2. 技术博客
  3. docker容器安装配置及创建容器

docker容器安装配置及创建容器

tech2024-06-20  65

一、什么是docker

Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。docker好比传统的货运集装箱

docker为应用打包、部署平台,而非单纯的虚拟化技术docker只是一个容器引擎,生产环境用编排服务(k8s 微服务)docker是C/S结构

与虚拟机相比

容器: 直接共享宿主机,资源占用更小,几乎无性能损耗,可移植性高,轻量、灵活迁移。部署更快速,运行密度:单机支持上千容器。 可以理解为操作系统的一个进程 虚拟机: 什么都不干就会有50M的内存开销,操作系统额外的cpu、内存消耗。笨重、与虚拟化技术耦合度高

docker-ce:社区版 docker-ee:商务版

对于开发人员:build once,run anywhere(一次构建,可以在任何地方运行) 对于运维人员:configure once,run anything(一次配置,可以运行所有东西)

开发,运维与线上环境不同,docker可以解决相互沟通问题

二、安装容器

1.使虚拟机可以上网

[root@foundation4 ~]# iptables -t nat -I POSTROUTING -s 172.25.4.0/24 -j MASQUERADE

2.配置docker-ce yum源

[root@server1 ~]# cd /etc/yum.repos.d/ [root@server1 yum.repos.d]# ls dvd.repo redhat.repo [root@server1 yum.repos.d]# vim docker-ce.repo [root@server1 yum.repos.d]# cat docker-ce.repo [docker] name=docker ce baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/ gpgcheck=0 [root@server1 yum.repos.d]# yum repolist Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. docker | 3.5 kB 00:00:00 (1/2): docker/primary_db | 45 kB 00:00:00 (2/2): docker/updateinfo | 55 B 00:00:00 repo id repo name status docker docker ce 79 dvd rhel7.6 5,152 repolist: 5,231 [root@server1 ~]# vim /etc/yum.conf keepcache=1

3.安装docker并开启服务

[root@server1 yum.repos.d]# cd [root@server1 ~]# ls containerd.io-1.2.13-3.2.el7.x86_64.rpm docker-ce-19.03.12-3.el7.x86_64.rpm container-selinux-2.77-1.el7.noarch.rpm docker-ce-cli-19.03.12-3.el7.x86_64.rpm # docker-ce server端 # docker-ce-cli 用户端 #containerd 依赖性 [root@server1 ~]# yum install containerd.io-1.2.13-3.2.el7.x86_64.rpm docker-ce-19.03.12-3.el7.x86_64.rpm container-selinux-2.77-1.el7.noarch.rpm docker-ce-cli-19.03.12-3.el7.x86_64.rpm -y [root@server1 ~]# systemctl start docker [root@server1 ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@server1 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@server1 ~]# yum install bash-* -y # 补齐

4.执行docker info出现如下警告

WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled

解决方法:

[root@server1 ~]# cd /etc/sysctl.d/ [root@server1 sysctl.d]# vim docker.conf bridge-nf-call-iptables=1 bridge-nf-call-ip6tables=1 [root@server1 sysctl.d]# sysctl -a|grep /proc/sys/bridge-nf-call-iptables sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.docker0.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" [root@server1 sysctl.d]# sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-iptables = 1 [root@server1 sysctl.d]# sysctl net.bridge.bridge-nf-call-ip6tables net.bridge.bridge-nf-call-ip6tables = 1 [root@server1 sysctl.d]# docker info # 显示系统相关信息 Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.12 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.el7.x86_64 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo) OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 991.1MiB Name: server1 ID: RNUW:Y4L6:4TLX:G66T:6FXP:2T65:QRLW:PREX:CXWD:6TRM:NRAJ:GKWQ Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

三、使用本地镜像创建容器

[root@server1 sysctl.d]# cd [root@server1 ~]# ls #网上下载一个镜像 game2048.tar [root@server1 ~]# docker load -i game2048.tar #导入本地镜像 011b303988d2: Loading layer [==================================================>] 5.05MB/5.05MB 36e9226e74f8: Loading layer [==================================================>] 51.46MB/51.46MB 192e9fad2abc: Loading layer [==================================================>] 3.584kB/3.584kB 6d7504772167: Loading layer [==================================================>] 4.608kB/4.608kB 88fca8ae768a: Loading layer [==================================================>] 629.8kB/629.8kB Loaded image: game2048:latest [root@server1 ~]# docker images #列出本地镜像 REPOSITORY TAG IMAGE ID CREATED SIZE game2048 latest 19299002fdbe 3 years ago 55.5MB [root@server1 ~]# docker run -d --name demo -p 80:80 game2048 # run:运行, -d:打入后台 -p :端口映射 80:80 宿主机:容器 # 容器走的是桥接,有独立的ip地址 c76c29d74a33544cdbb9524630064518be09afe077f69dd54482e3468cf292e7 [root@server1 ~]# netstat -antlp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::80 :::* LISTEN 4289/docker-proxy

网页测试: http://172.25.4.1/

四、docker镜像的分层结构

镜像分层结构的优点主要在于共享资源

copy-on-write 可写容器层容器层以下所有镜像层都是只读的docker从上往下依次查找文件容器层保存镜像变化的部分,并不会对镜像本本身进行任何修改一个镜像最多127层 [root@server1 ~]# docker history game2048:latest #查看镜像分层结构(镜像的构建历史) IMAGE CREATED CREATED BY SIZE COMMENT 19299002fdbe 3 years ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "sed … 0B <missing> 3 years ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B <missing> 3 years ago /bin/sh -c #(nop) COPY dir:cb74e9c037a3d501c… 600kB <missing> 3 years ago /bin/sh -c #(nop) MAINTAINER Golfen Guo <go… 0B <missing> 3 years ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B <missing> 3 years ago /bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp 0B <missing> 3 years ago /bin/sh -c #(nop) COPY file:d15ceb73c6ea776c… 1.1kB <missing> 3 years ago /bin/sh -c #(nop) COPY file:af94db45bb7e4b8f… 643B <missing> 3 years ago /bin/sh -c GPG_KEYS=B0F4253373F8F6F510D42178… 50.1MB <missing> 3 years ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.11.7 0B <missing> 3 years ago /bin/sh -c #(nop) MAINTAINER NGINX Docker M… 0B <missing> 3 years ago /bin/sh -c #(nop) ADD file:7afbc23fda8b0b387… 4.8MB

miss是因为是在官方主机构建的,本地没有构建信息。但是可以使用

[root@server1 ~]# docker pull nginx # 拉取nginx镜像,默认情况下拉取最新版本 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest [root@server1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 4bb46517cac3 2 weeks ago 133MB game2048 latest 19299002fdbe 3 years ago 55.5MB [root@server1 ~]# docker history nginx:latest IMAGE CREATED CREATED BY SIZE COMMENT 4bb46517cac3 2 weeks ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B <missing> 2 weeks ago /bin/sh -c #(nop) STOPSIGNAL SIGTERM 0B <missing> 2 weeks ago /bin/sh -c #(nop) EXPOSE 80 0B <missing> 2 weeks ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr… 0B <missing> 2 weeks ago /bin/sh -c #(nop) COPY file:0fd5fca330dcd6a7… 1.04kB <missing> 2 weeks ago /bin/sh -c #(nop) COPY file:1d0a4127e78a26c1… 1.96kB <missing> 2 weeks ago /bin/sh -c #(nop) COPY file:e7e183879c35719c… 1.2kB <missing> 2 weeks ago /bin/sh -c set -x && addgroup --system -… 63.4MB <missing> 2 weeks ago /bin/sh -c #(nop) ENV PKG_RELEASE=1~buster 0B <missing> 2 weeks ago /bin/sh -c #(nop) ENV NJS_VERSION=0.4.3 0B <missing> 2 weeks ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.19.2 0B <missing> 4 weeks ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B <missing> 4 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 4 weeks ago /bin/sh -c #(nop) ADD file:3af3091e7d2bb40bc… 69.2MB

不同版本的镜像,使同一层的镜像

[root@server1 ~]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 13768 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1879 [OK] # nginx 是官方上传的镜像 # jwilder/nginx-proxy 是个人上传的镜像

内核相同,文件系统不同 镜像里面封装的是根文件系统

[root@server1 ~]# uname -r 3.10.0-957.el7.x86_64 [root@server1 ~]# docker pull busybox Using default tag: latest latest: Pulling from library/busybox 9c075fe2c773: Pull complete Digest: sha256:c3dbcbbf6261c620d133312aee9e858b45e1b686efbcead7b34d9aae58a37378 Status: Downloaded newer image for busybox:latest docker.io/library/busybox:latest [root@server1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest edabd795951a 2 days ago 1.22MB nginx latest 4bb46517cac3 2 weeks ago 133MB game2048 latest 19299002fdbe 3 years ago 55.5MB [root@server1 ~]# docker ps #查看容器进程 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c76c29d74a33 game2048 "/bin/sh -c 'sed -i …" 58 minutes ago Up 58 minutes 0.0.0.0:80->80/tcp, 443/tcp demo [root@server1 ~]# docker rm -f demo #强制删除正在运行的容器 demo [root@server1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@server1 ~]# docker run -it --name test busybox / # ls bin dev etc home proc root sys tmp usr var / # uname -r #查看内核版本,与宿主机内核版本相同(因为共享宿主机内核) 3.10.0-957.el7.x86_64

意为这在同一台宿主机可以运行不同的操作系统,不同的操作系统只是根文件系统不同

[root@server1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cf75faf2a77e busybox "sh" 2 minutes ago Exited (0) 14 seconds ago test [root@server1 ~]# docker rm test test
最新回复(0)