一 安装部署
配置软件仓库并安装docker-ce
bash
#利用阿里云部署软件仓库
[root@docker-node1 ~]# cat > /etc/yum.repos.d/docker.repo << EOF
[docker1]
name = docker
baseurl = https://mirrors.aliyun.com/docker-ce/linux/rhel/9.6/x86_64/stable/
gpgcheck = 0
EOF
[root@docker-node1 ~]# dnf makecache
刷新本地的 YUM/DNF 软件源缓存,让系统知道最新的软件列表。
[root@docker-node1 ~]# dnf search docker
[root@docker-node1 ~]# dnf install docker-ce -y
[root@docker-node1 ~]# vim /lib/systemd/system/docker.service
15 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=true
--iptables=true 是强制让 Docker 管理防火墙规则,解决容器无法上网、端口映射失败的问题。
开机自动加载 br_netfilter 内核模块
[root@docker10 yum.repos.d]# echo br_netfilter > /etc/modules-load.d/docker_mod.conf
立即加载模块(不用重启)
[root@docker10 yum.repos.d]# modprobe -a br_netfilter
让系统「立即、永久」加载所有目录下的内核参数配置文件,不用重启服务器就能生效。
[root@docker10 yum.repos.d]# sysctl --system
[root@docker10 yum.repos.d]#
[root@docker10 yum.repos.d]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@docker10 yum.repos.d]# 二.docker常用命令
bash
[root@docker10 ~]# ls
anaconda-ks.cfg busy-latest.tar game2048-latest.tar mario-latest.tar nginx-1.26.tar
[root@docker10 ~]# docker load -i game2048-latest.tar
Loaded image: timinglee/game2048:latest
[root@docker10 ~]# docker load -i busy-latest.tar
docker load -i mario-latest.tar
docker load -i nginx-1.26.tar
Loaded image: busybox:latest
Loaded image: timinglee/mario:latest
Loaded image: nginx:1.26
[root@docker10 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox:latest b3255e7dfbcd 6.7MB 2.22MB
nginx:1.26 41b194461e4b 279MB 75.2MB
timinglee/game2048:latest 8a34fb9cb168 77.2MB 17.8MB
timinglee/mario:latest 7758988210df 298MB 73.7MB
#将外部的端口80映射到容器的8080
[root@docker10 ~]# docker run -d -p 80:80 timinglee/game2048:latest
d333e906c948ed6c920c7ba17143d239eda490aea13e5e0b32731a01c1a7e1d5
[root@docker10 ~]#
#查看容器的端口信息
[root@docker10 ~]# docker history timinglee/mario:latest
IMAGE CREATED CREATED BY SIZE COMMENT
7758988210df 10 years ago /bin/sh -c #(nop) CMD ["python3" "-m" "http.... 0B
<missing> 10 years ago /bin/sh -c #(nop) EXPOSE 8080/tcp 0B
<missing> 10 years ago /bin/sh -c #(nop) WORKDIR /app 0B
<missing> 10 years ago /bin/sh -c #(nop) COPY dir:02930d36f63824e72... 10.1MB
<missing> 10 years ago /bin/sh -c apt-get install -y python3 0B
<missing> 10 years ago /bin/sh -c #(nop) MAINTAINER Pavel 'PK' Kami... 0B
<missing> 10 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 10 years ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$... 4.1kB
<missing> 10 years ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/poli... 229kB
<missing> 10 years ago /bin/sh -c #(nop) ADD file:5a3f9e9ab88e725d6... 214MB
[root@docker10 ~]# 
bash
# 查看正在运行的容器
[root@docker10 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d333e906c948 timinglee/game2048:latest "/bin/sh -c 'sed -i ..." 49 minutes ago Up 49 minutes 0.0.0.0:80->80/tcp, [::]:80->80/tcp, 443/tcp dreamy_lewin
[root@docker10 ~]# docker rm -f d333e906c948
d333e906c948
[root@docker10 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker10 ~]#
bash
#镜像查看
[root@docker-node1 ~]# docker images IMAGE ID DISK USAGE CONTENT SIZE EXTRA
#搜索镜像
[root@docker-node1 ~]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL
nginx Official build of Nginx. 21206
#下载镜像
[root@docker-node1 ~]# docker pull nginx
[root@docker-node1 ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
61dfb50712f5: Pull complete
96cfb76e59bd: Download complete
Digest: sha256:b3255e7dfbcd10cb367af0d409747d511aeb66dfac98cf30e97e87e4207dd76f
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
#查看镜像提交历史
[root@docker-node1 ~]# docker history busybox:latest
IMAGE CREATED CREATED BY SIZE COMMENT
b3255e7dfbcd 17 months ago BusyBox 1.37.0 (glibc), Debian 13 4.49MB
[root@docker-node1 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox:latest b3255e7dfbcd 6.7MB 2.22MB
nginx:1.26 41b194461e4b 279MB 75.2MB
#导出镜像
[root@docker-node1 ~]# docker save -o game2048-latest.tar timinglee/game2048:latest
#删除镜像
[root@docker-node1 ~]# docker rmi timinglee/mario:latest
#导入镜像
[root@docker-node1 ~]# docker load -i game2048-latest.tar
#运行镜像
[root@docker-node1 ~]# docker run -d --name web nginx:1.26
f3e369725fab95d48779eaa556941b735aae841efe09bb1d28bca89923c44ee4
#查看运行容器
[root@docker-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f3e369725fab nginx:1.26 "/docker-entrypoint...." 2 seconds ago Up 2 seconds 80/tcp web
#查看所有容器
[root@docker-node1 ~]# docker ps -a
#交互模式运行容器
[root@docker-node1 ~]# docker run -it --name busybox busybox:latest
#交互运行容器默认退出后会停止
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d1b27167a247 busybox:latest "sh" 50 seconds ago Exited (0) 19 seconds ago busybox
#运行停止的容器
[root@docker-node1 ~]# docker start busybox
root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d1b27167a247 busybox:latest "sh" 2 minutes ago Up 1 second busybox
#退出交互容器不对其停止
[root@docker-node1 ~]# docker attach busybox
/ # [ctrl]+[p]+[q] #按键
[root@docker-node1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d1b27167a247 busybox:latest "sh" 3 minutes ago Up About a minute busybox
#查看容器信息
#docker inspect + 镜像名称查看镜像的基本信息
[root@docker-node1 ~]# docker inspect busybox
#容器控制
[root@Docker-node1 ~]# docker stop busybox #停止容器
[root@Docker-node1 ~]# docker kill busybox #杀死容器,可以使用信号
[root@Docker-node1 ~]# docker start busybox #开启停止的容器
#在已经运行的容器中执行指定命令
[root@docker-node1 ~]# docker exec busybox touch /root/haha #非交互
[root@docker-node1 ~]# docker exec busybox ls /root
file1
file2
haha
[root@docker-node1 ~]# docker exec -it web /bin/bash #交互的
root@f3e369725fab:/#
#容器删除
[root@docker-node1 ~]# docker rm -f busybox
busybox
[root@docker-node1 ~]# docker stop web
web
[root@docker-node1 ~]# docker rm web
web
#内容提交
[root@docker-node1 ~]# docker run -it --name test busybox:latest
/ # touch /root/file
/ # ls /root/
file
ctrl+qp 退出当前环境并继续运行容器
#-m 添加备注
[root@docker-node1 ~]# docker commit -m "add file" test busybox-file:latest
sha256:31a32089d241d025a5a54f144f15319cc6fb55be1b41d049f8905a472d5a028e
[root@docker-node1 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox-file:latest 31a32089d241 6.71MB 2.21MB
[root@docker-node1 ~]# docker run -it --name test busybox-file:latest
#文件在镜像中的复制
[root@docker-node1 ~]# docker run -it --name test busybox-file:latest
root@docker-node1 ~]# docker cp test:/root/file /mnt
Successfully copied 1.54kB to /mnt
[root@docker-node1 ~]# ls /mnt/
file hgfs
[root@docker-node1 ~]# docker cp /etc/passwd test:/root/
Successfully copied 3.07kB to test:/root/
[root@docker-node1 ~]# docker exec test ls /root
file
passwd三.熟悉镜像构建是用到的参数
bash
#建立构建目录
[root@docker-node1 ~]# mkdir docker
[root@docker-node1 ~]# cd docker/
#编写构建规则文件
[root@docker-node1 docker]# vim Dockerfile
#FROM
FROM busybox:latest
#COPY
[root@docker-node1 docker]# echo timinglee > timinglee
[root@docker-node1 docker]# cat timinglee
timinglee
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
COPY timinglee /root
#如果构建文件名不是Dockerfile,用-f 指定文件
#构建命令
[root@docker-node1 docker]# docker build -t timinglee:v1 .
[+] Building 0.2s (7/7) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 78B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 46B 0.0s
=> [1/2] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af0d409747d511aeb66dfac9 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af0d409747d511aeb66dfac9 0.0s
=> [2/2] COPY timinglee /root 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:3e240075ea92a386ccc7b8249faf4fbc049465ac3e490ddb9c0b6c759a35a2be 0.0s
=> => exporting config sha256:16a6f0015605d0df6a11f1c609afba2c28bdf3d984305922b440e52cd76f9dc2 0.0s
=> => exporting attestation manifest sha256:74b85b3b7cbdaa72964271d4d7c0fc371c7e267bbf6070df2628f 0.0s
=> => exporting manifest list sha256:0a7e32bc130bf9dbfc457442d8bc653987c1a642f86858f6bc233dc120d6 0.0s
=> => naming to docker.io/library/timinglee:v1 0.0s
=> => unpacking to docker.io/library/timinglee:v1 ENV定义变量
ENTRYPOINT 不可覆盖
bash
[root@docker10 ~]# mkdir docker
[root@docker10 ~]# cd docker/
[root@docker10 docker]# vim Dockerfile
[root@docker10 docker]# vim Dockerfile
FROM busybox:latest
MAINTAINER lee@timinglee.org
ENV NAME xier
ENTRYPOINT echo $NAME
[root@docker10 docker]# vim Dockerfile
#.表示当前目录
[root@docker10 docker]# docker build -t xier:v1 .
[+] Building 0.3s (5/5) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 122B 0.0s
=> WARN: MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 2 0.0s
=> WARN: LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" for 0.0s
=> WARN: JSONArgsRecommended: JSON arguments recommended for ENTRYPOINT to prevent unintended behav 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/1] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af0d409747d511aeb66dfac98c 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af0d409747d511aeb66dfac98c 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:832633de31c7350218dc60b1e42adcf7e9e5a810d69ad927a1ed1352630ee995 0.0s
=> => exporting config sha256:2c546b9a12f10fd2bd150ba2246146959d58fe30074427ee01d30b790f18ecd1 0.0s
=> => exporting attestation manifest sha256:7379cc57e8585dd51b26fceb6fefeb0c9d608436b6590d0c341aa0f 0.0s
=> => exporting manifest list sha256:362ce22053cde3a99392af4a1f9ef855a4cb88a2ab85eff2c281c727cc4e7e 0.0s
=> => naming to docker.io/library/xier:v1 0.0s
=> => unpacking to docker.io/library/xier:v1 0.0s
3 warnings found (use docker --debug to expand):
- JSONArgsRecommended: JSON arguments recommended for ENTRYPOINT to prevent unintended behavior related to OS signals (line 4)
- MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 2)
- LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 3)
[root@docker10 docker]# docker run --rm xier:v1
xier
[root@docker10 docker]# docker run --rm xier:v1 echo 521
xier
[root@docker10 docker]# 搭建centos7镜像(自己配置软件仓库的镜像)
bash
[root@docker10 yum.repos.d]# cd /root/docker/
[root@docker10 docker]# vim docker.repo
[docker]
name = docker
baseurl = https://mirrors.aliyun.com/centos-vault/7.9.2009/os/x86_64/
gpgcheck = 0
[root@docker10 docker]# vim Dockerfile
[root@docker10 docker]# vim Dockerfile
2 FROM centos:7
1 MAINTAINER xierxier
3 RUN ["/bin/bash" , "-c" , "rm -rf /etc/yum.repos.d/*"]
1 COPY docker.repo /etc/yum.repos.d/docker.repo
[root@docker10 docker]# docker build -t centos7 .
[+] Building 0.5s (8/8) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 174B 0.0s
=> WARN: MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 2) 0.0s
=> [internal] load metadata for docker.io/library/centos:7 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [1/3] FROM docker.io/library/centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 0.0s
=> => resolve docker.io/library/centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 32B 0.0s
=> [2/3] RUN ["/bin/bash" , "-c" , "rm -rf /etc/yum.repos.d/*"] 0.2s
=> [3/3] COPY docker.repo /etc/yum.repos.d/docker.repo 0.0s
=> exporting to image 0.2s
=> => exporting layers 0.1s
=> => exporting manifest sha256:d5d87910f5cde33ed121b95e98e144f73e836d2719314380aeca732254b14174 0.0s
=> => exporting config sha256:8a3c1bda769beb73f439e0c55a79afcafbeab72bfaf36612179e115d32a1de5c 0.0s
=> => exporting attestation manifest sha256:b84f5fa971d52457d0783894a14bf1b85f6c8df4e59ba6b5b4cb2453da9ac47a 0.0s
=> => exporting manifest list sha256:fa2313c1d74908ee7dfe642a41ecf13bcb466a6c2589894a059402658fe20b38 0.0s
=> => naming to docker.io/library/centos7:latest 0.0s
=> => unpacking to docker.io/library/centos7:latest 0.0s
1 warning found (use docker --debug to expand):
- MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 2)
[root@docker10 docker]# docker run -it --rm centos7
[root@32ea777d87dc /]# ll /etc/yum.repos.d/
total 4
-rw-r--r-- 1 root root 108 Mar 15 03:51 docker.repo
[root@32ea777d87dc /]# dnf install gcc -y
bash: dnf: command not found
[root@32ea777d87dc /]# yum install gcc -y
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
docker | 3.6 kB 00:00:00
(1/2): docker/group_gz | 153 kB 00:00:00
(2/2): docker/primary_db | 6.1 MB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.8.5-44.el7 will be installed
--> Processing Dependency: libgomp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: cpp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libmpfr.so.4()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libmpc.so.3()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Running transaction check
---> Package cpp.x86_64 0:4.8.5-44.el7 will be installed
---> Package glibc-devel.x86_64 0:2.17-317.el7 will be installed
--> Processing Dependency: glibc-headers = 2.17-317.el7 for package: glibc-devel-2.17-317.el7.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.17-317.el7.x86_64
---> Package libgomp.x86_64 0:4.8.5-44.el7 will be installed
---> Package libmpc.x86_64 0:1.0.1-3.el7 will be installed
---> Package mpfr.x86_64 0:3.1.1-4.el7 will be installed
--> Running transaction check
---> Package glibc-headers.x86_64 0:2.17-317.el7 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-317.el7.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.17-317.el7.x86_64
--> Running transaction check
---> Package kernel-headers.x86_64 0:3.10.0-1160.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================================================================
Installing:
gcc x86_64 4.8.5-44.el7 docker 16 M
Installing for dependencies:
cpp x86_64 4.8.5-44.el7 docker 5.9 M
glibc-devel x86_64 2.17-317.el7 docker 1.1 M
glibc-headers x86_64 2.17-317.el7 docker 690 k
kernel-headers x86_64 3.10.0-1160.el7 docker 9.0 M
libgomp x86_64 4.8.5-44.el7 docker 159 k
libmpc x86_64 1.0.1-3.el7 docker 51 k
mpfr x86_64 3.1.1-4.el7 docker 203 k
Transaction Summary
==================================================================================================================================================================================================
Install 1 Package (+7 Dependent packages)
Total download size: 33 M
Installed size: 60 M
Downloading packages:
cpp-4.8.5-44.el7.x86_64.rpm FAILED
https://mirrors.aliyun.com/centos-vault/7.9.2009/os/x86_64/Packages/cpp-4.8.5-44.el7.x86_64.rpm: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyun.com; Unknown error"0 B --:--:-- ETA
Trying other mirror.
gcc-4.8.5-44.el7.x86_64.rpm FAILED
https://mirrors.aliyun.com/centos-vault/7.9.2009/os/x86_64/Packages/gcc-4.8.5-44.el7.x86_64.rpm: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyun.com; Unknown error"0 B --:--:-- ETA
Trying other mirror.
(1/8): glibc-devel-2.17-317.el7.x86_64.rpm | 1.1 MB 00:00:00
(2/8): glibc-headers-2.17-317.el7.x86_64.rpm | 690 kB 00:00:00
(3/8): kernel-headers-3.10.0-1160.el7.x86_64.rpm | 9.0 MB 00:00:00
(4/8): libgomp-4.8.5-44.el7.x86_64.rpm | 159 kB 00:00:00
(5/8): libmpc-1.0.1-3.el7.x86_64.rpm | 51 kB 00:00:00
(6/8): mpfr-3.1.1-4.el7.x86_64.rpm | 203 kB 00:00:00
Error downloading packages:
gcc-4.8.5-44.el7.x86_64: [Errno 256] No more mirrors to try.
cpp-4.8.5-44.el7.x86_64: [Errno 256] No more mirrors to try.
[root@32ea777d87dc /]# 添加虚拟机20并部署docker
10:
bash
[root@docker10 docker]# scp /etc/modules-load.d/docker_mod.conf root@172.25.254.20:/etc/modules-load.d/docker_mod.conf
docker_mod.conf 100% 13 9.1KB/s 00:00
[root@docker10 docker]# scp /etc/sysctl.d/docker.conf root@172.25.254.20:/etc/sysctl.d/docker.conf
docker.conf 100% 103 123.9KB/s 00:00
[root@docker10 docker]# scp /etc/yum.repos.d/docker1.repo root@172.25.254.20:/etc/yum.repos.d/docker1.repo
docker1.repo 100% 114 191.5KB/s 00:00
[root@docker10 docker]# 20:
bash
[root@docker20 ~]# cat /etc/modules-load.d/docker_mod.conf
br_netfilter
[root@docker20 ~]# modprobe -a br_netfilter
[root@docker20 ~]#
[root@docker20 ~]# sysctl --system
[root@docker20 ~]# dnf install docker-ce -y
[root@docker20 ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@docker20 ~]# 四 docker 镜像仓库的管理
1 docker hub
Docker Hub是 Docker 官方提供的一个公共的镜像仓库服务。
docker hub的使用方法
1.登录
bash
#登陆官方仓库
[root@docker ~]# docker login -u timinglee
Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.
You can log in with your password or a Personal Access Token (PAT). Using a limited-scope PAT grants better security and is required for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
Login Succeeded
#登陆信息保存位置
[root@docker ~]# cd .docker/
[root@docker .docker]# ls
config.json
[root@docker .docker]# cat config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "dGltaW5nbGVlOjY3NTE1MTVtaW5nemxu"
}
}2.上传镜像
bash
[root@docker ~]# docker tag gcr.io/distroless/base-debian11:latest timinglee/base-debian11:latest
[root@docker ~]# docker push timinglee/base-debian11:latest3.下载
bash
docker search 仓库名称
docker pull 名称/镜像
搭建docker的私有仓库
2.搭建简单的Registry仓库
1.下载Registry镜像
bash
[root@docker ~]# docker pull registry下载不了用压缩包导入
bash
-rw-r--r-- 1 root root 18860032 3月 16 01:25 registry.tar
[root@docker10 ~]# docker load -i registry.tar
Loaded image: registry:latest
[root@docker10 ~]# 2.开启Registry
bash
[root@docker10 ~]# docker history registry:latest
IMAGE CREATED CREATED BY SIZE COMMENT
6c5666b861f3 6 weeks ago CMD ["/etc/distribution/config.yml"] 0B buildkit.dockerfile.v0
<missing> 6 weeks ago ENTRYPOINT ["/entrypoint.sh"] 0B buildkit.dockerfile.v0
<missing> 6 weeks ago COPY entrypoint.sh /entrypoint.sh # buildkit 4.1kB buildkit.dockerfile.v0
<missing> 6 weeks ago EXPOSE map[5000/tcp:{}] 0B buildkit.dockerfile.v0
<missing> 6 weeks ago VOLUME [/var/lib/registry] 0B buildkit.dockerfile.v0
<missing> 6 weeks ago COPY ./config-example.yml /etc/distribution/... 4.1kB buildkit.dockerfile.v0
<missing> 6 weeks ago RUN /bin/sh -c set -eux; version='3.0.0'; ... 49.3MB buildkit.dockerfile.v0
<missing> 6 weeks ago RUN /bin/sh -c apk add --no-cache ca-certifi... 946kB buildkit.dockerfile.v0
<missing> 6 weeks ago CMD ["/bin/sh"] 0B buildkit.dockerfile.v0
<missing> 6 weeks ago ADD alpine-minirootfs-3.21.6-x86_64.tar.gz /... 8.14MB buildkit.dockerfile.v0
[root@docker10 ~]# docker run -d -p 5000:5000 --restart=always --name registry registry:latest
d5bc7a2f04582eadf797042aa003f6331a0793fdc7cb5c2f58db3c4413b2dd83
[root@docker10 ~]#3.上传镜像到仓库中
#给要上传的经镜像打标签
bash
[root@docker10 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox:latest b3255e7dfbcd 6.7MB 2.22MB
centos7:latest fa2313c1d749 299MB 76.1MB
centos:7 be65f488b776 299MB 76.1MB
nginx:1.26 41b194461e4b 279MB 75.2MB
registry:latest 6c5666b861f3 77.3MB 18.8MB U
timinglee/game2048:latest 8a34fb9cb168 77.2MB 17.8MB
timinglee/mario:latest 7758988210df 298MB 73.7MB
xier:v1 362ce22053cd 6.7MB 2.21MB
[root@docker10 ~]# docker tag centos:7 172.25.254.10:5000/centos7:v1#docker在上传的过程中默认使用https,但是我们并没有建立https认证需要的认证文件所以会报错
bash
[root@docker10 ~]# docker push 172.25.254.10:5000/centos7:v1
The push refers to repository [172.25.254.10:5000/centos7]
2d473b07cdd5: Unavailable
failed to do request: Head "https://172.25.254.10:5000/v2/centos7/blobs/sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9": http: server gave HTTP response to HTTPS client
[root@docker10 ~]# #配置非加密端口
bash
[root@docker10 ~]# vim /etc/docker/daemon.json
{
"insecure-registries" : ["http://172.25.254.100:5000"]
}
[root@docker10 ~]# systemctl restart docker
[root@docker10 ~]# #上传镜像
bash
[root@docker10 ~]# docker push 172.25.254.10:5000/centos7:v1
The push refers to repository [172.25.254.10:5000/centos7]
2d473b07cdd5: Pushed
v1: digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f size: 529
i Info → Not all multiplatform-content is present and only the available single-platform image was pushed
sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 -> sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
[root@docker10 ~]# #查看
bash
[root@docker10 ~]# curl 172.25.254.10:5000/v2/_catalog
{"repositories":["centos7"]}
[root@docker10 ~]#
/v2/_catalog
这是 Docker Registry v2 版本的固定 API 地址3.为Registry添加密传输
1.还原环境
bash
[root@docker10 ~]# docker rm -f registry
registry
[root@docker10 ~]# vim /etc/docker/daemon.json
[root@docker10 ~]# cat /etc/docker/daemon.json
[root@docker10 ~]# systemctl restart docker
[root@docker10 ~]# 2.创建证书
bash
[root@docker10 ~]# mkdir /etc/docker/certs
[root@docker10 ~]# openssl req -newkey rsa:4096 \
> -nodes -sha256 -keyout /etc/docker/certs/timinglee.org.key \
> -addext "subjectAltName = DNS:reg.timinglee.org" \
> -x509 -days 365 -out /etc/docker/certs/timinglee.org.crt
````
Common Name (eg, your name or your server's hostname) []:reg.timinglee.org
必须和上面设置的一样
````
#查看证书信息
[root@docker10 ~]# openssl x509 -in /etc/docker/certs/timinglee.org.crt -noout -text
Certificate:
Data:3.启动registry仓库
bash
--restart=always 开机 / 宕机后自动重启仓库
[root@docker10 ~]# docker run -d -p 443:443 --restart=always --name registry \
> -v /opt/registry:/var/lib/registry \ #宿主机的/opt/registry挂载到→容器里的/var/lib/registry
> -v /etc/docker/certs:/certs \ #同上,宿主机没有自动创建
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key registry
20806f570671a7f87b5da9370d5f7a25d7fec986f69ee203fa77e888b89d7f40
[root@docker10 ~]#
即
[root@docker10 ~]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /etc/docker/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key registry
a79bafe96759577ecc5ca6243f68046981fc8c90703b015b0a4206cd7a500590
[root@docker10 ~]#
[root@docker10 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
a79bafe96759 registry "/entrypoint.sh /etc..." 2 minutes ago Up 2 minutes 0.0.0.0:443->443/tcp, [::]
[root@docker10 ~]#
4.在两台主机添加域名解析
bash
[root@docker10 ~]# vim /etc/hosts
[root@docker10 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.10 docker10
172.25.254.10 reg.timinglee.org
[root@docker20 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.20 docker20
172.25.254.10 reg.timinglee.org5.测试
给docker建立证书
bash
[root@docker10 ~]# mkdir /etc/docker/certs.d/reg.timinglee.org/ -p
[root@docker10 ~]# cp /etc/docker/certs/timinglee.org.crt /etc/docker/certs.d/reg.timinglee.org/ca.crt
[root@docker10 ~]# systemctl restart docker
[root@docker10 ~]# 上传测试
bash
[root@docker10 ~]# curl -k https://172.25.254.10/v2/_catalog
{"repositories":[]}
[root@docker10 ~]# docker tag xier:v1 reg.timinglee.org/xier:v1
[root@docker10 ~]# docker push reg.timinglee.org/xier:v1
The push refers to repository [reg.timinglee.org/xier]
61dfb50712f5: Pushed
6227ad376dfb: Pushed
v1: digest: sha256:362ce22053cde3a99392af4a1f9ef855a4cb88a2ab85eff2c281c727cc4e7e7e size: 855
[root@docker10 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.10 docker10
172.25.254.10 reg.timinglee.org
[root@docker10 ~]# curl -k https://172.25.254.10/v2/_catalog
{"repositories":["xier"]}
[root@docker10 ~]# 4.添加登录认证
1.安装工具
dnf install httpd-tools -y
2.建立认证文件
bash
[root@docker10 ~]# mkdir /etc/docker/auth
[root@docker10 ~]# htpasswd -Bc /etc/docker/auth/htpasswd xier
New password:
Re-type new password:
Adding password for user xier
[root@docker10 ~]# 3.添加认证到registry容器中
bash
[root@docker10 ~]# docker rm -f registry
registry
[root@docker10 ~]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /etc/docker/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key -v /etc/docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
6e8b65154ba520295a6e76a6fa25b1e1e9bacb80cb1d38603c6cba8affa0dced
[root@docker10 ~]#
[root@docker10 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f944967b660b registry "/entrypoint.sh -v /..." 23 seconds ago Restarting (0) 7 seconds ago registry
[root@docker10 ~]# 4.测试
bash
[root@docker10 ~]# docker login reg.timinglee.org -u xier
Password:
WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/
Login Succeeded
[root@docker10 ~]# curl -k https://reg.timinglee.org/v2/_catalog -u xier
Enter host password for user 'xier':
{"repositories":["xier"]}
[root@docker10 ~]#
[root@docker10 ~]# docker push reg.timinglee.org/xier:v1
The push refers to repository [reg.timinglee.org/xier]
6227ad376dfb: Already exists
61dfb50712f5: Layer already exists
v1: digest: sha256:362ce22053cde3a99392af4a1f9ef855a4cb88a2ab85eff2c281c727cc4e7e7e size: 85520上下载镜像
要把证书放到 /etc/docker/certs.d/域名/ 目录下 = 告诉 Docker:我信任这个仓库
bash
[root@docker10 ~]# scp -r /etc/docker/certs.d/ root@172.25.254.20:/etc/docker/certs.d
ca.crt 100% 2179 1.7MB/s 00:00
[root@docker10 ~]#
[root@docker20 ~]# systemctl restart docker查仓库有什么镜像 :/v2/_catalog
bash
[root@docker20 ~]# curl -k https://reg.timinglee.org/v2/_catalog -u xier
Enter host password for user 'xier':
{"repositories":["xier"]}
[root@docker20 ~]# docker login reg.timinglee.org -u xier
Password:
WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/
Login Succeeded
[root@docker20 ~]# docker pull reg.timinglee.org/xier:v1
v1: Pulling from xier
61dfb50712f5: Pull complete
6227ad376dfb: Download complete
Digest: sha256:362ce22053cde3a99392af4a1f9ef855a4cb88a2ab85eff2c281c727cc4e7e7e
Status: Downloaded newer image for reg.timinglee.org/xier:v1
reg.timinglee.org/xier:v1
[root@docker20 ~]# 查镜像有什么版本 :/v2/镜像名/tags/list
bash
[root@docker20 ~]# curl -k https://reg.timinglee.org/v2/xier/tags/list -u xier
Enter host password for user 'xier':
{"name":"xier","tags":["v1"]}
[root@docker20 ~]# 5 部署harbor仓库
安装部署
1.解压安装包到指定目录
bash
[root@docker10 ~]# tar zxf harbor-offline-installer-v2.14.0.tgz -C /opt/
[root@docker10 ~]# cd /opt/
[root@docker10 opt]# ll
总用量 0
drwx--x--x 4 root root 28 3月 14 20:55 containerd
drwxr-xr-x 2 root root 123 3月 21 17:55 harbor
drwxr-xr-x 3 root root 20 3月 16 19:01 registry
[root@docker10 opt]# 2.复制安装要用的文件
bash
[root@docker10 opt]# cd harbor/
[root@docker10 harbor]# ll
总用量 656308
-rw-r--r-- 1 root root 3646 9月 9 2025 common.sh
-rw-r--r-- 1 root root 672014938 9月 9 2025 harbor.v2.14.0.tar.gz
-rw-r--r-- 1 root root 14688 9月 9 2025 harbor.yml.tmpl
-rwxr-xr-x 1 root root 1975 9月 9 2025 install.sh
-rw-r--r-- 1 root root 11347 9月 9 2025 LICENSE
-rwxr-xr-x 1 root root 2211 9月 9 2025 prepare
[root@docker10 harbor]# cp -p harbor.yml.tmpl harbor.yml
// -p 保留文件权限3.复制之前创造的证书到指定目录
bash
[root@docker10 harbor]# mkdir /data/
[root@docker10 harbor]# ls /data/
[root@docker10 harbor]# cp -rp /etc/docker/certs /data/
[root@docker10 harbor]# ll /data/certs/timinglee.org.crt
-rw-r--r-- 1 root root 2179 3月 16 14:55 /data/certs/timinglee.org.crt
[root@docker10 harbor]# ll /data/certs/timinglee.org.key
-rw------- 1 root root 3272 3月 16 14:52 /data/certs/timinglee.org.key
[root@docker10 harbor]# ll /data/certs/
总用量 8
-rw-r--r-- 1 root root 2179 3月 16 14:55 timinglee.org.crt
-rw------- 1 root root 3272 3月 16 14:52 timinglee.org.key
[root@docker10 harbor]# (没有证书重新创建)
bash
[root@docker10 harbor]# mkdir /opt/harbor/certs
[root@docker10 harbor]# cd /opt/harbor/
[root@docker10 harbor]# openssl req -newkey rsa:4096 \
> -nodes -sha256 -keyout /etc/docker/certs/timinglee.org.key \
> -addext "subjectAltName = DNS:reg.timinglee.org" \
> -x509 -days 365 -out certs/timinglee.org.crt
[root@docker10 harbor]# 4.编辑安装要用的文件
bash
[root@docker harbor]# vim harbor.yml
hostname: reg.timinglee.org
certificate: /data/certs/timinglee.org.crt
private_key: /data/certs/timinglee.org.key
harbor_admin_password: xier5.停止并删除旧的 registry 容器,为部署 Harbor 腾出 443 端口(避免端口冲突)
bash
[root@docker10 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e8b65154ba5 registry "/entrypoint.sh /etc..." 4 days ago Up 43 minutes 0.0.0.0:443->443/tcp, [::]:443->443/tcp, 5000/tcp registry
[root@docker10 harbor]# docker rm -f registry
registry
[root@docker10 harbor]# 6.安装
bash
[root@docker10 harbor]# ./install.sh
····· 1.1s
✔ ----Harbor has been installed and started successfully.----
[root@docker10 harbor]#
//查看
[root@docker10 harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d34f6b9fcc43 goharbor/harbor-jobservice:v2.14.0 "/harbor/entrypoint...." About a minute ago Up About a minute (healthy) harbor-jobservice
b4545a8a359a goharbor/nginx-photon:v2.14.0 "nginx -g 'daemon of..." About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, [::]:80->8080/tcp, 0.0.0.0:443->8443/tcp, [::]:443->8443/tcp nginx
9e83d430b5e7 goharbor/harbor-core:v2.14.0 "/harbor/entrypoint...." About a minute ago Up About a minute (healthy) harbor-core
bc07960d3e6a goharbor/registry-photon:v2.14.0 "/home/harbor/entryp..." About a minute ago Up About a minute (healthy) registry
f69704e0dceb goharbor/redis-photon:v2.14.0 "redis-server /etc/r..." About a minute ago Up About a minute (healthy) redis
a785442f92f7 goharbor/harbor-portal:v2.14.0 "nginx -g 'daemon of..." About a minute ago Up About a minute (healthy) harbor-portal
d797644adb43 goharbor/harbor-registryctl:v2.14.0 "/home/harbor/start...." About a minute ago Up About a minute (healthy) registryctl
db75efb29793 goharbor/harbor-db:v2.14.0 "/docker-entrypoint...." About a minute ago Up About a minute (healthy) harbor-db
5bcb28da9948 goharbor/harbor-log:v2.14.0 "/bin/sh -c /usr/loc..." About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@docker10 harbor]# 使用
7.服务的开启,删除和关闭
bash
[root@docker10 harbor]# docker compose stop
关闭服务,但是不会删除容器
[+] stop 9/9
✔ Container harbor-jobservice Stopped 0.1ss
✔ Container registryctl Stopped 0.1ss
✔ Container nginx Stopped 0.1ss
✔ Container harbor-portal Stopped 0.1ss
✔ Container harbor-core Stopped 0.1ss
✔ Container redis Stopped 0.1ss
✔ Container harbor-db Stopped 0.1ss
✔ Container registry Stopped 0.1ss
✔ Container harbor-log Stopped 10.1s
[root@docker10 harbor]# docker compose down
删除容器
[+] down 10/10
✔ Container registryctl Removed 0.0s
✔ Container harbor-jobservice Removed 0.0s
✔ Container nginx Removed 0.0s
✔ Container harbor-portal Removed 0.0s
✔ Container harbor-core Removed 0.0s
✔ Container harbor-db Removed 0.0s
✔ Container registry Removed 0.0s
✔ Container redis Removed 0.0s
✔ Container harbor-log Removed 0.0s
✔ Network harbor_harbor Removed 0.0s
[root@docker10 harbor]# docker compose up -d
开启服务
[+] up 10/10
✔ Network harbor_harbor Created 0.0s
✔ Container harbor-log Started 0.2s
✔ Container redis Started 0.5s
✔ Container registry Started 0.4s
✔ Container registryctl Started 0.6s
✔ Container harbor-portal Started 0.5s
✔ Container harbor-db Started 0.5s
✔ Container harbor-core Started 0.8s
✔ Container harbor-jobservice Started 1.0s
✔ Container nginx Started 1.1s
[root@docker10 harbor]# 8.使用
直接访问输入设定的admin账号和密码
9.上传镜像
查看所有镜像
bash
[root@docker10 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
172.25.254.10/xier:v1 362ce22053cd 6.7MB 2.21MB
172.25.254.10:5000/centos7:v1 be65f488b776 299MB 76.1MB
busybox:latest b3255e7dfbcd 6.7MB 2.22MB
centos7:latest fa2313c1d749 299MB 76.1MB
centos:7 be65f488b776 299MB 76.1MB
goharbor/harbor-core:v2.14.0 32fb1bea30a8 412MB 204MB U
goharbor/harbor-db:v2.14.0 257d051f27d7 563MB 278MB U
goharbor/harbor-exporter:v2.14.0 7d050a6cbf58 270MB 134MB
goharbor/harbor-jobservice:v2.14.0 317294a42a01 363MB 180MB U
goharbor/harbor-log:v2.14.0 b208a659155f 335MB 166MB U
goharbor/harbor-portal:v2.14.0 f7edc122f9f3 327MB 162MB U
goharbor/harbor-registryctl:v2.14.0 3e4111e0aca6 334MB 166MB U
goharbor/nginx-photon:v2.14.0 a1287393aaa1 309MB 153MB U
goharbor/prepare:v2.14.0 941297444ea3 411MB 202MB
goharbor/redis-photon:v2.14.0 a35163ff2720 339MB 168MB U
goharbor/registry-photon:v2.14.0 ba892b6ec307 177MB 88.2MB U
goharbor/trivy-adapter-photon:v2.14.0 c2f4dbf5cad3 790MB 394MB
nginx:1.26 41b194461e4b 279MB 75.2MB
reg.timinglee.org/xier:v1 362ce22053cd 6.7MB 2.21MB
registry:latest 6c5666b861f3 77.3MB 18.8MB
timinglee/game2048:latest 8a34fb9cb168 77.2MB 17.8MB
timinglee/mario:latest 7758988210df 298MB 73.7MB
xier:v1 362ce22053cd 6.7MB 2.21MB 登录(需要主机有域名解析)
bash
[root@docker10 ~]# docker login reg.timinglee.org
Authenticating with existing credentials... [Username: xier]
i Info → To login with a different account, run 'docker logout' followed by 'docker login'
Stored credentials invalid or expired
Username (xier): admin
Password:
WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/
Login Succeeded加标签上传
bash
[root@docker10 ~]# docker tag nginx:1.26 reg.timinglee.org/library/nginx:1.26
[root@docker10 ~]# docker push reg.timinglee.org/library/nginx:1.26
The push refers to repository [reg.timinglee.org/library/nginx]
5e98d206134b: Unavailable
6923759e66ab: Unavailable
8a628cdd7ccc: Unavailable
d44088bb6ae8: Unavailable
9ebfb40fb06b: Unavailable
4fd410795c0f: Unavailable
7a0654aeb922: Unavailable
failed to authorize: failed to fetch oauth token: Post "https://reg.timinglee.org/service/token": tls: failed to verify certificate: x509: certificate signed by unknown authority解决证书不匹配问题(删除docker重新安装低版本的)
关闭harbor删除docker
bash
[root@docker10 ~]#
[root@docker10 ~]# cd /opt/harbor/
[root@docker10 harbor]# docker compose down
[+] down 10/10
✔ Container harbor-jobservice Removed 0.2ss
✔ Container registryctl Removed 0.2ss
✔ Container nginx Removed 0.2ss
✔ Container harbor-portal Removed 0.1ss
✔ Container harbor-core Removed 0.1ss
✔ Container redis Removed 0.1ss
✔ Container harbor-db Removed 0.1ss
✔ Container registry Removed 0.1ss
✔ Container harbor-log Removed 10.1s
✔ Network harbor_harbor Removed 0.1s
[root@docker10 harbor]# dnf remove docker
正在更新 Subscription Management 软件仓库。
无法读取客户身份
本系统尚未在权利服务器中注册。可使用 "rhc" 或 "subscription-manager" 进行注册。
未找到匹配的参数: docker
没有软件包需要移除。
依赖关系解决。
无需任何处理。
完毕!
[root@docker10 harbor]# 查看可安装的版本
bash
[root@docker10 harbor]# dnf list docker-ce --showduplicates
正在更新 Subscription Management 软件仓库。
无法读取客户身份
本系统尚未在权利服务器中注册。可使用 "rhc" 或 "subscription-manager" 进行注册。
docker 2.7 kB/s | 2.0 kB 00:00
docker 4.5 kB/s | 47 kB 00:10
epel 6.5 kB/s | 4.0 kB 00:00
AppStream 3.1 MB/s | 3.2 kB 00:00
BaseOS 2.7 MB/s | 2.7 kB 00:00
已安装的软件包
docker-ce.x86_64 3:29.3.0-1.el9 @docker1
可安装的软件包
docker-ce.x86_64 3:25.0.3-1.el9 docker1
docker-ce.x86_64 3:25.0.4-1.el9 docker1
docker-ce.x86_64 3:25.0.5-1.el9 docker1
docker-ce.x86_64 3:26.0.0-1.el9 docker1
docker-ce.x86_64 3:26.0.1-1.el9 docker1
docker-ce.x86_64 3:26.0.2-1.el9 docker1
docker-ce.x86_64 3:26.1.0-1.el9 docker1
docker-ce.x86_64 3:26.1.1-1.el9 docker1
docker-ce.x86_64 3:26.1.2-1.el9 docker1
docker-ce.x86_64 3:26.1.3-1.el9 docker1
docker-ce.x86_64 3:26.1.4-1.el9 docker1
docker-ce.x86_64 3:27.0.1-1.el9 docker1
docker-ce.x86_64 3:27.0.2-1.el9 docker1
docker-ce.x86_64 3:27.0.3-1.el9 docker1
docker-ce.x86_64 3:27.1.0-1.el9 docker1
docker-ce.x86_64 3:27.1.1-1.el9 docker1
docker-ce.x86_64 3:27.1.2-1.el9 docker1
docker-ce.x86_64 3:27.2.0-1.el9 docker1
docker-ce.x86_64 3:27.2.1-1.el9 docker1
docker-ce.x86_64 3:27.3.0-1.el9 docker1
docker-ce.x86_64 3:27.3.1-1.el9 docker1
docker-ce.x86_64 3:27.4.0-1.el9 docker1
docker-ce.x86_64 3:27.4.1-1.el9 docker1
docker-ce.x86_64 3:27.5.0-1.el9 docker1
docker-ce.x86_64 3:27.5.1-1.el9 docker1
docker-ce.x86_64 3:28.0.0-1.el9 docker1
docker-ce.x86_64 3:28.0.1-1.el9 docker1
docker-ce.x86_64 3:28.0.2-1.el9 docker1
docker-ce.x86_64 3:28.0.3-1.el9 docker1
docker-ce.x86_64 3:28.0.4-1.el9 docker1
docker-ce.x86_64 3:28.1.0-1.el9 docker1
docker-ce.x86_64 3:28.1.1-1.el9 docker1
docker-ce.x86_64 3:28.3.0-1.el9 docker1
docker-ce.x86_64 3:28.3.1-1.el9 docker1
docker-ce.x86_64 3:28.3.2-1.el9 docker1
docker-ce.x86_64 3:28.3.3-1.el9 docker1
docker-ce.x86_64 3:28.4.0-1.el9 docker1
docker-ce.x86_64 3:28.5.0-1.el9 docker1
docker-ce.x86_64 3:28.5.1-1.el9 docker1
docker-ce.x86_64 3:28.5.2-1.el9 docker1
docker-ce.x86_64 3:29.0.0-1.el9 docker1
docker-ce.x86_64 3:29.0.1-1.el9 docker1
docker-ce.x86_64 3:29.0.2-1.el9 docker1
docker-ce.x86_64 3:29.0.3-1.el9 docker1
docker-ce.x86_64 3:29.0.4-1.el9 docker1
docker-ce.x86_64 3:29.1.0-1.el9 docker1
docker-ce.x86_64 3:29.1.1-1.el9 docker1
docker-ce.x86_64 3:29.1.2-1.el9 docker1
docker-ce.x86_64 3:29.1.3-1.el9 docker1
docker-ce.x86_64 3:29.1.4-1.el9 docker1
docker-ce.x86_64 3:29.1.5-1.el9 docker1
docker-ce.x86_64 3:29.2.0-1.el9 docker1
docker-ce.x86_64 3:29.2.1-1.el9 docker1
docker-ce.x86_64 3:29.3.0-1.el9 docker1
[root@docker10 harbor]# 安装
bash
[root@docker10 harbor]# dnf install docker-ce-3:28.5.2-1.el9 -y修改配置文件
bash
[root@docker10 harbor]# vim /lib/systemd/system/docker.service
15 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=true重新加载并设置开机自启
bash
[root@docker10 harbor]# systemctl daemon-reload
[root@docker10 harbor]# systemctl enable --now docker.service导入镜像
bash
[root@docker10 harbor]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
[root@docker10 harbor]# cd
[root@docker10 ~]# ls
anaconda-ks.cfg busy-latest.tar centos7.tar certs docker game2048-latest.tar harbor-offline-installer-v2.14.0.tgz mario-latest.tar nginx-1.26.tar registry.tar
[root@docker10 ~]# docker load -i busy-latest.tar
Loaded image: busybox:latest
[root@docker10 ~]# docker load -i nginx-1.26.tar
Loaded image: nginx:1.26
[root@docker10 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox:latest af3f0f48a24e 4.43MB 0B
nginx:1.26 64e5ac93d424 192MB 0B
[root@docker10 ~]# 检测配置文件重新安装启动harbor
bash
[root@docker10 ~]# cd /opt/harbor/
[root@docker10 harbor]# vim harbor.yml
[root@docker10 harbor]# ./install.sh
[root@docker10 harbor]# docker compose up -d
[+] up 9/9
✔ Container harbor-log Running 0.0s
✔ Container redis Running 0.0s
✔ Container registryctl Running 0.0s
✔ Container harbor-portal Running 0.0s
✔ Container harbor-db Running 0.0s
✔ Container registry Running 0.0s
✔ Container harbor-core Running 0.0s
✔ Container nginx Running 0.0s
✔ Container harbor-jobservice Running 0.0s
[root@docker10 harbor]# 在网页harbor中创建项目
打标签上传镜像到harbor
bash
[root@docker10 ~]# docker tag busybox:latest reg.timinglee.org/timinglee/busybox:latest
[root@docker10 harbor]# docker push reg.timinglee.org/timinglee/busybox:latest
The push refers to repository [reg.timinglee.org/timinglee/busybox]
495ba00f2547: Pushed
latest: digest: sha256:91c66c844e6bba57e92e10e755e73a816d0b99edd17eb5297d9ac519ab3a8c81 size: 527
[root@docker10 harbor]#查看
客户端下载镜像
1.删除重装docker
bash
[root@docker20 ~]# dnf remove docker
正在更新 Subscription Management 软件仓库。
无法读取客户身份
本系统尚未在权利服务器中注册。可使用 "rhc" 或 "subscription-manager" 进行注册。
未找到匹配的参数: docker
没有软件包需要移除。
依赖关系解决。
无需任何处理。
完毕!
[root@docker20 yum.repos.d]# dnf install docker-ce-3:28.5.2-1.el9 -y
[root@docker20 yum.repos.d]# vim /lib/systemd/system/docker.service
15 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=true
[root@docker20 yum.repos.d]# systemctl daemon-reload
[root@docker20 yum.repos.d]# systemctl enable --now docker.service
[root@docker20 yum.repos.d]# 客户端下载需要证书(必须)(上个实验已经配置完成)
检测
bash
[root@docker20 yum.repos.d]# cd /etc/docker/certs.d/
[root@docker20 certs.d]# ls
reg.timinglee.org
[root@docker20 certs.d]# cd reg.timinglee.org/
[root@docker20 reg.timinglee.org]# ll
总用量 4
-rw-r--r-- 1 root root 2179 3月 21 22:47 ca.crt
[root@docker20 reg.timinglee.org]# ls
ca.crt
[root@docker20 reg.timinglee.org]# 使用短名称需要配置加速器
设定docker加速器
bash
[root@docker20 ~]# vim /etc/docker/daemon.json
[root@docker20 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://reg.timinglee.org"]
}
//拉取 Docker Hub 公网镜像时,让 Docker 先去你配置的地址请求,而不是直接访问国外官网
[root@docker20 ~]# systemctl restart docker下载镜像
bash
[root@docker20 yum.repos.d]# docker pull timinglee/busybox
Using default tag: latest
latest: Pulling from timinglee/busybox
8acfacc0e959: Pull complete
Digest: sha256:91c66c844e6bba57e92e10e755e73a816d0b99edd17eb5297d9ac519ab3a8c81
Status: Downloaded newer image for timinglee/busybox:latest
docker.io/timinglee/busybox:latest
[root@docker20 reg.timinglee.org]# docker pull reg.timinglee.org/timinglee/busybox:latest
latest: Pulling from timinglee/busybox
Digest: sha256:91c66c844e6bba57e92e10e755e73a816d0b99edd17eb5297d9ac519ab3a8c81
Status: Downloaded newer image for reg.timinglee.org/timinglee/busybox:latest
reg.timinglee.org/timinglee/busybox:latest
[root@docker20 reg.timinglee.org]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
reg.timinglee.org/timinglee/busybox:latest af3f0f48a24e 4.43MB 0B
timinglee/busybox:latest af3f0f48a24e 4.43MB 0B
[root@docker20 reg.timinglee.org]# 原生的三种网络模式
(安装好docker后默认的网络模式)
1.bridge桥接
通过docker网卡连接宿主机的网络
2.host仅主机
直接连接宿主机的网络
3.none没有网络
docker的自定义网络
1.bridge
默认的网段是172.17.0.0
新建的在此上递增172.18.0.0 ,172.19.0.0 .。。。。
个网络间相互隔离
自定义的桥接在关闭重启后ping容器名还是可以ping通,默认的桥接只能ping变化的ip
2.overlay
3.macvian
join网络实战
1.加载实验镜像
bash
[root@docker10 ~]# docker load -i phpmyadmin-latest.tar.gz
9853575bc4f9: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: phpmyadmin:latest
[root@docker10 ~]# docker load -i mysql-8.0.tar
1355aaece24a: Loading layer [==================================================>] 116.9MB/116.9MB
1.536kB/1.536kB
Loaded image: mysql:8.0
[root@docker10 ~]# 2.运行容器并部署join网络
bash
[root@docker10 ~]# docker run -d --name php -e PMA_ARBITRARY=1 -p 80:80 phpmyadmin:latest
1ae4876ceadb9fe33e3434aa1df29e85a11ae354595dff38f7528fbcbba54777
[root@docker10 ~]# docker run -d --name mysql -e MYSQL_ROOT_PASSWORD='xier' --network container:php mysql:8.0
4ba3c22f3dd573358607b4f29c5b3eab3ee3f63165a9ab49cf5921dc0c8af12e
[root@docker10 ~]# 3.访问测试
容器的内外网访问
容器访问外网
做源地址转化(snat)
外部访问容器
目的地址转化(dnat)和docker代理两条路(那个先响应走那个)
docker****跨主机网络通信
macvlan****网络方式实现跨主机通信
1.设定硬件添加网卡
两台主机添加网卡并设定为host-only
右键设置中添加
2.开启混杂模式
bash
[root@docker10 ~]# ip link set eth1 promisc on
[root@docker10 ~]# ip a s eth1
10: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:02:21:66 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
[root@docker10 ~]# ip link set up eth1
[root@docker20 ~]# ip link set eth1 promisc on
[root@docker20 ~]# ip link set up eth1
[root@docker20 ~]# ip a s eth1
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:93:df:ee brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
[root@docker20 ~]# 3.配置自建网络
bash
[root@docker10 ~]# docker network create -d macvlan --subnet 1.1.1.0/24 --gateway 1.1.1.1 -o parent=eth1 xier
0752d535412036c16e7dc3ff2561975f9761cafb4f12bb75418c0b989858b0a3
[root@docker10 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d544892ae84c bridge bridge local
7dde1e780a57 host host local
a7c3da154da5 none null local
0752d5354120 xier macvlan local
[root@docker20 ~]# docker network create -d macvlan --subnet 1.1.1.0/24 --gateway 1.1.1.1 -o parent=eth1 xier
190a8e6498d5d35a01128d445adf149956018dafecd2161cd38075170ffe9cb2
[root@docker20 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
8e38d7ed488a bridge bridge local
3650ba207593 host host local
c236bc857eb0 none null local
190a8e6498d5 xier macvlan local
-d macvlan:使用 macvlan 网络驱动
--subnet 1.1.1.0/24:容器网段设定为 1.1.1.0/24
--gateway 1.1.1.1:网关 1.1.1.1
-o parent=eth1:绑定物理网卡 eth1(你刚才开了混杂模式的那张)
xier:网络名字4.测试
bash
[root@docker10 ~]# docker run -it --name busybox --rm --network xier --ip 1.1.1.100 --rm busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 66:96:8c:89:37:e8 brd ff:ff:ff:ff:ff:ff
inet 1.1.1.100/24 brd 1.1.1.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
[root@docker20 ~]# docker run -it --name busybox --rm --network xier --ip 1.1.1.200 --rm timinglee/busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: eth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether f6:9d:ad:30:8c:ec brd ff:ff:ff:ff:ff:ff
inet 1.1.1.200/24 brd 1.1.1.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 1.1.1.100
PING 1.1.1.100 (1.1.1.100): 56 data bytes
64 bytes from 1.1.1.100: seq=0 ttl=64 time=1.679 ms
64 bytes from 1.1.1.100: seq=1 ttl=64 time=1.714 ms
64 bytes from 1.1.1.100: seq=2 ttl=64 time=0.756 ms
64 bytes from 1.1.1.100: seq=3 ttl=64 time=0.729 ms
^C
--- 1.1.1.100 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.729/1.219/1.714 ms
/ # Docker****数据卷管理及优化
一.bind mount 数据卷
挂载目录到容器,没有自动创建
[root@docker-node1 ~]# ls -ld /data
ls: 无法访问 '/data': 没有那个文件或目录
[root@docker-node1 ~]# docker run -it --rm --name test -v /data:/data -v /data1:/data1:ro -v /etc/passwd:/passwd:ro busybox:latest
/ # ls -ld /data /data1 /etc/passwd
drwxr-xr-x 2 root root 6 Mar 22 01:56 /data
drwxr-xr-x 2 root root 6 Mar 22 01:58 /data1
-rw-r--r-- 1 root root 340 May 18 2023 /etc/passwd
/ # touch /data/file
/ # ls /data
file
/ # touch /data1/file
touch: /data1/file: Read-only file system
/ # > passwd
sh: can't create passwd: Read-only file system
二.docker manager 卷
docker managed volume 不需要指定mount源,docker自动为容器创建数据卷目录
默认创建的数据卷目录都在 /var/lib/docker/volumes 中
如果挂载时指向容器内已有的目录,原有数据会被复制到volume中
清理未使用的数据卷
root@docker \~\]# docker volume prune ``` [root@docker-node1 ~]# docker volume create timinglee timinglee [root@docker-node1 ~]# docker volume ls DRIVER VOLUME NAME local timinglee [root@docker-node1 volumes]# touch timinglee/_data/file [root@docker-node1 ~]# docker run -it --rm -v timinglee:/data:ro busybox:latest / # ls bin data dev etc home lib lib64 proc root sys tmp usr var / # touch data/file touch: data/file: Read-only file system / # ls data/ file [root@docker-node1 ~]# docker volume rm timinglee timinglee [root@docker-node1 ~]# docker volume ls DRIVER VOLUME NAME ``` #### 三.数据卷容器 让两个容器在运行时数据卷情况完全一致 ``` [root@docker-node1 ~]# docker run -it --rm --name data -v /etc/hosts:/hosts:ro -v /data:/data busybox:latest / # cat /hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.25.254.10 docker-node1 172.25.254.10 reg.timinglee.org / # > /hosts sh: can't create /hosts: Read-only file system / # / # / # touch /data/timinglee / # ls /data/ file timinglee [root@docker-node1 ~]# docker run -it --rm --name lee --volumes-from data busybox:latest / # ls bin data dev etc home hosts lib lib64 proc root sys tmp usr var / # cat hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.25.254.10 docker-node1 172.25.254.10 reg.timinglee.org / # > hosts sh: can't create hosts: Read-only file system / # ls /data/ file timinglee ``` #### 四. 数据的备份和迁移 ```bash [root@docker-node1 ~]# docker run -d --name webserver -p 80:80 -v /data:/usr/share/nginx/html nginx:1.23 [root@docker-node1 ~]# docker exec -it webserver bash root@23951ce13871:/# cd /usr/share/nginx/html/ root@23951ce13871:/usr/share/nginx/html# ls index.html timinglee root@23951ce13871:/usr/share/nginx/html# touch timinglee{1..10} root@23951ce13871:/usr/share/nginx/html# ls index.html timinglee1 timinglee2 timinglee4 timinglee6 timinglee8 timinglee timinglee10 timinglee3 timinglee5 timinglee7 timinglee9 #数据备份 [root@docker-node1 ~]# docker run -it --rm --volumes-from webserver -v $(pwd):/backup busybox:latest / # ls backup bin dev etc home lib lib64 proc root sys tmp usr var / # ll /usr/share/nginx/html/ sh: ll: not found / # ls /usr/share/nginx/html/ index.html timinglee1 timinglee2 timinglee4 timinglee6 timinglee8 timinglee timinglee10 timinglee3 timinglee5 timinglee7 timinglee9 / # tar zcf /backup/html.tar.gz /usr/share/nginx/ tar: removing leading '/' from member names / # ls backup bin dev etc home lib lib64 proc root sys tmp usr var / # exit [root@docker-node1 ~]# ls busybox-latest.tar.gz docker mysql-8.0.tar busyboxplus.tar harbor-offline-installer-v2.14.0.tgz nginx-1.23.tar.gz debian11.tar.gz html.tar.gz phpmyadmin-latest.tar.gz #数据恢复 [root@docker-node1 ~]# rm -fr /data/* [root@docker-node1 ~]# docker exec -it webserver webserverbash OCI runtime exec failed: exec failed: unable to start container process: exec: "webserverbash": executable file not found in $PATH [root@docker-node1 ~]# docker exec -it webserver bash root@23951ce13871:/# ls bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var boot docker-entrypoint.d etc lib media opt root sbin sys usr root@23951ce13871:/# cd /usr/share/nginx/html/ root@23951ce13871:/usr/share/nginx/html# ls root@23951ce13871:/usr/share/nginx/html# [root@docker-node1 ~]# docker run -d --name webserver -p 80:80 -v /data:/usr/share/nginx/html -v $(pwd):/backup nginx:1.23 83a26edb472ecda951e241dc207847111cd4a2712cb349c52205c3d0e2727238 [root@docker-node1 ~]# docker exec -it webserver bash root@83a26edb472e:/# tar zxf /backup/html.tar.gz -C / root@83a26edb472e:/# ls /usr/share/nginx/html/ index.html timinglee1 timinglee2 timinglee4 timinglee6 timinglee8 timinglee timinglee10 timinglee3 timinglee5 timinglee7 timinglee9 ``` ```bash tar zcf /backup/html.tar.gz /usr/share/nginx/ tar zcf 打包后的文件 源文件 z 用gzip压缩 c create创建新包 f 指定包文件名 tar zxf /backup/html.tar.gz -C / z 用gzip解压 x extract解压 f 指定压缩包文件 -C / 按原来的路径原样恢复 ```