docker || 基本知识和部署（centos7）_centos docker

docker 是什么？

docker是一个软件，使用go语言开发，作用是对容器进行管理。

docker是容器技术的经典代表，docker 容器启动软件，颠覆了我们传统的软件安装的方式。

使用容器的好处

1.成本低廉
2.管理方便

容器和虚拟机的区别？

docker的优势：

1.启动速度快

2.资源消耗小

3.扩展方便

docker的缺点：

1. app隔离没有虚拟机彻底

2. 虚拟机的安全性要高一些

3. 层次不一样：虚拟机多一层封装

docker底层是如何做隔离的？

name space；kernel lxc；control groups；lxc+namespace+cgroups

Docker Engine 使用了以下 Linux 的隔离技术:

The pid namespace: 管理 PID 命名空间 (PID: Process ID)
 
The network namespace: 管理网络命名空间(NET: Networking)
 
The ipc namespace: 管理进程间通信命名空间(IPC: InterProcess Communication)
 
The mount namespace: 管理文件系统挂载点命名空间 (MNT: Mount)
 
The uts namespace: Unix 时间系统隔离. (UTS: Unix Timesharing System)
 
The user namespace：管理用户命令空间

namespace有什么作用？

1.隔离资源

2.是内存里存放数据的一个空间

关闭防火墙对docker的影响？

关闭防火墙或者清除防火墙规则，会导致iptables里的docker相关SNAT或者DNAT等策略失效，导致容器不能和外面的机器通信。
重启docker服务，会自动添加docker相关的iptables规则。

docker在centos7系统的安装过程：

1.卸载原来安装过的docker，如果没有安装可以不需要卸载。

yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

#The Docker Engine package is now called docker-ce.

2.安装yum相关的工具，下载docker-ce.repo文件

yum install -y yum-utils
 
yum-config-manager \
>     --add-repo \
>     https://download.docker.com/linux/centos/docker-ce.repo

添加docker官方的yum仓库文件，一会需要去docker官方的yum仓库下载软件。

如果下载比较慢的话，可以自己更改下载源。

[root@sc-docker yum.repos.d]# cd /etc/yum.repos.d/   # 存放所有的yum仓库文件的
 
[root@sc-docker yum.repos.d]# ls
CentOS-Base.repo  CentOS-Debuginfo.repo  CentOS-Media.repo    CentOS-Vault.repo          docker-ce.repo
CentOS-CR.repo    CentOS-fasttrack.repo  CentOS-Sources.repo  CentOS-x86_64-kernel.repo  nginx.repo
docker-ce.repo  # 就是我们刚刚下载的

3.安装docker-ce软件

yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
 
 
# container engine 容器引擎
# docker是一个容器管理的软件
# docker-ce 是服务器端软件 server
# docker-ce-cli 是客户端软件 client
# docker-compose-plugin 是compose插件，用来批量启动很多容器，在单台机器上
# containerd.io  底层用来启动容器的

4.启动docker，并且设置docker开机启动

[root@sc-docker yum.repos.d]# systemctl start docker
[root@sc-docker yum.repos.d]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
 
[root@sc-docker yum.repos.d]# ps aux|grep docker
root       16210  0.4  2.0 1368904 79400 ?       Ssl  17:29   0:00 /usr/bin/dockerd-H fd:// --containerd=/run/containerd/containerd.sock
root       16363  0.0  0.0  12348  1112 pts/0    S+   17:30   0:00 grep --color=auto docker

docker的一个容器，背后就是一个进程。

5.测试运行一个docker容器，下载nginx镜像并且启动一个nignx的服务。

[root@sc-docker yum.repos.d]# docker pull  nginx  # 下载nginx的镜像
Using default tag: latest
latest: Pulling from library/nginx
7a6db449b51b: Pull complete 
ca1981974b58: Pull complete 
d4019c921e20: Pull complete 
7cb804d746d4: Pull complete 
e7a561826262: Pull complete 
7247f6e5c182: Pull complete 
Digest: sha256:b95a99feebf7797479e0c5eb5ec0bdfa5d9f504bc94da550c2f58e839ea6914f
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
 
[root@sc-docker yum.repos.d]# docker images   # 查看已经下载的镜像
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
nginx        latest    2b7d6430f78d   2 days ago   142MB
 
 
# 使用docker启动一个容器，可以理解为开启一台虚拟机
[root@sc-docker yum.repos.d]# docker run -d -p 8090:80 --name  sc-nginx  nginx
bda1e5c73838b5e48e711f27f3473f1749006786c28e061a9469f49e93439e32
 
# docker run 是启动容器的命令
# -d 在后台运行 daemon 守护进程
 
# -p 8090:80  指定端口映射    DNAT 访问本机的8090端口，转发到docker容器的80端口
 
# --name  sc-nginx  指定容器的名字
#  nginx 是镜像的名字
 
# 在windows浏览器上测试能否访问宿主机的8090端口
# http://192.168.1.183:8090/

使用容器启动一个MySQL的服务：

1.下载镜像

[root@sc-docker ~]# docker pull mysql:5.7.39
5.7.39: Pulling from library/mysql
9815334b7810: Pull complete 
f85cb6fccbfd: Pull complete 
b63612353671: Pull complete 
447901201612: Pull complete 
9b6bc806cc29: Pull complete 
24ec1f4b3b0d: Pull complete 
207ed1eb2fd4: Pull complete 
27cbde3edd97: Pull complete 
0a5aa35cc154: Pull complete 
e6c92bf6471b: Pull complete 
07b80de0d1af: Pull complete 
Digest: sha256:c1bda6ecdbc63d3b0d3a3a3ce195de3dd755c4a0658ed782a16a0682216b9a48
Status: Downloaded newer image for mysql:5.7.39
docker.io/library/mysql:5.7.39

2.启动容器

[root@sc-docker ~]# docker run -d --name sc-mysql-1 -p 3306:3306 -e MYSQL_ROOT_PASSWORD="sc123456
3d15dbc364ac4ed187ceb68c1a2215c33b6512680864cc49a31bf799052b277c
 
[root@sc-docker ~]# docker ps
CONTAINER ID   IMAGE     COMMAND  CREATED   STATUS     PORTS    NAMES
3d15dbc364ac   mysql:5.7.39   "docker-entrypoint.s…"   3 seconds ago   Up 3 seconds   0.0.0.0:330cp, 33060/tcp   sc-mysql-1
73e618b7f293   nginx          "/docker-entrypoint.…"   3 hours ago     Up 3 hours     0.0.0.0:809                sc-nginx

3.进入mysql容器里

docker exec 进入容器内容，执行命令 execute
-it 开启一个终端，交互式登陆进入
sc-mysql-1  容器的名字
 bash 进入容器里运行的程序 

[root@sc-docker ~]# docker exec -it sc-mysql-1 bash
bash-4.2# ls
bin   dev              entrypoint.sh  home  lib64  mnt  proc  run   srv  tmp  var
boot  docker-entrypoint-initdb.d  etc         lib   media  opt  root  sbin  sys  usr
 
bash-4.2# cat /etc/re
redhat-release  resolv.conf    
 
bash-4.2# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)
 
bash-4.2# mysql -uroot -p"sc123456"
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.39 MySQL Community Server (GPL)
 
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)
 
mysql> exit
Bye
bash-4.2# exit
exit
[root@sc-docker ~]# 
 
# 启动失败的排错过程
[root@sc-docker yum.repos.d]# docker logs a5b752cc4485  # 查看容器启动失败的日志
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [ERROR] [Entrypoint]: Database is uninitialized and password option is not specified
    You need to specify one of the following:
    - MYSQL_ROOT_PASSWORD
    - MYSQL_ALLOW_EMPTY_PASSWORD
    - MYSQL_RANDOM_ROOT_PASSWORD
 
[root@sc-docker yum.repos.d]# docker logs sc-mysql-1
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-08-25 07:05:50+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.39-1.el7 started.
2022-08-25 07:05:50+00:00 [ERROR] [Entrypoint]: Database is uninitialized and password option is not specified
    You need to specify one of the following:
    - MYSQL_ROOT_PASSWORD
    - MYSQL_ALLOW_EMPTY_PASSWORD
    - MYSQL_RANDOM_ROOT_PASSWORD
 
# docker rmi nginx 删除镜像
 
[root@sc-docker yum.repos.d]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS                     PORTS                                   NAMES
a5b752cc4485   mysql:5.7.39   "docker-entrypoint.s…"   6 minutes ago   Exited (1) 6 minutes ago                                           sc-mysql-1
bda1e5c73838   nginx          "/docker-entrypoint.…"   3 hours ago     Up 3 hours                 0.0.0.0:8090->80/tcp, :::8090->80/tcp   sc-nginx
 
[root@sc-docker  yum.repos.d]# docker rm sc-mysql-1  # 删除启动失败的容器，正在运行的容器不能直接删除 sc-mysql-1

docker常用命令

 
docker images # 查看已经下载的镜像
docker search # 查找镜像
docker rmi    # 删除镜像
docker pull   # 拉取镜像
docker save   # 导出镜像
docker load   # 导入镜像；
 
docker run = docker create + docker start  # 启动容器
docker stop   # 停止容器 
docker rm     # 删除容器
docker restart # 重启容器
docker ps     # 查看容器状态
docker ps -a  # 查看所有的容器进程
docker inspect # 查看详细信息
docker logs  # 查看日志
 
docker network ls # 查看网络类型
docker top        # 查看docker运行的进程信息
docker version    # 查看版本
docker stat       # 显示容器使用的系统资源
docker volume     # 查看卷

docker  --help 查看docker 帮助文档

[root@sc-docker ~]# docker --help
 
  attach      Attach local standard input, output, and error streams to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes