包含alistdocker的词条

dylinchen 815 2022-12-02

本文目录一览:

Docker安装教程

1.在线安装

curl -fsSL | bash -s docker --mirror Aliyun

在线安装方式二

curl -sSL | sh

3.查看Docker

yum list docker-ce --showduplicates | sort -r

4.查看Docker版本

docker version

5.启动Docker

systemctl start docker

6.测试Docker是否启动成功

(1).拉取HelloWorld的镜像

docker pull hello-world

(2).运行hello-world镜像

docker run hello-world

看到下面的图就证明安装成功了

docker search redis

2.取最新版的 Redis 镜像

docker pull redis:latest

3.查看本地镜像

docker images

4.运行容器(这是只能本地访问,但是我们需要进行外网访问)

docker run -itd --name redis-test -p 6379:6379 redis

-p 6379:6379:映射容器服务的 6379 端口到宿主机的 6379 端口。外部可以直接通过宿主机ip:6379 访问到 Redis 的服务。

5.通过 redis-cli 连接测试使用 redis 服务。

docker exec -it redis-test /bin/bash

6.查看 Redis是否启动成功

ps aux | grep redis-server

出现如下,则为成功

上面的方法只能本地访问,我们需要的是外网访问redis

4.创建conf 和 data 文件夹

mkdir /usr/local/docker/conf

/usr/local/docker/data

然后再conf下创建redis.conf 的配置文件

放入如下内容,密码可不用配置

6.查看Redis是否启动

docker ps

就可以看到redis了,如果状态是UP,那么就可以确定是安装成功了,启动完成之后,把云服务器的6379端口出入打开,就可以看到了。

这时候我们就可以去使用外部工具进行连接了。

1.拉取镜像

docker pull mysql

2.在opt下创建文件夹

cd /opt/

mkdir mysql_docker

cd mysql_docker/

echo $PWD

3.启动mysql容器,在var/lib/docker/containers/下查看容器

cd /var/lib/docker/containers/

4.查看mysql进程

docker ps -a

5.进入mysql容器,并登陆mysql

docker exec -it mysqlserver bash

mysql -uroot -p

123456

6.开启远程访问权限

use mysql;

select host,user from user;

ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456';

flush privileges;

然后去连接一下数据库测试就可以了

7.关闭docker中mysql容器

docker stop mysqlserver

8.关闭docker

systemctl stop docker

阿里云ECS服务器安装docker详细步骤

环境:ECS服务器,务必使用CentOS 7 以上版本,64位系统推荐是CentOS 7.8

安装步骤:

一:安装docker所需的环境

1.安装依赖:yum install -y yum-utils device-mapper-persistent-data lvm2

2.配置yum源 使用国内的:yum-config-manager --add-repo

3.查看docker版本:yum list docker-ce --showduplicates | sort -r

二:安装docker

注意:不使用1.13.1版本,该版本在jenkins使用docker命令时会说找不到配置文件

1.安装docker:yum -y install docker-ce-20.10.10-3.el7

2.查看docker版本:docker -v

3.启动docker:systemctl start docker

4.查看docker 启动状态:systemctl status docker

5.检查安装结果:docker info

运行Docker守护进程:systemctl start docker

停止Docker守护进程:systemctl stop docker

重启Docker守护进程:systemctl restart docker

6.查看容器:docker ps

7.停止容器:docker stop 容器id

三:修改镜像仓库:

vim /etc/docker/daemon.json

添加如下内容:

{

"debug":true,"experimental":true,"registry-mirrors":["","",""]

}

8.查看信息:docker info

仅供个人学习使用,如有不足请指出。

愿景:愿天下所有程序员能早日财富自由,永不搬砖!

2540e7b3d2408da3b6727211a38f5629_20221105035807_78432.jpg


Docker run 指令详解

本文翻译自docker官网:

The docker run command first creates a writeable container layer over the

specified image, and then starts it using the specified command. That is,

docker run is equivalent to the API /containers/create then

/containers/(id)/start . A stopped container can be restarted with all its

previous changes intact using docker start . See docker ps -a to view a list

of all containers.

The docker run command can be used in combination with docker commit to

change the command that a container runs . There is additional detailed information about docker run in the Docker run reference .

For information on connecting a container to a network, see the " Docker network overview " .

This example runs a container named test using the debian:latest

image. The -it instructs Docker to allocate a pseudo-TTY connected to

the container's stdin; creating an interactive bash shell in the container.

In the example, the bash shell is quit by entering

exit 13 . This exit code is passed on to the caller of

docker run , and is recorded in the test container's metadata.

This will create a container and print test to the console. The cidfile

flag makes Docker attempt to create a new file and write the container ID to it.

If the file exists already, Docker will return an error. Docker will close this

file when docker run exits.

This will not work, because by default, most potentially dangerous kernel

capabilities are dropped; including cap_sys_admin (which is required to mount

filesystems). However, the --privileged flag will allow it to run:

The --privileged flag gives all capabilities to the container, and it also

lifts all the limitations enforced by the device cgroup controller. In other

words, the container can then do almost everything that the host can do. This

flag exists to allow special use-cases, like running Docker within Docker.

The -w lets the command being executed inside directory given, here

/path/to/dir/ . If the path does not exist it is created inside the container.

This (size) will allow to set the container rootfs size to 120G at creation time.

This option is only available for the devicemapper , btrfs , overlay2 ,

windowsfilter and zfs graph drivers.

For the devicemapper , btrfs , windowsfilter and zfs graph drivers,

user cannot pass a size less than the Default BaseFS Size.

For the overlay2 storage driver, the size option is only available if the

backing fs is xfs and mounted with the pquota mount option.

Under these conditions, user can pass any size less than the backing fs size.

The --tmpfs flag mounts an empty tmpfs into the container with the rw ,

noexec , nosuid , size=65536k options.

The -v flag mounts the current working directory into the container. The -w

lets the command being executed inside the current working directory, by

changing into the directory to the value returned by pwd . So this

combination executes the command using the container, but inside the

current working directory.

When the host directory of a bind-mounted volume doesn't exist, Docker

will automatically create this directory on the host for you. In the

example above, Docker will create the /doesnt/exist

folder before starting your container.

Volumes can be used in combination with --read-only to control where

a container writes files. The --read-only flag mounts the container's root

filesystem as read only prohibiting writes to locations other than the

specified volumes for the container.

By bind-mounting the docker unix socket and statically linked docker

binary (refer to get the linux binary ),

you give the container the full access to create and manipulate the host's

Docker daemon.

On Windows, the paths must be specified using Windows-style semantics.

The following examples will fail when using Windows-based containers, as the

destination of a volume or bind mount inside the container must be one of:

a non-existing or empty directory; or a drive other than C:. Further, the source

of a bind mount must be a local directory, not a file.

For in-depth information about volumes, refer to manage data in containers

The --mount flag allows you to mount volumes, host-directories and tmpfs

mounts in a container.

The --mount flag supports most options that are supported by the -v or the

--volume flag, but uses a different syntax. For in-depth information on the

--mount flag, and a comparison between --volume and --mount , refer to

the service create command reference .

Even though there is no plan to deprecate --volume , usage of --mount is recommended.

Examples:

This binds port 8080 of the container to TCP port 80 on 127.0.0.1 of the host

machine. You can also specify udp and sctp ports.

The Docker User Guide

explains in detail how to manipulate ports in Docker.

Note that ports which are not bound to the host (i.e., -p 80:80 instead of

-p 127.0.0.1:80:80 ) will be accessible from the outside. This also applies if

you configured UFW to block this specific port, as Docker manages his

own iptables rules. Read more

This exposes port 80 of the container without publishing the port to the host

system's interfaces.

Use the -e , --env , and --env-file flags to set simple (non-array)

environment variables in the container you're running, or overwrite variables

that are defined in the Dockerfile of the image you're running.

You can define the variable and its value when running the container:

You can also use variables that you've exported to your local environment:

When running the command, the Docker CLI client checks the value the variable

has in your local environment and passes it to the container.

If no = is provided and that variable is not exported in your local

environment, the variable won't be set in the container.

You can also load the environment variables from a file. This file should use

the syntax variable=value (which sets the variable to the given value) or

variable (which takes the value from the local environment), and # for comments.

A label is a key=value pair that applies metadata to a container. To label a container with two labels:

The my-label key doesn't specify a value so the label defaults to an empty

string ( "" ). To add multiple labels, repeat the label flag ( -l or --label ).

The key=value must be unique to avoid overwriting the label value. If you

specify labels with identical keys but different values, each subsequent value

overwrites the previous. Docker uses the last key=value you supply.

Use the --label-file flag to load multiple labels from a file. Delimit each

label in the file with an EOL mark. The example below loads labels from a

labels file in the current directory:

The label-file format is similar to the format for loading environment

variables. (Unlike environment variables, labels are not visible to processes

running inside a container.) The following example illustrates a label-file

format:

You can load multiple label-files by supplying multiple --label-file flags.

For additional information on working with labels, see Labels - custom

metadata in Docker in

the Docker User Guide.

When you start a container use the --network flag to connect it to a network.

This adds the busybox container to the my-net network.

You can also choose the IP addresses for the container with --ip and --ip6

flags when you start the container on a user-defined network.

If you want to add a running container to a network use the docker network connect subcommand.

You can connect multiple containers to the same network. Once connected, the

containers can communicate easily need only another container's IP address

or name. For overlay networks or custom plugins that support multi-host

connectivity, containers connected to the same multi-host network but launched

from different Engines can also communicate in this way.

You can disconnect a container from a network using the docker network disconnect command.

The --volumes-from flag mounts all the defined volumes from the referenced

containers. Containers can be specified by repetitions of the --volumes-from

argument. The container ID may be optionally suffixed with :ro or :rw to

mount the volumes in read-only or read-write mode, respectively. By default,

the volumes are mounted in the same mode (read write or read only) as

the reference container.

Labeling systems like SELinux require that proper labels are placed on volume

content mounted into a container. Without a label, the security system might

prevent the processes running inside the container from using the content. By

default, Docker does not change the labels set by the OS.

To change the label in the container context, you can add either of two suffixes

:z or :Z to the volume mount. These suffixes tell Docker to relabel file

objects on the shared volumes. The z option tells Docker that two containers

share the volume content. As a result, Docker labels the content with a shared

content label. Shared volume labels allow all containers to read/write content.

The Z option tells Docker to label the content with a private unshared label.

Only the current container can use a private volume.

The -a flag tells docker run to bind to the container's STDIN , STDOUT

or STDERR . This makes it possible to manipulate the output and input as

needed.

This pipes data into a container and prints the container's ID by attaching

only to the container's STDIN .

This isn't going to print anything unless there's an error because we've

only attached to the STDERR of the container. The container's logs

still store what's been written to STDERR and STDOUT .

This is how piping a file into a container could be done for a build.

The container's ID will be printed after the build is done and the build

logs could be retrieved using docker logs . This is

useful if you need to pipe a file or something else into a container and

retrieve the container's ID once the container has finished running.

It is often necessary to directly expose devices to a container. The --device

option enables that. For example, a specific block storage device or loop

device or audio device can be added to an otherwise unprivileged container

(without the --privileged flag) and have the application directly access it.

By default, the container will be able to read , write and mknod these devices.

This can be overridden using a third :rwm set of options to each --device

flag. If the container is running in privileged mode, then the permissions specified

will be ignored.

For Windows, the format of the string passed to the --device option is in

the form of --device=IdType/Id . Beginning with Windows Server 2019

and Windows 10 October 2018 Update, Windows only supports an IdType of

class and the Id as a device interface class

GUID .

Refer to the table defined in the Windows container

docs

for a list of container-supported device interface class GUIDs.

If this option is specified for a process-isolated Windows container, all

devices that implement the requested device interface class GUID are made

available in the container. For example, the command below makes all COM

ports on the host visible in the container.

The --gpus flag allows you to access NVIDIA GPU resources. First you need to

install nvidia-container-runtime .

Visit Specify a container's resources

for more information.

To use --gpus , specify which GPUs (or all) to use. If no value is provied, all

available GPUs are used. The example below exposes all available GPUs.

Use the device option to specify GPUs. The example below exposes a specific

GPU.

The example below exposes the first and third GPUs.

Use Docker's --restart to specify a container's restart policy . A restart

policy controls whether the Docker daemon restarts a container after exit.

Docker supports the following restart policies:


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:用户级线程和内核级线程的区别(用户级线程和内核级线程有何区别)
下一篇:Spring框架学习之Cache抽象详解
相关文章

 发表评论

暂时没有评论,来抢沙发吧~