessie-updates InRelease                                                                                                                                            
Hit http://deb.debian.org jessie Release.gpg                                                                                                                                                  
Get:3 http://deb.debian.org jessie-updates/main amd64 Packages [17.6 kB]                                                                                                                      
Hit http://deb.debian.org jessie Release                                                                                                                                                      
Get:4 http://deb.debian.org jessie/main amd64 Packages [9049 kB]                                                                                                                              
Fetched 9536 kB in 18s (503 kB/s)                                                                                                                                                             
Reading package lists... Done

链接的状态

[root@why-2 ~]# brctl show  
bridge name bridge id       STP enabled interfaces
docker0     8000.56847afe9799   no      veth7961c4c
pan0        8000.000000000000   no      

可以看到docker0的网桥

[root@why-2 ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type LOCAL 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8         ADDRTYPE match dst-type LOCAL 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           

Chain DOCKER (2 references)
target     prot opt source               destination       
[root@why-2 ~]# ifconfig  docker0
docker0   Link encap:Ethernet  HWaddr 56:84:7A:FE:97:99  
          inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3641 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7012 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:224999 (219.7 KiB)  TX bytes:10377838 (9.8 MiB)

所以docker镜像中也可以访问外网的

docker网络

可以使用随机映射的方式,通过-P参数

[root@why-2 ~]# docker run -d -P --name whysnginx1 nginx
91887f8763c6baad0cbb737683ec52b29b101828d46b80c619824811fe224c6e
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                                           NAMES
91887f8763c6        nginx               "nginx -g 'daemon of   8 seconds ago       Up 6 seconds        0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp   whysnginx1 

可以看到docker中的80端口被映射到本地的32769端口,443端口被映射到了本地的32768端口

可以通过web服务访问以下32769端口

指定随机的端口有一个好处就是端口不会冲突

-p可以指定端口映射 -p hostPort:containerPort 指定绑定的端口 -p ip:hostPort:containerPort 指定绑定的ip,端口 -p ip::containerPort 指定绑定的ip,端口随机 -p hostPort:containerPort -p hostPort:containerPort 指定绑定的端口,可以指定多个

[root@why-2 ~]# docker run -d -p 91:80 --name whysnginx2 nginx
30b268e7ca56aa6099cdc1e0cf25d2915f1c41f03bf1608c1bbbb1dc522ba7ce
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                         NAMES
30b268e7ca56        nginx               "nginx -g 'daemon of   4 seconds ago       Up 3 seconds        443/tcp, 0.0.0.0:91->80/tcp   whysnginx2 

通过-p参数指定容器的80端口映射到主机的91端口,而443就没有被映射

docker的数据

[root@why-2 ~]# docker run -it --name volume-nginx -h nginx -v /data centos     #为启动的容器添加一个/data目录
[root@nginx /]# ls /data
[root@nginx /]# touch /data/why

可以看到/data目录被映射到/var/lib/docker/volumes/3c8db6870565ad6e4637c18f44d27908fb5d069a459abb6519d2bfe1f223a4b9/_data

[root@why-2 ~]# docker inspect -f {{.Volumes}} volume-nginx
map[/data:/var/lib/docker/volumes/3c8db6870565ad6e4637c18f44d27908fb5d069a459abb6519d2bfe1f223a4b9/_data]
[root@why-2 ~]# ll /var/lib/docker/volumes/3c8db6870565ad6e4637c18f44d27908fb5d069a459abb6519d2bfe1f223a4b9/_data
total 0
-rw-r--r-- 1 root root 0 Mar 15 23:57 why

做了一个映射,把目录到容器的目录,也可以指定映射的目录

[root@why-2 ~]# docker run -it --name volume-nginx2 -h nginx -v /tmp:/data centos
[root@nginx /]# ll /data
total 32
drwx------  2 root root 4096 Nov  1 23:27 keyring-35PkLZ
drwx------. 2 root root 4096 Oct 12 12:31 keyring-Dm077L
drwx------  2 root root 4096 Nov 25 10:09 keyring-YW5TNZ
drwx------  2 root root 4096 Oct 24 23:46 keyring-l2cy7t
drwx------  2   42   42 4096 Mar 10 04:37 orbit-gdm
drwx------  2   42   42 4096 Mar 10 04:37 pulse-1XmyeKuDp0F2
drwx------. 2 root root 4096 Nov 25 10:10 pulse-JU1xLiwsvxT6
-rw-------  1 root root 1514 Mar 10 03:35 yum_save_tx-2017-03-10-11-35fEsnKg.yumtx
[root@why-2 ~]# ll /tmp/
total 32
drwx------  2 root root 4096 Nov  2 07:27 keyring-35PkLZ
drwx------. 2 root root 4096 Oct 12 20:31 keyring-Dm077L
drwx------  2 root root 4096 Nov 25 18:09 keyring-YW5TNZ
drwx------  2 root root 4096 Oct 25 07:46 keyring-l2cy7t
drwx------  2 gdm  gdm  4096 Mar 10 12:37 orbit-gdm
drwx------  2 gdm  gdm  4096 Mar 10 12:37 pulse-1XmyeKuDp0F2
drwx------. 2 root root 4096 Nov 25 18:10 pulse-JU1xLiwsvxT6
-rw-------  1 root root 1514 Mar 10 11:35 yum_save_tx-2017-03-10-11-35fEsnKg.yumtx

设置为只读

docker run -it --name volume-nginx2 -h nginx -v /tmp:/data:ro centos

挂载其他容器上的数据卷

[root@why-2 ~]# docker run -it --name volume-nginx3 -h nginx --volumes-from volume-nginx2 centos
[root@nginx /]# ll /data
total 32
drwx------  2 root root 4096 Nov  1 23:27 keyring-35PkLZ
drwx------. 2 root root 4096 Oct 12 12:31 keyring-Dm077L
drwx------  2 root root 4096 Nov 25 10:09 keyring-YW5TNZ
drwx------  2 root root 4096 Oct 24 23:46 keyring-l2cy7t
drwx------  2   42   42 4096 Mar 10 04:37 orbit-gdm
drwx------  2   42   42 4096 Mar 10 04:37 pulse-1XmyeKuDp0F2
drwx------. 2 root root 4096 Nov 25 10:10 pulse-JU1xLiwsvxT6
-rw-------  1 root root 1514 Mar 10 03:35 yum_save_tx-2017-03-10-11-35fEsnKg.yumtx

docker镜像构建

手动构建docker镜像(nginx)

[root@why-2 ~]# docker run -i -t --name builddocker centos
[root@d2acf3b9a8b4 /]# yum install -y wget gcc gcc-c++ make openssl-devel                           #下载依赖包
[root@d2acf3b9a8b4 /]# wget http://nginx.org/download/nginx-1.10.3.tar.gz
[root@d2acf3b9a8b4 /]# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz
[root@d2acf3b9a8b4 /]# cp *.gz /usr/local/src/
[root@d2acf3b9a8b4 /]# cd !$
cd /usr/local/src/
[root@d2acf3b9a8b4 src]# useradd -s /sbin/nologin -M www
[root@d2acf3b9a8b4 src]# tar xf nginx-1.10.3.tar.gz 
[root@d2acf3b9a8b4 src]# tar xf pcre-8.39.tar.gz 
[root@d2acf3b9a8b4 src]# cd nginx-1.10.3
[root@d2acf3b9a8b4 nginx-1.10.3]# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.39                #编译安装nginx
[root@d2acf3b9a8b4 nginx-1.10.3]# make
[root@d2acf3b9a8b4 nginx-1.10.3]# make install
[root@d2acf3b9a8b4 nginx-1.10.3]# vi /usr/local/nginx/conf/nginx.conf
[root@d2acf3b9a8b4 nginx-1.10.3]# head -1 /usr/local/nginx/conf/nginx.conf
daemon off;
[root@d2acf3b9a8b4 nginx-1.10.3]# echo $?
0
[root@d2acf3b9a8b4 nginx-1.10.3]# vi /usr/local/nginx/conf/nginx.conf
[root@d2acf3b9a8b4 nginx-1.10.3]# head -1 /usr/local/nginx/conf/nginx.conf          #配置nginx的后台运行   
daemon off;
[root@d2acf3b9a8b4 nginx-1.10.3]# echo '/usr/local/nginx/sbin/nginx ' >> /etc/rc.local 
[root@d2acf3b9a8b4 nginx-1.10.3]# tail -1 /etc/rc.local 
/usr/local/nginx/sbin/nginx
root@5efe09aa1828:/etc/nginx# exit
logout
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
d2acf3b9a8b4        centos              "/bin/bash"         15 hours ago        Exited (127) 14 hours ago                       builddocker         
[root@why-2 ~]# docker commit -m 'whys nginx' d2acf3b9a8b4 wanghongyu/test-nginx:v1 #提交为镜像
6fd59ac2b6622026b04a63f9a365ab80e98dce35514957d40bce4b64b74e9c56
[root@why-2 ~]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED              VIRTUAL SIZE
wanghongyu/test-nginx   v1                  6fd59ac2b662        About a minute ago   395.7 MB
nginx                   latest              00bba88663ff        2 weeks ago          181.8 MB
centos                  latest              d4350798c2ee        12 weeks ago         191.8 MB

可以看到自己的镜像库中有了刚commit的容器

[root@why-2 ~]# docker run -d -p 92:80 wanghongyu/test-nginx:v1 
203c093e63f16612e107c0f106e7ec5d5a8ff7ca65327ef540348c211cc2876e
[root@why-2 ~]# docker run -it  wanghongyu/test-nginx:v1 
[root@659ca962dbd6 /]# vi /etc/rc.local 
[root@659ca962dbd6 /]# exit
exit
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS                      PORTS               NAMES
659ca962dbd6        wanghongyu/test-nginx:v1   "/bin/bash"         37 seconds ago      Exited (0) 14 seconds ago                       agitated_mayer      
[root@why-2 ~]# docker commit -m 'v2' 659ca962dbd6 wanghongyu/test-nginx:v2
8670d24b20258254d160db00ef67ecf9c721c9a70261f3c3e0b5cb043593fa22
[root@why-2 ~]# docker run -d -p 93:80 wanghongyu/test-nginx:v2 /usr/local/nginx/sbin/^C
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS                     PORTS               NAMES
659ca962dbd6        wanghongyu/test-nginx:v1   "/bin/bash"         3 minutes ago       Exited (0) 2 minutes ago                       agitated_mayer      
[root@why-2 ~]# docker run -d -p 93:80 wanghongyu/test-nginx:v2 /usr/local/nginx/sbin/nginx 
03a68096f0e3bd26af3d5180854f74e6c98d50b28530b39a838cf1229554e1db
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE                      COMMAND                CREATED             STATUS              PORTS                NAMES
03a68096f0e3        wanghongyu/test-nginx:v2   "/usr/local/nginx/sb   5 seconds ago       Up 4 seconds        0.0.0.0:93->80/tcp   suspicious_pasteur   

使用dockerfile进行构建

需要制定基础镜像信息,维护者信息,镜像操作命令,容器启动时执行的命令

FROM 基础镜像(它妈妈是谁) MAINTAINER 维护者信息(告诉别人,你创造了它) RUN 把命令前加上RUN(你想让他干嘛) ADD COPY文件,会自动解压(往它的肚子里放点啥) WORKDIR 当前工作目录(会自动cd进去) VOLUME 目录挂载 EXPOSE 端口 RUN 进程要一直执行下去

[root@why-2 ~]# mkdir /opt/docker-file/nginx -p
[root@why-2 ~]# cd /opt/docker-file/nginx
[root@why-2 nginx]# vi Dockerfile
# This is My Nginx Dockerfile
# Version:1.0
# Author:why
# Base images       指定是由哪个镜像为基础
FROM centos
# MAINTAINER        维护者信息
MAINTAINER why
# ADD               需要添加到镜像的软件包,如果是压缩包自动解压,需要放在与Dockerfile同级目录,然后是镜像内目录
ADD nginx-1.10.3.tar.gz /usr/local/src
ADD pcre-8.39.tar.gz /usr/local/src
# RUN               镜像内指定指定命令
RUN yum install -y gcc gcc-c++ make openssl-devel
RUN useradd -s /sbin/nologin -M www
# WORKDIR           切换工作目录
WORKDIR /usr/local/src/nginx-1.10.3
#                   进行编译
RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.39 && make && make install
#                   修改配置文件
RUN echo 'daemon off;' >> /usr/local/nginx/conf/nginx.conf
# EXPOSE            需要映射的端口
EXPOSE 80           
# ENV               环境变量设置
ENV PATH /usr/local/nginx/sbin:$PATH
# CMD               容器启动时需要执行的命令
CMD ["nginx"]
[root@why-2 nginx]# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz
[root@why-2 nginx]# wget http://nginx.org/download/nginx-1.10.3.tar.gz
[root@why-2 nginx]# docker build -t nginx-file:v1 /opt/docker-file/nginx/
省略部分
Step 8 : RUN echo 'daemon off;' >> /usr/local/nginx/conf/nginx.conf
 ---> Running in b12b73d5f72b
 ---> f0775df096e4
Removing intermediate container b12b73d5f72b
Step 9 : EXPOSE 80
 ---> Running in 91f7dfa63a70
 ---> c1f07125cd7b
Removing intermediate container 91f7dfa63a70
Step 10 : ENV PATH /usr/local/nginx/sbin:$PATH
 ---> Running in 63c38ea1be5f
 ---> 7164166490ce
Removing intermediate container 63c38ea1be5f
Step 11 : CMD nginx
 ---> Running in 033788d9518f
 ---> fadf7f9b8463
Removing intermediate container 033788d9518f
[root@why-2 nginx]# docker images
Successfully built fadf7f9b8463
REPOSITORY              TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
nginx-file              v1                  fadf7f9b8463        6 minutes ago       389.4 MB
wanghongyu/test-nginx   v2                  8670d24b2025        About an hour ago   395.7 MB
wanghongyu/test-nginx   v1                  6fd59ac2b662        2 hours ago         395.7 MB
nginx                   latest              00bba88663ff        2 weeks ago         181.8 MB
centos                  latest              d4350798c2ee        12 weeks ago        191.8 MB
[root@why-2 nginx]# docker run -d -p 94:80 nginx-file:v1 
f260af414851e1a1ce4d8301670d37f23d19432024662da398f4faea988af283
[root@why-2 nginx]# docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                NAMES
f260af414851        nginx-file:v1       "nginx"             11 seconds ago      Up 10 seconds       0.0.0.0:94->80/tcp   romantic_poitras    

可以在浏览器中访问94端口

docker资源隔离

docker使用了Linux中的LXC技术(容器技术),具体就是kernel中的namespace,每个ldas创建,隔离的PID,NET,IPC,MNT,UTS和USER等,docker资源限制通过cgroup实现的,可以隔离的有CPU和内存

演示资源使用问题我通过创建一个stress的镜像

[root@why-2 ~]# mkdir /opt/docker-file/stress
[root@why-2 ~]# cd /opt/docker-file/stress/
[root@why-2 stress]# vi Dockerfile
FROM centos
ADD epel-6.repo /etc/yum.repos.d/
RUN yum install -y stress && yum clean all
ENTRYPOINT ["stress"]
[root@why-2 stress]# wget http://mirrors.aliyun.com/repo/epel-6.repo
[root@why-2 stress]# docker build -t stress .
Successfully built b9dfa5dd6118
[root@why-2 stress]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
stress                  latest              b9dfa5dd6118        16 seconds ago      211.4 MB
nginx-file              v1                  fadf7f9b8463        3 hours ago         389.4 MB
wanghongyu/test-nginx   v2                  8670d24b2025        5 hours ago         395.7 MB
wanghongyu/test-nginx   v1                  6fd59ac2b662        5 hours ago         395.7 MB
nginx                   latest              00bba88663ff        2 weeks ago         181.8 MB
centos                  latest              d4350798c2ee        12 weeks ago        191.8 MB

测试CPU资源

[root@why-2 stress]# docker run -it --rm stress --cpu 1         #--rm 关闭后删除,--cpu 1为stress的参数,代表使用一个cpu
stress: info: [1] dispatching hogs: 1 cpu, 0 io, 0 vm, 0 hdd

[root@why-2 ~]# top
top - 21:52:04 up 13:16,  3 users,  load average: 0.34, 0.12, 0.11
Tasks: 205 total,   3 running, 202 sleeping,   0 stopped,   0 zombie
Cpu(s): 99.7%us,  0.3%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:    502808k total,   396904k used,   105904k free,     8180k buffers
Swap:  3071996k total,    10540k used,  3061456k free,   177032k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                          
25909 root      20   0  7252   92    0 R 99.8  0.0   0:23.95 stress                                                                                                   
25910 root      20   0 15188 1224  856 R  0.3  0.2   0:00.04 top                                                                                                                               
    1 root      20   0 19408  812  740 S  0.0  0.2   0:01.48 init                                                                                                                              
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.02 kthreadd                                                                                                                          
    3 root      20   0     0    0    0 S  0.0  0.0   0:16.51 ksoftirqd/0                                                                                                                       
    5 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 kworker/0:0H                                                                                                                      
    7 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0                          

可以看到现在的CPU使用率为100%,在另终端上再启动一个stress镜像

[root@why-2 ~]# docker run -it --rm stress --cpu 1
stress: info: [1] dispatching hogs: 1 cpu, 0 io, 0 vm, 0 hdd

[root@why-2 ~]# top
top - 21:53:05 up 13:17,  4 users,  load average: 0.84, 0.30, 0.18
Tasks: 214 total,   4 running, 210 sleeping,   0 stopped,   0 zombie
Cpu(s):100.0%us,  0.0%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:    502808k total,   408288k used,    94520k free,     9148k buffers
Swap:  3071996k total,    10540k used,  3061456k free,   181212k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                          
25909 root      20   0  7252   92    0 R 49.8  0.0   1:21.15 stress                                                                                                                            
26029 root      20   0  7252   92    0 R 49.8  0.0   0:04.03 stress                                                                                                                            
26043 root      20   0 15196 1232  856 R  0.3  0.2   0:00.01 top                                                                                                                               
    1 root      20   0 19408  812  740 S  0.0  0.2   0:01.48 init                                                                                                                              
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.02 kthreadd                                                                                                                          
    3 root      20   0     0    0    0 S  0.0  0.0   0:16.51 ksoftirqd/0  

CPU的资源被平分了,可以关掉之后再启动一个stress 配额为512

[root@why-2 ~]# docker run -it --rm -c 512 stress --cpu 1
stress: info: [1] dispatching hogs: 1 cpu, 0 io, 0 vm, 0 hdd
[root@why-2 ~]# top
top - 21:54:25 up 13:18,  4 users,  load average: 1.45, 0.63, 0.31
Tasks: 214 total,   4 running, 210 sleeping,   0 stopped,   0 zombie
Cpu(s):  2.4%us,  0.6%sy,  0.0%ni, 95.1%id,  1.7%wa,  0.0%hi,  0.1%si,  0.0%st
Mem:    502808k total,   410932k used,    91876k free,     9648k buffers
Swap:  3071996k total,    10540k used,  3061456k free,   182336k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                          
25909 root      20   0  7252   92    0 R 66.0  0.0   2:15.09 stress                                                                                                                            
26238 root      20   0  7252   88    0 R 33.0  0.0   0:04.04 stress                                                                                                                            
    1 root      20   0 19408  812  740 S  0.0  0.2   0:01.48 init                                                                                                                              
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.02 kthreadd                                                                                                                          
    3 root      20   0     0    0    0 S  0.0  0.0   0:16.52 ksoftirqd/0                                                                                                                       
    5 root       0 -20     0    0    0 S  0.0  0.0   0:00.00 kworker/0:0H                    

可以看到CPU使用率的比例为2:1,因为cpu的配额默认为1024,也可以绑定CPU,使用以下参数

  --cpuset-cpus=              CPUs in which to allow execution (0-3, 0,1)

测试内存资源

这是我当前的内存

[root@why-2 ~]# free -m
             total       used       free     shared    buffers     cached
Mem:           491        329        161          0         11        102
-/+ buffers/cache:        215        275
Swap:            0          0          0

启动一个内存为128m的容器

[root@why-2 stress]# docker run -it --rm -m 128m stress --vm 1 --vm-bytes 120m --vm-hang 0
WARNING: Your kernel does not support swap limit capabilities, memory limited without swap.
stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd
^Cstress: FAIL: [1] (415) <-- worker 6 got signal 2
stress: WARN: [1] (417) now reaping child worker processes
stress: FAIL: [1] (421) kill error: No such process
stress: FAIL: [1] (451) failed run completed in 7s

128m的容器在使用了120m内存的时候还能正常运行,关掉后重新启动一个使用1024m内存

[root@why-2 stress]# docker run -it --rm -m 128m stress --vm 1 --vm-bytes 1024m --vm-hang 0
WARNING: Your kernel does not support swap limit capabilities, memory limited without swap.
stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd
stress: FAIL: [10] (494) hogvm malloc failed: Cannot allocate memory
stress: FAIL: [1] (394) <-- worker 10 returned error 1
stress: WARN: [1] (396) now reaping child worker processes
stress: FAIL: [1] (400) kill error: No such process
stress: FAIL: [1] (451) failed run completed in 0s

可以看到超过了128m内存,容器自动退出了。当然也可能出现即使设置了内存限制依然不崩溃退出的情况

[root@why-2 stress]# docker run -it --rm -m 128m stress --vm 1 --vm-bytes 2048m --vm-hang 0
WARNING: Your kernel does not support swap limit capabilities, memory limited without swap.
stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd

在另一端可以明显的发现swap暴涨

[root@why-2 ~]# free -m
             total       used       free     shared    buffers     cached
Mem:           491        453         37          0         10        101
-/+ buffers/cache:        341        149
Swap:         2999       1962       1037

关闭swap就好,具体的原因正在查找

[root@why-2 stress]# swapoff -a
[root@why-2 stress]# echo '0' > /proc/sys/vm/swappiness
[root@why-2 stress]# sysctl vm.swappiness=0
vm.swappiness = 0

docker网络

当docker启动的时候会启动一个docker0的虚拟网桥,通过ipv4的ip_forward进行转发,当启动一个容器的时候会创建一对接口,一个在网桥docker0,另一个容器内部的eth0,默认使用桥接的模式进行连接

可以看到本地启动的docker0

[root@why-2 stress]# ifconfig docker0
docker0   Link encap:Ethernet  HWaddr 56:84:7A:FE:97:99  
          inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:57786 errors:0 dropped:0 overruns:0 frame:0
          TX packets:108281 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3123287 (2.9 MiB)  TX bytes:161474353 (153.9 MiB)
[root@why-2 stress]# brctl show
bridge name bridge id       STP enabled interfaces
docker0     8000.56847afe9799   no      veth6957bb3
                            veth7961c4c
                            vethbf488ae
                            vethc59d282
                            vethc735d15
                            vethf6f22eb
pan0        8000.000000000000   no      

本地产生的NAT路由

[root@why-2 stress]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type LOCAL 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8         ADDRTYPE match dst-type LOCAL 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  tcp  --  172.17.0.3           172.17.0.3          tcp dpt:443 
MASQUERADE  tcp  --  172.17.0.3           172.17.0.3          tcp dpt:80 
MASQUERADE  tcp  --  172.17.0.4           172.17.0.4          tcp dpt:80 
MASQUERADE  tcp  --  172.17.0.10          172.17.0.10         tcp dpt:80 
MASQUERADE  tcp  --  172.17.0.15          172.17.0.15         tcp dpt:80 

Chain DOCKER (2 references)
target     prot opt source               destination         
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:32768 to:172.17.0.3:443 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:32769 to:172.17.0.3:80 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:91 to:172.17.0.4:80 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:93 to:172.17.0.10:80 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:94 to:172.17.0.15:80 

通过DNAT实现的端口的转换,上网是通过源地址转换实现的

当然也可以使用其他模式,例如

  • 直接桥接到主机上,与主机共用端口和ip地址
  • 直接使用其他容器的网络

docker镜像的本地化

[root@why-2 ~]# docker pull registry:2.0
Pulling repository registry
08f78f46653a: Download complete 
902b87aaaec9: Download complete 
9a61b6b1315e: Download complete 
1ff9f26f09fb: Download complete 
607e965985c1: Download complete 
0f5121dd42a6: Download complete 
8d38711ccc0d: Download complete 
8ddc08289e1a: Download complete 
d86979befb72: Download complete 
b279b4aae826: Download complete 
63e9d2557cd7: Download complete 
8fb45e60e014: Download complete 
141b650c3281: Download complete 
69c177f0c117: Download complete 
124e2127157f: Download complete 
aeb43bf230e4: Download complete 
6a192b88c36f: Download complete 
66780839eff4: Download complete 
a0010d3b65cf: Download complete 
000e0d27487f: Download complete 
66b88493bcd9: Download complete 
374f4314b164: Download complete 
Status: Downloaded newer image for registry:2.0
[root@why-2 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
nginx               latest              00bba88663ff        2 weeks ago         181.8 MB
centos              latest              d4350798c2ee        12 weeks ago        191.8 MB
registry            2.0                 08f78f46653a        20 months ago       548.6 MB
[root@why-2 ~]# docker run -d -p 5000:5000 registry:2.0
284ecb54e7ef4531e8c6aafe1eee1bc3b6d9fefe73932285961018340f662aa9

启动registry镜像即可,需要做一下5000端口的映射

[root@why-2 ~]# docker tag nginx 192.168.0.202:5000/whysdocker/nginx:v1
[root@why-2 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.0.202:5000/whysdocker/nginx   v1                  00bba88663ff        2 weeks ago         181.8 MB
nginx                                 latest              00bba88663ff        2 weeks ago         181.8 MB
centos                                latest              d4350798c2ee        12 weeks ago        191.8 MB
registry                              2.0                 08f78f46653a        20 months ago       548.6 MB
[root@why-2 ~]# docker push 192.168.0.202:5000/whysdocker/nginx:v1
Error response from daemon: invalid registry endpoint https://192.168.0.202:5000/v0/: unable to ping registry endpoint https://192.168.0.202:5000/v0/
v2 ping attempt failed with error: Get https://192.168.0.202:5000/v2/: tls: oversized record received with length 20527
 v1 ping attempt failed with error: Get https://192.168.0.202:5000/v1/_ping: tls: oversized record received with length 20527. 
If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.0.202:5000` 
to the daemon's arguments. In the case of HTTPS, 
if you have access to the registry's CA certificate, no need for the flag; 
simply place the CA certificate at /etc/docker/certs.d/192.168.0.202:5000/ca.crt

对于此问题需要把--insecure-registry 192.168.0.202:5000加入到/etc/sysconfig/docker配置文件中

[root@why-2 ~]# vi /etc/sysconfig/docker
[root@why-2 ~]# cat /etc/sysconfig/docker
# /etc/sysconfig/docker
#
# Other arguments to pass to the docker daemon process
# These will be parsed by the sysv initscript and appended
# to the arguments list passed to docker -d

other_args='--insecure-registry 192.168.0.202:5000'
DOCKER_CERT_PATH=/etc/docker

# Resolves: rhbz#1176302 (docker issue #407)
DOCKER_NOWARN_KERNEL_VERSION=1

# Location used for temporary files, such as those created by
# # docker load and build operations. Default is /var/lib/docker/tmp
# # Can be overriden by setting the following environment variable.
# # DOCKER_TMPDIR=/var/tmp

上传镜像

[root@why-2 ~]# docker push 192.168.0.202:5000/whysdocker/nginx:v1
The push refers to a repository [192.168.0.202:5000/whysdocker/nginx] (len: 1)
00bba88663ff: Image already exists 
00bba88663ff: Buffering to Disk 
8dacaa3090b8: Image successfully pushed 
6f8e5cd1315f: Image successfully pushed 
6f8e5cd1315f: Buffering to Disk 
425e28bb756f: Image already exists 
4d4b5520c444: Image already exists 
4d43e3e8873c: Image successfully pushed 
Digest: sha256:164f0e8327831d9d3769fdfbd68880f3b1e43e0623835332b7a0ad5dba511973
[root@why-2 ~]# echo $?
0

上传成功后,别的主机也可以下载该镜像,也需要在配置文件中添加--insecure-registry 192.168.0.202:5000

这边我把之前下载的镜像删除,进行下载

[root@why-2 ~]# docker pull 192.168.0.202:5000/whysdocker/nginx:v1
v1: Pulling from 192.168.0.202:5000/whysdocker/nginx

4d43e3e8873c: Already exists 
cfae62ad9233: Already exists 
4d4b5520c444: Already exists 
425e28bb756f: Already exists 
6f8e5cd1315f: Already exists 
8dacaa3090b8: Already exists 
00bba88663ff: Already exists 
Digest: sha256:164f0e8327831d9d3769fdfbd68880f3b1e43e0623835332b7a0ad5dba511973
Status: Image is up to date for 192.168.0.202:5000/whysdocker/nginx:v1
[root@why-2 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.0.202:5000/whysdocker/nginx   v1                  00bba88663ff        2 weeks ago         181.8 MB
nginx                                 latest              00bba88663ff        2 weeks ago         181.8 MB
centos                                latest              d4350798c2ee        12 weeks ago        191.8 MB
registry                              2.0                 08f78f46653a        20 months ago       548.6 MB
[root@why-2 ~]# docker rmi 00bba88663ff
Error response from daemon: Conflict, cannot delete image 00bba88663ff because it is tagged in multiple repositories, use -f to force
Error: failed to remove images: [00bba88663ff]
[root@why-2 ~]# docker rmi -f 00bba88663ff
Untagged: 192.168.0.202:5000/whysdocker/nginx:v1
Untagged: nginx:latest
Untagged: whysdockerimages/nginx:v1
Untagged: whysdockerimagesnginx:v1
Deleted: 00bba88663ff547e5ba5b8be57c76a9034f3d72b7437f320f5e3e898615430f1
Deleted: d9be8e2e1d684782e15edaefba04b8df2e4d6ae8cd410b842429108279b40b4d
Deleted: 8dacaa3090b88e299c7efe200fd4ef138c5c003fdbe0e3faaa8b882e0ed2b9d5
Deleted: 6f8e5cd1315fb9330934fe857cccffdb9dca3cc2f411eea46899700d857cfa23
Deleted: 425e28bb756f57de4877c664afc945b8f0a0458c33f74a6d14860baaf97c02fd
Deleted: 4d4b5520c444639e9c347fc62037ff0efe7a14d9af9ce39f4b71d4e6f2b55a4f
Deleted: cfae62ad9233cb1aad3cf290e75d493dd57ab56d29c0f228600a77ad825ee0a1
Deleted: 4d43e3e8873c566e79ea6789c568f0c74ee0b4150117f337157f40624b9f51a0
[root@why-2 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos              latest              d4350798c2ee        12 weeks ago        191.8 MB
registry            2.0                 08f78f46653a        20 months ago       548.6 MB
[root@why-2 ~]# docker pull 192.168.0.202:5000/whysdocker/nginx:v1
v1: Pulling from 192.168.0.202:5000/whysdocker/nginx
4d43e3e8873c: Pull complete 
cfae62ad9233: Pull complete 
4d4b5520c444: Pull complete 
425e28bb756f: Pull complete 
6f8e5cd1315f: Pull complete 
8dacaa3090b8: Pull complete 
d9be8e2e1d68: Pull complete 
00bba88663ff: Already exists 
Digest: sha256:164f0e8327831d9d3769fdfbd68880f3b1e43e0623835332b7a0ad5dba511973
Status: Downloaded newer image for 192.168.0.202:5000/whysdocker/nginx:v1
[root@why-2 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.0.202:5000/whysdocker/nginx   v1                  00bba88663ff        2 weeks ago         181.8 MB
centos                                latest              d4350798c2ee        12 weeks ago        191.8 MB
registry                              2.0                 08f78f46653a        20 months ago       548.6 MB

docker镜像的存出和载入

[root@why-2 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.0.202:5000/whysdocker/nginx   v1                  00bba88663ff        2 weeks ago         181.8 MB
centos                                latest              d4350798c2ee        3 months ago        191.8 MB
registry                              2.0                 08f78f46653a        20 months ago       548.6 MB
[root@why-2 ~]# docker save -o centos.tar centos:latest 
[root@why-2 ~]# ll | grep centos.tar 
-rw-r--r--   1 root   root   199911936 Mar 16 11:25 centos.tar
[root@why-2 ~]# docker rmi -f d4350798c2ee
Untagged: centos:latest
Deleted: d4350798c2ee9f080caff7559bf4d5a48a1862330e145fe7118ac721da74a445
Deleted: a04895de19968b0665115154295009f75bcba85eb71dbb7fe6ae14cb8c95a475
Deleted: 0a444b299d5a7868b640b12020a2684a72167b6710037b6bd4933f6713b2b47c
Deleted: 3690474eb5b4b26fdfbd89c6e159e8cc376ca76ef48032a30fa6aafd56337880
[root@why-2 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.0.202:5000/whysdocker/nginx   v1                  00bba88663ff        2 weeks ago         181.8 MB
registry                              2.0                 08f78f46653a        20 months ago       548.6 MB
[root@why-2 ~]# docker load --input centos.tar 
[root@why-2 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
192.168.0.202:5000/whysdocker/nginx   v1                  00bba88663ff        2 weeks ago         181.8 MB
centos                                latest              d4350798c2ee        3 months ago        191.8 MB
registry                              2.0                 08f78f46653a        20 months ago       548.6 MB

docker容器的存出和载入

[root@why-2 ~]# docker export 2bffc71cdd63 > centosstop.tar
[root@why-2 ~]# ll | grep centos
-rw-r--r--   1 root   root   199911936 Mar 16 11:25 centos.tar
-rw-r--r--   1 root   root   199894016 Mar 16 11:33 centosstop.tar
[root@why-2 ~]# cat centosstop.tar | docker import - centosstop
1c406c6f0088932f3646f4c7c4c96b7952bd5212cb9b23228d2a1edb648ffcfa
[root@why-2 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                    NAMES
c0a09e49eca2        registry:2.0        "registry cmd/regist   11 hours ago        Up 11 hours         0.0.0.0:5000->5000/tcp   dreamy_goodall      
[root@why-2 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                      PORTS                    NAMES
c0a09e49eca2        registry:2.0        "registry cmd/regist   11 hours ago        Up 11 hours                 0.0.0.0:5000->5000/tcp   dreamy_goodall      
285a6973317b        centos              "/bin/bash"            11 hours ago        Exited (127) 11 hours ago                            volume-nginx3       
c2ca4bf3444a        centos              "/bin/bash"            11 hours ago        Exited (0) 11 hours ago                              volume-nginx2       
b4c93b9952a9        centos              "/bin/bash"            11 hours ago        Exited (0) 11 hours ago                              volume-nginx        
2bffc71cdd63        centos              "/bin/bash"            5 days ago          Exited (0) 5 days ago                                whysdocker1         
[root@why-2 ~]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centosstop                            latest              1c406c6f0088        39 seconds ago      191.8 MB
192.168.0.202:5000/whysdocker/nginx   v1                  00bba88663ff        2 weeks ago         181.8 MB
centos                                latest              d4350798c2ee        3 months ago        191.8 MB
registry                              2.0                 08f78f46653a        20 months ago       548.6 MB

可以看到export也是把容器以快照的方式做成镜像进行,两者的区别更多的是save获取的分层的镜像层,而export获取的整个容器的各个目录和文件。