注意,安装社区版,先看上图,标记的部分,需要centos7版本以上的;也就是内核版本,必须是3.10及以上,可以通过uname -r命令检查内核版本
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 官网地址
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#阿里云地址
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装最新版本的Docker CE和containerd,或者转到下一步安装特定版本
sudo yum install docker-ce docker-ce-cli containerd.io
# 要安装特定版本的Docker CE,请在repo中列出可用版本,然后选择并安装。
#列出并对您的仓库中可用的版本进行排序。此示例按版本号对结果进行排序,从最高到最低。
yum list docker-ce --showduplicates | sort -r
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
docker-ce.x86_64 3:18.09.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.1-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.0-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.3.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.2.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
Available Packages
# 安装
sudo yum install docker-ce-18.06.3.ce-3.el7 docker-ce-cli-18.06.3.ce-3.el7 containerd.io
sudo systemctl start docker
sudo docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:https://docs.docker.com/get-started/
此命令下载测试映像并在容器中运行它。当容器运行时,它会打印一条信息性消息并退出.
也可以通过查看版本确认是否安装
docker --version
# 卸载Docker包
$ sudo yum remove docker-ce
主机上的图像,容器,卷或自定义配置文件不会自动删除。要删除所有图像,容器和卷:
$ sudo rm -rf /var/lib/docker
sudo systemctl enable docker
要禁用此行为,请disable改用。
sudo systemctl disable docker
docker下载centos镜像
docker pull centos:7.2.1511
查看本地镜像信息
docker images
REPOSITORY :仓库名称
TAG : 镜像标签 (后面可用于发布到个人dockerhub上)
IMAGE ID : 镜像ID
CREATED : 创建时间
SIZE : 大小
启动容器
docker run -i -t -v /root/software/:/mnt/software/ [镜像ID] /bin/bash
容器是基于镜像创建的,执行镜像生成容器,方可进入容器
启动容器命令: docker run <相关参数> <镜像 ID> <初始命令>
参数解析
-i:表示以“交互模式”运行容器
-t:表示容器启动后会进入其命令行
-v:表示需要将本地哪个目录挂载到容器中,格式:-v <宿主机目录>:<容器目录>
/bin/bash:一旦容器启动,需要执行的命令,当前使用 “/bin/bash”, 表示启动后直接进bash shell
tips:这里挂载的意思就是 4cbf48630b46创建的容器访问 /mnt/software/ 目录下的文件就相当于访问 宿主机的 /root/software/下的文件,且两者文件夹里内容相同
执行完毕进入容器内部,输入exit或者ctrl+d退出
删除容器
docker images
[root@aliyunhxx ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7.2.1511 9aec5c5fe4ba 2 weeks ago 195MB
hello-world latest fce289e99eb9 3 months ago 1.84kB
docker rmi 9aec5c5fe4ba
Error response from daemon: conflict: unable to delete 9aec5c5fe4ba (must be forced) - image is being used by stopped container 53dd2c095395
此时会报错
正确删除的姿势
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a62985999837 hello-world “/hello” 3 minutes ago Exited (0) 3 minutes ago affectionate_lovelace
b1b1a5554fff hello-world “/hello” 10 minutes ago Exited (0) 9 minutes ago sad_fermat
0a999257bf7b 9aec5c5fe4ba “/bin/bash” 29 minutes ago Exited (127) 11 minutes ago confident_davinci
53dd2c095395 9aec5c5fe4ba “/bin/bash” 31 minutes ago Exited (137) 3 minutes ago trusting_carson
1535ee7deb83 hello-world “/hello” About an hour ago Exited (0) About an hour ago quizzical_beaver
7528ed16b7c5 hello-world “/hello” 2 hours ago Exited (0) 2 hours ago confident_kapitsa
52969add7849 hello-world “/hello” 2 hours ago Exited (0) 2 hours ago elegant_austin
docker rm 0a999257bf7b
docker rm 53dd2c095395
docker rmi 9aec5c5fe4ba
Untagged: centos:7.2.1511
Untagged: centos@sha256:28f14903e337f2c897aa74e8c3c5ff38086849866a1a88b6554632e7d68c7c21
Deleted: sha256:9aec5c5fe4ba9cf7a8d2a50713dd197c3b0cbd5f5fcd03babe4c1d65c455dabf
Deleted: sha256:a11c91bfd8669f0c82d437f0604d44080c7fa2ccda06d0fa2ba75275c9be4b3b
# 以下命令以centos镜像为基础
[root@aliyunhxx ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest f1332ae3f570 5 days ago 463MB
centos latest 9f38484d220f 2 weeks ago 202MB
hello-world latest fce289e99eb9 3 months ago 1.84kB
# 新建容器并启动
docker run -it --name hxxCentos centos
# 列出当前正在运行的容器
docker ps [-a][-l][-n+数字] # a代表全部 l上一次 n代表过去启动过的两个容器
# 退出容器
exit # 容器停止退出
ctrl + P + Q # 键盘快捷键,容器不停止退出
# 启动容器
docker start [容器ID或者容器名]
# 重启容器
docker restart [容器ID或者容器名]
# 关闭容器(需要等待关闭)
docker stop [容器ID或者容器名]
# 强制停止容器(无需等待)
docker kill [容器ID]
# 删除以停止的容器
docker rm [容器ID] # 只能删除已停止的
docker rm -f [容器ID] # 强制删除,可以删除未关闭的
# 一次性删除多个容器
docker rm -f ${docker ps -a -q}
docker ps -a -q | xargs docker rm # 这里的xargs为Linux的可变参数,也就是上一个命令的结果集作为输入参数传递给下一个命令
# 启动守护式容器(后台启动容器,并返回容器ID,即启动守护式容器)
docker run -id centos /bin/bash # 可加--name 参数命名,这里不能直接使用-d,因为docker机制问题,-i代表前台交互,所以docker容器后台运行就必须有一个前台进程,容器运行命令如果不是那些一直挂起的命令,比如(top,tail),就是会自动退出的
# 进入容器
docker attach [容器ID]
docker exec -it [容器ID] /bin/bash/
# 这里的/bin/bash 加不加都可以,attach和exec的区别在于,attach直接进入容器启动命令的终端,不会启动新的进程,而exec是在容器中打开新的终端,并且可以启动新的进程,例如docker exec f47f4dc78837 ls ,不用进入到容器内部 就可以拿出容器内的参数,当然exec也可以直接进去,加上-it 和/bin/bash参数就行,这里需要注意的是,使用exec进入容器,再使用exit退出并不会关闭容器。。。
# 查看容器内进程
docker top [容器ID]
# 查看容器内部细节
docker inspect [容器ID]
# 文件内的数据拷贝到本机
docker cp [容器ID]:[容器内路径] [目的主机路径]
# 以tomcat镜像为例
# 启动tomcat容器
docker run -it -p 8081:8080 tomcat # 这里的p小写自己手动指定端口映射
docker run -it -P tomcat # 大写p系统指定端口映射,可以通过docker ps查看映射
# 后台启动
docker run -d -p 8888:8080 tomcat
# 提交容器副本使之成为一个新的镜像
# 启动原来的tomcat后,进入到tomcat容器中,删除tomcat/webapps目录下的docs目录(也就是网页中的Documentation),然后提交容器副本创建新的镜像,启动新的镜像访问此界面,看是否被删除
docker commit -m="描述信息" -a="作者" [容器ID要创建的目标镜像名(例如:hxxzt/tomcat)]:[版本(标签名)]
docker commit -m="del tomcat docs" -a="hxx" hxxzt/tomcat:1.0.0
# -v 挂载,实际上就是宿主机和容器共享目录
# docker run -it -v [主机目录]:[容器目录] [镜像名]
docker run -it -v /usr/local/src/ceshi:/ceshi centos
# 带权限挂载(只可读,不可写)
# ro:顾名思义rede-only,只读
docker run -it -v [主机目录]:[容器目录]:ro [镜像名]
# 首先创建在宿主机的根目录下面创建一个目录
mkdir docker
# 进入
cd docker
# 创建vim文件并进入
vim Dockerfile
# 将下面的5行复制到文件中
# volume test
FROM centos
VOLUME ["/data1","/data2"]
CMD echo "finished,-------success"
CMD /bin/bash
# 以Dockerfile为模版,构建新的镜像
# docker build -f [Dockerfile文件在宿主机上的路径] -t[镜像名字] .
docker build -f /docker/Dockerfile -t hxxzt/centos .
# 回车会出现以下内容
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM centos
---> 9f38484d220f
Step 2/4 : VOLUME ["/data1","/data2"]
---> Running in 85c86ab42972
Removing intermediate container 85c86ab42972
---> 375e57fbb51a
Step 3/4 : CMD echo "finished,-------success"
---> Running in 385cdfca8766
Removing intermediate container 385cdfca8766
---> 854ad5f775d3
Step 4/4 : CMD /bin/bash
---> Running in cfd28cd41f31
Removing intermediate container cfd28cd41f31
---> 59170333828f
Successfully built 59170333828f
Successfully tagged hxxzt/centos:latest
# 查看所有的docker镜像
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hxxzt/centos latest 59170333828f 2 minutes ago 202MB
tomcat latest f1332ae3f570 6 days ago 463MB
centos latest 9f38484d220f 3 weeks ago 202MB
# 进入镜像
docker run -it hxxzt/centos
# 查看文件
# 可以看到data1和data2两个目录
ls -l
total 64
-rw-r--r-- 1 root root 12082 Mar 5 17:36 anaconda-post.log
lrwxrwxrwx 1 root root 7 Mar 5 17:34 bin -> usr/bin
drwxr-xr-x 2 root root 4096 Apr 5 16:58 data2
drwxr-xr-x 2 root root 4096 Apr 5 16:58 data1
drwxr-xr-x 5 root root 360 Apr 5 16:58 dev
drwxr-xr-x 1 root root 4096 Apr 5 16:58 etc
drwxr-xr-x 2 root root 4096 Apr 11 2018 home
lrwxrwxrwx 1 root root 7 Mar 5 17:34 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Mar 5 17:34 lib64 -> usr/lib64
drwxr-xr-x 2 root root 4096 Apr 11 2018 media
drwxr-xr-x 2 root root 4096 Apr 11 2018 mnt
drwxr-xr-x 2 root root 4096 Apr 11 2018 opt
dr-xr-xr-x 91 root root 0 Apr 5 16:58 proc
dr-xr-x--- 2 root root 4096 Mar 5 17:36 root
drwxr-xr-x 11 root root 4096 Mar 5 17:36 run
lrwxrwxrwx 1 root root 8 Mar 5 17:34 sbin -> usr/sbin
drwxr-xr-x 2 root root 4096 Apr 11 2018 srv
dr-xr-xr-x 13 root root 0 Apr 5 16:58 sys
drwxrwxrwt 7 root root 4096 Mar 5 17:36 tmp
drwxr-xr-x 13 root root 4096 Mar 5 17:34 usr
drwxr-xr-x 18 root root 4096 Mar 5 17:34 var
# 因为Dockerfile文件未指定宿主机上的地址
# 可以通过 docker inspect [容器Id]查看
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03b3c8ca7c82 hxxzt/centos "/bin/sh -c /bin/bash" 6 minutes ago Up 6 minutes blissful_kowalevski
b7be4eb58563 tomcat "catalina.sh run" 35 minutes ago Up 35 minutes 0.0.0.0:8080->8080/tcp distracted_dubinsky
docker inspect 03b3c8ca7c82
# 会返回一大段json串,找出以下关键的
# 对应宿主机上的文件目录,可以自行查看
"Mounts": [
{
"Type": "volume",
"Name": "ecf2cb77e7e48ebada22e3c978eca13a8e333a34fb64e187720fae590ff9d226",
"Source": "/var/lib/docker/volumes/ecf2cb77e7e48ebada22e3c978eca13a8e333a34fb64e187720fae590ff9d226/_data",
"Destination": "/data2",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "b7fa65c0b75b895cb6767720a302927dd8d60b08900db6390a753017f181d2b1",
"Source": "/var/lib/docker/volumes/b7fa65c0b75b895cb6767720a302927dd8d60b08900db6390a753017f181d2b1/_data",
"Destination": "/data1",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
]
cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
默认目录
/var/lib/docker
,不删除该目录,就不会删除已经安装的镜像及容器
yum install -y yum-utils
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list installed | grep docker
yum -y remove docker*
这是因为低版本升级到高版本之后不兼容 修改参数进行解决
# 命令
grep -rl 'docker-runc' /var/lib/docker/containers/ | xargs sed -i 's/docker-runc/runc/g'
# 注:grep -rl:递归搜索目录和子目录,只列出含有匹配的文本行的文件名,而不显示具体的匹配内容
# xargs:衔接执行之前得到的值
# 总体意思是把/var/lib/docker/containers中含有‘docker-runc’的文件搜索出来,并把‘docker-runc’字符为runc
systemctl restart docker
解决方案无非是SELINUX要么都关闭,要么都开启
# 推荐修改CentOS下的/etc/selinux/config 将SELINUX=disabled 改成 SELINUX=permissive
vi /etc/selinux/config
# 找到SELINUX=enable修改为SELINUX=permissive
SELINUX=permissive
# 保存
:wq
# 或者修改docker关闭selinux
vi /etc/sysconfig/docker
# 找到OPTIONS="--selinux-enabled --log-driver=journald --signature-verification=false"
# 删除 --selinux-enabled
OPTIONS="--log-driver=journald --signature-verification=false"
# 保存
:wq
另外docker-18.03已经废弃使用overlay1了,overlay2存储才是今后所支持的,因此不建议按照网上某文章的教程那样将docker的存储驱动改回overlay1。改回overlay1的方式只是治标不治本,正解是修改selinux配置。672847
# 清除服务器占用volumes 未使用的容器+所有镜像 + 构建缓存 都会被删除(谨慎使用)
docker system prune -a --volumes
# 清除未使用的容器
docker container prune
# 删除所有构建缓存
docker builder prune
# 所有未被使用的网络
docker network prune
# 所有未被使用的存储卷
docker volume prune