容器docker怎么理解（docker容器技术的理解） - 原点资讯

9、libcontainer

libcontainer是Docker架构中一个使用Go语言设计实现的库，设计初衷是希望该库可以不依靠任何依赖，直接访问内核中与容器相关的API。

正是由于libcontainer的存在，Docker可以直接调用libcontainer，而最终操纵容器的namespace、cgroups、apparmor、网络设备以及防火墙规则等。这一系列操作的完成都不需要依赖LXC或者其他包。libcontainer架构如下：

容器docker怎么理解,docker容器技术的理解(13)

另外，libcontainer提供了一整套标准的接口来满足上层对容器管理的需求。或者说，libcontainer屏蔽了Docker上层对容器的直接管理。又由于libcontainer使用Go这种跨平台的语言开发实现，且本身又可以被上层多种不同的编程语言访问，因此很难说，未来的Docker就一定会紧紧地和Linux捆绑在一起。而于此同时，Microsoft在其著名云计算平台Azure中，也添加了对Docker的支持，可见Docker的开放程度与业界的火热度。

暂不谈Docker，由于libcontainer的功能以及其本身与系统的松耦合特性，很有可能会在其他以容器为原型的平台出现，同时也很有可能催生出云计算领域全新的项目。

10、docker container

Docker container（Docker容器）是Docker架构中服务交付的最终体现形式。

Docker按照用户的需求与指令，订制相应的Docker容器：

用户通过指定容器镜像，使得Docker容器可以自定义rootfs等文件系统；
用户通过指定计算资源的配额，使得Docker容器使用指定的计算资源；
用户通过配置网络及其安全策略，使得Docker容器拥有独立且安全的网络环境；
用户通过指定运行的命令，使得Docker容器执行指定的工作。

容器docker怎么理解,docker容器技术的理解(14)

四、docker简单使用

1、安装

yum install docker -y systemctl enable dockersystemctl start docker

注意：启动前应当设置源

vim /usr/lib/systemd/system/docker.service

这里设置阿里的，注册阿里云账户号每个用户都有：

[root@web1 ~]# vim /usr/lib/systemd/system/docker.service

[Unit]Description=Docker Application Container EngineDocumentation=http://docs.docker.comAfter=network.targetWants=docker-storage-setup.serviceRequires=docker-cleanup.timer

[Service]Type=notifyNotifyAccess=mainEnvironmentFile=-/run/containers/registries.confEnvironmentFile=-/etc/sysconfig/dockerEnvironmentFile=-/etc/sysconfig/docker-storageEnvironmentFile=-/etc/sysconfig/docker-networkEnvironment=GOTRACEBACK=crashEnvironment=DOCKER_HTTP_HOST_COMPAT=1Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbinExecStart=/usr/bin/dockerd-current --registry-mirror=https://rfcod7oz.mirror.aliyuncs.com #这个值可以登陆阿里云账号请参考下图 --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIESExecReload=/bin/kill -s HUP $MAINPIDLimitNOFILE=1048576LimitNPROC=1048576LimitCORE=infinityTimeoutStartSec=0Restart=on-abnormalKillMode=process

[Install]WantedBy=multi-user.target

容器docker怎么理解,docker容器技术的理解(15)

2、docker版本查询

[root@web1 ~]# docker versionClient: Version: 1.13.1 API version: 1.26 Package version: docker-1.13.1-96.gitb2f74b2.el7.centos.x86_64 Go version: go1.10.3 Git commit: b2f74b2/1.13.1 Built: Wed May 1 14:55:20 2019 OS/Arch: linux/amd64

Server: Version: 1.13.1 API version: 1.26 (minimum version 1.12) Package version: docker-1.13.1-96.gitb2f74b2.el7.centos.x86_64 Go version: go1.10.3 Git commit: b2f74b2/1.13.1 Built: Wed May 1 14:55:20 2019 OS/Arch: linux/amd64 Experimental: false

3、搜索下载镜像

docker pull alpine #下载镜像docker search nginx #查看镜像docker pull nginx

4、查看已经下载的镜像

[root@web1 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEzxg/my_nginx v1 b164f4c07c64 8 days ago 126 MBzxg/my_nginx latest f07837869dfc 8 days ago 126 MBdocker.io/nginx latest e445ab08b2be 2 weeks ago 126 MBdocker.io/alpine latest b7b28af77ffe 3 weeks ago 5.58 MBdocker.io/centos latest 9f38484d220f 4 months ago 202 MB[root@web1 ~]#

5、导出镜像

docker save nginx >/tmp/nginx.tar.gz

6、删除镜像

docker rmi -f nginx

7、导入镜像

docker load </tmp/nginx.tar.gz

8、默认配置文件

vim /usr/lib/systemd/system/docker.service

[Unit]Description=Docker Application Container EngineDocumentation=http://docs.docker.comAfter=network.targetWants=docker-storage-setup.serviceRequires=docker-cleanup.timer

[Service]Type=notifyNotifyAccess=mainEnvironmentFile=-/run/containers/registries.confEnvironmentFile=-/etc/sysconfig/dockerEnvironmentFile=-/etc/sysconfig/docker-storageEnvironmentFile=-/etc/sysconfig/docker-networkEnvironment=GOTRACEBACK=crashEnvironment=DOCKER_HTTP_HOST_COMPAT=1Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbinExecStart=/usr/bin/dockerd-current --registry-mirror=https://rfcod7oz.mirror.aliyuncs.com --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIESExecReload=/bin/kill -s HUP $MAINPIDLimitNOFILE=1048576LimitNPROC=1048576LimitCORE=infinityTimeoutStartSec=0Restart=on-abnormalKillMode=process

[Install]WantedBy=multi-user.target~~~~

如果更改存储目录就添加

--graph=/opt/docker

如果更改DNS——默认采用宿主机的dns

--dns=xxxx的方式指定

9、运行hello world

这里用centos镜像echo一个hello word

[root@web1 overlay2]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEzxg/my_nginx v1 b164f4c07c64 8 days ago 126 MBzxg/my_nginx latest f07837869dfc 8 days ago 126 MBdocker.io/nginx latest e445ab08b2be 2 weeks ago 126 MBdocker.io/alpine latest b7b28af77ffe 3 weeks ago 5.58 MBdocker.io/centos latest 9f38484d220f 4 months ago 202 MB[root@web1 overlay2]# docker run centos echo "hello world"hello world[root@web1 overlay2]#

10、运行一个容器-run

[root@web1 overlay2]# docker run -it alpine sh #运行并进入alpine/ #/ #/ #/ #/ #/ # lsbin etc lib mnt proc run srv tmp vardev home media opt root sbin sys usr/ # cd tmp/tmp # exit

后台运行（-d后台运行）（--name添加一个名字）

[root@web1 overlay2]# docker run -it -d --name test1 alpineac46c019b800d34c37d4f9dcd56c974cb82eca3acf185e5f8f80c8a60075e343[root@web1 overlay2]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESac46c019b800 alpine "/bin/sh" 5 seconds ago Up 3 seconds test1[root@web1 overlay2]#

还有一种-rm参数，ctrl c后就删除，可以测试环境用，生成环境用的少

[root@web1 overlay2]# docker run -it --rm --name centos nginx^C[root@web1 overlay2]###另开一个窗口[root@web1 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES3397b96ea7bd nginx "nginx -g 'daemon ..." 27 seconds ago Up 25 seconds 80/tcp centosac46c019b800 alpine "/bin/sh" 4 minutes ago Up 4 minutes test1[root@web1 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESac46c019b800 alpine "/bin/sh" 4 minutes ago Up 4 minutes test1[root@web1 ~]#

11、如何进入容器

三种方法，上面已经演示了一种

第一种，需要容器本身的pid及util-linux，不推荐，暂时不演示了

第二种，不分配bash终端的一种实施操作，不推荐，这种操作如果在开一个窗口也能看到操作的指令，所有人都能看到。

[root@web1 overlay2]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES9fc796e928d7 nginx "sh" 2 minutes ago Up 8 seconds 80/tcp mynginxac46c019b800 alpine "/bin/sh" 12 minutes ago Up 12 minutes test1[root@web1 overlay2]# docker attach mynginx

##### lsbin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var# exit [root@web1 overlay2]# docker attach mynginxYou cannot attach to a stopped container, start it first[root@web1 overlay2]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESac46c019b800 alpine "/bin/sh" 13 minutes ago Up 13 minutes test1[root@web1 overlay2]#

第三种：exec方式，终端时分开的，推荐

[root@web1 overlay2]# docker exec -it mynginx sh#### lsbin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var# exit[root@web1 overlay2]#[root@web1 overlay2]#[root@web1 overlay2]#[root@web1 overlay2]# docker padocker: 'pa' is not a docker command.See 'docker --help'[root@web1 overlay2]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES6fc2d091cfe9 nginx "nginx -g 'daemon ..." 45 seconds ago Up 43 seconds 80/tcp mynginxac46c019b800 alpine "/bin/sh" 16 minutes ago Up 16 minutes test1

12、查看docker进程及删除容器

上面已经演示：

[root@web1 overlay2]# docker ps -a #-a :显示所有的容器，包括未运行的CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES9fc796e928d7 nginx "sh" 4 minutes ago Exited (0) About a minute ago mynginxac46c019b800 alpine "/bin/sh" 15 minutes ago Up 15 minutes test13bf234febeaa alpine "sh" 17 minutes ago Exited (0) 16 minutes ago youthful_lumiereab113c63f0b4 centos "echo 'hello world'" 31 minutes ago Exited (0) 31 minutes ago infallible_torvaldsb326027dcf42 zxg/my_nginx "nginx" 8 days ago Exited (0) 8 days ago my_nginx4f1f1ca319f2 centos "bash" 8 days ago Exited (137) 8 days ago musing_lichterman64b4e32991c7 nginx "nginx -g 'daemon ..." 12 days ago Exited (0) 12 days ago mynginx1aee506fe7b5a alpine "sh" 12 days ago Created infallible_haibt70620c73b9a0 alpine "sh" 12 days ago Created gallant_volhard7655cbf87bb0 alpine "sh" 12 days ago Created agitated_brahmagupta33fb949372e8 fce289e99eb9 "/hello" 12 days ago Created elastic_dijkstra9de47616aea4 fce289e99eb9 "/hello" 13 days ago Created confident_fermi[root@web1 overlay2]# docker rm 9fc796e928d7 #rm时删除一个或多个容器9fc796e928d7

13、查看容器详细信息

并不需要进入到容器里面，通过查看详细信息看到了刚才运行的nginx，宿主机curl ip地址访问一下运行情况。

[root@web1 overlay2]# docker inspect mynginx[ { "Id": "6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010", "Created": "2019-08-07T08:57:48.864538933Z", "Path": "nginx", "Args": [ "-g", "daemon off;"], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 119948, "ExitCode": 0, "Error": "", "StartedAt": "2019-08-07T08:57:49.417992182Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:e445ab08b2be8b178655b714f89e5db9504f67defd5c7408a00bade679a50d44", "ResolvConfPath": "/var/lib/docker/containers/6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010/resolv.conf", "HostnamePath": "/var/lib/docker/containers/6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010/hostname", "HostsPath": "/var/lib/docker/containers/6fc2d091cfe9b0484da3e70db842446bbdfeb7f5e5409c2e40ae21b99498d010/hosts", "LogPath": "", "Name": "/mynginx", "RestartCount": 0, "Driver": "overlay2", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": , "HostConfig": { "Binds": , "ContainerIDFile": "", "LogConfig": { "Type": "journald", "Config": {} }, "NetworkMode": "default", "PortBindings": {}, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": , "CapAdd": , "CapDrop": , "Dns": , "DnsOptions": , "DnsSearch": , "ExtraHosts": , "GroupAdd": , "IpcMode": "", "Cgroup": "", "Links": , "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": , "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "docker-runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": , "BlkioDeviceReadBps": , "BlkioDeviceWriteBps": , "BlkioDeviceReadIOps": , "BlkioDeviceWriteIOps": , "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": , "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": -1, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": , "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Name": "overlay2", "Data": { "LowerDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a-init/diff:/var/lib/docker/overlay2/d8e95505fc3894eb30b48e4b0f48ab5e89d99c09a07c79c0b057c611621e31eb/diff:/var/lib/docker/overlay2/b2a6a25974bf17398b698a27208711574be3c69a2cd06658bbe838359f373a27/diff:/var/lib/docker/overlay2/d4610bc89b3ba8ad6ab30ea895fc3a06efff15db493d86ac9bc100e04abbab67/diff", "MergedDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a/merged", "UpperDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a/diff", "WorkDir": "/var/lib/docker/overlay2/937140af0aee6c43f04c2d7b72e6b5451a44fef921417e8236d9fe01e9286c7a/work" } }, "Mounts": , "Config": { "Hostname": "6fc2d091cfe9", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": true, "OpenStdin": true, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.17.2", "NJS_VERSION=0.3.3", "PKG_RELEASE=1~buster" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "ArgsEscaped": true, "Image": "nginx", "Volumes": , "WorkingDir": "", "Entrypoint": , "OnBuild": , "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGTERM" }, "NetworkSettings": { "Bridge": "", "SandboxID": "3ece36008fbc5f3f46d3d251cf803c1478cc14032d74a36747e4ed8a115b81df", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": }, "SandboxKey": "/var/run/docker/netns/3ece36008fbc", "SecondaryIPAddresses": , "SecondaryIPv6Addresses": , "EndpointID": "898de81d97d54d2b60aeb6cc77ef1b4f9b481d1b72f542faa496494594024eac", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.3", #看到ip地址 "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:03", "Networks": { "bridge": { "IPAMConfig": , "Links": , "Aliases": , "NetworkID": "2edae9131e77500a56d251b94ab2cdf0bc86f8df9f2453fa46bf4bab2f7be99f", "EndpointID": "898de81d97d54d2b60aeb6cc77ef1b4f9b481d1b72f542faa496494594024eac", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03" } } } }][root@web1 overlay2]# curl 172.17.0.1 #访问一下<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Test Page for the Nginx HTTP Server on Fedora</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172; } hr { display: none; } .content { padding: 1em 5em; } .alert { border: 2px solid #000; } img { border: 2px solid #fff; padding: 2px; margin: 2px; } a:hover img { border: 2px solid #294172; } .logos { margin: 1em; text-align: center; } /*]]>*/ </style> </head> <body> <h1>Welcome to <strong>nginx</strong> on Fedora!</h1> <div class="content"> <p>This page is used to test the proper operation of the <strong>nginx</strong> HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly.</p> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>This is the default <tt>index.html</tt> page that is distributed with <strong>nginx</strong> on Fedora. It is located in <tt>/usr/share/nginx/html</tt>.</p> <p>You should now put your content in a location of your choice and edit the <tt>root</tt> configuration directive in the <strong>nginx</strong> configuration file <tt>/etc/nginx/nginx.conf</tt>.</p> </div> </div> <div class="logos"> <a href="http://nginx.net/"><img src="//img.yd166.com/nginx-logo.png" alt="[ Powered by nginx ]" width="121" height="32" /></a> <a href="http://fedoraproject.org/"><img src="//img.yd166.com/poweredby.png" alt="[ Powered by Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>[root@web1 overlay2]#