Docker -- 常用命令
Docker简单操作
image相关操作
╭─root@localhost.localdomain ~
╰─➤ docker image help
Usage: docker image COMMAND
Manage images
Commands:
build Build an image from a Dockerfile
#从dockerfile中创建镜像
history Show the history of an image
#可以显示镜像的构建历史 ;docker镜像分层构建,每一层都有一个指令
import Import the contents from a tarball to create a filesystem image
#从一个压缩包创建镜像
inspect Display detailed information on one or more images
#显示一个或多个image的详细信息
load Load an image from a tar archive or STDIN
#从tar包或STDIN加载image
ls List images
#列出images
prune Remove unused images
#删除未使用的images
pull Pull an image or a repository from a registry
#从registry(仓库)中拉取镜像
push Push an image or a repository to a registry
#推送镜像到registry(仓库)中
rm Remove one or more images
#删除一个或多个镜像
save Save one or more images to a tar archive (streamed to STDOUT by default)
#创建镜像压缩包
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
#改名image(原名文件保留)
实例1:拉取image(pull)
╭─root@localhost.localdomain ~
╰─➤ docker image pull busybox
# docker image pull --help
Usage: docker image pull [OPTIONS] NAME[:TAG|@DIGEST]
##注意:如果在拉取镜像的时候只指定了REPOSITORY的话,默认拉取的是tag为latest的版本
实例2:查看当前有哪些镜像 (ls)
╭─root@localhost.localdomain ~
╰─➤ docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest db8ee88ad75f 3 weeks ago 1.22MB
实例3: 查看镜像构建历史 (history)
╭─root@localhost.localdomain ~
╰─➤ docker image history busybox:latest
IMAGE CREATED CREATED BY SIZE COMMENT
db8ee88ad75f 3 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:9ceca008111a4ddff… 1.22MB
实例4:制作镜像压缩包 (save)
方法一:使用-o选项,output
╭─root@localhost.localdomain ~
╰─➤ docker image save busybox -o busybox-latest.tar
╭─root@localhost.localdomain ~
╰─➤ ls
anaconda-ks.cfg busybox-latest.tar docker-sbeed.sh
方法二:使用标准输出
╭─root@localhost.localdomain ~
╰─➤ docker image save busybox > busybox-v1.tar
╭─root@localhost.localdomain ~
╰─➤ ls
anaconda-ks.cfg busybox-latest.tar busybox-v1.tar docker-sbeed.sh
实例5:使用镜像压缩包 (load)
方法一:使用-i选项 input
╭─root@localhost.localdomain ~
╰─➤ docker image load -i busybox-latest.tar
Loaded image: busybox:latest
╭─root@localhost.localdomain ~
╰─➤ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest db8ee88ad75f 3 weeks ago 1.22MB
方法二:实用标准输入
docker image load < busybox-latest.tar
实例6:删除镜像 (rm)
docker image rm busybox:latest
实例7:镜像改名 (tag)
╭─root@localhost.localdomain ~
╰─➤ docker image tag busybox:latest busybox:v1
╭─root@localhost.localdomain ~
╰─➤ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest db8ee88ad75f 3 weeks ago 1.22MB
busybox v1 db8ee88ad75f 3 weeks ago 1.22MB
例子8:清除不经常使用的镜像 (prune)
╭─root@localhost.localdomain ~
╰─➤ docker image prune -f
Total reclaimed space: 0B
Container(容器)操作
╭─root@localhost.localdomain ~
╰─➤ docker container --help
Usage: docker container COMMAND
Manage containers
Commands:
attach Attach local standard input, output, and error streams to a running container
#将本地标准输入、输出和错误输出追加到正在运行的容器中
commit Create a new image from a container's changes
#从容器的更改中创建一个新image
cp Copy files/folders between a container and the local filesystem
#在容器和本地文件系统之间复制文件/文件夹
create Create a new container
#创建一个新容器
diff Inspect changes to files or directories on a container's filesystem
#检查容器文件系统上文件或目录的更改
exec Run a command in a running container
#在正在运行的容器中运行命令(进入容器)
export Export a container's filesystem as a tar archive
#将容器的文件系统导出为tar包
inspect Display detailed information on one or more containers
#在一个或多个容器上显示详细信息
kill Kill one or more running containers
#杀死一个或多个正在运行的容器
logs Fetch the logs of a container
#获取容器的日志
ls List containers
#列出容器(containers)
pause Pause all processes within one or more containers
#暂停一个或多个容器中的所有进程
port List port mappings or a specific mapping for the container
#列出容器的端口映射或特定映射
prune Remove all stopped containers
#移除所有停止的容器
rename Rename a container
#给容器改名
restart Restart one or more containers
#重启一个或多个容器
rm Remove one or more containers
#删除一个或多个容器
run Run a command in a new container
#在新容器中运行命令
start Start one or more stopped containers
#启动一个或多个停止的容器(stopped)
stats Display a live stream of container(s) resource usage statistics
#实时显示容器资源使用统计数据
stop Stop one or more running containers
#停止一个或多个正在运行的容器
top Display the running processes of a container
#显示容器的运行进程
unpause Unpause all processes within one or more containers
#继续运行paused状态的容器
update Update configuration of one or more containers
#更新一个或多个容器的配置
wait Block until one or more containers stop, then print their exit codes
#阻塞,直到一个或多个容器停止,然后打印它们的退出代码
ps #查看正在运行的容器
指定某容器的两种方法:CONTAINER-ID ,CONTAINER-NAME
实例1:运行容器 (run)
-i 交互模式
-t分配终端
╭─root@localhost.localdomain ~
╰─➤ docker container run -it busybox /bin/sh
/ # ls
bin dev etc home proc root sys tmp usr var
/ # exit
-d 后台运行
╭─root@localhost.localdomain ~
╰─➤ docker container run -d nginx-game:v1
--name 指定容器名字
-d 后台运行
--rm 容器停掉之后自动删除
╭─root@localhost.localdomain ~
╰─➤ docker container run --name nginx -d --rm nginx:latest
实例2:查看正在运行的容器 (ps)
╭─root@localhost.localdomain ~
╰─➤ docker container ps
查看所有容器
╭─root@localhost.localdomain ~
╰─➤ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b967cc0a7a67 busybox "sh" 9 hours ago Exited (0) 9 hours ago zealous_shaw
ee42b5eff0cd busybox "sh" 9 hours ago Exited (0) 9 hours ago intelligent_cerf
db206796c1a0 busybox "/bin/sh" 9 hours ago Exited (127) 9 hours ago admiring_northcutt
实例3:删除容器 (rm)
╭─root@localhost.localdomain ~
╰─➤ docker container rm b967cc0a7a67
b967cc0a7a67
批量删除容器
╭─root@localhost.localdomain ~
╰─➤ docker container rm $(docker ps -aq)
ee42b5eff0cd
db206796c1a0
Error response from daemon: You cannot remove a running container bb47bdca3639aaee6ed332a62fa00c7c0d768fa6a1f6a1d1e1864cab2770b622. Stop the container before attempting removal or force remove
# 不会删除正在运行的container
# rm 不能直接删除dead状态的container
强制删除
docker container rm -f b967cc0a7a67
实例4:查看容器信息 (inspect)
╭─root@localhost.localdomain ~
╰─➤ docker inspect db206796c1a0
...#详细信息
实例5:查看容器暴露的端口
方法1: (ps) (注意: 容器需在up运行状态)
╭─root@du-z ~
╰─➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
69fdffa4d862 nginx "nginx -g 'daemon of…" 13 seconds ago Up 11 seconds 0.0.0.0:32768->80/tcp frosty_swartz
方法2:(history)
╭─root@localhost.localdomain ~
╰─➤ docker image history e445ab08b2b |grep EXPOSE
<missing> 2 weeks ago /bin/sh -c #(nop) EXPOSE 80 0B
方法3: (inspect)
╭─root@localhost.localdomain ~
╰─➤ docker container inspect bb47bdca3639 |grep Ports -A3
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
--
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
--
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/ea04a98cd4ee",
实例6:查看容器运行状态 (stats)
╭─root@localhost.localdomain ~
╰─➤ docker container stats bb47bdca3639
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
bb47bdca3639 nginx 0.00% 1.387MiB / 976.5MiB 0.14% 648B / 0B 5.04MB / 0B 2
实例7:对容器内存使用量进行限制 (run -m)
╭─root@du-z ~
╰─➤ docker run -d --name nginx --rm -m 64M nginx
╭─root@du-z ~
╰─➤ docker stats nginx
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
fdec1b43873d nginx 0.00% 1.383MiB / 64MiB 2.16% 648B / 0B 0B / 0B 2
实例8:容器改名 (rename)
╭─root@du-z ~
╰─➤ docker rename nginx nginx1
╭─root@du-z ~
╰─➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fdec1b43873d nginx "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 80/tcp nginx1
实例9:停掉容器 (stop)
╭─root@du-z ~
╰─➤ docker stop 2ed61f50ef50
2ed61f50ef50
实例10:杀掉容器 (kill)
╭─root@du-z ~
╰─➤ docker kill 2ed61f50ef50
2ed61f50ef50
kill与stop的区别:
- kill: 强硬退出,直接退出 -9
- stop: 优雅退出 -15 ,给10秒钟退出准备,10秒后 kill -9
实例12:查看容器日志 (logs)
╭─root@du-z ~
╰─➤ docker container logs nginx1
# 持续监听日志
╭─root@du-z ~
╰─➤ docker container logs nginx1 -f
实例13:进入容器 (exec)
╭─root@du-z ~
╰─➤ docker exec -it nginx1 /bin/sh
# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
#
# exit
实例14:查看端口映射(port)
╭─root@du-z ~
╰─➤ docker port b4b75dcb00cc
80/tcp -> 192.168.137.3:32768
Container(容器)端口映射
- 端口映射使容器可以外部访问
第一类:把容器的端口随机映射为物理机的一个端口(-P 大写)
注意:使用-P选项,是把容器内所有expose的端口都映射为物理机的随机端口
╭─root@du-z ~
╰─➤ docker run -d -P nginx
╭─root@du-z ~
╰─➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
69fdffa4d862 nginx "nginx -g 'daemon of…" 13 seconds ago Up 11 seconds 0.0.0.0:32768->80/tcp frosty_swartz
╭─root@du-z ~
╰─➤ ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::32768 :::*
第二类:把容器的端口映射为物理机特定的一个端口(-p 小写)
注意:81 为物理机端口 80为容器端口
╭─root@du-z ~
╰─➤ docker run -d -p 81:80 nginx
╭─root@du-z ~
╰─➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fa0c51407f81 nginx "nginx -g 'daemon of…" 52 seconds ago Up 50 seconds 0.0.0.0:81->80/tcp elegant_fermat
╭─root@du-z ~
╰─➤ ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::81 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
第三类:把容器的端口映射为物理机特定网卡上的特定端口(-p 小写)
注意:192.168.137.3:81 <--->0.0.0.0:81
╭─root@du-z ~
╰─➤ docker run -d -p 192.168.137.3:81:80 nginx
╭─root@du-z ~
╰─➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d4fd0a2b72f9 nginx "nginx -g 'daemon of…" 13 seconds ago Up 11 seconds 192.168.137.3:81->80/tcp laughing_tu
╭─root@du-z ~
╰─➤ ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.137.3:81 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
第四类:把容器的端口映射为物理机特定网卡上的随机端口(-p 小写)
╭─root@du-z ~
╰─➤ docker run -d -p 192.168.137.3::80 nginx
╭─root@du-z ~
╰─➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b4b75dcb00cc nginx "nginx -g 'daemon of…" 5 seconds ago Up 4 seconds 192.168.137.3:32768->80/tcp loving_hellman
╭─root@du-z ~
╰─➤ ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 192.168.137.3:32768 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
两容器之间建立连接
命令参数
$ run --link name:alias
#其中:name一个运行中的容器名;alias 是这个连接的别名
#Docker 在两个互联的容器之间创建了一个安全隧道,而且不用映射它们的端口到宿主主机上
Docker 通过两种方式为容器公开连接信息:
- 环境变量
- 更新 /etc/hosts文件
示例:
#第一步:运行一个mysql容器取名mysqlname
╭─root@du-z ~
╰─➤ docker run -d -v /var/lib/mysql -e MYSQL_ROOT_PASSWORD=root --name mysqlname mysql
499490e40651b18d0fd37d4d91268f1c2af0b40c06dfb19b705b7b4ff87cd31c
#第二步:run --link 关联创建nginx容器
╭─root@du-z ~
╰─➤ docker run -d --link mysqlname:mysql nginx
2b90eb01945aae98f476bc23ac0766ab840b96a69b933b5b3bc999da5fc38271
#第三步:进入nginx容器查看环境变量
╭─root@du-z ~
╰─➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b90eb01945a nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp awesome_mcclintock
499490e40651 mysql "docker-entrypoint.s…" 8 minutes ago Up 8 minutes 3306/tcp, 33060/tcp mysqlname
╭─root@du-z ~
╰─➤ docker exec -it 2b90eb01945a sh
# env
MYSQL_PORT_33060_TCP=tcp://172.17.0.4:33060
HOSTNAME=2b90eb01945a
HOME=/root
PKG_RELEASE=1~buster
MYSQL_ENV_MYSQL_MAJOR=8.0
TERM=xterm
MYSQL_PORT_3306_TCP_ADDR=172.17.0.4
NGINX_VERSION=1.17.2
MYSQL_ENV_MYSQL_ROOT_PASSWORD=root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MYSQL_ENV_GOSU_VERSION=1.7
MYSQL_PORT_3306_TCP_PORT=3306
NJS_VERSION=0.3.3
MYSQL_PORT_3306_TCP_PROTO=tcp
MYSQL_PORT_33060_TCP_ADDR=172.17.0.4
MYSQL_PORT=tcp://172.17.0.4:3306
MYSQL_PORT_3306_TCP=tcp://172.17.0.4:3306
MYSQL_PORT_33060_TCP_PORT=33060
MYSQL_ENV_MYSQL_VERSION=8.0.17-1debian9
MYSQL_PORT_33060_TCP_PROTO=tcp
MYSQL_NAME=/awesome_mcclintock/mysql
commit制作镜像
- 制作镜像的两种方法:1.Dockerfile构建镜像 ,2.commit制作镜像
- Dockerfile构建镜像:https://www.cnblogs.com/du-z/p/11357120.html
第一步:运行容器
╭─root@du-z ~
╰─➤ docker run -d nginx
第二步:配置环境
# 略
第三步:进行commit提交,制作镜像
╭─root@du-z ~
╰─➤ docker commit -p b4b75dcb00c nginx-public:v1
sha256:0a23a33fc7f72598deb80d3c4fe16bca13804bd5b171be7f8ec9caef65db6d26
╭─root@du-z ~
╰─➤ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-public v1 0a23a33fc7f7 10 seconds ago 126MB
## 建议-p (pause)暂停制作镜像
第四步:把镜像制作成压缩包
╭─root@du-z ~
╰─➤ docker image save nginx-public:v1 > nginx-public.tar
╭─root@du-z ~
╰─➤ ls
anaconda-ks.cfg busybox:v1.tar docker-sbeed.sh nginx-public.tar
第五步:发送
# 略
第六步:使用
╭─root@du-z ~
╰─➤ docker image load < nginx-public.tar
0b9c86526c2e: Loading layer [==================================================>] 6.656kB/6.656kB
Loaded image: nginx-public:v1
╭─root@du-z ~
╰─➤ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-public v1 0a23a33fc7f7 8 minutes ago 126MB
私有仓库registry使用
第一步:拉取到registry镜像(查看镜像)
╭─root@node1 ~
╰─➤ docker pull registry
╭─root@node1 ~
╰─➤ docker image ls
╭─root@node1 ~
╰─➤ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest f32a97de94e1 5 months ago 25.8MB
第二步:查看镜像信息
╭─root@node1 ~
╰─➤ docker image history registry
IMAGE CREATED CREATED BY SIZE COMMENT
f32a97de94e1 5 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 5 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 5 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 5 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 5 months ago /bin/sh -c set -ex && apk add --no-cache… 1.29MB
<missing> 5 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 5 months ago /bin/sh -c #(nop) ADD file:38bc6b51693b13d84… 4.41MB
第三步:编写文件
╭─root@node1 ~
╰─➤ vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxx.mirror.aliyuncs.com"], #阿里云镜像加速地址(每人一个);结尾 “,” 不能省
"insecure-registries":["192.168.137.3:5000"] #允许不安全的镜像地址
}
第四步:重启docker
╭─root@node1 ~
╰─➤ systemctl restart docker
第五步:改镜像名
╭─root@node1 ~
╰─➤ docker image tag nginx 192.168.137.3:5000/nginx:v1
第六步:运行registry
╭─root@node1 ~
╰─➤ docker run -d -v /registry:/var/lib/registry -p 5000:5000 registry
e39972548aca665813421c1b4bff85acc08400d5d0d2810f441498efff94f997
# 绑定数据卷
# 做端口映射
╭─root@node1 ~
╰─➤ ls / # 查看自动创建/registry目录
bin dev home lib64 mnt proc root sbin sys usr webroom
boot etc lib media opt registry run srv tmp var
第七步:查看registry容器运行状态,并上传镜像
╭─root@node1 ~
╰─➤ docker ps |grep 5000
05df172e9cd2 registry "/entrypoint.sh /etc…" 5 minutes ago Up 5 minutes 0.0.0.0:5000->5000/tcp funny_swartz
╭─root@node1 ~
╰─➤ docker image tag nginx 192.168.137.3:5000/nginx:v1
第八步:查看
╭─root@node1 ~
╰─➤ ls /registry/docker/registry/v2/repositories/
nginx
其他人使用
第一步:编写docker daemon文件,并重启docker
╭─root@node2 ~
╰─➤ vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxx.mirror.aliyuncs.com"],
"insecure-registries":["192.168.137.3:5000"]
}
╭─root@node2 ~
╰─➤ systemctl restart docker
第二步:拉取镜像
╭─root@node2 ~
╰─➤ docker pull 192.168.137.3:5000/nginx:v1
v1: Pulling from nginx
f5d23c7fed46: Pull complete
918b255d86e5: Pull complete
8c0120a6f561: Pull complete
Digest: sha256:dc85890ba9763fe38b178b337d4ccc802874afe3c02e6c98c304f65b08af958f
Status: Downloaded newer image for 192.168.137.3:5000/nginx:v1
192.168.137.3:5000/nginx:v1