Linux——Docker容器虛擬化平臺

安裝docker

安裝 Docker | Docker 從入門到實踐https://vuepress.mirror.docker-practice.com/install/

?不需要設置防火墻

docker命令說明

docker images? #查看所有本地主機的鏡像
docker search 鏡像名?????????? #搜索鏡像
docker pull 鏡像名 [標簽]????? #下載鏡像（如果不寫tag，默認是latest）
docker rmi 鏡像名 [標簽]?????? #刪除鏡像??? docker rmi -f $(docker images -aq)? 刪除全部鏡像
docker tag? 鏡像名:版本?? 新鏡像名:版本??? #復制鏡像并且修改名稱
docker commit? -a "xxx"? -c "xxx" 鏡像ID 名字：版本?? #提交鏡像
-a :提交的鏡像作者；
-c :使用Dockerfile指令來創建鏡像；
-m :提交時的說明文字；

docker load -i??? /xxx/xxx.tar???????? #導入鏡像
docker save -o?? /xxx/xxx.tar????????? #保存一個鏡像為一個tar包

?容器命令

?docker run [可選參數] image 命令 #啟動容器（無鏡像會先下載鏡像）
#參數說明
--name = "Name"?? 容器名字
-c?? 后面跟待完成的命令
-d?? 以后臺方式運行并且返回ID，啟動守護進程式容器
-i?? 使用交互方式運行容器，通常與t同時使用
-t?? 為容器重新分配一個偽輸入終端。也即啟動交互式容器
-p?? 指定容器端口??? -p 容器端口:物理機端口? 映射端口
-P?? 隨機指定端口
-v?? 給容器掛載存儲卷

docker build? #創建鏡像??????? -f：指定dockerfile文件路徑?? -t：鏡像名字以及標簽
docker logs 容器實例的ID????????? #查看容器日志
docker rename 舊名字? 新名字????? # 給容器重新命名
docker top??? 容器實例的ID????????????????? #查看容器內進程
docker ps -a??????????????????? #列出所有容器（不加-a就是在運行的）
docker rm????? 容器實例的ID???????????????? #刪除容器（正在運行容器不能刪除，除非加-f選項）
docker kill? 容器實例的ID??????? #殺掉容器
docker history?? 容器實例的ID??? #查看docker鏡像的變更歷史
docker start 容器實例的ID??????? #啟動容器
docker restart 容器實例的ID?????? #重啟容器
docker stop 容器實例的ID???????? #停止正在運行的容器
docker attach /docker exec? 容器實例的ID?? #同為進入容器命令，不同的是attach連接終止會讓容器退出后臺運行，而exec不會。并且，docker attach是進入正在執行的終端，不會情動新的進程，而docker exec則會開啟一個新的終端，可以在里面操作。
docker image inspect? 容器名稱：容器標簽?????? #查看容器內源數據
docker cp? 容器id：容器內路徑?? 目的主機路徑?????????? #從容器內拷貝文件到主機（常用）或者從主機拷貝到容器（一般用掛載）
exit?????????????????????????? #直接退出容器
crlt + P + Q?????????????????? #退出容器但是不終止運行

鏡像的導入導出：


[root@docker1 ~]# docker run -itd ubuntu:18.04  bash
aaba782de4aa1de481caefca4c96e6cd32a902660015386d70450f459d7289df
[root@docker1 ~]# docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED         STATUS         PORTS     NAMES
aaba782de4aa   ubuntu:18.04   "bash"    2 minutes ago   Up 2 minutes             quirky_khayyam
[root@docker1 ~]# docker exec -it quirky_khayyam bash  
#為 quirky_khayyam 的容器內部啟動一個交互式的 bash shell
root@aaba782de4aa:/# pwd           
/
root@aaba782de4aa:/# touch test.txt
root@aaba782de4aa:/# exit
exit
[root@docker1 ~]# docker export aaba782de4aa  > ubuntu.tar
[root@docker1 ~]#
[root@docker1 ~]# docker stop quirky_khayyam 
quirky_khayyam
[root@docker1 ~]# docker rm quirky_khayyam 
quirky_khayyam
[root@docker1 ~]#[root@docker1 ~]# cat ubuntu.tar | docker import - test/ubuntu:v1.0
sha256:2459841eac991ee8b0b6598e189ada679f1652e5ff95bcb27a38a9f863dc1d40
[root@docker1 ~]#[root@docker1 ~]# docker image ls
REPOSITORY    TAG       IMAGE ID       CREATED          SIZE
test/ubuntu   v1.0      2459841eac99   55 seconds ago   63.2MB
ubuntu        18.04     f9a80a55f492   11 months ago    63.2MB
hello-world   latest    d2c94e258dcb   12 months ago    13.3kB
[root@docker1 ~]#[root@docker1 ~]# docker run -it --name test test/ubuntu:v1.0 bash
root@bfe4f040f985:/# ls /test.txt
/test.txt
root@bfe4f040f985:/# exit
exit
[root@docker1 ~]# docker ps -a
CONTAINER ID   IMAGE              COMMAND   CREATED          STATUS                     PORTS     NAMES
bfe4f040f985   test/ubuntu:v1.0   "bash"    10 seconds ago   Exited (0) 2 seconds ago             test
[root@docker1 ~]# docker rm test 
test
[root@docker1 ~]#注：容器導出為鏡像，從鏡像運行容器，可恢復導出前的效果

Docker導入導出鏡像：

[root@docker1 ~]# docker save hello-world:latest -o hello.tar
[root@docker1 ~]# ls hello.tar 
hello.tar
[root@docker1 ~]#[root@docker1 ~]# scp hello.tar 192.168.99.129:/
root@192.168.99.129's password: 
hello.tar                                                100%   25KB  14.4MB/s   00:00    
[root@docker1 ~]#[root@docker2 ~]# docker load -i /hello.tar 
ac28800ec8bb: Loading layer  14.85kB/14.85kB
Loaded image: hello-world:latest
[root@docker2 ~]# docker image ls
REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
hello-world   latest    d2c94e258dcb   12 months ago   13.3kB
[root@docker2 ~]#
[root@docker2 ~]# docker rmi hello-world:latest[root@docker1 ~]# docker save hello-world:latest ubuntu:18.04 -o hello_ubuntu.tar
[root@docker1 ~]# scp hello_ubuntu.tar 192.168.99.129:/
root@192.168.99.129's password: 
hello_ubuntu.tar                                                           100%   63MB  71.0MB/s   00:00    
[root@docker1 ~]#[root@docker2 ~]# docker load -i /hello_ubuntu.tar 
ac28800ec8bb: Loading layer  14.85kB/14.85kB
Loaded image: hello-world:latest
548a79621a42: Loading layer  65.53MB/65.53MB
Loaded image: ubuntu:18.04
[root@docker2 ~]# docker image ls
REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
ubuntu        18.04     f9a80a55f492   11 months ago   63.2MB
hello-world   latest    d2c94e258dcb   12 months ago   13.3kB
[root@docker2 ~]#[root@docker2 ~]# docker info 顯示docker系統級別的一些信息
[root@docker1 ~]# docker inspect --help 返回docker對象的一些信息（鏡像或容器）
[root@docker1 ~]# docker inspect hello-world:latest 輸出略

利用 commit 理解鏡像構成：

運行nginx鏡像：

[root@docker1 ~]# docker pull nginx
[root@docker1 ~]# docker image ls nginx
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
nginx        latest    e784f4560448   13 days ago   188MB
[root@docker1 ~]#[root@docker1 ~]# docker run -d --name nginx1 nginx
d4a4ee4c2ca600935ecf8c63681683c479f8c6d0ce68f093d93161bc7416a1e8
[root@docker1 ~]# docker ps 
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS     NAMES
d4a4ee4c2ca6   nginx     "/docker-entrypoint.…"   15 seconds ago   Up 14 seconds   80/tcp    nginx1
[root@docker1 ~]#[root@docker1 ~]# ip a s docker0
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:4f:7c:ef:33 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:4fff:fe7c:ef33/64 scope link valid_lft forever preferred_lft forever
[root@docker1 ~]# curl -I 172.17.0.2
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Fri, 17 May 2024 07:27:27 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 16 Apr 2024 14:29:59 GMT
Connection: keep-alive
ETag: "661e8b67-267"
Accept-Ranges: bytes[root@docker1 ~]#

如果鏡像包含ip或ifconfig等命令，可以連接到容器查看ip：

[root@docker1 ~]# docker exec -it nginx1 bash如果沒有查看ip的命令：可以使用inspect子命令
[root@docker1 ~]# docker inspect nginx1 | grep -i ipaddress"SecondaryIPAddresses": null,"IPAddress": "172.17.0.2","IPAddress": "172.17.0.2",
[root@docker1 ~]# docker inspect nginx1 | grep -i ip"IpcMode": "private","LinkLocalIPv6Address": "","LinkLocalIPv6PrefixLen": 0,"SecondaryIPAddresses": null,"SecondaryIPv6Addresses": null,"GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","IPAMConfig": null,"IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,
[root@docker1 ~]#

此時docker1訪問正常：
[root@docker1 ~]# curl -I 172.17.0.2
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Fri, 17 May 2024 07:32:55 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 16 Apr 2024 14:29:59 GMT
Connection: keep-alive
ETag: "661e8b67-267"
Accept-Ranges: bytes[root@docker1 ~]#
Docker2無法訪問：
[root@docker2 ~]# curl 172.17.0.2
curl: (7) Failed to connect to 172.17.0.2 port 80: No route to host
[root@docker2 ~]#[root@docker1 ~]# firewall-cmd --set-default-zone=trusted 
success
[root@docker1 ~]# setenforce 0
[root@docker2 ~]# firewall-cmd --set-default-zone=trusted 
success
[root@docker2 ~]# 
[root@docker2 ~]# setenforce 0

此時docker2無法訪問：

因為本機也有172.17.0.1的docker0網橋，找172.17.0.2時在本機找
即使本機沒有172.17.0.1的docker0網橋，也無法訪問，因為缺少到容器網段的路由，需手動添加靜態路由，容器主機中也需要有返回的路由

如何使docker2能否訪問docker1的容器web服務：

可以使用端口映射：將容器的端口映射到虛擬機的端口

[root@docker1 ~]# docker stop nginx1 
nginx1
[root@docker1 ~]# docker rm nginx1 
nginx1
[root@docker1 ~]# docker run -d --name nginx2 -p 80:80 nginx
db4296a9e0e2f6f84a8032e45567b39d5921ac613af89bea1b194842ed58b197
[root@docker1 ~]#[root@docker1 ~]# docker exec -it nginx2 bash
root@db4296a9e0e2:/# find / -name "index.html"
find: '/proc/29/map_files': Permission denied
find: '/proc/30/map_files': Permission denied
find: '/proc/31/map_files': Permission denied
find: '/proc/32/map_files': Permission denied
/usr/share/nginx/html/index.html
root@db4296a9e0e2:/# echo docker1-nginx2 > /usr/share/nginx/html/test.html
root@db4296a9e0e2:/# exit
exit
[root@docker1 ~]#
[root@docker1 ~]# ip a s ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:50:56:31:08:49 brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 192.168.99.138/24 brd 192.168.99.255 scope global dynamic noprefixroute ens160valid_lft 1092sec preferred_lft 1092secinet6 fe80::250:56ff:fe31:849/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@docker1 ~]# curl 192.168.99.138/test.html
docker1-nginx2
[root@docker1 ~]# [root@docker2 ~]# curl  192.168.99.138/test.html
docker1-nginx2
[root@docker2 ~]#
注：
此時docker1和docker2的防火墻都是trusted狀態，如果是public，自行放行服務或端口注: -p 80:80  前面是宿主機端口，后面是容器端口
[root@docker1 ~]# docker stop nginx2 
nginx2
[root@docker1 ~]# docker rm nginx2 
nginx2
[root@docker1 ~]#
[root@docker1 ~]# docker run -d --name nginx3 -p 8080:80 nginx
566dfc7e1e699d5fc159421804fc1092f60c342f4d59fb7d7c77e44b1db659e6
[root@docker1 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                                   NAMES
566dfc7e1e69   nginx     "/docker-entrypoint.…"   4 seconds ago   Up 3 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp   nginx3
[root@docker1 ~]# curl -I 192.168.99.138:8080
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Fri, 17 May 2024 07:47:35 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 16 Apr 2024 14:29:59 GMT
Connection: keep-alive
ETag: "661e8b67-267"
Accept-Ranges: bytes[root@docker1 ~]#
[root@docker1 ~]# curl -I 192.168.122.1:8080
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Fri, 17 May 2024 07:48:57 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 16 Apr 2024 14:29:59 GMT
Connection: keep-alive
ETag: "661e8b67-267"
Accept-Ranges: bytes[root@docker1 ~]#
[root@docker1 ~]# ss -antpul | grep 8080
tcp   LISTEN 0      128           0.0.0.0:8080       0.0.0.0:*    users:(("docker-proxy",pid=61079,fd=4))
tcp   LISTEN 0      128              [::]:8080          [::]:*    users:(("docker-proxy",pid=61085,fd=4))
[root@docker1 ~]#可以只映射到宿主機指定ip的80端口：
[root@docker1 ~]# docker stop nginx3 
nginx3
[root@docker1 ~]# docker rm nginx3 
nginx3
[root@docker1 ~]# docker run -d --name nginx4 -p 192.168.99.138:8080:80 nginx
e5a62599706c1e7634ca763394340aa34f9436d3caeece143025524898f40607
[root@docker1 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                         NAMES
e5a62599706c   nginx     "/docker-entrypoint.…"   5 seconds ago   Up 4 seconds   192.168.99.138:8080->80/tcp   nginx4
[root@docker1 ~]# ss -antpul | grep 8080
tcp   LISTEN 0      128    192.168.99.138:8080       0.0.0.0:*    users:(("docker-proxy",pid=61383,fd=4))
[root@docker1 ~]#[root@docker1 ~]# curl -I 192.168.122.1:8080
curl: (7) Failed to connect to 192.168.122.1 port 8080: Connection refused
[root@docker1 ~]# curl -I 192.168.122.1:8080
curl: (7) Failed to connect to 192.168.122.1 port 8080: Connection refused
[root@docker1 ~]# curl -I 192.168.99.138:8080
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Fri, 17 May 2024 07:50:46 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 16 Apr 2024 14:29:59 GMT
Connection: keep-alive
ETag: "661e8b67-267"
Accept-Ranges: bytes[root@docker1 ~]#-P：隨機映射，前提是容器已經定義了需要暴露的端口
[root@docker1 ~]# docker stop nginx4
nginx4
[root@docker1 ~]# docker rm nginx4
nginx4
[root@docker1 ~]# docker run -d --name nginx5 -P nginx
60ca1a4b8ffca7328e5bf0dcf84a5b86829c68f2ba970d2a6281a796624cbbd8
[root@docker1 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                                     NAMES
60ca1a4b8ffc   nginx     "/docker-entrypoint.…"   4 seconds ago   Up 3 seconds   0.0.0.0:32768->80/tcp, :::32768->80/tcp   nginx5
[root@docker1 ~]#
[root@docker1 ~]# curl -I 192.168.99.138:32768
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Fri, 17 May 2024 07:53:22 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 16 Apr 2024 14:29:59 GMT
Connection: keep-alive
ETag: "661e8b67-267"
Accept-Ranges: bytes[root@docker1 ~]#

查看容器要暴露的端口：

[root@docker1 ~]# docker inspect nginx5 | grep -A 5  ExposedPorts"ExposedPorts": {"80/tcp": {}},"Tty": false,"OpenStdin": false,"StdinOnce": false,
[root@docker1 ~]#

查看鏡像定義的暴露端口：

[root@docker1 ~]# docker inspect nginx:latest | grep -A 5  ExposedPorts"ExposedPorts": {"80/tcp": {}},"Tty": false,"OpenStdin": false,"StdinOnce": false,
[root@docker1 ~]#

[root@docker1 ~]# docker stop nginx5 
nginx5
[root@docker1 ~]# docker rm nginx5 
nginx5
[root@docker1 ~]#
[root@docker1 ~]# docker run -d --name nginx6 -p 80:80 nginx
e31bc64cd4958b83394565d0fa269a00c33f59c3728a3eda1b70cf9e93452c9c
[root@docker1 ~]# docker exec -it nginx6 bash
root@e31bc64cd495:/# echo nginx-test > /usr/share/nginx/html/test.html
root@e31bc64cd495:/# exit
exit
[root@docker1 ~]#[root@docker1 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
e31bc64cd495   nginx     "/docker-entrypoint.…"   39 seconds ago   Up 38 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   nginx6
[root@docker1 ~]# docker commit --message "add test.html" nginx6 nginx-test:v1
sha256:cb4960a17a3342101dd984daa6facba546c8c3952e94ac807f2f2ff4dc6de50d
[root@docker1 ~]# docker image ls nginx-test:v1
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
nginx-test   v1        cb4960a17a33   8 seconds ago   188MB
[root@docker1 ~]#[root@docker1 ~]# docker image ls | grep nginx
nginx-test    v1        cb4960a17a33   44 seconds ago   188MB
nginx         latest    e784f4560448   13 days ago      188MB
[root@docker1 ~]#
[root@docker1 ~]# curl 192.168.99.138/test.html
nginx-test
[root@docker1 ~]#
[root@docker1 ~]# docker stop nginx6;docker rm nginx6
nginx6
nginx6
[root@docker1 ~]# docker run -d --name nginx7 -p 80:80 nginx-test:v1
11e90accf1772d7516f80a418ae5f53104c8819c8e2878831c970e10b0fa403e
[root@docker1 ~]# curl 192.168.99.138/test.html
nginx-test
[root@docker1 ~]#[root@docker1 ~]# docker stop nginx7 
nginx7
[root@docker1 ~]# docker rm nginx7 
nginx7
[root@docker1 ~]# docker image rm nginx-test:v1 
Untagged: nginx-test:v1
Deleted: sha256:cb4960a17a3342101dd984daa6facba546c8c3952e94ac807f2f2ff4dc6de50d
Deleted: sha256:b07365485892d137124c53286c7dd4a6464da9f187e4300110fcf2f863324056
[root@docker1 ~]# 有些層被nginx：latest鏡像使用，沒有刪除

Docker export和docker commit的區別：

Docker export：Export a container's filesystem as a tar archive?保存文件系統快照

Docker commit：Create a new image from a container's changes?根據變更生成新鏡像

Commit會保留元數據、運行時狀態等內容：

[root@docker1 ~]# ?docker run ubuntu:18.04 /bin/sh -c "while true; do echo hello world; sleep 1; done"

此終端保留

另起一個終端：

[root@docker1 ~]# docker export vibrant_turing > test_export.tar
[root@docker1 ~]# docker commit --message "use while" vibrant_turing test_commit:v1
sha256:766f22a748b9102411744a377fa0f5c6b6c284756a40e984e41e700dfb0fffce
[root@docker1 ~]#[root@docker1 ~]# docker stop vibrant_turing 
vibrant_turing
[root@docker1 ~]# docker rm vibrant_turing 
vibrant_turing
[root@docker1 ~]#[root@docker1 ~]# cat test_export.tar | docker import - test_export:v1
sha256:de19b4e7f444c5495b9ae713664142a617b725e19ec58cf070a5ffa951c8b295
[root@docker1 ~]# [root@docker1 ~]# docker image ls | grep test_
test_export   v1        de19b4e7f444   17 seconds ago       63.2MB
test_commit   v1        766f22a748b9   About a minute ago   63.2MB
[root@docker1 ~]#
[root@docker1 ~]# docker history ubuntu:18.04 
IMAGE          CREATED         CREATED BY                                      SIZE      COMMENT
f9a80a55f492   11 months ago   /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B        
<missing>      11 months ago   /bin/sh -c #(nop) ADD file:3c74e7e08cbf9a876…   63.2MB    
<missing>      11 months ago   /bin/sh -c #(nop)  LABEL org.opencontainers.…   0B        
<missing>      11 months ago   /bin/sh -c #(nop)  LABEL org.opencontainers.…   0B        
<missing>      11 months ago   /bin/sh -c #(nop)  ARG LAUNCHPAD_BUILD_ARCH     0B        
<missing>      11 months ago   /bin/sh -c #(nop)  ARG RELEASE                  0B        
[root@docker1 ~]#[root@docker1 ~]# docker history test_commit:v1 
IMAGE          CREATED         CREATED BY                                      SIZE      COMMENT
766f22a748b9   2 minutes ago   /bin/sh -c while true; do echo hello world; …   0B        use while
f9a80a55f492   11 months ago   /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B        
<missing>      11 months ago   /bin/sh -c #(nop) ADD file:3c74e7e08cbf9a876…   63.2MB    
<missing>      11 months ago   /bin/sh -c #(nop)  LABEL org.opencontainers.…   0B        
<missing>      11 months ago   /bin/sh -c #(nop)  LABEL org.opencontainers.…   0B        
<missing>      11 months ago   /bin/sh -c #(nop)  ARG LAUNCHPAD_BUILD_ARCH     0B        
<missing>      11 months ago   /bin/sh -c #(nop)  ARG RELEASE                  0B        
[root@docker1 ~]#[root@docker1 ~]# docker history test_export:v1 （沒有歷史元數據）
IMAGE          CREATED         CREATED BY   SIZE      COMMENT
de19b4e7f444   2 minutes ago                63.2MB    Imported from -
[root@docker1 ~]#[root@docker1 ~]# docker run test_export:v1（沒有保存程序運行的狀態）
docker: Error response from daemon: no command specified.
See 'docker run --help'.
[root@docker1 ~]# docker run test_export:v1 cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.2	328c0312c571
[root@docker1 ~]#
[root@docker1 ~]# docker ps -a
CONTAINER ID   IMAGE            COMMAND            CREATED          STATUS                      PORTS     NAMES
328c0312c571   test_export:v1   "cat /etc/hosts"   39 seconds ago   Exited (0) 38 seconds ago             hopeful_jemison
[root@docker1 ~]# docker rm hopeful_jemison 
hopeful_jemison
[root@docker1 ~]#[root@docker1 ~]# docker run test_commit:v1 （保留了程序的運行狀態）
hello world
hello world
…….
[root@docker1 ~]# docker stop recursing_thompson
recursing_thompson
[root@docker1 ~]# docker rm recursing_thompson
recursing_thompson
[root@docker1 ~]#[root@docker1 ~]# docker rmi test_export:v1 test_commit:v1 
Untagged: test_export:v1
Deleted: sha256:de19b4e7f444c5495b9ae713664142a617b725e19ec58cf070a5ffa951c8b295
Deleted: sha256:52c27cd07f847f4a06c176cb00ac51e6459d9d8b557136320ad12111093a2a6c
Untagged: test_commit:v1
Deleted: sha256:766f22a748b9102411744a377fa0f5c6b6c284756a40e984e41e700dfb0fffce
[root@docker1 ~]#

使用 Dockerfile 定制鏡像：

Dockerfile 是一個文本文件，其內包含了一條條的指令(Instruction)，每一條指令構建一層，因此每一條指令的內容，就是描述該層應當如何構建。

使用dockerfile構建nginx鏡像：

[root@docker1 ~]# mkdir /nginxdir
[root@docker1 ~]# cd /nginxdir
[root@docker1 nginxdir]# touch Dockerfile
[root@docker1 nginxdir]# vim Dockerfile
[root@docker1 nginxdir]# cat Dockerfile
FROM nginx:latest
RUN echo '<h1>Hello, Docker!</h1>' > /usr/share/nginx/html/index.html
[root@docker1 nginxdir]#

注：

Dockerfile 中每一個指令都會建立一層

Union FS 是有最大層數限制的，比如 AUFS，曾經是最大不得超過 42 層，現在是不得超過 127 層。

執行構建：

docker build [選項] <上下文路徑/URL/->

下面命令中：.(點) 代表上下文路徑
[root@docker1 nginxdir]# docker build -t nginx:v1 .
[+] Building 0.7s (6/6) FINISHED                                            docker:default=> [internal] load build definition from Dockerfile                                  0.0s=> => transferring dockerfile: 182B                                                  0.0s=> [internal] load metadata for docker.io/library/nginx:latest                       0.0s=> [internal] load .dockerignore                                                     0.0s=> => transferring context: 2B                                                       0.0s=> [1/2] FROM docker.io/library/nginx:latest                                         0.0s=> [2/2] RUN echo '<h1>Hello, Docker!</h1>' > /usr/share/nginx/html/index.html       0.5s=> exporting to image                                                                0.0s=> => exporting layers                                                               0.0s=> => writing image sha256:45619c5922baedbe007f2e632c592db9ffd2c6f4b8ea41608ee9e29a  0.0s=> => naming to docker.io/library/nginx:v1                                           0.0s
[root@docker1 nginxdir]#

[root@docker1 nginxdir]# docker image ls | grep nginx
nginx         v1        45619c5922ba   2 minutes ago   188MB
nginx         latest    e784f4560448   13 days ago     188MB
[root@docker1 nginxdir]# docker history nginx:v1
[root@docker1 nginxdir]# docker run -d -p 80:80 nginx:v1
ef8dd71f77eddded5e5b35ed698ba3b469c65c707998f89e5fe9ce7dddc86c9a
[root@docker1 nginxdir]# curl 192.168.99.138
<h1>Hello, Docker!</h1>
[root@docker1 nginxdir]# docker stop brave_kapitsa 
brave_kapitsa
[root@docker1 nginxdir]# docker rm brave_kapitsa 
brave_kapitsa
[root@docker1 nginxdir]#

COPY：復制

格式：

????COPY [--chown=<user>:<group>] <源路徑>... <目標路徑>

COPY [--chown=<user>:<group>] ["<源路徑1>",... "<目標路徑>"]

參考：COPY 復制文件 | Docker 從入門到實踐https://vuepress.mirror.docker-practice.com/image/dockerfile/copy/

添加兩個頁面到nginx容器中：

[root@docker1 nginxdir]# cat Dockerfile
FROM nginx:v1
COPY test*.html /usr/share/nginx/html/
[root@docker1 nginxdir]#
[root@docker1 nginxdir]# echo test2 > test2.html
[root@docker1 nginxdir]# echo test3 > test3.html
[root@docker1 nginxdir]# ls
Dockerfile  test2.html  test3.html
[root@docker1 nginxdir]#
[root@docker1 nginxdir]# docker build -t nginx:v2 . 輸出略

注：如果dockerfile文件名不是Dockerfile，是其他名字，需用-f選項指定

如：docker build -f dfile -t nginx:v2

驗證：

[root@docker1 nginxdir]# docker run -d --name nginxv2 --rm -p 80:80 nginx:v2
41f46e9bf3c86f63bd7edf22c6dc3a04d139bba8bc626593edf310fe0865da62
[root@docker1 nginxdir]# curl 192.168.99.138
<h1>Hello, Docker!</h1>
[root@docker1 nginxdir]# curl 192.168.99.138/test2.html
test2
[root@docker1 nginxdir]# curl 192.168.99.138/test3.html
test3
[root@docker1 nginxdir]# docker stop nginxv2 
nginxv2
[root@docker1 nginxdir]# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@docker1 nginxdir]#

Sed的替換命令：

[root@docker1 ~]# cat test.txt
book
booka
bookb
bookc
aabb
[root@docker1 ~]#
[root@docker1 ~]# sed 's/book/books/' test.txt（沒有真正的修改文件內容）
books
booksa
booksb
booksc
aabb
[root@docker1 ~]#-n選項和p命令一起使用表示只打印那些發生替換的行：
[root@docker1 ~]# sed -n 's/book/books/p' test.txt （沒有真正的修改文件內容）
books
booksa
booksb
booksc
[root@docker1 ~]#[root@docker1 ~]# sed -i 's/book/books/' test.txt（-i：真正修改文件）
[root@docker1 ~]# cat test.txt
books
booksa
booksb
booksc
aabb
[root@docker1 ~]#可以使用正則表達式：
[root@docker1 ~]# sed -n 's/^a.*/bbaa/p' test.txt;
bbaa
[root@docker1 ~]#/可以換成其他字符，和命令中的其他符號不沖突即可：
[root@docker1 ~]# sed -n 's,^a.*,books,p' test.txt
books
[root@docker1 ~]# sed -n 's;^a.*;books;p' test.txt
books
[root@docker1 ~]#Sed根據正則表達式打印指定的行：
[root@docker1 ~]# vim test-nginx.conf （nginx配置文件的副本）
[root@docker1 ~]# sed -n '/root/p' test-nginx.confroot         /usr/share/nginx/html;
#        root         /usr/share/nginx/html;
[root@docker1 ~]#[root@docker1 ~]# sed -n '/^#.*root.*/p' test-nginx.conf
#        root         /usr/share/nginx/html;
[root@docker1 ~]#
[root@docker1 ~]# sed -n '/^ .*root.*/p' test-nginx.confroot         /usr/share/nginx/html;
[root@docker1 ~]#[root@docker1 ~]# sed -n 's,^ .*root.*$,        root /webdir;,p' test-nginx.confroot /webdir;
[root@docker1 ~]#

實驗1，使用Dockerfile構建鏡像:

在docker1：

基于nginx的基礎鏡像，修改網站根目錄為/webdir

使用RUN命令修改主頁index.html的內容為index

使用COPY命令添加頁面page1.html和page2.html，內容分別為page1和page2

構建鏡像名為nginx-test:v1，構建完鏡像后，將鏡像發送到docker2

在docker2：

導入鏡像，并運行容器，將nginx的80端口映射到docker2的82端口

設置防火墻默認區域為public

驗證效果：

在docker1：

Curl docker2ip:82--------index

Curl docker2ip:82/page1.html--------page1

Curl docker2ip:82/page2.html--------index2

[root@docker1 ~]# mkdir /webdir/
[root@docker1 ~]# echo page1 > /webdir/page1.html
[root@docker1 ~]# echo page2 > /webdir/page2.html
[root@docker1 ~]# vim /webdir/Dockerfile
[root@docker1 webdir]# cat Dockerfile 
FROM nginx:latest
RUN sed -i 's,^     .*root.*$,        root /webdir;,' /etc/nginx/conf.d/default.conf && mkdir /webdir && echo index > /webdir/index.html
COPY *.html /webdir
[root@docker1 webdir]#
[root@docker1 webdir]# docker build -t nginx-test:v1 .
[root@docker1 webdir]# docker image ls nginx-test
REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
nginx-test   v1        6adced280b20   22 seconds ago   188MB
[root@docker1 webdir]#
[root@docker1 webdir]# docker run -d --name nginx-test1 --rm -p82:80 nginx-test:v1 
056ea76311defbdc06cc75a821f86c62224fc9cb4fbc3358c5f21dfe0d9114db
[root@docker1 webdir]# curl 127.0.0.1:82
index
[root@docker1 webdir]# curl 127.0.0.1:82/page1.html
page1
[root@docker1 webdir]# curl 127.0.0.1:82/page2.html
page2
[root@docker1 webdir]#

實驗2使用scratch空白鏡像創建一個鏡像，并運行出容器，能查看執行命令的輸出即可（+5/-0）

制作鏡像時，可以將容器內的default.conf先復制出來，修改后使用COPY復制到容器指定位置，替換原來的配置文件

空白鏡像：FROM scratch
[root@docker1 ~]# mkdir /hello-c
[root@docker1 ~]# cd /hello-c
[root@docker1 hello-c]# vim hello.c
[root@docker1 hello-c]# cat hello.c 
#include<stdio.h> 
int main(void)
{printf ("Hello world!\n");                 return 0;
}
[root@docker1 hello-c]# [root@docker1 hello-c]# yum -y install gcc gcc-c++ 安裝編譯工具
[root@docker1 hello-c]# gcc hello.c -o hello
[root@docker1 hello-c]# ls
hello  hello.c
[root@docker1 hello-c]#
[root@docker1 hello-c]# ./hello 
Hello world!
[root@docker1 hello-c]#

實驗3

以centos的鏡像為基礎鏡像，在其中安裝httpd，添加apache的用戶和組（如果沒有的話）

同時在dockerfile中暴露80端口,編寫index.html和page1.html拷貝至容器網站根目錄

安裝后編寫ep.sh作為entrypoint要執行的腳本：參照redis編寫

如果第一個參數是apache,則將所有的httpd相關的文件屬主修改為apache

可修改/etc/httpd目錄和/var/www/html目錄下的所有文件的屬主為apache

如果第一個參數是httpd，則運行httpd -D FOREGROUND啟動httpd服務，如果第一個參數不是httpd，則將參數作為命令執行

[root@docker1 custom_httpd]# echo index > index.html
[root@docker1 custom_httpd]# echo page1 > page1.html
[root@docker1 ~]# mkdir /custom_httpd
[root@docker1 ~]# cd /custom_httpd
[root@docker1 custom_httpd]# cat ep.sh 
#! /bin/bash
if [ "$1" = 'httpd' ]; thenchown -R apache /etc/httpdchown -R apache /var/www/htmlhttpd -D FOREGROUNDfi
$@[root@docker1 custom_httpd]#
[root@docker1 custom_httpd]# chmod +x ep.sh
[root@docker1 custom_httpd]# cat Dockerfile 
FROM centos
RUN rm -rf /etc/yum.repos.d/* \&& curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo \&& yum -y install httpd \&& yum clean all
COPY ep.sh /
COPY *.html /var/www/html
EXPOSE 80
ENTRYPOINT ["/ep.sh"]
CMD ["httpd"][root@docker1 custom_httpd]#
[root@docker1 custom_httpd]# docker build -t myhttpd:v1 .[root@docker1 custom_httpd]# docker run --rm myhttpd:v1 id
uid=0(root) gid=0(root) groups=0(root)
[root@docker1 custom_httpd]# docker run -d --rm myhttpd:v1 httpd
f31efccb26405f73aaa0cc6ad6e6729947bc52b12e0a7dadc6df25128b9e25d8
[root@docker1 custom_httpd]# docker ps -a
CONTAINER ID   IMAGE        COMMAND          CREATED         STATUS         PORTS     NAMES
f31efccb2640   myhttpd:v1   "/ep.sh httpd"   3 seconds ago   Up 2 seconds   80/tcp    exciting_williams
[root@docker1 custom_httpd]#
[root@docker1 custom_httpd]# curl 172.17.0.2
index
[root@docker1 custom_httpd]# curl 172.17.0.2/page1.html
page1
[root@docker1 custom_httpd]# docker stop exciting_williams 
exciting_williams
[root@docker1 custom_httpd]#（
如果頁面在容器生成，可修改Dockerfile如下：盡可能的減少層數
[root@docker1 custom_httpd]# cat Dockerfile
FROM centos
RUN rm -rf /etc/yum.repos.d/* \&& curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo \&& yum -y install httpd \&& yum clean all \&& echo index > /var/www/html/index.html \&& echo page1 > /var/www/html/page1.html 
COPY ep.sh /
EXPOSE 80
ENTRYPOINT ["/ep.sh"]
CMD ["httpd"][root@docker1 custom_httpd]# 
[root@docker1 custom_httpd]#
[root@docker1 custom_httpd]# docker build -t myhttpd:v1 .[root@docker1 custom_httpd]# docker run --rm myhttpd:v1 id
uid=0(root) gid=0(root) groups=0(root)
[root@docker1 custom_httpd]# docker run -d --rm myhttpd:v1 httpd
f31efccb26405f73aaa0cc6ad6e6729947bc52b12e0a7dadc6df25128b9e25d8
[root@docker1 custom_httpd]# docker ps -a
CONTAINER ID   IMAGE        COMMAND          CREATED         STATUS         PORTS     NAMES
f31efccb2640   myhttpd:v1   "/ep.sh httpd"   3 seconds ago   Up 2 seconds   80/tcp    exciting_williams
[root@docker1 custom_httpd]#
[root@docker1 custom_httpd]# curl 172.17.0.2
index
[root@docker1 custom_httpd]# curl 172.17.0.2/page1.html
page1
[root@docker1 custom_httpd]# docker stop exciting_williams 
exciting_williams
[root@docker1 custom_httpd]#（
如果頁面在容器生成，可修改Dockerfile如下：盡可能的減少層數
[root@docker1 custom_httpd]# cat Dockerfile
FROM centos
RUN rm -rf /etc/yum.repos.d/* \&& curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo \&& yum -y install httpd \&& yum clean all \&& echo index > /var/www/html/index.html \&& echo page1 > /var/www/html/page1.html 
COPY ep.sh /
EXPOSE 80
ENTRYPOINT ["/ep.sh"]
CMD ["httpd"][root@docker1 custom_httpd]#