docker指令
实验一
[root@docker-01 ~]# ls
aa.txt anaconda-ks.cfg nginx ubantu
[root@docker-01 ~]# tar zcvf bunch.tar.gz etc
[root@docker-01 ~]# touch Dockerfile tmpfile2
[root@docker-01 ~]# ls
anaconda-ks.cfg bunch.tar.gz Dockerfile nginx tmpfile2 ubantu
[root@docker-01 ~]# vi Dockerfile
[root@docker-01 ~]# docker build -t my-image .
[+] Building 56.7s (10/10) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 233B 0.0s
=> [internal] load .dockerignore 0.0s
[root@docker-01 ~]# docker run -it my-image
/testdir # ls
etc tmpfile1 tmpfile2
/testdir # echo $WELCOME
You are in my container, welcome!
/testdir # exit
dockerfile应用案例:使用dockerfile创建sshd镜像模板
[root@docker-01 ~]# mkdir sshd_dockerfile
[root@docker-01 ~]# cd sshd_dockerfile/
[root@docker-01 sshd_dockerfile]# ls
[root@docker-01 sshd_dockerfile]# touch dockerfile un.sh
[root@docker-01 sshd_dockerfile]# ls
dockerfile un.sh
[root@docker-01 sshd_dockerfile]# vim run.sh
[root@docker-01 sshd_dockerfile]# ssh-keygen -t rsa
[root@docker-01 sshd_dockerfile]# ls
dockerfile run.sh un.sh yes yes.pub
[root@docker-01 sshd_dockerfile]# ls /root/.ssh/
id_rsa id_rsa.pub
[root@docker-01 sshd_dockerfile]# cat ~/.ssh/id_rsa.pub > /root/sshd_dockerfile/authorized_keys
[root@docker-01 sshd_dockerfile]# ls
authorized_keys dockerfile run.sh un.sh yes yes.pub
[root@docker-01 sshd_dockerfile]# vi dockerfile
[root@docker-01 sshd_dockerfile]# docker build -t centos:ssh .
[+] Building 194.5s (10/10) FINISHED
=> [internal] load build definition from dockerfile 0.0s
=> => transferring dockerfile: 731B 0.0s
[root@docker-01 sshd_dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos ssh dfca1a28e8b3 2 minutes ago 414MB
[root@docker-01 sshd_dockerfile]# docker run -d -p 10122:22 centos:ssh
a227e3a609dd4ebb92881061f6a23a9bdc903031e529678f4188141295a210bd
[root@docker-01 sshd_dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a227e3a609dd centos:ssh "/run.sh" 11 seconds ago Up 9 seconds 0.0.0.0:10122->22/tcp, :::10122->22/tcp keen_knuth
//宿主机登录
[root@docker-01 ~]# ssh admin@192.168.70.106 -p 10122
The authenticity of host '[192.168.70.106]:10122 ([192.168.70.106]:10122)' can't be established.
ECDSA key fingerprint is SHA256:E4irbwDcmz2s9GdgaQMG1JylhChQtvC9BQ9yhWrlYwQ.
ECDSA key fingerprint is MD5:2a:1f:52:27:f7:f4:05:6a:8a:55:96:65:c7:43:79:61.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.70.106]:10122' (ECDSA) to the list of known hosts.
分发镜像
- 为镜像命名 相当于docker build -t centos-with-vim:latest .
docker tag centos:sshd sshd_dockerfile/centos:v1 - 搭建私有仓库 registry
实验二 私有仓库 (官方提供 registry 搭建)
- 先布置docker环境(阿里云)
[root@registry_server ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@registry_server ~]# systemctl start docker
[root@registry_server ~]# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry The Docker Registry 2.0 implementation for s… 3818 [OK]
[root@registry_server ~]# docker pull registry
[root@registry_server ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 65f3b3441f04 13 days ago 24MB
[root@registry_server ~]# mkdir -p /opt/data/registry
[root@registry_server ~]# docker run --name=imsge_registry --restart=always -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry
238953262d75dff8552c3052257b47a83e16e7a678632a9ec90857125254380d
//私有仓库本机测试
[root@registry_server ~]# curl -X GET http://192.168.70.105:5000/v2/_catalog
{"repositories":[]}
//宿主机测试
[root@docker-01 ~]# curl -X GET http://192.168.70.105:5000/v2/_catalog
{"repositories":[]}
//改仓库名
[root@docker-01 ~]# docker tag centos:ssh 192.168.70.105:5000/centos_sshd:v1
[root@docker-01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.70.105:5000/centos_sshd v1 dfca1a28e8b3 10 hours ago 414MB
[root@docker-01 ~]# docker push 192.168.70.105:5000/centos_sshd:v1
The push refers to repository [192.168.70.105:5000/centos_sshd]
Get "https://192.168.70.105:5000/v2/": http: server gave HTTP response to HTTPS client
//需要改https协议,在客户端宿主机上修改
[root@docker-01 ~]# vim /usr/lib/systemd/system/docker.service
[root@docker-01 ~]# systemctl daemon-reload
[root@docker-01 ~]# systemctl restart docker
[root@docker-01 ~]# docker push 192.168.70.105:5000/centos_sshd:v1
The push refers to repository [192.168.70.105:5000/centos_sshd]
7f2d9ebf4ff9: Pushed
6399b5a03c2e: Pushed
f07c79f15187: Pushed
2d285f6ba6f1: Pushed
071d8bd76517: Pushed
v1: digest: sha256:46f82210f0270d044e1b341ce93c9f2b9fe1d3fd5ba4924e67306456ec5c1031 size: 1362
[root@docker-01 ~]# docker tag ubuntu:latest 192.168.70.105:5000/ubuntu:v1
[root@docker-01 ~]# docker push 192.168.70.105:5000/ubuntu:v1
The push refers to repository [192.168.70.105:5000/ubuntu]
9f54eef41275: Pushed
v1: digest: sha256:7cc0576c7c0ec2384de5cbf245f41567e922aab1b075f3e8ad565f508032df17 size: 529
//到仓库查看
[root@registry_server ~]# curl -X GET http://192.168.70.105:5000/v2/_catalog
{"repositories":["centos_sshd","ubuntu"]}
//进到挂载点查看
[root@registry_server ~]# cd /opt/data/registry/
[root@registry_server registry]# ls
docker
[root@registry_server registry]# cd docker/
[root@registry_server docker]# ls
registry
[root@registry_server docker]# cd registry/
[root@registry_server registry]# ls
v2
[root@registry_server registry]# cd v2/
[root@registry_server v2]# ls
blobs repositories
[root@registry_server v2]# cd repositories/
[root@registry_server repositories]# ls
centos_sshd ubuntu
//查看镜像
[root@registry_server repositories]# cd centos_sshd/
[root@registry_server centos_sshd]# ls
_layers _manifests _uploads
[root@registry_server centos_sshd]# cd ..
[root@registry_server repositories]# ls
centos_sshd ubuntu
[root@registry_server repositories]# pwd
/opt/data/registry/docker/registry/v2/repositories
[root@registry_server repositories]# yum -y install tree
[root@registry_server repositories]# tree ./
./
├── centos_sshd
│ ├── _layers
│ │ └── sha256
│ │ ├── 04ea7893cebd060a0546c0028294afec00b4a9e084ed1c33a5f6af1799113afb
│ │ │ └── link
│ │ ├── 17fbaa45e28eef9a279107a409dab77b097e92864cc543048349ec9bf0c569f1
│ │ │ └── link
│ │ ├── 2bbe84035846b522387dcd0c284727f88106edfd586c16f5e98d97351d1ca0e8
│ │ │ └── link
│ │ ├── a02a4930cb5d36f3290eb84f4bfa30668ef2e9fe3a1fb73ec015fc58b9958b17
│ │ │ └── link
│ │ ├── aac751160cba821ce5eced552a1747e4c213745aa2f16abc3448a896a82f106c
│ │ │ └── link
│ │ └── dfca1a28e8b35627b6f1647b736ca821398b8105e4e0e099eba8c94a1fcc1c37
│ │ └── link
│ ├── _manifests
│ │ ├── revisions
│ │ │ └── sha256
│ │ │ └── 46f82210f0270d044e1b341ce93c9f2b9fe1d3fd5ba4924e67306456ec5c1031
│ │ │ └── link
│ │ └── tags
│ │ └── v1
│ │ ├── current
│ │ │ └── link
│ │ └── index
│ │ └── sha256
│ │ └── 46f82210f0270d044e1b341ce93c9f2b9fe1d3fd5ba4924e67306456ec5c1031
│ │ └── link
│ └── _uploads
//拉镜像
[root@docker-01 ~]# docker pull 192.168.70.105:5000/ubuntu:v1
//删除仓库
[root@registry_server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
238953262d75 registry "/entrypoint.sh /etc…" 7 hours ago Up 6 hours 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp imsge_registry
[root@registry_server ~]# docker rm -f imsge_registry
imsge_registry
[root@registry_server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@registry_server repositories]# ls
centos_sshd ubuntu
[root@registry_server repositories]# pwd
/opt/data/registry/docker/registry/v2/repositories
[root@registry_server repositories]# docker run --name=imsge_registry --restart=always -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry
006dfb3f5df661dc74f33dca09cf161e3008cf4a84a4f3d88a521c1de14f590c
[root@registry_server repositories]# curl -X GET http://192.168.70.105:5000/v2/_catalog
{"repositories":["centos_sshd","ubuntu"]}
实验三 用Harbor 搭建私有仓库
[root@registry_server ~]# ls
anaconda-ks.cfg docker-compose-linux-x86_64 harbor-offline-installer-v2.4.1.tgz
[root@registry_server ~]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
[root@registry_server ~]# ll /usr/bin/docker-compose
-rw-r--r-- 1 root root 24707072 May 24 16:17 /usr/bin/docker-compose
[root@registry_server ~]# chmod +x /usr/bin/docker-compose
[root@registry_server ~]# tar -zxvf harbor-offline-installer-v2.4.1.tgz -C /usr/local/
harbor/harbor.v2.4.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@registry_server ~]# cd /usr/local/
[root@registry_server local]# ls
bin etc games harbor include lib lib64 libexec sbin share src
[root@registry_server local]# cd harbor/
[root@registry_server harbor]# ls
common.sh harbor.v2.4.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@registry_server harbor]# cp harbor.yml.tmpl harbor.yml
[root@registry_server harbor]# vi harbor.yml
[root@registry_server harbor]# pwd
/usr/local/harbor
[root@registry_server harbor]# ls
common.sh harbor.yml install.sh prepare
harbor.v2.4.1.tar.gz harbor.yml.tmpl LICENSE
[root@registry_server harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
[root@registry_server harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1ce81885daef goharbor/nginx-photon:v2.4.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
980b4ccf71f7 goharbor/harbor-jobservice:v2.4.1 "/harbor/entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-jobservice
32b07904de04 goharbor/harbor-core:v2.4.1 "/harbor/entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-core
d43e60801762 goharbor/harbor-registryctl:v2.4.1 "/home/harbor/start.…" 2 minutes ago Up 2 minutes (healthy) registryctl
0d2477969fef goharbor/redis-photon:v2.4.1 "redis-server /etc/r…" 2 minutes ago Up 2 minutes (healthy) redis
1589f1b25215 goharbor/registry-photon:v2.4.1 "/home/harbor/entryp…" 2 minutes ago Up 2 minutes (healthy) registry
b5e2629a940e goharbor/harbor-portal:v2.4.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) harbor-portal
3d757e6f6571 goharbor/harbor-db:v2.4.1 "/docker-entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-db
fa9d7adc0e4d goharbor/harbor-log:v2.4.1 "/bin/sh -c /usr/loc…" 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
006dfb3f5df6 registry "/entrypoint.sh /etc…" 2 hours ago Up 2 hours 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp imsge_registry
//访问192.168.70.105
[root@docker-01 ~]# vim /usr/lib/systemd/system/docker.service
[root@docker-01 ~]# systemctl daemon-reload
[root@docker-01 ~]# systemctl restart docker
[root@docker-01 ~]# docker login 192.168.70.105
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker-01 ~]# docker tag ubuntu:latest 192.168.70.105/centos01/ubuntu:20.01 //重新改名
[root@docker-01 ~]# docker push 192.168.70.105/centos01/ubuntu:20.01
The push refers to repository [192.168.70.105/centos01/ubuntu]
9f54eef41275: Pushed
20.01: digest: sha256:7cc0576c7c0ec2384de5cbf245f41567e922aab1b075f3e8ad565f508032df17 size: 529
[root@docker-01 ~]# docker tag ubuntu:latest 192.168.70.105/centos01/hello-world
[root@docker-01 ~]# docker push 192.168.70.105/centos01/hello-world
Using default tag: latest
The push refers to repository [192.168.70.105/centos01/hello-world]
9f54eef41275: Mounted from centos01/ubuntu
latest: digest: sha256:7cc0576c7c0ec2384de5cbf245f41567e922aab1b075f3e8ad565f508032df17 size: 529
//宿主机上更改配置文件,因为用的http协议
[root@docker-01 ~]# vim /usr/lib/systemd/system/docker.service
- 验证结果