1.0.0 安装Docker
# 卸载旧版本
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# 安装yum-utils软件包(提供yum-config-manager 实用程序)
yum install -y yum-utils
# 设置稳定的存储库
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# 在存储库中列出可用版本,然后选择并安装
yum list docker-ce --showduplicates | sort -r
# 安装最新版本的Docker Engine和容器
yum install docker-ce docker-ce-cli containerd.io
# 如果报错Problem: package docker-ce-3:19.03.4-3.el7.x86_64 requires containerd.io >= 1.2.2-3 那执行下面命令装新版本 containerd.io
dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
# 重新安装
yum install docker-ce docker-ce-cli
# 开机启动
systemctl enable docker
# 启动docker
systemctl start docker
# 检查版本
docker --version
2.0.0 Docker常用命令
这里是一些最近两天为了测试用到的命令,包括了大部分docker命令。
docker image ls -q
docker image rm 25568223c3s
docker image rm -f 25568223c3s
docker image rm -f `docker image ls -q`
docker image tag 25568223c3s centos:centos8
docker image save 25568223c3s >/tmp/centos.tar
docker image load -i /tmp/centos.tar
docker container run -it --network=host—name="lnmp" 470671670cac
docker container run -it —name="lnmp" 470671670cac
docker container run -it —name="lnmp" —rm 470671670cac 停止后删除
docker container run -d —name="nginx" nginx:1.14
docker container run -d —name="nginx_volumes" -v /opt/html: /usr/share/nginx/html/ centos
docker container run -d —volumes-from nginx_volumes —name="nginx" nginx:1.14
docker container run -d -p 80:8080 —name="nginx" 475f8f5dae64
docker container run -d -p 80:8080 —name="nginx" -v /opt/html: /usr/share/nginx/html/ 475f8f5dae64
cat /etc/redhat-release
docker container ls
docker container ls -a
docker container ls -a —no-trunc 信息显示全
docker container inspect 475f8f5dae64
docker container start 475f8f5dae64
docker container -i start 475f8f5dae64 交互式启动
docker container stop 475f8f5dae64
docker container attach 475f8f5dae64 连接到容器
docker container exec -it 475f8f5dae64 /bin/bash 子进程登陆方式登录
ctrl+pq 退出命令行不关闭容器
docker container rm -f `docker container ls -a -q`
docker container top 475f8f5dae64
docker container logs 475f8f5dae64
docker container logs -f 475f8f5dae64
docker container logs -tf 475f8f5dae64 显示时间
docker container logs -f —tail 10 475f8f5dae64
docker container cp index.html 475f8f5dae64:/usr/share/nginx/html/
docker container run -it --name centos8 --network=host 470671670cac
docker container ls -a
docker container commit e43f4a49ac10 ssh
docker container commit e43f4a49ac10 peakchao/ssh:v1
docker image ls
docker container run -it --name ssh -p 2222:22 aa33e30ad331
docker container run -d --name ssh -p 2222:22 aa33e30ad331 "systemctl restart sshd"
docker container run -d --name ssh -p 2222:22 aa33e30ad331 /etc/init.d/sshd start
docker container run -d --name ssh -p 2222:22 aa33e30ad331 /usr/sbin/sshd -D
docker container run -d --name ssh -p 2222:22 aa33e30ad331 /root/init.sh
docker container run -itd --privileged --name ssh -p 2222:22 aa33e30ad331 /usr/sbin/init
docker container exec -it 5f999a17a7e6 /bin/bash
firewall-cmd --list-ports
firewall-cmd --add-port=2222/tcp --permanent
firewall-cmd --reload
docker image save -o peakchaoweb.tar aa33e30ad331
docker image save -o peakchaoweb.tar web:v1
docker image load -i peakchaoweb.tar
yum install passwd cracklib-dicts
passwd
vi /etc/ssh/sshd_config
systemctl restart sshd
sh /etc/rc.local
/etc/init.d/sshd start
echo “passwd123” | passwd root —stdin
/usr/sbin/sshd -D
history
2.1.0 Docker自定义镜像制作
为了更加流程化,我这里直接做了一个镜像,并上传到镜像仓库,基本命令都用到了。
# 查看镜像
[root@peakchao ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
# 搜索镜像
[root@peakchao ~]# docker search centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 6018 [OK]
ansible/centos7-ansible Ansible on Centos7 129 [OK]
consol/centos-xfce-vnc Centos container with "headless" VNC session… 115 [OK]
jdeathe/centos-ssh OpenSSH / Supervisor / EPEL/IUS/SCL Repos - … 114 [OK]
centos/mysql-57-centos7 MySQL 5.7 SQL database server 76
imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 58 [OK]
tutum/centos Simple CentOS docker image with SSH access 46
# 更换阿里docker源
[root@peakchao ~]# mkdir -p /etc/docker
[root@peakchao ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://meab5smg.mirror.aliyuncs.com"]
}
EOF
[root@peakchao ~]# systemctl daemon-reload
[root@peakchao ~]# systemctl restart docker
# 拉取新镜像
[root@peakchao ~]# docker pull centos:7
7: Pulling from library/centos
524b0c1e57f8: Pull complete
Digest: sha256:e9ce0b76f29f942502facd849f3e468232492b259b9d9f076f71b392293f1582
Status: Downloaded newer image for centos:7
docker.io/library/centos:7
# 查看本地镜像
[root@peakchao ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 b5b4d78bc90c 3 weeks ago 203MB
# 启动容器
[root@peakchao ~]# docker container run -itd --privileged --network=host --name centos7 centos:7 /usr/sbin/init
b67ffda47cae0f1bc81d76650eab21693145fd443511da4b0f9dfde29be83fcf
# 查看已经启动的容器
[root@peakchao ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b67ffda47cae centos:7 "/usr/sbin/init" 22 seconds ago Up 21 seconds centos7
# 登录容器
[root@peakchao ~]# docker container exec -it b67ffda47cae /bin/bash
# 为了展示制作自定义镜像,安装一些常用软件做测试
[root@peakchao /]# yum install net-tools openssh-server passwd cracklib-dicts
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.163.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): extras/7/x86_64/primary_db | 194 kB 00:00:00
(2/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(3/4): updates/7/x86_64/primary_db | 1.3 MB 00:00:00
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:00:01
Package passwd-0.79-6.el7.x86_64 already installed and latest version
Package cracklib-dicts-2.9.0-11.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed
--> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64
---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================
Package Arch Version Repository Size
========================================================================================
Installing:
net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k
openssh-server x86_64 7.4p1-21.el7 base 459 k
Installing for dependencies:
fipscheck x86_64 1.4.1-6.el7 base 21 k
fipscheck-lib x86_64 1.4.1-6.el7 base 11 k
openssh x86_64 7.4p1-21.el7 base 510 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
Transaction Summary
========================================================================================
Install 2 Packages (+4 Dependent packages)
Total download size: 1.3 M
Installed size: 3.9 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for fipscheck-lib-1.4.1-6.el7.x86_64.rpm is not installed
(1/6): fipscheck-lib-1.4.1-6.el7.x86_64.rpm | 11 kB 00:00:00
(2/6): fipscheck-1.4.1-6.el7.x86_64.rpm | 21 kB 00:00:00
(3/6): net-tools-2.0-0.25.20131004git.el7.x86_64.rpm | 306 kB 00:00:00
(4/6): openssh-7.4p1-21.el7.x86_64.rpm | 510 kB 00:00:00
(5/6): tcp_wrappers-libs-7.6-77.el7.x86_64.rpm | 66 kB 00:00:00
(6/6): openssh-server-7.4p1-21.el7.x86_64.rpm | 459 kB 00:00:00
----------------------------------------------------------------------------------------
Total 2.3 MB/s | 1.3 MB 00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-8.2003.0.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-6.el7.x86_64 1/6
Installing : fipscheck-lib-1.4.1-6.el7.x86_64 2/6
Installing : openssh-7.4p1-21.el7.x86_64 3/6
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/6
Installing : openssh-server-7.4p1-21.el7.x86_64 5/6
Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 6/6
Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 1/6
Verifying : fipscheck-1.4.1-6.el7.x86_64 2/6
Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 3/6
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 4/6
Verifying : openssh-7.4p1-21.el7.x86_64 5/6
Verifying : openssh-server-7.4p1-21.el7.x86_64 6/6
Installed:
net-tools.x86_64 0:2.0-0.25.20131004git.el7 openssh-server.x86_64 0:7.4p1-21.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7
openssh.x86_64 0:7.4p1-21.el7 tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
# 启动ssh
[root@peakchao /]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
# 启动ssh
[root@peakchao /]# systemctl start sshd
# 编辑ssh配置文件,修改监听端口为66
[root@peakchao /]# vi /etc/ssh/sshd_config
# 重启sshd服务
[root@peakchao /]# systemctl restart sshd
# 退出命令行不关闭容器
ctrl+pq
# 查看容器
[root@peakchao ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b67ffda47cae centos:7 "/usr/sbin/init" About an hour ago Up About an hour centos7
# 将容器提交为镜像
[root@peakchao ~]# docker container commit b67ffda47cae peakchao/ssh:v1
sha256:554803e84643a589e436d0e3649d58680bdf46942f89a4ac0e3793ea2368afee
# 查看镜像列表
[root@peakchao ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
peakchao/ssh v1 554803e84643 14 seconds ago 278MB
centos 7 b5b4d78bc90c 3 weeks ago 203MB
# 连接到容器
[root@peakchao ~]# docker container exec -it b67ffda47cae /bin/bash
# 退出容器
[root@peakchao /]# exit
exit
# 查看容器
[root@peakchao ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b67ffda47cae centos:7 "/usr/sbin/init" About an hour ago Up About an hour centos7
# 删除刚才用来制作镜像的容器
[root@peakchao ~]# docker container rm -f b67ffda47cae
b67ffda47cae
# 通过刚才制作的新镜像启动一个容器运行
[root@peakchao ~]# docker container run -itd -p 66:66 554803e84643 /usr/sbin/sshd
76a0637edbc61f93c1b8fb8a082a694c92fa53ff0a949e4f1855c6861f86b9f4
# 查看容器
[root@peakchao ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
76a0637edbc6 554803e84643 "/usr/sbin/init" 11 seconds ago Up 9 seconds 0.0.0.0:66->66/tcp sweet_ride
# 放行镜像的ssh服务端口66
[root@peakchao ~]# firewall-cmd --add-port=66/tcp --permanent
success
# 重载防火墙配置
[root@peakchao ~]# firewall-cmd --reload
success
# 新开一个终端测试ssh连接,成功登录
peakchao@MacBookPro ~ % ssh -p 66 root@192.168.1.93
root@192.168.1.93's password:
Last login: Sat May 30 10:05:22 2020 from 192.168.1.168
# 登录阿里云镜像服务
[root@peakchao ~]# docker login --username=zhangzhichaolove@qq.com registry.cn-chengdu.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# 查看当前镜像
[root@peakchao ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
peakchao/ssh v1 554803e84643 53 minutes ago 278MB
centos 7 b5b4d78bc90c 3 weeks ago 203MB
# 修改镜像tag
[root@peakchao ~]# docker tag 554803e84643 registry.cn-chengdu.aliyuncs.com/peakchao/ssh:v1
# 推送到阿里镜像仓库
[root@peakchao ~]# docker push registry.cn-chengdu.aliyuncs.com/peakchao/ssh:v1
The push refers to repository [registry.cn-chengdu.aliyuncs.com/peakchao/ssh]
95d02221be64: Pushed
edf3aa290fb3: Pushed
v1: digest: sha256:5c50215beef1a0eb5e09259f21fda95d121f814faf0307fc9cfeb2bd2d5b626a size: 741
# 查看镜像列表
[root@peakchao ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
peakchao/ssh v1 554803e84643 54 minutes ago 278MB
registry.cn-chengdu.aliyuncs.com/peakchao/ssh v1 554803e84643 54 minutes ago 278MB
centos 7 b5b4d78bc90c 3 weeks ago 203MB
[root@peakchao ~]#
3.0.0 Dockerfile构建镜像
vim Dockerfile
FROM centos:7
MAINTAINER peakchao<admin@peakchao.com>
RUN yum install -y vim
WORKDIR /usr
CMD /usr/sbin/init
FROM java:8
MAINTAINER peakchao<admin@peakchao.com>
ADD springboot.jar app.jar
# 下面这句是语法参考,构建时添加环境变量,这里用不到.
ENV PATH $PATH:/usr/xxx/bin:/usr/xxxx/sbin
WORKDIR /usr
CMD jave -jar app.jar
docker build -f ./Dockerfile -t centos7:v1 .
docker container run -id -p 8080:8080 app
4.0.0 构建lnmp镜像
docker container run -itd --privileged --network=host --name ssh peakchao/ssh:v1 /usr/sbin/init
docker container exec -it ssh /bin/bash
# 这里要安装所需软件包
# 安装完毕后会发现mysql只监听了ipv6地址,需要修改配置,在mysqld下面添加bind-address=0.0.0.0后重启。
find / -name my.cnf
vi /etc/my.cnf
# 创建定时任务
env
crontab -l
crontab -e
48 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
0 2 * * * /usr/local/nginx/sbin/nginx -s reload
0 4 * * * /sbin/reboot
*/5 * * * * ll
service crond restart
systemctl restart crond
# 创建启动脚本
vi init.sh
#!/bin/bash
lnmp start
/usr/sbin/sshd -D
# 授权
chmod a+x init.sh
# 提交镜像
docker container commit 7a40fe32374c peakchao/lnmp:v1
docker container stop 7a40fe32374c
docker login --username=zhangzhichaolove@qq.com registry.cn-chengdu.aliyuncs.com
docker tag 6715d3ac7cae registry.cn-chengdu.aliyuncs.com/peakchao/lnmp:v1
docker push registry.cn-chengdu.aliyuncs.com/peakchao/lnmp:v1
# 开放宿主机端口
firewall-cmd --list-ports
firewall-cmd --add-port=66/tcp --permanent
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --add-port=3306/tcp --permanent
firewall-cmd --reload
# 运行测试
docker container run -itd -p 80:80 -p 443:443 -p 66:66 -p 3306:3306 6715d3ac7cae /root/init.sh
5.0.0 构建mariadb镜像
# 安装mariadb服务
[root@centos8 ~]# yum install mariadb-server mariadb-client -y[root@centos8 ~]# yum install mariadb-server mariadb-client -y
Complete!
# 启动mariadb服务
[root@centos8 ~]# systemctl start mariadb
# 设置开机启动
[root@centos8 ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
# 查看版本
[root@centos8 ~]# mysql --version
mysql Ver 15.1 Distrib 5.5.65-MariaDB, for Linux (x86_64) using readline 5.1
# 启动测试
[root@centos8 ~]# mysqld_safe
# 启动报错,查看报错日志
[root@centos8 ~]# cat /var/log/mariadb/mariadb.log
171112 11:18:38 [ERROR] /usr/sbin/mysqld: Can't create/write to file '/var/run/mariadb/mariadb.pid' (Errcode: 2)
171112 11:18:38 [ERROR] Can't start server: can't create PID file: No such file or directory
# 创建目录
[root@centos8 ~]# mkdir /var/run/mariadb
# 目录授权
[root@centos8 ~]# chown mysql.mysql /var/run/mariadb/
# 再次启动
[root@centos8 ~]# mysqld_safe
# 创建启动脚本
[root@centos8 ~]# vi init.sh
#!/bin/bash
mkdir -p /var/run/mariadb
chown mysql.mysql /var/run/mariadb/
/usr/sbin/sshd
mysqld_safe
#/usr/sbin/sshd -D
# 脚本授权
[root@centos8 ~]# chmod +x init.sh
# 查看容器列表
[root@centos8 ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
09cf890b650c 554803e84643 "/usr/sbin/init" 13 minutes ago Up 13 minutes ssh
e8fd3210f34e 6715d3ac7cae "/root/init.sh" 4 hours ago Exited (137) 2 hours ago lnmp
# 提交为镜像
[root@centos8 ~]# docker container commit 09cf890b650c peakchao/mariadb:v1
# 运行新镜像
[root@centos8 ~]# docker container run -d -p 66:66 -p 3306:3306 275da45dafdf /root/init.sh
6.0.0 Docker Compose服务编排
# 下载二进制文件
curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
# 添加执行权限
chmod +x /usr/local/bin/docker-compose
# 卸载
rm /usr/local/bin/docker-compose
# 帮助
docker-compose --help
# 查看版本信息
docker-compose -version
# 编写
vi docker-compose.yml
# 版本号
version: '0.1'
# 服务列表
services:
# 服务名 随便起,不重名就行
tomcat:
# 开机启动
restart: always
# 镜像名 (本地拥有的镜像或者公共仓库的镜像)
image: tomcat
# 容器名
container_name: tomcat
# 端口映射规则
ports:
- 8080:8080
# 数据卷配置,和端口规则一样 冒号左边是宿主机, 右边是容器
volumes:
- ./webapps:/usr/local/tomcat/webapps.dist
# 环境变量
environment:
TZ: Asia/Shanghai
# mysql 服务
db:
image: mysql
restart: always
environment:
# 密码
MYSQL_ROOT_PASSWORD: root
# 各种mysql参数设置
command:
--default-authentication-plugin=mysql_native_password
--character-set-server=utf8mb4
--collation-server=utf8mb4_general_ci
--explicit_defaults_for_timestamp=true
--lower_case_table_names=1
ports:
- 3306:3306
volumes:
# 数据卷不解释了,上面有
- ./data:/var/lib/mysql
# mysql web 客户端服务
adminer:
image: adminer
restart: always
ports:
- 8081:8080
# springboot+nginx
# 版本号
version: '1'
# 服务列表
services:
# 服务名 随便起,不重名就行
nginx:
# 镜像名 (本地拥有的镜像或者公共仓库的镜像)
image: nginx
# 容器名
container_name: nginx
# 端口映射规则
ports:
- 80:80
# 数据卷配置,和端口规则一样 冒号左边是宿主机, 右边是容器
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
# 服务名 随便起,不重名就行
app:
# 镜像名 (本地拥有的镜像或者公共仓库的镜像)
image: app
# 容器名
container_name: app
expose:
- "8080"
vi /nginx/conf.d/app.conf
server{
listen:80;
access_log off;
location / {
proxy_pass http://app:8080;
}
}
# 启动
docker-compose up -d
# 停止
docker-compose down