一、Docker介绍

  Docker 是基于 Linux 内核实现，Docker 最早采用 LXC 技术 ，LXC 是 Linux 原生支持的容器技术 ，可以提供轻量级的虚拟化 ，可以说 docker 就是基于 LXC 发展起来的，提供 LXC 的高级封装，标准的配置方法，在LXC的基础之上，docker提供了一系列更强大的功能。而虚拟化技术 KVM(KernelKernelbased Virtual Machine Machine) 基于模块实现， 后来Docker改为自己研发并开源的 runc 技术运行容器，彻底抛弃了LXC。

1、Docker的组成

Docker 主机(Host): 一个物理机或虚拟机，用于运行Docker服务进程和容器，也称为宿主机，node节点

Docker 服务端(Server): Docker守护进程，运行docker容器

Docker 客户端(Client): 客户端使用 docker 命令或其他工具调用docker API

Docker 镜像(Images): 镜像可以理解为创建实例使用的模板,本质上就是一些程序文件的集合

Docker 仓库(Registry): 保存镜像的仓库，官方仓库: https://hub.docker.com/，可以搭建私有仓库harbor

Docker 容器(Container): 容器是从镜像生成对外提供服务的一个或一组服务,其本质就是将镜像中的程序启动后生成的进程

2、Namespace

  namespace是Linux系统的底层概念，在LInux内核层实现，即有一些不同类型的命名空间被部署在内核，各个docker容器运行在同一个docker主进程并且共用同一个宿主机系统内核，各docker容器运行在宿主机的用户空间，每个容器都要有类似于虚拟机一样的相互隔离的运行空间，但是容器技术是在一个进程内实现运行指定服务的运行环境，并且还可以保护宿主机内核不受其他进程的干扰和影响，如文件系统空间、网络空间、进程空间等，目前主要通过以下技术实现容器运行空间的相互隔离:

3、Control groups

  Cgroups 最主要的作用，就是限制一个进程组能够使用的资源上限，包括CPU、内存、磁盘、网络带宽 等等。此外，还能够对进程进行优先级设置，资源的计量以及资源的控制(比如:将进程挂起和恢复等操 作)。

二、Centos7基础配置

#修改主机名
[root@c7-docker-node1-71 ~]# hostnamectl set-hostname c7-docker-node1-71

#修改固定IP
[root@c7-docker-node1-71 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE="Ethernet"
BOOTPROTO="none"
IPADDR=172.29.7.11
PREFIX=24
GATEWAY=172.29.7.254
DNS1=114.114.114.114
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"

#重启网卡
[root@c7-docker-node1-71 ~]# nmcli connection reload ;nmcli connection up ens33 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)

#修改selinux为警告状态
[root@c7-docker-node1-71 ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#Disabled ：不启用控制系统。
#permissive：开启控制系统，但是处于警告模式。即使你违反了策略的话它让你继续操作，但是把你的违反的内容记录下来。
#Enforcing：开启控制系统，处于强制状态。一旦违反了策略，就无法继续操作下去。
SELINUX=permissive
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

#动态修改selinux为警告状态
[root@c7-docker-node1-71 ~]# setenforce 0

#永久停止防火墙
[root@c7-docker-node1-71 ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

#修改时区
[root@c7-docker-node1-71 ~]# timedatectl set-timezone Asia/Shanghai

#时间同步
[root@c7-docker-node1-71 ~]# cat /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#修改为阿里云时间服务器
server ntp1.alliyun.com iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

....

#重启、开机自启、查看是否生效
[root@c7-docker-node1-71 ~]# systemctl restart chronyd
[root@c7-docker-node1-71 ~]# systemctl enable --now chronyd
[root@c7-docker-node1-71 ~]# chronyc -n sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? 173.255.248.194               0   7     0     -     +0ns[   +0ns] +/-    0ns

三、Docker的安装

1、yum安装

[root@c7-docker-node1-71 ~]# yum list docker --showduplicates 
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.bupt.edu.cn
 * extras: mirrors.bupt.edu.cn
 * updates: mirrors.bupt.edu.cn
Available Packages
docker.x86_64                                                        2:1.13.1-102.git7f2769b.el7.centos                                                        extras
docker.x86_64                                                        2:1.13.1-103.git7f2769b.el7.centos                                                        extras
docker.x86_64                                                        2:1.13.1-108.git4ef4b30.el7.centos                                                        extras
docker.x86_64                                                        2:1.13.1-109.gitcccb291.el7.centos                                                        extras
docker.x86_64                                                        2:1.13.1-161.git64e9980.el7_8                                                             extras
docker.x86_64                                                        2:1.13.1-162.git64e9980.el7.centos                                                        extras
docker.x86_64                                                        2:1.13.1-203.git0be3e21.el7.centos                                                        extras
docker.x86_64                                                        2:1.13.1-204.git0be3e21.el7                                                               extras
docker.x86_64                                                        2:1.13.1-205.git7d71120.el7.centos                                                        extras
docker.x86_64                                                        2:1.13.1-206.git7d71120.el7_9                                                             extras
docker.x86_64                                                        2:1.13.1-208.git7d71120.el7_9                                                             extras
docker.x86_64                                                        2:1.13.1-209.git7d71120.el7.centos 

#官方源下载太慢
#这里换成阿里云的源
#https://developer.aliyun.com/mirror/docker-ce?spm=a2c6h.13651102.0.0.57e31b11OBQGW7

# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce
# Step 4: 开启Docker服务
sudo service docker start

# 注意：
# 官方软件源默认启用了最新的软件，您可以通过编辑软件源的方式获取各个版本的软件包。例如官方并没有将测试版本的软件源置为可用，您可以通过以下方式开启。同理可以开启各种测试版本等。
# vim /etc/yum.repos.d/docker-ce.repo
#   将[docker-ce-test]下方的enabled=0修改为enabled=1
#
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# yum list docker-ce.x86_64 --showduplicates | sort -r
#   Loading mirror speeds from cached hostfile
#   Loaded plugins: branch, fastestmirror, langpacks
#   docker-ce.x86_64            17.03.1.ce-1.el7.centos            docker-ce-stable
#   docker-ce.x86_64            17.03.1.ce-1.el7.centos            @docker-ce-stable
#   docker-ce.x86_64            17.03.0.ce-1.el7.centos            docker-ce-stable
#   Available Packages
# Step2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.0.ce.1-1.el7.centos)
# sudo yum -y install docker-ce-[VERSION]

2、二进制安装

[root@c7-docker-node1-71 ~]# wget https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/docker-19.03.10.tgz
[root@c7-docker-node1-71 ~]# tar xf docker-19.03.10.tgz 

[root@c7-docker-node1-71 ~]# cp docker/* /usr/bin/

[root@c7-docker-node1-71 ~]# dockerd &>/dev/null &

[root@c7-docker-node1-71 ~]# docker version
Client: Docker Engine - Community
 Version:           19.03.10
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        9424aea
 Built:             Thu May 28 22:11:50 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.10
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       9424aea
  Built:            Thu May 28 22:18:15 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

创造service文件

[root@c7-docker-node1-71 ~]# groupadd docker

#这个service写起来很麻烦建议直接从别的节点使用yum安装 传一份
[root@c7-memcached-61 ~]# scp /lib/systemd/system/docker.service root@172.29.7.71:/lib/systemd/system/
[root@c7-memcached-61 ~]# scp /lib/systemd/system/docker.socket root@172.29.7.71:/lib/systemd/system/
[root@c7-memcached-61 ~]# scp /lib/systemd/system/containerd.service root@172.29.7.71:/lib/systemd/system/

[root@c7-docker-node1-71 ~]# cat /lib/systemd/system/docker.socket 
[Unit]
Description=Docker Socket for the API
Partof=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

[root@c7-docker-node1-71 ~]# cat /lib/systemd/system/docker.service 
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
#OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target

[root@c7-docker-node1-71 ~]# cat /lib/systemd/system/containerd.service 
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd

#Type=notify
Delegate=yes
KillMode=process
#Restart=always
#RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
#OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

[root@c7-docker-node1-71 ~]# jobs -l
[1]+  2030 Running                 dockerd &>/dev/null &
[root@c7-docker-node1-71 ~]# kill -9 2030
[root@c7-docker-node1-71 ~]# jobs -l
[1]+  2030 Killed                  dockerd &>/dev/null

[root@c7-docker-node1-71 ~]# systemctl daemon-reload 
[root@c7-docker-node1-71 ~]# systemctl start docker

[root@c7-docker-node1-71 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2024-02-15 18:59:55 CST; 4s ago
     Docs: https://docs.docker.com
 Main PID: 2246 (dockerd)
    Tasks: 12
   Memory: 17.4M
   CGroup: /system.slice/docker.service
           └─2246 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.827705803+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{...dule=grpc
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.827711890+08:00" level=info msg="ClientConn switching balancer to \"pick_firs...dule=grpc
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.844174546+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.845913024+08:00" level=info msg="Loading containers: start."
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.929974315+08:00" level=info msg="Default bridge (docker0) is assigned with an... address"
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.952655935+08:00" level=info msg="Loading containers: done."
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.965499382+08:00" level=info msg="Docker daemon" commit=9424aea graphdriver(s)...=19.03.10
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.965549143+08:00" level=info msg="Daemon has completed initialization"
Feb 15 18:59:55 c7-docker-node1-71 dockerd[2246]: time="2024-02-15T18:59:55.975641078+08:00" level=info msg="API listen on /var/run/docker.sock"
Feb 15 18:59:55 c7-docker-node1-71 systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

3、Docker相关信息和优化配置

1.查看 docker 版本

[root@c7-docker-node1-71 ~]# docker version
Client: Docker Engine - Community
 Version:           19.03.10
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        9424aea
 Built:             Thu May 28 22:11:50 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.10
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       9424aea
  Built:            Thu May 28 22:18:15 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

2.查看docker详解情况

[root@c7-docker-node1-71 ~]# docker info
Client:
 Debug Mode: false  #client 端是否开启 debug

Server:
 Containers: 0  #当前主机运行的容器总数
  Running: 0    #有几个容器是正在运行的
  Paused: 0     #有几个容器是暂停的
  Stopped: 0    #有几个容器是停止的
 Images: 0      #当前服务器的镜像数
 Server Version: 19.03.10   #服务端版本
 Storage Driver: overlay2   #正在使用的存储引擎
  Backing Filesystem: xfs   #后端文件系统，即服务器的磁盘文件系统
  Supports d_type: true #是否支持 d_type
  Native Overlay Diff: true #是否支持差异数据存储
 Logging Driver: json-file  #日志类型,每个容器的标准输出以日志存放
 Cgroup Driver: cgroupfs    #Cgroups 类型
 Plugins:                    #插件
  Volume: local             #卷
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1160.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.682GiB
 Name: c7-docker-node1-71
 ID: F6TP:T6WG:MP7A:EQGU:R46V:X6XD:IADH:ZYWF:VDH4:BXCN:R5OM:5CHX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

3.查看docker0网卡

[root@c7-docker-node1-71 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:8b:46:ed brd ff:ff:ff:ff:ff:ff
    inet 172.29.7.71/24 brd 172.29.7.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe8b:46ed/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:7a:fc:c8:6b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

4.docker的优化

注意：这种方式只对新建的容器有效的，之前的容器不生效

[root@c7-docker-node1-71 ~]# cat /etc/docker/daemon.json 
{
"registry-mirrors": [
    #这几个地址用一个就行
    "https://registry.docker-cn.com",
    "http://hub-mirror.c.163.com",
    "https://docker.mirrors.ustc.edu.cn",
    #下面这个地址用自己的阿里云容器加速就行  
    "https://xxxxx.mirror.aliyuncs.com/"
 ],
"hosts": ["unix:///var/run/docker.sock", "tcp://172.29.7.71:2375"], #设置容器hosts
"insecure-registries": ["www.jiutingqiu.com"],  #设置私有仓库地址可以设为http
"exec-opts": ["native.cgroupdriver=systemd"],   #k8s需要改这个
"graph": "/data/docker",  #指定docker数据目录,新版24.0.0不支持，实现：ExecStart=/usr/bin/dockerd --data-root=/data/docker
"max-concurrent-downloads": 10,       #同时下载
"max-concurrent-uploads": 5,      #同时上传
"log-opts": {
   "max-size": "300m",   #指定容器日志文件的最大值
   "max-file": "2"       #指定容器日志文件的个数，循环写入日志文件，即一个日志满，会写入第二个文件
 },
"live-restore": true,     #重载docker守护进程而不重启容器
  "proxies": {           #代理，主要是为了上google等一些网站
   "default": {
     "httpProxy": "http://proxy.example.com:3128",
     "httpsProxy": "https://proxy.example.com:3129",
     "noProxy": "*.test.example.com,.example.org,127.0.0.0/8"
   }
   "tcp://docker-daemon1.example.com": {
     "noProxy": "*.internal.example.net"
   }
 }
}

我的配置

[root@c7-docker-node1-71 ~]# cat /etc/docker/daemon.json 
{
"registry-mirrors": [
    #感觉不如，，，，不如阿里云
    "http://hub-mirror.c.163.com"
 ],
"graph": "/data/docker",
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-opts": {
   "max-size": "300m",
   "max-file": "2"
 },
"live-restore": true
}

[root@c7-docker-node1-71 ~]# docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.10
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1160.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.682GiB
 Name: c7-docker-node1-71
 ID: F6TP:T6WG:MP7A:EQGU:R46V:X6XD:IADH:ZYWF:VDH4:BXCN:R5OM:5CHX
 Docker Root Dir: /data/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  http://hub-mirror.c.163.com/
 Live Restore Enabled: true
 Product License: Community Engine

5.docker开启远程连接

#在docker服务端主机开启远程网络连接功能
[root@c7-memcached-61 ~]# cat /lib/systemd/system/docker.service 
.....
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always
.....

[root@c7-memcached-61 ~]# systemctl daemon-reload 
[root@c7-memcached-61 ~]# systemctl restart docker

[root@c7-memcached-61 ~]# ss -tnlp | grep 2375
LISTEN     0      128       [::]:2375                  [::]:*                   users:(("dockerd",pid=2399,fd=3))

[root@c7-docker-node1-71 ~]# docker -H 172.29.7.61 version
Client: Docker Engine - Community
 Version:           19.03.10
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        9424aea
 Built:             Thu May 28 22:11:50 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          25.0.3
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.21.6
  Git commit:       f417435
  Built:            Tue Feb  6 21:16:08 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.28
  GitCommit:        ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

四、Docker镜像

镜像即创建容器的模版，含有启动容器所需要的文件系统及所需要的内容，因此镜像主要用于方便和快 速的创建并启动容器

镜像含里面是一层层的文件系统,叫做 Union FS（联合文件系统）,联合文件系统，可以将几层目录挂载 到一起（就像千层饼，洋葱头，俄罗斯套娃一样），形成一个虚拟文件系统,虚拟文件系统的目录结构就 像普通 linux 的目录结构一样，镜像通过这些文件再加上宿主机的内核共同提供了一个 linux 的虚拟环 境，每一层文件系统叫做一层 layer，联合文件系统可以对每一层文件系统设置三种权限，只读 （readonly）、读写（readwrite）和写出（whiteout-able），但是镜像中每一层文件系统都是只读的, 构建镜像的时候，从一个最基本的操作系统开始，每个构建提交的操作都相当于做一层的修改，增加了 一层文件系统，一层层往上叠加，上层的修改会覆盖底层该位置的可见性，这也很容易理解，就像上层 把底层遮住了一样，当使用镜像的时候，我们只会看到一个完全的整体，不知道里面有几层,实际上也不 需要知道里面有几层。

[root@c7-docker-node1-71 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
a2abf6c4d29d: Pull complete 
a9edb18cadd1: Pull complete 
589b7251471a: Pull complete 
186b1aaa4aa6: Pull complete 
b4df32aa5a72: Pull complete 
a0bcbecc962e: Pull complete 
Digest: sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest

#查看镜像的分层历史
[root@c7-docker-node1-71 ~]# docker image history nginx
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
605c77e624dd        2 years ago         /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemon…   0B                  
<missing>           2 years ago         /bin/sh -c #(nop)  STOPSIGNAL SIGQUIT           0B                  
<missing>           2 years ago         /bin/sh -c #(nop)  EXPOSE 80                    0B                  
<missing>           2 years ago         /bin/sh -c #(nop)  ENTRYPOINT ["/docker-entr…   0B                  
<missing>           2 years ago         /bin/sh -c #(nop) COPY file:09a214a3e07c919a…   4.61kB              
<missing>           2 years ago         /bin/sh -c #(nop) COPY file:0fd5fca330dcd6a7…   1.04kB              
<missing>           2 years ago         /bin/sh -c #(nop) COPY file:0b866ff3fc1ef5b0…   1.96kB              
<missing>           2 years ago         /bin/sh -c #(nop) COPY file:65504f71f5855ca0…   1.2kB               
<missing>           2 years ago         /bin/sh -c set -x     && addgroup --system -…   61.1MB              
<missing>           2 years ago         /bin/sh -c #(nop)  ENV PKG_RELEASE=1~bullseye   0B                  
<missing>           2 years ago         /bin/sh -c #(nop)  ENV NJS_VERSION=0.7.1        0B                  
<missing>           2 years ago         /bin/sh -c #(nop)  ENV NGINX_VERSION=1.21.5     0B                  
<missing>           2 years ago         /bin/sh -c #(nop)  LABEL maintainer=NGINX Do…   0B                  
<missing>           2 years ago         /bin/sh -c #(nop)  CMD ["bash"]                 0B                  
<missing>           2 years ago         /bin/sh -c #(nop) ADD file:09675d11695f65c55…   80.4MB

[root@c7-docker-node1-71 ~]# docker inspect nginx
[
    {
        "Id": "sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85",
        "RepoTags": [
            "nginx:latest"
        ],
        "RepoDigests": [
            "nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-12-29T19:28:29.892199479Z",
        "Container": "ca3e48389f7160bc9d9a892d316fcbba459344ee3679998739b1c3cd8e56f7da",
        "ContainerConfig": {
            "Hostname": "ca3e48389f71",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.5",
                "NJS_VERSION=0.7.1",
                "PKG_RELEASE=1~bullseye"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "CMD [\"nginx\" \"-g\" \"daemon off;\"]"
            ],
            "Image": "sha256:82941edee2f4d17c55563bb926387c3ae39fa1a99777f088bc9d3db885192209",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
            },
            "StopSignal": "SIGQUIT"
        },
        "DockerVersion": "20.10.7",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.5",
                "NJS_VERSION=0.7.1",
                "PKG_RELEASE=1~bullseye"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "Image": "sha256:82941edee2f4d17c55563bb926387c3ae39fa1a99777f088bc9d3db885192209",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
            },
            "StopSignal": "SIGQUIT"
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 141479488,
        "VirtualSize": 141479488,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/data/docker/overlay2/c01ea99339280caeb5de5bfecbbb7929b1f5cc9f7490126f1d8a517ae09ee8b0/diff:/data/docker/overlay2/0900c9a29f7f02f0fc184474d4048bbdbbcd2a1d28a3ffe2cf9b1a2339d19a86/diff:/data/docker/overlay2/f9f805dbf1571532b027d7d13895426a781dcfc20e021d8468d84658093957c9/diff:/data/docker/overlay2/6e7c39ad0bcd7ee465f399dc834e4e77d94b5907052557fc56b12bcbc10bc3e1/diff:/data/docker/overlay2/c1229ae8b9d9817231dbbef014eef4ad12bc57d260f51968423250cd19416730/diff",
                "MergedDir": "/data/docker/overlay2/33abf4bad8250758d897a938af3f2d60d8e2527f0a25cdf5f929a25562a6a36f/merged",
                "UpperDir": "/data/docker/overlay2/33abf4bad8250758d897a938af3f2d60d8e2527f0a25cdf5f929a25562a6a36f/diff",
                "WorkDir": "/data/docker/overlay2/33abf4bad8250758d897a938af3f2d60d8e2527f0a25cdf5f929a25562a6a36f/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f",
                "sha256:e379e8aedd4d72bb4c529a4ca07a4e4d230b5a1d3f7a61bc80179e8f02421ad8",
                "sha256:b8d6e692a25e11b0d32c5c3dd544b71b1085ddc1fddad08e68cbd7fda7f70221",
                "sha256:f1db227348d0a5e0b99b15a096d930d1a69db7474a1847acbc31f05e4ef8df8c",
                "sha256:32ce5f6a5106cc637d09a98289782edf47c32cb082dc475dd47cbf19a4f866da",
                "sha256:d874fd2bc83bb3322b566df739681fbd2248c58d3369cb25908d68e7ed6040a6"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

2、搜索镜像

1.官网

http://hub.docker.com/

2.search命令

[root@c7-docker-node1-71 ~]# docker search nginx
NAME                               DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
nginx                              Official build of Nginx.                        19614               [OK]                
bitnami/nginx                      Bitnami nginx Docker Image                      181                                     [OK]
nginxinc/nginx-unprivileged        Unprivileged NGINX Dockerfiles                  141                                     
nginxproxy/nginx-proxy             Automated nginx proxy for Docker containers …   131                                     
nginxproxy/acme-companion          Automated ACME SSL certificate generation fo…   130     

#搜索点赞100个以上的镜像
[root@c7-docker-node1-71 ~]# docker search -s 100 centos
Flag --stars has been deprecated, use --filter=stars=3 instead
NAME                DESCRIPTION                                 STARS               OFFICIAL            AUTOMATED
centos              DEPRECATED; The official build of CentOS.   7713                [OK]   

3、下载镜像

docker pull [OPTIONS] NAME[:TAG|@DIGEST]

NAME: 是镜像名,一般的形式 仓库服务器:端口/项目名称/镜像名称
:TAG: 即版本号,如果不指定:TAG,则下载最新版镜像

[root@c7-docker-node1-71 ~]# docker pull mysql:5.7
5.7: Pulling from library/mysql
72a69066d2fe: Pull complete 
93619dbc5b36: Pull complete 
99da31dd6142: Pull complete 
626033c43d70: Pull complete 
37d5d7efb64e: Pull complete 
ac563158d721: Pull complete 
d2ba16033dad: Pull complete 
0ceb82207cd7: Pull complete 
37f2405cae96: Pull complete 
e2482e017e53: Pull complete 
70deed891d42: Pull complete 
Digest: sha256:f2ad209efe9c67104167fc609cca6973c8422939491c9345270175a300419f94
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7

[root@c7-docker-node1-71 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              605c77e624dd        2 years ago         141MB
mysql               5.7                 c20987f18b13        2 years ago         448MB

4、查看本地镜像

docker images [OPTIONS] [REPOSITORY[:TAG]]
docker image ls [OPTIONS] [REPOSITORY[:TAG]]
docker images list [OPTIONS] [REPOSITORY[:TAG]]

-q      #仅显示数字ID
-a      #显示所有图像（默认情况下隐藏中间图像）
-f      #查询状态

[root@c7-docker-node1-71 ~]# docker image list
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              605c77e624dd        2 years ago         141MB
mysql               5.7                 c20987f18b13        2 years ago         448MB

[root@c7-docker-node1-71 ~]# docker images -a
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              605c77e624dd        2 years ago         141MB
mysql               5.7                 c20987f18b13        2 years ago         448MB

[root@c7-docker-node1-71 ~]# docker image ls -q
605c77e624dd
c20987f18b13

[root@c7-docker-node1-71 ~]# docker images -f dangling=true
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

5、镜像导出

docker save [OPTIONS] IMAGE [IMAGE...]

-o      #输出到文件

1.导出镜像

[root@c7-docker-node1-71 ~]# docker save mysql:5.7 -o /data/mysql_test.tar
#或
[root@c7-docker-node1-71 ~]# docker save mysql:5.7 > /data/mysql_test.tar

[root@c7-docker-node1-71 ~]# ll /data/mysql_test.tar 
-rw-------. 1 root root 453727744 Feb 16 12:46 /data/mysql_test.tar

2.导出镜像并压缩

[root@c7-docker-node1-71 ~]# docker save mysql:5.7 | gzip - > /data/mysql_test.tar.gz

[root@c7-docker-node1-71 ~]# ll -h /data/mysql_test.tar
-rw-------. 1 root root 433M Feb 16 12:46 /data/mysql_test.tar
[root@c7-docker-node1-71 ~]# ll -h /data/mysql_test.tar.gz 
-rw-r--r--. 1 root root 145M Feb 16 12:49 /data/mysql_test.tar.gz

3.打包所有镜像

[root@c7-docker-node1-71 ~]# docker images | awk 'NR!=1{print $1":"$2}'
nginx:latest
mysql:5.7

[root@c7-docker-node1-71 ~]# docker save `docker images | awk 'NR!=1{print $1":"$2}'` | gzip > /data/all.tar.gz

[root@c7-docker-node1-71 ~]# ll -h /data/all.tar.gz 
-rw-r--r--. 1 root root 197M Feb 16 12:52 /data/all.tar.gz

6、镜像导入

利用docker load命令可以将镜像导出的打包或压缩文件再导入

注意：镜像导入只能支持单个镜像导入，不支持多个镜像导入

docker load [OPTIONS]

-i      #读取tar镜像存档文件

1.镜像导入

[root@c7-docker-node1-71 ~]# scp /data/mysql_test.tar root@172.29.7.61:/root

[root@c7-memcached-61 ~]# docker load -i mysql_test.tar 
#或
[root@c7-memcached-61 ~]# docker load < mysql_test.tar 
ad6b69b54919: Loading layer [==================================================>]  72.55MB/72.55MB
fba7b131c5c3: Loading layer [==================================================>]  338.4kB/338.4kB
0798f2528e83: Loading layer [==================================================>]  9.556MB/9.556MB
a0c2a050fee2: Loading layer [==================================================>]  4.202MB/4.202MB
d7a777f6c3a4: Loading layer [==================================================>]  2.048kB/2.048kB
0d17fee8db40: Loading layer [==================================================>]  53.77MB/53.77MB
aad27784b762: Loading layer [==================================================>]  5.632kB/5.632kB
9b64bb048d04: Loading layer [==================================================>]  3.584kB/3.584kB
35ba198e64f5: Loading layer [==================================================>]  313.2MB/313.2MB
789f3aa31b3f: Loading layer [==================================================>]  17.92kB/17.92kB
e889c671872c: Loading layer [==================================================>]  1.536kB/1.536kB
Loaded image: mysql:5.7
[root@c7-memcached-61 ~]# docker images 
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
mysql        5.7       c20987f18b13   2 years ago   448MB

[root@c7-docker-node1-71 ~]# scp /data/all.tar.gz root@172.29.7.61:/root

[root@c7-memcached-61 ~]# docker load < all.tar.gz 
2edcec3590a4: Loading layer [==================================================>]  83.86MB/83.86MB
e379e8aedd4d: Loading layer [==================================================>]     62MB/62MB
b8d6e692a25e: Loading layer [==================================================>]  3.072kB/3.072kB
f1db227348d0: Loading layer [==================================================>]  4.096kB/4.096kB
32ce5f6a5106: Loading layer [==================================================>]  3.584kB/3.584kB
d874fd2bc83b: Loading layer [==================================================>]  7.168kB/7.168kB
Loaded image: nginx:latest
Loaded image: mysql:5.7

[root@c7-memcached-61 ~]# docker images 
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
nginx        latest    605c77e624dd   2 years ago   141MB
mysql        5.7       c20987f18b13   2 years ago   448MB

7、删除镜像

docker rmi [OPTIONS] IMAGE [IMAGE...]
docker image rm [OPTIONS] IMAGE [IMAGE...]

-f          #强制删除，无论其是否在运行

1.删除指定镜像

[root@c7-docker-node1-71 ~]# docker rmi mysql:5.7
Untagged: mysql:5.7
Untagged: mysql@sha256:f2ad209efe9c67104167fc609cca6973c8422939491c9345270175a300419f94
Deleted: sha256:c20987f18b130f9d144c9828df630417e2a9523148930dc3963e9d0dab302a76
Deleted: sha256:6567396b065ee734fb2dbb80c8923324a778426dfd01969f091f1ab2d52c7989
Deleted: sha256:0910f12649d514b471f1583a16f672ab67e3d29d9833a15dc2df50dd5536e40f
Deleted: sha256:6682af2fb40555c448b84711c7302d0f86fc716bbe9c7dc7dbd739ef9d757150
Deleted: sha256:5c062c3ac20f576d24454e74781511a5f96739f289edaadf2de934d06e910b92
Deleted: sha256:8805862fcb6ef9deb32d4218e9e6377f35fb351a8be7abafdf1da358b2b287ba
Deleted: sha256:872d2f24c4c64a6795e86958fde075a273c35c82815f0a5025cce41edfef50c7
Deleted: sha256:6fdb3143b79e1be7181d32748dd9d4a845056dfe16ee4c827410e0edef5ad3da
Deleted: sha256:b0527c827c82a8f8f37f706fcb86c420819bb7d707a8de7b664b9ca491c96838
Deleted: sha256:75147f61f29796d6528486d8b1f9fb5d122709ea35620f8ffcea0e0ad2ab0cd0
Deleted: sha256:2938c71ddf01643685879bf182b626f0a53b1356138ef73c40496182e84548aa
Deleted: sha256:ad6b69b549193f81b039a1d478bc896f6e460c77c1849a4374ab95f9a3d2cea2

[root@c7-docker-node1-71 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              605c77e624dd        2 years ago         141MB

[root@c7-docker-node1-71 ~]# docker image rm nginx:latest
Untagged: nginx:latest
Untagged: nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Deleted: sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85
Deleted: sha256:b625d8e29573fa369e799ca7c5df8b7a902126d2b7cbeb390af59e4b9e1210c5
Deleted: sha256:7850d382fb05e393e211067c5ca0aada2111fcbe550a90fed04d1c634bd31a14
Deleted: sha256:02b80ac2055edd757a996c3d554e6a8906fd3521e14d1227440afd5163a5f1c4
Deleted: sha256:b92aa5824592ecb46e6d169f8e694a99150ccef01a2aabea7b9c02356cdabe7c
Deleted: sha256:780238f18c540007376dd5e904f583896a69fe620876cabc06977a3af4ba4fb5
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f

2.删除所有镜像

[root@c7-docker-node1-71 ~]# docker rmi -f `docker images -q`
Untagged: nginx:latest
Deleted: sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85
Deleted: sha256:b625d8e29573fa369e799ca7c5df8b7a902126d2b7cbeb390af59e4b9e1210c5
Deleted: sha256:7850d382fb05e393e211067c5ca0aada2111fcbe550a90fed04d1c634bd31a14
Deleted: sha256:02b80ac2055edd757a996c3d554e6a8906fd3521e14d1227440afd5163a5f1c4
Deleted: sha256:b92aa5824592ecb46e6d169f8e694a99150ccef01a2aabea7b9c02356cdabe7c
Deleted: sha256:780238f18c540007376dd5e904f583896a69fe620876cabc06977a3af4ba4fb5
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f
Untagged: mysql:5.7
Deleted: sha256:c20987f18b130f9d144c9828df630417e2a9523148930dc3963e9d0dab302a76
Deleted: sha256:6567396b065ee734fb2dbb80c8923324a778426dfd01969f091f1ab2d52c7989
Deleted: sha256:0910f12649d514b471f1583a16f672ab67e3d29d9833a15dc2df50dd5536e40f
Deleted: sha256:6682af2fb40555c448b84711c7302d0f86fc716bbe9c7dc7dbd739ef9d757150
Deleted: sha256:5c062c3ac20f576d24454e74781511a5f96739f289edaadf2de934d06e910b92
Deleted: sha256:8805862fcb6ef9deb32d4218e9e6377f35fb351a8be7abafdf1da358b2b287ba
Deleted: sha256:872d2f24c4c64a6795e86958fde075a273c35c82815f0a5025cce41edfef50c7
Deleted: sha256:6fdb3143b79e1be7181d32748dd9d4a845056dfe16ee4c827410e0edef5ad3da
Deleted: sha256:b0527c827c82a8f8f37f706fcb86c420819bb7d707a8de7b664b9ca491c96838
Deleted: sha256:75147f61f29796d6528486d8b1f9fb5d122709ea35620f8ffcea0e0ad2ab0cd0
Deleted: sha256:2938c71ddf01643685879bf182b626f0a53b1356138ef73c40496182e84548aa
Deleted: sha256:ad6b69b549193f81b039a1d478bc896f6e460c77c1849a4374ab95f9a3d2cea2

[root@c7-docker-node1-71 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

3.清除dangling状态的镜像

dangling：悬挂状态

Docker 会在磁盘中保留所有使用过的镜像，即使这些镜像没有正在运行。这样做是为了在本地“缓存”中保留必要的镜像。这本身是没问题的，因为当你想拉取某个依赖于这些镜像的镜像，或者当你想要构建一个镜像时，本地的这些镜像可以直接使用。但同时，这也占用了大量的磁盘空间！

创造dangling状态镜像

[root@c7-docker-node1-71 ~]# docker save 605c77e624dd > /data/dangling_test.tar

[root@c7-docker-node1-71 ~]# docker rmi nginx
[root@c7-docker-node1-71 ~]# docker load -i /data/dangling_test.tar 

[root@c7-docker-node1-71 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
<none>              <none>              605c77e624dd        2 years ago         141MB
mysql               5.7                 c20987f18b13        2 years ago         448MB

清除dangling状态的镜像

[root@c7-docker-node1-71 ~]# docker images -f dangling=true
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
<none>              <none>              605c77e624dd        2 years ago         141MB

[root@c7-docker-node1-71 ~]# docker rmi -f `docker images -q -f dangling=true`
Deleted: sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85
Deleted: sha256:b625d8e29573fa369e799ca7c5df8b7a902126d2b7cbeb390af59e4b9e1210c5
Deleted: sha256:7850d382fb05e393e211067c5ca0aada2111fcbe550a90fed04d1c634bd31a14
Deleted: sha256:02b80ac2055edd757a996c3d554e6a8906fd3521e14d1227440afd5163a5f1c4
Deleted: sha256:b92aa5824592ecb46e6d169f8e694a99150ccef01a2aabea7b9c02356cdabe7c
Deleted: sha256:780238f18c540007376dd5e904f583896a69fe620876cabc06977a3af4ba4fb5
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f

8、镜像打标签

docker tag 可以给镜像打标签，类似于起别名,但通常要遵守一定的命名规范,才可以上传到指定的仓库

docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

[root@c7-docker-node1-71 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              605c77e624dd        2 years ago         141MB
mysql               5.7                 c20987f18b13        2 years ago         448MB

[root@c7-docker-node1-71 ~]# docker tag mysql:5.7 mysql:5.7_test

[root@c7-docker-node1-71 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              605c77e624dd        2 years ago         141MB
mysql               5.7                 c20987f18b13        2 years ago         448MB
mysql               5.7_test            c20987f18b13        2 years ago         448MB

五、容器操作基础命令

1、容器相关命令

[root@c7-docker-node1-71 ~]# docker container

Usage:  docker container COMMAND

Manage containers

Commands:
  attach      Attach local standard input, output, and error streams to a running container
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  inspect     Display detailed information on one or more containers
  kill        Kill one or more running containers
  logs        Fetch the logs of a container
  ls          List containers
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  prune       Remove all stopped containers
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  run         Run a command in a new container
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker container COMMAND --help' for more information on a command.

2、启动容器

1.启动容器

#没有的镜像会自动去镜像仓库下载
[root@c7-docker-node1-71 ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete 
Digest: sha256:2498fce14358aa50ead0cc6c19990fc6ff866ce72aeb5546e1d59caac3d0d60f
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

[root@c7-docker-node1-71 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              605c77e624dd        2 years ago         141MB
mysql               5.7                 c20987f18b13        2 years ago         448MB
mysql               5.7_test            c20987f18b13        2 years ago         448MB
hello-world         latest              feb5d9fea6a5        2 years ago         13.3kB

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS                          PORTS               NAMES
6a0a34da1039        hello-world         "/hello"            About a minute ago   Exited (0) About a minute ago                       happy_mahavira

2.启动容器的流程

开始  ----》   Docker在本机寻找镜像   ----》   判断是否有   -----》  没有就去镜像仓库下载，有的话就直接运行

3.启动容器的用法

docker run [选项] [镜像名] [shell命令] [参数]

-i              #Keep STDIN open even if not attached，通常和-t一起使用
-t              #分配pseudo-TTY，通常和-i一起使用,注意对应的容器必须运行shell才支持进入
-d              #台后运行
--name          #为容器指定名称
-h              #容器主机名
--rm            #容器退出时自动移除容器
-P              #随机端口映射，容器内部端口随机映射到主机的端口
-p              #指定端口映射，格式为：主机(宿主)端口:容器端口
--dns           #自定义dns服务器
--entrypoint    #指定镜像的默认入口命令
--restart       #可以指定policy
--privileged    #向容器授予扩展权限
-e              #设置环境变量
--ulimit        #指定ulimit限制配置

1 policy

2 容器启动后

注意: 容器启动后,如果容器内没有前台运行的进程,将自动退出停止
从容器内退出,并停止容器

exit

从容器内退出,且容器不停止

同时按三个键，ctrl+p+q

3 运行容器

#没有指定名字容器，名字是随机的
[root@c7-docker-node1-71 ~]# docker run alpine

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
783bb1faf7c5        alpine              "/bin/sh"           18 seconds ago      Exited (0) 17 seconds ago                       amazing_hugle

4 一次性运行容器

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                     PORTS               NAMES
cd71a36d853c        alpine              "echo 'Hello World'"   4 seconds ago       Exited (0) 3 seconds ago                       agitated_galois
783bb1faf7c5        alpine              "/bin/sh"              6 minutes ago       Exited (0) 6 minutes ago                       amazing_hugle

5 指定容器名称

[root@c7-docker-node1-71 ~]# docker run --name alpine_node1 alpine
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED              STATUS                          PORTS               NAMES
294a9c126835        alpine              "/bin/sh"              3 seconds ago        Exited (0) 2 seconds ago                            alpine_node1
cd71a36d853c        alpine              "echo 'Hello World'"   About a minute ago   Exited (0) About a minute ago                       agitated_galois
783bb1faf7c5        alpine              "/bin/sh"              8 minutes ago        Exited (0) 8 minutes ago                            amazing_hugle

6 运行交互式容器并退出

[root@c7-docker-node1-71 ~]# docker run --name alpine_node2 -it alpine sh
/ # exit

#退出后容器也停止了运行

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                      PORTS               NAMES
399f92419265        alpine              "sh"                   47 seconds ago      Exited (0) 30 seconds ago                       alpine_node2
294a9c126835        alpine              "/bin/sh"              5 minutes ago       Exited (0) 5 minutes ago                        alpine_node1
cd71a36d853c        alpine              "echo 'Hello World'"   7 minutes ago       Exited (0) 7 minutes ago                        agitated_galois
783bb1faf7c5        alpine              "/bin/sh"              13 minutes ago      Exited (0) 13 minutes ago                       amazing_hugle

#使用ctrl+p+q，容器仍处于运行状态
[root@c7-docker-node1-71 ~]# docker run --name alpine_node3 -it alpine sh
/ # [root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED              STATUS                          PORTS               NAMES
4a620973755d        alpine              "sh"                   8 seconds ago        Up 7 seconds                                        alpine_node3
399f92419265        alpine              "sh"                   About a minute ago   Exited (0) About a minute ago                       alpine_node2
294a9c126835        alpine              "/bin/sh"              5 minutes ago        Exited (0) 5 minutes ago                            alpine_node1
cd71a36d853c        alpine              "echo 'Hello World'"   7 minutes ago        Exited (0) 7 minutes ago                            agitated_galois
783bb1faf7c5        alpine              "/bin/sh"              14 minutes ago       Exited (0) 14 minutes ago                           amazing_hugle

7 设置容器内的主机名

[root@c7-docker-node1-71 ~]# docker run -it --name alpine-node4 -h a-node4-test alpine sh
/ # hostname
a-node4-test
/ # exit

8 一次性运行容器，退出后删除

#先清空一下容器
[root@c7-docker-node1-71 ~]# docker rm -f `docker ps -aq`
b8e4eef7256c
4a620973755d
399f92419265
294a9c126835
cd71a36d853c
783bb1faf7c5

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@c7-docker-node1-71 ~]# 

[root@c7-docker-node1-71 ~]# docker run --rm alpine echo "Hello world" ;docker ps -a
Hello world
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@c7-docker-node1-71 ~]#

9 守护式容器

能够长期运行

无需交互式会话

适合运行应用程序和服务

[root@c7-docker-node1-71 ~]# docker run -d --name nginx_node1 nginx
364b4b4c11684ac43180dbb86366e46cb9bb37fc3d7653ffc3efdc003c155a8d
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                          PORTS               NAMES
364b4b4c1168        nginx               "/docker-entrypoint.…"   7 seconds ago        Up 7 seconds                    80/tcp

#有些容器后台启动不会持续运行
[root@c7-docker-node1-71 ~]# docker run -d --name alpine_node1 alpine
a9d0f5bc7adb2479f757b4246c6fbee8cae604899da22f6dfbf97ca930b5da26
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                          PORTS               NAMES
364b4b4c1168        nginx               "/docker-entrypoint.…"   7 seconds ago        Up 7 seconds                    80/tcp              nginx_node1

#可以给他新开一个终端
[root@c7-docker-node1-71 ~]# docker run -d -it --name alpine_node2 alpine sh
16eb6c39a178bc3999a5fd01dff710fb4df32ec1e75bd33af53731341e54db61
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
16eb6c39a178        alpine              "sh"                2 seconds ago       Up 1 second                                     alpine_node2
a9d0f5bc7adb        alpine              "/bin/sh"           56 seconds ago      Exited (0) 55 seconds ago                       alpine_node1
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
16eb6c39a178        alpine              "sh"                5 seconds ago       Up 4 seconds                                    alpine_node2
a9d0f5bc7adb        alpine              "/bin/sh"           59 seconds ago      Exited (0) 58 seconds ago                       alpine_node

10 开机自动运行容器

[root@c7-docker-node1-71 ~]# docker run -d --name nginx --restart=always -p 80:80 nginx
bdd800c3628ab827c48ff6e9d22df2142ef22c3177b826923b93bb8c2476722c

[root@c7-docker-node1-71 ~]# reboot

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                       PORTS                NAMES
bdd800c3628a        nginx               "/docker-entrypoint.…"   8 minutes ago       Up 7 minutes                 0.0.0.0:80->80/tcp   nginx
364b4b4c1168        nginx               "/docker-entrypoint.…"   10 minutes ago      Exited (255) 7 minutes ago   80/tcp               nginx_node1
16eb6c39a178        alpine              "sh"                     11 minutes ago      Exited (255) 7 minutes ago                        alpine_node2
a9d0f5bc7adb        alpine              "/bin/sh"                12 minutes ago      Exited (0) 11 minutes ago                         alpine_node1

11 privileged

使用该参数，container内的root拥有真正的root权限。

否则，container内的root只是外部的一个普通用户权限。privileged启动的容器，可以看到很多host上 的设备，并且可以执行mount。甚至允许你在docker容器中启动docker容器。

[root@c7-docker-node1-71 ~]# docker run -it --privileged centos
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
a1d0c7532777: Pull complete 
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
[root@4cae66450a4f /]# 

[root@4cae66450a4f /]# df -hT
Filesystem     Type     Size  Used Avail Use% Mounted on
overlay        overlay   18G  7.6G   11G  43% /
tmpfs          tmpfs     64M     0   64M   0% /dev
tmpfs          tmpfs    1.9G     0  1.9G   0% /sys/fs/cgroup
shm            tmpfs     64M     0   64M   0% /dev/shm
/dev/sda3      xfs       18G  7.6G   11G  43% /etc/hosts
[root@4cae66450a4f /]# mount /dev/sda3 /mnt
[root@4cae66450a4f /]# df -hT
Filesystem     Type     Size  Used Avail Use% Mounted on
overlay        overlay   18G  7.6G   11G  43% /
tmpfs          tmpfs     64M     0   64M   0% /dev
tmpfs          tmpfs    1.9G     0  1.9G   0% /sys/fs/cgroup
shm            tmpfs     64M     0   64M   0% /dev/shm
/dev/sda3      xfs       18G  7.6G   11G  43% /mnt

[root@4cae66450a4f /]# echo hello world > /mnt/hello.txt
[root@4cae66450a4f /]# exit

[root@c7-docker-node1-71 ~]# lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda      8:0    0   20G  0 disk 
├─sda1   8:1    0  300M  0 part /boot
├─sda2   8:2    0    2G  0 part [SWAP]
└─sda3   8:3    0 17.7G  0 part /
sr0     11:0    1 1024M  0 rom  

[root@c7-docker-node1-71 ~]# ls /hello.txt 
/hello.txt

3、查看容器信息

1.显示当前存在的容器

docker ps [OPTIONS]

-a              #显示所有容器（默认显示正在运行）
-q              #仅显示数字ID
-s              #显示文件总大小
-f              #根据提供的条件过滤输出
-l              #显示最新创建的容器（包括所有状态）
-n              #显示上次创建的n个容器（包括所有状态）

[root@c7-docker-node1-71 ~]# docker run -it -d --name nginx_node1 -p 80:80 nginx
4a347455e128a2d7b651b941aa0beba48767c67edc91543192b90ef6b5f765e3

[root@c7-docker-node1-71 ~]# docker run -it -d --name centos_node1 centos
1eb67d0e0c470904cea0a51c59d54a291b15327bfe5ed8ebca2bfa42598e5fd2

[root@c7-docker-node1-71 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
1eb67d0e0c47        centos              "/bin/bash"              9 seconds ago       Up 9 seconds                             centos_node1
4a347455e128        nginx               "/docker-entrypoint.…"   45 seconds ago      Up 44 seconds       0.0.0.0:80->80/tcp   nginx_node1

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                      PORTS                NAMES
1eb67d0e0c47        centos              "/bin/bash"              28 seconds ago       Up 28 seconds                                    centos_node1
4a347455e128        nginx               "/docker-entrypoint.…"   About a minute ago   Up About a minute           0.0.0.0:80->80/tcp   nginx_node1
4cae66450a4f        centos              "/bin/bash"              24 minutes ago       Exited (0) 22 minutes ago                        wonderful_wing

[root@c7-docker-node1-71 ~]# docker ps -q
1eb67d0e0c47
4a347455e128

[root@c7-docker-node1-71 ~]# docker ps -a -s
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                      PORTS                NAMES               SIZE
1eb67d0e0c47        centos              "/bin/bash"              59 seconds ago       Up 58 seconds                                    centos_node1        0B (virtual 231MB)
4a347455e128        nginx               "/docker-entrypoint.…"   About a minute ago   Up About a minute           0.0.0.0:80->80/tcp   nginx_node1         1.09kB (virtual 141MB)
4cae66450a4f        centos              "/bin/bash"              25 minutes ago       Exited (0) 22 minutes ago                        wonderful_wing      80B (virtual 231MB)

[root@c7-docker-node1-71 ~]# docker ps -f 'status=exited'
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
4cae66450a4f        centos              "/bin/bash"         25 minutes ago      Exited (0) 23 minutes ago                       wonderful_wing

2.查看容器内的进程

docker top CONTAINER 

[root@c7-docker-node1-71 ~]# docker top nginx_node1
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                2989                2972                0                   16:41               pts/0               00:00:00            nginx: master process nginx -g daemon off;
101                 3042                2989                0                   16:41               pts/0               00:00:00            nginx: worker process
101                 3043                2989                0                   16:41               pts/0               00:00:00            nginx: worker process
101                 3044                2989                0                   16:41               pts/0               00:00:00            nginx: worker process
101                 3045                2989                0                   16:41               pts/0               00:00:00            nginx: worker process

3.查看容器资源使用情况

docker stats [OPTIONS] [CONTAINER...]

-a                  #显示所有容器（默认显示正在运行）

[root@c7-docker-node1-71 ~]# docker top nginx_node1
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                2989                2972                0                   16:41               pts/0               00:00:00            nginx: master process nginx -g daemon off;
101                 3042                2989                0                   16:41               pts/0               00:00:00            nginx: worker process
101                 3043                2989                0                   16:41               pts/0               00:00:00            nginx: worker process
101                 3044                2989                0                   16:41               pts/0               00:00:00            nginx: worker process
101                 3045                2989                0                   16:41               pts/0               00:00:00            nginx: worker process
[root@c7-docker-node1-71 ~]# 
[root@c7-docker-node1-71 ~]# docker stats centos_node1
CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT   MEM %               NET I/O             BLOCK I/O           PIDS
1eb67d0e0c47        centos_node1        0.00%               524KiB / 3.682GiB   0.01%               656B / 0B           0B / 0B             1

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT   MEM %               NET I/O             BLOCK I/O           PIDS
1eb67d0e0c47        centos_node1        0.00%               524KiB / 3.682GiB   0.01%               656B / 0B           0B / 0B             1

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT   MEM %               NET I/O             BLOCK I/O           PIDS
1eb67d0e0c47        centos_node1        0.00%               524KiB / 3.682GiB   0.01%               656B / 0B           0B / 0B             1
^C

[root@c7-docker-node1-71 ~]# docker stats

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
1eb67d0e0c47        centos_node1        0.00%               524KiB / 3.682GiB     0.01%               656B / 0B           0B / 0B             1
4a347455e128        nginx_node1         0.00%               3.102MiB / 3.682GiB   0.08%               656B / 0B           0B / 0B             5

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
1eb67d0e0c47        centos_node1        0.00%               524KiB / 3.682GiB     0.01%               656B / 0B           0B / 0B             1
4a347455e128        nginx_node1         0.00%               3.102MiB / 3.682GiB   0.08%               656B / 0B           0B / 0B             5

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
1eb67d0e0c47        centos_node1        0.00%               524KiB / 3.682GiB     0.01%               656B / 0B           0B / 0B             1
4a347455e128        nginx_node1         0.00%               3.102MiB / 3.682GiB   0.08%               656B / 0B           0B / 0B             5

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
1eb67d0e0c47        centos_node1        0.00%               524KiB / 3.682GiB     0.01%               656B / 0B           0B / 0B             1
4a347455e128        nginx_node1         0.00%               3.102MiB / 3.682GiB   0.08%               656B / 0B           0B / 0B             5
^C

4.查看容器的详细情况

docker inspect [OPTIONS] NAME|ID [NAME|ID...]

[root@c7-docker-node1-71 ~]# docker inspect nginx_node1
[
    {
        "Id": "4a347455e128a2d7b651b941aa0beba48767c67edc91543192b90ef6b5f765e3",
        "Created": "2024-02-16T08:41:26.648383595Z",
        "Path": "/docker-entrypoint.sh",
        "Args": [
            "nginx",
            "-g",
            "daemon off;"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 2989,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2024-02-16T08:41:27.276326743Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85",
        "ResolvConfPath": "/data/docker/containers/4a347455e128a2d7b651b941aa0beba48767c67edc91543192b90ef6b5f765e3/resolv.conf",
        "HostnamePath": "/data/docker/containers/4a347455e128a2d7b651b941aa0beba48767c67edc91543192b90ef6b5f765e3/hostname",
        "HostsPath": "/data/docker/containers/4a347455e128a2d7b651b941aa0beba48767c67edc91543192b90ef6b5f765e3/hosts",
        "LogPath": "/data/docker/containers/4a347455e128a2d7b651b941aa0beba48767c67edc91543192b90ef6b5f765e3/4a347455e128a2d7b651b941aa0beba48767c67edc91543192b90ef6b5f765e3-json.log",
        "Name": "/nginx_node1",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {
                    "max-file": "2",
                    "max-size": "300m"
                }
            },
            "NetworkMode": "default",
            "PortBindings": {
                "80/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "80"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Capabilities": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/data/docker/overlay2/b44aedd8d241e8edbe2a22e8e4bbe6eb84a3259197240905dec945492dc91493-init/diff:/data/docker/overlay2/dded97b866976ec5f858049db07b621d234379555e724db7104f9921cca7e5a0/diff:/data/docker/overlay2/c6e9fe71b1e2ecf6cf0bd66ebb8f7f90444a5388163fd4d934f219f7a6b47e00/diff:/data/docker/overlay2/d89694dca980205e7db1c36c5d312f2d379f3aae580e7b7c77b676b260df2d24/diff:/data/docker/overlay2/cd2e77a3e57fb7f613fa9eb5d2c135fb10ccf4a54bf8f8f60f9a9ee8328a4d61/diff:/data/docker/overlay2/6da0a344c5c7d42e536153d0a01166225b4373bde49d22c7a3126d92c9ce024c/diff:/data/docker/overlay2/3d33fc75a21355245238578d999b7990f5c1464b0347cefa340451bbcda10e7f/diff",
                "MergedDir": "/data/docker/overlay2/b44aedd8d241e8edbe2a22e8e4bbe6eb84a3259197240905dec945492dc91493/merged",
                "UpperDir": "/data/docker/overlay2/b44aedd8d241e8edbe2a22e8e4bbe6eb84a3259197240905dec945492dc91493/diff",
                "WorkDir": "/data/docker/overlay2/b44aedd8d241e8edbe2a22e8e4bbe6eb84a3259197240905dec945492dc91493/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "4a347455e128",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.5",
                "NJS_VERSION=0.7.1",
                "PKG_RELEASE=1~bullseye"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "Image": "nginx",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
            },
            "StopSignal": "SIGQUIT"
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "f226c9273d6b50671b37cbbf5a92b96ed1f31ce4d6042432328ed2bdd1679fc0",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "80/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "80"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/f226c9273d6b",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "6d222554d3d17c4dfdc89533ca77466a003519733287ea876719d763f49c2bed",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "8516248ce899d0f4e422088cf3c204579b6adb13f8b337dc919e0ea89d7e3702",
                    "EndpointID": "6d222554d3d17c4dfdc89533ca77466a003519733287ea876719d763f49c2bed",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

4、删除容器

docker rm [OPTIONS] CONTAINER [CONTAINER...]
docker container rm [OPTIONS] CONTAINER [CONTAINER...]

-f              #强制删除
-v              #删除与容器关联的卷

#删除停止的容器
docker container prune [OPTIONS]

-f              #强制删除

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                NAMES
1eb67d0e0c47        centos              "/bin/bash"              29 minutes ago      Up 29 minutes                                    centos_node1
4a347455e128        nginx               "/docker-entrypoint.…"   29 minutes ago      Up 29 minutes               0.0.0.0:80->80/tcp   nginx_node1
4cae66450a4f        centos              "/bin/bash"              53 minutes ago      Exited (0) 51 minutes ago                        wonderful_wing
[root@c7-docker-node1-71 ~]# docker rm -f 4cae
4cae
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
1eb67d0e0c47        centos              "/bin/bash"              29 minutes ago      Up 29 minutes                            centos_node1
4a347455e128        nginx               "/docker-entrypoint.…"   30 minutes ago      Up 30 minutes       0.0.0.0:80->80/tcp   nginx_node1

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
1eb67d0e0c47        centos              "/bin/bash"              29 minutes ago      Up 29 minutes                            centos_node1
4a347455e128        nginx               "/docker-entrypoint.…"   30 minutes ago      Up 30 minutes       0.0.0.0:80->80/tcp   nginx_node1
[root@c7-docker-node1-71 ~]# docker rm -f centos_node1
centos_node1
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
4a347455e128        nginx               "/docker-entrypoint.…"   30 minutes ago      Up 30 minutes       0.0.0.0:80->80/tcp   nginx_node1

5、容器的停止与启动

docker start|stop|restart|pause|unpause 容器ID

pause暂停
unpause恢复

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
4a347455e128        nginx               "/docker-entrypoint.…"   31 minutes ago      Up 31 minutes       0.0.0.0:80->80/tcp   nginx_node1
[root@c7-docker-node1-71 ~]# docker stop nginx_node1
nginx_node1
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
4a347455e128        nginx               "/docker-entrypoint.…"   32 minutes ago      Exited (0) 3 seconds ago                       nginx_node1

[root@c7-docker-node1-71 ~]# docker start nginx_node1
nginx_node1
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
4a347455e128        nginx               "/docker-entrypoint.…"   32 minutes ago      Up 4 seconds        0.0.0.0:80->80/tcp   nginx_node1

[root@c7-docker-node1-71 ~]# docker pause nginx_node1
nginx_node1
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                       PORTS                NAMES
4a347455e128        nginx               "/docker-entrypoint.…"   34 minutes ago      Up About a minute (Paused)   0.0.0.0:80->80/tcp   nginx_node1

[root@c7-docker-node1-71 ~]# docker unpause nginx_node1
nginx_node1
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
4a347455e128        nginx               "/docker-entrypoint.…"   34 minutes ago      Up 2 minutes        0.0.0.0:80->80/tcp   nginx_node1

6、给正在运行的容器发信号

docker kill [OPTIONS] CONTAINER [CONTAINER...]

7、进入正在运行的容器

注意：容器只有正在运行状态时，才能进入

1.使用attach命令

docker attach [OPTIONS] CONTAINER

docker attach 容器名，attach 类似于vnc，操作会在同一个容器的多个会话界面同步显示，所有使用此方式进入容器的操作都是同步显示的，且使用exit退出后容器自动关闭，不推荐使用，需要进入到有shell环境的容器

[root@c7-docker-node1-71 ~]# docker attach nginx_node1
2024/02/16 09:17:45 [notice] 26#26: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 23#23: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 25#25: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 1#1: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 24#24: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 26#26: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 24#24: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 23#23: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 1#1: signal 28 (SIGWINCH) received
2024/02/16 09:17:45 [notice] 25#25: signal 28 (SIGWINCH) received

2.使用exec命令

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

在运行中的容器启动新进程,可以执行单次命令，以及进入容器
测试环境使用此方式，使用exit退出,但容器还在运行，此为推荐方式

[root@c7-docker-node1-71 ~]# docker exec -it nginx_node1 sh
# exit

#容器不停止运行
[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
4a347455e128        nginx               "/docker-entrypoint.…"   38 minutes ago      Up 5 minutes        0.0.0.0:80->80/tcp   nginx_node1

8、暴露所有容器端口

docker run -P

容器启动后,默认处于预定义的NAT网络中,所以外部网络的主机无法直接访问容器中网络服务

docker run -P 可以将事先容器预定义的所有端口映射宿主机的网卡的随机端口，默认从32768开始使用随机端口 时,当停止容器后再启动可能会导致端口发生变化

[root@c7-docker-node1-71 ~]# docker run -it -P --name nginx_node2 nginx

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
6f3c83529b9c        nginx               "/docker-entrypoint.…"   20 seconds ago      Up 19 seconds       0.0.0.0:32768->80/tcp   nginx_node2
4a347455e128        nginx               "/docker-entrypoint.…"   About an hour ago   Up 37 minutes       0.0.0.0:80->80/tcp      nginx_node1

端口映射的本质就是利用NAT技术实现的

[root@c7-docker-node1-71 ~]# iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 1 packets, 71 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   104 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 1 packets, 71 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    2   293 RETURN     all  --  *      *       192.168.122.0/24     224.0.0.0/24        
    0     0 RETURN     all  --  *      *       192.168.122.0/24     255.255.255.255     
    0     0 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
    0     0 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24    
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.3           172.17.0.3           tcp dpt:80

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.17.0.2:80
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:32768 to:172.17.0.3:80

9、指定端口映射

docker run -p

注意: 多个容器映射到宿主机的端口不能冲突，但容器内使用的端口可以相同

[root@c7-docker-node1-71 ~]# docker run -it -d --name nginx_node1 -p 80:80 nginx

[root@c7-docker-node1-71 ~]# docker run -it -d --name nginx_node3 -p 81:80 nginx
7338198112b4423ab531acbf7e0bf81064dee11676e26c872018fded390bf039

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
7338198112b4        nginx               "/docker-entrypoint.…"   4 seconds ago       Up 3 seconds        0.0.0.0:81->80/tcp      nginx_node3
6f3c83529b9c        nginx               "/docker-entrypoint.…"   3 minutes ago       Up 3 minutes        0.0.0.0:32768->80/tcp   nginx_node2
4a347455e128        nginx               "/docker-entrypoint.…"   About an hour ago   Up 40 minutes       0.0.0.0:80->80/tcp      nginx_node1

10、查看容器的日志

docker logs 

可以查看容器中运行的进程在控制台的标准输出和标准错误，一般对应是日志信息

[root@c7-docker-node1-71 ~]# docker logs nginx_node3
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/02/16 09:54:37 [notice] 1#1: using the "epoll" event method
2024/02/16 09:54:37 [notice] 1#1: nginx/1.21.5
2024/02/16 09:54:37 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2024/02/16 09:54:37 [notice] 1#1: OS: Linux 3.10.0-1160.el7.x86_64
2024/02/16 09:54:37 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/02/16 09:54:37 [notice] 1#1: start worker processes
2024/02/16 09:54:37 [notice] 1#1: start worker process 31
2024/02/16 09:54:37 [notice] 1#1: start worker process 32
2024/02/16 09:54:37 [notice] 1#1: start worker process 33
2024/02/16 09:54:37 [notice] 1#1: start worker process 34

[root@c7-docker-node1-71 ~]# docker logs --tail 3 nginx_node3
2024/02/16 09:54:37 [notice] 1#1: start worker process 32
2024/02/16 09:54:37 [notice] 1#1: start worker process 33
2024/02/16 09:54:37 [notice] 1#1: start worker process 34

11、容器内部的hosts文件

容器会自动将容器的ID加入自已的/etc/hosts文件中，并解析成容器的IP

[root@c7-docker-node1-71 ~]# docker run -it --name centos_node1 centos
[root@d02817a3897e /]# cat /etc/hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.5  d02817a3897e

修改容器的 hosts文件

[root@c7-docker-node1-71 ~]# docker run -it --rm --add-host www.jiutingqiu.com:172.29.7.45 --name centos_node2 centos
[root@f5cff7ef2979 /]# cat /etc/hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.29.7.45 www.jiutingqiu.com
172.17.0.5  f5cff7ef2979

#配置文件指定DNS和搜索domain名
[root@c7-docker-node1-71 ~]# cat /etc/docker/daemon.json 
{
"registry-mirrors": [
    "https://si7y70hh.mirror.aliyuncs.com/" 
 ],
"dns" : ["114.114.114.114", "119.29.29.29"],
"graph": "/data/docker",
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-opts": {
   "max-size": "300m",
   "max-file": "2"
 },
"live-restore": true
}

[root@c7-docker-node1-71 ~]# systemctl restart docker

12、指定容器 DNS

容器的dns服务器，默认采用宿主机的dns 地址，可以用下面方式指定其它的DNS地址

将dns地址配置在宿主机
在容器启动时加选项 --dns=x.x.x.x
在/etc/docker/daemon.json 文件中指定

1.命令行指定dns

[root@c7-docker-node1-71 ~]# docker run -it --rm --dns 8.8.8.8 centos bash
[root@d434622d57be /]# cat /etc/resolv.conf 
nameserver 8.8.8.8

2.配置文件指定DNS和搜索domain名

[root@c7-docker-node1-71 ~]# cat /etc/docker/daemon.json 
{
"registry-mirrors": [
    "https://si7y70hh.mirror.aliyuncs.com/" 
 ],
"dns" : ["114.114.114.114", "119.29.29.29"],
"graph": "/data/docker",
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-opts": {
   "max-size": "300m",
   "max-file": "2"
 },
"live-restore": true
}

[root@c7-docker-node1-71 ~]# systemctl restart docker

[root@c7-docker-node1-71 ~]# docker run -it --rm  centos bash
[root@1e79cfe0f639 /]# cat /etc/resolv.conf 
nameserver 114.114.114.114
nameserver 119.29.29.29

13、容器内和宿主机之间复制文件

不论容器的状态是否运行，复制都可以实现

#将容器内文件复制到宿主机
[root@c7-docker-node1-71 ~]# docker cp -a centos:/etc/hosts .

[root@c7-docker-node1-71 ~]# cat hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2  758b3123ca54

#将宿主机文件复制到容器内
[root@c7-docker-node1-71 ~]# docker cp -a /etc/resolv.conf centos:/tmp/
[root@c7-docker-node1-71 ~]# docker start centos
centos
[root@c7-docker-node1-71 ~]# docker exec -it centos sh
sh-4.4# cat /tmp/resolv.conf 
# Generated by NetworkManager
nameserver 114.114.114.114

14、传递环境变量

有些容器运行时，需要传递变量，可以使用 -e <参数> 或 --env-file <参数文件> 实现

[root@c7-docker-node1-71 ~]# docker run --name mysql -v /data/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=123456 -d -p 3306:3306 mysql:5.7
a9b2a23d8005c5b5bfbb237b0afc53f8df3dd96f0e85a7d988b7e0ac38207977

[root@c7-docker-node1-71 ~]# docker exec -it mysql bash
root@a9b2a23d8005:/# mysql -u root -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.36 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wordpress          |
+--------------------+
5 rows in set (0.00 sec)

mysql> 

15、导出和导出容器文件系统

docker export 和 docker save 都可以用于将 Docker 的内容导出到本地文件系统，但是它们用途和效果是不同的

docker export：此命令是用于将一个运行的或者停止的容器的文件系统导出为一个 tar 归档文件。需要注意的是， docker export 不会包含该容器的历史（也就是每个层的变更），并且也不会包含容器的环境变量、元数据和其他相关的配置信息。这意味着如果你导入一个用 docker export 导出的 tar 文件并运行，你得到的将是一个新的、干净的容器，没有之前容器的运行历史和配置。

save：此命令用于将一个或多个镜像导出为一个 tar 归档文件。与 docker export 不同，docker save 会完整地保存镜像的所有内容，包括每一层的变更、所有的元数据、所有的标签等。这意味着如果你导入一个用 docker save 导出的 tar 文件并运行，你得到的将是一个与原镜像完全一样的新镜像，包括所有的历史和配置。

[root@c7-docker-node1-71 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                               NAMES
a9b2a23d8005        mysql:5.7           "docker-entrypoint.s…"   2 minutes ago       Up 2 minutes        0.0.0.0:3306->3306/tcp, 33060/tcp   mysql
758b3123ca54        centos              "/bin/bash"              7 minutes ago       Up 5 minutes                                            centos
[root@c7-docker-node1-71 ~]# docker export mysql -o mysql.tar
[root@c7-docker-node1-71 ~]# scp mysql.tar root@172.29.7.61:/root
root@172.29.7.61's password: 
mysql.tar                                                                                                                          100%  427MB  85.3MB/s   00:05

[root@c7-memcached-61 ~]# docker import mysql.tar mysql:test
sha256:27d77c66c4c7740f8f675770c2900e5d9c9798f4a919e760bcbad7e9ee01e9cb
[root@c7-memcached-61 ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
mysql        test      27d77c66c4c7   9 seconds ago   442MB
<none>       <none>    605c77e624dd   2 years ago     141MB
mysql        5.7       c20987f18b13   2 years ago     448MB
[root@c7-memcached-61 ~]# docker run -it -d --name mysql_test mysql:test bash
d9c1e115d0e708fe05b4034d7250796927d514c77015dc130179c77785c34e27
[root@c7-memcached-61 ~]# docker exec -it mysql_test bash
root@d9c1e115d0e7:/#