1.1 docker 命令幫助
docker 命令是最常使用的docker 客戶端命令,其後面可以加不同的引數以實現不同的功能
docker 命令格式
docker [OPTIONS] COMMAND
COMMAND分為
Management Commands #指定管理的資源物件型別,較新的命令用法,將命令按資源型別進行分類,方便使用
Commands #對不同資源操作的命令不分類,使用容易產生混亂
docker 命令有很多子命令,可以用下面方法檢視幫助
#docker 命令幫助
man docker
docker
docker --help
#docker 子命令幫助
man docker-COMMAND
docker COMMAND --help
1.2 檢視 Docker 相關資訊
1.2.1 檢視 docker 版本
root@rocky8 ~]$ docker version
Client: Docker Engine - Community
Version: 19.03.15
API version: 1.40
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:16:44 2021
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.15
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:15:19 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.15
GitCommit: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.18.0
GitCommit: fec3683
1.2.2 檢視 docker 詳解資訊
[root@ubuntu1804 ~]$ docker info
Client:
Debug Mode: false #client 端是否開啟 debug
Server:
Containers: 2 #當前主機執行的容器總數
Running: 0 #有幾個容器是正在執行的
Paused: 0 #有幾個容器是暫停的
Stopped: 2 #有幾個容器是停止的
Images: 4 #當前伺服器的映象數
Server Version: 19.03.5 #服務端版本
Storage Driver: overlay2 #正在使用的儲存引擎
Backing Filesystem: extfs #後端檔案系統,即伺服器的磁碟檔案系統
Supports d_type: true #是否支援 d_type
Native Overlay Diff: true #是否支援差異資料儲存
Logging Driver: json-file #日誌型別
Cgroup Driver: cgroupfs #Cgroups 型別
Plugins: #外掛
Volume: local #卷
Network: bridge host ipvlan macvlan null overlay # overlay 跨主機通訊
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog # 日誌型別
Swarm: inactive #是否支援 swarm
Runtimes: runc #已安裝的容器執行時
Default Runtime: runc #預設使用的容器執行時
Init Binary: docker-init #初始化容器的守護程式,即 pid 為 1 的程式
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 #版本
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 #runc 版本
init version: fec3683 #init 版本
Security Options: #安全選項
apparmor #安全模組,https://docs.docker.com/engine/security/apparmor/
seccomp #安全計算模組,即制容器操作,https://docs.docker.com/engine/security/seccomp/
Profile: default #預設的配置檔案
Kernel Version: 4.15.0-29-generic #宿主機核心版本
Operating System: Ubuntu 18.04.1 LTS #宿主機作業系統
OSType: linux #宿主機作業系統型別
Architecture: x86_64 #宿主機架構
CPUs: 1 #宿主機 CPU 數量
Total Memory: 962MiB #宿主機總記憶體
Name: ubuntu1804.wang.org #宿主機 hostname
ID: IZHJ:WPIN:BRMC:XQUI:VVVR:UVGK:NZBM:YQXT:JDWB:33RS:45V7:SQWJ #宿主機 ID
Docker Root Dir: /var/lib/docker #宿主機關於docker資料的儲存目錄
Debug Mode: false #server 端是否開啟 debug
Registry: https://index.docker.io/v1/ #倉庫路徑
Labels:
Experimental: false #是否測試版
Insecure Registries:
127.0.0.0/8 : #非安全的映象倉庫
Registry Mirrors:
https://si7y70hh.mirror.aliyuncs.com/ #映象倉庫
Live Restore Enabled: false #是否開啟活動重啟 (重啟docker-daemon 不關閉容器 )
WARNING: No swap limit support #系統警告資訊 (沒有開啟 swap 資源限制 )
範例: 解決上述SWAP報警提示
[root@ubuntu1804 ~]# vim /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=2
GRUB_DISTRIBUTOR=`lsb_ release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 swapaccount=1" #修改此行
[root@ubuntu1804 ~]# update-grub
[root@ubuntu1804 ~]# reboot
1.3 映象管理命令
1.3.1 搜尋映象
在官方的docker 倉庫中搜尋指定名稱的docker映象,也會有很多三方映象。
執行docker search命令進行搜尋
格式如下:
Usage: docker search [OPTIONS] TERM
Options:
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print search using a Go template
--limit int Max number of search results (default 25)
--no-trunc Don't truncate output
說明:
OFFICIAL: 官方
AUTOMATED: 使用第三方docker服務來幫助編譯映象,可以在網際網路上面直接拉取到映象,減少了繁瑣的編譯過程
範例: 選擇性的查詢映象
#搜尋點贊100個以上的映象
root@rocky8 ~]$ docker search --filter=stars=100 centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos DEPRECATED; The official build of CentOS. 7461 [OK]
1.3.2 下載映象
從 docker 倉庫將映象下載到本地,命令格式如下:
docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Options:
-a, --all-tags Download all tagged images in the repository
--disable-content-trust Skip image verification (default true)
--platform string Set platform if server is multi-platform capable
-q, --quiet Suppress verbose output
NAME: 是映象名,一般的形式 倉庫伺服器:埠/專案名稱/映象名稱
:TAG: 即版本號,如果不指定:TAG,則下載最新版映象
映象下載儲存的路徑: /var/lib/docker/overlay2/映象ID
注意: 映象下載完成後,會自動解壓縮,比官網顯示的可能會大很多
docker pull rockylinux:9-minimal
docker pull ubuntu:focal-20221130
1.3.3 檢視本地映象
docker images 可以檢視下載至本地的映象
格式:
docker images [OPTIONS] [REPOSITORY[:TAG]]
docker image ls [OPTIONS] [REPOSITORY[:TAG]]
#常用選項:
-q, --quiet Only show numeric IDs
-a, --all Show all images (default hides intermediate images)
--digests Show digests
--no-trunc Don't truncate output
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template
執行結果的顯示資訊說明:
REPOSITORY #映象所屬的倉庫名稱
TAG #映象版本號(識別符號),預設為latest
IMAGE ID #映象唯一ID標識,如果ID相同,說明是同一個映象有多個名稱
CREATED #映象在倉庫中被建立時間
SIZE #映象的大小
Repository倉庫
- 由某特定的docker映象的所有迭代版本組成的映象倉庫
- 一個
Registry中可以存在多個Repository Repository可分為“頂層倉庫”和“使用者倉庫”Repository使用者倉庫名稱一般格式為“使用者名稱/倉庫名”- 每個
Repository倉庫可以包含多個Tag(標籤),每個標籤對應一個映象
1.3.4 映象匯出
利用docker save命令可以將從本地映象匯出為一個打包 tar檔案,然後複製到其他伺服器進行匯入使用
格式:
docker save [OPTIONS] IMAGE [IMAGE...]
Options:
-o, --output string Write to a file, instead of STDOUT
#說明:
Docker save 使用IMAGE ID匯出,在匯入後的映象沒有REPOSITORY和TAG,顯示為<none>
常見用法:
docker save -o /path/file.tar IMAGE1 IMAGE2 ...
docker save IMAGE1 IMAGE2 ... > /path/file.tar
範例: 匯出指定映象
[root@rocky8 ~]$ docker save alpine:latest -o alpine.tar
[root@rocky8 ~]$ scp alpine.tar 10.0.0.100:
範例: 匯出所有映象至不同的檔案中
[root@rocky8 ~]$ docker images | awk 'NR!=1{print $1,$2}'|while read repo tag;do docker save $repo:$tag -o /opt/$repo-$tag.tar;done
[root@rocky8 ~]$ ll /opt/*.tar
-rw------- 1 root root 7347200 Jan 13 20:04 /opt/alpine-latest.tar
-rw------- 1 root root 24064 Jan 13 20:04 /opt/hello-world-latest.tar
-rw------- 1 root root 145905152 Jan 13 20:04 /opt/nginx-latest.tar
-rw------- 1 root root 121435136 Jan 13 20:04 /opt/rockylinux-9-minimal.tar
-rw------- 1 root root 75167744 Jan 13 20:04 /opt/ubuntu-focal-20221130.tar
範例:匯出所有映象到一個打包檔案
#方法1: 使用image ID匯出映象,在匯入後的映象沒有REPOSITORY和TAG,顯示為<none>
docker save `docker images -qa` -o /opt/all.tar
#方法2:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar
#方法3:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar
1.3.5 映象匯入
利用docker load命令可以將映象匯出的打包或壓縮檔案再匯入
格式:
docker load [OPTIONS]
#選項
-i, --input string Read from tar archive file, instead of STDIN
-q, --quiet Suppress the load output
常見用法:
docker load -i /path/file.tar
docker load < /path/file.tar
範例: 映象匯入
[root@ubuntu2004 ~]$ docker load -i alpine.tar
8e012198eea1: Loading layer 7.338MB/7.338MB
Loaded image: alpine:latest
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
面試題: 將一臺主機的所有映象傳到另一臺主機
#方法1:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
[root@rocky8 ~]$ docker save $(docker images | awk 'NR!=1{print $1":"$2}') -o all-tags.tar
[root@ubuntu2004 ~]$ docker load < all-tags.tar
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
#方法2:將所有映象匯入到一個檔案中,此方法匯入後可以看REPOSITORY和TAG
[root@rocky8 ~]$ docker save $(docker image ls --format "{{.Repository}}:{{.Tag}}") -o all-tags.tar
[root@ubuntu2004 ~]$ docker load < all-tags.tar
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
1.3.6 刪除映象
docker rmi 命令可以刪除本地映象
格式
docker rmi [OPTIONS] IMAGE [IMAGE...]
docker image rm [OPTIONS] IMAGE [IMAGE...]
#選項:
-f, --force Force removal of the image
--no-prune Do not delete untagged parents
範例:
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
#刪除映象
[root@ubuntu2004 ~]$ docker rmi ubuntu:focal-20221130
Untagged: ubuntu:focal-20221130
Deleted: sha256:d5447fc01ae62c20beffbfa50bc51b2797f9d7ebae031b8c2245b5be8ff1c75b
Deleted: sha256:0002c93bdb3704dd9e36ce5153ef637f84de253015f3ee330468dccdeacad60b
[root@ubuntu2004 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
強制刪除正在使用的映象,也會刪除對應的容器
範例: 刪除所有映象
[root@ubuntu2004 ~]$ docker rmi $(docker images -q)
1.3.7 映象打標籤
docker tag 可以給映象打標籤,類似於起別名,但通常要遵守一定的命名規範,才可以上傳到指定的倉庫
格式
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
#TARGET_IMAGE[:TAG]格式一般形式
倉庫主機FQDN或IP[:埠]/專案名(或使用者名稱)/image名字:版本
TAG預設為latest
範例
[root@rocky8 ~]$ docker tag rockylinux:9-minimal harbor.yanlinux.org:80/k8s/rockylinux:9
[root@rocky8 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 042a816809aa 3 days ago 7.05MB
harbor.yanlinux.org:80/k8s/rockylinux 9 c50e7a3e6f7f 3 weeks ago 118MB
rockylinux 9-minimal c50e7a3e6f7f 3 weeks ago 118MB
ubuntu focal-20221130 d5447fc01ae6 5 weeks ago 72.8MB
nginx latest 605c77e624dd 12 months ago 141MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
#然後就可以將映象傳到倉庫中
[root@rocky8 ~]$ docker push harbor.yanlinux.org:80/k8s/rockylinux:9
總結: 企業使用映象及常見操作: 搜尋、下載、匯出、匯入、刪除
命令總結:
docker search centos #搜尋映象
docker pull alpine #拉取映象
docker images #檢視本地所有映象
docker save > /opt/centos.tar #匯出映象
docker load -i /opt/centos.tar #匯入本地映象
docker rmi 映象ID/映象名稱 #刪除指定ID的映象,此映象對應容器正啟動映象不能被刪除,除非將容器全部關閉
1.4 容器操作基礎命令
容器相關命令
[root@rocky8 ~]$ docker container
Usage: docker container COMMAND
Manage containers
Commands:
attach Attach local standard input, output, and error streams to a running container
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
exec Run a command in a running container
export Export a container's filesystem as a tar archive
inspect Display detailed information on one or more containers
kill Kill one or more running containers
logs Fetch the logs of a container
ls List containers
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
prune Remove all stopped containers
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
run Run a command in a new container
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
wait Block until one or more containers stop, then print their exit codes
1.4.1 啟動容器
docker run 可以啟動容器,進入到容器,並隨機生成容器ID和名稱。docker run等價於docker pull + docker start
幫助: man docker run
命令格式:
docker run [選項] [映象名] [shell命令] [引數]
#選項:
-i, --interactive Keep STDIN open even if not attached,通常和-t一起使用
-t, --tty 分配pseudo-TTY,通常和-i一起使用,注意對應的容器必須執行shell才支援進入
-d, --detach Run container in background and print container ID,臺後執行,預設前臺
--name string Assign a name to the container
--h, --hostname string Container host name
--rm Automatically remove the container when it exits
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
--dns list Set custom DNS servers
--entrypoint string Overwrite the default ENTRYPOINT of the image
--restart policy
--privileged Give extended privileges to container
-e, --env=[] Set environment variables
--env-file=[] Read in a line delimited file of environment variables
--restart 可以指定四種不同的policy
| POLICY | 說明 |
|---|---|
| no | 預設no,容器退出後不自動重啟 |
| on-failure[:max-retries] | 僅當容器以非零退出狀態退出時,才重新啟動。(可選)限制 Docker 守護程式嘗試的重新啟動重試次數。 |
| always | 無論退出狀態如何,始終重新啟動容器。如果指定始終,Docker 守護程式將無限期地嘗試重新啟動容器。容器也將始終在守護程式啟動時啟動,無論容器的當前狀態如何。利用此選項可以實現自動啟動容器 |
| unless-stopped | 無論退出狀態如何,始終重新啟動容器,但如果容器之前已進入停止狀態,則不要在守護程式啟動時啟動它。 |
注意: 容器啟動後,如果容器內沒有前臺執行的程式,將自動退出停止
從容器內退出,並停止容器:
exit
從容器內退出,且容器不停止:
ctrl+p+q
範例:啟動後臺守護並指定執行容器的名字
[root@rocky8 ~]$ docker run -d --name web01 nginx
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0b9221c09a9 nginx "/docker-entrypoint.…" 5 seconds ago Up 5 seconds 80/tcp web01
範例: 一次性執行容器中命令
[root@rocky8 ~]$ docker run alpine cat /etc/issue
Welcome to Alpine Linux 3.17
Kernel \r on an \m (\l)
[root@rocky8 ~]$ docker run alpine du -sh /
7.0M /
範例: 執行互動式容器並退出
退出兩種方式:
- exit 容器也停止
- 按ctrl+p+q 容器不停止
[root@rocky8 ~]$ docker run -it alpine sh
/ # ls
bin etc lib mnt proc run srv tmp var
dev home media opt root sbin sys usr
/ # cat /etc/issue
Welcome to Alpine Linux 3.17
Kernel \r on an \m (\l)
#檢視容器是在執行
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bad7e7c5ef39 alpine "sh" 7 seconds ago Up 7 seconds angry_knuth
#現在在容器中執行退出
/ # exit
#檢視容器是否執行
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
##另外一種退出容器的方法
##ctrl+p+q
/ # [22:13:43 root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2bae444f9796 alpine "sh" 51 seconds ago Up 51 seconds nifty_davinci
#這種情況相當於臨時從容器中出來,還可以利用以下命令進入進去
[root@rocky8 ~]$ docker exec -it 2bae444f9796 sh
/ #
1.4.2 檢視容器資訊
1.4.2.1 顯示當前存在容器
格式:
docker ps [OPTIONS]
docker container ls [OPTIONS]
選項:
-a, --all Show all containers (default shows just running)
-q, --quiet Only display numeric IDs
-s, --size Display total file sizes
-f, --filter filter Filter output based on conditions provided
-l, --latest Show the latest created container (includes all states)
-n, --last int Show n last created containers (includes all states)(default -1)
範例:
#顯示正在執行的容器
[root@rocky8 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp web02
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 8 minutes ago Up 8 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
#顯示全部容器,包括退出狀態的容器
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp web02
69cb07c29477 nginx "/docker-entrypoint.…" 4 minutes ago Exited (0) 4 minutes ago web01
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 9 minutes ago Up 9 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
#只顯示容器ID
[root@rocky8 ~]$ docker ps -aq
d5bc9651615e
69cb07c29477
3d9a0cbfa238
#顯示容器大小
[root@rocky8 ~]$ docker ps -s
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
d5bc9651615e nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp web02 1.09kB (virtual 141MB)
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 10 minutes ago Up 10 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie 2B (virtual 1GB)
#顯示最新建立的容器
root@rocky8 ~]$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp web02
範例:顯示指定狀態的容器
[root@rocky8 ~]$ docker ps -f "status=exited"
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
69cb07c29477 nginx "/docker-entrypoint.…" 9 minutes ago Exited (0) 9 minutes ago web01
1.4.2.2 檢視容器內的程式
docker top CONTAINER [ps OPTIONS]
範例:
root@rocky8 ~]$ docker top web02
UID PID PPID C STIME TTY TIME CMD
root 2483 2468 0 12:42 ? 00:00:00 nginx: master process nginx -g daemon off;
101 2534 2483 0 12:42 ? 00:00:00 nginx: worker process
101 2535 2483 0 12:42 ? 00:00:00 nginx: worker process
1.4.2.3 檢視容器資源使用情況
docker stats [OPTIONS] [CONTAINER...]
Display a live stream of container(s) resource usage statistics
Options:
-a, --all Show all containers (default shows just running)
--format string Pretty-print images using a Go template
--no-stream Disable streaming stats and only pull the first result
--no-trunc Do not truncate output
範例:
root@rocky8 ~]$ docker stats web02
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
d5bc9651615e web02 0.00% 3.434MiB / 1.748GiB 0.19% 1.01kB / 0B 410kB / 25.6kB 3
範例:限制記憶體使用大小
[root@ubuntu1804 ~]#docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx128m" elasticsearch:7.6.2
[root@ubuntu1804 ~]#docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK PIDS
29282e91d773 elasti254.23310.5MiB / 1.924GiB 15.76% 766B / 0B 766kB /46kB 22
1.4.2.4 檢視容器的詳細資訊
docker inspect 可以檢視docker各種物件的詳細資訊,包括:映象,容器,網路等
docker inspect [OPTIONS] NAME|ID [NAME|ID...]
Options:
-f, --format string Format the output using the given Go template
-s, --size Display total file sizes if the type is container
範例:
root@rocky8 ~]$ docker inspect web02
[
{
"Id": "d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6",
"Created": "2023-01-16T04:42:40.652945855Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2483,
"ExitCode": 0,
"Error": "",
"StartedAt": "2023-01-16T04:42:40.939507921Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85",
"ResolvConfPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hostname",
"HostsPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/hosts",
"LogPath": "/var/lib/docker/containers/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6/d5bc9651615e461124d93651567548013db082229c7a0fbfe79ef211381c69e6-json.log",
"Name": "/web02",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a-init/diff:/var/lib/docker/overlay2/ac2a6764ef29d802f6d57c03311285e004854c1125392c571a54a0e51e7aa770/diff:/var/lib/docker/overlay2/00498af85ccf1634977fabaa1e8bc0347de69aa93c9a498932291ef6cc66ad2d/diff:/var/lib/docker/overlay2/e85525a30c0dc487cfe1bfed9931cc85994a3655f1194d5e357c9f52a29eb0c7/diff:/var/lib/docker/overlay2/616978347c6243ee5a035fb5dcd055a5bb72052fbc54e7da735babeef558d2aa/diff:/var/lib/docker/overlay2/6c5ffca8e721e566c9f03345b9bedc31db36328a5ec6a78c828d0b2ca4b21d89/diff:/var/lib/docker/overlay2/1dde0f444f04a43847d956a6cea24ce25fcc74c784086fe0f51ed17bb75e9ae8/diff",
"MergedDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/merged",
"UpperDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/diff",
"WorkDir": "/var/lib/docker/overlay2/0581b9be2f2d1496b4b64de5b11514bbac17c9d4a8790a6d43a9c1b8e45c129a/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "d5bc9651615e",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.21.5",
"NJS_VERSION=0.7.1",
"PKG_RELEASE=1~bullseye"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "83b75e77e1d7de17af47765c03f4c9e3aba0f93a615542e9e385fd97f29f961c",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/83b75e77e1d7",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:03",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "745daa224c76c2091d6852549ffaaa346bae3a7a2128186e5bbf40cbddf416a3",
"EndpointID": "374829f09a774a1e0fc90815b29ff6964bb417bb788ef2e0e1264b1db9312e91",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]
範例:選擇性檢視
root@rocky8 ~]$ docker inspect -f "{{.State.Status}}" web02
running
root@rocky8 ~]$ docker inspect --format="{{.State.Status}}" web02
running
1.4.3 刪除容器
docker rm 可以刪除容器,即使容器正在執行當中,也可以被強制刪除掉
格式
docker rm [OPTIONS] CONTAINER [CONTAINER...]
docker container rm [OPTIONS] CONTAINER [CONTAINER...]
#選項:
-f, --force Force the removal of a running container (uses SIGKILL)
-v, --volumes Remove the volumes associated with the container
#刪除停止的容器
docker container prune [OPTIONS]
Options:
--filter filter Provide filter values (e.g. 'until=<timestamp>')
-f, --force Do not prompt for confirmation
範例:
root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb134349daf alpine "/bin/sh" 50 seconds ago Exited (0) 50 seconds ago sharp_swanson
d5bc9651615e nginx "/docker-entrypoint.…" 25 minutes ago Up 25 minutes 80/tcp web02
69cb07c29477 nginx "/docker-entrypoint.…" 25 minutes ago Exited (0) 25 minutes ago web01
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 30 minutes ago Up 30 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
#刪除web01容器
root@rocky8 ~]$ docker rm web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ceb134349daf alpine "/bin/sh" About a minute ago Exited (0) About a minute ago sharp_swanson
d5bc9651615e nginx "/docker-entrypoint.…" 25 minutes ago Up 25 minutes 80/tcp web02
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 31 minutes ago Up 31 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
範例: 刪除指定狀態的容器
[root@rocky8 ~]$ docker rm $(docker ps -qf status=exited)
ceb134349daf
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5bc9651615e nginx "/docker-entrypoint.…" 27 minutes ago Up 27 minutes 80/tcp web02
3d9a0cbfa238 docs/docker.github.io:latest "/docker-entrypoint.…" 32 minutes ago Up 32 minutes 80/tcp, 0.0.0.0:4000->4000/tcp hardcore_curie
1.4.4 容器的啟動和停止
格式
docker start|stop|restart|pause|unpause 容器ID
批次正常啟動或關閉所有容器
docker start $(docker ps -a -q)
docker stop $(docker ps -a -q)
範例
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp web01
#停止容器
[root@rocky8 ~]$ docker stop web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" 2 minutes ago Exited (0) 4 seconds ago web01
#啟動nginx容器
[root@rocky8 ~]$ docker start web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" 3 minutes ago Up 2 seconds 80/tcp web01
#重啟nginx容器
[root@rocky8 ~]$ docker restart web01
[10:05:45 root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4af980c1bff nginx "/docker-entrypoint.…" 4 minutes ago Up 4 seconds 80/tcp web01
範例: 啟動並進入容器
root@rocky8 ~]$ docker run --name=rocky -it rockylinux:9-minimal bash
bash-5.1# ls
afs dev home lib64 media opt root sbin sys usr
bin etc lib lost+found mnt proc run srv tmp var
bash-5.1# cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
bash-5.1# exit
exit
#啟動並進入rocky容器
[root@rocky8 ~]$ docker start -i rocky
bash-5.1# cat etc/issue
\S
Kernel \r on an \m
bash-5.1#
範例: 暫停和恢復容器
#暫停web01容器
[root@rocky8 ~]$ docker pause web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03357d030c20 rockylinux:9-minimal "bash" 6 minutes ago Exited (0) 2 minutes ago rocky
e4af980c1bff nginx "/docker-entrypoint.…" 11 minutes ago Up 7 minutes (Paused) 80/tcp web01 #狀態中加上了paused標誌
#恢復容器
[root@rocky8 ~]$ docker unpause web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03357d030c20 rockylinux:9-minimal "bash" 7 minutes ago Exited (0) 3 minutes ago rocky
e4af980c1bff nginx "/docker-entrypoint.…" 12 minutes ago Up 8 minutes 80/tcp web01
1.4.5 給正在執行的容器發訊號
docker kill 可以給容器發訊號,預設號SIGKILL,即9訊號
格式
docker kill [OPTIONS] CONTAINER [CONTAINER...]
#選項:
-s, --signal string Signal to send to the container (default "KILL")
範例:
[root@rocky8 ~]$ docker kill web01
web01
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03357d030c20 rockylinux:9-minimal "bash" 9 minutes ago Exited (0) 6 minutes ago rocky
e4af980c1bff nginx "/docker-entrypoint.…" 15 minutes ago Exited (137) 1 second ago web01
1.4.6 進入正在執行的容器
1.4.6.1 使用attach命令
docker attach 容器名,attach 類似於vnc,操作會在同一個容器的多個會話介面同步顯示,所有使用此方式進入容器的操作都是同步顯示的,且使用exit退出後容器自動關閉,不推薦使用,需要進入到有shell環境的容器
格式:
docker attach [OPTIONS] CONTAINER
1.4.6.2 使用exec命令
在執行中的容器啟動新程式,可以執行單次命令,以及進入容器
測試環境使用此方式,使用exit退出,但容器還在執行,此為推薦方式
格式:
docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
常用選項:
-d, --detach Detached mode: run command in the background
-e, --env list Set environment variables
-i, --interactive Keep STDIN open even if not attached
-t, --tty Allocate a pseudo-TTY
#常見用法
docker exec -it 容器ID sh|bash
範例:
#執行一次性命令
[root@rocky8 ~]$ docker exec rocky cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)
#進入容器,執行命令,exit退出容器不停止
[root@rocky8 ~]$ docker exec -it rocky bash
bash-5.1# cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)
1.4.7 暴露所有容器埠
容器啟動後,預設處於預定義的NAT網路中,所以外部網路的主機無法直接訪問容器中網路服務
docker run -P 可以將事先容器預定義的所有埠對映宿主機的網路卡的隨機埠,預設從32768開始
使用隨機埠 時,當停止容器後再啟動可能會導致埠發生變化
-P , --publish-all= true | false預設為false
#示例:
docker run -P docker.io/nginx #對映容器所有暴露埠至隨機本地埠
範例
[root@rocky8 ~]$ docker run -d --name web01 -P nginx
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
46b790b7393a nginx "/docker-entrypoint.…" 4 seconds ago Up 4 seconds 0.0.0.0:32768->80/tcp web01
docker port 可以檢視容器的埠對映關係
格式
docker port CONTAINER [PRIVATE_PORT[/PROTO]]
範例
[root@rocky8 ~]$ docker port web01
80/tcp -> 0.0.0.0:32768
埠對映的本質就是利用NAT技術實現的
1.4.8 指定埠對映
docker run -p 可以將容器的預定義的指定埠對映到宿主機的相應埠
注意: 多個容器對映到宿主機的埠不能衝突,但容器內使用的埠可以相同
方式1: 容器80埠對映宿主機本地隨機埠
docker run -p 80 --name nginx-test-port1 nginx
方式2: 容器80埠對映到宿主機本地埠81
docker run -p 81:80 --name nginx-test-port2 nginx
方式3: 宿主機本地IP:宿主機本地埠:容器埠
docker run -p 10.0.0.100:82:80 --name nginx-test-port3 docker.io/nginx
方式4: 宿主機本地IP:宿主機本地隨機埠:容器埠,預設從32768開始
docker run -p 10.0.0.100::80 --name nginx-test-port4 docker.io/nginx
方式5: 宿主機本機ip:宿主機本地埠:容器埠/協議,預設為tcp協議
docker run -p 10.0.0.100:83:80/udp --name nginx-test-port5 docker.io/nginx
方式6: 一次性對映多個埠+協議
docker run -p 8080:80/tcp -p 8443:443/tcp -p 53:53/udp --name nginx-test-port6 nginx
範例:
[root@rocky8 ~]$ docker run -d -p 8080:80 --name web02 nginx
846ca3aa883687906cbc14884d2fc2c89d47884a1f3236c3f73bab628f18a121
[root@rocky8 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
846ca3aa8836 nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 0.0.0.0:8080->80/tcp web02
46b790b7393a nginx "/docker-entrypoint.…" 20 minutes ago Up 20 minutes 0.0.0.0:32768->80/tcp web01
[root@rocky8 ~]$ ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:32768 *:*
LISTEN 0 128 *:8080 *:*
實戰案例: 修改已經建立的容器的埠對映關係
[root@ubuntu1804 ~]#docker run -d -p 80:80 --name nginx01 nginx
dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24
[root@ubuntu1804 ~]#docker port nginx01
80/tcp -> 0.0.0.0:80
[root@ubuntu1804 ~]#lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 2364 root 4u IPv6 35929 0t0 TCP *:http (LISTEN)
[root@ubuntu1804 ~]#ls
/var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/
checkpoints
hostconfig.json mounts
config.v2.json
hostname resolv.conf
dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24-json.log hosts
resolv.conf.hash
[root@ubuntu1804 ~]#systemctl stop docker
[root@ubuntu1804 ~]#vim
/var/lib/docker/containers/dc5d7c1029e582a3e05890fd18565367482232c151bba09ca27e195d39dbcc24/hostconfig.json
"PortBindings":{"80/tcp":[{"HostIp":"","HostPort":"80"}]}
#PortBindings後80/tcp對應的是容器內部的80埠,HostPort對應的是對映到宿主機的埠80 修改此處為8000
[root@ubuntu1804 ~]#systemctl start docker
[root@ubuntu1804 ~]#docker start nginx01
[root@ubuntu1804 ~]#docker port nginx01
80/tcp -> 0.0.0.0:8000
範例:實現wordpress應用
#部署mysql
[root@rocky8 ~]$ docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wordpress -e MYSQL_PASSWORD=123456 --name mysql mysql:8.0.31-oracle
#下載wordpress
[root@rocky8 ~]$ docker run -d -p 80:80 --name wordpress wordpress:php7.4-apache
1.4.9 檢視容器的日誌
docker logs 可以檢視容器中執行的程式在控制檯輸出的日誌資訊
格式
docker logs [OPTIONS] CONTAINER
選項:
--details Show extra details provided to logs
-f, --follow Follow log output
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
--tail string Number of lines to show from the end of the logs (default "all")
-t, --timestamps Show timestamps
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes)
範例:
[root@rocky8 ~]$ docker logs wordpress
WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 17 04:10:22.767095 2023] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.51 (Debian) PHP/7.4.26 configured -- resuming normal operations
......
1.4.10 傳遞執行命令
容器需要有一個前臺執行的程式才能保持容器的執行,透過傳遞執行引數是一種方式,另外也可以在構
建映象的時候指定容器啟動時執行的前臺命令
容器裡的PID為1的守護程式的實現方式
- 服務類: 如: Nginx,Tomcat,Apache ,但服務不能停
- 命令類: 如: tail -f /etc/hosts ,主要用於測試環境,注意: 不要tail -f <服務訪問日誌> 會產生不必要的磁碟IO
範例:
[root@rocky8 ~]$ docker run --name rocky rockylinux:9-minimal cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
1.4.11 容器內和宿主機之間複製檔案
docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
Options:
-a, --archive Archive mode (copy all uid/gid information)
-L, --follow-link Always follow symbol link in SRC_PATH
範例:
[root@rocky8 ~]$ docker run -itd --rm alpine
#將宿主機檔案複製到容器中
[root@rocky8 ~]$ docker cp /etc/hosts 2b91caf6ba44:/
[root@rocky8 ~]$ docker exec -it 2b91caf6ba44 sh
/ # cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#將容器內的檔案複製到宿主機
[root@rocky8 ~]$ docker cp 2b91caf6ba44:/bin/busybox /usr/local/bin/
[root@rocky8 ~]$ ls /usr/local/bin/
busybox
1.5 Docker映象製作和管理命令
Docker的映象製作分為手動製作(基於容器)和自動製作(基於DockerFile),企業通常都是基於Dockerfile製作映象
docker commit #透過修改現有容器,將之手動構建為映象
docker build #透過Dockerfile檔案,批次構建為映象
1.5.1 docker commit 手動構建映象
1.5.1.1 基於容器手動製作映象步驟
docker commit 格式
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
#選項
-a, --author string Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
#說明:
製作映象和CONTAINER狀態無關,停止狀態也可以製作映象
如果沒有指定[REPOSITORY[:TAG]],REPOSITORY和TAG都為<none>
提交的時候標記TAG號: 生產當中常用,後期可以根據TAG標記建立不同版本的映象以及建立不同版本的容器
基於容器手動製作映象步驟具體如下:
- 下載一個系統的官方基礎映象,如: CentOS 或 Ubuntu
- 基於基礎映象啟動一個容器,並進入到容器
- 在容器裡面做配置操作
- 安裝基礎命令
- 配置執行環境
- 安裝服務和配置服務
- 放業務程式程式碼
- 提交為一個新映象
docker commit - 基於自己的映象建立容器並測試訪問
1.5.1.2 實戰案例: 基於 rocky8.5 製作 自我需求的rocky 映象
#執行容器
[root@rocky8 ~]$ docker run -it rockylinux:9-minimal sh
#安裝基礎包
[root@c85d96e2158a ~]# yum -y install bash-completion psmisc tree vim lsof iproute git net-tools
#建立組和使用者
[root@c85d96e2158a ~]# groupadd -g 88 www
[root@c85d96e2158a ~]# useradd -g www -u 88 -r -s /sbin/nologin -M -d /home/www www
[root@c85d96e2158a ~]# id www
uid=88(www) gid=88(www) groups=88(www)
#清楚yum快取,減少製作的映象的大小
[root@rocky8 ~]$ docker commit rocky9 rockylinux:v8.5-2023-01-17
sha256:1af952b962d9501a4249c69132baa733e384933c6db76d0794a40998c38af588
[root@rocky8 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rockylinux v8.5-2023-01-17 1af952b962d9 3 seconds ago 327MB
1.5.2 利用 DockerFile 檔案執行 docker build 自動構建映象
1.5.2.1 Dockerfile 檔案格式
Dockerfile 是一個有特定語法格式的文字檔案
dockerfile 官方說明: https://docs.docker.com/engine/reference/builder/
幫助: man 5 dockerfile
Dockerfile 檔案說明
- 每一行以Dockerfile的指令開頭,指令不區分大小寫,但是慣例使用大寫
- 使用
#開始作為註釋 - 每一行只支援一條指令,每條指令可以攜帶多個引數
- 指令按檔案的順序從上至下進行執行
- 每個指令的執行會生成一個新的映象層,為了減少分層和映象大小,儘可能將多條指令合併成一條指令
- 製作映象一般可能需要反覆多次,每次執行dockfile都按順序執行,從頭開始,已經執行過的指令已經快取,不需要再執行,如果後續有一行新的指令沒執行過,其往後的指令將會重新執行,所以為加速映象製作,將最常變化的內容放下dockerfile的檔案的後面
1.5.2.2 Dockerfile 相關指令
dockerfile 檔案中的常見指令:
ADD
COPY
ENV
EXPOSE
FROM
LABEL
STOPSIGNAL
USER
VOLUME
WORKDIR
