docker容器
docker容器
docker容器是镜像的一个运行实例。镜像是静态的只读文件,而容器是带有运行时需要的可写文件层。
docker容器命令
创建容器
docker create 镜像名:标签
注意:docker create
命令创建的容器处于停止状态。
[root@localhost ~]# docker create myredis
5eee079d9d75b2e1085fa061393c33341e2231541feb1ccc123c9e7feb927139
查看容器状态
docker ps
注意:docker ps只能看见存活的容器,docker ps -a 查看全部的容器。
支持的参数:
-a:
查看全部容器的状态
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5eee079d9d75 myredis "docker-entrypoint.s…" 13 minutes ago Created vibrant_borg
结果信息表示:容器ID、使用的镜像、执行的命令、创建的时间、状态、端口、名称(如果不指定,自动生成)
启动容器
docker start 容器ID
[root@localhost ~]# docker start 5eee079d9d75
5eee079d9d75
此时用,docker ps命令,就可以看到运行的容器
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5eee079d9d75 myredis "docker-entrypoint.s…" 17 minutes ago Up 8 seconds 6379/tcp vibrant_borg
停止容器
docker stop 容器ID
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a5b7e3ad5a16 myredis:latest "docker-entrypoint.s…" 7 minutes ago Up 5 seconds 6379/tcp focused_ride
[root@localhost ~]# docker stop a5b7e3ad5a16
a5b7e3ad5a16
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a5b7e3ad5a16 myredis:latest "docker-entrypoint.s…" 8 minutes ago Exited (0) 4 seconds ago focused_ride
终止容器,用docker ps -a可以看到状态是处于Exited 。
重新启动容器
docker restart 容器ID
注意:docker restart 先将运行的容器先停止,再启动
[root@localhost ~]# docker restart a5b7e3ad5a16
a5b7e3ad5a16
创建并启动容器
docker run 镜像名:标签
注意:docker run相当于先执行docker create 再执行docker start 。
支持的参数:
-t:
分配一个伪终端,并绑定到容器的标准输入上
-i:
容器的标准输入保持打开
-d:
容器在后台运行
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myredis latest 0bdd49822deb 3 weeks ago 32.6MB registry.cn-zhangjiakou.aliyuncs.com/cytong/redis latest 0bdd49822deb 3 weeks ago 32.6MB [root@localhost ~]# docker run myredis:latest 1:C 27 Mar 08:05:40.642 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 1:C 27 Mar 08:05:40.642 # Redis version=4.0.2, bits=64, commit=00000000, modified=0, pid=1, just started 1:C 27 Mar 08:05:40.642 # Configuration loaded _._ _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 4.0.2 (00000000/0) 64 bit .-`` .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in standalone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 1 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | http://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-' 1:M 27 Mar 08:05:40.643 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 1:M 27 Mar 08:05:40.643 # Server initialized 1:M 27 Mar 08:05:40.643 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 1:M 27 Mar 08:05:40.644 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. 1:M 27 Mar 08:05:40.644 * Ready to accept connections
默认情况,是保持容器终端的打开,可以ctrl+c退出终端。
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# docker run -itd myredis 3e297620c77f2ca2792d6dc67dc194934440b4d70fda83c69f10f0c6a55bfb64 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3e297620c77f myredis "docker-entrypoint.s…" 22 seconds ago Up 21 seconds 6379/tcp wonderful_euler
获取容器输出信息
docker logs 容器ID
[root@localhost ~]# docker logs a5b7e3ad5a16 1:C 27 Mar 08:05:40.642 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 1:C 27 Mar 08:05:40.642 # Redis version=4.0.2, bits=64, commit=00000000, modified=0, pid=1, just started 1:C 27 Mar 08:05:40.642 # Configuration loaded _._ _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 4.0.2 (00000000/0) 64 bit .-`` .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in standalone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 1 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | http://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-' 1:M 27 Mar 08:05:40.643 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 1:M 27 Mar 08:05:40.643 # Server initialized 1:M 27 Mar 08:05:40.643 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 1:M 27 Mar 08:05:40.644 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. 1:M 27 Mar 08:05:40.644 * Ready to accept connections 1:signal-handler (1522138106) Received SIGINT scheduling shutdown... 1:M 27 Mar 08:08:26.703 # User requested shutdown... 1:M 27 Mar 08:08:26.703 * Calling fsync() on the AOF file. 1:M 27 Mar 08:08:26.703 * Saving the final RDB snapshot before exiting. 1:M 27 Mar 08:08:26.720 * DB saved on disk 1:M 27 Mar 08:08:26.720 * Removing the pid file. 1:M 27 Mar 08:08:26.720 # Redis is now ready to exit, bye bye...
进入容器
1) docker attach 容器ID
支持的参数:
--no-stdin:是否关闭
标准输入,默认打开
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 87ae8e633e1b myredis "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 6379/tcp kind_wright [root@localhost ~]# [root@localhost ~]# docker attach 87ae8e633e1b ls
2) docker exec 容器ID 执行命令
支持的参数:
-i:打开
标准输入,默认不打开
-t:分配伪终端
-u:执行命令的用户名或id
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 87ae8e633e1b myredis "docker-entrypoint.s…" 25 seconds ago Up 5 seconds 6379/tcp kind_wright [root@localhost ~]# docker exec -it 87ae8e633e1b redis-cli 127.0.0.1:6379> get name (error) NOAUTH Authentication required. 127.0.0.1:6379> help redis-cli 4.0.2 To get help about Redis commands type: "help @<group>" to get a list of commands in <group> "help <command>" for help on <command> "help <tab>" to get a list of possible help topics "quit" to exit To set redis-cli preferences: ":set hints" enable online hints ":set nohints" disable online hints Set your preferences in ~/.redisclirc 127.0.0.1:6379>
3) nsenter工具
nsenter --target 容器的pid --mount --uts --ipc --net --pid
注意:
使用nsenter连接容器,需要知道容器的pid
容器的pid获取:docker inspect -f {{.State.Pid}} 容器ID
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 87ae8e633e1b myredis "docker-entrypoint.s…" 4 minutes ago Up 5 seconds 6379/tcp kind_wright [root@localhost ~]# docker inspect -f {{.State.Pid}} 87ae8e633e1b 9317 [root@localhost ~]# nsenter --target 9317 --mount --uts --ipc --net --pid 87ae8e633e1b:/# ls bin data dev etc home lib media mnt proc root run sbin srv sys tmp usr var 87ae8e633e1b:/# ps -ef PID USER TIME COMMAND 1 redis 0:00 redis-server /usr/local/etc/redis/redis.conf 11 root 0:00 -bash 13 root 0:00 ps -ef 87ae8e633e1b:/# pwd / 87ae8e633e1b:/# redis-cli 127.0.0.1:6379> get name (error) NOAUTH Authentication required. 127.0.0.1:6379> help redis-cli 4.0.2 To get help about Redis commands type: "help @<group>" to get a list of commands in <group> "help <command>" for help on <command> "help <tab>" to get a list of possible help topics "quit" to exit To set redis-cli preferences: ":set hints" enable online hints ":set nohints" disable online hints Set your preferences in ~/.redisclirc 127.0.0.1:6379> quit 87ae8e633e1b:/# ls bin data dev etc home lib media mnt proc root run sbin srv sys tmp usr var 87ae8e633e1b:/# exit logout [root@localhost ~]#
删除容器
docker rm 容器ID
注意:docker rm只能删除处于终止或者退出状态的容器,并不能删除运行状态的容器。-f参数就可以强制将容器删除。
支持的参数:
-f:
强行删除
-l:
删除容器的连接,保留容器
-v:删除
容器挂载的数据卷
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e297620c77f myredis "docker-entrypoint.s…" 34 minutes ago Up 19 minutes 6379/tcp wonderful_euler
[root@localhost ~]# docker rm 3e297620c77f
Error response from daemon: You cannot remove a running container 3e297620c77f2ca2792d6dc67dc194934440b4d70fda83c69f10f0c6a55bfb64. Stop the container before attempting removal or force remove
[root@localhost ~]# docker rm -f 3e297620c77f
3e297620c77f
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker run -itd myredis
c02850db47681d70a646a0fc2dd4c2569aab60465e487e442b6b5d9dbbeff7d3
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c02850db4768 myredis "docker-entrypoint.s…" 6 seconds ago Up 5 seconds 6379/tcp dazzling_fermi
[root@localhost ~]# docker stop c02850db4768
c02850db4768
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c02850db4768 myredis "docker-entrypoint.s…" 25 seconds ago Exited (0) 4 seconds ago dazzling_fermi
[root@localhost ~]# docker rm c02850db4768
c02850db4768
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
导出容器
docker export -o 目标文件名 容器ID
docker export 容器ID > 目标文件名
支持的参数:
-o:
指定导出的tar文件名
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 82fdbc2e6bff myredis "docker-entrypoint.s…" 12 seconds ago Up 12 seconds 6379/tcp determined_joliot [root@localhost ~]# ls [root@localhost ~]# [root@localhost ~]# docker export -o docker_test_export.tar 82fdbc2e6bff [root@localhost ~]# ls docker_test_export.tar [root@localhost ~]# docker export 82fdbc2e6bff > docker_test_export_1.tar [root@localhost ~]# ls docker_test_export_1.tar docker_test_export.tar [root@localhost ~]#
说明:可以将导出的tar文件传输到其他机器上,通过导入命令导入系统中,便可实现容器的迁移。
导入容器
docker import 文件名 镜像名(自定义):标签(自定义)
支持的参数:
-c:
导入容器的同时对容器进行修改的Dockerfile指令
[root@localhost ~]# ls docker_test_export_1.tar docker_test_export.tar [root@localhost ~]# [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myredis latest 0bdd49822deb 3 weeks ago 32.6MB registry.cn-zhangjiakou.aliyuncs.com/cytong/redis latest 0bdd49822deb 3 weeks ago 32.6MB [root@localhost ~]# [root@localhost ~]# docker import docker_test_export.tar myimprt:1.0.0 sha256:1debb407c788549dc1dfbdf17e3a785efa2c13187242205312d2922f5ff20347 [root@localhost ~]# [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimprt 1.0.0 1debb407c788 10 seconds ago 31.5MB myredis latest 0bdd49822deb 3 weeks ago 32.6MB registry.cn-zhangjiakou.aliyuncs.com/cytong/redis latest 0bdd49822deb 3 weeks ago 32.6MB
docker run 命令
支持的参数:
-a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) 增加一个定制的'主机-IP'映射 --blkio-weight=0 Block IO (relative weight), between 10 and 1000 -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities 增加linux能力 --cap-drop=[] Drop Linux capabilities --cgroup-parent= Optional parent cgroup for the container --cidfile= Write the container ID to the file 把容器的ID写入文件 --cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota=0 Limit the CPU CFS quota --cpuset-cpus= CPUs in which to allow execution (0-3, 0,1) --cpuset-mems= MEMs in which to allow execution (0-3, 0,1) -d, --detach=false Run container in background and print container ID 在后台运行容器并打印容器ID --device=[] Add a host device to the container 把一个主机设备添加到容器 --dns=[] Set custom DNS servers 设置定制的域名服务器 --dns-search=[] Set custom DNS search domains 设置定制的域名服务器的搜索域 -e, --env=[] Set environment variables 设置环境变量 --entrypoint= Overwrite the default ENTRYPOINT of the image 覆盖镜像的默认进入点 --env-file=[] Read in a file of environment variables 读入一个包含环境变量的文件 --expose=[] Expose a port or a range of ports 暴露一个端口、端口范围 -h, --hostname= Container host name 容器的主机名 -i, --interactive=false Keep STDIN 标准输入 --ipc= IPC namespace to use 使用的IPC命名空间 --pid= PID namespace to use 使用的PID命名空间 --uts= UTS namespace to use -l, --label=[] Set meta data on a container 在容器上,设置元数据 --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container 添加一个到另一个容器的连接 --log-driver= Logging driver for container 容器的日志驱动 --log-opt=[] Log driver options --lxc-conf=[] Add custom lxc options 添加定制的lxc选项 -m, --memory= Memory limit 内存限制 --mac-address= Container MAC address (e.g. 92:d0:c6:0a:29:33) 容器的MAC地址 --memory-swap= Total memory (memory + swap), '-1' to disable swap 容器的总内存(物理内容+交换区) --name= Assign a name to the container 为容器分配一个名字 --net=bridge Set the Network mode for the container 为容器设置网络模式 --oom-kill-disable=false Disable OOM Killer -P, --publish-all=false Publish all exposed ports to random ports 把通气端口发布的主机。即容器端口映射到宿主机的任意端口上。 -p, --publish=[] Publish a container's port(s) to the host 把容器的端口发布到主机,即容器端口映射到宿主机的具体端口上。可加上多个-p --privileged=false Give extended privileges to this container 赋予容器扩展权限 --read-only=false Mount the container's root filesystem as read only 以只读的方式装载容器的根文件系统 --restart=no Restart policy to apply when a container exits --rm=false Automatically remove the container when it exits 当容器存在时,自动移除容器 --security-opt=[] Security Options 安全选项 --sig-proxy=true Proxy received signals to the process -t, --tty=false Allocate a pseudo-TTY 分配一个伪终端 -u, --u-user= Username or UID (format: <name|uid>[:<group|gid>]) --ulimit=[] Ulimit options -v, --volume=[] Bind mount a volume --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir= Working directory inside the container -------------------------------------------- 当运行docker run命令时,Docker会启动一个进程,并为这个进程分配其独占的文件系统、网络资源和以此进程为根进程的进程组。 在容器启动时,镜像可能已经定义了要运行的二进制文件、暴露的网络端口等,但是用户可以通过docker run命令重新定义(docker run可以控制一个容器运行时的行为,它可以覆盖docker build在构建镜像时的一些默认配置),这也是为什么run命令相比于其它命令有如此多的参数的原因。 使用方法: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] OPTIONS总起来说可以分为两类: a)设置运行方式: 决定容器的运行方式,前台执行还是后台执行; 设置containerID; 设置网络参数; 设置容器的CPU和内存参数; 设置权限和LXC参数; b)设置镜像的默认资源,也就是说用户可以使用该命令来覆盖在镜像构建时的一些默认配置。 docker run [OPTIONS]可以让用户完全控制容器的生命周期,并允许用户覆盖执行docker build时所设定的参数,甚至也可以修改本身由Docker所控制的内核级参数。 Operator exclusive options 当执行docker run时可以设置以下参数: 1.Detached vs Foreground Detached (-d) - Foreground 2.Container Identification Name (--name) - PID Equivalent 3.IPC Setting 4.Network Settings 5.Clean Up (--rm) 6.Runtime Constraints on CPU and Memory 7.Runtime Privilege, Linux Capabilities, and LXC Configuration ---------------------------------------------------------------------------------------------- 1.Detached vs foreground 当我们启动一个容器时,首先需要确定这个容器是运行在前台还是运行在后台。 -d=false, 没有附加标准输入、输出、错误 ---- 运行在后台 Detached (-d) docker run -d -d=false --detach=false 那么容器将会运行在后台模式。 此时所有I/O数据只能通过网络资源或者共享卷组来进行交互,因为容器不再监听你执行docker run的这个终端命令行窗口。 但你可以通过执行docker attach来重新附着到该容器的回话中。 需要注意的是,容器运行在后台模式下,是不能使用--rm选项的。 2.Foregroud 不指定-d参数(为明确给-d选项指定值,取默认值false) --在前台模式下 Docker会在容器中启动进程,同时将当前的命令行窗口附着到容器的标准输入、标准输出和标准错误中 --- 把当前的命令行窗口附着到容器的标准输入、输出、错误上. 也就是说容器中所有的输出都可以在当前窗口中看到。甚至它都可以虚拟出一个TTY窗口,来执行信号中断。 这一切都是可以配置的: -a=[], --attach=[] 把容器的标准输入、输出、错误附着到当前的命令行窗口 -t=false, --tty=false 分配一个伪终端 -i=false, --interactive=false 附着标准输入到当前命令行 -------特别注意--------- 注意: -i 选项取默认值(false) docker run 没有-i选项,相当于docker run -i=false,即非交互式运行 docker run -i 指定-i选项,即以交互式运行 如果在执行run命令时没有指定-a参数,那么Docker默认会挂载所有标准数据流,包括输入输出和错误,你可以单独指定挂载哪个标准流。 # docker run -a=[stdin, stdout] -i -t ubuntu /bin/bash 如果要进行交互式操作(例如Shell脚本),那我们必须使用-i -t参数同容器进行数据交互。 但是当通过管道同容器进行交互时,就不需要使用-t参数,例如下面的命令: # echo test | docker run -i busybox cat