一、容器的生命周期
- 检查本地是否存在镜像,如果存在就不存在即从远端仓库检索
- 利用镜像启动容器
- 分配一个文件系统,并在只读的镜像层外挂载一层可读写层
- 从宿主机配置的网桥接口中桥接一个虚拟接口到容器
- 从地址池配置一个ip地址给容器
- 执行用户指定的指令
- 指定完毕后容器终止
下面是容器的状态图
1、关于dockerfile的定义
如果我们去做一个镜像的时候我们是可以用docker commit去固化提交制作成为镜像
dockerfile介绍
Dockerfile是构建Docker镜像的源代码,Docker可以通过读取Dockerfile的说明自动构建镜像。Dockerfile是一种文本文档,其中包含用户在命令行上可以调用的所有命令来组装图像。使用docker构建,用户可以创建一个自动构建,连续执行多个命令行指令。
下面是构建镜像的图像
更多的时候是使用docker build去构建镜像的
2、dockerfile使用的基本规则
建议的是指令用大写字母,内容用小写
3、4组核心的dockerfile指令
USER/WORKDIR指令
USER是指的你那个主进程就是pid等于1的进程是用什么协议跑的
WORKDIR就相当于Linux中的cd命令
[root@hdss7-11 ~]# mkdir /data/dockerfile
[root@hdss7-11 ~]# cd /data/dockerfile/
[root@hdss7-11 dockerfile]# vi Dockerfile
[root@hdss7-11 dockerfile]# cat Dockerfile
FROM docker.io/yunduan666/nginx:v1.12.2
USER nginx
WORKDIR /usr/share/nginx/html
构建镜像
[root@hdss7-11 dockerfile]# docker build . -t docker.io/yunduan666/nginx:v1.12.2_with_user_workdir
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM docker.io/yunduan666/nginx:v1.12.2
---> 4037a5562b03
Step 2/3 : USER nginx
---> Running in 5e9e100452da
Removing intermediate container 5e9e100452da
---> bdb1c1a97bb2
Step 3/3 : WORKDIR /usr/share/nginx/html
---> Running in 9830641291af
Removing intermediate container 9830641291af
---> ad6535a76420
Successfully built ad6535a76420
Successfully tagged yunduan666/nginx:v1.12.2_with_user_workdir
创建进入容器看下
[root@hdss7-11 dockerfile]# docker run --rm -it --name nginx123 yunduan666/nginx:v1.12.2_with_user_workdir /bin/bash
nginx@722533c2a320:/usr/share/nginx/html$ whoami
nginx
nginx@722533c2a320:/usr/share/nginx/html$ pwd
/usr/share/nginx/html
ADD/EXPOSE指令
ADD类使用cp并解压
随机端口用-P 指定端口用-p
[root@hdss7-11 dockerfile]# cp /root/html/index.html .
[root@hdss7-11 dockerfile]# vi Dockerfile
[root@hdss7-11 dockerfile]# cat Dockerfile
FROM docker.io/yunduan666/nginx:v1.12.2
ADD index.html /usr/share/nginx/html
EXPOSE 80
[root@hdss7-11 dockerfile]# docker build . -t docker.io/yunduan666/nginx:v1.12.2_with_index_expose
Sending build context to Docker daemon 5.12kB
Step 1/3 : FROM docker.io/yunduan666/nginx:v1.12.2
---> 4037a5562b03
Step 2/3 : ADD index.html /usr/share/nginx/html
---> e1da99d7c673
Step 3/3 : EXPOSE 80
---> Running in d19c3b3d63cd
Removing intermediate container d19c3b3d63cd
---> e0c0d5c01962
Successfully built e0c0d5c01962
Successfully tagged yunduan666/nginx:v1.12.2_with_index_expose
[root@hdss7-11 dockerfile]# docker run --rm -it --name nginx123 -P yunduan666/nginx:v1.12.2_with_index_expose /bin/bash
root@c3c7c7d5faf5:/# whoami
root
root@c3c7c7d5faf5:/# pwd
/
root@c3c7c7d5faf5:/# nginx -g "daemon off;" #开启容器
然后可以在另一个终端看下默认端口是多少去浏览器查看
[root@hdss7-11 ~]# netstat -luntp |grep proxy
tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 28888/docker-proxy
tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 35057/docker-proxy
tcp6 0 0 :::82 :::* LISTEN 28894/docker-proxy
tcp6 0 0 :::49153 :::* LISTEN 35064/docker-proxy
启动容器也可以使用-d就不用在容器里面在开daemon了
[root@hdss7-11 dockerfile]# docker run --rm -d --name nginx123 -P yunduan666/nginx:v1.12.2_with_index_expose
99671befd194d3f214c3196eb6f2df91e4f47c64985cafb5dd3e7606dce35447
RUN/ENV
ENV指的是环境变量,我们定义一个环境变量叫最做ver(既可以在docker外面使用也可在里面使用)
RUN 指在构建镜像的时候帮你执行一些可以执行的命令
[root@hdss7-11 dockerfile]# cat Dockerfile
FROM centos:7
ENV VER 9.11.4
RUN yum -y install bind-$VER
[root@hdss7-11 dockerfile]# docker build . -t yunduan666/bind:v9.11.4_with_env_run
进入容器验证
[root@hdss7-11 dockerfile]# docker run -it --rm yunduan666/bind:v9.11.4_with_env_run /bin/bash
[root@f067ea23ab08 /]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@f067ea23ab08 /]# printenv
HOSTNAME=f067ea23ab08
TERM=xterm
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
SHLVL=1
HOME=/root
VER=9.11.4
_=/usr/bin/printenv
[root@f067ea23ab08 /]# rpm -qa bind #查看是否有bind
bind-9.11.4-26.P2.el7_9.5.x86_64
[root@f067ea23ab08 /]#
CMD/ENTRYPOINT指令
CMD和ENTRYPOINT指令作用相同,使用方法略有不同
CMD指令特别和RUN指令混淆,CMD是启动容器了要用什么命令如下
我们需要用cmd指令让容器显示一个进程让它指定在前台
[root@hdss7-11 dockerfile]# cat Dockerfile
FROM centos:7
RUN yum -y install httpd
CMD ["httpd","-D","FOREGROUND"]
[root@hdss7-11 dockerfile]# docker build . -t yunduan666/httpd:test
[root@hdss7-11 dockerfile]# docker run -d --rm --name myhttpd -p83:80 yunduan666/httpd:test
1c58c6b6db3f0ae3cb139bf1f3d138d785221bf09f995d766da8abb51fb0c563
[root@hdss7-11 dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c58c6b6db3f yunduan666/httpd:test "httpd -D FOREGROUND" 7 seconds ago Up 5 seconds 0.0.0.0:83->80/tcp, :::83->80/tcp myhttpd
ENTRYPOINT指令是没有容器都有一个默认的启动命令若是不指定的时候它是默认走跟目录下的entrypoint.sh启动的
[root@hdss7-11 ~]# cd /data/dockerfile/
[root@hdss7-11 dockerfile]# ll
总用量 8
-rw-r--r--. 1 root root 132 8月 9 04:09 Dockerfile
-rwxr-xr-x. 1 root root 42 8月 9 04:02 entrypoint.sh
[root@hdss7-11 dockerfile]# cat Dockerfile
FROM centos:7
ADD entrypoint.sh /entrypoint.sh
RUN yum install epel-release -q -y && yum -y install nginx
ENTRYPOINT /entrypoint.sh
[root@hdss7-11 dockerfile]# cat entrypoint.sh
#!/bin/bash
/sbin/nginx -g "daemon off;"
[root@hdss7-11 dockerfile]# chmod +x entrypoint.sh
[root@hdss7-11 dockerfile]# docker build . -t yunduan666/nginx:mynginx
....
Complete!
Removing intermediate container 0759aaf5229e
---> b76054597514
Step 4/4 : ENTRYPOINT /entrypoint.sh
---> Running in 7e719a2f9cff
Removing intermediate container 7e719a2f9cff
---> fb0e97df4ee5
Successfully built fb0e97df4ee5
Successfully tagged yunduan666/nginx:mynginx
创建容器后到浏览器查看
[root@hdss7-11 dockerfile]# docker run --rm -p84:80 yunduan666/nginx:mynginx
上面的forbidden也说明了容器是已经起来的了,怎么让它正常呢
root@hdss7-11 dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93a580cf16b8 yunduan666/nginx:mynginx "/bin/sh -c /entrypo…" 15 seconds ago Up 14 seconds 0.0.0.0:84->80/tcp, :::84->80/tcp zealous_chebyshev
[root@hdss7-11 dockerfile]# docker exec -it compassionate_solomon /bin/bash
Error: No such container: compassionate_solomon
[root@hdss7-11 dockerfile]# docker exec -it 93a580cf16b8 /bin/bash
[root@93a580cf16b8 /]# cat /entrypoint.sh
#!/bin/bash
/sbin/nginx -g "daemon off;"
[root@93a580cf16b8 /]# ls -l /entrypoint.sh
-rwxr-xr-x. 1 root root 42 Aug 8 20:02 /entrypoint.sh
按照下面的方法启动也是行的
[root@hdss7-11 dockerfile]# ll
总用量 8
-rw-r--r--. 1 root root 158 8月 9 04:28 Dockerfile
-rwxr-xr-x. 1 root root 42 8月 9 04:02 entrypoint.sh
[root@hdss7-11 dockerfile]# cat Dockerfile
FROM centos:7
ADD entrypoint.sh /entrypoint.sh
RUN yum install epel-release -q -y && yum -y install nginx
ADD entrypoint.sh /entrypoint.sh
CMD /entrypoint.sh
然后去在开一个窗口能看到123起来了
删除123
[root@hdss7-11 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93a580cf16b8 yunduan666/nginx:mynginx "/bin/sh -c /entrypo…" 14 minutes ago Up 14 minutes 0.0.0.0:84->80/tcp, :::84->80/tcp zealous_chebyshev
[root@hdss7-11 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e1881a6ea3a3 yunduan666/nginx:123 "/bin/sh -c /entrypo…" 7 seconds ago Up 5 seconds wonderful_kepler
93a580cf16b8 yunduan666/nginx:mynginx "/bin/sh -c /entrypo…" 15 minutes ago Up 15 minutes 0.0.0.0:84->80/tcp, :::84->80/tcp zealous_chebyshev
[root@hdss7-11 ~]# docker rm -f wonderful_kepler
wonderful_kepler
它也就结束了你可以去用/bin/echo 123 将它替换掉不会在卡住
[root@hdss7-11 dockerfile]# docker run --rm yunduan666/nginx:123 /bin/echo 123
123
但是你若是使用entrypoint它是替换不掉的还是会卡住、、这就是两个的区别
[root@hdss7-11 dockerfile]# docker run --rm -p84:80 yunduan666/nginx:mynginx /bin/echo 123
^C
二、综合实验
运行一个docker容器,在浏览器打开demo.od.com 能访问百度首页
1、准备Docker镜像
[root@hdss7-11 nginx]# ll
总用量 12
-rw-r--r--. 1 root root 82 8月 9 04:51 demo.od.com.conf
-rw-r--r--. 1 root root 333 8月 9 04:56 Dockerfile
-rw-r--r--. 1 root root 2381 8月 9 04:52 index.html
[root@hdss7-11 nginx]# cat demo.od.com.conf
server {
listen 80;
server_name demo.od.com;
root /usr/share/nginx/html;
}
[root@hdss7-11 nginx]# cat Dockerfile
FROM yunduan666/nginx:v1.12.2
USER root
ENV WWW /usr/share/nginx/html
ENV CONF /etc/nginx/conf.d
ENV /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
echo 'Asia/Shanghai' >/etc/timezone
WORKDIR $WWW
ADD index.html $WWW/index.html
ADD demo.od.com.conf $CONF/demo.od.com.conf
EXPOSE 80
CMD ["nginx","-g","daemon off;"]
[root@hdss7-11 nginx]# pwd
/data/dockerfile/nginx
[root@hdss7-11 nginx]# docker build . -t yunduan666/nginx:baidu
...
Successfully built af33caec2871
Successfully tagged yunduan666/nginx:baidu
创建出容器并映射出来
[root@hdss7-11 nginx]# docker run --rm -P yunduan666/nginx:baidu
在宿主机上做下地址映射
这个时候就能用域名访问了
三、docker的网络模型
NAT(默认)
进入容器后之际输入ip add就能看到了
None
docker封装容器的时候不一定需要网络通信,没有协议栈的需求
Host
docker 和宿主机在同一个网络名称空间上
联合网络
[root@hdss7-11 nginx]# docker run -d --rm --name lhwl1 yunduan666/nginx:curl
4d6395ea213808796023636c8a315708d46fe37688d06ea48434a00f5a40a400
[root@hdss7-11 nginx]# docker exec -it lhwl1
"docker exec" requires at least 2 arguments.
See 'docker exec --help'.
Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
Run a command in a running container
[root@hdss7-11 nginx]# docker exec -it lhwl1 bash
root@4d6395ea2138:/# ip add
bash: ip: command not found
root@4d6395ea2138:/# apt-get update && apt-get install net-tools
Ign:1 http://mirrors.163.com/debian jessie InRelease
Hit:2 http://mirrors.163.com/debian jessie-updates InRelease
Hit:3 http://mirrors.163.com/debian jessie Release
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 225 kB of archives.
After this operation, 803 kB of additional disk space will be used.
Get:1 http://mirrors.163.com/debian jessie/main amd64 net-tools amd64 1.60-26+b1 [225 kB]
Fetched 225 kB in 0s (489 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package net-tools.
(Reading database ... 7559 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60-26+b1_amd64.deb ...
Unpacking net-tools (1.60-26+b1) ...
Setting up net-tools (1.60-26+b1) ...
root@4d6395ea2138:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:07:0b:02
inet addr:172.7.11.2 Bcast:172.7.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:72 errors:0 dropped:0 overruns:0 frame:0
TX packets:63 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:230812 (225.4 KiB) TX bytes:4168 (4.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@hdss7-11 dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d6395ea2138 yunduan666/nginx:curl "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 80/tcp lhwl1
[root@hdss7-11 dockerfile]# docker run -it --rm --name lhwl2 --net=container:4d6395ea2138 yunduan666/nginx:curl bash
root@4d6395ea2138:/# ifconfig
bash: ifconfig: command not found
root@4d6395ea2138:/# apt-get update && apt-get install net-tools
Ign:1 http://mirrors.163.com/debian jessie InRelease
Hit:2 http://mirrors.163.com/debian jessie-updates InRelease
Hit:3 http://mirrors.163.com/debian jessie Release
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 225 kB of archives.
After this operation, 803 kB of additional disk space will be used.
Get:1 http://mirrors.163.com/debian jessie/main amd64 net-tools amd64 1.60-26+b1 [225 kB]
Fetched 225 kB in 0s (638 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package net-tools.
(Reading database ... 7559 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60-26+b1_amd64.deb ...
Unpacking net-tools (1.60-26+b1) ...
Setting up net-tools (1.60-26+b1) ...
root@4d6395ea2138:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:07:0b:02
inet addr:172.7.11.2 Bcast:172.7.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:140 errors:0 dropped:0 overruns:0 frame:0
TX packets:128 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:461195 (450.3 KiB) TX bytes:8456 (8.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)