docker学习

一、docker介绍

虚拟机缺点

1.资源占用十分多
2.冗余步骤多
3.启动慢

容器化技术

容器化技术不是虚拟出一个完整的操作系统

比较docker和虚拟机技术不同

*传统虚拟机，虚拟出一些硬件，运行一个完整的操作系统，然后在这个系统上安装和运行软件
*容器内的应用直接运行在宿主机的内容，容器是没有自己的内核的，也没有虚拟我们的硬件，所以轻便
*每个容器间是互相隔离，每个容器内都有一个属于自己的文件系统，互不影响

docker是内核级别的虚拟化，可以在一个物理机上可以运行很多的容器实例

二、docker的基本构成

镜像（image）
docker镜像好比模板，通过这个模板创建多个容器服务

容器（container）
通过镜像创建的，独立运行一个或一组应用
启动，停止，删除，基本命令

仓库（repository）
存放镜像的地方；分为公有仓库和私有仓库：如docker hub

三、安装docker

#1.卸载原有的docker
sudo yum remove docker docker-client docker-client-latest docker-common
docker-latest docker-latest-logrotate docker-logrotate docker-engine

#2.需要的安装包
yum install -y yum-utils

#3.设置镜像的仓库

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #默认是从国外的

sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #推荐阿里云，快

sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

#更新yum软件包索引

yum makecache fast

#4.安装docker相关的源，docker-ce：社区版 ee：企业版

sudo yum install docker-ce docker-ce-cli containerd.io

#5.启动docker

systemctl start docker

#6.使用doccker version (docker version)

#7.hello-world

docker run hello-world

若报错，查看是否有hello-world image

#docker images
配置docker加速

vim /etc/docker/daemon-reload

{

"registry-mirrors": ["https://pee6w651.mirror.aliyuncs.com"]

}

systemctl daemon-reload
systemctl restart docker
docker pull hello-world

再次运行docker run hello-world

docker中run的运行流程

了解：卸载docker

sudo yum remove docker-ce docker-ce-cli containerd.io

sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd

四、底层原理

#docker是怎样工作的

docker是一个Client-Server结构的系统，Docker的守护进程运行在主机上，通过socket从客户端访问
dockerserver接受到docker-client的指令，就会执行这个命令

#docker与vm
1、docker比虚拟机抽象层更少
2、docker利用的是宿主机的内核，vm是需要Guest OS
：（所以说，新建一个容器，docker不需要像虚拟机一样重新加载一个操作系统内核，避免引导；
虚拟是加载Guest OS，分钟级别的，而docker是利用宿主机的操作系统，省略了这个过程，秒级）

docker：虚拟化类型：OS虚拟化、安全性：中、性能：=物理机性能、隔离性：NS隔离
vm ：虚拟化类型：硬件虚拟化、安全性：高、性能：5%-20%损耗、隔离性：强

五、docker的常用命令

帮助命令
docker version #显示版本
docker info #显示docker系统信息，包括镜像和容器的数量
docker 命令 --help #帮助文档

帮助文档地址：https://docs.docker.com/reference/

镜像命令
docker images 查看所有本地主机上的镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 3 weeks ago 13.3kB

# 解释
REPOSITORY 镜像的仓库源
TAG 镜像的标签
IMAGE ID 镜像的ID
CREATED 镜像的创建时间
SIZE 镜像的大小

# 可选项
-a, --all Show all images

-q, --quiet Only show image IDs

docker hub地址：https://hub.docker.com/

docker search 搜索镜像

[root@localhost ~]# docker search mysql
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 11543 [OK]
mariadb MariaDB Server is a high performing open sou… 4390 [OK]

# 可选项，通过搜索来过滤
docker search mysql --filter=STARS=3000

[root@localhost ~]# docker search mysql --filter=STARS=3000
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 11543 [OK]
mariadb MariaDB Server is a high performing open sou… 4390 [OK]

docker pull 下载镜像
# 下载镜像 docker pull 镜像名[:tag]
[root@localhost ~]# docker pull mysql
Using default tag: latest # 如果不写tag，默认就是latest
latest: Pulling from library/mysql
b380bbd43752: Pull complete # 分层下载，docker image的核心 联合文件系统
f23cbf2ecc5d: Pull complete
30cfc6c29c0a: Pull complete
b38609286cbe: Pull complete
8211d9e66cd6: Pull complete
2313f9eeca4a: Pull complete
7eb487d00da0: Pull complete
a5d2b117a938: Pull complete
1f6cb474cd1c: Pull complete
896b3fd2ab07: Pull complete
532e67ebb376: Pull complete
233c7958b33f: Pull complete
Digest: sha256:5d52dc010398db422949f079c76e98f6b62230e5b59c0bf7582409d2c85abacb # 签名
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest # 真实地址

# 等价于它
docker pull mysql 等价于 docker pull docker.io/library/mysql:latest

# 指定版本下载
docker pull mysql:5.7

[root@localhost ~]# docker pull mysql:5.7
5.7: Pulling from library/mysql
b380bbd43752: Already exists
f23cbf2ecc5d: Already exists
30cfc6c29c0a: Already exists
b38609286cbe: Already exists
8211d9e66cd6: Already exists
2313f9eeca4a: Already exists
7eb487d00da0: Already exists
bb9cc5c700e7: Pull complete
88676eb32344: Pull complete
8fea0b38a348: Pull complete
3dc585bfc693: Pull complete
Digest: sha256:b8814059bbd9c80b78fe4b2b0b70cd70fe3772b3c5d8ee1edfa46791db3224f9
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7

======

[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 8a8a506ccfdc 4 days ago 448MB
mysql latest 9da615fced53 4 days ago 514MB
hello-world latest feb5d9fea6a5 3 weeks ago 13.3kB

docker rmi 删除镜像

语法：docker rmi -f “IMAGE ID”或“名称”

# docker rmi -f 8a8a506ccfdc

删除所有镜像
# docker rmi -f $(docker images -aq)

容器命令

说明：我们有了镜像才可以创建容器，linux，下载一个centos镜像来测试学习

# docker pull centos

新建容器并启动

docker run 【可选参数】 image

# 参数说明
--name=“Name” 容器名字 tomcat01，tomcat02....,用来区分容器
-d 后台方试运行
-it 使用交互方式运行，进入容器查看内容
-p 指定容器的端口 -p 8080:8080
-p ip:主机端口:容器端口
-p 主机端口：容器端口（常用）
-p 容器端口
容器端口
-P 随机指定端口

# 测试，启动进入容器

[root@localhost ~]# docker run -it centos /bin/bash
[root@8631de5eaae9 /]# ls # 查看容器内的centos，基础版本，很多命令不完善
bin etc lib lost+found mnt proc run srv tmp var
dev home lib64 media opt root sbin sys usr

# 从容器中退回主机
[root@8631de5eaae9 /]# exit
exit
[root@localhost ~]#

列出所有运行的容器
docker ps 命令：
# docker ps # 列出当前正在运行的容器
-a # 列出当前正在运行的容器+带出历史运行过的容器
-n=？ # 显示最近创建的容器
-q # 只显示容器的编号

[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8631de5eaae9 centos "/bin/bash" 5 minutes ago Exited (0) About a minute ago naughty_mclean
e034b1cbfc09 centos "/bin/bash" 10 minutes ago Exited (130) 5 minutes ago brave_keldysh
aa6e763a337e feb5d9fea6a5 "/hello" 24 hours ago Exited (0) 24 hours ago objective_rosalind
231c1e283602 feb5d9fea6a5 "/hello" 5 days ago Exited (0) 5 days ago sleepy_bouman

退出容器

exit # 直接停止容器并退出
Ctrl +P +Q #容器不停止退出

删除容器

docker rm 容器id # 删除指定的容器 ；不能删除正在运行的容器，若想删除 -rm -f

docker rm -f $(docker ps -aq) # 删除所有的容器

docker ps -a -q|xargs docker rm # 删除所有的容器

启动和停止容器的操作

docker start 容器的id # 启动容器

docker restart 容器的id # 重启容器

docker stop 容器的id # 停止当前正在运行的容器

docker kill 容器的id # 强制停止当前容器

常用的其他命令

后台启动容器
[root@localhost ~]# docker run -d centos
d5211b1e02fff42409d4316e5fd7da2842b5464d9f0398b338501e4cf1e62dab

# 问题docker ps，发现centos停止了

测试这样可以看到后台运行的centos

[root@localhost ~]# docker run -d -it centos
c1908260c7c3f804b0cc2fed895689948307c670b1d5bd23a4ef3bd3a8d459c5
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c1908260c7c3 centos "/bin/bash" 2 seconds ago Up 1 second clever_bhabha

# 常见的坑，docker容器使用后台运行，就必须要有一个前台进程，docker发现没有应用，就会自动停止

# nginx，容器启动后，发现自己没有提供服务，就会立刻停止，就是没有程序了

查看日志

docker logs -f -t --tail 容器，没有日志

# 自己编写shell脚本

[root@localhost ~]# docker run -d centos /bin/bash -c "while true ;do echo liujinye is dashagua;sleep 2;done"

# [root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d4bf098e431c centos "/bin/bash -c 'while…" 3 seconds ago Up 2 seconds upbeat_visvesvaraya

# 显示日志
-tf # 显示日志
--tail # +要显示日志条数
[root@localhost ~]# docker logs -tf --tail 10 d4bf098e431c

查看容器中进程信息 ps

# 命令 docker top 容器id

[root@localhost ~]# docker top ae07a4f57465
UID PID PPID C STIME TTY TIME CMD
root 4772 4751 0 11:04 ? 00:00:00 /bin/sh -c while true ;do echo liujinye is dashagua;sleep 1;done
root 4842 4772 0 11:05 ? 00:00:00 /usr/bin/coreutils --coreutils-prog-shebang=sleep /usr/bin/sleep 1

查看镜像的元数据

docker inspect 容器的id

[root@localhost ~]# docker inspect ae07a4f57465
[
{
"Id": "ae07a4f5746553c6f09a785495e2adccfb20195de286b775356a3e5ecb514694",
"Created": "2021-10-18T15:04:48.191413829Z",
"Path": "/bin/sh",
"Args": [
"-c",
"while true ;do echo liujinye is dashagua;sleep 1;done"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4772,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-10-18T15:04:48.775285254Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6",
"ResolvConfPath": "/var/lib/docker/containers/ae07a4f5746553c6f09a785495e2adccfb20195de286b775356a3e5ecb514694/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/ae07a4f5746553c6f09a785495e2adccfb20195de286b775356a3e5ecb514694/hostname",
"HostsPath": "/var/lib/docker/containers/ae07a4f5746553c6f09a785495e2adccfb20195de286b775356a3e5ecb514694/hosts",
"LogPath": "/var/lib/docker/containers/ae07a4f5746553c6f09a785495e2adccfb20195de286b775356a3e5ecb514694/ae07a4f5746553c6f09a785495e2adccfb20195de286b775356a3e5ecb514694-json.log",
"Name": "/friendly_ramanujan",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/0e663d5f5f3b1ca1cd755733483cb2cd0bda7344244f6cf8f5144821f8fa720a-init/diff:/var/lib/docker/overlay2/4ea68c85f72ab82126582b6ae37f779414046d706908251d6c6a54d482aa63b3/diff",
"MergedDir": "/var/lib/docker/overlay2/0e663d5f5f3b1ca1cd755733483cb2cd0bda7344244f6cf8f5144821f8fa720a/merged",
"UpperDir": "/var/lib/docker/overlay2/0e663d5f5f3b1ca1cd755733483cb2cd0bda7344244f6cf8f5144821f8fa720a/diff",
"WorkDir": "/var/lib/docker/overlay2/0e663d5f5f3b1ca1cd755733483cb2cd0bda7344244f6cf8f5144821f8fa720a/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "ae07a4f57465",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"while true ;do echo liujinye is dashagua;sleep 1;done"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20210915",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7e6e4a825ae5699a9a8ec5dce680c6ef200a182301c2f29157480a4b447626ce",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/7e6e4a825ae5",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "cdde9bddd32ef3c966721a476c77b35dd727b0ff0d9287b08529bd12b1768e7d",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "4c3adc81a7586c87a1d334c50973bfd16dfb4098744bcb29eaccb1e7025e1600",
"EndpointID": "cdde9bddd32ef3c966721a476c77b35dd727b0ff0d9287b08529bd12b1768e7d",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]

进入当前正在运行的容器

# 我们通常容器都是使用后台方试运行的，需要进入容器，修改一些配置

# 命令
方式一：

docker exec -it 容器id bashshell

[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae07a4f57465 centos "/bin/sh -c 'while t…" 8 minutes ago Up 8 minutes friendly_ramanujan
[root@localhost ~]# docker exec -it ae07a4f57465 /bin/bash
[root@ae07a4f57465 /]# ls
bin etc lib lost+found mnt proc run srv tmp var
dev home lib64 media opt root sbin sys usr
[root@ae07a4f57465 /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 15:04 ? 00:00:00 /bin/sh -c while true ;do echo
root 557 0 0 15:13 pts/0 00:00:00 /bin/bash
root 599 1 0 15:14 ? 00:00:00 /usr/bin/coreutils --coreutils
root 600 557 0 15:14 pts/0 00:00:00 ps -ef

方式二：
[root@localhost ~]# docker attach 97e2c02aa09f

# docker exec # 进入容器后开启一个新的终端，可以在里面操作（常用）
# docker attach # 进入容器正在执行的终端，不会启动新的进程

从容器内拷贝文件到主机上

docker cp 容器id:容器内路径 目的主机路径

[root@97e2c02aa09f /]# ls
bin etc lib lost+found mnt proc run srv tmp var
dev home lib64 media opt root sbin sys usr
[root@97e2c02aa09f /]# cd home/
[root@97e2c02aa09f home]# ls
[root@97e2c02aa09f home]# touch test.txt
[root@97e2c02aa09f home]# exit
exit
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
97e2c02aa09f centos "/bin/bash" 6 minutes ago Exited (0) 8 seconds ago bold_pascal
[root@localhost ~]# docker cp 97e2c02aa09f:/home/test.txt ./
[root@localhost ~]# ls
anaconda-ks.cfg test.txt

# 该拷贝是一个手动过程，未来我们使用 -v 卷的技术，可以实现目录自动同步

**docker安装nginx

#1.搜索镜像 search （建议去dockerhub搜索）
#2.下载镜像 pull
[root@ser0 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
7d63c13d9b9b: Pull complete
15641ef07d80: Pull complete
392f7fc44052: Pull complete
8765c7b04ad8: Pull complete
8ddffa52b5c7: Pull complete
353f1054328a: Pull complete
Digest: sha256:dfef797ddddfc01645503cef9036369f03ae920cac82d344d58b637ee861fda1
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest

#3.运行测试

# -d 后台运行
# --name 给容器命名
# -p 宿主机端口:容器内部端口

[root@ser0 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 04661cdce581 4 days ago 141MB
hello-world latest feb5d9fea6a5 7 weeks ago 13.3kB
centos latest 5d0da3dc9764 8 weeks ago 231MB

[root@ser0 ~]# docker run -d --name nginx01 -p 3344:80 nginx
be5a505c0e4ceb52c89fa2cc9cf0ca60536d7acfad60f1a323db9d415eede0f7

[root@ser0 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be5a505c0e4c nginx "/docker-entrypoint.…" 17 seconds ago Up 14 seconds 0.0.0.0:3344->80/tcp, :::3344->80/tcp nginx01

[root@ser0 ~]# curl localhost:3344
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

此刻访问nginx可访问

进入nginx01并停止容器运行

[root@ser0 ~]# docker exec -it nginx01 /bin/bash
root@be5a505c0e4c:/# ls
bin docker-entrypoint.d home media proc sbin tmp
boot docker-entrypoint.sh lib mnt root srv usr
dev etc lib64 opt run sys var
root@be5a505c0e4c:/# whereis nginx
nginx: /usr/sbin/nginx /usr/lib/nginx /etc/nginx /usr/share/nginx
root@be5a505c0e4c:/# cd /etc/nginx/
root@be5a505c0e4c:/etc/nginx# ls
conf.d fastcgi_params mime.types modules nginx.conf scgi_params uwsgi_params
root@be5a505c0e4c:/etc/nginx# exit
exit
[root@ser0 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be5a505c0e4c nginx "/docker-entrypoint.…" 20 minutes ago Up 20 minutes 0.0.0.0:3344->80/tcp, :::3344->80/tcp nginx01
[root@ser0 ~]# docker stop nginx01
nginx01

思考：我们每次改动nginx配置文件，都需要进入容器内部？十分麻烦，可否在容器外提供一个映射路径，达到在容器外修改文件名，容器内部可自动修改？ ---> -v 数据卷技术

作业：docker装一个tomcat

#官方的使用
docker run -it --rm tomcat:9.0

#我们之前的启动都是后台，停止了容器之后，容器还是可以查到 docker run -it --rm,一般用来测试，用完即删除

[root@ser0 ~]# docker pull tomcat
Using default tag: latest

latest: Pulling from library/tomcat
bb7d5a84853b: Already exists
f02b617c6a8c: Already exists
d32e17419b7e: Already exists
c9d2d81226a4: Pull complete
fab4960f9cd2: Pull complete
da1c1e7baf6d: Pull complete
1d2ade66c57e: Pull complete
ea2ad3f7cb7c: Pull complete
d75cb8d0a5ae: Pull complete
76c37a4fffe6: Pull complete
Digest: sha256:509cf786b26a8bd43e58a90beba60bdfd6927d2ce9c7902cfa675d3ea9f4c631
Status: Downloaded newer image for tomcat:latest
docker.io/library/tomcat:latest

[root@ser0 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 04661cdce581 4 days ago 141MB
tomcat latest b0e0b0a92cf9 3 weeks ago 680MB
hello-world latest feb5d9fea6a5 7 weeks ago 13.3kB
centos latest 5d0da3dc9764 8 weeks ago 231MB
[root@ser0 ~]# docker run -d -p 3355:8080 --name tomcat01 tomcat
19144f0b9772306323b62d13cf2324908c32bf6b31d2db31ba9f4dcc97b3b1da

测试访问没有问题

进入容器
[root@ser0 ~]# docker exec -it tomcat01 /bin/bash

#发现问题：1.linux命令少了，2.没有webapps，阿里云镜像的原因，默认最小的镜像，不必要的都剔除
#保证最小可运行的环境

思考：我们以后都要部署项目，如果每次都要进入容器十分麻烦?若可在容器外提供一个映射路径，webapps，我们在外部放置项目，自动同步到内部！

作业：部署es+kibana

#es 暴露的端口很多；十分的耗内存；es的数据一般需要放置到安全目录-->挂载
#--net somenetwork ?docker网络配置

docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.14.2

#查看docker stats

[root@localhost ~]# curl localhost:9200
{
"name" : "5ad16e4420af",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "JkQrMt-aRnKDCwGYG4bZ5Q",
"version" : {
"number" : "7.14.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "6bc13727ce758c0e943c3c21653b3da82f627f75",
"build_date" : "2021-09-15T10:18:09.722761972Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

#快速关闭增加内存的限制，修改配置文件 -e环境配置修改

启动elasticsearch

docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.14.2

[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c247de1eb7a elasticsearch:7.14.2 "/bin/tini -- /usr/l…" 9 seconds ago Up 7 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp elasticsearch

#十分耗内存，（建议增加内存） 查看 docker stats

#测试es是否成功
[root@localhost ~]# curl localhost:9200
{
"name" : "1c247de1eb7a",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "LzW_heD3TxadxihL0v5dDA",
"version" : {
"number" : "7.14.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "6bc13727ce758c0e943c3c21653b3da82f627f75",
"build_date" : "2021-09-15T10:18:09.722761972Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

#增加内存限制，修改配置文件 -e 环境配置修改

docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" elasticsearch:7.14.2

#docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
b8e340230348 elasticsearch 318.23% 446.1MiB / 1.777GiB 24.52% 656B / 0B 237MB / 0B 39

作业：使用kibanna连接es

可视化

#portainer（先用这个）

docker run -d -p 8088:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainer

#Rancher（CI/CD再用）

什么是portainer
docker图形化界面管理工具，提供一个后台面板供我们操作
docker run -d -p 8088:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainer

访问测试 http://ip:8088/

docker镜像讲解

镜像：是一种轻量级的，可执行的独立软件包，用来打包软件运行环境和基于运行环境开发的软件，包含运行某个软件所需的所有内容（代码，库，环境变量，配置文件）

docker镜像加载原理

UnionFS（联合文件系统） ：是一种分层，轻量级并且高性能的文件系统，它支持对文件系统的修改作为一次提交来一层层叠加，同时可以将不同目录挂载到同一个虚拟文件系统下

特性：一次同时加载多个文件系统，但从外面看来，只能看到一个文件系统，联合加载会把各层文件系统叠加起来，这样最终的文件系统会包含所有底层的文件和目录

bootfs（boot file system）主要包含BootLoader和kernel ：docker的最底层是bootfs，boot加载完成之后整个内核都在内存中了，此时内存的使用权已由bootfs转交给内核，此时系统会卸载bootfs

rootfs（root file system）:在bootfs之上，包含的就是典型的linux系统中的 /dev,/proc,/bin,/etc 等标准目录和文件，rootfs就是各种不同的操作系统发行版，比如Ubuntu，Centos等

镜像是分层的

可观察pull一个容器是的下载过程

[root@localhost ~]# docker image inspect redis:latest
//....

"RootFS": {
"Type": "layers",
"Layers": [
"sha256:e1bbcf243d0e7387fbfe5116a485426f90d3ddeb0b1738dca4e3502b6743b325",
"sha256:58e6a16139eebebf7f6f0cb15f9cb3c2a4553a062d2cbfd1a782925452ead433",
"sha256:503a5c57d9786921c992b7b2216ae58f69dcf433eedb28719ddea3606b42ce26",
"sha256:277199a0027e044f64ef3719a6d7c3842e99319d6e0261c3a5190249e55646cf",
"sha256:d0d567a1257963b9655dfceaddc76203c8544fbf6c8672b372561a3c8a3143d4",
"sha256:a7115aa098139866d7073846e4321bafb8d5ca0d0f907a3c9625f877311bee7c"
]
}

特点：
docker镜像都是只读的，当容器启动时，一个新的可写层被加载到镜像的顶部（这一层就是所说的容器层，容器之下的都交镜像层）

如何提交一个自己的镜像

#commit镜像

docker commit 提交容器成为一个新的副本

#命令和git原理类似
#docker commit -m=“提交的描述信息” -a=“作者” 容器id 目标镜像名,[TAG]

测试：
#启动一个默认的tomcat
#发现这个默认的tomcat是没有webapps应用，镜像的原因，官方镜像默认没有
#自己将webapps.dist目录下的文件拷贝进去
#将我们操作过的容器通过commit提交为一个镜像，之后我们可以使用这个镜像

[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1b513b0e3356 tomcat "catalina.sh run" 10 minutes ago Up 10 minutes 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp dazzling_varahamihira

[root@localhost ~]# docker commit -a="zhangshan" -m="add webapps app" 1b513b0e3356 tomcat02:1.0
sha256:249aea0090d52eaca4e5f363dc5bb244ce0f3f420f1f92763c8b9f8c56145b49

[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat02 1.0 249aea0090d5 13 seconds ago 684MB
redis latest 40c68ed3a4d2 3 days ago 113MB
nginx latest 04661cdce581 11 days ago 141MB
tomcat latest b0e0b0a92cf9 4 weeks ago 680MB
hello-world latest feb5d9fea6a5 8 weeks ago 13.3kB
centos latest 5d0da3dc9764 2 months ago 231MB
elasticsearch 7.14.2 2abd5342ace0 2 months ago 1.04GB
portainer/portainer latest 580c0e4e98b0 8 months ago 79.1MB