Docker容器技术

Docker介绍

什么是容器

Linux容器是与系统其他部分隔离开的一系列进程,从另一个系统镜像运行,并由该镜像提供支持进程所需的全部文件。

容器镜像包含了应用的所有依赖项,因而在从开发到测试再到生产的整个过程中,它都具有可移植性和一致性。

来源:https://www.redhat.com/zh/topics/containers/whats-a-linux-container

容器就是虚拟化吗?

虚拟化使得许多操作系统可同时在单个系统上运行。

容器只能共享操作系统内核,将应用进程与系统其他部分,隔离开。

容器和虚拟化的区别

linux容器技术,容器虚拟化和kvm虚拟化的区别

kvm虚拟化:需要硬件的支持,需要模拟硬件,可以运行不同的操作系统,启动时间分钟级(开机启动流程)

容器虚拟化:不需要硬件的支持。不需要模拟硬件,共用宿主机的内核,启动时间秒级(没有开机启动流程)

容器总结:

(1)与宿主机使用同一个内核,性能损耗小;

(2)不需要指令级模拟;

(3)容器可以在CPU核心的本地运行指令,不需要任何专门的解释机制;

(4)避免了准虚拟化和系统调用替换中的复杂性;

(5)轻量级隔离,在隔离的同时还提供共享机制,以实现容器与宿主机的资源共享。

容器技术的发展过程

chroot技术,新建一个子系统

chroot,即 change root directory (更改 root 目录)。在 linux 系统中,系统默认的目录结构都是以 `/`,即是以根 (root) 开始的。而在使用 chroot 之后,系统的目录结构将以指定的位置作为 `/` 位置。

参考资料:https://www.ibm.com/developerworks/cn/linux/l-cn-chroot/

使用chroot监狱限制SSH用户访问指定目录和使用指定命令:https://linux.cn/article-8313-1.html

lxc部署

Linux Container容器是一种内核虚拟化技术,可以提供轻量级的虚拟化,以便隔离进程和资源。

安装lxc

需要使用epel源

#安装epel源

yum install epel-release -y

#编译epel源配置文件

vi  /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

##安装lxc

yum install lxc-* -y
yum install libcgroup* -y
yum install bridge-utils.x86_64 -y

交接网卡

[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0

[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=10.0.0.11
NETMASK=255.255.255.0
GATEWAY=10.0.0.254
DNS1=223.5.5.5

修改lxc默认配置

vi /etc/lxc/default.conf
修改第2行为:lxc.network.link = br0

启动cgroup服务

systemctl enable cgconfig.service
systemctl start cgconfig.service

创建lxc容器

方法1:
lxc-create -t download -n centos7 -- --server mirrors.tuna.tsinghua.edu.cn/lxc-images -d centos -r 7 -a amd64
方法2:
lxc-create -t centos -n test

为容器指定ip和网关

vi /var/lib/lxc/centos7/config
lxc.network.name = eth0
lxc.network.ipv4 = 10.0.0.111/24
lxc.network.ipv4.gateway = 10.0.0.254

启动容器

lxc-start -n centos7

lxc实操

#查看虚拟机

[root@docker opt]# lxc-ls   
centos7  

修改子系统root密码

[root@docker opt]# chroot /var/lib/lxc/centos7/rootfs passwd    
Changing password for user root. 
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

启动子系统

[root@docker opt]# lxc-start -n centos7   
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!

检测

[root@docker ~]# lxc-checkconfig     
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-327.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

docker容器

Docker是通过内核虚拟化技术(namespaces及cgroups cpu、内存、磁盘io等)来提供容器的资源隔离与安全保障等。由于Docker通过操作系统层的虚拟化实现隔离,所以Docker容器在运行时,不需要类似虚拟机(VM)额外的操作系统开销,提高资源利用率。

docker的主要目标是"Build,Ship and Run any App,Angwhere",构建,运输,处处运行

构建:做一个docker镜像

运输:docker pull

运行:启动一个容器

每一个容器,他都有自己的文件系统rootfs.

kvm解决了硬件和操作系统之间的依赖

docker解决了软件和操作系统环境之间的依赖,能够让独立服务或应用程序在不同的环境中,得到相同的运行结果。

docker容器是一种轻量级、可移植、自包含的软件打包技术,使应用程序可以在几乎任何地方以相同的方式运行。开发人员在自己笔记本上创建并测试好的容器,无需任何修改就能够在生产系统的虚拟机、物理服务器或公有云主机上运行。

Docker的部署

wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo

sed -i 's#download.docker.com#mirrors.ustc.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo

yum install docker-ce -y

docker的主要组成部分

docker是传统的CS架构分为docker client和docker server,向mysql一样

命令:docker version

[root@controller ~]# docker version 
Client:
 Version:    17.12.0-ce
 API version:    1.35
 Go version:    go1.9.2
 Git commit:    c97c6d6
 Built:    Wed Dec 27 20:10:14 2017
 OS/Arch:    linux/amd64

Server:
 Engine:
  Version:    17.12.0-ce
  API version:    1.35 (minimum version 1.12)
  Go version:    go1.9.2
  Git commit:    c97c6d6
  Built:    Wed Dec 27 20:12:46 2017
  OS/Arch:    linux/amd64
  Experimental:    false

设置docker远程执行

systemd详解:http://www.ruanyifeng.com/blog/2016/03/systemd-tutorial-part-two.html

在linux-node1设置

vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://10.0.0.11:2375

systemctl daemon-reload
systemctl restart docker.service

ps -ef检查

在linux-node2设置

wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo

sed -i 's#download.docker.com#mirrors.ustc.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo

yum install docker-ce -y

docker -H 10.0.0.11 info     ---  远程执行 info 展示docker的信息

docker主要组件有:镜像、容器、仓库

启动第一个容器

命令:docker run -d -p 80:80 nginx

实操:

[root@docker-node1 ~]# docker run -d -p 80:80 nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
e7bb522d92ff: Pull complete 
6edc05228666: Pull complete 
cd866a17e81f: Pull complete 
Digest: sha256:285b49d42c703fdf257d1e2422765c4ba9d3e37768d6ea83d7fe2043dad6e63d
Status: Downloaded newer image for nginx:latest
e1cb110a537622e4a5c885161bca69478adc5d218e6eb4e0307c7fe0c1350012
#run: 创建并运行一个容器,
#-d:放在后台
#-p:端口映射
#80:80:前面是宿主机的,后面是容器的
#nginx:镜像的名字

docker的镜像管理

搜索镜像

命令:docker search

实操:

[root@docker-node1 ~]# docker search centos
NAME(镜像名)     DESCRIPTION(说明)             STARS(送心数)  OFFICIAL(是否是官方的)    AUTOMATED(是否自动)
centos             The official build of CentOS.   3992               [OK]

获取镜像

命令:docker pull

实操:

[root@docker-node1 ~]# docker pull centos    --- 拉取一个镜像centos(不指定版本默认为最新版,只写名字默认在官方拉取)
Using default tag: latest
latest: Pulling from library/centos
af4b0a2388c6: Pull complete 
Digest: sha256:2671f7a3eea36ce43609e9fe7435ade83094291055f1c96d9d1d1d7c0b986a5d
Status: Downloaded newer image for centos:latest
[root@docker-node1 ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos              latest              ff426288ea90        3 weeks ago         207MB
nginx               latest              3f8a4339aadd        5 weeks ago         108MB

拉取非官网的镜像:

[root@docker-node1 ~]# docker pull index.tenxcloud.com/tenxcloud/httpd:2.4
2.4: Pulling from tenxcloud/httpd
8b87079b7a06: Downloading  11.53MB/51.36MB
a3ed95caeb02: Download complete 
0c30bf087cf7: Download complete 
79f2be53847c: Downloading  11.14MB/11.7MB
7063c4b35837: Download complete 
5c27df81ae71: Download complete

镜像加速

镜像加速器:阿里云加速器,daocloud加速器,中科大加速器,Docker 中国官方镜像加速:https://registry.docker-cn.com

镜像加速配置:

vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}    

第三方docker镜像仓库,使用方法

docker pull index.tenxcloud.com/tenxcloud/httpd:latest

镜像操作

查看镜像 

docker images

删除镜像

docker rmi  例子:docker image rm centos:latest

实操:

[root@docker ~]# docker image rm centos:latest (名字:版本)
Untagged: centos:latest
Untagged: centos@sha256:2671f7a3eea36ce43609e9fe7435ade83094291055f1c96d9d1d1d7c0b986a5d
Deleted: sha256:ff426288ea903fcf8d91aca97460c613348f7a27195606b45f19ae91776ca23d
Deleted: sha256:e15afa4858b655f8a5da4c4a41e05b908229f6fab8543434db79207478511ff7
[root@docker ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              3f8a4339aadd        5 weeks ago         108MB

导出镜像

docker save  例子:docker image save centos > docker-centos7.4.tar.gz

实操:

[root@docker ~]# docker image save centos > docker-centos7.4.tar.gz
[root@docker ~]# ls docker-centos7.4.tar.gz
docker-centos7.4.tar.gz

导入镜像

docker load  例子:docker image load -i docker-centos7.4.tar.gz

实操:

[root@docker ~]# docker image load -i docker-centos7.4.tar.gz 
e15afa4858b6: Loading layer  215.8MB/215.8MB
Loaded image: centos:latest
[root@docker ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos              latest              ff426288ea90        3 weeks ago         207MB
nginx               latest              3f8a4339aadd        5 weeks ago         108MB

查看镜像详细信息

[root@docker ~]# docker image inspect centos
[
    {
        "Id": "sha256:ff426288ea903fcf8d91aca97460c613348f7a27195606b45f19ae91776ca23d",
        "RepoTags": [
            "centos:latest"
        ],
        "RepoDigests": [],
        "Parent": "",
        "Comment": "",
        "Created": "2018-01-08T19:58:27.63047329Z",
        "Container": "dd31c81a4b47b90a14cf6d1c7389465060e390f12a0b71189d181a0458d8443f",
        "ContainerConfig": {
            "Hostname": "dd31c81a4b47",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "CMD [\"/bin/bash\"]"
            ],
            "ArgsEscaped": true,
            "Image": "sha256:5a28642a68c5af8083107fca9ffbc025179211209961eae9b1f40f928331fa90",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "build-date": "20180107",
                "license": "GPLv2",
                "name": "CentOS Base Image",
                "vendor": "CentOS"
            }
        },
        "DockerVersion": "17.06.2-ce",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/bash"
            ],
            "ArgsEscaped": true,
            "Image": "sha256:5a28642a68c5af8083107fca9ffbc025179211209961eae9b1f40f928331fa90",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "build-date": "20180107",
                "license": "GPLv2",
                "name": "CentOS Base Image",
                "vendor": "CentOS"
            }
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 207191530,
        "VirtualSize": 207191530,
        "GraphDriver": {
            "Data": {
                "DeviceId": "10",
                "DeviceName": "docker-8:2-667845-6de21ff18b07a4a121111b78d105af3ae3d1eccf0d5bcf3dff957e3640a79dac",
                "DeviceSize": "10737418240"
            },
            "Name": "devicemapper"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:e15afa4858b655f8a5da4c4a41e05b908229f6fab8543434db79207478511ff7"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

Docker的容器管理

启动一个容器

docker run -d -p 80:80 nginx

查看启动的容器(两种方法):

[root@docker-node1 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
75516b38df19        nginx               "nginx -g 'daemon of…"   3 hours ago         Up 3 hours          0.0.0.0:80->80/tcp   inspiring_euler

[root@docker-node1 ~]# docker container ls
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
75516b38df19        nginx               "nginx -g 'daemon of…"   3 hours ago         Up 3 hours          0.0.0.0:80->80/tcp   inspiring_euler

显示所有状态的容器

[root@docker-node1 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                   PORTS                NAMES
75516b38df19        nginx               "nginx -g 'daemon of…"   3 hours ago         Up 3 hours               0.0.0.0:80->80/tcp   inspiring_euler
e1cb110a5376        nginx               "nginx -g 'daemon of…"   3 hours ago         Exited (0) 3 hours ago                        thirsty_brattain

只显示容器id

[root@docker-node1 ~]# docker ps -a -q
7cef098bebc7
75516b38df19

查看容器ip

docker container inspect id或name

[root@docker-node1 ~]# docker container inspect 75516b38df19
[
    {
        "Id": "75516b38df194d00fbb2d5ce51316f621f76a1037a0fdf1d578d14498a68d8a3",
        "Created": "2018-01-31T12:12:06.387035752Z",
        "Path": "nginx",
        "Args": [
            "-g",
            "daemon off;"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 19388,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2018-01-31T12:12:06.710448922Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:3f8a4339aadda5897b744682f5f774dc69991a81af8d715d37a616bb4c99edf5",
        "ResolvConfPath": "/var/lib/docker/containers/75516b38df194d00fbb2d5ce51316f621f76a1037a0fdf1d578d14498a68d8a3/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/75516b38df194d00fbb2d5ce51316f621f76a1037a0fdf1d578d14498a68d8a3/hostname",
        "HostsPath": "/var/lib/docker/containers/75516b38df194d00fbb2d5ce51316f621f76a1037a0fdf1d578d14498a68d8a3/hosts",
        "LogPath": "/var/lib/docker/containers/75516b38df194d00fbb2d5ce51316f621f76a1037a0fdf1d578d14498a68d8a3/75516b38df194d00fbb2d5ce51316f621f76a1037a0fdf1d578d14498a68d8a3-json.log",
        "Name": "/inspiring_euler",
        "RestartCount": 0,
        "Driver": "devicemapper",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {
                "80/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "80"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "shareable",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Data": {
                "DeviceId": "8",
                "DeviceName": "docker-8:2-667845-d7559a9d1629b837315264d5191776a3583b745cbb270be66f15126659ea266d",
                "DeviceSize": "10737418240"
            },
            "Name": "devicemapper"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "75516b38df19",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.13.8-1~stretch",
                "NJS_VERSION=1.13.8.0.1.15-1~stretch"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "ArgsEscaped": true,
            "Image": "nginx",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
            },
            "StopSignal": "SIGTERM"
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "33eb47f2321af718ee6a7564f8ae8c9841719051efebb2dfdb8a206d19e83004",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "80/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "80"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/33eb47f2321a",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "a4a179b29fb9cda0c6332579460dddc5fbc6e7f29dd5608ae9f5742701d4202e",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "12e101b4dd9dd0078bab6ed9ce9aaf2d7cca2e00e4a66b5629f088732d6698d0",
                    "EndpointID": "a4a179b29fb9cda0c6332579460dddc5fbc6e7f29dd5608ae9f5742701d4202e",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

停止容器

docker container stop id或name
docker container kill id或name

实操:

[root@docker-node1 ~]# docker container stop 75516b38df19
75516b38df19
[root@docker-node1 ~]# docker container ls
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@docker-node1 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES
75516b38df19        nginx               "nginx -g 'daemon of…"   3 hours ago         Exited (0) 10 seconds ago                       inspiring_euler
e1cb110a5376        nginx               "nginx -g 'daemon of…"   3 hours ago         Exited (0) 3 hours ago                          thirsty_brattain

总结:docker容器内的第一个进程必须一直处于前台运行的状态,否则这个容器,就会处于退出状态!

删除已关闭的容器

[root@docker-node1 ~]# docker container rm e1cb110a5376
e1cb110a5376

批量删除:

docker rm -f `docker ps -a -q`    -- 强制删除全部,包括启动中的

[root@docker-node1 ~]# docker rm `docker ps -a -q`    #只删除关闭状态的
7cef098bebc7
75516b38df19

交互式进入容器,分配终端

docker run -it nginx:latest /bin/bash

-i -t:--interactive --tty(直接进入容器)

[root@docker-node1 ~]# docker run -it nginx:latest /bin/bash
root@7cef098bebc7:/# ls
bin   dev  home  lib64    mnt  proc  run     srv  tmp  var
boot  etc  lib     media    opt  root  sbin  sys  usr

进入容器的方法

[root@docker-node1 opt]# docker run -it --name erlianzhang centos:latest 
[root@b07f6aad08cd /]#

进入到存活的容器中

[root@docker ~]# docker attach erlianzhang 
[root@b07f6aad08cd /]# 

exec方式必须指定起始命令 --- 推荐使用exec

[root@docker ~]# docker exec -it erlianzhang /bin/bash
[root@abcadd1250cb /]# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 16:14 pts/0    00:00:00 /bin/bash
root         13      0  0 16:16 pts/1    00:00:00 /bin/bash
root         25     13  0 16:16 pts/1    00:00:00 ps -ef

注意:进入容器中第一个命令一定要让容器夯住,否则会变成退出状态

暂时退出容器:ctrl+p,ctrl+q

回到容器:docker attach id或name

docker容器的网络访问

指定映射

    -p hostPort:containerPort
    -p ip:hostPort:containerPort 
    -p ip::containerPort
    -p hostPort:containerPort:udp
    -p 81:80 –p 443:443

随机映射

docker run -P

实操

docker run -d -p 888:80 nginx:latest

docker run -d -p 10.0.0.11:80:80 nginx:latest

[root@docker-node1 opt]# docker run -d -p 888:80 nginx:latest 
1b177e8c6357ed08ddabb745b902a4e577e8c25e154a4b891dfa900b108dd4bd
[root@docker-node1 opt]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1406/sshd           
tcp        0      0 10.0.0.11:2375          0.0.0.0:*               LISTEN      19206/dockerd       
tcp6       0      0 :::22                   :::*                    LISTEN      1406/sshd           
tcp6       0      0 :::888                  :::*                    LISTEN      21455/docker-proxy  

docker的数据卷管理

数据卷(文件或目录)

    -v /data
    -v src:dst

数据卷容器

    --volumes-from

实操:挂载数据卷在容器宿主机

[root@docker-node1 opt]# docker run -d -p 80:80 -v /data:/usr/share/nginx/html nginx:latest
884b2c093c5c59897bd55b0dcec36c882abdc99134f8fffed4cb5decda17327d

创建数据卷

[root@docker-node1 data]# docker volume ls
DRIVER              VOLUME NAME
local               qingge

手动将容器保存为镜像(制作镜像)

命令:docker commit

特权容器

docker run --privileged  -ti -e "container=docker"  -v /sys/fs/cgroup:/sys/fs/cgroup  centos:latest  /usr/sbin/init

保存为镜像

[root@docker-node1 ~]# docker commit ebfdf46f9f12 centos6-ssh
sha256:b917ca49263af6d4435dc3c144c214af29c56dad7256e4de7978ffd9a7e24f39
[root@docker-node1 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos6-ssh         latest              b917ca49263a        5 seconds ago       315MB
httpd               2.4                 2e202f453940        5 days ago          179MB
centos              latest              ff426288ea90        3 weeks ago         207MB
nginx               latest              3f8a4339aadd        5 weeks ago         108MB
centos              6.8                 6704d778b3ba        2 months ago        195MB

dockerfile自动构建docker镜像

dockerfile主要组成部分:

    基础镜像信息       FROM:centos:6.8
    制作镜像操作指令   RUN yum install openssh-server -y
    容器启动时执行指令 CMD ["/bin/bash"]

dockerfile常用指令:

    FROM        这个镜像的妈妈是谁?  (指定基础镜像)
    MAINTAINER  告诉别人,谁负责养它?(指定维护者信息,可以没有)
    RUN         你想让它干啥         (在命令前面加上RUN即可)
    ADD         给它点创业资金       (COPY文件,会自动解压)
    WORKDIR     我是cd,今天刚化了妆  (设置当前工作目录)
    VOLUME      给它一个存放行李的地方(设置卷,挂载主机目录)
    EXPOSE      它要打开的门是啥     (指定对外的端口)
    CMD         奔跑吧,兄弟!       (指定容器启动后的要干的事情)

dockerfile其他指令:

    COPY             复制文件
    ENV              环境变量
    ENTRYPOINT       容器启动后执行的命令

实例:

此处在CMD处执行的是一个脚本,脚本内容大致是开启ssh服务并让ssh服务夯住,参数是-D,开启httpd服务

[root@docker-node1 ~]# cat /opt/base/Dockerfile 
FROM centos:6.8
RUN yum install wget unzip php* httpd openssh-server -y
RUN cd /var/www/html/ && wget http://static.kodcloud.com/update/download/kodexplorer4.25.zip && unzip kodexplorer4.25.zip 
RUN echo 'root:123456'|chpasswd
RUN echo 'ServerName 127.0.0.1:80' >>/etc/httpd/conf/httpd.conf
RUN /etc/init.d/sshd start
RUN chmod -Rf 777 /var/www/html/
RUN sed 's#Options Indexes FollowSymLinks#Options FollowSymLinks#g' /etc/httpd/conf/httpd.conf -i
COPY init.sh /init.sh
EXPOSE 80/tcp
EXPOSE 22/tcp
CMD ["/bin/bash","/init.sh"]
[root@docker-node1 ~]# ll /opt/base/
total 8
-rw-r--r-- 1 root root 528 Feb  1 06:16 Dockerfile
-rw-r--r-- 1 root root  82 Feb  1 03:37 init.sh
[root@docker-node1 ~]# docker image build -t centos6-yun .

docker image build -t centos6-yun /opt/base/Dockerfile

docker image build -t 指定一个自动构建的镜像标签 Dockerfile文件路径

参考其他的dockerfile

官方dockerfile或者时速云镜像广场

容器间的互联

    docker run -d -p 80:80 nginx
    docker run -it --link quirky_brown:web01 qstack/centos-ssh /bin/bash
    ping web01

使用docker运行zabbix-server

docker run --name mysql-server -t \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -d mysql:5.7 \
      --character-set-server=utf8 --collation-server=utf8_bin

docker run --name zabbix-java-gateway -t \
      -d zabbix/zabbix-java-gateway:latest

docker run --name zabbix-server-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
      --link mysql-server:mysql \
      --link zabbix-java-gateway:zabbix-java-gateway \
      -p 10051:10051 \
      -d zabbix/zabbix-server-mysql:latest

docker run --name zabbix-web-nginx-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      --link mysql-server:mysql \
      --link zabbix-server-mysql:zabbix-server \
      -p 80:80 \
      -d zabbix/zabbix-web-nginx-mysql:latest

docker私有仓库

普通的registry

启动registry容器

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry

修改配置文件

/etc/docker/daemon.json

{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["10.0.0.11:5000"]
}

"insecure-registries": ["10.0.0.11:5000"]   ---- 将https转换成http

重启docker服务

systemctl restart docker.service

为镜像打标签

docker tag centos6-yun:latest 10.0.0.11:5000/erlianzhang/centos6-yun:latest

push推送镜像

docker push 10.0.0.11:5000/erlianzhang/centos6-yun:latest

带basic认证的registry

mkdir /opt/registry-var/auth/ -p
htpasswd  -Bbn oldboy 123456  >> /opt/registry-var/auth/htpasswd
docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry

实操

yum install httpd-tools.x86_64 -y

[root@docker-node1 ~]# mkdir /opt/registry-var/auth/ -p
ASSWD_PATH=/auth/htpasswd registry
[root@docker-node1 ~]# htpasswd  -Bbn erlianzhang 123456 d>> /opt/registry-var/auth/htpassw 
[root@docker-node1 ~]# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
589820e671fa51114bf9ccf143375bce7351a80f7035e571f4e8524a1096edbb
[root@docker-node1 ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
589820e671fa        registry            "/entrypoint.sh /etc…"   11 seconds ago      Up 11 seconds       0.0.0.0:5000->5000/tcp   confident_visvesvaraya
[root@docker-node1 ~]# docker push 10.0.0.11:5000/erlianzhang/centos6-yun:latest   --- 不验证就不能上传
The push refers to repository [10.0.0.11:5000/erlianzhang/centos6-yun]
f8508dc392c8: Preparing 
f85b7909a4bc: Preparing 
8b2d1868cde8: Preparing 
ad87982f4b1b: Preparing 
ac521dbe8cd3: Preparing 
3d169f2d5cff: Waiting 
6bad9d62f12a: Waiting 
f28db075daf0: Waiting 
e00c9229b481: Waiting 
no basic auth credentials
[root@docker-node1 ~]# docker login 10.0.0.11:5000    --- 验证一下
Username: erlianzhang
Password: 
Login Succeeded
[root@docker-node1 ~]# docker push 10.0.0.11:5000/erlianzhang/centos6-yun:latest   --- 再次上传就可以了
The push refers to repository [10.0.0.11:5000/erlianzhang/centos6-yun]
f8508dc392c8: Pushed 
f85b7909a4bc: Pushed 
8b2d1868cde8: Pushed 
ad87982f4b1b: Pushed 
ac521dbe8cd3: Pushed 
3d169f2d5cff: Pushed 
6bad9d62f12a: Pushed 
f28db075daf0: Pushed 
e00c9229b481: Pushed 
latest: digest: sha256:46e0409381ef7c5922bc5c37b5888015ab415c0e7248e463323db361318e93bf size: 2205

验证

[root@docker-node1 ~]# cat .docker/config.json 
{
    "auths": {
        "10.0.0.11:5000": {
            "auth": "b2xkYm95OjEyMzQ1Ng=="
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/17.12.0-ce (linux)"
    }
}

docker-compose(单机版的容器编排工具)

docker-compose简介

一句话:docker-compose是用来做docker的多容器控制

docker-compose 是什么

docker-compose是一个用来把docker自动化的东西。

有了docker-compose你可以把所有繁复的docker操作全都一条命令,自动化的完成。

详细指令参考:https://www.jianshu.com/p/2217cfed29d7

安装python环境

yum install -y python2-pip

详细指令:http://www.jianshu.com/p/2217cfed29d7

配置pip加速

[root@docker-node1 ~]# mkdir .pip
[root@docker-node1 ~]# vim ~/.pip/pip.conf
[global]
index-url = http://mirrors.aliyun.com/pypi/simple/

[install]
trusted-host=mirrors.aliyun.com
pip install docker-compose

配置文件

该配置文件是部署wordpress博客网站的

cd my_wordpress/
vi docker-compose.yml
version: '3'

services:
   db:
     image: mysql:5.7
     volumes:
       - /data/db_data:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: somewordpress
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress

   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     volumes:
       - /data/web_data:/var/www/html
     ports: 
       - "8000:80"
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress

启动服务

#启动
docker-compose up
#后台启动
docker-compose up -d

docker配合haproxy负载

灰度重启容器,防止因为更新业务全部关闭容器

安装haproxy

yum install haproxy -y

修改配置文件

vi /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats level admin
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
listen stats
    mode http
    bind 0.0.0.0:8888
    stats enable
    stats uri     /haproxy-status 
    stats auth    admin:123456
frontend frontend_www_example_com
    bind 10.0.0.11:8000
    mode http
    option httplog
    log global
    default_backend backend_www_example_com
backend backend_www_example_com
    option forwardfor header X-REAL-IP
    option httpchk HEAD / HTTP/1.0
    balance roundrobin
    server web-node1  10.0.0.11:32768 check inter 2000 rise 30 fall 15
    server web-node2  10.0.0.11:32769 check inter 2000 rise 30 fall 15

启动服务

systemctl start haproxy

安装socat

yum install socat.x86_64 -y
echo "disable server backend_www_example_com/web-node3"|socat stdio /var/lib/haproxy/stats
echo "enable server backend_www_example_com/web-node3"|socat stdio /var/lib/haproxy/stats

利用测试页测试

<html>
    <head>
        <title>PHP测试</title>
    </head>
    <body>
        <?php  echo '<p>Hello World </p>'; ?>
        <?php  echo "访问的服务器地址是:"."<fontcolor=red>".$_SERVER['SERVER_ADDR']."</font>"."<br>";
        echo"访问的服务器域名是:"."<fontcolor=red>".$_SERVER['SERVER_NAME']."</font>"."<br>";
        ?>
    </body>
</html>

Docker网络类型

类型

说明

None

不为容器配置任何网络功能,没有网络 --net=none

Container

与另一个运行中的容器共享Network Namespace,--net=container:containerID

Host

与主机共享Network Namespace,--net=host

Bridge

Docker设计的NAT网络模型(默认类型)

Bridge默认docker网络隔离基于网络命名空间,在物理机上创建docker容器时会为每一个docker容器分配网络命名空间,并且把容器IP桥接到物理机的虚拟网桥上。

不为容器配置网络功能 

此模式下创建容器是不会为容器配置任何网络参数的,如:容器网卡、IP、通信路由等,全部需要自己去配置。

[root@docker01 ~]# docker run  -it --network none busybox:latest  /bin/sh 
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

与其他容器共享网络配置(Container)

此模式和host模式很类似,只是此模式创建容器共享的是其他容器的IP和端口而不是物理机,此模式容器自身是不会配置网络和端口,创建此模式容器进去后,你会发现里边的IP是你所指定的那个容器IP并且端口也是共享的,而且其它还是互相隔离的,如进程等。

[root@docker01 ~]# docker run  -it --network container:mywordpress_db_1  busybox:latest  /bin/sh 
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
105: eth0@if106: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

使用宿主机网络

此模式创建的容器没有自己独立的网络命名空间,是和物理机共享一个Network Namespace,并且共享物理机的所有端口与IP,并且这个模式认为是不安全的。、

[root@docker01 ~]# docker run  -it --network host  busybox:latest  /bin/sh

查看网络列表

[root@docker01 ~]# docker network list 
NETWORK ID          NAME                  DRIVER              SCOPE
b15e8a720d3b        bridge                bridge              local
345d65b4c2a0        host                  host                local
bc5e2a32bb55        mywordpress_default   bridge              local
ebf76eea91bb        none                  null                local

用PIPEWORK为docker容器配置独立IP

参考文档:http://blog.csdn.net/design321/article/details/48264825

官方网站:https://github.com/jpetazzo/pipework

宿主环境:centos7.2

1、安装pipework

wget https://github.com/jpetazzo/pipework/archive/master.zip
unzip master.zip
cp pipework-master/pipework  /usr/local/bin/
chmod +x /usr/local/bin/pipework

2、配置网桥连接

安装桥接工具

yum install bridge-utils.x86_64 -y

修改网卡配置,实现桥接

# 修改eth0配置,让br0实现桥接
[root@docker01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0

[root@docker01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=10.0.0.100
NETMASK=255.255.255.0
GATEWAY=10.0.0.254
DNS1=223.5.5.5

# 重启网络
[root@docker01 ~]# /etc/init.d/network restart

3、运行一个容器镜像测试:

pipework br0 $(docker run -d -it -p 6880:80 --name  httpd_pw httpd) 10.0.0.220/24@10.0.0.254

在其他主机上测试端口及连通性

[root@docker01 ~]# curl 10.0.0.220
<html><body><h1>It works!</h1></body></html>
[root@docker01 ~]# ping 10.0.0.220 -c 1
PING 10.0.0.220 (10.0.0.220) 56(84) bytes of data.
64 bytes from 10.0.0.220: icmp_seq=1 ttl=64 time=0.043 ms

4、再运行一个容器,设置网路类型为none:

pipework br0 $(docker run -d -it --net=none --name test httpd:2.4) 10.0.0.221/24@10.0.0.254

进行访问测试

[root@docker01 ~]# curl 10.0.0.221
<html><body><h1>It works!</h1></body></html>

5、重启容器后需要再次指定:

pipework br0 testduliip  172.16.146.113/24@172.16.146.1
pipework br0 testduliip01  172.16.146.112/24@172.16.146.1

Docker跨主机通信之macvlan

创建macvlan网络

docker network create --driver macvlan --subnet 10.1.0.0/24 --gateway 10.1.0.254 -o parent=eth0 macvlan_1

设置eth0的网卡为混杂模式

ip link set eth0 promisc on

创建使用macvlan网络的容器

docker run -it --network macvlan_1 --ip=10.1.0.210 busybox:latest /bin/sh

基于macvlan网络,还存有overlay网络

Dcoker跨主机通信之overlay 参考文档:http://www.cnblogs.com/CloudMan6/p/7270551.html

Docker镜像的生命周期图

docker企业级镜像仓库harbor

介绍

Harbor 是一个企业级的 Docker Registry,可以实现 images 的私有存储和日志统计权限控制等功能,并支持创建多项目(Harbor 提出的概念),基于官方 Registry V2 实现。 通过地址:https://github.com/vmware/harbor/releases 可以下载最新的版本。  官方提供了两种版本:在线版和离线版。

安装步骤

容器管理

[root@docker01 harbor]# pwd
/opt/harbor
[root@docker01 harbor]# docker-compose stop

第一步:安装docker和docker-compose

下载harbor-offline-installer-v1.3.0.tgz

cd /opt && https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.3.0.tgz
tar xf harbor-offline-installer-v1.3.0.tgz

第二步:修改主机及web界面密码

修改harbor.cfg配置文件

[root@docker01 harbor]# vim harbor.cfg 
    ···
    hostname = 10.0.0.100
    harbor_admin_password = 123456
    ···

第三步:执行install.sh

[root@docker01 harbor]# ./install.sh

第四步:web登陆测试

 镜像推送到仓库的指定项目

[root@docker02 ~]# docker  tag centos:6.8  10.0.0.100/clsn/centos6.8:1.0
[root@docker02 ~]#  
[root@docker02 ~]# docker images 
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
busybox                     latest              5b0d59026729        8 days ago          1.15MB
10.0.0.100/clsn/centos6.8   1.0                 6704d778b3ba        2 months ago        195MB
centos                      6.8                 6704d778b3ba        2 months ago        195MB
[root@docker02 ~]# docker login 10.0.0.100
Username: admin
Password: 
Login Succeeded

推送镜像

[root@docker02 ~]# docker push 10.0.0.100/clsn/centos6.8 
The push refers to repository [10.0.0.100/clsn/centos6.8]
e00c9229b481: Pushing  13.53MB/194.5MB

 转载注明出处,写这篇很累!!!

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏吴伟祥

Docker学习总结——理解Docker与安装(一) 顶

Docker 是一个开源的应用容器引擎(软件工业上的集装箱技术),让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的Linux机器上...

11910
来自专栏AI-vell

docker镜像制作commit方式

可以先基于一个已有镜像,通过bash添加自己需要的环境,然后commit一下【虽然官方不建议通过commit方式来创建,如果不担心镜像会越来越大的话,这种方式是...

29560
来自专栏Coding01

自建 Laravel 的 Docker 开发环境

好久没写东西,今天说一说怎么自建一个 Laravel 运行的 Docker 环境。

19620
来自专栏A周立SpringCloud

Docker系列教程12-使用Maven插件构建Docker镜像

我们知道,Maven是一个强大的项目管理与构建工具。如果可以使用Maven构建Docker镜像,那么我们的工作就能得到进一步的简化。 经过调研,以下几款Mave...

49390
来自专栏coder修行路

Docker的容器

容器是一个打包了应用和服务的环境,是一个轻量级的虚拟机,每一个容器都由一组特定的应用和必要的依赖库组成。 容器的管理操作 容器常见的命令:查看、创建、启动、终止...

26070
来自专栏晓晨的专栏

Windows 10 安装 Docker for Windows

51120
来自专栏云计算教程系列

如何在Ubuntu 14.04上安装和使用Docker Compose

Docker是一个很棒的工具,但要真正充分发挥其潜力,最好是应用程序的每个组件都在自己的容器中运行。对于具有大量组件的复杂应用程序,编排所有容器以一起启动和关闭...

47910
来自专栏coder修行路

Docker的镜像

镜像是容器的运行基础,容器是镜像运行后台的形态 镜像的概念 镜像是一个包含程序运行必要依赖环境和代码的只读文件,它采用分层的文件系统,将每一次改变以读写层的形式...

32460
来自专栏极客慕白的成长之路

系统学习Docker践行DevOps理念(一)

0x1.传统应用运维的弊端 * 部署非常慢成本非常高资源浪费 * 难于迁移和扩展可 * 能会被限定硬件厂商

10810
来自专栏后台及大数据开发

docker:(1)docker基本命令使用及发布镜像

docker镜像可以完全看作一台全新的电脑使用,无论什么镜像都是对某一东西进行了配置,然后打包后可以快速移植到需要的地方直接使用

30620

扫码关注云+社区

领取腾讯云代金券