1、容器技术
1、安装docker
1.1 准备软件仓库
# 准备软件仓库
[root@rocky ~]# cat /etc/yum.repos.d/Rocky.repo
[BaseOS]
name=BaseOS
baseurl=https://mirrors.aliyun.com/rockylinux/9.2/BaseOS/x86_64/os/
gpgcheck=0
enabled=1
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/rockylinux/9.2/AppStream/x86_64/os/
gpgcheck=0
enabled=1
[HighAvailability]
name=HighAvailability
baseurl=https://mirrors.aliyun.com/rockylinux/9.2/HighAvailability/x86_64/os/
gpgcheck=0
enabled=1
[EPEL]
name=EPEL
baseurl=https://mirrors.aliyun.com/epel/9/Everything/x86_64/
gpgcheck=0
enabled=1
1.2 安装docker
安装docker,本次实验使用Rocky9作为基础,故默认安装软件为podman-docker
yum -y install docker
查看docker版本
[root@rocky ~]# podman -v
podman version 4.4.1
2、镜像管理
2.1 查找镜像
docker search 镜像名
[root@rocky ~]# docker search rockylinux
2.2 拉取镜像
docker pull 镜像
[root@rocky ~]# docker pull docker.io/library/rockylinux:9
2.3 列出镜像
docker image ls/list
[root@rocky ~]# docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/dokken/rockylinux-8 latest 652a653ce2a1 15 hours ago 377 MB
docker.io/library/rockylinux 8 4e97feadb276 4 days ago 204 MB
docker.io/library/rockylinux 9 eeea865f4111 4 days ago 181 MB
docker.io/library/nginx latest f9c14fe76d50 6 days ago 147 MB
docker.io/library/ubuntu latest 3b418d7b466a 5 weeks ago 80.3 MB
docker.io/library/centos latest 5d0da3dc9764 20 months ago 239 MB
2.4 给镜像打标签
docker tag 镜像:tag 镜像:新tag
[root@rocky ~]# docker tag docker.io/library/rockylinux:8 docker.io/library/rockylinux:rocky8
2.5 删除镜像
docker rmi 镜像名/镜像ID
[root@rocky ~]# docker rmi docker.io/library/rockylinux:rocky8
Untagged: docker.io/library/rockylinux:rocky8
2.6 导出镜像
docker save 镜像名/镜像ID > 文件
[root@rocky ~]# docker save docker.io/library/rockylinux:9 > rocky9.tar
2.7 导入镜像
docker load -i 镜像文件
# 删除镜像
[root@rocky ~]# docker rmi docker.io/library/rockylinux:9
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Untagged: docker.io/library/rockylinux:9
Deleted: eeea865f4111bd48e16801554f44adf2db2fa4cb87a98ff7470d6de6be49fc15
# 导入镜像
[root@rocky ~]# podman load -i rocky9.tar
Getting image source signatures
Copying blob bb25ee446163 done
Copying config eeea865f41 done
Writing manifest to image destination
Storing signatures
Loaded image: docker.io/library/rockylinux:9
3、容器管理
3.1 查看容器
[root@rocky ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3.2 创建容器
创建一个名为rocky8的容器
[root@rocky ~]# docker run --name rocky8 docker.io/library/rockylinux:8
创建一个长时间运行容器
[root@rocky ~]# docker run -it --name rocky9 docker.io/library/rockylinux:9 bash
[root@f568df922041 /]#
创建后台运行的容器
[root@rocky ~]# docker run -itd --name rocky9 docker.io/library/rockylinux:9 bash
3.4 关闭、启动、重启容器
docker stop 容器名
[root@rocky ~]# docker stop rocky9
[root@rocky ~]# docker start rocky9
[root@rocky ~]# docker restart rocky9
3.5 进入容器
docker exec -it 容器名 bash
[root@rocky ~]# docker exec -it rocky9 bash
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
[root@b937013685ae /]#
# 不建议这种方式进入容器!!!
[root@rocky ~]# podman attach rocky9
3.6 删除容器
删除容器之前必须要停止容器,不然会报错
[root@rocky ~]# docker stop rocky9
[root@rocky ~]# docker rm rocky9
[root@rocky ~]# docker rm rocky8
3.7 始终运行容器
增加一个选项--restart=always
[root@rocky ~]# docker run -itd --restart=always --name rocky9 docker.io/library/rockylinux:9 bash
6b4448bcf070fdf3ccd5f1e5507b9a167ce3f08fd91c8a73f67a024e8930a04a
3.8 强制删除正在运行容器
docker rm -f 容器名/容器ID
[root@rocky ~]# docker rm -f 6b4448bcf070
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
6b4448bcf070
3.9 创建临时容器
临时容器:退出容器后自动删除
[root@rocky ~]# docker run -it --rm --name rocky9 docker.io/library/rockylinux:9 bash
[root@577ec59fe199 /]# exit
exit
[root@rocky ~]# docker ps -a
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3.10 指定容器运行命令
docker run -it --name XX 容器名 [命令]
[root@rocky ~]# docker run -it --rm --name rocky9 docker.io/library/rockylinux:9 sleep 3
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
3.11 创建容器使用变量
加入-e参数指定变量
[root@rocky ~]# docker run -it -e var1=10 -e var2=20 --rm --name rocky9 docker.io/library/rockylinux:9 bash
[root@8b08438f1eaa /]# echo $var1
10
[root@8b08438f1eaa /]# echo $var2
20
3.12 容器端口映射
# 默认端口随机映射,指定端口映射
# 启动nginx
docker pull nginx
docker run -d --name web-nginx --restart always -p 80:80 nginx
# 类似启动httpd
docker pull httpd
docker run -d --name web-apache --restart always -p 80:80 httpd
3.13 创建Mysql容器
# 拉取mysql容器
docker pull mysql
# 初始化密码root,初始化数据库mmx
docker run -d --name mysql-db --restart=always -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=mmx mysql
# 安装Mariadb客户端
yum -y install mariadb
# 查看容器地址
docker inspect mysql-db | grep -i ipaddress
#=======================================#
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
"IPAddress": "10.88.0.26",
"IPAddress": "10.88.0.26",
#=======================================#
# 登陆mysql
[root@rocky ~]# mysql -uroot -proot -h10.88.0.26
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.33 MySQL Community Server - GPL
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mmx |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.003 sec)
3.14 主机文件复制到容器
# docker cp 文件路径 容器名:/容器路径
docker cp /etc/hosts mysql-db:/opt
# 测试
[root@rocky ~]# docker cp /etc/hosts mysql-db:/opt/
[root@rocky ~]# docker exec mysql-db ls /opt/
hosts
3.15 容器文件复制到主机
# docker cp 容器名:/容器路径 文件路径
docker cp mysql-db:/opt/hosts hosts
# 测试
[root@rocky ~]# docker cp mysql-db:/opt/hosts hosts
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
[root@rocky ~]# ls
anaconda-ks.cfg hosts rocky9.tar
3.16 查看容器属性
docker inspect 容器名
[root@rocky ~]# docker inspect mysql-db
3.17 数据卷使用
持久化保存容器数据
[root@rocky ~]# ls
anaconda-ks.cfg hosts rocky9.tar
[root@rocky ~]# mkdir data
[root@rocky ~]# mv rocky9.tar data/
[root@rocky ~]# docker run -itd --name rocky --restart=always -v data rockylinux:9
b06278f30ba62a18c2e3db191f1735ca480f35c4ab96ea8d3f195ff94a468fce
# 复制一份数据到/root/data
[root@rocky ~]# docker cp /etc/hosts rocky:/root/data
# 验证配置文件
[root@rocky ~]# podman inspect rocky | grep -i mount -A 5
...
"Source": "/var/lib/containers/storage/volumes/4c797404ac05854373949a7119bee85bf370652a49b0bcda7b7eac356c9b50ad/_data",
"Destination": "/root/data/",
# 在主机中可以找到
[root@rocky data]# cd /var/lib/containers/storage/volumes/4c797404ac05854373949a7119bee85bf370652a49b0bcda7b7eac356c9b50ad/_data/
[root@rocky _data]# ls
hosts
[root@rocky _data]# cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
...
# 验证挂载
[root@rocky ~]# docker exec rocky ls ~/data/
[root@rocky ~]# docker exec rocky bash
[root@rocky ~]# ls
anaconda-ks.cfg data hosts
[root@rocky ~]# cd data/
[root@rocky data]# ls
rocky9.tar
3.18 指定目录挂载数据卷
[root@rocky ~]# docker run -itd --name rocky2 --restart=always -v ./data:/root/data:rw rockylinux:9
# 验证
[root@rocky ~]# podman inspect rocky2 | grep -i mount -A 5
"MountLabel": "system_u:object_r:container_file_t:s0:c788,c826",
"ProcessLabel": "system_u:system_r:container_t:s0:c788,c826",
"AppArmorProfile": "",
"EffectiveCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
--
"Mounts": [
{
"Type": "bind",
"Source": "/root/data",
"Destination": "/root/data",
"Driver": "",
# 拷贝文件进入目录
[root@rocky ~]# docker cp /etc/hosts rocky:/root/data
# 查看目录
[root@rocky ~]# ls data/
hello.txt hosts rocky9.tar
3.19 卷挂载权限问题
权限 | 表示 |
读写 | rw |
只读 | ro |
# 可读写
docker run -itd --name rocky2 --restart=always -v ./data:/root/data:rw rockylinux:9
# 只读
docker run -itd --name rocky2 --restart=always -v ./data:/root/data:ro rockylinux:9
3.20 卷挂载无法访问问题
# 注意,SELinux未关闭的情况下,需要手动指定SELinux,此时就能正确查看目录
[root@rocky ~]# chcon -t container_file_t data/
[root@rocky ~]# ls -ldZ data/
drw-r--r--. 2 root root unconfined_u:object_r:container_file_t:s0 54 6月 1 01:18 data/
[root@rocky ~]# docker exec rocky2 ls /root/data
hello.txt
hosts
rocky9.tar
# 临时指定 SELinux 上下文
chcon -R -t <TYPE>:<ROLE>:<USER> /path/to/directory
# 永久指定 SELinux 上下文
semanage fcontext -a -t <TYPE>:<ROLE>:<USER> /path/to/directory
restorecon -R /path/to/directory
4、 docker网络
4.1 查看默认网络
[root@rocky ~]# podman network ls
NETWORK ID NAME DRIVER
2f259bab93aa podman bridge
4.2 查看默认网络详细信息
[root@rocky ~]# podman network inspect 2f259bab93aa
[
{
"name": "podman",
"id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9",
"driver": "bridge",
"network_interface": "podman0",
"created": "2023-06-01T01:40:09.916525151+08:00",
"subnets": [
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
}
]
4.3 创建新的docker网络
[root@rocky ~]# podman network create -d bridge --subnet 10.0.0.0/24 mynet
mynet
# 验证
[root@rocky ~]# podman network ls
NETWORK ID NAME DRIVER
190cafd3b01c mynet bridge
2f259bab93aa podman bridge
[root@rocky ~]# podman network inspect 190cafd3b01c
[
{
"name": "mynet",
"id": "190cafd3b01c4db9105ffabed3def2b4141bcc77ff746fabc7793dd713df9378",
"driver": "bridge",
"network_interface": "podman1",
"created": "2023-06-01T01:41:28.750774771+08:00",
"subnets": [
{
"subnet": "10.0.0.0/24",
"gateway": "10.0.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}
]
4.4 删除docker网络
[root@rocky ~]# podman network rm mynet
mynet
4.5 创建新容器连接到新建网络
# 创建网络
[root@rocky ~]# podman network create -d bridge --subnet 10.0.0.0/24 mynet
mynet
# 创建容器,使用mynet网络
[root@rocky ~]# docker run --net=mynet -it --name rocky-mynet --restart=always rockylinux:9
# 验证是否已经是10.0.0.0/24网段网络
[root@rocky ~]# podman inspect rocky-mynet | grep -i ipaddress
"IPAddress": "",
"IPAddress": "10.0.0.2",
5、容器互联
WordPress是使用PHP语言开发的博客平台,可以通过与Mysql数据库建立连接搭建自己的博客平台
5.1 查看Mysql数据网络地址
# 查看Mysql数据网络地址
[root@rocky ~]# podman inspect mysql-db | grep -i ipaddress
"IPAddress": "10.88.0.26",
"IPAddress": "10.88.0.26",
5.2 拉取WordPress镜像
# 拉取WordPress镜像
docker pull wordpress
5.3 创建容器
# 创建WordPress容器,公开其端口以接受服务请求
docker run -itd --name blog --restart=always \
-e WORDPRESS_DB_HOST=10.88.0.26 \
-e WORDPRESS_DB_USER=root \
-e WORDPRESS_DB_PASSWORD=root \
-e WORDPRESS_DB_NAME=mmx \
-p 80:80 wordpress