docker 容器
运行容器
退出快捷键 ctrl+p ctrl+q
查看容器
[root@mcw1 ~/mcwdocker]$ docker run centos pwd #运行容器后面接命令执行 / [root@mcw1 ~/mcwdocker]$ docker run centos ls / #运行容器后面接命令执行 bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var 以下都是查看容器的方式 [root@mcw1 ~/mcwdocker]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 3 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~/mcwdocker]$ docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 3 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~/mcwdocker]$ docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c801cf66983a centos "pwd" 2 minutes ago Exited (0) 2 minutes ago practical_easley 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 3 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~/mcwdocker]$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c801cf66983a centos "pwd" 2 minutes ago Exited (0) 2 minutes ago practical_easley 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 3 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick
让容器长期运行(包括停止容器和指定容器名称)
docker run --name "mcw_http_server" -d httpd docker run -d centos /bin/bash -c "while true;do sleep1;done" [root@mcw1 ~/mcwdocker]$ docker run centos /bin/bash -c "echo mcw" mcw [root@mcw1 ~/mcwdocker]$ docker run centos /bin/bash -c "while true;do sleep1;done" 这里ctrl+c都退不出,一直打印报错,打印信息,卡在这里呢,但是生成的容器并没有退出来 [root@mcw1 ~/mcwdocker]$ docker run -d centos /bin/bash -c "while true;do sleep1;done" 593e19b73a52cd89807d7c70df4c215de7b7a40516a40e75c3d7715ed91c8d9a #如果加上-d参数,就不会像上面那样卡住 [root@mcw1 ~/mcwdocker]$ 如下可以看到其它的都直接退出了,只有那个死循环的没有退出 [root@mcw1 ~/mcwdocker]$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e958b402e34f centos "/bin/bash -c 'echo …" 13 seconds ago Exited (0) 11 seconds ago serene_blackwell ca959ee8bbf0 centos "/bin/bash" 49 seconds ago Exited (0) 40 seconds ago brave_colden 61a2532809e2 centos "/bin/bash -c 'while…" 3 minutes ago Up 3 minutes dreamy_johnson 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 12 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick 停止容器 [root@mcw1 ~/mcwdocker]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 593e19b73a52 centos "/bin/bash -c 'while…" About a minute ago Up About a minute funny_booth [root@mcw1 ~/mcwdocker]$ docker stop 593e 593e [root@mcw1 ~/mcwdocker]$
停止所有容器:
[root@mcw1 ~/mcwdocker]$ docker stop `docker ps -q`
98a061dffafc
删除所有容器:
[root@mcw1 ~/mcwdocker]$ docker rm `docker ps -a -q`
98a061dffafc
7c30a69d0e33
指定容器名称运行 [root@mcw1 ~/mcwdocker]$ docker run --name "mcw_http_server" -d httpd 60ca2aa7d7baec2d2026117210ca6e10872ef6046ea51a93155be9127bcfce23 [root@mcw1 ~/mcwdocker]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 60ca2aa7d7ba httpd "httpd-foreground" About a minute ago Up 48 seconds 80/tcp mcw_http_server
进入容器的两种方法
@attach方法
进入之后,一直打印,啥也干不了。也退不出,还是重新连接的xhell会话
[root@mcw1 ~/mcwdocker]$ docker run -d centos /bin/bash -c "while true;do sleep 1; echo I_am_in_container;done" d08edd6a0dae08d6e01eb133232db4fb876f3eed4d02d2a834abf08a7ff63452 [root@mcw1 ~/mcwdocker]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 14 seconds ago Up 12 seconds pensive_williams 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 40 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~/mcwdocker]$ docker attach d08e I_am_in_container I_am_in_container
@docker exec方法
还是刚刚死循环打印信息的那个容器。这个方法进去之后,就可以干点什么事情了
[root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 5 minutes ago Up 5 minutes pensive_williams 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 46 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker exec -it d08 bash [root@d08edd6a0dae /]# exit #退出容器, exit [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 6 minutes ago Up 6 minutes pensive_williams 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 46 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick
exec 进入的容器,快捷退出容器ctrl+d相当于执行exit命令,容器不停止运行。不过还是慎用
[root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 6 minutes ago Up 6 minutes pensive_williams 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 46 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker exec -it d08 bash [root@d08edd6a0dae /]# exit [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 8 minutes ago Up 8 minutes pensive_williams 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 48 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker exec -it d08 bash
查看启动命令的输出
[root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 11 minutes ago Up 11 minutes pensive_williams 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 2 hours ago Up 51 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker logs d08 #1 [root@mcw1 ~]$ docker logs -f d08 #2 I_am_in_container I_am_in_container ^C
推荐使用的-it运行容器,退出时容器停止,工具类
[root@mcw1 ~]$ docker run -it busybox / # wget www.baidu.com Connecting to www.baidu.com (110.242.68.4:80) saving to 'index.html' index.html 100% |**********************************************************************************************************************************| 2381 0:00:00 ETA 'index.html' saved / # exit [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 14 minutes ago Up 14 minutes pensive_williams 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 3 hours ago Up 54 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick
容器启动,停止和重启 (意外停自启)
docker stop d08
docker kill mcw_http_server
docker start id
docker run -d --restart=always centos /bin/bash -c "for i in 1;do sleep 10;done"
docker run -d --restart=on-failure:3 centos /bin/bash -c "for i in 1;do sleep 5;done"
[root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d08edd6a0dae centos "/bin/bash -c 'while…" 29 minutes ago Up 29 minutes pensive_williams 60ca2aa7d7ba httpd "httpd-foreground" 45 minutes ago Up 13 seconds 80/tcp mcw_http_server 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 3 hours ago Up About an hour 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker stop d08 #stop停止 d08 [root@mcw1 ~]$ docker kill mcw_http_server #kill停止 mcw_http_server [root@mcw1 ~]$ docker start d08 #启动可以通过id d08 [root@mcw1 ~]$ docker start mcw_http_server #启动可以通过名称 mcw_http_server [root@mcw1 ~]$ docker run -d --restart=always centos /bin/bash -c "for i in 1;do sleep 10;done" 34db3ac7c5a86c724756cb0e89028172981695ed6f48a03e12a79136efc6fb2c [root@mcw1 ~]$ docker ps #可以看到每运行十秒之后容器就退出,但是容器立马又重新启动了,应该只要不是手动停止,都会重新运行吧 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 34db3ac7c5a8 centos "/bin/bash -c 'for i…" 4 seconds ago Up 3
容器暂停和恢复(pause,unpause)
[root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 3 hours ago Up 2 hours 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker pause vigorous_golick vigorous_golick [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 3 hours ago Up 2 hours (Paused) 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker unpause vigorous_golick vigorous_golick [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 3 hours ago Up 2 hours 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick
删除容器
docker rm id
docker rm -v $(docker ps -aq -f status=exited)
资源限制
内存限额
-m或--memory:设置内存使用限额,例如:100M,2GB
--memory-swap:设置内存+swap的使用限额
只指定-m,不指定--memory-swap,那么默认是内存的两倍
docker run -m 200M --memory-swap=300M centos
--vm 1:启动一个内存工作线程
--vm-bytes 280M :每个工作线程分配280MB内存
docker run -it -m 200M --memory-swap=300M progrium/stress --vm 1 --vm-bytes 280
上面是内存200,交换300,一个内存线程,每个内存线程280
docker run -it -m 200M --memory-swap=300M progrium/stress --vm 1 --vm-bytes 310
上面是内存200,交换300,一个内存线程,每个内存线程310,超过之后容器停止
[root@mcw1 ~]$ docker run -it -m 200M --memory-swap=300M progrium/stress --vm 1 --vm-bytes 310M stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd stress: dbug: [1] using backoff sleep of 3000us stress: dbug: [1] --> hogvm worker 1 [7] forked stress: dbug: [7] allocating 325058560 bytes ... stress: dbug: [7] touching bytes in strides of 4096 bytes ... stress: FAIL: [1] (416) <-- worker 7 got signal 9 stress: WARN: [1] (418) now reaping child worker processes stress: FAIL: [1] (422) kill error: No such process stress: FAIL: [1] (452) failed run completed in 3s [root@mcw1 ~]$
cpu限额
-c或--cpu-share 设置容器使用cupu的权重,不指定,默认为1024
设置容器cpu使用优先级
docker run --name container_A -it -c 1024 progrium/stress --cpu 1
docker run --name container_B -it -c 512 progrium/stress --cpu 1
资源进展时,A优先B,A是B的两倍
暂停A,A空闲时,B又能 占满cpu,也就是cpu紧张时,调整cpu优先级
Block IO带宽限额
@1、block IO权重
--blkio-weight 默认500。默认情况下,所有容器平等读写磁盘
如下,A读写带宽是B的两倍
docker run -it --name container_A --blokio-weight 600 centos
docker run -it --name container_B --blokio-weight 300 centos
@2、限制bps和iops
bps byte per second 每秒读写数据量
iops io per second 每秒IO次数
--device-read-bps:限制读某个设备的bps
--device-write-bps:限制写某个设备的bps
--device-read-iobps:限制读某个设备的iops
--device-write-iobps:限制写某个设备的iops
如下:限制容器写/dev/sda 的速率为30M/s
docker run -it --device-write-bps /dev/sda:300MB centos
time dd if=/dev/zero of=test.out bs=1M count=800 oflag=direct
我没对比出来限额和不限额,不过貌似我没有sda
实现容器的底层技术 (cgroup和namespace)
cgroup实现资源限额,namespace实现资源隔离
使用cpu限额运行一个容器 [root@mcw1 ~]$ docker run -it --cpu-shares 512 progrium/stress -c 1 stress: info: [1] dispatching hogs: 1 cpu, 0 io, 0 vm, 0 hdd stress: dbug: [1] using backoff sleep of 3000us stress: dbug: [1] --> hogcpu worker 1 [7] forked 查看cgroup目录结构 [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 605b6878ae45 progrium/stress "/usr/bin/stress --v…" 17 seconds ago Up 16 seconds boring_satoshi 0d23df39333d progrium/stress "/usr/bin/stress --v…" 45 minutes ago Up 45 minutes (Paused) container_A 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 4 hours ago Up 3 hours 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ ls /sys/fs/ cgroup pstore xfs [root@mcw1 ~]$ ls /sys/ block bus class dev devices firmware fs hypervisor kernel module power [root@mcw1 ~]$ ls /sys/fs/ cgroup pstore xfs [root@mcw1 ~]$ ls /sys/fs/cgroup/ blkio cpu cpuacct cpu,cpuacct cpuset devices freezer hugetlb memory net_cls net_cls,net_prio net_prio perf_event pids systemd [root@mcw1 ~]$ ls /sys/fs/cgroup/cpu cgroup.clone_children cgroup.procs cpuacct.stat cpuacct.usage_percpu cpu.cfs_quota_us cpu.rt_runtime_us cpu.stat notify_on_release system.slice user.slice cgroup.event_control cgroup.sane_behavior cpuacct.usage cpu.cfs_period_us cpu.rt_period_us cpu.shares docker release_agent tasks [root@mcw1 ~]$ ls /sys/fs/cgroup/cpu/docker/ 0d23df39333d4042169a479ba0442eec1a3b14ad336688c24fb5cfa3dee12562 cgroup.clone_children cpuacct.stat cpu.cfs_period_us cpu.rt_runtime_us notify_on_release 5f32a681a40e44455a9016cb7bc8a365aaaee83470c75988399d93fe7db93a81 cgroup.event_control cpuacct.usage cpu.cfs_quota_us cpu.shares tasks 605b6878ae4559c99bae26ab2fc203f624dacbec42d45c0fe23854371b1abb59 cgroup.procs cpuacct.usage_percpu cpu.rt_period_us cpu.stat [root@mcw1 ~]$ ls /sys/fs/cgroup/cpu/docker/605b6878ae4559c99bae26ab2fc203f624dacbec42d45c0fe23854371b1abb59/ cgroup.clone_children cgroup.procs cpuacct.usage cpu.cfs_period_us cpu.rt_period_us cpu.shares notify_on_release cgroup.event_control cpuacct.stat cpuacct.usage_percpu cpu.cfs_quota_us cpu.rt_runtime_us cpu.stat tasks [root@mcw1 ~]$ ls /sys/fs/cgroup/cpu/docker/605b6878ae4559c99bae26ab2fc203f624dacbec42d45c0fe23854371b1abb59/cpu.shares /sys/fs/cgroup/cpu/docker/605b6878ae4559c99bae26ab2fc203f624dacbec42d45c0fe23854371b1abb59/cpu.shares [root@mcw1 ~]$ cat /sys/fs/cgroup/cpu/docker/605b6878ae4559c99bae26ab2fc203f624dacbec42d45c0fe23854371b1abb59/cpu.shares 512 [root@mcw1 ~]$ ls /sys/fs/cgroup/ #上面展示的是cpu的限额配置,运行容器时指定的。这个目录下还有内存,blockio以及其它cgroup配置 blkio cpu cpuacct cpu,cpuacct cpuset devices freezer hugetlb memory net_cls net_cls,net_prio net_prio perf_event pids systemd
Linux使用了6种namespace,分别对应6种资源,Mount,UTS,IPC,PID,Network和User
UTS namespace 这样运行一个容器,ctrl+p,ctrl+q是可以退出容器但是不停止容器的,容器还在后台运行 [root@mcw1 ~]$ docker run -h myhost -it centos [root@myhost /]# [root@mcw1 ~]$ [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 702cdf44c65f centos "/bin/bash" About a minute ago Up About a minute priceless_lichterman PID namespace [root@227bd5cdbfb4 /]# while true;do sleep 1 && echo 1;done #命令&命令有问题,命令 && 命令才正常的循环 1 1
ps -axf 查看融券简称
user namespace
[root@mcw1 ~]$ docker exec -it 702 /bin/bash [root@myhost /]# useradd mcw [root@myhost /]# exit [root@mcw1 ~]$ su - mcw #host中不能看到容器中创建的用户 su: user mcw does not exist