docker安装与基本命令
Docker 安装Docker 是一个开源的应用容器引擎,主要利用 linux 内核 namespace 实现沙盒隔离,用cgroup 实现资源限制。Docker 支持三种不同的镜像层次存储的 drivers:aufs、devicemapper、btrfs ;Aufs:AUFS (AnotherUnionFS) 是一种 Union FS, 简单来说就是支持将不同目录挂载到同
文章共3,690字 · 阅读需要大约13分钟
Docker 安装
Docker 是一个开源的应用容器引擎,主要利用 linux 内核 namespace 实现沙盒隔离,用
cgroup 实现资源限制。
Docker 支持三种不同的镜像层次存储的 drivers:
aufs、devicemapper、btrfs ;
Aufs:
AUFS (AnotherUnionFS) 是一种 Union FS, 简单来说就是支持将不同目录挂载到同一个虚拟文件系统下 (unite several directories into a singlevirtual filesystem) 的 文 件 系 统 。 Aufsdriver 是 docker 最早支持的 driver,但是 aufs 只是 linux 内核的一个补丁集而且不太可以会被合并加入到 linux 内核中。但是由于 aufs 是唯一一个 storage driver 可以实现容器间共享可执行及可共享的运行库, 所以当你跑成千上百个拥有相同程序代码或者运行库时时候,aufs是个相当不错的选择。
Device Mapper:
Device mapper 是 Linux 2.6 内核中提供的一种从逻辑设备到物理设备的映射框架机制,在该机制下,用户可以很方便的根据自己的需要制定实现存储资源的管理策略 ( 详
见:http://www.ibm.com/developerworks/cn/linux/l-devmapper/index.html) 。
Device mapper driver 会创建一个 100G 的简单文件包含你的镜像和容器。每一个容器被限制在10G大小的卷内。( 如 果 想 要 调 整 , 参考 :http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/ 。 中 文 译 文 :http://zhumeng8337797.blog.163.com/blog
static/100768914201452405120107/ )
你可以在启动 docker daemon 时用参数-s 指定 driver:docker -d -s devicemapper ;
Btrfs:
Btufs driver 在 docker build 可以很高效。但是跟 devicemapper 一样不支持设备间共享存储(文档里是 does not share executable memory between devices)。
在没有aufs 支 持 的 linux 发 行 版 本 上 (CentOS,opensuse 等 ) 安 装 docker 可 能 就 使 用 了devicemapper driver。
实验环境:rhel7.2
# rpm -ivh docker-engine-1.10.3-1.el7.centos.x86_64.rpm
# systemctl start docker
# rpm -ivh docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm
容器管理
# docker run -it --name vm1 ubuntu bash
# docker ps -a
# docker attach vm1
# docker top vm1
查看容器进程
创建容器
查看容器状态
连接容器
# docker logs vm1 查看容器指令输出 -f 参数可以实时查看
# docker inspect vm1 查看容器详情
# docker stats vm1 查看容器资源使用率
# docker diff vm1 查看容器修改# docker run -d --name vm1 ubuntu bash -c "while true; do echo westos; sleep 1; done"
行
# docker stop vm1 停止容器
# docker start vm1 启动容器
# docker kill vm1 强制干掉容器
# docker restart vm1 重启容器
# docker pause/unpause vm1
# docker rm vm1
暂停/恢复容器
删除容器
# docker export vm1 > vm1.tar
# docker import vm1.tar image
导出容器
导入容器为镜像 image
后台运镜像管理
镜像用来创建容器,是容器的只读模板,默认可以从 docker hub 上下载。docker 的镜像是增量修改,每次创建新的镜像都会在父镜像上构建一个增量的层,基于 AUFS 术。
# docker search
# docker pull
# docker push
查询镜像
拉取镜像
推送镜像
镜像默认可以从 docker hub 上下载,这是 docker 官方的公共仓库,为我们免费提供了大量已经容器化的应用镜像,避免我们重复的去造轮子。但是官方并没有在国内部署务器,如果你不走 vpn 的话真的是太慢了,报错和超时让人非常的郁闷。
给大家介绍个可以快速下载镜像的好办法:www.daocloud.io 为我们提供了永久免费的加速器服务,相当于 docker hub 在国内的缓存服务器,我测试过真的是又快又爽。
首先你需要在此网站上注册一个帐号,加速器需要和 Daocloud ID 绑定才能正常工作。注册后进入加速器页面,按照提示选择你的自有主机的系统类型,我使用的是 rhel7,直接选择centos 就可以。(rhel6 内核太旧不支持)
安装 Docker 官方的最新发行版(如果本机已经安装了 docker,可以跳过)
# curl -sSL https://get.daocloud.io/docker | sh
# chkconfig docker on
# systemctl start docker
# systemctl status docker
实际操作:
lftp 172.25.254.251:/pub/docs/docker> get docker-engine-1.10.3-1.el7.centos.x86_64.rpm ##下载docker安装包
10059436 bytes transferred
lftp 172.25.254.251:/pub/docs/docker> get docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm
28728 bytes transferred
lftp 172.25.254.251:/pub/docs/docker> quit
lftp 172.25.254.251:/pub/docs/docker> get ubuntu.tar ##下载镜像文件
197081088 bytes transferred in 2 seconds (111.61M/s)
lftp 172.25.254.251:/pub/docs/docker> get rhel7.tar
147112448 bytes transferred in 1 second (111.44M/s)
lftp 172.25.254.251:/pub/docs/docker> quit
[root@foundation13 Desktop]# rpm -ivh docker-engine-1.10.3-1.el7.centos.x86_64.rpm ##安装docker软件
warning: docker-engine-1.10.3-1.el7.centos.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 2c52609d: NOKEY
Preparing... ################################# [100%]
package docker-engine-1.10.3-1.el7.centos.x86_64 is already installed
[root@foundation13 Desktop]# rpm -ivh docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm
warning: docker-engine-selinux-1.10.3-1.el7.centos.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID 2c52609d: NOKEY
Preparing... ################################# [100%]
package docker-engine-selinux-1.10.3-1.el7.centos.noarch is already installed
[root@foundation13 Desktop]# docker load -i ubuntu.tar
[root@foundation13 Desktop]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 test bcc4b10e5149 8 days ago 230.3 MB
rhel7 yum a48d0a72e926 8 days ago 197.3 MB
<none> <none> 8eab6dd8e27e 8 days ago 197.3 MB
<none> <none> 3c8424d56fa7 8 days ago 230.3 MB
<none> <none> 800e65faa592 8 days ago 230.3 MB
<none> <none> 3c4a4d242c41 8 days ago 230.3 MB
<none> <none> a861cf69d063 8 days ago 200.3 MB
<none> <none> 66dc9f6c04ac 8 days ago 230.3 MB
<none> <none> abe0e95ee2e4 8 days ago 196.4 MB
<none> <none> 7cf7ef17aebf 8 days ago 196.4 MB
rhel7 ssh 7b8aa3d331cc 8 days ago 185.1 MB
rhel7 apache 204e4377692c 8 days ago 200.7 MB
composehaproxyweb_web1 latest 10b48dc547ba 5 weeks ago 169.3 MB
composehaproxyweb_web3 latest 72d644ac11a5 5 weeks ago 169.3 MB
composehaproxyweb_web2 latest 0cee10a0cf5a 5 weeks ago 169.3 MB
<none> <none> 7907c3c83595 5 weeks ago 140.2 MB
<none> <none> 1a3bfd20357f 5 weeks ago 676.8 MB
<none> <none> efb8a26b7b63 5 weeks ago 676.8 MB
<none> <none> 8d11a3f29c7d 5 weeks ago 676.8 MB
python 2.7 e4a554df875e 13 months ago 676.8 MB
haproxy latest fbd1f55f79b3 13 months ago 139.1 MB
172.25.254.13:5000/nginx v1 af4b3d7d5401 14 months ago 190.5 MB
localhost:5000/nginx latest af4b3d7d5401 14 months ago 190.5 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
registry 2.3.1 83139345d017 14 months ago 165.8 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
redis latest 4f5f397d4b7c 14 months ago 177.5 MB
swarm latest a44ce04d6d59 14 months ago 18.11 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation13 Desktop]# docker run -it --name vm1 ubuntu ##依靠ubuntu镜像来创造文件
[root@foundation13 Desktop]# docker run -it --name vm2 ubuntu
root@9dbe3e02470e:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:06:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.6.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:602/64 scope link
valid_lft forever preferred_lft forever
[root@foundation13 Desktop]# docker rm vm1
vm1
[root@foundation13 Desktop]# docker ps ##显示正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dbe3e02470e ubuntu "/bin/bash" 3 minutes ago Up 3 minutes vm2
[root@foundation13 Desktop]# docker rm vm2 ##删除容器
Failed to remove container (vm2): Error response from daemon: Conflict, You cannot remove a running container. Stop the container before attempting removal or use -f
[root@foundation13 Desktop]# docker stop 9dbe3e02470e
9dbe3e02470e
[root@foundation13 Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation13 Desktop]# docker ps -a ##显示所有容器进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dbe3e02470e ubuntu "/bin/bash" 4 minutes ago Exited (0) 15 seconds ago vm2
d88e571b6359 registry:2.3.1 "/bin/registry /etc/d" 8 days ago Exited (2) 8 days ago registry-auth
0cb480e8e9ff registry:2.3.1 "htpasswd -Bbn user1 " 8 days ago Exited (0) 8 days ago dreamy_mccarthy
322a6f14be45 registry:2.3.1 "htpasswd -Bbn admin " 8 days ago Exited (0) 8 days ago desperate_shaw
50c17c4b25fa registry:2.3.1 "/bin/registry /etc/d" 8 days ago Exited (2) 8 days ago registry
a92c5f973746 rhel7:test "/usr/bin/supervisord" 8 days ago Exited (0) 8 days ago super
[root@foundation13 Desktop]# docker run -it --name vm1 ubuntu
root@b48379f836d3:/# exit
[root@foundation13 Desktop]# docker attach vm1
You cannot attach to a stopped container, start it first ##先打开容器
[root@foundation13 Desktop]# docker start vm1
vm1
[root@foundation13 Desktop]# docker attach vm1
root@b48379f836d3:/#
root@b48379f836d3:/# exit
exit
[root@foundation13 Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation13 Desktop]# docker run -d nginx
8a6ecf0384b0584cc5b3f5e536ffdd711ce3253d6fbb8a0a9e894dfb79523e76
[root@foundation13 Desktop]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8a6ecf0384b0 nginx "nginx -g 'daemon off" 20 seconds ago Up 16 seconds 80/tcp, 443/tcp agitated_heyrovsky
[root@foundation13 Desktop]# for i in {1..10};do docker run -d nginx;done ##批量化建立容器
470e5bfe5640ca5fd56a8887fe488a681400d54ba951457f534210ce3d98db17
08be6950c89a45cd0dbbebd8164e25bfe62b420567442b43698ec7035ae154d5
8e2f48435825b66663ef91ac1359370dd54b4c5bf9cd8c7730b037f6b4207630
0141d285d5b9cd215bb9cefc1afa7d1378c4b04e8344477b1153320a4e28c039
6098a5655056474e25110bfa9caf6c0fb875fb5541922d48ca5a7cd7dcb1d636
868de2494979303e1ffffa82d3123c520de6456b7a9636625f0bb0804c4ffb14
e4b94f643e60c42e4ff1c3afab32b640ccac218551e0e943f94a045394f64035
8e56543ce929590399d090ee4266a33b7a5b5a40bd8d060f64d6145d5b57c926
95233f3f54d6615a52fb700d84eead5fd645bf546a4ccf0fe687d72d4f76d35b
ea6b592319b31e29db96b328944f653d4f2d28174882db105774cd0d4e26e14a
[root@foundation13 Desktop]# docker ps -aq
ea6b592319b3
95233f3f54d6
8e56543ce929
e4b94f643e60
868de2494979
6098a5655056
0141d285d5b9
8e2f48435825
08be6950c89a
470e5bfe5640
8a6ecf0384b0
b48379f836d3
9dbe3e02470e
d88e571b6359
0cb480e8e9ff
322a6f14be45
50c17c4b25fa
a92c5f973746
[root@foundation13 Desktop]# docker stop `docker ps -aq`
ea6b592319b3
95233f3f54d6
8e56543ce929
e4b94f643e60
868de2494979
6098a5655056
0141d285d5b9
8e2f48435825
08be6950c89a
470e5bfe5640
8a6ecf0384b0
b48379f836d3
9dbe3e02470e
d88e571b6359
0cb480e8e9ff
322a6f14be45
50c17c4b25fa
a92c5f973746
[root@foundation13 Desktop]# docker rm `docker ps -aq`
ea6b592319b3
95233f3f54d6
8e56543ce929
e4b94f643e60
868de2494979
6098a5655056
0141d285d5b9
8e2f48435825
08be6950c89a
470e5bfe5640
8a6ecf0384b0
b48379f836d3
9dbe3e02470e
d88e571b6359
0cb480e8e9ff
322a6f14be45
50c17c4b25fa
a92c5f973746
[root@foundation13 Desktop]# docker run -it --name vm1 ubuntu
root@7db8e541f527:/# touch file{1..10}
root@7db8e541f527:/# ls
bin etc file2 file5 file8 lib mnt root srv usr
boot file1 file3 file6 file9 lib64 opt run sys var
dev file10 file4 file7 home media proc sbin tmp
root@7db8e541f527:/# [root@foundation13 Desktop]#
[root@foundation13 Desktop]# docker commit vm1 ubuntu:v1 ##提交文件至仓库
sha256:efb7eb24924755e55f310c8c3b720868a0401a3017b236d56000b7fac5152319
[root@foundation13 Desktop]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 efb7eb249247 12 seconds ago 187.9 MB
rhel7 test bcc4b10e5149 8 days ago 230.3 MB
rhel7 yum a48d0a72e926 8 days ago 197.3 MB
<none> <none> 8eab6dd8e27e 8 days ago 197.3 MB
<none> <none> 3c8424d56fa7 8 days ago 230.3 MB
<none> <none> 800e65faa592 8 days ago 230.3 MB
<none> <none> 3c4a4d242c41 8 days ago 230.3 MB
<none> <none> a861cf69d063 8 days ago 200.3 MB
<none> <none> 66dc9f6c04ac 8 days ago 230.3 MB
<none> <none> abe0e95ee2e4 8 days ago 196.4 MB
<none> <none> 7cf7ef17aebf 8 days ago 196.4 MB
rhel7 ssh 7b8aa3d331cc 8 days ago 185.1 MB
rhel7 apache 204e4377692c 9 days ago 200.7 MB
composehaproxyweb_web1 latest 10b48dc547ba 5 weeks ago 169.3 MB
composehaproxyweb_web3 latest 72d644ac11a5 5 weeks ago 169.3 MB
composehaproxyweb_web2 latest 0cee10a0cf5a 5 weeks ago 169.3 MB
<none> <none> 7907c3c83595 5 weeks ago 140.2 MB
<none> <none> 1a3bfd20357f 5 weeks ago 676.8 MB
<none> <none> efb8a26b7b63 5 weeks ago 676.8 MB
<none> <none> 8d11a3f29c7d 5 weeks ago 676.8 MB
python 2.7 e4a554df875e 13 months ago 676.8 MB
haproxy latest fbd1f55f79b3 13 months ago 139.1 MB
172.25.254.13:5000/nginx v1 af4b3d7d5401 14 months ago 190.5 MB
localhost:5000/nginx latest af4b3d7d5401 14 months ago 190.5 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
registry 2.3.1 83139345d017 14 months ago 165.8 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
redis latest 4f5f397d4b7c 14 months ago 177.5 MB
swarm latest a44ce04d6d59 14 months ago 18.11 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation13 Desktop]# docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 efb7eb249247 52 seconds ago 187.9 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
[root@foundation13 Desktop]# docker run -it --name vm2 ubuntu:v1
root@051c94d071c5:/#
root@051c94d071c5:/#
root@051c94d071c5:/# ls
bin etc file2 file5 file8 lib mnt root srv usr
boot file1 file3 file6 file9 lib64 opt run sys var
dev file10 file4 file7 home media proc sbin tmp
root@051c94d071c5:/# exit
exit
[root@foundation13 Desktop]# docker history ubuntu:v1 ##显示ubuntu的history操作
IMAGE CREATED CREATED BY SIZE COMMENT
efb7eb249247 2 minutes ago /bin/bash 0 B
07c86167cdc4 14 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
220d2912ab1d 14 months ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/ 1.895 kB
cc77a2e3d72c 14 months ago /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic 194.5 kB
c8fa7cdceff3 14 months ago /bin/sh -c #(nop) ADD file:b9504126dc55908988 187.7 MB
[root@foundation13 ~]# docker cp tetris.sh vm2
must specify at least one container source ##要指定一个位置
[root@foundation13 ~]# docker cp tetris.sh vm2:/
[root@foundation13 ~]# docker attach vm2
You cannot attach to a stopped container, start it first
[root@foundation13 ~]# docker start vm2
vm2
[root@foundation13 ~]# docker attach vm2
root@051c94d071c5:/#
root@051c94d071c5:/# ls
bin etc file2 file5 file8 lib mnt root srv tmp
boot file1 file3 file6 file9 lib64 opt run sys usr
dev file10 file4 file7 home media proc sbin tetris.sh var
root@051c94d071c5:/# rm -f tetris.sh
root@051c94d071c5:/# ls
bin etc file2 file5 file8 lib mnt root srv usr
boot file1 file3 file6 file9 lib64 opt run sys var
dev file10 file4 file7 home media proc sbin tmp
[root@foundation13 ~]# docker export -o vm2.tar vm2 ##export后跟容器
[root@foundation13 ~]# docker save -o ubuntu.tar ubuntu:v1 ##save后跟镜像
[root@foundation13 ~]# docker save --help
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save an image(s) to a tar archive (streamed to STDOUT by default)
--help Print usage
-o, --output Write to a file, instead of STDOUT
[root@foundation13 ~]# docker export --help
Usage: docker export [OPTIONS] CONTAINER
Export a container's filesystem as a tar archive
--help Print usage
-o, --output Write to a file, instead of STDOUT
## save和export load和import 功能相似
[root@foundation13 ~]# docker info
Containers: 2
Running: 1
Paused: 0
Stopped: 1
Images: 119
Server Version: 1.10.3
Storage Driver: devicemapper
Pool Name: docker-253:0-84823701-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 2.759 GB
Data Space Total: 107.4 GB
Data Space Available: 104.6 GB
Metadata Space Used: 6.148 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.141 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2015-10-14)
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
Volume: local
Network: null host bridge
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.588 GiB
Name: foundation13.ilt.example.com
ID: CY7U:JGF5:WGWP:YBVI:LXFO:GMJO:EY4N:Q2HQ:C2DY:P35Z:6IIJ:OOCV
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
[root@foundation13 ~]# brctl show
bridge name bridge id STP enabled interfaces
br-9d44c918663c 8000.02426ef53e0b no
br0 8000.0021cc707e50 no enp0s25
vnet0
docker0 8000.0242c15c343a no veth9c5d0a7
virbr0 8000.525400d3197e yes virbr0-nic
virbr1 8000.525400151b20 yes virbr1-nic
[root@foundation13 ~]# ip addr show docker 0
Error: either "dev" is duplicate, or "0" is a garbage.
[root@foundation13 ~]# ip addr show docker0
11: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:c1:5c:34:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.6.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c1ff:fe5c:343a/64 scope link
valid_lft forever preferred_lft forever
[root@foundation13 ~]# iptables -t
filter mangle nat
[root@foundation13 ~]# iptables -t nat -nL ##端口伪装
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.6.0/24 0.0.0.0/0
MASQUERADE all -- 172.18.0.0/16 0.0.0.0/0
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
[root@foundation13 ~]# docker run -d --name web -p 8000:80 nginx ##端口伪装
48096c8acd6ab76d1a7d03437872c76d520d615d1a01a344768cd265e3695f12
[root@foundation13 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
48096c8acd6a nginx "nginx -g 'daemon off" 41 seconds ago Up 37 seconds 443/tcp, 0.0.0.0:8000->80/tcp web
7db8e541f527 ubuntu "/bin/bash" 24 minutes ago Up 24 minutes vm1
[root@foundation13 ~]# netstat -antlp |grep :8000
tcp6 0 0 :::8000 :::* LISTEN 11310/docker-proxy
[root@foundation13 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.6.3 tcp dpt:http
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
[root@foundation13 ~]# docker start vm2
vm2
[root@foundation13 ~]# docker attach vm2
root@051c94d071c5:/#
root@051c94d071c5:/# ls
bin etc file2 file5 file8 lib mnt root srv usr
boot file1 file3 file6 file9 lib64 opt run sys var
dev file10 file4 file7 home media proc sbin tmp
root@051c94d071c5:/# rm -f {1..5}
root@051c94d071c5:/# cp /etc/passwd
cp: missing destination file operand after '/etc/passwd'
Try 'cp --help' for more information.
root@051c94d071c5:/# cp /etc/passwd .
root@051c94d071c5:/# cp /etc/passwd [root@foundation13 ~]#
[root@foundation13 ~]# docker diff vm2 ##查看容器修改状态
C /root
A /root/.bash_history
A /passwd
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)