Docker镜像的使用
docker官方的镜像库比较慢,在进行镜像操作之前,需要将镜像源设置为国内的站点。新建文件/etc/docker/daemon.json,输入如下内容:
{
"registry-mirrors" : [
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com",
"https://cr.console.aliyun.com/"
]
}
然后重启docker的服务:
systemctl restart docker
3.1 列出本地所有镜像
执行命令 docker images 可以查看
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 20.04 f643c72bc252 5 weeks ago 72.9MB
hello-world latest bf756fb1ae65 12 months ago 13.3kB
当前我本地只有刚才安装的两个镜像。
3.2 从镜像库中查找镜像
执行命令 docker search 镜像名称可以从docker镜像库中查找镜像。
$ docker search python
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
python Python is an interpreted, interactive, objec… 5757 [OK]
django Django is a free web application framework, … 1039 [OK]
pypy PyPy is a fast, compliant alternative implem… 260 [OK]
joyzoursky/python-chromedriver Python with Chromedriver, for running automa… 57 [OK]
nikolaik/python-nodejs Python with Node.js 57 [OK]
arm32v7/python Python is an interpreted, interactive, objec… 53
circleci/python Python is an interpreted, interactive, objec… 42
centos/python-35-centos7 Platform for building and running Python 3.5… 38
centos/python-36-centos7 Platform for building and running Python 3.6… 30
hylang Hy is a Lisp dialect that translates express… 29 [OK]
arm64v8/python Python is an interpreted, interactive, objec… 24
revolutionsystems/python Optimized Python Images 18
centos/python-27-centos7 Platform for building and running Python 2.7… 17
bitnami/python Bitnami Python Docker Image 10 [OK]
publicisworldwide/python-conda Basic Python environments with Conda. 6 [OK]
d3fk/python_in_bottle Simple python:alpine completed by Bottle+Req… 5 [OK]
dockershelf/python Repository for docker images of Python. Test… 5 [OK]
clearlinux/python Python programming interpreted language with… 4
i386/python Python is an interpreted, interactive, objec… 3
ppc64le/python Python is an interpreted, interactive, objec… 2
centos/python-34-centos7 Platform for building and running Python 3.4… 2
amd64/python Python is an interpreted, interactive, objec… 1
ccitest/python CircleCI test images for Python 0 [OK]
s390x/python Python is an interpreted, interactive, objec… 0
saagie/python Repo for python jobs 0
最好选择官方(OFFICIAL)的镜像,这样的镜像最稳定一些。
3.3 下载新的镜像
执行命令docker pull 镜像名称:版本号即可下载新的镜像。
$ docker pull python:3.8
3.8: Pulling from library/python
6c33745f49b4: Pull complete
ef072fc32a84: Pull complete
c0afb8e68e0b: Pull complete
d599c07d28e6: Pull complete
f2ecc74db11a: Pull complete
26856d31ce86: Pull complete
2cd68d824f12: Pull complete
7ea1535f18c3: Pull complete
2bef93d9a76e: Pull complete
Digest: sha256:9079aa8582543494225d2b3a28fce526d9a6b06eb06ce2bac3eeee592fcfc49e
Status: Downloaded newer image for python:3.8
docker.io/library/python:3.8
镜像下载后,就可以使用镜像来创建容器了。
Docker容器的使用
4.1 启动容器
执行命令docker run即可启动容器,也就是创建某个镜像的实例。docker run命令非常复杂,可以先执行一个docker run --help来查看帮助:
$ docker run --help
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Run a command in a new container
Options:
--add-host list Add a custom host-to-IP mapping (host:ip)
-a, --attach list Attach to STDIN, STDOUT or STDERR
--blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
--blkio-weight-device list Block IO weight (relative device weight) (default [])
--cap-add list Add Linux capabilities
--cap-drop list Drop Linux capabilities
--cgroup-parent string Optional parent cgroup for the container
--cidfile string Write the container ID to the file
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit CPU real-time period in microseconds
--cpu-rt-runtime int Limit CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpus decimal Number of CPUs
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
-d, --detach Run container in background and print container ID
--detach-keys string Override the key sequence for detaching a container
--device list Add a host device to the container
--device-cgroup-rule list Add a rule to the cgroup allowed devices list
--device-read-bps list Limit read rate (bytes per second) from a device (default [])
--device-read-iops list Limit read rate (IO per second) from a device (default [])
--device-write-bps list Limit write rate (bytes per second) to a device (default [])
--device-write-iops list Limit write rate (IO per second) to a device (default [])
--disable-content-trust Skip image verification (default true)
--dns list Set custom DNS servers
--dns-option list Set DNS options
--dns-search list Set custom DNS search domains
--domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env list Set environment variables
--env-file list Read in a file of environment variables
--expose list Expose a port or a range of ports
--gpus gpu-request GPU devices to add to the container ('all' to pass all GPUs)
--group-add list Add additional groups to join
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h) (default 0s)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help Print usage
-h, --hostname string Container host name
--init Run an init inside the container that forwards signals and reaps processes
-i, --interactive Keep STDIN open even if not attached
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--ipc string IPC mode to use
--isolation string Container isolation technology
--kernel-memory bytes Kernel memory limit
-l, --label list Set meta data on a container
--label-file list Read in a line delimited file of labels
--link list Add link to another container
--link-local-ip list Container IPv4/IPv6 link-local addresses
--log-driver string Logging driver for the container
--log-opt list Log driver options
--mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33)
-m, --memory bytes Memory limit
--memory-reservation bytes Memory soft limit
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--mount mount Attach a filesystem mount to the container
--name string Assign a name to the container
--network network Connect a container to a network
--network-alias list Add network-scoped alias for the container
--no-healthcheck Disable any container-specified HEALTHCHECK
--oom-kill-disable Disable OOM Killer
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000)
--pid string PID namespace to use
--pids-limit int Tune container pids limit (set -1 for unlimited)
--platform string Set platform if server is multi-platform capable
--privileged Give extended privileges to this container
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
--read-only Mount the container's root filesystem as read only
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits
--runtime string Runtime to use for this container
--security-opt list Security Options
--shm-size bytes Size of /dev/shm
--sig-proxy Proxy received signals to the process (default true)
--stop-signal string Signal to stop a container (default "SIGTERM")
--stop-timeout int Timeout (in seconds) to stop a container
--storage-opt list Storage driver options for the container
--sysctl map Sysctl options (default map[])
--tmpfs list Mount a tmpfs directory
-t, --tty Allocate a pseudo-TTY
--ulimit ulimit Ulimit options (default [])
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use
--uts string UTS namespace to use
-v, --volume list Bind mount a volume
--volume-driver string Optional volume driver for the container
--volumes-from list Mount volumes from the specified container(s)
-w, --workdir string Working directory inside the container
比如我们要执行python的shell,需要添加-it参数,即:docker run -it python:3.8
$ docker run -it python:3.8
Python 3.8.7 (default, Dec 22 2020, 18:46:25)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
4.2 将宿主机的文件挂载到容器
docker容器与宿主机是隔离的,要想让容器内的程序能访问宿主机上的文件,需要通过-v参数将宿主机的文件挂载到容器中。比如我们在宿主机上有一个hello.py,可以打印hello,想要在python容器中执行,就需要进行挂载。-v后还需要接两个参数,分别是宿主机的目录和容器内的目录,两者使用:分隔,路径必须都是绝对路径。我的hello.py保存在主目录的/docker_test目录中,将这个目录挂载到容器的/docker_test目录,然后在容器内执行python /docker_test/hello.py:
$ docker run -v ~/docker_test:/docker_test python:3.8 python /docker_test/hello.py
hello
4.3 容器的端口映射
我们修改一下hello.py,创建一个socket服务端,并监听5000端口,当有客户端连接时,打印客户端的地址,先客户端发送hello,然后关闭连接:
import socket
ip_port = ('127.0.0.1', 5000)
sk = socket.socket()
sk.bind(ip_port)
sk.listen(5)
while True:
print('server waiting...')
conn,addr = sk.accept()
print(addr)
conn.sendall(b'hello\n')
conn.close()
在容器内执行:
docker run -v ~/docker_test:/docker_test python:3.8 python /docker_test/hello.py
接下来,尝试用telnet命令连接,结果却是失败的。原因是,127.0.0.1是宿主机的ip地址,5000是容器的端口,这与我们的习惯稍微有些不同。事实上,docker的容器是非常轻量的,它并没有自己的网络,要想访问容器的端口,需要进行端口映射,将容器的某端口映射到宿主机的端口,客户端连接时,只要与宿主机的端口进行连接就可以了。
需要注意的是,上面的代码创建的服务器,无论如何也不可能被客户端连接,因为代码中绑定了127.0.0.1的ip,在容器中运行时,需要绑定所有ip,即0.0.0.0。
import socket
ip_port = ('0.0.0.0', 5000)
sk = socket.socket()
sk.bind(ip_port)
sk.listen(5)
while True:
print('server waiting...')
conn,addr = sk.accept()
print(addr)
conn.sendall(b'hello\n')
conn.close()
然后,再使用-p参数,-p还需要三个参数,即宿主机的ip地址、宿主机的端口、容器的端口,三者之间使用:分隔。一般的,可以将宿主机的ip地址省略,只写宿主机的端口:容器的端口即可。
docker run -v ~/docker_test:/docker_test -it -p 5001:5000 python:3.8 python /docker_test/hello.py
这样,就将容器的5000端口映射到了宿主机的5001端口,使用:
telnet 127.0.0.1 5001
即可与容器中的服务器进行连接。
4.4 容器管理
上面的服务运行之后,可以使用docker ps命令,查看运行中的容器:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec4c86b8a163 python:3.8 "python /docker_test…" 5 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp eager_wilson
显示的内容有下面几列:
- CONTAINER ID:容器ID
- IMAGE:镜像名称和版本
- COMMAND:执行的命令
- CREATED:容器创建时间
- STATUS:容器的状态
- PORTS:端口映射
- NAMES:容器名
要想结束容器,可以使用docker kill 容器ID命令。