拾遗笔记

docker学习过程

安装

centos 7 下的安装

sudo yum install docker
sudo service start docker
sudo chkconfig docker on

# 这一部 会从网上 pull hello-world 这个镜像
sudo docker run hello-world

安装特定的版本

centos8 默认安装的docker是1.8 版本 ,
经常出现一个bug (Layer already being pulled by another client)
https://github.com/docker/docker/releases
比如以docker1.9.1 为例

wget https://get.docker.com/builds/Linux/x86_64/docker-1.9.1
sudo mv docker-1.9.1 /usr/local/bin/docker
 # centos7 上 作为服务启动
wget https://github.com/docker/docker/raw/master/contrib/init/systemd/docker.service
wget https://raw.githubusercontent.com/docker/docker/master/contrib/init/systemd/docker.socket
sudo mv docker.socket /etc/systemd/system
sudo mv docker.service  /etc/systemd/system

pull 镜像

理论上:

sudo docker pull centos
sudo docker pull ubuntu:12.04
如果能下载下来 则用下面这句就可run 之
docker run -t -i centos /bin/bash

网速的原因,下载太慢。所以国内 使用如下方法

sudo docker pull dl.dockerpool.com:5000/ubuntu:12.04
sudo docker pull dl.dockerpool.com:5000/centos

centos7 上 会报类似如下错误

Error response from daemon: invalid registry endpoint https://dl.dockerpool.com:5000/v0/: unable to ping registry endpoint https://dl.dockerpool.com:5000/v0/
v2 ping attempt failed with error: Get https://dl.dockerpool.com:5000/v2/: tls: oversized record received with length 28012
v1 ping attempt failed with error: Get https://dl.dockerpool.com:5000/v1/_ping: tls: oversized record received with length 28012. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `–insecure-registry dl.dockerpool.com:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/dl.dockerpool.com:5000/ca.crt IT

解决办法
修改 /etc/sysconfig/docker

OPTIONS='–selinux-enabled'


OPTIONS='–selinux-enabled –insecure-registry dl.dockerpool.com:5000'

重启

systemctl restart docker.service

下载完毕后需要这样启动

docker run -t -i dl.dockerpool.com:5000/centos /bin/bash

列出镜像 docker images

root@localhost ~ # docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/centos latest 60e65a8e4030 3 weeks ago 196.6 MB
docker.io/hello-world latest 975b84d108f1 3 months ago 960 B
dl.dockerpool.com:5000/centos latest 87e5b6b3ccc1 15 months ago 224 MB

删除镜像 docker rmi imageId

docker rmi imageId
docker rmi --force=true imageId

创建镜像 docker commit

docker run -t -i centos /bin/bash

root@localhost ~ #
[root@c00aeccfb3a6 /]#

官网上运行后的效果是这样的 提示符 @后面的是CONTAINER ID
你会发现这个CONTAINER Id 跟 docker images 列出的 docker.io/centos 的imageId 不一样
你 run 出来之后 对其进行的修改 可以用这个CONTAINER Id 来标志出来
比如我 yum install zsh 之后

root@localhost ~ # docker commit -m "install zsh" -p -a "jixiuf" c00aeccfb3a6 docker.io/centos:with-zsh
ab3fb905f9cfb1de43519cb5975e582761ce4a0a83facd96c786a525a40b2da4

-p 的意思是如果此container 正在运行中在commit 的过程中会pause 之, 使之暂停
你会发现 docker images 后 会多出个 docker.io/centos with-zsh

root@localhost ~ # docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/centos with-zsh ab3fb905f9cf 28 seconds ago 261.7 MB
docker.io/centos latest 60e65a8e4030 3 weeks ago 196.6 MB
docker.io/hello-world latest 975b84d108f1 3 months ago 960 B
dl.dockerpool.com:5000/centos latest 87e5b6b3ccc1 15 months ago 224 MB

#+END_HTML
随后就可以这样使用with-zsh 这个镜像

docker run -t -i centos:with-zsh

查看所有的容器列表的命令是:docker ps -a ,显示最近一个容器的命令是:docker ps -l,

deployer@bogon ~ $ docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
2ddd2f107676        centos              "bash"              14 minutes ago      Exited (0) 3 seconds ago                       gigantic_meninsky

镜像的备份 恢复(save and load)

docker save -o image.tar imageid
docker save imageid|gzip >image.tar.gz
docker load -i image.tar
cat image.tar.gz|gunzip|docker load

load 完之后 docker images
会发现多出一个无名无姓的imageId
需要用docker tag 为之打标签

docker tag iamgeId golang:1.5
docker tag iamgeId debian:latest

容器的备份 恢复 (export and import)

docker export <CONTAINER ID> > /home/export.tar
cat /home/export.tar | sudo docker import - reposName:latest

save 与export 的区别

导出后再导入(exported-imported)
的镜像会丢失所有的历史,而保存后再加载(saveed-loaded)的镜像没有丢失
历史和层(layer)。这意味着使用导出后再导入的方式,你将无法回滚到之前的
层(layer),同时,使用保存后再加载的方式持久化整个镜像,就可以做到层回
滚(可以执行docker tag <LAYER ID> <IMAGE NAME>来回滚之前的层)。

DockerFile

docker build  -t tagname .
# 不生成镜像,只根据imageid 来找对应的镜像
docker build  .
docker build --rm=true .

Dockerfile example:

FROM docker.io/centos:latest

Run yum install -y go

把容器放到后面运行 attach

# 这里加了-d 放到后台运行, 同时加-t -i 否则bash 会立即退出
sudo docker run -d  -ti --name=mylinux debian:jessie bash
sudo docker attach mylinux
# 似乎要等几秒钟才能等到提示符出现

attach 上之后 Ctrl-p Ctrl-q deattach

docker run -t -i → can be detached with ^P^Q and reattached with docker attach
docker run -i → cannot be detached with ^P^Q; will disrupt stdin
docker run → cannot be detached with ^P^Q; can SIGKILL client; can reattach with docker attach
对于 docker run 未加 -t -i 的 可以用 kill -9 pid 一定要加-9
或者 启动attach 时加参数 –sig-proxy=false 然后直接用Ctrl-c 退出就可以了
意思是 不会把 给attach 进程的信息 发给 daemon 的进程

d attach --sig-proxy=false centos

Comments

comments powered by Disqus